last executing test programs:

20.484971466s ago: executing program 4 (id=350):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(0x0)
creat(&(0x7f0000000ac0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1000)
chown(&(0x7f00000003c0)='./file0\x00', r2, 0xee01)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)=ANY=[@ANYBLOB], 0x24, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000001200)={{{@in=@local, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e24, 0x4, 0x4e21, 0x7, 0xa, 0x100, 0xe0, 0x73}, {0x9, 0xfffffffffffffff7, 0x9, 0x3, 0x400, 0x4e, 0xbc0, 0x8000}, {0xe8, 0x1, 0xbc, 0xef15}, 0x1, 0x6e6bb0, 0x1, 0x0, 0x1}, {{@in6=@mcast2, 0x4d4, 0x2b}, 0xa, @in=@loopback, 0x3507, 0x1, 0x2, 0x7, 0xfffffff8, 0x4, 0x3}}, 0xe8)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x141100)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newlink={0x64, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xfff}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0xfffffff9}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'netpci0\x00'}, @IFLA_BROADCAST={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}]}, 0x64}}, 0x4000010)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000040))

15.934581831s ago: executing program 4 (id=356):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, 0x0)
r2 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(r4, 0x0, 0x0, 0xfffffe04, 0x1)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x141, 0x0, 0x4}, 0x18)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_OPENQRY(r5, 0x4b4c, &(0x7f0000000080))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
gettid()
setsockopt$MRT6_INIT(r2, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, {0xa, 0x0, 0x0, @empty}, 0x0, {[0x7]}}, 0x5c)
recvmmsg(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=""/267, 0x10b}], 0x1}, 0x8}], 0x1, 0x40000002, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})

15.834245342s ago: executing program 3 (id=357):
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg(r1, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, 0x0)
r2 = openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
pipe(&(0x7f0000000400)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r4, 0x0, r6, 0x0, 0x88000cc, 0x0)
fcntl$setpipe(r5, 0x407, 0x100004)
write$eventfd(r5, &(0x7f0000000240), 0xffffff14)
sendmsg$nl_route_sched(r3, 0x0, 0x2400c800)
write$6lowpan_control(r2, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
inotify_add_watch(0xffffffffffffffff, 0x0, 0xa4000960)
ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
chdir(&(0x7f0000000000)='./control\x00')
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000500)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="cf0400080000fcffffff1200000008000300", @ANYRES32=r9, @ANYBLOB="0a00060008021100000100000600ab000300000005007400060000000800a40002"], 0x48}, 0x1, 0x0, 0x0, 0x2400c804}, 0x0)

14.09832474s ago: executing program 1 (id=361):
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(r1, 0x6, 0x15, &(0x7f00000002c0)=0xfffffffe, 0x4)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000001, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x1, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x4, 0x2)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$radio(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x1, 0x39d}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000080)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))

12.931090155s ago: executing program 4 (id=363):
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_getparam(0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
eventfd(0xfffffff9)
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180), 0x6cc0, 0x0)
r3 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, 0x0)
r4 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$TCPDIAG_GETSOCK(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4c0000001200010003950000000100000a0900004001000000000000000000000000ffff0000000000000000000000000000ffff"], 0x4c}}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r5, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfe, 0x2ffffffff}, 0xc)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r6, &(0x7f0000000140)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r7, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r7], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x0)
r9 = socket(0x10, 0x3, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14)
sendmsg$nl_route_sched(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0x5820a61ca228659, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0x9}, {0xffff, 0xffff}, {0x1, 0x7}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10, 0x3, {0x6, 0x2}}}}]}, 0x44}}, 0x800)
sendmsg$nl_route_sched(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x58, 0x28, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r10, {0xc, 0x9}, {}, {0x9, 0xffff}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x28, 0x2, [@TCA_CGROUP_POLICE={0x10, 0x2, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x8}]}, @TCA_CGROUP_EMATCHES={0x14, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfff7}}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}]}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x40c4)
syz_usb_connect(0x1, 0x3d, 0x0, 0x0)

12.857613381s ago: executing program 2 (id=364):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r3, &(0x7f0000009fc0)=[{{&(0x7f0000000200)={0xa, 0x4e22, 0x9, @empty, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000840)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x49}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x40}}], 0x1, 0x20000811)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r4 = syz_open_dev$vbi(0x0, 0x3, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000080)={0xf0f046})

12.264117825s ago: executing program 1 (id=365):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$VIDIOC_S_PARM(0xffffffffffffffff, 0xc0cc5616, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100004, 0xffff, 0xb, 0x1, 0x1}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000200), 0x2, r3}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000080)={0x0, &(0x7f00000001c0)=""/40, &(0x7f00000001c0), &(0x7f0000000200), 0x1, r3}, 0x38)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010010905"], 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x2, 0x10270000}]}}]}, 0x38}}, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r7, 0x541b, 0x0)
r8 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
close(r8)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000140)={'veth0_macvtap\x00', 0x200})
sendmmsg$inet(r2, &(0x7f0000004d00), 0x0, 0xf00)

12.262750826s ago: executing program 3 (id=366):
r0 = socket(0x10, 0x80002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x11, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f0000000040)=@generic={0x0, 0x0, 0x6})
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESDEC, @ANYBLOB, @ANYRESDEC=0x0, @ANYRESDEC=0x0])
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r3 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000002c0)="ae", 0x1, 0xfffffffffffffffd)
keyctl$read(0xb, r3, &(0x7f0000000240)=""/112, 0x349b7f55)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000280)=""/254)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)={0x18, 0x2d, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0x4, 0x18, 0x0, 0x0, @binary}]}, 0x18}}, 0x48000)
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000040}, 0x0)
r7 = syz_usb_connect(0x0, 0x24, &(0x7f0000001040)={{0x12, 0x1, 0x0, 0x40, 0x15, 0x42, 0x20, 0x5a9, 0x1550, 0xe4bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x8e, 0xc4, 0x6f}}]}}]}}, 0x0)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)
syz_usb_control_io$uac1(r7, 0x0, 0x0)

11.345606782s ago: executing program 2 (id=367):
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b00)={<r0=>0xffffffffffffffff})
bind$unix(r0, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
r1 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x800, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x40f00, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x1}, 0x18)
creat(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
openat$vsock(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x2, 0x80805, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0xff2, 0x7ffffffd, 0x4f565559, [0x1000, 0x1000008], [0x9, 0xffb], 0x108}})
mremap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000084c000/0x3000)=nil)

10.2720567s ago: executing program 2 (id=369):
socket$nl_crypto(0x10, 0x3, 0x15)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x909100, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f00000000c0)={0xc})
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000001c0)="00940a37", 0x4)
sendto$unix(r3, &(0x7f0000000440)="36d9a32e92c131d730b1abaedb51eb66fd2d5b1f7eda4f0e859fdaf294bad70673813533d8bf1c6a77b65a7afdc01b29e73571071a68d5def5d7df839810da130b9348f4d9d407eb478d5bfb298c552a498271af70914e14ba9476fd2a0e47984c25ea20afab3064a748add27a7149e9c4705475bda2ecec9ec30214f28c5e16fd3f50f604f20232c534409e52bff64fc6ca0f5e254083aec2794b7216e002e87caf3d0fa7d04ff9e3b03e81595a04979594ff6ea888bf13de8e8f74c6178e31e47593732ae1a501ad3641d423195a788efdb643f50a8c8b9794a62f7b8dfa0fa7da9d391b92ce2a7f9fe0f9d584a3775f", 0x703d59595f6742a8, 0x800, 0x0, 0x0)
sendto(r3, 0x0, 0x0, 0x20000800, &(0x7f00000000c0)=@nl=@proc={0x10, 0x0, 0x25dfdbfb, 0x1}, 0x80)
recvfrom(r3, &(0x7f0000001680)=""/4121, 0x1019, 0x10001, 0x0, 0x0)
ioctl$int_in(r1, 0x5452, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB], &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, &(0x7f0000000100)='H', 0x0}, 0x20)
bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000100), 0x6)
fcntl$setsig(r1, 0xa, 0x12)

9.578691925s ago: executing program 0 (id=370):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pivot_root(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='./cgroup\x00')
socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
r4 = syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, 0x0)
openat$vcsa(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x84042, 0x0)
syz_open_dev$loop(&(0x7f0000000500), 0x47ffffa, 0x60500)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
unshare(0x22020400)
r5 = memfd_create(&(0x7f00000001c0)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\v\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\xd5)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x8, 0x0, 0x0, 0x41000}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)

8.849219817s ago: executing program 4 (id=371):
r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
r3 = socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(r3, 0x89a0, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x25}, @rand_addr=0x64010125})
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_procfs(0x0, 0x0)
r5 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r5, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
setsockopt$inet6_opts(r5, 0x29, 0x37, 0x0, 0x18)
setsockopt$inet6_opts(r5, 0x29, 0x36, 0x0, 0x0)
fchdir(r4)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r6 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x4, 0x0, 0x9})
ioctl$VIDIOC_REQBUFS(r6, 0xc0585609, &(0x7f0000000280)={0x0, 0xa})
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB], 0x50)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x7, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r8}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0xb, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x2, 0x3, 0xa, 0x9, 0xfe04}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x2, 0x2, 0x0, r7}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x69, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x7})
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
syz_usb_connect(0x0, 0x4b, &(0x7f0000000000)=ANY=[@ANYBLOB="120100003f9aab106d04f0080d50010203010902390001000016470904000003080662"], 0x0)

8.637546482s ago: executing program 0 (id=372):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x7ff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x41)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)
r5 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendfile(r5, r5, 0x0, 0x8)
listen(r5, 0x80000001)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f000000a6c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r6, &(0x7f000000a800)={0x0, 0x0, &(0x7f000000a7c0)={&(0x7f000000a700)={0x34, r7, 0x1, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPVS_CMD_NEW_DAEMON(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="010028bd7000feffffff09"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x40)

7.592682154s ago: executing program 0 (id=373):
socket$pptp(0x18, 0x1, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
socket$key(0xf, 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeeb, 0x8031, 0xffffffffffffffff, 0xc36e5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmat(0x0, &(0x7f00006c8000/0x1000)=nil, 0x2000)
msync(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x6)
unshare(0x3a000700)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x22, &(0x7f0000000000)=0x8, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000300)="86500ff6e9bc3513aadc778325da3845a74329c5b7fea075a91e58991aacee35ba7c97793daabef0129fbc019f59cb4113b6ab7b2aada247535fc7b2364c38de68f52feb50fad80e8ea14dbb989fd8309c5b66a782c17ae07d0d12fe5c253eab5c", 0x61, 0x8004, 0x0, 0x0)
r6 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffeffe, 0x18, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x31)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)

6.647894735s ago: executing program 1 (id=374):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
socket$can_raw(0x1d, 0x3, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f00000004c0), 0x14305, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, &(0x7f00000000c0)=0x80000000, 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_256={{0x304}, "76f7bc3e4ae1c84c", "af193cff4810ba5ac120d096eb00b40752095b4285514ca312c52e3a08756735", '8\x00', "bc3a20b10f4ad11e"}, 0x38)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_NEW(r4, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000740)={0xb4, 0x0, 0x2, 0x5, 0x0, 0x0, {0x8, 0x0, 0x2}, [@CTA_EXPECT_TUPLE={0x60, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @rand_addr=0x64010101}}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @private=0xa010100}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x5}, @CTA_EXPECT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x1}, @CTA_EXPECT_HELP_NAME={0x8, 0x6, 'RAS\x00'}, @CTA_EXPECT_HELP_NAME={0x5, 0x6, '\x00'}, @CTA_EXPECT_TUPLE={0x20, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x5}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @remote}}}]}]}, 0xb4}, 0x1, 0x0, 0x0, 0x20048010}, 0x24000000)
set_robust_list(0x0, 0x0)
close(r3)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newsa={0x154, 0x10, 0x633, 0x0, 0x0, {{@in6=@private0, @in=@broadcast, 0x0, 0x4000, 0x0, 0x8004}, {@in=@dev, 0x0, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1a}, {0x327, 0x2, 0x0, 0x0, 0xfff, 0xfffffffffffffffc}, {}, {0x8f}, 0x70bd29, 0x0, 0xa, 0x4}, [@encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@rand_addr=0x64010102}}, @algo_crypt={0x48, 0x2, {{'cbc-serpent-avx2\x00'}}}]}, 0x154}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xc001, 0x0)
ioctl$TIOCGSERIAL(r5, 0x541e, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001780)=""/4070})
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xa, 0x4, 0x1, 0x4}, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

6.499805731s ago: executing program 0 (id=375):
r0 = openat$dsp(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, 0x0, 0x118)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0xc208ae62, 0x0)
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000001940)=[{{&(0x7f0000000480)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000500)="cf7415f959515a77fe90e95c74e55c56363f32cc515dad5af88d9a0074d1710a039a5915f818d2ca40abe4d9c1734912865ec61677c3b3477a0fa2b7395fd079a45c7672efd74edc73e39d80273fdcb0c4efbff95f32ff8d77c66f6daf96dae0bee2c20d000000000000d9629177df6c7fb375f43be4451668e85371bb53e0210dffcca5ae52407ce0dbad3bad19535bf0e80f15359e9c9d32fdb31b2a827bab5b772c44ffe5781949f0", 0xaa}, {&(0x7f0000000240)="63aea10966b5cd06a6a91ccbeaba73f24f00573abae695", 0x17}, {&(0x7f0000000600)="5cfe776769efe1abf9", 0x9}, {&(0x7f0000000600)}, {&(0x7f0000000640)="df", 0x1}, {&(0x7f0000000680)="665e350acd7e80fa6d8c62978d49db5fb3e439683309fd73996a6a4bf613879a3958813a34756e9e13707aa6907a044a0178fc60373803c9c28fd9b420d56649e7680ee00e5e3d0b836484", 0x4b}, {&(0x7f0000000700)="e22223c5f6a3b3cfdf443230ba459bd4f6592c1b120b850b53ae4f564568d8813054be00e47fd8e7fa6fb46efcb1115d5748873958d7c9b4a978f50257ef2a6f150fe35fa0fba7a572e6e3ad1c7921365e664c92d996426a3079e9db54af4e98d1e59d1ec68341244a15fcee08accf64a00344e6662ae83a84a9383912fa5dfb99444f8694f9f3b68eeb606c0f03271a88342a35a3a931d4e9ce11c2038c4ad5125039f4531cc476281ebd3d5bf21c24e67f2f87a7263a282fc9078bd6b53b4a06e48aab705797192c6ef37f90746b5fd469e5aa6c7432178f72435638ee99d2d7eaa886ddbf576069a3429ce6c5455cd9a14cc08a", 0xf5}, {&(0x7f0000000800)="111c7a94e3bbc92722d54d0726321f176f801d83e34a7e825686b4caadb52480d4ac1463379b16ae", 0x28}], 0x8, 0x0, 0x0, 0x8044}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000008c0)="0fee40a4fc1fb42dfff3dc444660054923fcaf1058301106ab3fcbfbdcc6ef4362e242400d0622a8", 0x28}, {&(0x7f0000000900)="90609f08f7c9a7749dd77d97fce580c187ebc6568842473d846c2642daac2a43a2976c1288d5c109b1ff1d6fd9b29867b238a7f690b8286197bbad8216b1875fc34ca648a2b3bd66c1f548343ed27515c46c909b6ffc0094badca0fa822b113fde3c2a72526e47b9ffb52deb02f29058b2f264088db44f0971fd0d1a163c7e444049fce10b64bc925d9bd6de17911b4f384d6df02143d3410a3ca236661cdd8cbc3695c31ff17389338312f4b19f12dd0c7f1b70945ae2096bee32e0be22f46d167fae2daf9e4951fefdca0acc15181135acf0575086dc4bb3b13e24d52d711e9f42c2e12c8f59d5a9b2dc2d126b0a7640c91811fa2c", 0xf6}, {&(0x7f0000000a00)="07fce4e1e6ef72fcb62162c43abb0e5e53198b2efc77174cd5c8778a281d66758157557ef754352f849cd7b4df8bcf77dc43eff784241f46f98797819ee5a56851fac5154c987c15cfb2c92dee1f74f47051f0ed462a713a18fcf5e074995b848878895888e77103cd185fff0f00447a2106883506", 0x75}, {&(0x7f0000000a80)="f037876decb2974094af21a290def0c4c2f68b2316e8793f14a63feeff0a8f0643d546b71db5f687b1b89a543fb0d98d933f8a1508c202c8b163dd5e95e6e51792ecd10d25d6fe34a4daa90ddd0d055c9df486cf68c4c7b3d76265f84d9537c44f6e48008689f2d7dcbd226b35b85aad1b7135b32927280c", 0x78}, {&(0x7f0000000b00)="4ce64aebb383fe8b084f64a7ddcfe5fc4482eb28fa2313979450b2faea23bc2164b59204d633513810dce0379f34a9bf052cc0a96113ab4a09d463d245621e81fdda07bd43f0dcc5e7a32030cc969071eeeb606966a7fed1ba7e4ef5fe9963017055179459dbbef62b0f316082fa93fab9b53cbbd1da20f3be88e83633021f756ed94a6f5dc923a1a2474d84b1a064e1355f4a77e1e503c05c2ff564975d0488d33bf791296cb987444b778034ec97bcf0765fcedbac8c78fa748477eccfe6f66dca5475451d2eae87159c7dde69ace50970d4c42242043f4055ded6b36290dc9c9d35c0f8c1a6823b1e7135c5c1f278a1", 0xf1}], 0x5, &(0x7f0000000c80)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r2, @ANYBLOB="009f6e4a"], 0x18, 0x4000}}, {{&(0x7f0000000cc0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000e80)=[{&(0x7f00000013c0)="072249461d7c7bd8982aefc3969c565ff8a81694a7f1765a1ee81d047a435823a984856100d6592ddf35693e76d51e3ef556526bfcd0e52016", 0x39}, {&(0x7f0000000dc0)="1cdcef5eb78a589d6cc20e79f3faa1d8802e17c460f48f5b65597e9171697c845e41d55eb692221ad56bb80c60db36e67564c06cf186dc84031be79ae6d7a16cec93d008ff65583e7f543c58425d7d2ebe875a169fe4f2e2ecddb94db559c9722bf3ed1e6b6283326d7b8efa82ee4dc9982498b04a6b00e178ac0598195607e79862b3a0984647101464601284e7a5219b3b8933e3c78cd219f5108a990e1b544252790d3c0498d073a9", 0xaa}], 0x2, &(0x7f0000000ec0)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [r1, r2, r2, r2, r1, r2]}}], 0x48, 0x4040800}}, {{&(0x7f0000000f40)=@file={0x0, './cgroup\x00'}, 0x6e, &(0x7f0000001380)=[{&(0x7f0000000fc0)="bc8049de038b63fd03316e4b3cbeda21b35d7e97cf3c443dac62cef984ea87acb385163dc9fc2f4bc45294a5f93d5776fa4b05e1d19510522a3c2c20d555749a5ca264776db648bb8258831bbe1e79ee88e26eb7413c440ec856e4dc0d4463f0f8ccdf37dd2fbcd718a57e13b7a825f5dfe11168b0bcf4590d36cc1d3c8c18e8ea2077", 0x83}, {&(0x7f0000001080)="622aee2b8f7cb00a503c705beda224d445f042133c7cdc8def637628cb1376811626c540f7f189e3ff70e1b87e0e089a9f0802c8366adcba328d983a48bd66abacbbfa953b2496eb322b4ae0811a0189cc94e7baf630c83ebd892935f37a851598430394442809b9d3dc19618ed4f2ef7eae9eedc69c5d2ac38105134183eeb394ad22f632a74fb64540451b28689c808d69a908169315746e9a27b91194d3fc9601d713f1876ed64077e33cde55c5f41d33df14858bac50af4d72ef9669f57485f25934692c5782a60b7125417a93ed558d62caa38086d59ac9f1e7e9f26dbbbce4867912e4cf73b72645baa4ddfd6c3993", 0xf2}, {&(0x7f0000001180)="39a4f9082df1b1ba1573302aa3521f89e0445f1bbf4180729d0f0f854493986dc3c2e490171848b4031f8e6f8e2dccba18ed4df8dc9b558dffe023804f9c644d695900772baee17f0f1203907662c12ab29f4d0e4c3d3ef1c12cbef0481cf470d69aa7a26a384d191544dd30caf3cad3e398961ab50d23cbad722534bc8edf1a7ccb7e056c5f9e3d48ee2932243023545fdfe7338b911e1520c32930ef8a80058d9f165a4c9ababd16963c86ba847ad340f47f1e116d5d2795d88a6d5d7deb7128587b433b3b4fa11879b74f2bf0fafd3db3b2e7cc2c10a0b3a497b6bcf6", 0xde}, {&(0x7f0000001280)="c0cf06628cba034505f6ea58bed016e03f60f74d27707eb82eb2f96947557397cf561f6aab5cf86dda2cb7fee6ab38d776fc6f0278f6928bab838255df7e3f5e36b8f97761a6f8df5458cb089d16b42be13bd318f986fff640639d37e412a9c75c503df1a87a8c6a2f9dfa98f41b7804127ef6570dbf4930cc075c9ead2edf663eb836f86db5051ab38ee9df74ac7020e0eae312c525f03dea89ce72dd2f47af7087f990ded937412f894bfafc86d0a45fcbefe724ddac45e28d3235ec668e31191174cbc5dadc7ccb6fe52a85c6a49b79d141a52d1bd5bea063d16e757baa9c7eb209", 0xe3}], 0x4, &(0x7f0000001440)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [r2, r0, 0xffffffffffffffff, 0xffffffffffffffff, r0]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff, r2]}}], 0x70, 0x8055}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000014c0)="541dfd1aabe809c7d5bd60f7aaafbd360f24c65a777779e052142939d37d78e16f32057102fb5b7a290fcb5917fb3e974734fc696494e56bd81865afd8e85e49ef29a5d7f79dc9a4edbf49730494f717182d7e285eb10ab69c083bbcb8021ef59c3f421b3c7af24631199bd02ec438485f42329868176b120f49d2de2c5c4f0d3ee0f9e798b7fbda1213be3a1c96126d1677419a01c60cf58e57b89729ce59b8b6b542f452aa063bcbb9dc4c4de50e351559ab73bf687b2ecddddc222231bcee60355cb14a0a5348a32b74b22250920fa8e9", 0xd2}, {&(0x7f0000001a80)="76f292c3051fb6ec6c4a662d6b65e73e4f25a0e82581b702a4fde921d69af8c92c347f9ca81fab668f78248ec6cf5a7f22dfa4bb32b68e6717bd64aaca196d1d24de9b538041e34c8a2efd9545dcbfd1d91d71c0a66cf44170932c0d516ed88afb825b706a736991fc0de75fa4843a5b0c0f71d507b55f48cc04d74e01a79c2f045d13d5b9c6a611b2c3d67e57e5b420cc660fd15097249c2cae8f167d2a262d01a0e2831ba36a420bf37ff8d0ca2c2946f0a3543ed21ed829e31fb19dabe8cebd94a820f4a1f07009fca09e2f88b666c7a0e8725ac69dc1ae95fe542f87849980c6dbfa6c1daebac360b9d1940bb4bb06c9", 0xf2}, {&(0x7f0000001800)="4daa9315f3d0684161b40fe7d477ddab23daa03b072a6a0f60ccfed2e48621293e638f9f956192c7717533bc044840aeb9e14c647a621476849416cf6539d1526dd27be3c85506fdd59e5e26ad91621d2a16257982f449d3f064500f333e2452b1b8c0d5d3da9376070000007c3dfc8d50522214b12b66f7d0021dfa06c65b9990bbbfea43fd92fe3217ae74900438d1288a62ae20a8b16f50bcd6cf4d66b7892adde1e4e2da43a2f74343099e240a3c0146f95d5ff0500f65637e4552f720fdd201010697a0d20a7ba4e8cecd4b056681ca30f5371e9cac159ab13ad8fd2fd849230eba397762d41fb21219fdfa84cc7e18d70483364a0b6c6091efcbda35411b7030f47827a4e4ed3465b806b7736901df392f943bd08086d1701936770a0e", 0x120}, {&(0x7f0000001740)="9d8adefbc82367bb8c41f304609ab8fbbd075a67faab70e672749f58f44c1c535d2c9aacb924fa896aa1140e1ec21cee2c21897cc9f14f75bb6581a23bb4f5392ec00eb1c9bbb9eeab063773d3495775a286976282676968a685672015cd1d57e767717e", 0x64}], 0x4, 0x0, 0x0, 0x20000414}}], 0x5, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4c, 0x9, 0x6, 0x0, 0x3}, 0x0)
r3 = inotify_init()
chdir(&(0x7f0000000340)='./cgroup\x00')
mkdir(&(0x7f00000002c0)='./file2\x00', 0x0)
rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00')
r4 = inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0x5000009)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={<r6=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
memfd_create(0x0, 0x4)
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB, @ANYRES8=0x0, @ANYRES64=r4], 0x154}}, 0x8801)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000008500000070000000850000000f00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='sys_enter\x00', r8}, 0x18)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x10004, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000180)={0x3, 0xfffffffffffffee4, 0xfa02, {{0x0, 0x4e21, 0x40003, @mcast1}, {0x2, 0xfff9, 0xbfc, @private1={0xfc, 0x1, '\x00', 0x1}, 0xffffffff}, r6, 0x9fffffff}}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r9, 0x8946, &(0x7f0000000100)={'netdevsim0\x00', &(0x7f0000000280)=@ethtool_ringparam={0x33, 0x7f, 0x5, 0x0, 0xe, 0x3, 0x2000000, 0x1, 0x3000000}})

6.210954186s ago: executing program 1 (id=376):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0xa4940, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000240)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000100)={0x28, 0x7, r3, 0x0, &(0x7f00007ff000/0x800000)=nil, 0x800000})
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000980), 0x1, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r5, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf523", @ANYRES32=0x0, @ANYBLOB], 0x50}}, 0x4008840)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000f40), r6)
sendmsg$IPVS_CMD_NEW_SERVICE(r6, &(0x7f0000001100)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f00000001c0)={0x68, r9, 0x1, 0x70bd67, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x54, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@remote}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x5}}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x39}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x11}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x115}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x20004084}, 0x20008800)
sendmmsg(r5, &(0x7f00000092c0), 0x4ff, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x521281, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)

5.704712877s ago: executing program 3 (id=377):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0x3}, 0x31)
sendmmsg$inet6(r3, &(0x7f0000009fc0)=[{{&(0x7f0000000200)={0xa, 0x4e22, 0x9, @empty, 0x2}, 0x1c, 0x0, 0x0, &(0x7f0000000840)=[@rthdrdstopts={{0x18, 0x29, 0x37, {0x49}}}, @pktinfo={{0x24, 0x29, 0x32, {@loopback}}}], 0x40}}], 0x1, 0x20000811)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x54}}, 0x0)
r4 = syz_open_dev$vbi(0x0, 0x3, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000080)={0xf0f046})

5.583970293s ago: executing program 0 (id=378):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
socket(0x10, 0x3, 0x0)
socket(0xa, 0x80000, 0x7a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="580000001900010000000000fbdbdf251d010900440012804000800031004180e7227ae5c252f37c41df2a84b5cdecbc7e272fbe572d6a76e2253ab30bd45f00466ac176050400be800400e38000"/87], 0x58}, 0x1, 0x0, 0x0, 0x4001}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000e95000/0x4000)=nil, 0x4000, 0x66)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
shutdown(r2, 0x0)
listen(r2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000300)="fbe4ce478bec748e6bf5aa4768db2416453840b12e839b64576b48f38175bdd8e3e67d33b0e41ef827572b001db940cecf63f0291c36faf292cf1a44d8027f4ded512c8c1a9c5e3d6ada7e25b27d9961d16359e172299e42fa62a909888d1125476aa986e1057ce6b689870bce825fc7fe1548385e52f2760fd856566bf69db2dc4b2d06a0129bbb9412960aa9182df7d448001e77a9ac7b3b66582a0ba9d5311f4b6951b3", &(0x7f00000003c0)=@tcp6=r2, 0x1}, 0x20)
recvmmsg(r2, &(0x7f0000003780)=[{{0x0, 0x0, &(0x7f0000003ec0)=[{&(0x7f0000000ac0)=""/4093, 0xffd}], 0x1}, 0x3}], 0x1, 0x40018020, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00')
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='contention_end\x00', r4}, 0x18)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
socket(0x2b, 0x80801, 0x1)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x106}}, 0x20)

5.437856685s ago: executing program 1 (id=379):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000884)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x124}}, 0x0)
r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f00000029c0)='/dev/comedi4\x00', 0x600, 0x0)
ioctl$COMEDI_BUFCONFIG(r2, 0x8020640d, &(0x7f0000000040)={0x1, 0x3, 0x10})
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8000}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)='/', 0x1}], 0x1, 0x0, 0x0, 0x40}, 0x0)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000080)='veth1_to_hsr\x00', 0x10)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, &(0x7f0000000180))
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f00000002c0)=""/192)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
unshare(0x2040600)
syz_emit_ethernet(0x76, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, 0x0, 0xffffffffffffffff, 0x26)
r5 = fcntl$dupfd(r0, 0x0, r0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfffffd9d)
write$FUSE_INIT(r5, 0x0, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r6, &(0x7f0000000580)=ANY=[@ANYBLOB="4600010002"], 0x8)

4.558852112s ago: executing program 3 (id=380):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
io_cancel(0x0, 0xfffffffffffffffe, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x28, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x18)
recvmsg$unix(0xffffffffffffffff, 0x0, 0x2121)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'trusted:', 'syz', 0x20, 0x1000}, 0x2d, 0xfffffffffffffff9)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x7c, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x47c, 0x12}}}}, [@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x6558}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x3a, 0x33, @ctrl_frame=@ba={{}, {0x6}, @device_a, @device_b, @multi={{0x0, 0x1, 0x1, 0x0, 0x2}, [{0x0, 0xc, {0xa, 0x7}, "6e74be79f529790a"}, {0x0, 0x8, {0x6, 0x9}, "4ba5ec15b9af5b51"}], {0x0, 0x5, {0xa, 0xd50}, "6339425cdfdc7c15"}}}}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x20040894}, 0x5)
chdir(&(0x7f00000003c0)='./bus\x00')
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000001fc0)=""/184, 0x20002078)

4.059998732s ago: executing program 1 (id=381):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2f", 0x68)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r5, r6, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r7, 0x1)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a)
sendfile(r7, r9, 0x0, 0xffffffff004)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd50000000109022400010000800009040bfd02337761000200048140060905870308"], 0x0)

3.512845713s ago: executing program 2 (id=382):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000008500000050"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="3b1c1b2098f0bc154c9778a9229a7d3bd98f8b", 0x13)
sched_setaffinity(0x0, 0x0, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, &(0x7f0000000000)="ca02016eba2d52b5f2ac03cc9f38f9d9", 0x10)
sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000018, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r7 = fsopen(&(0x7f0000000340)='ocfs2_dlmfs\x00', 0x0)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xfffffffffffffffa, 0x18000)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
fsmount(r7, 0x0, 0x1)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x2, &(0x7f0000000200)='/dev/snd/midiC#D#\x00', &(0x7f0000000d80)="fb", 0x1)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)

3.455489022s ago: executing program 3 (id=383):
r0 = socket(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000001c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r3, 0xc02064b9, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8000000", @ANYRES8=r3, @ANYBLOB="01000000000000000000010000009c000880980000804400098040000080060001000200fcff080002007f0000010500040000000000000001000a0000001400020000000000000000000000000000000000050003000200000008000a000100000024000100975c9d81c983c8209ee781254b899f8ed925ae9f0923c23c62f53c57cdbf691c24000200eff93d58460ec90000004a6894ddb2834088d7445bf5afdd0619ce173f1fb71724000300b08073e8d44e91e3da922c22438244bb885c69e269c8e9d835b114293a4ddc6e1400020077673000"/226], 0xe8}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c0000004800010000000000000000000a00806e0800000000000000140001800d2a79075827af5aa534d6815c2e93f10c000280", @ANYRES32=0x0], 0x3c}}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0xa0000, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r9, 0x4068aea3, &(0x7f0000000000)={0xbe, 0x0, 0x1})
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000"])
socket(0x80000000000000a, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB, @ANYRES32=0x0], 0x48)
connect$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e23, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000000)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private1={0xfc, 0x1, '\x00', 0x4}, 0x0, 0x8000}})

2.565357232s ago: executing program 2 (id=384):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000acd000/0x400000)=nil)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x8)
r2 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r2, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r3 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r3, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
writev(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="f1", 0x1}], 0x1)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x23, &(0x7f0000000080)=0x6, 0x26)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f00000000c0)=0x3f9, 0x4)
recvmmsg(r2, &(0x7f0000000300), 0x40000000000049e, 0x1000000000fe, 0x0)
socket$packet(0x11, 0x3, 0x300)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xa, 0xfff}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()

2.363972877s ago: executing program 4 (id=385):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r4, &(0x7f0000000040)={0xa, 0x4001, 0x0, @loopback}, 0x1c)
r5 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0)
socket(0x2, 0x80805, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'sed\x00', 0x6, 0x3, 0x1815}, {@private=0xa010102, 0xce20, 0x4, 0xa, 0x80812f58, 0x12d5c}}, 0x44)
sendmsg$nl_route(r5, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000000c0)=ANY=[@ANYBLOB="200000001800110101000000000000000a0080000002000800000000040008800fc5f4e6"], 0x20}, 0x1, 0x0, 0x0, 0x5}, 0x4)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000800)=@newsa={0x148, 0x10, 0x713, 0x0, 0x0, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {@in6=@local, 0x0, 0x33}, @in=@rand_addr=0x64010100, {}, {}, {}, 0x0, 0x3502, 0x2}, [@offload={0xc, 0x1c, {0x0, 0x4}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}}}]}, 0x148}}, 0x0)

1.999469467s ago: executing program 0 (id=386):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2f", 0x68)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r5, r6, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r8 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r8, 0x2284, &(0x7f0000000080))
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r7, 0x1)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r9, &(0x7f0000000000), 0xffffff6a)
sendfile(r7, r9, 0x0, 0xffffffff004)
setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004106cd40cd060f011bd50000000109022400010000800009040bfd02337761000200048140060905870308"], 0x0)

220.152084ms ago: executing program 4 (id=387):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r3, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001100)={0x10, 0x1407, 0x1, 0x70bd27, 0x25dfdbff}, 0x10}, 0x1, 0x0, 0x0, 0x40}, 0x40844)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x78, 0x802)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x100000000)
mremap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f00003eb000/0x1000)=nil)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x4, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x44}, 0x20)
socket$netlink(0x10, 0x3, 0x12)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r5, &(0x7f0000005e40)={0x2020, 0x0, <r6=>0x0, <r7=>0x0, <r8=>0x0}, 0x2020)
write$FUSE_ATTR(r5, &(0x7f0000005340)={0x78, 0x0, r6, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r7, r8, 0xb, 0x8, 0x1000000}}}, 0x78)
lremovexattr(0x0, &(0x7f00000001c0)=@known='system.posix_acl_default\x00')
sendmsg$NL80211_CMD_CONNECT(r0, 0x0, 0x0)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r9, 0x6, 0x210000000013, 0x0, 0x0)
connect$inet(r9, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r9, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)

147.983505ms ago: executing program 3 (id=388):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r2, 0x0, &(0x7f00000000c0)=@tcp6}, 0x20)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, &(0x7f00000004c0)={[0x0, &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0xffa1, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r6, @ANYBLOB="00000000100000001c001a80080002802d00ff0008000200", @ANYBLOB="35874207"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x8004)
r8 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000003c0)={'dummy0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newqdisc={0x30, 0x24, 0xd0f, 0x70bd2d, 0x2000, {0x60, 0x0, 0x0, r10, {0x0, 0x3}, {0xffff, 0xffff}, {0x0, 0x4}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x80d1}, 0x30008000)
sendmmsg(r8, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000240)={0x2c, &(0x7f0000000300)={0x40, 0x31, 0x52, {0x52, 0x22, "f9735db24e469b6fec2c4cbbe2699ae09ea5f57062b49dea8a29f810ee994f766e16c0ea76da1c2d52b4b4abb13e21cb5ad407e7cd2c0811e3a31dace5906565b8c5c10714aec92a867edfa87dd1b956"}}, &(0x7f0000000400)={0x0, 0x3, 0xb3, @string={0xb3, 0x3, "c2bb98ad0fa1a418baff258513f86c035ec33f6eb458d553fe98aa5826695c83b411c39295c975bbe132abd3402d93e3909e977e8164207447bd4548a23f126704867216f58ee635a8e21e9e4b0047438f0d0f45a279a3527225a2f6a0f8192a2f6371f1ab2e51d6b6b55d014d44bace21467dea5eae055d4ded6d24baafafb0d9614dba8427d6c1194c545cf6739b4f0b172662c6b917d657750b97dbae4850b66b4aa51e4aac1abd2023b651e0be908b"}}, &(0x7f0000000500)={0x0, 0xf, 0x132, {0x5, 0xf, 0x132, 0x4, [@wireless={0xb, 0x10, 0x1, 0xc, 0xa, 0x2, 0x2, 0x6, 0x4}, @generic={0x103, 0x10, 0x9, "bcb737a69cacbb337a03ae102ac6405fe25d566ca554378b3540523bfbe57118d50296681602bfe6c6871dbd06c56d67caf31f512a58d006e648877f2fccad973911dd18f059d217bd38abcb3b77ba5e3c5f1adc7295515e82958e91b1326a03b69aaef32aec3c1e1d75d3e01c209079ab7ebd5de53f323117cb25141f6c58ad468e7b7cca82dd2c31ec340e81ecac565b4d67ebcc2a7c1f538ce9fc468f093f91e3c243f895881f7d4ef66c939b12c65c9d05eec65f2efe75055381037ad32f0752e7a156a73c7e3af4c132f0dfe9be763dab6168977854e057e820056258fe0e39e7252defdb217b7628cc769b26a039cc1ffad4a2c882908f12bb4f9cffc5"}, @wireless={0xb, 0x10, 0x1, 0x4, 0x51, 0x67, 0x5, 0x4, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0x6, "0fbdca72f91cb3ed4910bf970c57563b"}]}}, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x4, 0x1, 0x8, "aa44f86b", "e5915ba1"}}, &(0x7f0000000100)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x0, 0x4, 0x5, 0x87, 0x6, 0x8000, 0x1000}}}, &(0x7f0000000ac0)={0x84, &(0x7f0000000640)={0x40, 0x31, 0xa7, "eafe31db4670c2fa62eff0b3987f9789e14a7b6bc2fba1b7ad5e4304d552e1d0f629477f089e140b342c1476b9b0115ce4497dd36f73a1eea8a6f4281cc9cf006b11d0ba182e2a684697e9a53deb0bbaf87982ae1462b38e5d456ef2cf7db9bee997fe8e3d95a6a24de9e6c2f08296ad686e06ebc92b4949a7e812c4a896a0a6732c30ee4b5c85964a614b9a7f561c8c64d90a40089ee8b475e3948ffe32128fcbf5fd358b2c45"}, &(0x7f0000000700)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000000740)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000780)={0x20, 0x0, 0x4}, &(0x7f00000007c0)={0x20, 0x0, 0x4, {0x800, 0x20}}, &(0x7f0000000800)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000840)={0x40, 0x9, 0x1, 0xc}, &(0x7f0000000880)={0x40, 0xb, 0x2, "b869"}, &(0x7f00000008c0)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000900)={0x40, 0x13, 0x6}, &(0x7f0000000940)={0x40, 0x17, 0x6, @broadcast}, &(0x7f0000000980)={0x40, 0x19, 0x2, "2e9d"}, &(0x7f00000009c0)={0x40, 0x1a, 0x2, 0x8000}, &(0x7f0000000a00)={0x40, 0x1c, 0x1, 0x2}, &(0x7f0000000a40)={0x40, 0x1e, 0x1, 0xfb}, &(0x7f0000000a80)={0x40, 0x21, 0x1, 0xa}})

0s ago: executing program 2 (id=389):
r0 = semget$private(0x0, 0x20000000102, 0x0)
semctl$SEM_STAT(r0, 0x2, 0x12, 0x0)
semop(r0, &(0x7f0000000240)=[{0x3, 0x0, 0x1800}], 0x1)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000000680)=[0x7, 0x7f, 0x1, 0x9d])
r1 = semget$private(0x0, 0x0, 0xc1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000004c0)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0xfff6}, 0x40, 0x2, 0x0, 0x0, 0x0, 0x0, 0xc6})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
execve(0x0, 0x0, 0x0)
sched_setattr(0xffffffffffffffff, &(0x7f0000000100)={0x38, 0x0, 0x40, 0x8, 0xab9, 0x75, 0x3, 0x348, 0x8, 0x3ff}, 0x0)
openat$dsp1(0xffffffffffffff9c, 0x0, 0x400080, 0x0)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r4, 0xc0045005, &(0x7f0000000280)=0x40000002)
ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f00000000c0))
mmap$dsp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000009, 0x8012, r4, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x4)
socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCGPGRP(r2, 0x8904, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f00000009c0)={0xf, {"a2e3ad214fc752f90b5e09094bf70e0dd038e7ff7fc6e5539b1b48078b089b3b0838721a0890e0878f0e1ac6e7049b3d6c959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31320d07420736cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e2c5070000179c6f30e065cd5b91cd0ae17d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3bb469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918070000003f0000000c558cdc0a3621c56cea8d20fa911afe40db6ebe8cac64289fd3da232f1b5dbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860421c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2f09000000000000007747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847354b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d483d4675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516ab68032f88c042ffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d95f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9d1a3d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdfa1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442748af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d00000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000001c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500", 0x1009}}, 0x1006)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000340)={'hsr0\x00', <r6=>0x0})
bind$packet(r5, &(0x7f0000000000)={0x11, 0x3, r6, 0x1, 0x0, 0x6, @local}, 0x14)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@getchain={0x6c, 0x11, 0x839, 0x8, 0x25dfdbff, {0x0, 0x0, 0x0, r6, {0xc}, {0xfff3, 0xffff}}, [{0x8, 0xb, 0x1}, {0x8, 0xb, 0x8000}, {0x8, 0xb, 0x800}, {0x8, 0xb, 0x89}, {0x8, 0xb, 0x7f}, {0x8, 0xb, 0x4}, {0x8, 0xb, 0x2}, {0x8, 0xb, 0x400}, {0x8}]}, 0x6c}}, 0x20040000)

kernel console output (not intermixed with test programs):

]  ret_from_fork_asm+0x1a/0x30
[   73.724811][ T5835]  </TASK>
[   73.724834][ T5835] kobject: kobject_add_internal failed for hci4:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   73.990216][ T5835] Bluetooth: hci4: failed to register connection device
[   73.993764][   T30] kauditd_printk_skb: 71 callbacks suppressed
[   73.993777][   T30] audit: type=1400 audit(1759627599.947:168): avc:  denied  { create } for  pid=6031 comm="syz.1.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   74.341544][   T30] audit: type=1400 audit(1759627599.947:169): avc:  denied  { connect } for  pid=6031 comm="syz.1.29" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   74.470501][   T30] audit: type=1400 audit(1759627600.667:170): avc:  denied  { create } for  pid=6044 comm="syz.2.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   74.556859][ T6047] netlink: 10 bytes leftover after parsing attributes in process `syz.2.31'.
[   74.805808][   T30] audit: type=1400 audit(1759627600.667:171): avc:  denied  { setopt } for  pid=6044 comm="syz.2.31" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   75.025936][   T30] audit: type=1400 audit(1759627600.957:172): avc:  denied  { read write } for  pid=6042 comm="syz.3.32" name="video7" dev="devtmpfs" ino=948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   75.258662][   T30] audit: type=1400 audit(1759627600.957:173): avc:  denied  { open } for  pid=6042 comm="syz.3.32" path="/dev/video7" dev="devtmpfs" ino=948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   75.287525][   T30] audit: type=1400 audit(1759627600.977:174): avc:  denied  { ioctl } for  pid=6042 comm="syz.3.32" path="/dev/video7" dev="devtmpfs" ino=948 ioctlcmd=0x561c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   75.330260][   T30] audit: type=1400 audit(1759627601.527:175): avc:  denied  { read write } for  pid=6053 comm="syz.2.36" name="rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   75.432040][   T30] audit: type=1400 audit(1759627601.527:176): avc:  denied  { open } for  pid=6053 comm="syz.2.36" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[   75.592978][   T30] audit: type=1400 audit(1759627601.687:177): avc:  denied  { name_bind } for  pid=6057 comm="syz.3.37" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   76.044831][ T6074] netlink: 8 bytes leftover after parsing attributes in process `syz.4.44'.
[   79.009458][   T30] kauditd_printk_skb: 13 callbacks suppressed
[   79.009473][   T30] audit: type=1400 audit(1759627605.207:191): avc:  denied  { create } for  pid=6105 comm="syz.4.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   79.084831][   T30] audit: type=1400 audit(1759627605.207:192): avc:  denied  { write } for  pid=6105 comm="syz.4.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   79.200497][   T30] audit: type=1400 audit(1759627605.287:193): avc:  denied  { name_bind } for  pid=6112 comm="syz.3.56" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[   79.208124][   T10] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=10 comm=kworker/0:1
[   79.385286][   T30] audit: type=1400 audit(1759627605.367:194): avc:  denied  { create } for  pid=6111 comm="syz.2.55" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   79.526689][ T6114] 9pnet: p9_errstr2errno: server reported unknown error 184467440737095
[   79.710094][ T5835] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[   79.718950][ T5835] Bluetooth: hci4: Injecting HCI hardware error event
[   80.126486][   T30] audit: type=1400 audit(1759627606.317:195): avc:  denied  { create } for  pid=6121 comm="syz.1.59" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   80.462432][ T5837] Bluetooth: hci4: command 0x0406 tx timeout
[   80.468664][ T5837] Bluetooth: hci4: hardware error 0x00
[   80.619202][   T30] audit: type=1400 audit(1759627606.797:196): avc:  denied  { read write } for  pid=6128 comm="syz.0.60" name="nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   80.627154][ T6132] syz.2.62 uses obsolete (PF_INET,SOCK_PACKET)
[   80.686911][ T6131] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   80.704198][   T30] audit: type=1400 audit(1759627606.797:197): avc:  denied  { open } for  pid=6128 comm="syz.0.60" path="/dev/nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   80.730657][ T6136] loop4: detected capacity change from 0 to 2560
[   80.737734][   T30] audit: type=1400 audit(1759627606.927:198): avc:  denied  { append } for  pid=6128 comm="syz.0.60" name="loop4" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   80.768865][ T6131] SELinux: ebitmap: empty map
[   80.773666][   T30] audit: type=1400 audit(1759627606.967:199): avc:  denied  { load_policy } for  pid=6127 comm="syz.3.61" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   80.798113][ T5841] Buffer I/O error on dev loop4, logical block 0, async page read
[   80.806528][ T6131] SELinux: failed to load policy
[   80.859567][ T6136] Buffer I/O error on dev loop4, logical block 0, lost async page write
[   80.880953][ T6136] Buffer I/O error on dev loop4, logical block 1, lost async page write
[   80.885190][ T6141] Zero length message leads to an empty skb
[   80.942502][ T5936] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   81.038794][ T6144] netlink: 8 bytes leftover after parsing attributes in process `syz.4.64'.
[   81.095407][   T30] audit: type=1400 audit(1759627607.297:200): avc:  denied  { ioctl } for  pid=6140 comm="syz.3.65" path="socket:[9087]" dev="sockfs" ino=9087 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   81.149082][ T6136] Buffer I/O error on dev loop4, logical block 2, lost async page write
[   81.170903][ T1205] cfg80211: failed to load regulatory.db
[   81.182245][ T6136] Buffer I/O error on dev loop4, logical block 3, lost async page write
[   81.308826][ T6136] Buffer I/O error on dev loop4, logical block 4, lost async page write
[   81.322259][ T5936] usb 2-1: Using ep0 maxpacket: 32
[   81.324259][ T6141] veth0: entered promiscuous mode
[   81.331799][ T5936] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[   81.342629][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   81.771226][ T5936] usb 2-1: Product: syz
[   81.776078][ T5936] usb 2-1: Manufacturer: syz
[   81.781579][ T5936] usb 2-1: SerialNumber: syz
[   81.812684][ T5936] usb 2-1: config 0 descriptor??
[   81.827066][ T5936] gspca_main: stk1135-2.14.0 probing 174f:6a31
[   81.834386][ T6136] Buffer I/O error on dev loop4, logical block 5, lost async page write
[   81.843099][ T6136] Buffer I/O error on dev loop4, logical block 6, lost async page write
[   81.922497][ T6136] Buffer I/O error on dev loop4, logical block 7, lost async page write
[   81.980640][ T6136] Buffer I/O error on dev loop4, logical block 8, lost async page write
[   82.154662][ T6140] veth0: left promiscuous mode
[   82.752163][ T5837] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[   84.800809][   T30] audit: type=1400 audit(1759627610.997:201): avc:  denied  { create } for  pid=6177 comm="syz.0.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   84.937420][ T6180] netlink: 8 bytes leftover after parsing attributes in process `syz.3.73'.
[   84.987410][   T30] audit: type=1400 audit(1759627611.027:202): avc:  denied  { bind } for  pid=6177 comm="syz.0.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   85.062201][ T1205] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   85.083467][   T30] audit: type=1400 audit(1759627611.027:203): avc:  denied  { write } for  pid=6177 comm="syz.0.74" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   85.111207][ T5936] gspca_stk1135: reg_w 0x300 err -71
[   85.128692][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   85.165983][ T5936] gspca_stk1135: Sensor write failed
[   85.171905][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   85.185230][ T5936] gspca_stk1135: Sensor write failed
[   85.190893][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   85.199358][ T5936] gspca_stk1135: Sensor read failed
[   85.205463][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   85.211909][ T5936] gspca_stk1135: Sensor read failed
[   85.427658][ T1205] usb 5-1: Using ep0 maxpacket: 32
[   85.432915][   T30] audit: type=1400 audit(1759627611.487:204): avc:  denied  { write } for  pid=6181 comm="syz.0.75" name="mcfilter6" dev="proc" ino=4026533152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   85.456986][ T5936] gspca_stk1135: Detected sensor type unknown (0x0)
[   85.489870][ T1205] usb 5-1: config 0 has an invalid interface number: 184 but max is 0
[   85.528110][ T1205] usb 5-1: config 0 has no interface number 0
[   85.575936][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   85.589073][ T1205] usb 5-1: config 0 interface 184 has no altsetting 0
[   86.186272][   T30] audit: type=1400 audit(1759627611.987:205): avc:  denied  { read write } for  pid=6188 comm="syz.1.77" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   86.210739][ T5936] gspca_stk1135: Sensor read failed
[   86.216148][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   86.224298][ T1205] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[   86.234498][ T5936] gspca_stk1135: Sensor read failed
[   86.250164][ T1205] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   86.259233][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   86.265691][ T1205] usb 5-1: Product: syz
[   86.273312][   T30] audit: type=1400 audit(1759627611.987:206): avc:  denied  { open } for  pid=6188 comm="syz.1.77" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   86.297711][ T5936] gspca_stk1135: Sensor write failed
[   86.303100][ T1205] usb 5-1: Manufacturer: syz
[   86.311975][ T5936] gspca_stk1135: serial bus timeout: status=0x00
[   86.318464][ T1205] usb 5-1: SerialNumber: syz
[   86.400851][ T5936] gspca_stk1135: Sensor write failed
[   86.413009][ T1205] usb 5-1: config 0 descriptor??
[   86.438990][ T5936] stk1135 2-1:0.0: probe with driver stk1135 failed with error -71
[   86.452254][ T1205] usb 5-1: can't set config #0, error -71
[   86.468250][ T1205] usb 5-1: USB disconnect, device number 2
[   86.476169][ T5936] usb 2-1: USB disconnect, device number 2
[   86.614416][   T30] audit: type=1400 audit(1759627612.777:207): avc:  denied  { bind } for  pid=6192 comm="syz.4.78" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   86.895150][   T30] audit: type=1400 audit(1759627613.037:208): avc:  denied  { append } for  pid=6194 comm="syz.1.79" name="comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   87.005426][   T30] audit: type=1400 audit(1759627613.147:209): avc:  denied  { create } for  pid=6198 comm="syz.2.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   87.149659][   T30] audit: type=1400 audit(1759627613.317:210): avc:  denied  { setopt } for  pid=6198 comm="syz.2.80" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   87.442270][ T5826] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   87.662226][ T1205] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   87.682681][ T5826] usb 5-1: Using ep0 maxpacket: 32
[   87.704798][ T5826] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[   87.728777][ T5826] usb 5-1: config 0 has no interface number 0
[   87.753264][ T5826] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[   87.787174][ T5826] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   87.826052][ T1205] usb 4-1: Using ep0 maxpacket: 8
[   87.832294][ T5826] usb 5-1: Product: syz
[   87.840429][ T5826] usb 5-1: Manufacturer: syz
[   87.845250][ T5826] usb 5-1: SerialNumber: syz
[   87.850949][ T1205] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[   87.853298][ T5826] usb 5-1: config 0 descriptor??
[   87.881052][ T1205] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   87.882556][ T5826] smsc95xx v2.0.0
[   87.993307][ T1205] usb 4-1: config 0 has no interface number 0
[   88.022283][ T1205] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7
[   88.093900][ T6212] netlink: 8 bytes leftover after parsing attributes in process `syz.2.84'.
[   88.125929][ T1205] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[   88.145865][ T1205] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   88.304587][ T6215] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[   88.308776][ T1205] usb 4-1: config 0 interface 52 has no altsetting 0
[   88.343759][ T5826] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[   88.362225][ T5826] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[   88.493953][ T1205] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00
[   88.538147][ T1205] usb 4-1: New USB device strings: Mfr=0, Product=234, SerialNumber=34
[   88.591524][ T1205] usb 4-1: Product: syz
[   88.601990][ T1205] usb 4-1: SerialNumber: syz
[   88.636070][ T1205] usb 4-1: config 0 descriptor??
[   88.999853][ T1205] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[   89.050870][ T1205] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -5
[   90.029214][   T24] usb 4-1: USB disconnect, device number 2
[   90.314309][   T30] kauditd_printk_skb: 3 callbacks suppressed
[   90.314324][   T30] audit: type=1400 audit(1759627616.517:214): avc:  denied  { create } for  pid=6233 comm="syz.1.89" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   90.370334][   T30] audit: type=1400 audit(1759627616.537:215): avc:  denied  { write } for  pid=6233 comm="syz.1.89" path="socket:[9810]" dev="sockfs" ino=9810 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   90.394903][   T30] audit: type=1400 audit(1759627616.567:216): avc:  denied  { create } for  pid=6240 comm="syz.2.92" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   90.415534][   T30] audit: type=1400 audit(1759627616.587:217): avc:  denied  { unlink } for  pid=5819 comm="syz-executor" name="file1" dev="tmpfs" ino=112 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   90.450999][ T6244] tipc: Started in network mode
[   90.457918][ T6244] tipc: Node identity 6697bc594dc, cluster identity 4711
[   90.465203][ T6244] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   90.472834][ T6244] syzkaller0: entered promiscuous mode
[   90.478301][ T6244] syzkaller0: entered allmulticast mode
[   90.494647][ T6244] tipc: Resetting bearer <eth:syzkaller0>
[   90.501909][ T6243] tipc: Resetting bearer <eth:syzkaller0>
[   90.513177][ T6243] tipc: Disabling bearer <eth:syzkaller0>
[   90.595717][   T30] audit: type=1400 audit(1759627616.797:218): avc:  denied  { read } for  pid=6245 comm="syz.0.94" name="card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   90.610757][ T6246] netlink: 116 bytes leftover after parsing attributes in process `syz.0.94'.
[   90.631201][   T30] audit: type=1400 audit(1759627616.797:219): avc:  denied  { open } for  pid=6245 comm="syz.0.94" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   90.659060][   T30] audit: type=1400 audit(1759627616.797:220): avc:  denied  { ioctl } for  pid=6245 comm="syz.0.94" path="/dev/dri/card0" dev="devtmpfs" ino=626 ioctlcmd=0x64bd scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   90.660477][ T5826] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[   90.705721][   T30] audit: type=1400 audit(1759627616.797:221): avc:  denied  { nlmsg_read } for  pid=6245 comm="syz.0.94" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   90.734905][ T5826] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[   90.751901][ T5826] usb 5-1: USB disconnect, device number 3
[   90.882502][ T1205] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   90.890024][ T5874] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   90.898681][ T6253] netlink: 'syz.3.96': attribute type 1 has an invalid length.
[   91.054719][ T1205] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   91.074283][ T5874] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   91.084601][ T1205] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[   91.093794][ T1205] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.101850][ T5874] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   91.113287][ T1205] usb 1-1: Product: syz
[   91.168776][ T1205] usb 1-1: Manufacturer: syz
[   91.185682][ T5874] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[   91.196348][ T1205] usb 1-1: SerialNumber: syz
[   91.247856][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   91.269501][ T1205] usb 1-1: config 0 descriptor??
[   91.292635][ T5874] usb 3-1: SerialNumber: syz
[   91.349087][ T5874] usb 3-1: 0:2 : does not exist
[   91.588470][   T24] usb 1-1: USB disconnect, device number 2
[   92.612314][   T30] audit: type=1400 audit(1759627618.797:222): avc:  denied  { execute } for  pid=6263 comm="syz.1.99" path="/17/freezer.parent_freezing" dev="tmpfs" ino=105 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[   92.880686][   T30] audit: type=1400 audit(1759627619.027:223): avc:  denied  { block_suspend } for  pid=6268 comm="syz.0.100" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   93.906884][ T5936] usb 3-1: USB disconnect, device number 2
[   93.929789][ T6279] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[   94.021275][ T6283] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   94.029155][ T6283] syzkaller0: entered promiscuous mode
[   94.034926][ T6283] syzkaller0: entered allmulticast mode
[   94.599063][ T6285] tipc: Resetting bearer <eth:syzkaller0>
[   94.607819][ T6282] tipc: Resetting bearer <eth:syzkaller0>
[   94.714779][ T6282] tipc: Disabling bearer <eth:syzkaller0>
[   96.912719][   T30] kauditd_printk_skb: 3 callbacks suppressed
[   96.912728][   T30] audit: type=1326 audit(1759627623.117:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   97.251992][   T30] audit: type=1326 audit(1759627623.157:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   97.286594][   T30] audit: type=1326 audit(1759627623.157:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   97.389588][   T30] audit: type=1326 audit(1759627623.157:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   97.671465][   T30] audit: type=1326 audit(1759627623.157:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   97.694702][    C0] vkms_vblank_simulate: vblank timer overrun
[   97.769396][   T30] audit: type=1326 audit(1759627623.157:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   98.271508][   T30] audit: type=1400 audit(1759627623.377:233): avc:  denied  { map } for  pid=6303 comm="syz.0.108" path="/dev/nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   98.294310][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.313849][   T30] audit: type=1400 audit(1759627623.377:234): avc:  denied  { execute } for  pid=6303 comm="syz.0.108" path="/dev/nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   98.450008][   T30] audit: type=1326 audit(1759627623.377:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   98.576758][   T30] audit: type=1326 audit(1759627623.377:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6303 comm="syz.0.108" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[   98.599928][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.919243][ T6334] IPv6: Can't replace route, no match found
[   98.973758][ T6336] netlink: 8 bytes leftover after parsing attributes in process `syz.3.115'.
[   99.052408][ T6326] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.119279][ T6326] batadv_slave_0: entered promiscuous mode
[  102.091249][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  102.091267][   T30] audit: type=1400 audit(1759627628.077:245): avc:  denied  { setopt } for  pid=6362 comm="syz.0.122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  102.232893][   T30] audit: type=1400 audit(1759627628.077:246): avc:  denied  { write } for  pid=6362 comm="syz.0.122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  103.618352][   T30] audit: type=1400 audit(1759627629.807:247): avc:  denied  { create } for  pid=6378 comm="syz.0.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  103.798818][   T30] audit: type=1400 audit(1759627629.847:248): avc:  denied  { connect } for  pid=6378 comm="syz.0.127" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  103.837914][ T6386] debugfs: '!' already exists in 'ieee80211'
[  104.239447][   T30] audit: type=1326 audit(1759627630.037:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  104.262685][    C0] vkms_vblank_simulate: vblank timer overrun
[  104.271102][   T30] audit: type=1326 audit(1759627630.037:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  104.294318][    C0] vkms_vblank_simulate: vblank timer overrun
[  104.761745][   T30] audit: type=1326 audit(1759627630.037:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  104.935911][   T30] audit: type=1326 audit(1759627630.037:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  105.078008][ T6402] netlink: 68 bytes leftover after parsing attributes in process `syz.3.131'.
[  105.087911][ T6402] netlink: 8 bytes leftover after parsing attributes in process `syz.3.131'.
[  105.248261][   T30] audit: type=1326 audit(1759627630.037:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  105.447251][   T30] audit: type=1326 audit(1759627630.037:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6380 comm="syz.4.128" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  105.798687][ T6407] pimreg: entered allmulticast mode
[  106.380423][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.133'.
[  106.391311][ T6410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.133'.
[  108.148117][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  108.148134][   T30] audit: type=1400 audit(1759627634.337:270): avc:  denied  { read } for  pid=6420 comm="syz.0.136" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  108.708975][ T6429] debugfs: '!' already exists in 'ieee80211'
[  108.816704][   T30] audit: type=1326 audit(1759627634.907:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  108.941441][   T30] audit: type=1326 audit(1759627634.907:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  108.966292][   T30] audit: type=1326 audit(1759627634.907:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  109.458442][   T30] audit: type=1326 audit(1759627634.907:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  109.516286][   T30] audit: type=1326 audit(1759627634.907:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  110.270800][   T30] audit: type=1326 audit(1759627634.907:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  110.311451][   T30] audit: type=1326 audit(1759627634.907:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  110.371969][   T30] audit: type=1326 audit(1759627634.907:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  110.588085][ T6443] netlink: 68 bytes leftover after parsing attributes in process `syz.2.141'.
[  110.597963][ T6443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.141'.
[  110.842178][   T30] audit: type=1326 audit(1759627634.937:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6425 comm="syz.3.138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  111.067687][ T6454] openvswitch: netlink: Message has 16 unknown bytes.
[  111.632348][ T6445] orangefs_mount: mount request failed with -4
[  113.487489][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  113.487524][   T30] audit: type=1326 audit(1759627639.677:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  113.517755][ T5874] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  113.527632][ T6476] debugfs: '!' already exists in 'ieee80211'
[  113.969566][ T5874] usb 5-1: config 0 has an invalid interface number: 11 but max is 0
[  114.192182][   T30] audit: type=1326 audit(1759627639.677:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  114.219027][   T30] audit: type=1326 audit(1759627639.847:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  114.750887][   T30] audit: type=1326 audit(1759627639.847:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  114.782642][ T6487] netlink: 8 bytes leftover after parsing attributes in process `syz.0.150'.
[  114.850993][ T5874] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  114.866771][ T5874] usb 5-1: config 0 has no interface number 0
[  114.875787][ T5874] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  114.887284][ T5874] usb 5-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  114.922637][ T5874] usb 5-1: config 0 interface 11 has no altsetting 0
[  115.092310][ T5874] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  115.101330][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.152159][   T30] audit: type=1326 audit(1759627639.847:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  115.185977][ T5874] usb 5-1: config 0 descriptor??
[  115.202764][ T5874] usb 5-1: can't set config #0, error -71
[  115.227290][ T5874] usb 5-1: USB disconnect, device number 4
[  115.728313][   T30] audit: type=1326 audit(1759627639.847:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  115.762283][   T30] audit: type=1326 audit(1759627639.847:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  115.786861][   T30] audit: type=1326 audit(1759627639.847:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  115.824418][   T30] audit: type=1326 audit(1759627639.847:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  115.987215][   T30] audit: type=1326 audit(1759627639.847:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6468 comm="syz.1.148" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f456f78eec9 code=0x7ffc0000
[  117.639575][ T6514] netlink: 8 bytes leftover after parsing attributes in process `syz.0.158'.
[  118.348840][ T5948] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  118.503589][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.518558][ T5948] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.528506][ T5948] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  118.542012][ T5948] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  118.552297][ T5948] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.578124][ T5948] usb 4-1: config 0 descriptor??
[  118.865383][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  118.865399][   T30] audit: type=1400 audit(1759627645.057:310): avc:  denied  { write } for  pid=6523 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.057750][   T30] audit: type=1400 audit(1759627645.067:311): avc:  denied  { connect } for  pid=6523 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.081164][ T5948] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  119.138856][   T30] audit: type=1400 audit(1759627645.067:312): avc:  denied  { name_connect } for  pid=6523 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  119.205914][ T6515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.218581][   T30] audit: type=1400 audit(1759627645.137:313): avc:  denied  { setopt } for  pid=6523 comm="syz.1.162" lport=44519 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.242478][ T6515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  119.256887][   T30] audit: type=1400 audit(1759627645.147:314): avc:  denied  { shutdown } for  pid=6523 comm="syz.1.162" lport=44519 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.328131][   T30] audit: type=1400 audit(1759627645.167:315): avc:  denied  { read } for  pid=6523 comm="syz.1.162" lport=44519 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  119.373682][   T30] audit: type=1400 audit(1759627645.187:316): avc:  denied  { connect } for  pid=6523 comm="syz.1.162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  120.482514][ T5887] usb 4-1: reset high-speed USB device number 3 using dummy_hcd
[  120.545088][   T30] audit: type=1400 audit(1759627646.727:317): avc:  denied  { read append } for  pid=6539 comm="syz.4.163" name="fb0" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  120.672190][   T30] audit: type=1400 audit(1759627646.727:318): avc:  denied  { open } for  pid=6539 comm="syz.4.163" path="/dev/fb0" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  120.695693][   T30] audit: type=1400 audit(1759627646.727:319): avc:  denied  { map } for  pid=6539 comm="syz.4.163" path="/dev/fb0" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  121.074215][ T5874] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  121.293854][ T6553] netlink: 'syz.0.166': attribute type 10 has an invalid length.
[  121.308185][ T6553] batman_adv: batadv0: Adding interface: wlan0
[  121.314493][ T6553] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  121.339983][ T6553] batman_adv: batadv0: Interface activated: wlan0
[  121.521447][ T5874] usb 3-1: config 0 has an invalid interface number: 11 but max is 0
[  121.524111][ T5826] usb 4-1: USB disconnect, device number 3
[  121.529982][ T5874] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.647729][ T5874] usb 3-1: config 0 has no interface number 0
[  121.785616][ T5874] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  122.407973][ T5874] usb 3-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  122.432141][ T5874] usb 3-1: config 0 interface 11 has no altsetting 0
[  122.439772][ T5874] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  122.450055][ T5874] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.473778][ T6557] netlink: 68 bytes leftover after parsing attributes in process `syz.3.167'.
[  122.484272][ T6557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.167'.
[  122.512468][ T5874] usb 3-1: config 0 descriptor??
[  122.519795][ T5874] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected
[  122.539903][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 7
[  122.556474][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81
[  122.581480][ T6568] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  122.589628][ T6568] CPU: 1 UID: 0 PID: 6568 Comm: syz.0.170 Not tainted syzkaller #0 PREEMPT(full) 
[  122.589653][ T6568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  122.589665][ T6568] Call Trace:
[  122.589672][ T6568]  <TASK>
[  122.589680][ T6568]  dump_stack_lvl+0x16c/0x1f0
[  122.589711][ T6568]  sysfs_warn_dup+0x7f/0xa0
[  122.589737][ T6568]  sysfs_do_create_link_sd+0x124/0x140
[  122.589767][ T6568]  sysfs_create_link+0x61/0xc0
[  122.589793][ T6568]  device_add+0x62c/0x1aa0
[  122.589816][ T6568]  ? __pfx_device_add+0x10/0x10
[  122.589832][ T6568]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  122.589862][ T6568]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  122.589898][ T6568]  wiphy_register+0x1eb0/0x2b20
[  122.589924][ T6568]  ? netdev_run_todo+0x864/0x1320
[  122.589949][ T6568]  ? __dev_printk+0x1c0/0x270
[  122.589978][ T6568]  ? __pfx_wiphy_register+0x10/0x10
[  122.590013][ T6568]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  122.590043][ T6568]  ieee80211_register_hw+0x253d/0x4120
[  122.590080][ T6568]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  122.590104][ T6568]  ? __pfx___debug_object_init+0x10/0x10
[  122.590138][ T6568]  ? __hrtimer_setup+0xd0/0x280
[  122.590162][ T6568]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  122.590188][ T6568]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  122.590214][ T6568]  ? __hrtimer_setup+0x176/0x280
[  122.590240][ T6568]  mac80211_hwsim_new_radio+0x32c7/0x5650
[  122.590277][ T6568]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  122.590301][ T6568]  ? __asan_memcpy+0x3c/0x60
[  122.590323][ T6568]  hwsim_new_radio_nl+0xba2/0x1330
[  122.590347][ T6568]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  122.590377][ T6568]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  122.590408][ T6568]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  122.590443][ T6568]  genl_family_rcv_msg_doit+0x206/0x2f0
[  122.590474][ T6568]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  122.590511][ T6568]  ? bpf_lsm_capable+0x9/0x10
[  122.590534][ T6568]  ? security_capable+0x7e/0x260
[  122.590565][ T6568]  ? ns_capable+0xd7/0x110
[  122.590592][ T6568]  genl_rcv_msg+0x55c/0x800
[  122.590623][ T6568]  ? __pfx_genl_rcv_msg+0x10/0x10
[  122.590649][ T6568]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  122.590676][ T6568]  netlink_rcv_skb+0x155/0x420
[  122.590695][ T6568]  ? __pfx_genl_rcv_msg+0x10/0x10
[  122.590717][ T6568]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  122.590750][ T6568]  genl_rcv+0x28/0x40
[  122.590768][ T6568]  netlink_unicast+0x5aa/0x870
[  122.590790][ T6568]  ? __pfx_netlink_unicast+0x10/0x10
[  122.590811][ T6568]  ? security_netlink_send+0x1d8/0x210
[  122.590829][ T6568]  netlink_sendmsg+0x8c8/0xdd0
[  122.590851][ T6568]  ? __pfx_netlink_sendmsg+0x10/0x10
[  122.590879][ T6568]  ____sys_sendmsg+0xa95/0xc70
[  122.590908][ T6568]  ? copy_msghdr_from_user+0x10a/0x160
[  122.590927][ T6568]  ? __pfx_____sys_sendmsg+0x10/0x10
[  122.590962][ T6568]  ___sys_sendmsg+0x134/0x1d0
[  122.590983][ T6568]  ? __pfx____sys_sendmsg+0x10/0x10
[  122.591031][ T6568]  __sys_sendmsg+0x16d/0x220
[  122.591051][ T6568]  ? __pfx___sys_sendmsg+0x10/0x10
[  122.591079][ T6568]  ? __secure_computing+0x28e/0x3b0
[  122.591100][ T6568]  do_syscall_64+0xcd/0x4e0
[  122.591122][ T6568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.591138][ T6568] RIP: 0033:0x7fa62878eec9
[  122.591152][ T6568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.591166][ T6568] RSP: 002b:00007fa629578038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  122.591183][ T6568] RAX: ffffffffffffffda RBX: 00007fa6289e6180 RCX: 00007fa62878eec9
[  122.591193][ T6568] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  122.591203][ T6568] RBP: 00007fa628811f91 R08: 0000000000000000 R09: 0000000000000000
[  122.591213][ T6568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  122.591221][ T6568] R13: 00007fa6289e6218 R14: 00007fa6289e6180 R15: 00007ffdff58d968
[  122.591243][ T6568]  </TASK>
[  123.268451][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82
[  123.612796][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1
[  123.738709][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2
[  123.746605][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85
[  123.767664][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5
[  123.800288][ T5874] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  123.837162][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83
[  123.913097][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84
[  123.922219][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3
[  123.938451][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4
[  123.948246][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86
[  123.956382][ T5874] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6
[  123.989261][ T5874] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  125.390300][ T5887] usb 3-1: USB disconnect, device number 3
[  125.400858][ T5887] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  125.427474][ T5887] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  125.698015][ T5887] keyspan 3-1:0.11: device disconnected
[  126.342854][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  126.343877][   T30] audit: type=1400 audit(1759627652.097:356): avc:  denied  { ioctl } for  pid=6593 comm="syz.0.177" path="socket:[11669]" dev="sockfs" ino=11669 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  126.682355][ T6603] : entered promiscuous mode
[  126.965441][   T30] audit: type=1400 audit(1759627652.797:357): avc:  denied  { create } for  pid=6600 comm="syz.1.178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  127.186981][ T6606] ptrace attach of "./syz-executor exec"[5831] was attempted by "./syz-executor exec"[6606]
[  127.223192][ T6606] netlink: 332 bytes leftover after parsing attributes in process `syz.0.179'.
[  127.232746][ T6606] netlink: 196 bytes leftover after parsing attributes in process `syz.0.179'.
[  127.462542][ T6597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.175'.
[  130.398429][ T6626] netlink: 8 bytes leftover after parsing attributes in process `syz.4.182'.
[  130.499874][   T30] audit: type=1400 audit(1759627656.697:358): avc:  denied  { connect } for  pid=6621 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  130.876828][   T30] audit: type=1400 audit(1759627657.077:359): avc:  denied  { unlink } for  pid=6631 comm="syz.1.186" name="#1" dev="tmpfs" ino=206 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  131.073429][   T30] audit: type=1400 audit(1759627657.127:360): avc:  denied  { mount } for  pid=6631 comm="syz.1.186" name="/" dev="overlay" ino=200 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  131.931265][ T6651] IPv6: Can't replace route, no match found
[  132.705559][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  132.711863][ T5835] Bluetooth: hci2: command 0x0405 tx timeout
[  132.719592][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  132.863266][ T5874] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  132.894068][ T6660] capability: warning: `syz.0.191' uses deprecated v2 capabilities in a way that may be insecure
[  133.437967][ T5874] usb 4-1: config 0 has an invalid interface number: 11 but max is 0
[  133.446386][ T5874] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  133.486008][ T5874] usb 4-1: config 0 has no interface number 0
[  133.528495][ T5874] usb 4-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  133.548127][ T5874] usb 4-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  134.216487][ T5874] usb 4-1: config 0 interface 11 has no altsetting 0
[  134.223469][ T5874] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  134.233740][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.259528][   T30] audit: type=1326 audit(1759627660.457:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  134.337593][   T30] audit: type=1326 audit(1759627660.457:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  134.442021][   T30] audit: type=1326 audit(1759627660.567:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  134.468427][ T6669] netlink: 68 bytes leftover after parsing attributes in process `syz.1.193'.
[  134.486592][ T5874] usb 4-1: config 0 descriptor??
[  134.518531][ T6669] netlink: 8 bytes leftover after parsing attributes in process `syz.1.193'.
[  134.528888][ T5874] usb 4-1: can't set config #0, error -71
[  134.551513][ T5874] usb 4-1: USB disconnect, device number 4
[  134.747652][   T30] audit: type=1326 audit(1759627660.567:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  134.894438][   T30] audit: type=1326 audit(1759627660.567:365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.186854][   T30] audit: type=1326 audit(1759627660.567:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.232283][ T5887] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  135.390371][   T30] audit: type=1326 audit(1759627660.567:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.462249][   T30] audit: type=1326 audit(1759627660.567:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.515743][ T5887] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  135.541797][ T6690] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  135.550382][ T6690] syzkaller0: entered promiscuous mode
[  135.557051][ T5887] usb 1-1: config 0 has no interfaces?
[  135.562091][ T6690] syzkaller0: entered allmulticast mode
[  135.562955][   T30] audit: type=1326 audit(1759627660.567:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.596076][   T30] audit: type=1326 audit(1759627660.567:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6661 comm="syz.4.192" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  135.621128][ T5887] usb 1-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96
[  135.630233][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.638354][ T5887] usb 1-1: Product: syz
[  135.662220][ T5887] usb 1-1: Manufacturer: syz
[  135.666831][ T5887] usb 1-1: SerialNumber: syz
[  135.838718][ T6690] tipc: Resetting bearer <eth:syzkaller0>
[  135.855883][ T6689] tipc: Resetting bearer <eth:syzkaller0>
[  136.368381][ T5887] usb 1-1: config 0 descriptor??
[  136.378213][ T6689] tipc: Disabling bearer <eth:syzkaller0>
[  136.835351][ T5887] usb 1-1: USB disconnect, device number 3
[  137.179930][ T6705] netdevsim netdevsim2: Direct firmware load for  failed with error -2
[  137.190724][ T6705] netdevsim netdevsim2: Falling back to sysfs fallback for: 
[  139.373281][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  139.373297][   T30] audit: type=1400 audit(1759627665.577:380): avc:  denied  { setopt } for  pid=6726 comm="syz.2.208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  140.095853][   T30] audit: type=1400 audit(1759627666.297:381): avc:  denied  { create } for  pid=6731 comm="syz.3.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  140.328949][ T6744] process 'syz.2.211' launched './file1' with NULL argv: empty string added
[  140.362987][   T30] audit: type=1400 audit(1759627666.537:382): avc:  denied  { execute_no_trans } for  pid=6736 comm="syz.2.211" path="/42/file1" dev="tmpfs" ino=238 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  140.575380][ T6744] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  140.659889][ T6752] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  140.669962][ T6752] CPU: 1 UID: 0 PID: 6752 Comm: syz.4.213 Not tainted syzkaller #0 PREEMPT(full) 
[  140.669987][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  140.669998][ T6752] Call Trace:
[  140.670004][ T6752]  <TASK>
[  140.670012][ T6752]  dump_stack_lvl+0x16c/0x1f0
[  140.670040][ T6752]  sysfs_warn_dup+0x7f/0xa0
[  140.670065][ T6752]  sysfs_do_create_link_sd+0x124/0x140
[  140.670094][ T6752]  sysfs_create_link+0x61/0xc0
[  140.670120][ T6752]  device_add+0x62c/0x1aa0
[  140.670141][ T6752]  ? __pfx_device_add+0x10/0x10
[  140.670158][ T6752]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  140.670185][ T6752]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  140.670215][ T6752]  wiphy_register+0x1eb0/0x2b20
[  140.670241][ T6752]  ? netdev_run_todo+0x864/0x1320
[  140.670266][ T6752]  ? __dev_printk+0x1c0/0x270
[  140.670295][ T6752]  ? __pfx_wiphy_register+0x10/0x10
[  140.670330][ T6752]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  140.670360][ T6752]  ieee80211_register_hw+0x253d/0x4120
[  140.670398][ T6752]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  140.670424][ T6752]  ? __pfx___debug_object_init+0x10/0x10
[  140.670466][ T6752]  ? find_held_lock+0x2b/0x80
[  140.670494][ T6752]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  140.670523][ T6752]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  140.670550][ T6752]  ? __hrtimer_setup+0x176/0x280
[  140.670578][ T6752]  mac80211_hwsim_new_radio+0x32c7/0x5650
[  140.670616][ T6752]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  140.670641][ T6752]  ? __asan_memcpy+0x3c/0x60
[  140.670664][ T6752]  hwsim_new_radio_nl+0xba2/0x1330
[  140.670688][ T6752]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.670717][ T6752]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  140.670747][ T6752]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  140.670783][ T6752]  genl_family_rcv_msg_doit+0x206/0x2f0
[  140.670814][ T6752]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  140.670851][ T6752]  ? bpf_lsm_capable+0x9/0x10
[  140.670873][ T6752]  ? security_capable+0x7e/0x260
[  140.670904][ T6752]  ? ns_capable+0xd7/0x110
[  140.670931][ T6752]  genl_rcv_msg+0x55c/0x800
[  140.670963][ T6752]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.670992][ T6752]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  140.671023][ T6752]  netlink_rcv_skb+0x155/0x420
[  140.671049][ T6752]  ? __pfx_genl_rcv_msg+0x10/0x10
[  140.671078][ T6752]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  140.671121][ T6752]  genl_rcv+0x28/0x40
[  140.671146][ T6752]  netlink_unicast+0x5aa/0x870
[  140.671175][ T6752]  ? __pfx_netlink_unicast+0x10/0x10
[  140.671201][ T6752]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  140.671235][ T6752]  netlink_sendmsg+0x8c8/0xdd0
[  140.671265][ T6752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  140.671300][ T6752]  ____sys_sendmsg+0xa95/0xc70
[  140.671330][ T6752]  ? copy_msghdr_from_user+0x10a/0x160
[  140.671353][ T6752]  ? __pfx_____sys_sendmsg+0x10/0x10
[  140.671378][ T6752]  ? trace_sched_exit_tp+0xd1/0x120
[  140.671414][ T6752]  ___sys_sendmsg+0x134/0x1d0
[  140.671438][ T6752]  ? __pfx____sys_sendmsg+0x10/0x10
[  140.671487][ T6752]  ? __sys_sendmsg+0xd6/0x220
[  140.671505][ T6752]  ? __sys_sendmsg+0xe4/0x220
[  140.671526][ T6752]  __sys_sendmsg+0x16d/0x220
[  140.671545][ T6752]  ? __pfx___sys_sendmsg+0x10/0x10
[  140.671573][ T6752]  ? __secure_computing+0x28e/0x3b0
[  140.671594][ T6752]  do_syscall_64+0xcd/0x4e0
[  140.671616][ T6752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  140.671630][ T6752] RIP: 0033:0x7fd0d2b8eec9
[  140.671642][ T6752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  140.671656][ T6752] RSP: 002b:00007fd0d3a07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  140.671670][ T6752] RAX: ffffffffffffffda RBX: 00007fd0d2de6180 RCX: 00007fd0d2b8eec9
[  140.671679][ T6752] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  140.671687][ T6752] RBP: 00007fd0d2c11f91 R08: 0000000000000000 R09: 0000000000000000
[  140.671695][ T6752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  140.671705][ T6752] R13: 00007fd0d2de6218 R14: 00007fd0d2de6180 R15: 00007fff8283ad18
[  140.671725][ T6752]  </TASK>
[  141.067976][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.074988][   T30] audit: type=1400 audit(1759627666.787:383): avc:  denied  { ioctl } for  pid=6736 comm="syz.2.211" path="socket:[11883]" dev="sockfs" ino=11883 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  141.100971][   T30] audit: type=1326 audit(1759627666.857:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.125332][   T30] audit: type=1326 audit(1759627666.857:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.149186][   T30] audit: type=1326 audit(1759627666.857:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.172439][   T30] audit: type=1326 audit(1759627666.857:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.195528][    C1] vkms_vblank_simulate: vblank timer overrun
[  141.202308][   T30] audit: type=1326 audit(1759627666.857:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.229683][ T5874] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  141.390906][   T30] audit: type=1326 audit(1759627666.857:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6742 comm="syz.4.213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  141.554121][ T5874] usb 1-1: Using ep0 maxpacket: 16
[  141.584838][ T5874] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  141.595682][ T5874] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  141.610604][ T5874] usb 1-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  141.620709][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.630872][ T5874] usb 1-1: Product: syz
[  141.642235][ T5874] usb 1-1: Manufacturer: syz
[  141.646839][ T5874] usb 1-1: SerialNumber: syz
[  141.664036][ T6757] netlink: 68 bytes leftover after parsing attributes in process `syz.1.215'.
[  141.694832][ T5874] usb 1-1: config 0 descriptor??
[  141.701914][ T5874] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  141.709824][ T5874] gspca_stv06xx: st6422 sensor detected
[  141.725707][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.1.215'.
[  142.699316][ T6765] syz.2.216 (6765) used greatest stack depth: 19304 bytes left
[  143.133588][ T6769] netlink: 68 bytes leftover after parsing attributes in process `syz.2.217'.
[  143.145016][ T6769] netlink: 8 bytes leftover after parsing attributes in process `syz.2.217'.
[  143.331841][ T5874] STV06xx 1-1:0.0: probe with driver STV06xx failed with error -71
[  143.370609][ T5874] usb 1-1: USB disconnect, device number 4
[  144.772120][ T5874] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  145.013293][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  145.019864][ T5874] usb 4-1: config 0 interface 0 has no altsetting 0
[  145.049730][ T5874] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  145.184749][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.202108][ T5874] usb 4-1: Product: syz
[  145.206320][ T5874] usb 4-1: Manufacturer: syz
[  145.210936][ T5874] usb 4-1: SerialNumber: syz
[  145.222544][ T5874] usb 4-1: config 0 descriptor??
[  145.234357][ T5874] gs_usb 4-1:0.0: Required endpoints not found
[  145.921697][   T24] usb 4-1: USB disconnect, device number 5
[  145.935894][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  145.936903][   T30] audit: type=1400 audit(1759627672.127:410): avc:  denied  { create } for  pid=6798 comm="syz.0.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  146.033553][   T30] audit: type=1400 audit(1759627672.127:411): avc:  denied  { write } for  pid=6798 comm="syz.0.226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  147.480522][   T30] audit: type=1400 audit(1759627673.657:412): avc:  denied  { mounton } for  pid=6815 comm="syz.2.229" path="/48/file0" dev="tmpfs" ino=273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  148.841372][ T6826] netdevsim netdevsim2: Direct firmware load for  failed with error -2
[  148.878801][ T6826] netdevsim netdevsim2: Falling back to sysfs fallback for: 
[  148.994033][   T30] audit: type=1400 audit(1759627675.197:413): avc:  denied  { write } for  pid=6832 comm="syz.1.233" name="comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  149.097381][   T30] audit: type=1400 audit(1759627675.197:414): avc:  denied  { open } for  pid=6832 comm="syz.1.233" path="/dev/comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  149.277153][   T30] audit: type=1400 audit(1759627675.407:415): avc:  denied  { ioctl } for  pid=6832 comm="syz.1.233" path="/dev/rtc0" dev="devtmpfs" ino=920 ioctlcmd=0x7007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  149.983985][   T30] audit: type=1400 audit(1759627675.797:416): avc:  denied  { read } for  pid=6836 comm="syz.0.234" name="iommu" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  150.051735][   T30] audit: type=1400 audit(1759627675.807:417): avc:  denied  { ioctl } for  pid=6836 comm="syz.0.234" path="/dev/iommu" dev="devtmpfs" ino=623 ioctlcmd=0x3b81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  150.947368][   T30] audit: type=1400 audit(1759627677.147:418): avc:  denied  { append } for  pid=6840 comm="syz.4.235" name="comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  151.147177][   T30] audit: type=1326 audit(1759627677.347:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  151.732009][   T30] audit: type=1326 audit(1759627677.387:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  151.896354][   T30] audit: type=1326 audit(1759627677.387:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  151.975805][   T30] audit: type=1326 audit(1759627677.387:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  152.122419][   T30] audit: type=1326 audit(1759627677.387:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  152.325861][   T30] audit: type=1326 audit(1759627677.387:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  152.353002][   T30] audit: type=1326 audit(1759627677.387:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  152.377045][   T30] audit: type=1326 audit(1759627677.387:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  152.710040][   T30] audit: type=1326 audit(1759627677.387:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6847 comm="syz.0.237" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fa62878eec9 code=0x7ffc0000
[  153.622124][ T1205] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  154.056307][ T1205] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  154.078809][ T1205] usb 3-1: config 0 has no interfaces?
[  154.120565][ T1205] usb 3-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  154.165387][ T6887] netdevsim netdevsim4: Direct firmware load for  failed with error -2
[  154.203616][ T1205] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.233850][ T6887] netdevsim netdevsim4: Falling back to sysfs fallback for: 
[  154.247663][ T1205] usb 3-1: config 0 descriptor??
[  155.994899][   T30] kauditd_printk_skb: 11 callbacks suppressed
[  155.995206][   T30] audit: type=1400 audit(1759627682.167:439): avc:  denied  { lock } for  pid=6900 comm="syz.1.250" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  157.209402][   T30] audit: type=1400 audit(1759627682.167:440): avc:  denied  { getopt } for  pid=6900 comm="syz.1.250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  157.235886][   T30] audit: type=1400 audit(1759627683.437:441): avc:  denied  { read write } for  pid=6899 comm="syz.0.249" name="ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  157.394413][   T30] audit: type=1400 audit(1759627683.437:442): avc:  denied  { open } for  pid=6899 comm="syz.0.249" path="/dev/ppp" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  157.437852][ T6909] block device autoloading is deprecated and will be removed.
[  157.733541][   T30] audit: type=1400 audit(1759627683.477:443): avc:  denied  { ioctl } for  pid=6899 comm="syz.0.249" path="/dev/ppp" dev="devtmpfs" ino=708 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  157.918568][ T5936] usb 3-1: USB disconnect, device number 4
[  157.953523][   T30] audit: type=1400 audit(1759627683.687:444): avc:  denied  { watch } for  pid=6911 comm="syz.3.253" path="pipe:[12145]" dev="pipefs" ino=12145 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  158.133263][   T30] audit: type=1400 audit(1759627683.707:445): avc:  denied  { watch } for  pid=6908 comm="syz.4.252" path="/41" dev="tmpfs" ino=222 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  158.156516][   T30] audit: type=1400 audit(1759627683.747:446): avc:  denied  { setattr } for  pid=6911 comm="syz.3.253" name="" dev="pipefs" ino=12145 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  159.291716][ T6924] netlink: 68 bytes leftover after parsing attributes in process `syz.1.257'.
[  159.301013][ T6924] netlink: 8 bytes leftover after parsing attributes in process `syz.1.257'.
[  159.657409][ T6943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.260'.
[  159.942130][ T1205] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  160.225496][ T6949] netdevsim netdevsim4: Direct firmware load for  failed with error -2
[  160.332244][ T6949] netdevsim netdevsim4: Falling back to sysfs fallback for: 
[  160.760913][ T1205] usb 4-1: config 0 has an invalid interface number: 11 but max is 0
[  160.840740][ T1205] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  160.949588][ T1205] usb 4-1: config 0 has no interface number 0
[  160.960824][ T1205] usb 4-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  161.154549][ T6962] netlink: 36 bytes leftover after parsing attributes in process `syz.0.264'.
[  161.182987][   T30] audit: type=1400 audit(1759627687.357:447): avc:  denied  { write } for  pid=6957 comm="syz.0.264" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  161.535183][ T1205] usb 4-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  161.568595][ T1205] usb 4-1: config 0 interface 11 has no altsetting 0
[  161.588850][ T1205] usb 4-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  161.655537][ T1205] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.715252][ T1205] usb 4-1: config 0 descriptor??
[  161.730572][ T1205] usb 4-1: can't set config #0, error -71
[  161.822133][   T24] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  162.072174][ T1205] usb 4-1: USB disconnect, device number 6
[  162.183917][   T24] usb 5-1: config 0 has an invalid interface number: 11 but max is 0
[  162.192221][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.233171][   T24] usb 5-1: config 0 has no interface number 0
[  162.250544][   T24] usb 5-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  162.298685][   T24] usb 5-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  162.354608][   T24] usb 5-1: config 0 interface 11 has no altsetting 0
[  162.398451][   T24] usb 5-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  162.524912][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.402395][ T6979] QAT: Invalid ioctl 21531
[  163.564207][ T6980] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  163.591685][   T30] audit: type=1400 audit(1759627689.687:448): avc:  denied  { append } for  pid=6973 comm="syz.2.267" name="nullb0" dev="devtmpfs" ino=695 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  163.631546][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  163.658261][   T24] usb 5-1: config 0 descriptor??
[  163.823532][   T24] keyspan 5-1:0.11: Keyspan 2 port adapter converter detected
[  163.860268][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 7
[  163.905753][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 81
[  163.950032][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 82
[  164.045278][ T6987] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns
[  164.053762][ T6987] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer.
[  164.172346][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 1
[  164.180865][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 2
[  164.189332][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 85
[  164.202202][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 5
[  164.453631][   T24] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  164.483447][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 83
[  164.532198][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 84
[  164.615559][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 3
[  164.669359][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 4
[  164.991842][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 86
[  165.033998][   T24] keyspan 5-1:0.11: found no endpoint descriptor for endpoint 6
[  165.078273][   T24] usb 5-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  165.152522][   T24] usb 5-1: USB disconnect, device number 5
[  165.197569][   T24] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  165.255531][   T24] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  165.265574][   T24] keyspan 5-1:0.11: device disconnected
[  165.613350][   T30] audit: type=1400 audit(1759627691.807:449): avc:  denied  { relabelfrom } for  pid=6997 comm="syz.4.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  165.642363][ T5837] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  165.750157][   T30] audit: type=1400 audit(1759627691.817:450): avc:  denied  { relabelto } for  pid=6997 comm="syz.4.271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  165.787713][ T6999] syzkaller0: entered promiscuous mode
[  165.793423][ T6999] syzkaller0: entered allmulticast mode
[  166.639767][   T30] audit: type=1400 audit(1759627692.457:451): avc:  denied  { listen } for  pid=7007 comm="syz.1.274" lport=59480 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  166.678485][   T30] audit: type=1400 audit(1759627692.457:452): avc:  denied  { accept } for  pid=7007 comm="syz.1.274" lport=59480 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  166.900558][ T7013] ptrace attach of "./syz-executor exec"[5821] was attempted by "./syz-executor exec"[7013]
[  167.922130][ T5948] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  168.217011][ T5948] usb 1-1: config 0 has an invalid interface number: 11 but max is 0
[  168.225314][ T5948] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.235584][ T5948] usb 1-1: config 0 has no interface number 0
[  168.243449][ T5948] usb 1-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  168.272325][ T5948] usb 1-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  168.373209][ T5948] usb 1-1: config 0 interface 11 has no altsetting 0
[  168.411478][ T5948] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  168.426327][ T5948] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.460522][ T5948] usb 1-1: config 0 descriptor??
[  168.490128][ T5948] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected
[  168.499834][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 7
[  168.513338][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81
[  168.526972][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82
[  168.546926][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1
[  168.564216][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2
[  168.583208][ T7029] netlink: 'syz.3.278': attribute type 21 has an invalid length.
[  168.652491][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 85
[  168.680053][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 5
[  168.732855][ T5948] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  168.796572][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 83
[  168.804903][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 84
[  168.813495][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 3
[  168.827683][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 4
[  168.839433][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 86
[  168.854929][ T5948] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 6
[  168.865840][ T5948] usb 1-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  169.176731][ T7029] netlink: 156 bytes leftover after parsing attributes in process `syz.3.278'.
[  169.181136][ T7015] netdevsim netdevsim1: Direct firmware load for  failed with error -2
[  169.195214][ T7015] netdevsim netdevsim1: Falling back to sysfs fallback for: 
[  170.627735][ T5948] usb 1-1: USB disconnect, device number 5
[  170.636838][ T5948] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  170.660127][ T5948] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  170.862732][ T5948] keyspan 1-1:0.11: device disconnected
[  172.140108][ T7055] netlink: 16 bytes leftover after parsing attributes in process `syz.4.286'.
[  172.161601][   T30] audit: type=1400 audit(1759627698.327:453): avc:  denied  { create } for  pid=7052 comm="syz.4.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  172.491045][   T30] audit: type=1400 audit(1759627698.337:454): avc:  denied  { write } for  pid=7052 comm="syz.4.286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  173.008654][   T30] audit: type=1400 audit(1759627699.187:455): avc:  denied  { bind } for  pid=7062 comm="syz.0.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  173.031084][   T30] audit: type=1400 audit(1759627699.187:456): avc:  denied  { name_bind } for  pid=7062 comm="syz.0.283" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  173.057308][   T30] audit: type=1400 audit(1759627699.187:457): avc:  denied  { node_bind } for  pid=7062 comm="syz.0.283" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  173.199181][   T30] audit: type=1400 audit(1759627699.187:458): avc:  denied  { name_connect } for  pid=7062 comm="syz.0.283" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  173.605920][ T7058] netlink: 'syz.3.287': attribute type 10 has an invalid length.
[  173.641945][ T7058] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  173.672182][ T7058] 8021q: adding VLAN 0 to HW filter on device bond1
[  173.694439][ T7058] bond_slave_0: entered promiscuous mode
[  173.700188][ T7058] bond_slave_1: entered promiscuous mode
[  173.705845][ T7058] syz_tun: entered promiscuous mode
[  173.733513][ T7058] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  173.761101][ T7058] bond1: (slave macvlan2): unknown ethtool speed (30000) for port 1 (set it to 0)
[  173.806320][ T7078] random: crng reseeded on system resumption
[  173.821106][   T30] audit: type=1400 audit(1759627700.007:459): avc:  denied  { append } for  pid=7065 comm="syz.4.289" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  174.083265][ T7058] bond1: (slave macvlan2): speed changed to 0 on port 1
[  174.092005][ T7058] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  174.117908][ T7077] netlink: 88 bytes leftover after parsing attributes in process `syz.0.290'.
[  174.902179][   T30] audit: type=1400 audit(1759627700.007:460): avc:  denied  { open } for  pid=7065 comm="syz.4.289" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  175.115510][   T30] audit: type=1400 audit(1759627700.407:461): avc:  denied  { create } for  pid=7065 comm="syz.4.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  175.145133][ T7079] batadv1: entered promiscuous mode
[  175.202582][ T7079] 8021q: adding VLAN 0 to HW filter on device batadv1
[  177.392771][ T7104] netlink: 'syz.3.296': attribute type 4 has an invalid length.
[  177.557687][   T30] audit: type=1400 audit(1759627703.757:462): avc:  denied  { read append } for  pid=7106 comm="syz.2.297" name="usbmon3" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  177.627631][   T30] audit: type=1400 audit(1759627703.767:463): avc:  denied  { open } for  pid=7106 comm="syz.2.297" path="/dev/usbmon3" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  177.704663][ T7110] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=23576 sclass=netlink_route_socket pid=7110 comm=syz.0.298
[  177.720860][ T7111] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(15)
[  177.727574][ T7111] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  177.735880][ T7111] vhci_hcd vhci_hcd.0: Device attached
[  177.825795][ T7112] vhci_hcd: connection closed
[  177.826967][ T3527] vhci_hcd: stop threads
[  177.854770][ T3527] vhci_hcd: release socket
[  177.865266][ T3527] vhci_hcd: disconnect device
[  177.980252][   T30] audit: type=1326 audit(1759627704.177:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  178.010115][ T7119] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  178.017729][ T7119] CPU: 1 UID: 0 PID: 7119 Comm: syz.4.299 Not tainted syzkaller #0 PREEMPT(full) 
[  178.017754][ T7119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  178.017765][ T7119] Call Trace:
[  178.017772][ T7119]  <TASK>
[  178.017780][ T7119]  dump_stack_lvl+0x16c/0x1f0
[  178.017809][ T7119]  sysfs_warn_dup+0x7f/0xa0
[  178.017846][ T7119]  sysfs_do_create_link_sd+0x124/0x140
[  178.017876][ T7119]  sysfs_create_link+0x61/0xc0
[  178.017909][ T7119]  device_add+0x62c/0x1aa0
[  178.017933][ T7119]  ? __pfx_device_add+0x10/0x10
[  178.017951][ T7119]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  178.017980][ T7119]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  178.018010][ T7119]  wiphy_register+0x1eb0/0x2b20
[  178.018037][ T7119]  ? netdev_run_todo+0x864/0x1320
[  178.018062][ T7119]  ? __dev_printk+0x1c0/0x270
[  178.018092][ T7119]  ? __pfx_wiphy_register+0x10/0x10
[  178.018127][ T7119]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  178.018157][ T7119]  ieee80211_register_hw+0x253d/0x4120
[  178.018195][ T7119]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  178.018222][ T7119]  ? __pfx___debug_object_init+0x10/0x10
[  178.018257][ T7119]  ? find_held_lock+0x2b/0x80
[  178.018285][ T7119]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  178.018312][ T7119]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  178.018338][ T7119]  ? __hrtimer_setup+0x176/0x280
[  178.018363][ T7119]  mac80211_hwsim_new_radio+0x32c7/0x5650
[  178.018398][ T7119]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  178.018423][ T7119]  ? __asan_memcpy+0x3c/0x60
[  178.018445][ T7119]  hwsim_new_radio_nl+0xba2/0x1330
[  178.018470][ T7119]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  178.018501][ T7119]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  178.018531][ T7119]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  178.018567][ T7119]  genl_family_rcv_msg_doit+0x206/0x2f0
[  178.018598][ T7119]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  178.018637][ T7119]  ? bpf_lsm_capable+0x9/0x10
[  178.018659][ T7119]  ? security_capable+0x7e/0x260
[  178.018690][ T7119]  ? ns_capable+0xd7/0x110
[  178.018717][ T7119]  genl_rcv_msg+0x55c/0x800
[  178.018749][ T7119]  ? __pfx_genl_rcv_msg+0x10/0x10
[  178.018778][ T7119]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  178.018810][ T7119]  netlink_rcv_skb+0x155/0x420
[  178.018835][ T7119]  ? __pfx_genl_rcv_msg+0x10/0x10
[  178.018865][ T7119]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  178.018910][ T7119]  ? netlink_deliver_tap+0x1ae/0xd30
[  178.018941][ T7119]  genl_rcv+0x28/0x40
[  178.018968][ T7119]  netlink_unicast+0x5aa/0x870
[  178.018998][ T7119]  ? __pfx_netlink_unicast+0x10/0x10
[  178.019025][ T7119]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  178.019061][ T7119]  netlink_sendmsg+0x8c8/0xdd0
[  178.019093][ T7119]  ? __pfx_netlink_sendmsg+0x10/0x10
[  178.019131][ T7119]  ____sys_sendmsg+0xa95/0xc70
[  178.019160][ T7119]  ? copy_msghdr_from_user+0x10a/0x160
[  178.019183][ T7119]  ? __pfx_____sys_sendmsg+0x10/0x10
[  178.019224][ T7119]  ___sys_sendmsg+0x134/0x1d0
[  178.019248][ T7119]  ? __pfx____sys_sendmsg+0x10/0x10
[  178.019298][ T7119]  __sys_sendmsg+0x16d/0x220
[  178.019317][ T7119]  ? __pfx___sys_sendmsg+0x10/0x10
[  178.019343][ T7119]  ? __secure_computing+0x28e/0x3b0
[  178.019363][ T7119]  do_syscall_64+0xcd/0x4e0
[  178.019383][ T7119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.019398][ T7119] RIP: 0033:0x7fd0d2b8eec9
[  178.019410][ T7119] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.019425][ T7119] RSP: 002b:00007fd0d3a07038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.019439][ T7119] RAX: ffffffffffffffda RBX: 00007fd0d2de6180 RCX: 00007fd0d2b8eec9
[  178.019448][ T7119] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  178.019457][ T7119] RBP: 00007fd0d2c11f91 R08: 0000000000000000 R09: 0000000000000000
[  178.019466][ T7119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  178.019474][ T7119] R13: 00007fd0d2de6218 R14: 00007fd0d2de6180 R15: 00007fff8283ad18
[  178.019494][ T7119]  </TASK>
[  178.458497][   T30] audit: type=1326 audit(1759627704.187:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  178.678904][   T30] audit: type=1326 audit(1759627704.187:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  178.957864][ T7125] netlink: 68 bytes leftover after parsing attributes in process `syz.1.300'.
[  178.967664][ T7125] netlink: 8 bytes leftover after parsing attributes in process `syz.1.300'.
[  179.367858][   T30] audit: type=1326 audit(1759627704.187:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  179.422942][   T30] audit: type=1326 audit(1759627704.197:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  179.493273][   T30] audit: type=1326 audit(1759627704.197:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  179.615814][   T30] audit: type=1326 audit(1759627704.207:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  179.718093][   T30] audit: type=1326 audit(1759627704.207:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7114 comm="syz.4.299" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fd0d2b8eec9 code=0x7ffc0000
[  180.662376][ T7137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  183.675384][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  183.675425][   T30] audit: type=1400 audit(1759627709.877:482): avc:  denied  { ioctl } for  pid=7168 comm="syz.3.310" path="socket:[13000]" dev="sockfs" ino=13000 ioctlcmd=0x48e6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  183.926089][ T7169] netlink: 84 bytes leftover after parsing attributes in process `syz.3.310'.
[  183.972196][ T5948] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  184.226143][ T5948] usb 3-1: Using ep0 maxpacket: 16
[  184.323002][   T30] audit: type=1400 audit(1759627710.487:483): avc:  denied  { mount } for  pid=7176 comm="syz.0.312" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  184.579919][ T7184] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  184.908131][   T30] audit: type=1400 audit(1759627710.487:484): avc:  denied  { mounton } for  pid=7176 comm="syz.0.312" path="/syzcgroup/unified/syz0" dev="cgroup2" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  184.931764][   T30] audit: type=1400 audit(1759627710.497:485): avc:  denied  { mounton } for  pid=7176 comm="syz.0.312" path="/65/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  185.013431][ T7174] xt_bpf: check failed: parse error
[  185.099809][ T7188] netlink: 165 bytes leftover after parsing attributes in process `syz.1.313'.
[  186.743000][   T30] audit: type=1400 audit(1759627712.777:486): avc:  denied  { create } for  pid=7194 comm="syz.3.317" name="#7" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  186.821430][   T30] audit: type=1400 audit(1759627712.777:487): avc:  denied  { link } for  pid=7194 comm="syz.3.317" name="#7" dev="tmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  186.912395][   T30] audit: type=1400 audit(1759627712.777:488): avc:  denied  { rename } for  pid=7194 comm="syz.3.317" name="#8" dev="tmpfs" ino=363 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  187.405560][   T30] audit: type=1400 audit(1759627713.607:489): avc:  denied  { unmount } for  pid=5831 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  187.518715][ T7211] tmpfs: Bad value for 'mpol'
[  188.275831][ T7216] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  188.337079][   T30] audit: type=1326 audit(1759627714.467:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  188.361041][ T7214] random: crng reseeded on system resumption
[  188.371360][ T7216] CPU: 1 UID: 0 PID: 7216 Comm: syz.3.319 Not tainted syzkaller #0 PREEMPT(full) 
[  188.371384][ T7216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  188.371395][ T7216] Call Trace:
[  188.371402][ T7216]  <TASK>
[  188.371411][ T7216]  dump_stack_lvl+0x16c/0x1f0
[  188.371429][ T7216]  sysfs_warn_dup+0x7f/0xa0
[  188.371445][ T7216]  sysfs_do_create_link_sd+0x124/0x140
[  188.371463][ T7216]  sysfs_create_link+0x61/0xc0
[  188.371479][ T7216]  device_add+0x62c/0x1aa0
[  188.371492][ T7216]  ? __pfx_device_add+0x10/0x10
[  188.371502][ T7216]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  188.371519][ T7216]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  188.371537][ T7216]  wiphy_register+0x1eb0/0x2b20
[  188.371552][ T7216]  ? netdev_run_todo+0x864/0x1320
[  188.371568][ T7216]  ? __dev_printk+0x1c0/0x270
[  188.371586][ T7216]  ? __pfx_wiphy_register+0x10/0x10
[  188.371606][ T7216]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  188.371624][ T7216]  ieee80211_register_hw+0x253d/0x4120
[  188.371646][ T7216]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  188.371661][ T7216]  ? __pfx___debug_object_init+0x10/0x10
[  188.371684][ T7216]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  188.371700][ T7216]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  188.371716][ T7216]  ? __hrtimer_setup+0x176/0x280
[  188.371733][ T7216]  mac80211_hwsim_new_radio+0x32c7/0x5650
[  188.371755][ T7216]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  188.371769][ T7216]  ? __asan_memcpy+0x3c/0x60
[  188.371782][ T7216]  hwsim_new_radio_nl+0xba2/0x1330
[  188.371796][ T7216]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  188.371813][ T7216]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  188.371831][ T7216]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  188.371852][ T7216]  genl_family_rcv_msg_doit+0x206/0x2f0
[  188.371870][ T7216]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  188.371893][ T7216]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  188.371908][ T7216]  ? ns_capable+0xd7/0x110
[  188.371925][ T7216]  genl_rcv_msg+0x55c/0x800
[  188.371943][ T7216]  ? __pfx_genl_rcv_msg+0x10/0x10
[  188.371960][ T7216]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  188.371984][ T7216]  netlink_rcv_skb+0x155/0x420
[  188.372000][ T7216]  ? __pfx_genl_rcv_msg+0x10/0x10
[  188.372018][ T7216]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  188.372053][ T7216]  genl_rcv+0x28/0x40
[  188.372076][ T7216]  netlink_unicast+0x5aa/0x870
[  188.372102][ T7216]  ? __pfx_netlink_unicast+0x10/0x10
[  188.372125][ T7216]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  188.372150][ T7216]  netlink_sendmsg+0x8c8/0xdd0
[  188.372167][ T7216]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.372188][ T7216]  ____sys_sendmsg+0xa95/0xc70
[  188.372205][ T7216]  ? copy_msghdr_from_user+0x10a/0x160
[  188.372218][ T7216]  ? __pfx_____sys_sendmsg+0x10/0x10
[  188.372242][ T7216]  ___sys_sendmsg+0x134/0x1d0
[  188.372256][ T7216]  ? __pfx____sys_sendmsg+0x10/0x10
[  188.372289][ T7216]  __sys_sendmsg+0x16d/0x220
[  188.372302][ T7216]  ? __pfx___sys_sendmsg+0x10/0x10
[  188.372323][ T7216]  ? __secure_computing+0x28e/0x3b0
[  188.372337][ T7216]  do_syscall_64+0xcd/0x4e0
[  188.372353][ T7216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.372364][ T7216] RIP: 0033:0x7f243e98eec9
[  188.372374][ T7216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.372386][ T7216] RSP: 002b:00007f243f89d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  188.372397][ T7216] RAX: ffffffffffffffda RBX: 00007f243ebe6180 RCX: 00007f243e98eec9
[  188.372404][ T7216] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  188.372410][ T7216] RBP: 00007f243ea11f91 R08: 0000000000000000 R09: 0000000000000000
[  188.372417][ T7216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  188.372423][ T7216] R13: 00007f243ebe6218 R14: 00007f243ebe6180 R15: 00007ffe0cf38628
[  188.372437][ T7216]  </TASK>
[  188.463871][   T30] audit: type=1326 audit(1759627714.467:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  188.922731][   T30] audit: type=1326 audit(1759627714.467:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  188.946368][   T30] audit: type=1326 audit(1759627714.467:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.162159][   T30] audit: type=1326 audit(1759627714.467:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.192751][   T30] audit: type=1326 audit(1759627714.467:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.216102][   T30] audit: type=1326 audit(1759627714.467:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.239682][   T30] audit: type=1326 audit(1759627714.467:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.265619][ T5948] usb 3-1: unable to get BOS descriptor or descriptor too short
[  189.282166][ T5948] usb 3-1: no configurations
[  189.286743][ T5948] usb 3-1: can't read configurations, error -22
[  189.323881][   T30] audit: type=1326 audit(1759627715.327:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.503968][ T7221] netlink: 8 bytes leftover after parsing attributes in process `syz.4.321'.
[  189.644629][   T30] audit: type=1326 audit(1759627715.327:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.672127][ T7228] netlink: 'syz.2.322': attribute type 4 has an invalid length.
[  189.728099][ T7228] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=7228 comm=syz.2.322
[  189.972177][   T30] audit: type=1326 audit(1759627715.327:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  189.998195][   T30] audit: type=1326 audit(1759627715.327:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7209 comm="syz.3.319" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  190.792194][   T24] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  191.224720][ T5837] Bluetooth: hci3: command 0x0406 tx timeout
[  191.231250][ T5837] Bluetooth: hci0: command 0x0406 tx timeout
[  191.232416][ T5824] Bluetooth: hci2: command 0x0405 tx timeout
[  191.249089][ T5837] Bluetooth: hci1: command 0x0406 tx timeout
[  191.702137][   T24] usb 2-1: Using ep0 maxpacket: 32
[  191.703481][   T24] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  191.703503][   T24] usb 2-1: config 0 has no interface number 0
[  191.713460][   T24] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  191.713487][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.713506][   T24] usb 2-1: Product: syz
[  191.713522][   T24] usb 2-1: Manufacturer: syz
[  191.713536][   T24] usb 2-1: SerialNumber: syz
[  191.751893][   T24] usb 2-1: config 0 descriptor??
[  191.771177][   T24] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  191.771194][   T24] usb 2-1: selecting invalid altsetting 1
[  191.771204][   T24] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  191.774908][   T24] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  191.775081][   T24] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  191.775111][   T24] usb 2-1: media controller created
[  191.807159][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  192.443961][ T7248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.444186][ T7248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.445071][ T7248] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.445239][ T7248] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.913425][   T24] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  192.970014][   T24] usb 2-1: USB disconnect, device number 3
[  193.301747][ T7253] bridge0: port 2(bridge_slave_1) entered disabled state
[  193.303101][ T7253] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.654697][ T7262] netlink: 8 bytes leftover after parsing attributes in process `syz.2.328'.
[  193.792947][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  193.792987][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  194.252680][ T7253] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  194.259271][ T7253] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.576041][ T7275] Driver unsupported XDP return value 0 on prog  (id 62) dev N/A, expect packet loss!
[  194.582275][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  194.582289][   T30] audit: type=1400 audit(1759627720.777:509): avc:  denied  { accept } for  pid=7271 comm="syz.3.330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  195.040768][ T7253] batman_adv: batadv0: Interface deactivated: wlan0
[  195.352378][   T51] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  195.477311][   T30] audit: type=1400 audit(1759627721.677:510): avc:  denied  { create } for  pid=7276 comm="syz.4.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  195.852315][   T51] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  195.861313][   T51] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  195.870779][   T51] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  195.879957][   T30] audit: type=1400 audit(1759627721.677:511): avc:  denied  { connect } for  pid=7276 comm="syz.4.331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  196.618712][   T30] audit: type=1400 audit(1759627722.317:512): avc:  denied  { create } for  pid=7278 comm="syz.0.332" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  197.987850][ T7303] netlink: 'syz.0.335': attribute type 1 has an invalid length.
[  198.014858][ T7303] netlink: 244 bytes leftover after parsing attributes in process `syz.0.335'.
[  198.024532][ T7303] NCSI netlink: No device for ifindex 0
[  198.040355][   T30] audit: type=1400 audit(1759627724.207:513): avc:  denied  { map } for  pid=7298 comm="syz.2.337" path="/dev/comedi4" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  198.537228][ T7305] netlink: 4 bytes leftover after parsing attributes in process `syz.0.335'.
[  198.897714][   T30] audit: type=1400 audit(1759627724.207:514): avc:  denied  { execute } for  pid=7298 comm="syz.2.337" path="/dev/comedi4" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  199.062182][   T30] audit: type=1400 audit(1759627724.997:515): avc:  denied  { sqpoll } for  pid=7298 comm="syz.2.337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  199.208994][ T7317] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  199.222997][ T7317] CPU: 1 UID: 0 PID: 7317 Comm: syz.3.339 Not tainted syzkaller #0 PREEMPT(full) 
[  199.223023][ T7317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  199.223036][ T7317] Call Trace:
[  199.223044][ T7317]  <TASK>
[  199.223053][ T7317]  dump_stack_lvl+0x16c/0x1f0
[  199.223081][ T7317]  sysfs_warn_dup+0x7f/0xa0
[  199.223109][ T7317]  sysfs_do_create_link_sd+0x124/0x140
[  199.223140][ T7317]  sysfs_create_link+0x61/0xc0
[  199.223168][ T7317]  device_add+0x62c/0x1aa0
[  199.223191][ T7317]  ? __pfx_device_add+0x10/0x10
[  199.223208][ T7317]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  199.223237][ T7317]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  199.223267][ T7317]  wiphy_register+0x1eb0/0x2b20
[  199.223293][ T7317]  ? netdev_run_todo+0x864/0x1320
[  199.223319][ T7317]  ? __dev_printk+0x1c0/0x270
[  199.223349][ T7317]  ? __pfx_wiphy_register+0x10/0x10
[  199.223385][ T7317]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  199.223416][ T7317]  ieee80211_register_hw+0x253d/0x4120
[  199.223454][ T7317]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  199.223481][ T7317]  ? __pfx___debug_object_init+0x10/0x10
[  199.223516][ T7317]  ? find_held_lock+0x2b/0x80
[  199.223543][ T7317]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  199.223571][ T7317]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  199.223597][ T7317]  ? __hrtimer_setup+0x176/0x280
[  199.223624][ T7317]  mac80211_hwsim_new_radio+0x32c7/0x5650
[  199.223661][ T7317]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  199.223684][ T7317]  ? __asan_memcpy+0x3c/0x60
[  199.223701][ T7317]  hwsim_new_radio_nl+0xba2/0x1330
[  199.223720][ T7317]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  199.223743][ T7317]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  199.223766][ T7317]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  199.223800][ T7317]  genl_family_rcv_msg_doit+0x206/0x2f0
[  199.223823][ T7317]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  199.223854][ T7317]  ? bpf_lsm_capable+0x9/0x10
[  199.223873][ T7317]  ? security_capable+0x7e/0x260
[  199.223899][ T7317]  ? ns_capable+0xd7/0x110
[  199.223923][ T7317]  genl_rcv_msg+0x55c/0x800
[  199.223947][ T7317]  ? __pfx_genl_rcv_msg+0x10/0x10
[  199.223969][ T7317]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  199.223994][ T7317]  netlink_rcv_skb+0x155/0x420
[  199.224013][ T7317]  ? __pfx_genl_rcv_msg+0x10/0x10
[  199.224036][ T7317]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  199.224064][ T7317]  ? netlink_deliver_tap+0x1ae/0xd30
[  199.224086][ T7317]  genl_rcv+0x28/0x40
[  199.224105][ T7317]  netlink_unicast+0x5aa/0x870
[  199.224128][ T7317]  ? __pfx_netlink_unicast+0x10/0x10
[  199.224147][ T7317]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  199.224173][ T7317]  netlink_sendmsg+0x8c8/0xdd0
[  199.224196][ T7317]  ? __pfx_netlink_sendmsg+0x10/0x10
[  199.224228][ T7317]  ____sys_sendmsg+0xa95/0xc70
[  199.224250][ T7317]  ? copy_msghdr_from_user+0x10a/0x160
[  199.224268][ T7317]  ? __pfx_____sys_sendmsg+0x10/0x10
[  199.224300][ T7317]  ___sys_sendmsg+0x134/0x1d0
[  199.224319][ T7317]  ? __pfx____sys_sendmsg+0x10/0x10
[  199.224365][ T7317]  __sys_sendmsg+0x16d/0x220
[  199.224383][ T7317]  ? __pfx___sys_sendmsg+0x10/0x10
[  199.224409][ T7317]  ? __secure_computing+0x28e/0x3b0
[  199.224429][ T7317]  do_syscall_64+0xcd/0x4e0
[  199.224450][ T7317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.224465][ T7317] RIP: 0033:0x7f243e98eec9
[  199.224477][ T7317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  199.224492][ T7317] RSP: 002b:00007f243f89d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  199.224506][ T7317] RAX: ffffffffffffffda RBX: 00007f243ebe6180 RCX: 00007f243e98eec9
[  199.224516][ T7317] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  199.224526][ T7317] RBP: 00007f243ea11f91 R08: 0000000000000000 R09: 0000000000000000
[  199.224535][ T7317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.224544][ T7317] R13: 00007f243ebe6218 R14: 00007f243ebe6180 R15: 00007ffe0cf38628
[  199.224566][ T7317]  </TASK>
[  199.618801][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.629446][   T30] audit: type=1326 audit(1759627725.407:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.655681][   T30] audit: type=1326 audit(1759627725.407:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.678869][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.685490][   T30] audit: type=1326 audit(1759627725.407:518): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.708669][    C1] vkms_vblank_simulate: vblank timer overrun
[  199.728960][   T30] audit: type=1326 audit(1759627725.407:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.767993][   T30] audit: type=1326 audit(1759627725.407:520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.932214][   T30] audit: type=1326 audit(1759627725.407:521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  199.962691][ T7305] bond0: (slave bond_slave_1): Releasing backup interface
[  200.020097][   T30] audit: type=1326 audit(1759627725.407:522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  200.068859][   T30] audit: type=1326 audit(1759627725.407:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  200.187396][ T5887] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  200.235747][   T30] audit: type=1326 audit(1759627725.407:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  200.426878][ T5887] usb 5-1: Using ep0 maxpacket: 16
[  200.630759][ T5887] usb 5-1: config 1 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  200.770288][   T30] audit: type=1326 audit(1759627725.427:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7314 comm="syz.3.339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f243e98eec9 code=0x7ffc0000
[  200.792725][ T5887] usb 5-1: config 1 interface 0 has no altsetting 0
[  200.802256][ T5936] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  200.867667][ T5887] usb 5-1: New USB device found, idVendor=0b05, idProduct=1866, bcdDevice= 0.40
[  200.889309][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.942546][ T5887] usb 5-1: Product: syz
[  201.164427][ T5887] usb 5-1: Manufacturer: syz
[  201.169149][ T5887] usb 5-1: SerialNumber: syz
[  201.754241][ T5887] usb 5-1: can't set config #1, error -71
[  201.761331][ T5887] usb 5-1: USB disconnect, device number 6
[  201.854865][ T5936] usb 3-1: config 0 has an invalid interface number: 11 but max is 0
[  201.863030][ T5936] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.902356][ T5936] usb 3-1: config 0 has no interface number 0
[  201.912119][ T5936] usb 3-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  201.923585][ T5936] usb 3-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  201.952092][ T5936] usb 3-1: config 0 interface 11 has no altsetting 0
[  201.972277][ T5936] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  201.981634][ T5936] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.107650][ T5936] usb 3-1: config 0 descriptor??
[  202.661579][ T5936] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected
[  202.889176][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 7
[  202.898186][ T7337] mkiss: ax0: crc mode is auto.
[  202.909288][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81
[  202.918772][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82
[  203.106251][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1
[  203.222452][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2
[  203.261213][ T7334] tipc: Can't bind to reserved service type 0
[  203.309049][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85
[  203.334831][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5
[  203.470053][ T5936] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  203.494615][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83
[  203.512281][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84
[  203.525016][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3
[  203.574722][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4
[  203.582875][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86
[  203.622809][ T5936] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6
[  203.641536][ T5936] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  203.682756][ T7357] netlink: 24 bytes leftover after parsing attributes in process `syz.1.347'.
[  203.999189][ T7360] netlink: 32 bytes leftover after parsing attributes in process `syz.1.347'.
[  204.280124][ T5874] usb 3-1: USB disconnect, device number 7
[  204.287654][ T5874] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[  204.317884][ T5874] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[  204.329962][ T5874] keyspan 3-1:0.11: device disconnected
[  204.362883][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.3.348'.
[  204.402109][ T5936] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  205.052132][ T5936] usb 2-1: Using ep0 maxpacket: 8
[  205.062424][ T7367] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  205.109645][ T5936] usb 2-1: unable to get BOS descriptor or descriptor too short
[  205.119699][ T5936] usb 2-1: config 7 has an invalid interface number: 58 but max is 0
[  205.128492][ T5936] usb 2-1: config 7 has no interface number 0
[  205.285622][ T5936] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has an invalid bInterval 111, changing to 7
[  205.318710][ T5936] usb 2-1: config 7 interface 58 altsetting 3 endpoint 0xE has invalid maxpacket 25702, setting to 1024
[  206.066244][ T5936] usb 2-1: config 7 interface 58 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  206.135998][ T5936] usb 2-1: config 7 interface 58 has no altsetting 0
[  206.172370][ T5936] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=48.0f
[  206.203628][ T5936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.229602][ T5936] usb 2-1: Product: syz
[  206.255206][ T5936] usb 2-1: Manufacturer: Ь
[  206.285792][ T5936] usb 2-1: SerialNumber: syz
[  206.448608][ T5936] usb 2-1: can't set config #7, error -71
[  206.570600][ T5936] usb 2-1: USB disconnect, device number 4
[  206.595167][ T6881] udevd[6881]: setting mode of /dev/bus/usb/002/004 to 020664 failed: No such file or directory
[  207.053156][ T6881] udevd[6881]: setting owner of /dev/bus/usb/002/004 to uid=0, gid=0 failed: No such file or directory
[  207.911164][ T7372] bond1: option downdelay: invalid value (18446744073709551609)
[  207.920236][ T7372] bond1: option downdelay: allowed values 0 - 2147483647
[  207.931422][ T7372] bond1 (unregistering): Released all slaves
[  209.068569][   T30] kauditd_printk_skb: 53 callbacks suppressed
[  209.068586][   T30] audit: type=1400 audit(1759627735.267:579): avc:  denied  { create } for  pid=7399 comm="syz.2.355" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  209.242118][   T30] audit: type=1400 audit(1759627735.437:580): avc:  denied  { read open } for  pid=7403 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  209.718887][   T30] audit: type=1400 audit(1759627735.437:581): avc:  denied  { getattr } for  pid=7403 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1835 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  209.764866][   T30] audit: type=1326 audit(1759627735.507:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  209.813655][   T30] audit: type=1326 audit(1759627735.507:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  210.016440][   T30] audit: type=1326 audit(1759627735.517:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  210.536839][   T30] audit: type=1326 audit(1759627735.517:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  210.576116][ T7427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.357'.
[  210.911889][   T30] audit: type=1326 audit(1759627735.517:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  210.945276][ T7430] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.358'.
[  210.955059][   T30] audit: type=1326 audit(1759627735.517:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  211.018787][ T7433] netlink: 24 bytes leftover after parsing attributes in process `syz.2.360'.
[  211.036133][ T7433] netlink: 8 bytes leftover after parsing attributes in process `syz.2.360'.
[  211.098517][ T7434] binder: 7413:7434 ioctl c0306201 0 returned -14
[  211.146886][   T30] audit: type=1326 audit(1759627735.517:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7399 comm="syz.2.355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f530138eec9 code=0x7ffc0000
[  213.471994][ T7458] netlink: 8 bytes leftover after parsing attributes in process `syz.4.363'.
[  214.964423][ T7484] Bluetooth: MGMT ver 1.23
[  215.051635][ T5874] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  215.122208][ T5948] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  215.471091][ T5948] usb 4-1: Using ep0 maxpacket: 32
[  215.494149][ T5874] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  215.532446][ T5948] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  216.191321][ T5874] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  216.264105][ T5948] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.279124][ T5948] usb 4-1: Product: syz
[  216.290145][ T5874] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  216.307290][ T5948] usb 4-1: Manufacturer: syz
[  216.324360][ T5948] usb 4-1: SerialNumber: syz
[  216.327559][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.588024][ T5948] usb 4-1: config 0 descriptor??
[  218.397309][ T5874] usb 2-1: can't set config #27, error -71
[  218.510319][ T5874] usb 2-1: USB disconnect, device number 5
[  218.542689][ T5833] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  218.622461][ T7516] netdevsim netdevsim0: Direct firmware load for  failed with error -2
[  218.631575][ T7516] netdevsim netdevsim0: Falling back to sysfs fallback for: 
[  218.722342][ T5833] usb 5-1: Using ep0 maxpacket: 16
[  218.729989][ T5833] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.741049][ T5833] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  218.760991][ T5833] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=50.0d
[  218.773186][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.784687][ T7514] netlink: 'syz.1.374': attribute type 32 has an invalid length.
[  218.815050][ T5833] usb 5-1: Product: syz
[  218.832717][ T5833] usb 5-1: Manufacturer: syz
[  218.856175][ T5833] usb 5-1: SerialNumber: syz
[  218.898032][ T5833] usb 5-1: config 0 descriptor??
[  218.938158][ T5833] gspca_main: STV06xx-2.14.0 probing 046d:08f0
[  218.945338][ T5833] gspca_stv06xx: st6422 sensor detected
[  219.032346][ T7521] netlink: 48 bytes leftover after parsing attributes in process `syz.1.376'.
[  219.325005][ T5948] usb 4-1: can't set config #0, error -71
[  219.355081][ T5948] usb 4-1: USB disconnect, device number 7
[  220.701048][ T7534] Bluetooth: MGMT ver 1.23
[  221.037982][ T7545] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  221.049522][ T7545] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  221.308336][   T30] kauditd_printk_skb: 73 callbacks suppressed
[  221.308368][   T30] audit: type=1400 audit(1759627747.197:662): avc:  denied  { mount } for  pid=7540 comm="syz.3.380" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  222.301255][ T7551] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  222.346982][   T30] audit: type=1400 audit(1759627748.547:663): avc:  denied  { unmount } for  pid=5821 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  222.568212][ T5833] STV06xx 5-1:0.0: probe with driver STV06xx failed with error -71
[  222.762178][ T5833] usb 5-1: USB disconnect, device number 7
[  222.908196][ T7566] IPv6: Can't replace route, no match found
[  223.382171][ T5948] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  223.672147][ T5948] usb 2-1: config 0 has an invalid interface number: 11 but max is 0
[  223.703335][ T5948] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  223.752105][ T5948] usb 2-1: config 0 has no interface number 0
[  224.022394][ T5948] usb 2-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  224.042109][ T5948] usb 2-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  224.055275][ T5948] usb 2-1: config 0 interface 11 has no altsetting 0
[  224.062332][ T5948] usb 2-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  224.071418][ T5948] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.103063][ T5948] usb 2-1: config 0 descriptor??
[  224.110311][ T5948] keyspan 2-1:0.11: Keyspan 2 port adapter converter detected
[  224.128118][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 7
[  224.139237][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 81
[  224.147120][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 82
[  224.154936][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 1
[  224.162662][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 2
[  224.200789][ T5874] usb 1-1: new full-speed USB device number 6 using dummy_hcd
[  224.332234][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 85
[  224.444430][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 5
[  224.563682][ T5874] usb 1-1: config 0 has an invalid interface number: 11 but max is 0
[  224.581358][ T5874] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  224.618291][ T5874] usb 1-1: config 0 has no interface number 0
[  224.628016][ T5948] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[  224.656305][ T5874] usb 1-1: config 0 interface 11 altsetting 253 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  224.663217][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 83
[  224.711028][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 84
[  224.736631][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 3
[  224.747057][ T5874] usb 1-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  224.770791][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 4
[  224.840503][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 86
[  224.853081][ T5874] usb 1-1: config 0 interface 11 has no altsetting 0
[  224.877948][ T5948] keyspan 2-1:0.11: found no endpoint descriptor for endpoint 6
[  224.885916][ T5874] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  224.903518][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.925531][ T5874] usb 1-1: config 0 descriptor??
[  224.940823][ T5874] keyspan 1-1:0.11: Keyspan 2 port adapter converter detected
[  224.975091][ T5948] usb 2-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[  225.041585][ T5874] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 7
[  225.078638][ T5874] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 81
[  225.657001][ T7581] ==================================================================
[  225.665076][ T7581] BUG: KASAN: slab-out-of-bounds in __cpa_addr+0x1d3/0x220
[  225.672451][ T7581] Read of size 8 at addr ffff888075a8b788 by task syz.4.387/7581
[  225.680243][ T7581] 
[  225.682544][ T7581] CPU: 0 UID: 0 PID: 7581 Comm: syz.4.387 Not tainted syzkaller #0 PREEMPT(full) 
[  225.682559][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  225.682566][ T7581] Call Trace:
[  225.682571][ T7581]  <TASK>
[  225.682576][ T7581]  dump_stack_lvl+0x116/0x1f0
[  225.682596][ T7581]  print_report+0xcd/0x630
[  225.682610][ T7581]  ? __virt_addr_valid+0x81/0x610
[  225.682629][ T7581]  ? __phys_addr+0xe8/0x180
[  225.682647][ T7581]  ? __cpa_addr+0x1d3/0x220
[  225.682659][ T7581]  kasan_report+0xe0/0x110
[  225.682673][ T7581]  ? __cpa_addr+0x1d3/0x220
[  225.682687][ T7581]  __cpa_addr+0x1d3/0x220
[  225.682698][ T7581]  cpa_flush+0x28b/0x8a0
[  225.682712][ T7581]  ? __pfx_cpa_flush+0x10/0x10
[  225.682725][ T7581]  ? pgprot2cachemode+0x9a/0x130
[  225.682742][ T7581]  ? __pfx_pgprot2cachemode+0x10/0x10
[  225.682759][ T7581]  ? drm_gem_get_pages+0x6a0/0xa10
[  225.682773][ T7581]  change_page_attr_set_clr+0x34e/0x4a0
[  225.682788][ T7581]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  225.682806][ T7581]  _set_pages_array+0x1ab/0x2c0
[  225.682821][ T7581]  drm_gem_shmem_get_pages_locked+0x384/0x490
[  225.682833][ T7581]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  225.682844][ T7581]  ? __pfx___might_resched+0x10/0x10
[  225.682862][ T7581]  drm_gem_shmem_mmap+0xc9/0x550
[  225.682873][ T7581]  ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[  225.682885][ T7581]  drm_gem_mmap_obj+0x1b5/0x560
[  225.682900][ T7581]  drm_gem_mmap+0x40b/0x620
[  225.682915][ T7581]  ? __pfx_drm_gem_mmap+0x10/0x10
[  225.682927][ T7581]  ? vm_area_alloc+0x1f/0x160
[  225.682943][ T7581]  ? lockdep_init_map_type+0x5c/0x280
[  225.682956][ T7581]  __mmap_region+0x1306/0x27a0
[  225.682966][ T7581]  ? __pfx_css_rstat_updated+0x10/0x10
[  225.682983][ T7581]  ? __pfx___mmap_region+0x10/0x10
[  225.682994][ T7581]  ? __cgroup_account_cputime+0xcc/0x120
[  225.683026][ T7581]  mmap_region+0x32b/0x3f0
[  225.683037][ T7581]  do_mmap+0xa3e/0x1210
[  225.683051][ T7581]  ? __pfx_do_mmap+0x10/0x10
[  225.683064][ T7581]  ? __pfx_down_write_killable+0x10/0x10
[  225.683081][ T7581]  vm_mmap_pgoff+0x29e/0x470
[  225.683096][ T7581]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  225.683110][ T7581]  ? __fget_files+0x20e/0x3c0
[  225.683125][ T7581]  ksys_mmap_pgoff+0x32c/0x5c0
[  225.683138][ T7581]  __x64_sys_mmap+0x125/0x190
[  225.683151][ T7581]  do_syscall_64+0xcd/0x4e0
[  225.683165][ T7581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.683177][ T7581] RIP: 0033:0x7fd0d2b8eec9
[  225.683187][ T7581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  225.683199][ T7581] RSP: 002b:00007fd0d3a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  225.683210][ T7581] RAX: ffffffffffffffda RBX: 00007fd0d2de6180 RCX: 00007fd0d2b8eec9
[  225.683217][ T7581] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  225.683224][ T7581] RBP: 00007fd0d2c11f91 R08: 0000000000000007 R09: 0000000100000000
[  225.683231][ T7581] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  225.683237][ T7581] R13: 00007fd0d2de6218 R14: 00007fd0d2de6180 R15: 00007fff8283ad18
[  225.683247][ T7581]  </TASK>
[  225.683251][ T7581] 
[  225.989066][ T7581] Allocated by task 7581:
[  225.993376][ T7581]  kasan_save_stack+0x33/0x60
[  225.998034][ T7581]  kasan_save_track+0x14/0x30
[  226.002687][ T7581]  __kasan_kmalloc+0xaa/0xb0
[  226.007256][ T7581]  __kvmalloc_node_noprof+0x3a3/0x9c0
[  226.012607][ T7581]  drm_gem_get_pages+0x144/0xa10
[  226.017527][ T7581]  drm_gem_shmem_get_pages_locked+0x1e6/0x490
[  226.023581][ T7581]  drm_gem_shmem_mmap+0xc9/0x550
[  226.028496][ T7581]  drm_gem_mmap_obj+0x1b5/0x560
[  226.033324][ T7581]  drm_gem_mmap+0x40b/0x620
[  226.037816][ T7581]  __mmap_region+0x1306/0x27a0
[  226.042553][ T7581]  mmap_region+0x32b/0x3f0
[  226.046944][ T7581]  do_mmap+0xa3e/0x1210
[  226.051079][ T7581]  vm_mmap_pgoff+0x29e/0x470
[  226.055649][ T7581]  ksys_mmap_pgoff+0x32c/0x5c0
[  226.060390][ T7581]  __x64_sys_mmap+0x125/0x190
[  226.065045][ T7581]  do_syscall_64+0xcd/0x4e0
[  226.069530][ T7581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.075406][ T7581] 
[  226.077704][ T7581] The buggy address belongs to the object at ffff888075a8b700
[  226.077704][ T7581]  which belongs to the cache kmalloc-192 of size 192
[  226.091733][ T7581] The buggy address is located 0 bytes to the right of
[  226.091733][ T7581]  allocated 136-byte region [ffff888075a8b700, ffff888075a8b788)
[  226.106198][ T7581] 
[  226.108504][ T7581] The buggy address belongs to the physical page:
[  226.114884][ T7581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x75a8b
[  226.123621][ T7581] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  226.131141][ T7581] page_type: f5(slab)
[  226.135099][ T7581] raw: 00fff00000000000 ffff88801b0263c0 0000000000000000 dead000000000001
[  226.143665][ T7581] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000
[  226.152219][ T7581] page dumped because: kasan: bad access detected
[  226.158604][ T7581] page_owner tracks the page as allocated
[  226.164292][ T7581] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x252800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP|__GFP_THISNODE), pid 9, tgid 9 (kworker/0:0), ts 68475221572, free_ts 68473258852
[  226.183281][ T7581]  post_alloc_hook+0x1c0/0x230
[  226.188028][ T7581]  get_page_from_freelist+0x10a3/0x3a30
[  226.193556][ T7581]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  226.199434][ T7581]  new_slab+0xa5/0x360
[  226.203484][ T7581]  ___slab_alloc+0xdc4/0x1ae0
[  226.208146][ T7581]  __slab_alloc.constprop.0+0x63/0x110
[  226.213589][ T7581]  __kmalloc_cache_node_noprof+0x453/0x7a0
[  226.219374][ T7581]  create_worker+0x10f/0x7e0
[  226.223942][ T7581]  worker_thread+0x9dd/0xf10
[  226.228512][ T7581]  kthread+0x3c5/0x780
[  226.232558][ T7581]  ret_from_fork+0x56d/0x730
[  226.237134][ T7581]  ret_from_fork_asm+0x1a/0x30
[  226.241891][ T7581] page last free pid 15 tgid 15 stack trace:
[  226.247850][ T7581]  __free_frozen_pages+0x7df/0x1160
[  226.253042][ T7581]  rcu_core+0x799/0x1530
[  226.257273][ T7581]  handle_softirqs+0x219/0x8e0
[  226.262024][ T7581]  run_ksoftirqd+0x3a/0x60
[  226.266432][ T7581]  smpboot_thread_fn+0x3f7/0xae0
[  226.271347][ T7581]  kthread+0x3c5/0x780
[  226.275399][ T7581]  ret_from_fork+0x56d/0x730
[  226.279965][ T7581]  ret_from_fork_asm+0x1a/0x30
[  226.284709][ T7581] 
[  226.287009][ T7581] Memory state around the buggy address:
[  226.292611][ T7581]  ffff888075a8b680: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  226.300647][ T7581]  ffff888075a8b700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  226.308682][ T7581] >ffff888075a8b780: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  226.316716][ T7581]                       ^
[  226.321016][ T7581]  ffff888075a8b800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  226.329229][ T7581]  ffff888075a8b880: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
[  226.337263][ T7581] ==================================================================
[  226.346660][   T30] audit: type=1400 audit(1759627751.837:664): avc:  denied  { write } for  pid=7576 comm="syz.4.387" name="card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  226.401413][ T5874] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 82
[  226.409739][   T30] audit: type=1400 audit(1759627751.837:665): avc:  denied  { map } for  pid=7576 comm="syz.4.387" path="/dev/dri/card0" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  226.448427][ T1205] usb 2-1: USB disconnect, device number 6
[  226.478272][ T5874] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 1
[  226.510769][ T5874] keyspan 1-1:0.11: found no endpoint descriptor for endpoint 2
[  226.521319][ T7581] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  226.528514][ T7581] CPU: 0 UID: 0 PID: 7581 Comm: syz.4.387 Not tainted syzkaller #0 PREEMPT(full) 
[  226.537680][ T7581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  226.547720][ T7581] Call Trace:
[  226.550971][ T7581]  <TASK>
[  226.553881][ T7581]  dump_stack_lvl+0x3d/0x1f0
[  226.558461][ T7581]  vpanic+0x640/0x6f0
[  226.562423][ T7581]  panic+0xca/0xd0
[  226.566112][ T7581]  ? __pfx_panic+0x10/0x10
[  226.570498][ T7581]  ? __cpa_addr+0x1d3/0x220
[  226.575154][ T7581]  ? preempt_schedule_common+0x44/0xc0
[  226.580591][ T7581]  ? preempt_schedule_thunk+0x16/0x30
[  226.585939][ T7581]  check_panic_on_warn+0xab/0xb0
[  226.590845][ T7581]  end_report+0x107/0x170
[  226.595145][ T7581]  kasan_report+0xee/0x110
[  226.599536][ T7581]  ? __cpa_addr+0x1d3/0x220
[  226.604010][ T7581]  __cpa_addr+0x1d3/0x220
[  226.608310][ T7581]  cpa_flush+0x28b/0x8a0
[  226.612524][ T7581]  ? __pfx_cpa_flush+0x10/0x10
[  226.617261][ T7581]  ? pgprot2cachemode+0x9a/0x130
[  226.622172][ T7581]  ? __pfx_pgprot2cachemode+0x10/0x10
[  226.627573][ T7581]  ? drm_gem_get_pages+0x6a0/0xa10
[  226.632713][ T7581]  change_page_attr_set_clr+0x34e/0x4a0
[  226.638248][ T7581]  ? __pfx_change_page_attr_set_clr+0x10/0x10
[  226.644304][ T7581]  _set_pages_array+0x1ab/0x2c0
[  226.649135][ T7581]  drm_gem_shmem_get_pages_locked+0x384/0x490
[  226.655187][ T7581]  ? __pfx_drm_gem_shmem_get_pages_locked+0x10/0x10
[  226.661749][ T7581]  ? __pfx___might_resched+0x10/0x10
[  226.667015][ T7581]  drm_gem_shmem_mmap+0xc9/0x550
[  226.671931][ T7581]  ? __pfx_drm_gem_shmem_object_mmap+0x10/0x10
[  226.678065][ T7581]  drm_gem_mmap_obj+0x1b5/0x560
[  226.682905][ T7581]  drm_gem_mmap+0x40b/0x620
[  226.687382][ T7581]  ? __pfx_drm_gem_mmap+0x10/0x10
[  226.692379][ T7581]  ? vm_area_alloc+0x1f/0x160
[  226.697032][ T7581]  ? lockdep_init_map_type+0x5c/0x280
[  226.702381][ T7581]  __mmap_region+0x1306/0x27a0
[  226.707113][ T7581]  ? __pfx_css_rstat_updated+0x10/0x10
[  226.712559][ T7581]  ? __pfx___mmap_region+0x10/0x10
[  226.717639][ T7581]  ? __cgroup_account_cputime+0xcc/0x120
[  226.723260][ T7581]  mmap_region+0x32b/0x3f0
[  226.727646][ T7581]  do_mmap+0xa3e/0x1210
[  226.731772][ T7581]  ? __pfx_do_mmap+0x10/0x10
[  226.736334][ T7581]  ? __pfx_down_write_killable+0x10/0x10
[  226.741941][ T7581]  vm_mmap_pgoff+0x29e/0x470
[  226.746506][ T7581]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  226.751590][ T7581]  ? __fget_files+0x20e/0x3c0
[  226.756246][ T7581]  ksys_mmap_pgoff+0x32c/0x5c0
[  226.760983][ T7581]  __x64_sys_mmap+0x125/0x190
[  226.765631][ T7581]  do_syscall_64+0xcd/0x4e0
[  226.770196][ T7581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  226.776057][ T7581] RIP: 0033:0x7fd0d2b8eec9
[  226.780440][ T7581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  226.800018][ T7581] RSP: 002b:00007fd0d3a07038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  226.808487][ T7581] RAX: ffffffffffffffda RBX: 00007fd0d2de6180 RCX: 00007fd0d2b8eec9
[  226.816427][ T7581] RDX: 0000000000000004 RSI: 0000000000004000 RDI: 0000200000001000
[  226.824367][ T7581] RBP: 00007fd0d2c11f91 R08: 0000000000000007 R09: 0000000100000000
[  226.832309][ T7581] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  226.840256][ T7581] R13: 00007fd0d2de6218 R14: 00007fd0d2de6180 R15: 00007fff8283ad18
[  226.848207][ T7581]  </TASK>
[  226.851393][ T7581] Kernel Offset: disabled
[  226.855699][ T7581] Rebooting in 86400 seconds..