last executing test programs:

8.172746685s ago: executing program 3 (id=1574):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mknodat$loop(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x6004, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x101041, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x127c, &(0x7f0000001080))
syz_io_uring_submit(0x0, 0x0, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1, 0x1, {0x3}})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ppoll(&(0x7f0000000080)=[{r2}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000100)=0xcf5)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000280)=0x3)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
setpgid(r3, 0x0)
setpgid(0x0, r3)
statx(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x800, 0x1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
socket$igmp6(0xa, 0x3, 0x2)
mount$cgroup2(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x141010, &(0x7f0000000540)={[{@pids_localevents}, {@subsystem='net_cls'}, {@memory_recursiveprot}, {@memory_localevents}, {@pids_localevents}], [{@fowner_lt={'fowner<', r5}}, {@fowner_eq}, {@audit}, {@flag='nomand'}, {@fowner_eq}, {@fscontext={'fscontext', 0x3d, 'sysadm_u'}}, {@obj_role={'obj_role', 0x3d, 'syzkaller\x00'}}]})

6.98479404s ago: executing program 3 (id=1577):
syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0)
syz_usb_connect$uac1(0x2, 0xb2, &(0x7f0000000140)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa0, 0x3, 0x1, 0xdc, 0x20, 0x9, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x25b5, 0x4}, [@extension_unit={0x8, 0x24, 0x8, 0x2, 0x4, 0x0, "ff"}, @output_terminal={0x9, 0x24, 0x3, 0x1, 0x302, 0x1, 0x4, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x400, 0x1, 0x9, "cc23296a"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0xb, 0x4, 0xd, 0x8, "143039a4c6676f35"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x2, 0x1, 0x1, 0x9, "bf75"}, @format_type_i_discrete={0x9, 0x24, 0x2, 0x1, 0xf, 0x1, 0x7, 0x2, "04"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x5, 0x3a, 0xa7, {0x7, 0x25, 0x1, 0x2, 0x3, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x3ff, 0x81, 0xf, 0x9, {0x7, 0x25, 0x1, 0x0, 0xe, 0x3ff}}}}}}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x201, 0xdd, 0xc, 0xe, 0x8, 0x6}, 0x5, &(0x7f0000000080)={0x5, 0xf, 0x5}, 0x3, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x4001}}, {0x18, &(0x7f0000000240)=@string={0x18, 0x3, "e628f3b25e341f8803ca68cf51777fb89ff9b18b4fba"}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x180a}}]})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x82801, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x757, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0xff, 0x3, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x1, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xd3}}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000ac0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001b80), r2)
sendmsg$IEEE802154_LIST_IFACE(r2, &(0x7f0000001c80)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000001bc0)={0x14, r3, 0x50be6fea6f3bdfbb, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02)

6.716084674s ago: executing program 0 (id=1580):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
getcwd(&(0x7f0000000500)=""/141, 0x8d)

6.167188817s ago: executing program 0 (id=1582):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={<r2=>0x0}, &(0x7f0000000980)=0x59)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000100)=@assoc_value={r2, 0x7}, 0x8)

6.028864446s ago: executing program 0 (id=1583):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r3 = syz_open_procfs(r1, &(0x7f0000000040)='stat\x00')
pread64(r3, &(0x7f0000000140)=""/15, 0xf, 0x4)

5.414553137s ago: executing program 0 (id=1585):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000001000/0x3000)=nil, 0x3000}, 0x1})
accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000a00), &(0x7f0000000a80)=0x60)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000080)=@ethtool_pauseparam={0x12, 0xfffffffe, 0x7ff, 0x1}})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000000000/0x4000)=nil, 0x4000}, 0x2})
syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
r3 = socket$inet6(0xa, 0x3, 0x6)
setsockopt$inet6_buf(r3, 0x29, 0x39, &(0x7f0000000040)="ff0204000000000100000000000000000000000000000205", 0x18)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0e, 0x0)

4.083647055s ago: executing program 4 (id=1590):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019c00364bc24eab556a705251e618294ff0051f60a84c9", 0x45}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000580)=ANY=[@ANYBLOB="01ff07000000000000abaaaa86dd600000fffe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000025dcd1d22dc9d02cf7cd4266c5b3b7985afa30d92f4f78d0f776991b5214882e7c75783e658fed130f5deb1c7add5d08a1c488429d1ba95fcd06f9414ff3840ed5ff0de73c862fa84ed76d9acbc40356611b580a201a03e77cb7854c720b038477abd8a6d03cf05fb0151969829500000000caa0012c749732b08e8e84382d2ff5c587586eecfe2565933fc6d4cb9c1a0d483b2501f17a721150e07755f61785051f74517061c1dab682816eb4de9ed5214b7ff07ea5278d6fe96211c871fa7a9078e6450d3808119e3c8d0f92167727c95e49c0b0baed9d68c8307b38366ef80674d0166f498e12cafa55e6a00de26283d1329b86dad44dde6ea4b0f500f1aaea7264"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
fchdir(r1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

3.943613983s ago: executing program 4 (id=1592):
read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2020)
lstat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000000380)={0x130, 0x0, 0x0, {0x8, 0x4, 0x0, '\x00', {0x368, 0x2cd4, 0xa, 0x2000, r1, 0xee01, 0x8000, '\x00', 0xfb, 0x25, 0x7, 0x3, {0x1, 0xd627}, {0xf11a, 0xd}, {0xf0, 0x2}, {0x4, 0x7}, 0x1, 0x2, 0x7, 0xc}}}, 0x130)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x1d, 0x0, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$l2tp6(0xa, 0x2, 0x73)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(r0, 0x3, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r4 = getuid()
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0xffffffff80000402, r4, &(0x7f0000000280))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_init()
prctl$PR_GET_TID_ADDRESS(0x28, &(0x7f0000000040))
inotify_add_watch(0xffffffffffffffff, 0x0, 0xc1000dd1)
socket$nl_generic(0x10, 0x3, 0x10)
faccessat2(0xffffffffffffff9c, 0x0, 0x1, 0x100)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x0, 0x1)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='befs\x00', 0x0, 0x0)
userfaultfd(0x80001)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="00000000008bbb3b510000000000000000000000a8d5b46be3f753f3b40c4657e134056448562d4941e4945004350c763777d49a9bd190a054b06e37f1982bdbf99f9b0f5870b5bea8ccde93f823a8f47fc88d4abd3edce8aa31b76f41fa37a76baa87af96b1928a0abada88", @ANYRES32=0x0, @ANYRES64=r2, @ANYBLOB='\x00'/19], 0x50)

3.847480872s ago: executing program 2 (id=1594):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r0=>0xffffffffffffffff})
write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0', [{0x20, 'wlan1\x00'}], 0xa, "1721"}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={0x0}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
fsopen(0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000400)=[@mss={0x2, 0x4}, @timestamp, @timestamp, @mss={0x2, 0x1}, @timestamp, @timestamp, @mss={0x2, 0x4}, @timestamp], 0x30)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

3.472544943s ago: executing program 3 (id=1595):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x84)

3.183851668s ago: executing program 1 (id=1596):
r0 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, r1})
r2 = syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x6a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2040, 0x1})
io_uring_enter(r2, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0)

3.169324144s ago: executing program 3 (id=1597):
socket$inet6(0xa, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = openat$sysfs(0xffffff9c, &(0x7f00000000c0)='/sys/power/wakeup_count', 0x42, 0x0)
io_submit(0x0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
openat$mixer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], &(0x7f0000000180)=[0x0], 0x0, 0x0, 0x1, 0x1})
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000001200)=[{0x0}], 0x1)

3.042472966s ago: executing program 1 (id=1598):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e0021a5553f8c6b23cbff0700e831b685152bb15e"], 0x1c}}, 0x8040)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
mkdir(&(0x7f0000000000)='./file0\x00', 0x26)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200)='./file2\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000002300)=@raw={'raw\x00', 0xc01, 0x3, 0x2298, 0x1100, 0x5002004a, 0x0, 0x0, 0x0, 0x2200, 0x3c8, 0x3c8, 0x2200, 0x3c8, 0x3, 0x0, {[{{@uncond, 0x60, 0x10a0, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x1, 0x0, 0x0, 0x0, './cgroup.cpu/syz1\x00'}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x1, [0x2, 0x1, 0x7], 0x6, 0x2}, {0x2, [0x0, 0x6, 0x4, 0x9, 0x0, 0x89ce99baffcf6900], 0x1, 0x1}}}}, {{@uncond, 0x0, 0x10a0, 0x1100, 0x0, {}, [@common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x1, 0x1, './cgroup.net/syz1\x00', 0x2, {0x5}}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@loopback, [0xffffff00, 0xff000000, 0xff, 0xff0000ff], 0x4e22, 0x4c20, 0x4e24, 0x4e23, 0xc9, 0x0, 0x3b, 0x83, 0x25}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x22f8)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x34000, 0x0)

2.81898925s ago: executing program 2 (id=1599):
r0 = syz_open_pts(0xffffffffffffffff, 0x24400)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25GCAUSEDIAG(r1, 0x89e6, &(0x7f0000000bc0)={0x1, 0x6c})
ioctl$TIOCSETD(r0, 0x5423, 0xfffffffffffffffe)

2.243530261s ago: executing program 4 (id=1600):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=@ipv6_deladdrlabel={0x1c, 0x49, 0x1, 0x70bd26}, 0x1c}}, 0x20048000) (fail_nth: 5)

2.242751553s ago: executing program 2 (id=1601):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)="1b000000180081054e81f782db4cb904021d0800fe007c05e8fe55a10a0015000200142603600e12080005007f370401a8001600200006000400027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2e98a61e284ce5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e970392", 0xd8}], 0x1}, 0x0)

1.939450868s ago: executing program 2 (id=1602):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
syz_emit_ethernet(0x52, &(0x7f0000000000)={@broadcast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x10}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0000a0", 0x1c, 0x3a, 0xfe, @local, @mcast2, {[], @mlv2_query={0x82, 0x0, 0x0, 0x40, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x5, 0x1, 0x2}}}}}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f9849675000028004000500a1085e7df341b9dc3d8008a2fe5bdaad140004009c7e472c916020fe41bcc5aa8f56c9471400050080ab8be51421cfa3c9e5cbfe8217e0af0800010000000000080001000000000060001a803f0003"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000140), 0x4)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0xd21, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18001000"/20, @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r4}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000000)={0x0, &(0x7f00000001c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000300)={0x0, 0x0, 0x9, 0xfffffffd, 0x0, [<r5=>0x0], [0x9, 0x0, 0x0, 0x8], [0x2, 0x0, 0x100, 0xd], [0x1000000000000, 0xab6, 0xfffffffffffffffd, 0x80000000]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000004, 0x13, r6, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)

1.930367079s ago: executing program 4 (id=1603):
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000140)="5c000000130025cc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514000cc00800250007000200060019c00364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000580)=ANY=[@ANYBLOB="01ff07000000000000abaaaa86dd600000fffe800000000000000000000000000000ff0200000000000000000000000000018600907800000000000000000000000025dcd1d22dc9d02cf7cd4266c5b3b7985afa30d92f4f78d0f776991b5214882e7c75783e658fed130f5deb1c7add5d08a1c488429d1ba95fcd06f9414ff3840ed5ff0de73c862fa84ed76d9acbc40356611b580a201a03e77cb7854c720b038477abd8a6d03cf05fb0151969829500000000caa0012c749732b08e8e84382d2ff5c587586eecfe2565933fc6d4cb9c1a0d483b2501f17a721150e07755f61785051f74517061c1dab682816eb4de9ed5214b7ff07ea5278d6fe96211c871fa7a9078e6450d3808119e3c8d0f92167727c95e49c0b0baed9d68c8307b38366ef80674d0166f498e12cafa55e6a00de26283d1329b86dad44dde6ea4b0f500f1aaea7264"], 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
fchdir(r1)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.883952848s ago: executing program 1 (id=1604):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x30}, 0x1, 0x0, 0x0, 0x4009}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000300)={'syztnl1\x00', &(0x7f0000000280)={'syztnl0\x00', 0x0, 0x29, 0x2, 0x80, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x28}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x8, 0x1, 0x80}})
r4 = syz_io_uring_setup(0x10c, &(0x7f00000000c0)={0x0, 0x62ff, 0x400, 0x40000, 0x115}, &(0x7f0000000400)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_CONNECT={0x10, 0x1d, 0x0, 0xffffffffffffffff, 0x0, 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r10 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r9, r10, 0x5, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r9}, &(0x7f00000006c0), &(0x7f0000000700)=r8}, 0x20)
sendmsg$inet(r7, 0x0, 0x3)
io_uring_enter(r4, 0x5830, 0x0, 0x41, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r11 = socket$inet(0x2, 0x3, 0x1)
setsockopt$sock_int(r11, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r11, 0x0)
recvmmsg(r11, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x10000000000000)

1.800431282s ago: executing program 4 (id=1605):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f00000000c0)=<r5=>0x0)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r5], 0x1c}}, 0x0)
sendmsg$NFC_CMD_DEACTIVATE_TARGET(r3, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x2, 0x70bd25, 0x25dfdbfe, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000050}, 0x40)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r6=>0x0)
sendmsg$NFC_CMD_DEV_UP(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r1, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r5}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r7 = io_uring_setup(0xfd6, &(0x7f00000002c0)={0x0, 0x388, 0x20, 0x3, 0x2b6})
r8 = io_uring_setup(0x3efd, &(0x7f0000000000)={0x0, 0x0, 0x1840, 0x2, 0x104, 0x0, r7})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="480000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="020000000000000014001280090001007665746800000000040002800a0001002aaaaaaaaa000000080004"], 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vxcan1\x00', <r10=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r11 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r11, 0x0, 0x8008000000010, &(0x7f0000000180)="17000000020002000003be8c5ee17688a8006c00030100ecff3f0000000300000a0001000098fc5a53d3f5b7e4a96c6b06169da9c0f8d9485bbb6a880000d6c8db0000dba67e06000000e289c46f8ab8b4028a7a63c900000200df0180000000000100000000000080c457681f009cee4a5acb3da400001fb7315033bf79ac2df5bc080236e2b68c8eec25a02aff06011500394100000000000affff02dfccebf6ba00085d024f0298e9e90554062a80e605007f71174aa9", 0xb8)
r12 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r12, &(0x7f0000019680)=""/102392, 0x18ff8)
r13 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r13, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r13, 0x80047437, &(0x7f0000001f00))
pselect6(0x40, &(0x7f0000000600)={0x3, 0xffffffffffffffff, 0x1, 0x7, 0xc017, 0x912e, 0xd142, 0x8}, &(0x7f0000000640)={0xb44, 0x5, 0xebe0, 0x9, 0x4, 0xa, 0xfffffffffffffbff, 0xf}, &(0x7f0000000680)={0x7, 0x0, 0x8000000000000000, 0x2b, 0x7, 0x2, 0x0, 0x6}, &(0x7f00000006c0)={0x77359400}, &(0x7f0000000740)={&(0x7f0000000700)={[0x8000000000000000]}, 0x8})
openat$ppp(0xffffffffffffff9c, 0x0, 0x40a40, 0x0)
sendmmsg(r13, &(0x7f0000001640)=[{{0x0, 0x0, 0x0}}], 0x34000, 0x0)
sendmsg$nl_route(r9, &(0x7f00000005c0)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=@can_newroute={0x54, 0x18, 0x1, 0x70bd28, 0x25dfdbfc, {0x1d, 0x1, 0x5}, [@CGW_MOD_XOR={0x15, 0x3, {{{0x3, 0x1}, 0x1, 0x0, 0x0, 0x0, "65cfac1232e50f0e"}, 0x3}}, @CGW_SRC_IF={0x8, 0x9, r10}, @CGW_MOD_OR={0x15, 0x2, {{{0x4, 0x1, 0x0, 0x1}, 0x4, 0x1, 0x0, 0x0, "189ddf5ffaf1d2c4"}, 0x4}}, @CGW_CS_XOR={0x8, 0x5, {0x1, 0xfffffffffffffffd, 0x2, 0x90}}]}, 0x54}, 0x1, 0x0, 0x0, 0x2800}, 0x4000880)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r8, 0xb, 0x0, 0x0)

1.783565264s ago: executing program 2 (id=1606):
r0 = creat(&(0x7f0000000240)='./bus\x00', 0xc2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8, &(0x7f0000006680))
setresgid(0x0, 0x0, 0xee01)
io_setup(0x7f, &(0x7f0000000100)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000380)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2, 0x0, r0, 0x0}])

1.655111857s ago: executing program 0 (id=1607):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, 0x0, 0x84)

1.65116186s ago: executing program 1 (id=1608):
r0 = syz_open_dev$dri(0x0, 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000140)={0x0, 0x0, r1})
r2 = syz_io_uring_setup(0x1458, &(0x7f00000004c0)={0x0, 0x4, 0x10180, 0x2000, 0x3ae}, &(0x7f0000000100)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x6a, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2040, 0x1})
io_uring_enter(r2, 0x2d3e, 0xfffffffd, 0x0, 0x0, 0x0)

1.51566533s ago: executing program 2 (id=1609):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000000)={0x1b, 0x0, 0x0, 0x4, 0x0, 0x1, 0x63d9, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x4, 0x4, 0x0, @void, @value, @void, @value}, 0x50)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x8000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sched_setscheduler(r2, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/pm_test', 0x141a82, 0x0)
sendfile(r5, r5, 0x0, 0x4)
ioctl$RTC_IRQP_READ(r1, 0x8008700b, &(0x7f0000000140))
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000000c0)={@local, @multicast2, <r6=>0x0}, &(0x7f0000000340)=0xc)
r7 = syz_open_procfs(0x0, &(0x7f0000000280)='net\x00')
fchdir(r7)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100), 0x1000)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff, {0x2}}, './file0\x00'})
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r8, 0x1e, &(0x7f0000000400)={r9}, 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='oom_score_adj_update\x00', r9}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x14, &(0x7f0000000180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x800}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@map_val={0x18, 0x7, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xee}, @jmp={0x5, 0x0, 0x6, 0x2, 0x7, 0x10, 0xffffffffffffffff}, @map_idx={0x18, 0x9, 0x5, 0x0, 0xf}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0xa, 0xea, &(0x7f0000000240)=""/234, 0x41100, 0x10, '\x00', r6, @xdp=0x25, r8, 0x8, &(0x7f00000003c0)={0x9, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, r9, 0x7, &(0x7f0000000400), &(0x7f0000000440)=[{0x4, 0x2, 0xc, 0xc}, {0x1, 0x1, 0x10}, {0x2, 0x5, 0xc, 0x8880201e7e04acc1}, {0x1, 0x1, 0xf}, {0x4, 0x2, 0x5, 0x8}, {0x3, 0x5, 0x2, 0x6}, {0x0, 0x1, 0x3, 0xb}], 0x10, 0x6, @void, @value}, 0x94)
r10 = syz_usbip_server_init(0x4)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="120100001ddf8208c00712152230000000010902"], 0x0)
write$usbip_server(r10, &(0x7f0000000140)=ANY=[@ANYBLOB="000000030000000100000000000000010000000400000fff000000000000003400000003"], 0x60)

1.514950402s ago: executing program 0 (id=1610):
unshare(0x2060400)
r0 = socket$packet(0x11, 0x2, 0x300)
finit_module(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_int(r0, 0x107, 0xf, 0x0, 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f00000001c0))
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f00000000c0))
syz_emit_ethernet(0x197, &(0x7f0000000200)={@remote, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}, @void, {@mpls_uc={0x8847, {[{0x81, 0x0, 0x1}], @ipv4=@igmp={{0x20, 0x4, 0x2, 0x30, 0x185, 0x66, 0x0, 0xd, 0x2, 0x0, @empty, @empty, {[@timestamp_prespec={0x44, 0x14, 0x65, 0x3, 0x6, [{@empty, 0x8}, {@rand_addr=0x64010102, 0xda}]}, @rr={0x7, 0x1b, 0x5f, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @rand_addr=0x64010100]}, @timestamp_addr={0x44, 0x3c, 0x80, 0x1, 0x8, [{@rand_addr=0x64010101, 0x7e}, {@loopback, 0x9}, {@empty, 0xffff}, {@remote, 0xfcf73e20}, {@remote, 0xccd}, {@rand_addr=0x64010102, 0x80000001}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xaa}]}]}}, {0x1e, 0x6, 0x0, @local, "abe39800bb3fa70292e5ab098e62719067c169c0585b87b2cca886aa037af20344356f3a7e2e69ddc18a1abc080dfc35883624d9a1ff5d00030aa6907d56221ea0fa8f6cea652236686ba1e3cad4e690ca1ab3d614df587871739501d6cb4331a9b602532f07c70cafaf70032c7fefa94bb5d1ccc95638ebf45c85a4dd7f877100c86bb3a76e83034d669870a607a5de9044bf6270968624c2c002ccf1b1133b680330fed1012d8b3c1c4f5b84e4a87632443f1843110015fdb8cca0f83be0196a6446e8d069f381fbf61b2b015aead4516b8a43c2b53ebce486e48bd79318347beefc896874c181d5bfb6d04f59d3890419615f9a01d8ca582ed5a9f2"}}}}}}, &(0x7f00000003c0)={0x1, 0x1, [0x72b, 0x65c, 0x7d9, 0xd9d]})
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000080)=0xb0000)
setrlimit(0x40000000000008, &(0x7f0000000000))
mlockall(0x2)
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'hsr0\x00', @broadcast})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r3, 0x7a5, &(0x7f0000000480)={{@any, 0x5}, 0x0, 0x0, 0x8})
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESOCT=0x0, @ANYBLOB="010000000000000000000202020005000300000000000900010008"], 0x28}, 0x1, 0x40030000000000}, 0x0)
r5 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000100)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)={0x14, 0x0, 0xc8036ab6d6cbef07, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x45080)
sendmsg$nl_generic(r6, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="1400000038"], 0x14}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r5, 0x82, 0x36c, &(0x7f0000000b00)=ANY=[@ANYBLOB="b200004e84d3921c0f703e4ee74537bc787ea14566770e5eb2b9362a92b67f1bc74c9cab1e3bb81c11a13a6867761e034a64194087fec14f54e73f47e72c7d9ee2e110cef75c708484beef3226cb04f8fbb796c0571aea3cdad77acb93f7597e07581fdc915b38981268f02eae64c2d5bb664498a1b539cb7b8c5c274547ca564e4233253836e450576123c5f7c647791bccb194574f1b6ce70d5f02bb07d25bdd24a886fb0bd366f3433c0e10540110b1053587ef4a00002200004e5fa5a7a768d3053f69c0c12e25f8afdadcd16531f4bc10eddc1b1846ffc4e4fd325500006f00004e823849668b4adf776df1ff8e20fcaec69bb875a82c5c5f4ec8654622de4e45b22fe0443265183ff1151eb5a98b1c71d5c4dcc12d2b9df0eb9271a5325184fdd61b917d288774349a75874b10c2c561db7ff03ff342502c4b5f875f7cf175ac3eb8d576383cf55a28208012a90b4bf600dd00004e375b6a536fb1ec29fe1db84793b0b4b2d15ff94f8ebb137fc3274c0d08c63bef531d4a1ef9d4c323507a578d77ff7f0000000000001fdf960fd6069b52ec07f03d701c322ace73a11e50b4d79ebf43cd9066a5df80c1174a5cf8b0bf61e754d002d75074d670a70069a822aca5c4199e31df3c169329e7b0a22b04512773b7da856bdef2d079c6fd472fcfa5a06097d62872a7497da8215f31f2b7b2aa5bfb756cfd60eefd32aa937c999ff557fa4862239cc3476d36fc9c50b3f0742e85ba9675285079917ef70ca49b23c07c7bd25b50f16d1e438b609a36762883150000008900004e507ab02d09d3fcd81669732b0444bcdcde3e751d99be734a7a7638148a28f4d981f330ea75d9d30d0a50837f9d61d787543f0c9809ffe0dc028db68bf8d16401f69930af1a498c5d6c364d0ff60a6344a2525ca4507bdfae06a703fe2a2094cd713bbbd08f4a0f985d38543d7ea9b19ec0276703d3b14696bf3eca6ef08fbad1e507f8ce1cfe830b7c0000009d00004e7faf81b03c3c1049bf7df27553891037a07e1c2a48d78d6306081a8b249f4763831e3c634d8f5550ffd64c4e811e1d23c12ade3873ffc657210b0c526388a3ca946ceb75d688d29343a8b85480edc7a2d1d6d9a752a986e993898ee751c94ee50b3f8f9b6dc7f577e3584bec5c1bb52b972f94e26f15985f01c11f543c65cfbe65725937872ff82219010f136598d7989823b41e99ae436f69d9aaab50000000"])

1.434522463s ago: executing program 1 (id=1611):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1e000000000000000100000007"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4)
setsockopt$sock_attach_bpf(r4, 0x1, 0x34, &(0x7f00000000c0)=r3, 0x4)
listen(r4, 0x0)
close(r4)
r5 = gettid()
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
read(r6, &(0x7f0000000200)=""/202, 0xca)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000000)
recvmsg$can_j1939(0xffffffffffffffff, &(0x7f0000001740)={0x0, 0x0, &(0x7f00000015c0)}, 0x1)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r6, 0x4058534c, &(0x7f00000000c0)={0x80, 0x2, {0x3, 0x0, 0x4}, 0xfffffffe})
r7 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$AUDIT_GET(r7, 0x0, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r6, 0x40a85323, &(0x7f0000000380)={{0x0, 0x9}, 'port0\x00', 0x51, 0xb0440, 0x4, 0x3, 0x62, 0x0, 0x0, 0x0, 0x4, 0x66})
tkill(r5, 0x7)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x40000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='Qd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYRESDEC=r8])
rmdir(&(0x7f00000001c0)='./file0\x00')
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[], 0x48}}, 0x40000)

1.387126205s ago: executing program 3 (id=1612):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='}\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000002c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0xf, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x10, 0x7, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = io_uring_setup(0x1de0, &(0x7f0000000440))
io_uring_register$IORING_REGISTER_FILES2(r3, 0x8, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
getsockopt$inet6_mptcp_buf(r4, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000040)={'\x00', 0x7ff, 0x200006, 0x2, 0x4964, 0x9})
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000200)={0xc})
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f00000016c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

135.861591ms ago: executing program 1 (id=1613):
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0xc802, 0x16b)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil)

43.934132ms ago: executing program 3 (id=1614):
creat(&(0x7f00000002c0)='./file0\x00', 0x109)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x5], 0x0, 0x0, 0x1, 0x1}}, 0x40)
r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0xc802, 0x16b)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
munmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) (fail_nth: 1)

0s ago: executing program 4 (id=1615):
syz_emit_ethernet(0xfe2f, &(0x7f0000001740)=ANY=[@ANYBLOB="aaaaaaaaaaaa0174c200000008004500003c492c852f153cd30000000000080000001414bbac1414aa000000e32af2ece0ad62defa84cf95410f94f9c7629429c5119c82a0ed7e3cb7e60cce0184259d266aa32a33b8357531cc", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="ac00000090780000fe00f989fbf555f7bd7d050b03d5a10659a68700"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x2, 0x300)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000080)={0x400000, 0x17e259c9328af122}, 0x18)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000001640)=ANY=[@ANYBLOB="54000000020605000000000000000000000000000c00078008000640000000000500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e65740000000038cd93ef8e6db648b55987174f970ceab6930c10e4a6f0e36338ad86bc47629e940091b9ea3d37b8df9cf2ebd56f08a4486e10e9042f7e124331e58b1268564964b5378c"], 0x54}}, 0x0)

kernel console output (not intermixed with test programs):

vice number 50 using dummy_hcd
[  387.641061][ T5874] usb 1-1: device descriptor read/64, error -71
[  387.665062][ T5909] usbhid 3-1:0.0: can't add hid device: -71
[  387.673542][ T5909] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  387.691939][ T5909] usb 3-1: USB disconnect, device number 61
[  387.889541][ T5874] usb 1-1: new low-speed USB device number 51 using dummy_hcd
[  388.125840][ T5874] usb 1-1: device descriptor read/64, error -71
[  389.219656][ T5874] usb usb1-port1: attempt power cycle
[  389.599520][ T5874] usb 1-1: new low-speed USB device number 52 using dummy_hcd
[  389.714167][ T5874] usb 1-1: device descriptor read/8, error -71
[  389.911174][T10314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  390.019399][ T5909] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  390.052270][ T5874] usb 1-1: new low-speed USB device number 53 using dummy_hcd
[  390.503310][ T5909] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  390.598533][ T5909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.672294][ T5909] usb 5-1: Product: syz
[  390.713726][ T5909] usb 5-1: Manufacturer: syz
[  390.737079][ T5874] usb 1-1: device descriptor read/8, error -71
[  390.753771][ T5909] usb 5-1: SerialNumber: syz
[  390.845968][ T5909] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  390.889775][ T5874] usb usb1-port1: unable to enumerate USB device
[  390.902305][ T6091] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  391.084070][T10338] FAULT_INJECTION: forcing a failure.
[  391.084070][T10338] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  391.120912][T10338] CPU: 1 UID: 0 PID: 10338 Comm: syz.1.1313 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  391.120939][T10338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  391.120949][T10338] Call Trace:
[  391.120955][T10338]  <TASK>
[  391.120961][T10338]  dump_stack_lvl+0x16c/0x1f0
[  391.120989][T10338]  should_fail_ex+0x512/0x640
[  391.121011][T10338]  _copy_to_user+0x32/0xd0
[  391.121031][T10338]  simple_read_from_buffer+0xcb/0x170
[  391.121058][T10338]  proc_fail_nth_read+0x197/0x270
[  391.121085][T10338]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.121113][T10338]  ? rw_verify_area+0xcf/0x680
[  391.121135][T10338]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  391.121161][T10338]  vfs_read+0x1de/0xc70
[  391.121180][T10338]  ? __pfx___mutex_lock+0x10/0x10
[  391.121200][T10338]  ? __pfx_vfs_read+0x10/0x10
[  391.121233][T10338]  ? __fget_files+0x20e/0x3c0
[  391.121257][T10338]  ksys_read+0x12a/0x240
[  391.121271][T10338]  ? __pfx_ksys_read+0x10/0x10
[  391.121289][T10338]  ? rcu_is_watching+0x12/0xc0
[  391.121320][T10338]  do_syscall_64+0xcd/0x260
[  391.121343][T10338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  391.121360][T10338] RIP: 0033:0x7efec138bb7c
[  391.121374][T10338] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  391.121388][T10338] RSP: 002b:00007efebf1f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  391.121404][T10338] RAX: ffffffffffffffda RBX: 00007efec15a5fa0 RCX: 00007efec138bb7c
[  391.121414][T10338] RDX: 000000000000000f RSI: 00007efebf1f60a0 RDI: 0000000000000005
[  391.121425][T10338] RBP: 00007efebf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  391.121434][T10338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  391.121443][T10338] R13: 0000000000000000 R14: 00007efec15a5fa0 R15: 00007fffbe67d5a8
[  391.121466][T10338]  </TASK>
[  392.029506][ T6091] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  392.083117][ T6091] ath9k_htc: Failed to initialize the device
[  392.219655][ T5909] usb 5-1: USB disconnect, device number 52
[  392.240892][ T5909] usb 5-1: ath9k_htc: USB layer deinitialized
[  392.510099][ T1556] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  392.709448][ T1556] usb 3-1: Using ep0 maxpacket: 16
[  392.717541][ T1556] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  392.736338][ T1556] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.755869][ T1556] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  392.769473][ T5909] usb 5-1: new low-speed USB device number 53 using dummy_hcd
[  392.769510][ T1556] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  392.786497][ T1556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.799641][   T55] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  392.811498][ T1556] usb 3-1: config 0 descriptor??
[  392.872457][T10383] FAULT_INJECTION: forcing a failure.
[  392.872457][T10383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  392.888295][T10383] CPU: 1 UID: 0 PID: 10383 Comm: syz.1.1324 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  392.888320][T10383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  392.888330][T10383] Call Trace:
[  392.888336][T10383]  <TASK>
[  392.888342][T10383]  dump_stack_lvl+0x16c/0x1f0
[  392.888367][T10383]  should_fail_ex+0x512/0x640
[  392.888387][T10383]  _copy_from_iter+0x2a4/0x15b0
[  392.888408][T10383]  ? __alloc_skb+0x200/0x380
[  392.888426][T10383]  ? __pfx__copy_from_iter+0x10/0x10
[  392.888447][T10383]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  392.888474][T10383]  netlink_sendmsg+0x829/0xdd0
[  392.888497][T10383]  ? __pfx_netlink_sendmsg+0x10/0x10
[  392.888525][T10383]  ____sys_sendmsg+0xa95/0xc70
[  392.888547][T10383]  ? copy_msghdr_from_user+0x10a/0x160
[  392.888565][T10383]  ? __pfx_____sys_sendmsg+0x10/0x10
[  392.888596][T10383]  ___sys_sendmsg+0x134/0x1d0
[  392.888616][T10383]  ? __pfx____sys_sendmsg+0x10/0x10
[  392.888662][T10383]  __sys_sendmsg+0x16d/0x220
[  392.888681][T10383]  ? __pfx___sys_sendmsg+0x10/0x10
[  392.888714][T10383]  do_syscall_64+0xcd/0x260
[  392.888735][T10383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  392.888752][T10383] RIP: 0033:0x7efec138d169
[  392.888764][T10383] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  392.888779][T10383] RSP: 002b:00007efebf1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  392.888795][T10383] RAX: ffffffffffffffda RBX: 00007efec15a5fa0 RCX: 00007efec138d169
[  392.888804][T10383] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[  392.888813][T10383] RBP: 00007efebf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  392.888822][T10383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  392.888831][T10383] R13: 0000000000000000 R14: 00007efec15a5fa0 R15: 00007fffbe67d5a8
[  392.888852][T10383]  </TASK>
[  392.932462][T10385] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1325'.
[  392.938569][ T5909] usb 5-1: device descriptor read/64, error -71
[  393.162314][T10388] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  393.200395][    T9] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  393.321991][ T1556] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0010/input/input28
[  393.390013][    T9] usb 1-1: Using ep0 maxpacket: 16
[  393.412238][    T9] usb 1-1: config 0 has an invalid interface number: 60 but max is 0
[  393.460862][T10363] FAULT_INJECTION: forcing a failure.
[  393.460862][T10363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  393.495521][    T9] usb 1-1: config 0 has no interface number 0
[  393.524808][ T1556] microsoft 0003:045E:07DA.0010: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  393.572983][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=0900, bcdDevice=fa.5a
[  393.617941][T10363] CPU: 0 UID: 0 PID: 10363 Comm: syz.2.1316 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  393.617968][T10363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  393.617978][T10363] Call Trace:
[  393.617984][T10363]  <TASK>
[  393.617992][T10363]  dump_stack_lvl+0x16c/0x1f0
[  393.618018][T10363]  should_fail_ex+0x512/0x640
[  393.618041][T10363]  _copy_to_user+0x32/0xd0
[  393.618062][T10363]  simple_read_from_buffer+0xcb/0x170
[  393.618092][T10363]  proc_fail_nth_read+0x197/0x270
[  393.618120][T10363]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.618147][T10363]  ? rw_verify_area+0xcf/0x680
[  393.618170][T10363]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  393.618197][T10363]  vfs_read+0x1de/0xc70
[  393.618216][T10363]  ? __pfx___mutex_lock+0x10/0x10
[  393.618237][T10363]  ? __pfx_vfs_read+0x10/0x10
[  393.618275][T10363]  ? __fget_files+0x20e/0x3c0
[  393.618300][T10363]  ksys_read+0x12a/0x240
[  393.618315][T10363]  ? __pfx_ksys_read+0x10/0x10
[  393.618338][T10363]  do_syscall_64+0xcd/0x260
[  393.618361][T10363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.618378][T10363] RIP: 0033:0x7f57b218bb7c
[  393.618392][T10363] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  393.618409][T10363] RSP: 002b:00007f57b2f8c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  393.618426][T10363] RAX: ffffffffffffffda RBX: 00007f57b23a5fa0 RCX: 00007f57b218bb7c
[  393.618437][T10363] RDX: 000000000000000f RSI: 00007f57b2f8c0a0 RDI: 0000000000000009
[  393.618447][T10363] RBP: 00007f57b2f8c090 R08: 0000000000000000 R09: 0000000000000000
[  393.618457][T10363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  393.618467][T10363] R13: 0000000000000000 R14: 00007f57b23a5fa0 R15: 00007ffe141ab4f8
[  393.618493][T10363]  </TASK>
[  393.779469][ T5909] usb 5-1: new low-speed USB device number 54 using dummy_hcd
[  393.963034][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.050418][    T9] usb 1-1: Product: syz
[  394.066022][ T1556] usb 3-1: USB disconnect, device number 62
[  394.106772][    T9] usb 1-1: Manufacturer: syz
[  394.136277][    T9] usb 1-1: SerialNumber: syz
[  394.164245][    T9] usb 1-1: config 0 descriptor??
[  394.181867][    T9] gspca_main: spca500-2.14.0 probing 046d:0900
[  394.234430][ T5909] usb 5-1: device descriptor read/64, error -71
[  394.251555][T10401] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  395.129339][ T5909] usb usb5-port1: attempt power cycle
[  395.139420][    T9] gspca_spca500: reg write: error -71
[  395.148233][    T9] gspca_spca500: reg write: error -71
[  395.154327][    T9] gspca_spca500: reg write: error -71
[  395.160130][    T9] gspca_spca500: reg write: error -71
[  395.165832][    T9] gspca_spca500: reg write: error -71
[  395.171605][    T9] gspca_spca500: reg write: error -71
[  395.177326][    T9] gspca_spca500: reg write: error -71
[  395.183212][    T9] gspca_spca500: reg write: error -71
[  395.188990][    T9] gspca_spca500: reg write: error -71
[  395.194823][    T9] gspca_spca500: reg write: error -71
[  395.204060][    T9] gspca_spca500: reg write: error -71
[  395.210320][    T9] gspca_spca500: reg write: error -71
[  395.216616][    T9] gspca_spca500: reg write: error -71
[  395.222653][    T9] gspca_spca500: reg write: error -71
[  395.233264][    T9] usb 1-1: USB disconnect, device number 54
[  395.476804][   T55] Bluetooth: hci2: unexpected event for opcode 0x0c7b
[  395.616045][ T5926] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  395.624265][ T5909] usb usb5-port1: Cannot enable. Maybe the USB cable is bad?
[  395.632175][   T30] kauditd_printk_skb: 52 callbacks suppressed
[  395.632187][   T30] audit: type=1400 audit(1743739148.954:780): avc:  denied  { setopt } for  pid=10424 comm="syz.1.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  395.794086][ T5909] usb 5-1: new low-speed USB device number 56 using dummy_hcd
[  395.819561][ T5926] usb 4-1: Using ep0 maxpacket: 16
[  395.829245][ T5909] usb 5-1: device descriptor read/8, error -71
[  395.844279][ T5926] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  395.900240][ T5926] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  396.024530][ T5909] usb usb5-port1: unable to enumerate USB device
[  396.109950][ T5926] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22
[  396.130292][ T5926] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  396.139356][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  396.157428][ T5926] usb 4-1: SerialNumber: syz
[  396.167345][ T5926] cdc_acm 4-1:1.0: skipping garbage
[  396.829751][   T55] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  396.839228][   T55] Bluetooth: hci2: Injecting HCI hardware error event
[  396.847808][ T5828] Bluetooth: hci2: hardware error 0x00
[  396.904204][ T5926] usb 4-1: USB disconnect, device number 66
[  397.349469][ T5926] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  397.469484][    T9] usb 3-1: new low-speed USB device number 63 using dummy_hcd
[  397.477042][   T30] audit: type=1400 audit(1743739150.804:781): avc:  denied  { ioctl } for  pid=10446 comm="syz.3.1343" path="socket:[29012]" dev="sockfs" ino=29012 ioctlcmd=0x8924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  397.502823][    C0] vkms_vblank_simulate: vblank timer overrun
[  397.519547][ T5926] usb 1-1: Using ep0 maxpacket: 16
[  397.531761][ T5926] usb 1-1: config 6 has an invalid interface number: 59 but max is 0
[  397.555471][ T5926] usb 1-1: config 6 has no interface number 0
[  397.569484][ T5926] usb 1-1: config 6 interface 59 has no altsetting 0
[  397.585420][ T5926] usb 1-1: New USB device found, idVendor=0698, idProduct=6b82, bcdDevice=d3.eb
[  397.595147][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  397.612423][ T5926] usb 1-1: Product: syz
[  397.616762][ T5926] usb 1-1: Manufacturer: syz
[  397.786278][    T9] usb 3-1: device descriptor read/64, error -71
[  398.517447][ T5926] usb 1-1: SerialNumber: syz
[  398.562870][    T9] usb 3-1: new low-speed USB device number 64 using dummy_hcd
[  398.795169][T10456] FAULT_INJECTION: forcing a failure.
[  398.795169][T10456] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.811886][T10456] CPU: 1 UID: 0 PID: 10456 Comm: syz.4.1346 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  398.811913][T10456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  398.811923][T10456] Call Trace:
[  398.811929][T10456]  <TASK>
[  398.811935][T10456]  dump_stack_lvl+0x16c/0x1f0
[  398.811961][T10456]  should_fail_ex+0x512/0x640
[  398.811982][T10456]  _copy_from_iter+0x2a4/0x15b0
[  398.812004][T10456]  ? rcu_is_watching+0x12/0xc0
[  398.812025][T10456]  ? __pfx__copy_from_iter+0x10/0x10
[  398.812041][T10456]  ? kmem_cache_alloc_noprof+0x21e/0x3b0
[  398.812059][T10456]  ? __asan_memset+0x23/0x50
[  398.812083][T10456]  ? __build_skb_around+0x278/0x3b0
[  398.812111][T10456]  ? __build_skb+0x6e/0x90
[  398.812125][T10456]  ? is_vmalloc_addr+0x30/0x40
[  398.812145][T10456]  netlink_sendmsg+0x829/0xdd0
[  398.812171][T10456]  ? __pfx_netlink_sendmsg+0x10/0x10
[  398.812200][T10456]  ____sys_sendmsg+0xa95/0xc70
[  398.812226][T10456]  ? copy_msghdr_from_user+0x10a/0x160
[  398.812243][T10456]  ? __pfx_____sys_sendmsg+0x10/0x10
[  398.812270][T10456]  ? find_held_lock+0x2b/0x80
[  398.812291][T10456]  ? finish_task_switch.isra.0+0x21c/0xc10
[  398.812315][T10456]  ___sys_sendmsg+0x134/0x1d0
[  398.812339][T10456]  ? __pfx____sys_sendmsg+0x10/0x10
[  398.812387][T10456]  __sys_sendmsg+0x16d/0x220
[  398.812406][T10456]  ? __pfx___sys_sendmsg+0x10/0x10
[  398.812424][T10456]  ? lockdep_hardirqs_on+0x7c/0x110
[  398.812453][T10456]  ? __x64_sys_sendmsg+0x6a/0xb0
[  398.812475][T10456]  do_syscall_64+0xcd/0x260
[  398.812496][T10456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.812513][T10456] RIP: 0033:0x7fafa698d169
[  398.812527][T10456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.812541][T10456] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  398.812558][T10456] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  398.812569][T10456] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  398.812579][T10456] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  398.812589][T10456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.812598][T10456] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  398.812620][T10456]  </TASK>
[  399.113354][ T5828] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  399.119913][    T9] usb 3-1: device descriptor read/64, error -71
[  399.267831][    T9] usb usb3-port1: attempt power cycle
[  399.458735][ T5875] usb 1-1: USB disconnect, device number 55
[  399.654458][T10460] macsec1: entered promiscuous mode
[  400.188043][    T9] usb 3-1: new low-speed USB device number 65 using dummy_hcd
[  400.209942][    T9] usb 3-1: device descriptor read/8, error -71
[  400.957422][T10478] FAULT_INJECTION: forcing a failure.
[  400.957422][T10478] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.970713][T10478] CPU: 0 UID: 0 PID: 10478 Comm: syz.2.1352 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  400.970737][T10478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  400.970746][T10478] Call Trace:
[  400.970752][T10478]  <TASK>
[  400.970756][T10478]  dump_stack_lvl+0x16c/0x1f0
[  400.970773][T10478]  should_fail_ex+0x512/0x640
[  400.970787][T10478]  _copy_from_user+0x2e/0xd0
[  400.970799][T10478]  copy_msghdr_from_user+0x98/0x160
[  400.970811][T10478]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  400.970829][T10478]  ___sys_sendmsg+0xfe/0x1d0
[  400.970841][T10478]  ? __pfx____sys_sendmsg+0x10/0x10
[  400.970877][T10478]  __sys_sendmsg+0x16d/0x220
[  400.970889][T10478]  ? __pfx___sys_sendmsg+0x10/0x10
[  400.970909][T10478]  do_syscall_64+0xcd/0x260
[  400.970923][T10478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.970933][T10478] RIP: 0033:0x7f57b218d169
[  400.970942][T10478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.970951][T10478] RSP: 002b:00007f57b2f6b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  400.970962][T10478] RAX: ffffffffffffffda RBX: 00007f57b23a6080 RCX: 00007f57b218d169
[  400.970968][T10478] RDX: 0000000004000855 RSI: 0000200000000080 RDI: 0000000000000005
[  400.970974][T10478] RBP: 00007f57b2f6b090 R08: 0000000000000000 R09: 0000000000000000
[  400.970980][T10478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.970986][T10478] R13: 0000000000000000 R14: 00007f57b23a6080 R15: 00007ffe141ab4f8
[  400.970999][T10478]  </TASK>
[  401.128774][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.271120][T10478] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1352'.
[  401.322477][T10482] sctp: [Deprecated]: syz.1.1353 (pid 10482) Use of struct sctp_assoc_value in delayed_ack socket option.
[  401.322477][T10482] Use struct sctp_sack_info instead
[  401.412724][   T30] audit: type=1400 audit(1743739154.734:782): avc:  denied  { read } for  pid=10479 comm="syz.3.1354" path="socket:[29139]" dev="sockfs" ino=29139 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  401.889637][   T30] audit: type=1400 audit(1743739155.224:783): avc:  denied  { read } for  pid=10492 comm="syz.3.1358" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  401.913913][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.931316][    T9] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  401.960785][   T30] audit: type=1400 audit(1743739155.224:784): avc:  denied  { open } for  pid=10492 comm="syz.3.1358" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  401.985483][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.991862][ T5875] usb 1-1: new full-speed USB device number 56 using dummy_hcd
[  402.077317][    T9] usb 3-1: device descriptor read/8, error -71
[  402.503499][    T9] usb usb3-port1: unable to enumerate USB device
[  402.512954][   T30] audit: type=1400 audit(1743739155.224:785): avc:  denied  { ioctl } for  pid=10492 comm="syz.3.1358" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  402.647200][ T5875] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  402.853400][ T5875] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  402.871432][ T5875] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  402.880872][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  402.969463][ T5926] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  403.111439][ T5875] usb 1-1: usb_control_msg returned -32
[  403.117085][ T5875] usbtmc 1-1:16.0: can't read capabilities
[  403.131161][ T5926] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  403.148867][ T5926] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  403.159891][ T5926] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  403.160574][T10506] netlink: 47 bytes leftover after parsing attributes in process `syz.1.1360'.
[  403.218281][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  403.233591][ T5926] usb 4-1: SerialNumber: syz
[  403.490085][ T6091] usb 5-1: new low-speed USB device number 57 using dummy_hcd
[  403.508012][   T30] audit: type=1400 audit(1743739156.804:786): avc:  denied  { ioctl } for  pid=10492 comm="syz.3.1358" path="socket:[28128]" dev="sockfs" ino=28128 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  404.235725][ T6091] usb 5-1: device descriptor read/64, error -71
[  404.883021][ T5871] usb 1-1: USB disconnect, device number 56
[  404.900451][ T5926] usb 4-1: 0:2 : does not exist
[  404.905395][ T5926] usb 4-1: unit 5: unexpected type 0x0d
[  405.181869][ T6091] usb 5-1: new low-speed USB device number 58 using dummy_hcd
[  406.104687][ T5926] usb 4-1: USB disconnect, device number 67
[  406.453737][ T6091] usb 5-1: device descriptor read/64, error -71
[  406.517137][T10540] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1370'.
[  406.571606][ T6091] usb usb5-port1: attempt power cycle
[  406.722616][ T5926] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  406.760472][ T5871] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  406.913489][ T6091] usb 5-1: new high-speed USB device number 59 using dummy_hcd
[  406.958860][ T5926] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  406.982884][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.000538][ T6091] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  407.010075][ T5926] usb 4-1: Product: syz
[  407.014271][ T5926] usb 4-1: Manufacturer: syz
[  407.018879][ T5926] usb 4-1: SerialNumber: syz
[  407.030450][ T6091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.032510][ T5871] usb 3-1: Using ep0 maxpacket: 32
[  407.038462][ T6091] usb 5-1: Product: syz
[  407.038480][ T6091] usb 5-1: Manufacturer: syz
[  407.038492][ T6091] usb 5-1: SerialNumber: syz
[  407.071705][ T6091] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  407.084881][ T5926] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  407.098382][ T5871] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  407.101505][ T5909] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  407.118982][ T5871] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  407.138113][T10553] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1375'.
[  407.149474][ T5871] usb 3-1: config 0 has no interface number 0
[  407.157886][ T5874] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  407.182591][ T5871] usb 3-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  407.197485][ T5871] usb 3-1: New USB device found, idVendor=04ff, idProduct=0066, bcdDevice=d8.b0
[  407.302626][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.334926][ T5871] usb 3-1: config 0 descriptor??
[  407.348462][ T5871] usb 3-1: bad CDC descriptors
[  407.698525][ T5926] usb 1-1: new full-speed USB device number 57 using dummy_hcd
[  408.455393][ T5926] usb 1-1: device descriptor read/64, error -71
[  408.462256][ T5874] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  408.469265][ T5874] ath9k_htc: Failed to initialize the device
[  408.475547][ T5909] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  408.484282][ T5909] ath9k_htc: Failed to initialize the device
[  408.542727][ T5875] usb 5-1: USB disconnect, device number 59
[  408.548380][ T5874] usb 4-1: ath9k_htc: USB layer deinitialized
[  408.585225][ T5875] usb 5-1: ath9k_htc: USB layer deinitialized
[  408.741692][ T5926] usb 1-1: new full-speed USB device number 58 using dummy_hcd
[  408.802010][ T5909] usb 4-1: USB disconnect, device number 68
[  408.845873][T10573] FAULT_INJECTION: forcing a failure.
[  408.845873][T10573] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.867606][T10573] CPU: 1 UID: 0 PID: 10573 Comm: syz.3.1380 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  408.867631][T10573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  408.867640][T10573] Call Trace:
[  408.867646][T10573]  <TASK>
[  408.867653][T10573]  dump_stack_lvl+0x16c/0x1f0
[  408.867677][T10573]  should_fail_ex+0x512/0x640
[  408.867699][T10573]  _copy_from_iter+0x2a4/0x15b0
[  408.867720][T10573]  ? __alloc_skb+0x200/0x380
[  408.867739][T10573]  ? __pfx__copy_from_iter+0x10/0x10
[  408.867760][T10573]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  408.867803][T10573]  netlink_sendmsg+0x829/0xdd0
[  408.867828][T10573]  ? __pfx_netlink_sendmsg+0x10/0x10
[  408.867857][T10573]  ____sys_sendmsg+0xa95/0xc70
[  408.867880][T10573]  ? copy_msghdr_from_user+0x10a/0x160
[  408.867899][T10573]  ? __pfx_____sys_sendmsg+0x10/0x10
[  408.867934][T10573]  ___sys_sendmsg+0x134/0x1d0
[  408.867955][T10573]  ? __pfx____sys_sendmsg+0x10/0x10
[  408.868003][T10573]  __sys_sendmsg+0x16d/0x220
[  408.868021][T10573]  ? __pfx___sys_sendmsg+0x10/0x10
[  408.868047][T10573]  ? rcu_is_watching+0x12/0xc0
[  408.868080][T10573]  do_syscall_64+0xcd/0x260
[  408.868100][T10573]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.868115][T10573] RIP: 0033:0x7f2275b8d169
[  408.868127][T10573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.868141][T10573] RSP: 002b:00007f2276a83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  408.868157][T10573] RAX: ffffffffffffffda RBX: 00007f2275da5fa0 RCX: 00007f2275b8d169
[  408.868167][T10573] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  408.868177][T10573] RBP: 00007f2276a83090 R08: 0000000000000000 R09: 0000000000000000
[  408.868186][T10573] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.868194][T10573] R13: 0000000000000000 R14: 00007f2275da5fa0 R15: 00007ffc3ccfe918
[  408.868214][T10573]  </TASK>
[  409.069529][ T5926] usb 1-1: device descriptor read/64, error -71
[  409.179644][ T5926] usb usb1-port1: attempt power cycle
[  409.241847][T10580] FAULT_INJECTION: forcing a failure.
[  409.241847][T10580] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  409.255440][T10580] CPU: 1 UID: 0 PID: 10580 Comm: syz.3.1381 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  409.255465][T10580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  409.255475][T10580] Call Trace:
[  409.255481][T10580]  <TASK>
[  409.255489][T10580]  dump_stack_lvl+0x16c/0x1f0
[  409.255514][T10580]  should_fail_ex+0x512/0x640
[  409.255535][T10580]  should_fail_alloc_page+0xe7/0x130
[  409.255555][T10580]  prepare_alloc_pages+0x3c2/0x610
[  409.255584][T10580]  __alloc_frozen_pages_noprof+0x18d/0x2370
[  409.255609][T10580]  ? __lock_acquire+0x5ca/0x1ba0
[  409.255630][T10580]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  409.255657][T10580]  ? is_bpf_text_address+0x8a/0x1a0
[  409.255675][T10580]  ? bpf_ksym_find+0x127/0x1c0
[  409.255697][T10580]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  409.255720][T10580]  ? is_bpf_text_address+0x94/0x1a0
[  409.255737][T10580]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  409.255757][T10580]  ? policy_nodemask+0xea/0x4e0
[  409.255777][T10580]  alloc_pages_mpol+0x1fb/0x550
[  409.255802][T10580]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  409.255821][T10580]  ? __lock_acquire+0x5ca/0x1ba0
[  409.255842][T10580]  alloc_pages_noprof+0x131/0x390
[  409.255861][T10580]  pte_alloc_one+0x19/0x380
[  409.255884][T10580]  do_huge_pmd_anonymous_page+0x8b0/0x1ff0
[  409.255911][T10580]  ? find_held_lock+0x2b/0x80
[  409.255934][T10580]  __handle_mm_fault+0x1c10/0x2a40
[  409.255968][T10580]  ? __pfx___handle_mm_fault+0x10/0x10
[  409.256015][T10580]  handle_mm_fault+0x3fe/0xad0
[  409.256044][T10580]  __get_user_pages+0x771/0x36f0
[  409.256077][T10580]  ? __pfx___get_user_pages+0x10/0x10
[  409.256101][T10580]  ? __pfx_down_read_killable+0x10/0x10
[  409.256125][T10580]  ? finish_task_switch.isra.0+0x221/0xc10
[  409.256152][T10580]  __gup_longterm_locked+0x20d/0x1850
[  409.256184][T10580]  ? __pfx___gup_longterm_locked+0x10/0x10
[  409.256212][T10580]  ? find_held_lock+0x2b/0x80
[  409.256239][T10580]  gup_fast_fallback+0x183d/0x2650
[  409.256278][T10580]  ? __pfx_gup_fast_fallback+0x10/0x10
[  409.256305][T10580]  ? is_valid_gup_args+0x128/0x1f0
[  409.256326][T10580]  ? write_comp_data+0x3c/0x90
[  409.256347][T10580]  get_user_pages_fast+0xa7/0xf0
[  409.256371][T10580]  ? __pfx_get_user_pages_fast+0x10/0x10
[  409.256395][T10580]  ? find_held_lock+0x2b/0x80
[  409.256420][T10580]  iommufd_test+0x22c5/0x6100
[  409.256452][T10580]  ? __pfx_iommufd_test+0x10/0x10
[  409.256478][T10580]  ? find_held_lock+0x2b/0x80
[  409.256498][T10580]  ? __might_fault+0xe3/0x190
[  409.256514][T10580]  ? __might_fault+0xe3/0x190
[  409.256530][T10580]  ? __might_fault+0x13b/0x190
[  409.256556][T10580]  iommufd_fops_ioctl+0x33c/0x4e0
[  409.256574][T10580]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  409.256594][T10580]  ? hook_file_ioctl_common+0x145/0x410
[  409.256617][T10580]  ? selinux_file_ioctl+0x180/0x270
[  409.256641][T10580]  ? selinux_file_ioctl+0xb4/0x270
[  409.256666][T10580]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  409.256684][T10580]  __x64_sys_ioctl+0x190/0x200
[  409.256709][T10580]  do_syscall_64+0xcd/0x260
[  409.256732][T10580]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.256748][T10580] RIP: 0033:0x7f2275b8d169
[  409.256762][T10580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.256777][T10580] RSP: 002b:00007f2276a41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  409.256798][T10580] RAX: ffffffffffffffda RBX: 00007f2275da6160 RCX: 00007f2275b8d169
[  409.256808][T10580] RDX: 00002000000001c0 RSI: 0000000000003ba0 RDI: 0000000000000005
[  409.256818][T10580] RBP: 00007f2276a41090 R08: 0000000000000000 R09: 0000000000000000
[  409.256827][T10580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.256837][T10580] R13: 0000000000000000 R14: 00007f2275da6160 R15: 00007ffc3ccfe918
[  409.256860][T10580]  </TASK>
[  409.673881][   T92] usb 3-1: USB disconnect, device number 67
[  409.710641][   T30] audit: type=1400 audit(1743739163.054:787): avc:  denied  { create } for  pid=10581 comm="syz.1.1382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  409.735986][   T30] audit: type=1400 audit(1743739163.074:788): avc:  denied  { write } for  pid=10581 comm="syz.1.1382" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  409.756935][T10582] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=1556 sclass=netlink_xfrm_socket pid=10582 comm=syz.1.1382
[  409.769716][ T5871] usb 5-1: new low-speed USB device number 60 using dummy_hcd
[  409.969479][ T5926] usb 1-1: new full-speed USB device number 59 using dummy_hcd
[  409.979466][ T5871] usb 5-1: device descriptor read/64, error -71
[  410.006348][ T5926] usb 1-1: device descriptor read/8, error -71
[  410.149611][   T92] usb 3-1: new full-speed USB device number 68 using dummy_hcd
[  410.249918][ T5871] usb 5-1: new low-speed USB device number 61 using dummy_hcd
[  410.401549][T10592] FAULT_INJECTION: forcing a failure.
[  410.401549][T10592] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  410.418251][ T5926] usb 1-1: new full-speed USB device number 60 using dummy_hcd
[  410.426344][T10592] CPU: 0 UID: 0 PID: 10592 Comm: syz.1.1385 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  410.426364][T10592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  410.426374][T10592] Call Trace:
[  410.426379][T10592]  <TASK>
[  410.426389][T10592]  dump_stack_lvl+0x16c/0x1f0
[  410.426414][T10592]  should_fail_ex+0x512/0x640
[  410.426435][T10592]  should_fail_alloc_page+0xe7/0x130
[  410.426457][T10592]  prepare_alloc_pages+0x3c2/0x610
[  410.426483][T10592]  __alloc_frozen_pages_noprof+0x18d/0x2370
[  410.426506][T10592]  ? __lock_acquire+0x5ca/0x1ba0
[  410.426526][T10592]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  410.426543][T10592]  ? is_bpf_text_address+0x8a/0x1a0
[  410.426555][T10592]  ? bpf_ksym_find+0x127/0x1c0
[  410.426568][T10592]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  410.426582][T10592]  ? is_bpf_text_address+0x94/0x1a0
[  410.426592][T10592]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  410.426604][T10592]  ? policy_nodemask+0xea/0x4e0
[  410.426617][T10592]  alloc_pages_mpol+0x1fb/0x550
[  410.426629][T10592]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  410.426640][T10592]  ? __lock_acquire+0x5ca/0x1ba0
[  410.426652][T10592]  alloc_pages_noprof+0x131/0x390
[  410.426664][T10592]  pte_alloc_one+0x19/0x380
[  410.426677][T10592]  do_huge_pmd_anonymous_page+0x8b0/0x1ff0
[  410.426694][T10592]  ? find_held_lock+0x2b/0x80
[  410.426707][T10592]  __handle_mm_fault+0x1c10/0x2a40
[  410.426727][T10592]  ? __pfx___handle_mm_fault+0x10/0x10
[  410.426742][T10592]  ? __lock_acquire+0x5ca/0x1ba0
[  410.426762][T10592]  handle_mm_fault+0x3fe/0xad0
[  410.426779][T10592]  __get_user_pages+0x771/0x36f0
[  410.426800][T10592]  ? __pfx___get_user_pages+0x10/0x10
[  410.426814][T10592]  ? __pfx_down_read_killable+0x10/0x10
[  410.426829][T10592]  ? arch_stack_walk+0xa6/0x100
[  410.426845][T10592]  __gup_longterm_locked+0x20d/0x1850
[  410.426864][T10592]  ? __pfx___gup_longterm_locked+0x10/0x10
[  410.426880][T10592]  ? find_held_lock+0x2b/0x80
[  410.426896][T10592]  gup_fast_fallback+0x183d/0x2650
[  410.426919][T10592]  ? __pfx_gup_fast_fallback+0x10/0x10
[  410.426932][T10592]  ? avc_has_extended_perms+0x47c/0x1090
[  410.426946][T10592]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  410.426957][T10592]  get_user_pages_fast+0xa7/0xf0
[  410.426972][T10592]  ? __pfx_get_user_pages_fast+0x10/0x10
[  410.426986][T10592]  ? find_held_lock+0x2b/0x80
[  410.427005][T10592]  iommufd_test+0x22c5/0x6100
[  410.427040][T10592]  ? __pfx_iommufd_test+0x10/0x10
[  410.427064][T10592]  ? find_held_lock+0x2b/0x80
[  410.427076][T10592]  ? __might_fault+0xe3/0x190
[  410.427086][T10592]  ? __might_fault+0xe3/0x190
[  410.427095][T10592]  ? __might_fault+0x13b/0x190
[  410.427111][T10592]  iommufd_fops_ioctl+0x33c/0x4e0
[  410.427122][T10592]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  410.427133][T10592]  ? hook_file_ioctl_common+0x145/0x410
[  410.427147][T10592]  ? selinux_file_ioctl+0x180/0x270
[  410.427161][T10592]  ? selinux_file_ioctl+0xb4/0x270
[  410.427176][T10592]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  410.427187][T10592]  __x64_sys_ioctl+0x190/0x200
[  410.427202][T10592]  do_syscall_64+0xcd/0x260
[  410.427216][T10592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.427226][T10592] RIP: 0033:0x7efec138d169
[  410.427236][T10592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  410.427245][T10592] RSP: 002b:00007efebf1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  410.427255][T10592] RAX: ffffffffffffffda RBX: 00007efec15a6160 RCX: 00007efec138d169
[  410.427261][T10592] RDX: 00002000000001c0 RSI: 0000000000003ba0 RDI: 0000000000000006
[  410.427267][T10592] RBP: 00007efebf1b4090 R08: 0000000000000000 R09: 0000000000000000
[  410.427273][T10592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  410.427278][T10592] R13: 0000000000000000 R14: 00007efec15a6160 R15: 00007fffbe67d5a8
[  410.427291][T10592]  </TASK>
[  410.821805][ T5926] usb 1-1: device descriptor read/8, error -71
[  410.828259][   T92] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  410.839650][   T92] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  410.879743][   T92] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  410.891125][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  410.934131][ T5871] usb 5-1: device descriptor read/64, error -71
[  410.951782][   T92] usb 3-1: Product: syz
[  410.961765][ T5926] usb usb1-port1: unable to enumerate USB device
[  410.968569][   T92] usb 3-1: Manufacturer: syz
[  410.982842][   T92] usb 3-1: SerialNumber: syz
[  411.034462][   T30] audit: type=1400 audit(1743739164.374:789): avc:  denied  { ioctl } for  pid=10600 comm="syz.3.1391" path="socket:[29595]" dev="sockfs" ino=29595 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  411.050031][ T5871] usb usb5-port1: attempt power cycle
[  411.231687][ T1556] usb 3-1: USB disconnect, device number 68
[  411.865322][T10600] delete_channel: no stack
[  411.879754][ T5871] usb 5-1: new low-speed USB device number 62 using dummy_hcd
[  411.913816][ T5828] Bluetooth: hci0: unexpected event for opcode 0x0c7b
[  411.931007][ T5871] usb 5-1: device descriptor read/8, error -71
[  411.971108][T10619] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1396'.
[  411.980960][T10618] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1396'.
[  412.047278][T10621] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  412.183116][ T5871] usb 5-1: new low-speed USB device number 63 using dummy_hcd
[  412.782434][ T5871] usb 5-1: device descriptor read/8, error -71
[  412.896552][T10640] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1403'.
[  412.937656][ T5871] usb usb5-port1: unable to enumerate USB device
[  413.013214][   T30] audit: type=1400 audit(1743739166.354:790): avc:  denied  { write } for  pid=10639 comm="syz.4.1403" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  413.019499][ T5875] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  413.035976][    C1] vkms_vblank_simulate: vblank timer overrun
[  413.060315][ T5909] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  413.104081][   T92] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  413.210540][ T5926] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  413.239539][ T5909] usb 3-1: Using ep0 maxpacket: 8
[  413.252792][ T5875] usb 1-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  413.260633][ T5909] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  413.279430][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.287718][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.297809][ T5909] usb 3-1: config 0 descriptor??
[  413.303138][   T92] usb 4-1: Using ep0 maxpacket: 8
[  413.315368][ T5875] usb 1-1: Product: syz
[  413.315543][   T92] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  413.330337][   T92] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  413.342866][   T92] usb 4-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  413.343137][ T5875] usb 1-1: Manufacturer: syz
[  413.352019][   T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.364826][   T92] usb 4-1: Product: syz
[  413.369211][   T92] usb 4-1: Manufacturer: syz
[  413.372409][ T5875] usb 1-1: SerialNumber: syz
[  413.388970][   T92] usb 4-1: SerialNumber: syz
[  413.393813][ T5926] usb 2-1: Using ep0 maxpacket: 16
[  413.409641][   T92] usb 4-1: config 0 descriptor??
[  413.415412][ T5875] usb 1-1: config 0 descriptor??
[  413.434681][ T5875] gspca_main: sq905c-2.14.0 probing 2770:9052
[  413.519090][ T5909] asix 3-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  413.721910][T10630] program syz.2.1400 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  413.941947][ T5871] usb 4-1: USB disconnect, device number 69
[  414.051422][T10647] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  414.064206][T10625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  414.097864][T10625] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  414.225129][   T30] audit: type=1400 audit(1743739167.494:791): avc:  denied  { bind } for  pid=10629 comm="syz.2.1400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  414.321129][ T5909] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  414.359776][ T5875] gspca_sq905c: sq905c_command: usb_control_msg failed (-110)
[  414.726177][ T5909] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9
[  414.864886][ T5875] sq905c 1-1:0.0: probe with driver sq905c failed with error -110
[  414.877408][   T30] audit: type=1400 audit(1743739167.504:792): avc:  denied  { listen } for  pid=10629 comm="syz.2.1400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  414.897074][   T30] audit: type=1400 audit(1743739167.594:793): avc:  denied  { write } for  pid=10629 comm="syz.2.1400" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  414.917296][   T30] audit: type=1326 audit(1743739167.644:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  414.946901][   T30] audit: type=1326 audit(1743739167.644:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  414.970406][   T30] audit: type=1326 audit(1743739167.674:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  414.984937][ T5909] asix 3-1:0.0: probe with driver asix failed with error -71
[  414.993837][   T30] audit: type=1326 audit(1743739167.704:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  415.025721][   T30] audit: type=1326 audit(1743739167.704:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  415.081688][   T30] audit: type=1326 audit(1743739167.704:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=326 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  415.083510][ T5909] usb 3-1: USB disconnect, device number 69
[  415.244410][ T5871] usb 1-1: USB disconnect, device number 61
[  415.638077][   T30] audit: type=1326 audit(1743739167.704:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  415.661568][   T30] audit: type=1326 audit(1743739167.704:801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10622 comm="syz.0.1397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0e78d169 code=0x7ffc0000
[  415.710951][T10658] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1408'.
[  415.878947][ T5926] usb 2-1: unable to get BOS descriptor or descriptor too short
[  416.187230][ T5926] usb 2-1: unable to read config index 0 descriptor/start: -71
[  416.221174][ T5926] usb 2-1: can't read configurations, error -71
[  416.249486][ T5828] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  416.258860][ T5828] Bluetooth: hci0: Injecting HCI hardware error event
[  416.266984][ T5828] Bluetooth: hci0: hardware error 0x00
[  416.529607][ T5875] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[  416.659572][ T5909] usb 1-1: new low-speed USB device number 62 using dummy_hcd
[  416.806512][ T5875] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  416.890759][ T5875] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  416.933266][ T5875] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  416.942520][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  416.950652][ T5875] usb 4-1: Product: syz
[  416.954933][ T5875] usb 4-1: Manufacturer: syz
[  416.959431][   T92] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[  416.967180][ T5875] usb 4-1: SerialNumber: syz
[  417.009443][ T5909] usb 1-1: device descriptor read/64, error -71
[  417.119879][   T92] usb 3-1: Using ep0 maxpacket: 32
[  417.129013][   T92] usb 3-1: unable to get BOS descriptor or descriptor too short
[  417.144797][   T92] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  417.154985][   T92] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  417.172892][   T92] usb 3-1: language id specifier not provided by device, defaulting to English
[  417.197594][ T5875] usb 4-1: USB disconnect, device number 70
[  417.199469][ T5926] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  417.215512][   T92] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.40
[  417.236512][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.244746][   T92] usb 3-1: Product: syz
[  417.249253][   T92] usb 3-1: Manufacturer: Ȭ탠糖Բ≩䃍㻳箷뛸騪셆
[  417.259678][   T92] usb 3-1: SerialNumber: syz
[  417.269458][ T5909] usb 1-1: new low-speed USB device number 63 using dummy_hcd
[  417.409507][ T5909] usb 1-1: device descriptor read/64, error -71
[  417.416953][ T5926] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  417.426083][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.435857][ T5926] usb 2-1: config 0 descriptor??
[  417.529915][ T5909] usb usb1-port1: attempt power cycle
[  417.619450][ T6091] usb 5-1: new full-speed USB device number 64 using dummy_hcd
[  417.789485][ T6091] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  417.833342][ T6091] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.835530][T10685] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  417.850379][T10685] UDF-fs: Scanning with blocksize 512 failed
[  417.861114][T10685] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  417.862076][ T6091] usb 5-1: config 0 descriptor??
[  417.873807][T10685] UDF-fs: Scanning with blocksize 1024 failed
[  417.882934][T10685] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  417.890723][T10685] UDF-fs: Scanning with blocksize 2048 failed
[  417.899858][T10685] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  417.902638][ T5909] usb 1-1: new low-speed USB device number 64 using dummy_hcd
[  417.907430][T10685] UDF-fs: Scanning with blocksize 4096 failed
[  418.212400][ T5909] usb 1-1: device descriptor read/8, error -71
[  418.218709][ T5926] ath6kl: Failed to submit usb control message: -71
[  418.228787][ T5926] ath6kl: unable to send the bmi data to the device: -71
[  418.236621][ T5926] ath6kl: Unable to send get target info: -71
[  418.249490][ T5926] ath6kl: Failed to init ath6kl core: -71
[  418.258162][ T5926] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  418.278504][ T5926] usb 2-1: USB disconnect, device number 57
[  418.349909][ T5828] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  418.992482][ T5909] usb 1-1: new low-speed USB device number 65 using dummy_hcd
[  419.029823][ T5909] usb 1-1: device descriptor read/8, error -71
[  419.190716][ T5909] usb usb1-port1: unable to enumerate USB device
[  419.288929][T10693] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  419.495577][   T92] usb 3-1: USB disconnect, device number 70
[  419.807573][ T6091] pegasus 5-1:0.0: can't reset MAC
[  419.871505][ T6091] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  420.073158][T10699] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1420'.
[  420.089178][ T6091] usb 5-1: USB disconnect, device number 64
[  420.097272][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  420.097286][   T30] audit: type=1400 audit(1743739173.434:814): avc:  denied  { setattr } for  pid=10698 comm="syz.0.1421" name="NETLINK" dev="sockfs" ino=29816 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  420.136304][T10699] macsec1: entered promiscuous mode
[  420.152452][   T30] audit: type=1400 audit(1743739173.494:815): avc:  denied  { bind } for  pid=10701 comm="syz.3.1422" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  420.308729][T10702] sctp: failed to load transform for md5: -2
[  420.700930][T10704] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0
[  420.886839][   T30] audit: type=1400 audit(1743739174.224:816): avc:  denied  { connect } for  pid=10718 comm="syz.3.1425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  421.665580][T10726] netlink: 108 bytes leftover after parsing attributes in process `syz.1.1426'.
[  421.744100][T10726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1426'.
[  421.805006][   T30] audit: type=1400 audit(1743739175.104:817): avc:  denied  { ioctl } for  pid=10720 comm="syz.1.1426" path="/dev/vhost-net" dev="devtmpfs" ino=1274 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  422.804887][   T30] audit: type=1400 audit(1743739176.084:818): avc:  denied  { write } for  pid=10737 comm="syz.3.1429" path="socket:[28498]" dev="sockfs" ino=28498 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  422.949578][ T6091] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[  423.329632][ T6091] usb 3-1: Using ep0 maxpacket: 16
[  423.989328][ T5875] usb 1-1: new low-speed USB device number 66 using dummy_hcd
[  424.073592][ T6091] usb 3-1: device descriptor read/all, error -71
[  424.109528][    T9] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  424.179537][ T5875] usb 1-1: device descriptor read/64, error -71
[  424.340165][    T9] usb 4-1: device descriptor read/64, error -71
[  424.429631][ T6091] usb 3-1: new high-speed USB device number 72 using dummy_hcd
[  424.669977][ T6091] usb 3-1: device descriptor read/64, error -71
[  424.841738][ T6091] usb usb3-port1: attempt power cycle
[  424.869757][ T5875] usb 1-1: new low-speed USB device number 67 using dummy_hcd
[  424.929506][    T9] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  425.019507][ T5875] usb 1-1: device descriptor read/64, error -71
[  425.121011][    T9] usb 4-1: device descriptor read/64, error -71
[  425.179569][ T6091] usb 3-1: new high-speed USB device number 73 using dummy_hcd
[  425.186121][ T5875] usb usb1-port1: attempt power cycle
[  425.201570][ T6091] usb 3-1: device descriptor read/8, error -71
[  425.388789][    T9] usb usb4-port1: attempt power cycle
[  425.569427][ T5875] usb 1-1: new low-speed USB device number 68 using dummy_hcd
[  425.569492][ T6091] usb 3-1: new high-speed USB device number 74 using dummy_hcd
[  425.593381][ T5875] usb 1-1: device descriptor read/8, error -71
[  425.600293][ T6091] usb 3-1: device descriptor read/8, error -71
[  425.636771][   T30] audit: type=1400 audit(1743739178.974:819): avc:  denied  { watch_sb watch_reads } for  pid=10776 comm="syz.1.1441" path="/287/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1537 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  425.661616][T10779] FAULT_INJECTION: forcing a failure.
[  425.661616][T10779] name failslab, interval 1, probability 0, space 0, times 0
[  425.682173][    C1] vkms_vblank_simulate: vblank timer overrun
[  425.709430][T10779] CPU: 1 UID: 0 PID: 10779 Comm: syz.1.1441 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  425.709454][T10779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  425.709464][T10779] Call Trace:
[  425.709470][T10779]  <TASK>
[  425.709476][T10779]  dump_stack_lvl+0x16c/0x1f0
[  425.709495][T10779]  should_fail_ex+0x512/0x640
[  425.709506][T10779]  ? fs_reclaim_acquire+0xae/0x150
[  425.709522][T10779]  should_failslab+0xc2/0x120
[  425.709534][T10779]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  425.709545][T10779]  ? ima_inode_get+0x120/0x580
[  425.709561][T10779]  ima_inode_get+0x120/0x580
[  425.709575][T10779]  process_measurement+0x708/0x2360
[  425.709593][T10779]  ? avc_has_perm_noaudit+0x149/0x3b0
[  425.709603][T10779]  ? __pfx_process_measurement+0x10/0x10
[  425.709619][T10779]  ? __pfx_avc_has_perm+0x10/0x10
[  425.709629][T10779]  ? find_held_lock+0x2b/0x80
[  425.709656][T10779]  ? file_map_prot_check+0x1eb/0x360
[  425.709669][T10779]  ima_file_mmap+0x1a8/0x1d0
[  425.709682][T10779]  ? __pfx_ima_file_mmap+0x10/0x10
[  425.709699][T10779]  security_mmap_file+0x88c/0x990
[  425.709715][T10779]  vm_mmap_pgoff+0xec/0x450
[  425.709734][T10779]  ? find_held_lock+0x2b/0x80
[  425.709746][T10779]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  425.709761][T10779]  ? __fget_files+0x20e/0x3c0
[  425.709774][T10779]  ksys_mmap_pgoff+0x32c/0x5c0
[  425.709787][T10779]  ? __pfx_ksys_write+0x10/0x10
[  425.709796][T10779]  ? rcu_is_watching+0x12/0xc0
[  425.709810][T10779]  __x64_sys_mmap+0x125/0x190
[  425.709824][T10779]  do_syscall_64+0xcd/0x260
[  425.709837][T10779]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.709848][T10779] RIP: 0033:0x7efec138d169
[  425.709856][T10779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.709866][T10779] RSP: 002b:00007efebf1b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  425.709876][T10779] RAX: ffffffffffffffda RBX: 00007efec15a6160 RCX: 00007efec138d169
[  425.709883][T10779] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000
[  425.709889][T10779] RBP: 00007efebf1b4090 R08: 0000000000000003 R09: 0000000000000000
[  425.709894][T10779] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000001
[  425.709900][T10779] R13: 0000000000000000 R14: 00007efec15a6160 R15: 00007fffbe67d5a8
[  425.709913][T10779]  </TASK>
[  425.940141][    C1] vkms_vblank_simulate: vblank timer overrun
[  426.078228][    T9] usb 4-1: new high-speed USB device number 73 using dummy_hcd
[  426.091717][ T6091] usb usb3-port1: unable to enumerate USB device
[  426.177755][ T5875] usb 1-1: new low-speed USB device number 69 using dummy_hcd
[  426.224660][    T9] usb 4-1: device descriptor read/8, error -71
[  426.240898][ T5875] usb 1-1: device descriptor read/8, error -71
[  426.420000][ T5875] usb usb1-port1: unable to enumerate USB device
[  426.541983][ T6091] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  426.729469][ T6091] usb 5-1: Using ep0 maxpacket: 32
[  426.741142][ T6091] usb 5-1: config 2 has an invalid interface number: 45 but max is 0
[  426.869569][ T6091] usb 5-1: config 2 has no interface number 0
[  426.878373][ T6091] usb 5-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 48, changing to 9
[  426.890300][ T6091] usb 5-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid maxpacket 24624, setting to 1024
[  426.906832][ T6091] usb 5-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92
[  426.919546][ T6091] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.929409][ T6091] usb 5-1: Product: syz
[  426.933949][ T6091] usb 5-1: Manufacturer: syz
[  426.938590][ T6091] usb 5-1: SerialNumber: syz
[  426.947295][ T6091] kobil_sct 5-1:2.45: KOBIL USB smart card terminal converter detected
[  426.957651][ T6091] usb 5-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  427.221432][ T6091] usb 5-1: USB disconnect, device number 65
[  427.244006][ T6091] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  427.330750][ T6091] kobil_sct 5-1:2.45: device disconnected
[  427.686819][ T5909] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  427.830045][ T5909] usb 1-1: device descriptor read/64, error -71
[  428.119713][ T5909] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  428.479661][ T5875] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[  428.906413][ T5909] usb 1-1: device descriptor read/64, error -71
[  429.007722][    T9] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  429.115798][ T5909] usb usb1-port1: attempt power cycle
[  429.271876][ T5875] usb 3-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  429.274438][T10823] sctp: [Deprecated]: syz.4.1456 (pid 10823) Use of struct sctp_assoc_value in delayed_ack socket option.
[  429.274438][T10823] Use struct sctp_sack_info instead
[  429.298356][ T5875] usb 3-1: config 0 interface 0 has no altsetting 0
[  429.314545][ T5875] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  429.323949][    T9] usb 2-1: Using ep0 maxpacket: 32
[  429.339311][   T30] audit: type=1400 audit(1743739182.674:820): avc:  denied  { load_policy } for  pid=10820 comm="syz.3.1455" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  429.360639][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  429.369621][ T5875] usb 3-1: Product: syz
[  429.374184][ T5875] usb 3-1: Manufacturer: syz
[  429.379083][    T9] usb 2-1: config 0 has an invalid interface number: 4 but max is 0
[  429.387351][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  429.401476][ T5875] usb 3-1: SerialNumber: syz
[  429.413741][T10826] vlan2: entered allmulticast mode
[  429.418982][    T9] usb 2-1: config 0 has no interface number 0
[  429.425252][    T9] usb 2-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  429.438286][T10826] bond0: entered allmulticast mode
[  429.443495][    T9] usb 2-1: New USB device found, idVendor=04ff, idProduct=0066, bcdDevice=d8.b0
[  429.462259][ T5875] usb 3-1: config 0 descriptor??
[  429.468405][T10826] bond_slave_0: entered allmulticast mode
[  429.475523][T10826] bond_slave_1: entered allmulticast mode
[  429.489079][T10821] SELinux: failed to load policy
[  429.493125][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.503583][ T5875] usb 3-1: selecting invalid altsetting 0
[  429.518039][    T9] usb 2-1: config 0 descriptor??
[  429.539433][ T5909] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  429.540640][    T9] usb 2-1: bad CDC descriptors
[  429.574562][ T5909] usb 1-1: device descriptor read/8, error -71
[  430.112380][T10832] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1458'.
[  430.469574][ T5909] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  430.485134][T10812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.493844][T10812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.507561][ T6091] usb 3-1: USB disconnect, device number 75
[  430.525414][   T30] audit: type=1400 audit(1743739183.844:821): avc:  denied  { nlmsg_read } for  pid=10811 comm="syz.2.1452" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  430.557415][ T5909] usb 1-1: device descriptor read/8, error -71
[  430.744799][ T5909] usb usb1-port1: unable to enumerate USB device
[  431.688493][ T6091] usb 2-1: USB disconnect, device number 58
[  432.601877][   T30] audit: type=1400 audit(1743739185.934:822): avc:  denied  { create } for  pid=10850 comm="syz.3.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  432.737501][   T30] audit: type=1400 audit(1743739185.944:823): avc:  denied  { bind } for  pid=10850 comm="syz.3.1463" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  433.281357][T10863] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  433.295304][T10863] netlink: 'syz.1.1466': attribute type 10 has an invalid length.
[  433.832333][T10863] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  433.979151][   T30] audit: type=1400 audit(1743739187.314:824): avc:  denied  { ioctl } for  pid=10862 comm="syz.1.1466" path="socket:[30912]" dev="sockfs" ino=30912 ioctlcmd=0x891b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  434.003818][    C1] vkms_vblank_simulate: vblank timer overrun
[  434.055332][T10875] ceph: No mds server is up or the cluster is laggy
[  434.110348][ T5874] libceph: connect (1)[c::]:6789 error -101
[  434.905894][   T30] audit: type=1400 audit(1743739187.444:825): avc:  denied  { write } for  pid=10874 comm="syz.2.1470" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  434.913011][ T5874] libceph: mon0 (1)[c::]:6789 connect error
[  434.957655][T10887] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  435.170458][T10900] FAULT_INJECTION: forcing a failure.
[  435.170458][T10900] name failslab, interval 1, probability 0, space 0, times 0
[  435.212391][T10900] CPU: 0 UID: 0 PID: 10900 Comm: syz.4.1473 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  435.212418][T10900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  435.212429][T10900] Call Trace:
[  435.212434][T10900]  <TASK>
[  435.212441][T10900]  dump_stack_lvl+0x16c/0x1f0
[  435.212465][T10900]  should_fail_ex+0x512/0x640
[  435.212486][T10900]  should_failslab+0xc2/0x120
[  435.212505][T10900]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  435.212523][T10900]  ? skb_clone+0x190/0x3f0
[  435.212546][T10900]  skb_clone+0x190/0x3f0
[  435.212563][T10900]  netlink_deliver_tap+0xabd/0xd30
[  435.212586][T10900]  netlink_unicast+0x5df/0x7f0
[  435.212608][T10900]  ? __pfx_netlink_unicast+0x10/0x10
[  435.212635][T10900]  netlink_sendmsg+0x8d1/0xdd0
[  435.212660][T10900]  ? __pfx_netlink_sendmsg+0x10/0x10
[  435.212687][T10900]  ____sys_sendmsg+0xa95/0xc70
[  435.212712][T10900]  ? copy_msghdr_from_user+0x10a/0x160
[  435.212731][T10900]  ? __pfx_____sys_sendmsg+0x10/0x10
[  435.212766][T10900]  ___sys_sendmsg+0x134/0x1d0
[  435.212784][T10900]  ? __pfx____sys_sendmsg+0x10/0x10
[  435.212834][T10900]  __sys_sendmsg+0x16d/0x220
[  435.212853][T10900]  ? __pfx___sys_sendmsg+0x10/0x10
[  435.212891][T10900]  do_syscall_64+0xcd/0x260
[  435.212914][T10900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  435.212931][T10900] RIP: 0033:0x7fafa698d169
[  435.212944][T10900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  435.212960][T10900] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  435.212976][T10900] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  435.212986][T10900] RDX: 0000000000004084 RSI: 0000200000000180 RDI: 0000000000000003
[  435.212997][T10900] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  435.213006][T10900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  435.213016][T10900] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  435.213039][T10900]  </TASK>
[  435.479972][ T5874] usb 4-1: new high-speed USB device number 75 using dummy_hcd
[  435.669562][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  435.684885][ T5874] usb 4-1: config 0 has an invalid interface number: 4 but max is 0
[  435.761069][ T5874] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  435.848571][ T5874] usb 4-1: config 0 has no interface number 0
[  435.859797][ T5874] usb 4-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  436.908325][ T5874] usb 4-1: New USB device found, idVendor=04ff, idProduct=0066, bcdDevice=d8.b0
[  436.978653][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.010184][ T5874] usb 4-1: config 0 descriptor??
[  437.018388][ T5874] usb 4-1: bad CDC descriptors
[  437.136609][T10924] netlink: 129704 bytes leftover after parsing attributes in process `syz.4.1479'.
[  437.152889][T10925] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1480'.
[  437.156096][T10926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1481'.
[  437.181063][T10924] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1479'.
[  437.190449][T10924] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1479'.
[  437.199606][T10926] bridge_slave_1: left allmulticast mode
[  437.205372][T10926] bridge_slave_1: left promiscuous mode
[  437.211180][T10926] bridge0: port 2(bridge_slave_1) entered disabled state
[  437.342636][T10934] netlink: 'syz.1.1483': attribute type 4 has an invalid length.
[  437.353778][T10926] bridge_slave_0: left allmulticast mode
[  437.397549][T10935] netlink: 'syz.1.1483': attribute type 4 has an invalid length.
[  437.466555][T10926] bridge_slave_0: left promiscuous mode
[  437.779706][T10926] bridge0: port 1(bridge_slave_0) entered disabled state
[  437.883231][ T5871] lo speed is unknown, defaulting to 1000
[  437.889231][    T9] lo speed is unknown, defaulting to 1000
[  438.084359][T10946] FAULT_INJECTION: forcing a failure.
[  438.084359][T10946] name failslab, interval 1, probability 0, space 0, times 0
[  438.301061][T10949] lo speed is unknown, defaulting to 1000
[  438.316691][T10949] lo speed is unknown, defaulting to 1000
[  438.490318][T10946] CPU: 1 UID: 0 PID: 10946 Comm: syz.0.1486 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  438.490345][T10946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  438.490356][T10946] Call Trace:
[  438.490362][T10946]  <TASK>
[  438.490368][T10946]  dump_stack_lvl+0x16c/0x1f0
[  438.490394][T10946]  should_fail_ex+0x512/0x640
[  438.490411][T10946]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  438.490440][T10946]  should_failslab+0xc2/0x120
[  438.490460][T10946]  __kmalloc_cache_noprof+0x6a/0x3e0
[  438.490485][T10946]  ? rtnl_newlink+0x11b/0x2000
[  438.490508][T10946]  ? __pfx_rtnl_newlink+0x10/0x10
[  438.490527][T10946]  rtnl_newlink+0x11b/0x2000
[  438.490554][T10946]  ? __pfx_rtnl_newlink+0x10/0x10
[  438.490573][T10946]  ? find_held_lock+0x2b/0x80
[  438.490596][T10946]  ? avc_has_perm_noaudit+0x117/0x3b0
[  438.490616][T10946]  ? avc_has_perm_noaudit+0x149/0x3b0
[  438.490639][T10946]  ? __lock_acquire+0x5ca/0x1ba0
[  438.490668][T10946]  ? find_held_lock+0x2b/0x80
[  438.490688][T10946]  ? __pfx_rtnl_newlink+0x10/0x10
[  438.490707][T10946]  ? __pfx_rtnl_newlink+0x10/0x10
[  438.490725][T10946]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  438.490746][T10946]  ? __pfx_rtnl_newlink+0x10/0x10
[  438.490767][T10946]  rtnetlink_rcv_msg+0x95b/0xe90
[  438.490790][T10946]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  438.490810][T10946]  ? __pfx_avc_has_perm+0x10/0x10
[  438.490842][T10946]  netlink_rcv_skb+0x16a/0x440
[  438.490865][T10946]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  438.490886][T10946]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  438.490921][T10946]  ? netlink_deliver_tap+0x1ae/0xd30
[  438.490946][T10946]  netlink_unicast+0x53a/0x7f0
[  438.490970][T10946]  ? __pfx_netlink_unicast+0x10/0x10
[  438.491001][T10946]  netlink_sendmsg+0x8d1/0xdd0
[  438.491027][T10946]  ? __pfx_netlink_sendmsg+0x10/0x10
[  438.491056][T10946]  ____sys_sendmsg+0xa95/0xc70
[  438.491080][T10946]  ? copy_msghdr_from_user+0x10a/0x160
[  438.491098][T10946]  ? __pfx_____sys_sendmsg+0x10/0x10
[  438.491133][T10946]  ___sys_sendmsg+0x134/0x1d0
[  438.491154][T10946]  ? __pfx____sys_sendmsg+0x10/0x10
[  438.491202][T10946]  __sys_sendmsg+0x16d/0x220
[  438.491222][T10946]  ? __pfx___sys_sendmsg+0x10/0x10
[  438.491248][T10946]  ? rcu_is_watching+0x12/0xc0
[  438.491276][T10946]  do_syscall_64+0xcd/0x260
[  438.491299][T10946]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.491316][T10946] RIP: 0033:0x7faa0e78d169
[  438.491330][T10946] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.491346][T10946] RSP: 002b:00007faa0f5cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  438.491364][T10946] RAX: ffffffffffffffda RBX: 00007faa0e9a5fa0 RCX: 00007faa0e78d169
[  438.491375][T10946] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  438.491385][T10946] RBP: 00007faa0f5cc090 R08: 0000000000000000 R09: 0000000000000000
[  438.491394][T10946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.491404][T10946] R13: 0000000000000000 R14: 00007faa0e9a5fa0 R15: 00007ffc11baa1c8
[  438.491426][T10946]  </TASK>
[  438.566691][T10944] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1485'.
[  438.571219][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.784300][T10944] 8021q: adding VLAN 0 to HW filter on device bond2
[  438.786457][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.900398][   T92] usb 4-1: USB disconnect, device number 75
[  438.924775][    C1] vkms_vblank_simulate: vblank timer overrun
[  438.964328][T10951] 8021q: adding VLAN 0 to HW filter on device bond2
[  438.999864][T10951] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  439.104555][T10951] bond2: (slave vcan1): Error -95 calling set_mac_address
[  439.282214][   T92] usb 4-1: new full-speed USB device number 76 using dummy_hcd
[  439.460333][   T92] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  439.510000][   T92] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  439.551729][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  439.618691][   T92] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  439.663690][   T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.699347][T10967] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=771 sclass=netlink_route_socket pid=10967 comm=syz.1.1491
[  439.728440][   T92] usb 4-1: Product: syz
[  439.741727][   T92] usb 4-1: Manufacturer: syz
[  440.199455][   T92] usb 4-1: SerialNumber: syz
[  440.680634][ T5875] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  441.293876][   T30] audit: type=1400 audit(1743739193.784:826): avc:  denied  { watch } for  pid=10973 comm="syz.1.1494" path="/296/file0" dev="tmpfs" ino=1583 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  441.350008][   T30] audit: type=1400 audit(1743739193.854:827): avc:  denied  { bind } for  pid=10973 comm="syz.1.1494" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  441.427406][ T5874] usb 4-1: USB disconnect, device number 76
[  441.494408][   T92] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[  441.509596][ T5875] usb 1-1: Using ep0 maxpacket: 16
[  441.542494][ T5875] usb 1-1: config 0 has an invalid interface number: 214 but max is 0
[  441.571778][ T5875] usb 1-1: config 0 has no interface number 0
[  441.614836][ T5875] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  441.664462][ T5875] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  441.731338][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.760020][ T5875] usb 1-1: Product: syz
[  441.779656][ T5875] usb 1-1: Manufacturer: syz
[  441.789990][   T92] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  441.824941][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.849665][   T92] usb 3-1: Product: syz
[  441.854135][ T5875] usb 1-1: SerialNumber: syz
[  441.864009][   T92] usb 3-1: Manufacturer: syz
[  441.879224][ T5875] usb 1-1: config 0 descriptor??
[  441.886729][   T92] usb 3-1: SerialNumber: syz
[  441.900345][   T92] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  441.950866][ T5909] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  441.999889][   T30] audit: type=1326 audit(1743739195.344:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm="syz.3.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.106114][   T30] audit: type=1326 audit(1743739195.364:829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm="syz.3.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.129502][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.208780][   T30] audit: type=1326 audit(1743739195.374:830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm="syz.3.1498" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.215195][T10991] FAULT_INJECTION: forcing a failure.
[  442.215195][T10991] name failslab, interval 1, probability 0, space 0, times 0
[  442.232182][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.272793][T10991] CPU: 1 UID: 0 PID: 10991 Comm: syz.1.1499 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  442.272820][T10991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  442.272828][T10991] Call Trace:
[  442.272834][T10991]  <TASK>
[  442.272840][T10991]  dump_stack_lvl+0x16c/0x1f0
[  442.272865][T10991]  should_fail_ex+0x512/0x640
[  442.272879][T10991]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  442.272902][T10991]  should_failslab+0xc2/0x120
[  442.272916][T10991]  __kmalloc_cache_noprof+0x6a/0x3e0
[  442.272936][T10991]  ? __asan_memcpy+0x3c/0x60
[  442.272953][T10991]  ? sctp_association_new+0xbb/0x2a00
[  442.272972][T10991]  ? sctp_add_bind_addr+0x2a1/0x3f0
[  442.272989][T10991]  sctp_association_new+0xbb/0x2a00
[  442.273009][T10991]  ? sctp_v4_scope+0x183/0x1a0
[  442.273026][T10991]  sctp_connect_new_asoc+0x1b6/0x790
[  442.273048][T10991]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  442.273073][T10991]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  442.273095][T10991]  sctp_sendmsg+0x15f9/0x1ee0
[  442.273115][T10991]  ? __pfx_sctp_sendmsg+0x10/0x10
[  442.273138][T10991]  ? __pfx_sock_has_perm+0x10/0x10
[  442.273162][T10991]  ? __import_iovec+0x1c8/0x660
[  442.273180][T10991]  ? __pfx_sctp_sendmsg+0x10/0x10
[  442.273200][T10991]  inet_sendmsg+0x119/0x140
[  442.273220][T10991]  ____sys_sendmsg+0x973/0xc70
[  442.273240][T10991]  ? copy_msghdr_from_user+0x10a/0x160
[  442.273254][T10991]  ? __pfx_____sys_sendmsg+0x10/0x10
[  442.273276][T10991]  ? __pfx__kstrtoull+0x10/0x10
[  442.273299][T10991]  ___sys_sendmsg+0x134/0x1d0
[  442.273316][T10991]  ? __pfx____sys_sendmsg+0x10/0x10
[  442.273343][T10991]  ? find_held_lock+0x2b/0x80
[  442.273375][T10991]  __sys_sendmmsg+0x200/0x420
[  442.273392][T10991]  ? __pfx___sys_sendmmsg+0x10/0x10
[  442.273415][T10991]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  442.273442][T10991]  ? fput+0x70/0xf0
[  442.273460][T10991]  ? ksys_write+0x1b9/0x240
[  442.273472][T10991]  ? __pfx_ksys_write+0x10/0x10
[  442.273485][T10991]  ? rcu_is_watching+0x12/0xc0
[  442.273507][T10991]  __x64_sys_sendmmsg+0x9c/0x100
[  442.273523][T10991]  ? lockdep_hardirqs_on+0x7c/0x110
[  442.273543][T10991]  do_syscall_64+0xcd/0x260
[  442.273563][T10991]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.273580][T10991] RIP: 0033:0x7efec138d169
[  442.273595][T10991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  442.273610][T10991] RSP: 002b:00007efebf1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  442.273627][T10991] RAX: ffffffffffffffda RBX: 00007efec15a5fa0 RCX: 00007efec138d169
[  442.273637][T10991] RDX: 0000000000000002 RSI: 0000200000000e40 RDI: 0000000000000003
[  442.273647][T10991] RBP: 00007efebf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  442.273656][T10991] R10: 0000000000000844 R11: 0000000000000246 R12: 0000000000000001
[  442.273665][T10991] R13: 0000000000000000 R14: 00007efec15a5fa0 R15: 00007fffbe67d5a8
[  442.273686][T10991]  </TASK>
[  442.565946][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.572861][   T30] audit: type=1326 audit(1743739195.374:831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.597787][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.619435][   T30] audit: type=1326 audit(1743739195.374:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.644373][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.657043][   T30] audit: type=1326 audit(1743739195.374:833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.682159][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.689684][   T30] audit: type=1326 audit(1743739195.374:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.714597][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.724743][   T30] audit: type=1326 audit(1743739195.384:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10988 comm=6C2586CE36DB0CCF197CC94F7FCE8F exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2275b8d169 code=0x7ffc0000
[  442.750038][    C1] vkms_vblank_simulate: vblank timer overrun
[  442.763938][   T92] usb 4-1: new full-speed USB device number 77 using dummy_hcd
[  442.831796][ T5875] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71
[  442.844001][T10997] FAULT_INJECTION: forcing a failure.
[  442.844001][T10997] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  442.858248][T10997] CPU: 1 UID: 0 PID: 10997 Comm: syz.4.1502 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  442.858271][T10997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  442.858280][T10997] Call Trace:
[  442.858285][T10997]  <TASK>
[  442.858290][T10997]  dump_stack_lvl+0x16c/0x1f0
[  442.858314][T10997]  should_fail_ex+0x512/0x640
[  442.858336][T10997]  _copy_to_iter+0x477/0x15a0
[  442.858359][T10997]  ? __pfx__copy_to_iter+0x10/0x10
[  442.858375][T10997]  ? trace_kmalloc+0x2b/0xd0
[  442.858394][T10997]  ? __kvmalloc_node_noprof+0x296/0x600
[  442.858408][T10997]  ? _kstrtoull+0x61/0x200
[  442.858426][T10997]  ? seq_read_iter+0x826/0x12c0
[  442.858455][T10997]  seq_read_iter+0xcf8/0x12c0
[  442.858487][T10997]  seq_read+0x39e/0x4e0
[  442.858510][T10997]  ? __pfx_seq_read+0x10/0x10
[  442.858543][T10997]  ? avc_policy_seqno+0x9/0x20
[  442.858562][T10997]  ? __pfx_seq_read+0x10/0x10
[  442.858583][T10997]  proc_reg_read+0x23d/0x330
[  442.858602][T10997]  ? __pfx_proc_reg_read+0x10/0x10
[  442.858619][T10997]  vfs_read+0x1de/0xc70
[  442.858636][T10997]  ? __pfx___mutex_lock+0x10/0x10
[  442.858656][T10997]  ? __pfx_vfs_read+0x10/0x10
[  442.858686][T10997]  ? __fget_files+0x20e/0x3c0
[  442.858708][T10997]  ksys_read+0x12a/0x240
[  442.858723][T10997]  ? __pfx_ksys_read+0x10/0x10
[  442.858735][T10997]  ? rcu_is_watching+0x12/0xc0
[  442.858762][T10997]  do_syscall_64+0xcd/0x260
[  442.858783][T10997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  442.858799][T10997] RIP: 0033:0x7fafa698d169
[  442.858818][T10997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  442.858833][T10997] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  442.858848][T10997] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  442.858859][T10997] RDX: 00000000000000f9 RSI: 0000200000000900 RDI: 0000000000000003
[  442.858868][T10997] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  442.858877][T10997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  442.858886][T10997] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  442.858909][T10997]  </TASK>
[  442.861054][ T5875] usb 1-1: USB disconnect, device number 74
[  442.939215][T10999] 9pnet_fd: Insufficient options for proto=fd
[  443.028086][    C1] vkms_vblank_simulate: vblank timer overrun
[  443.098714][ T5909] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  443.112142][   T92] usb 4-1: config 0 has too many interfaces: 202, using maximum allowed: 32
[  443.121064][ T5909] ath9k_htc: Failed to initialize the device
[  443.139453][   T92] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 202
[  443.148623][   T92] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  443.173553][   T92] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99
[  443.183181][   T92] usb 4-1: New USB device strings: Mfr=33, Product=2, SerialNumber=3
[  443.191485][   T92] usb 4-1: Product: syz
[  443.195786][   T92] usb 4-1: Manufacturer: syz
[  443.208243][ T5909] usb 3-1: ath9k_htc: USB layer deinitialized
[  443.224493][T11004] FAULT_INJECTION: forcing a failure.
[  443.224493][T11004] name failslab, interval 1, probability 0, space 0, times 0
[  443.238651][T11004] CPU: 0 UID: 0 PID: 11004 Comm: syz.4.1505 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  443.238676][T11004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  443.238686][T11004] Call Trace:
[  443.238692][T11004]  <TASK>
[  443.238699][T11004]  dump_stack_lvl+0x16c/0x1f0
[  443.238725][T11004]  should_fail_ex+0x512/0x640
[  443.238747][T11004]  should_failslab+0xc2/0x120
[  443.238767][T11004]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  443.238787][T11004]  ? skb_clone+0x190/0x3f0
[  443.238811][T11004]  skb_clone+0x190/0x3f0
[  443.238831][T11004]  netlink_deliver_tap+0xabd/0xd30
[  443.238858][T11004]  netlink_unicast+0x5df/0x7f0
[  443.238882][T11004]  ? __pfx_netlink_unicast+0x10/0x10
[  443.238910][T11004]  netlink_sendmsg+0x8d1/0xdd0
[  443.238935][T11004]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.238966][T11004]  ____sys_sendmsg+0xa95/0xc70
[  443.238992][T11004]  ? copy_msghdr_from_user+0x10a/0x160
[  443.239012][T11004]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.239047][T11004]  ___sys_sendmsg+0x134/0x1d0
[  443.239068][T11004]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.239118][T11004]  __sys_sendmsg+0x16d/0x220
[  443.239137][T11004]  ? __pfx___sys_sendmsg+0x10/0x10
[  443.239164][T11004]  ? rcu_is_watching+0x12/0xc0
[  443.239193][T11004]  do_syscall_64+0xcd/0x260
[  443.239215][T11004]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.239232][T11004] RIP: 0033:0x7fafa698d169
[  443.239246][T11004] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.239261][T11004] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.239278][T11004] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  443.239289][T11004] RDX: 0000000020008000 RSI: 0000200000000040 RDI: 0000000000000003
[  443.239300][T11004] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  443.239310][T11004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.239320][T11004] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  443.239342][T11004]  </TASK>
[  443.240679][   T92] usb 4-1: SerialNumber: syz
[  443.464199][   T92] usb 4-1: config 0 descriptor??
[  443.473140][   T92] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  443.594467][ T5871] usb 3-1: USB disconnect, device number 76
[  443.691074][ T5874] usb 2-1: new full-speed USB device number 59 using dummy_hcd
[  443.707448][   T92] usb 4-1: USB disconnect, device number 77
[  443.847119][T11020] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1511'.
[  443.856302][T11020] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1511'.
[  443.982568][ T5871] usb 3-1: new full-speed USB device number 77 using dummy_hcd
[  444.107848][T11021] lo speed is unknown, defaulting to 1000
[  444.121991][T11021] lo speed is unknown, defaulting to 1000
[  446.210838][ T5874] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  446.306477][ T5871] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  446.329435][ T5871] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  446.365541][ T5871] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  446.419433][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.476724][ T5871] usb 3-1: Product: syz
[  446.481482][ T5874] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 2
[  446.494000][ T5874] usb 2-1: string descriptor 0 read error: -71
[  446.500339][ T5874] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  446.509713][ T5871] usb 3-1: Manufacturer: syz
[  446.511064][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.540404][ T5871] usb 3-1: SerialNumber: syz
[  446.715586][ T5871] usb 3-1: can't set config #1, error -71
[  446.716380][ T5874] usb 2-1: can't set config #1, error -71
[  446.735776][ T5874] usb 2-1: USB disconnect, device number 59
[  446.769615][ T5909] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  446.939549][ T5909] usb 1-1: Using ep0 maxpacket: 16
[  446.964471][ T5871] usb 3-1: USB disconnect, device number 77
[  447.504277][ T5909] usb 1-1: config 0 has an invalid interface number: 107 but max is 0
[  447.523328][ T5909] usb 1-1: config 0 has no interface number 0
[  447.529641][ T5909] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  447.541028][ T5909] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  447.553258][ T5909] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60
[  447.562625][ T5909] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3
[  447.571474][ T5909] usb 1-1: Product: syz
[  447.576156][ T5909] usb 1-1: Manufacturer: syz
[  447.589253][ T5909] usb 1-1: SerialNumber: syz
[  447.728727][ T5909] usb 1-1: config 0 descriptor??
[  447.736157][ T5909] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected
[  447.749231][ T5909] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81
[  447.761750][ T5909] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1
[  447.773232][ T5909] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0
[  448.012739][ T5909] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2
[  448.056670][ T5909] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1
[  448.184981][ T5909] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4
[  448.200031][ T5909] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2
[  448.210968][T11029] lo speed is unknown, defaulting to 1000
[  448.217330][ T5909] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 6
[  449.227859][ T5874] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  449.239604][ T5909] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3
[  449.280451][T11029] lo speed is unknown, defaulting to 1000
[  449.409519][ T5874] usb 2-1: Using ep0 maxpacket: 8
[  449.435147][ T5874] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  449.542199][ T5874] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  449.633309][ T5874] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  449.669408][ T5874] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  449.701962][ T5874] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  449.719935][ T5874] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  449.973580][ T5874] usb 2-1: usb_control_msg returned -71
[  449.979217][ T5874] usbtmc 2-1:16.0: can't read capabilities
[  449.991755][ T5874] usb 2-1: USB disconnect, device number 60
[  450.351773][ T6091] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  450.399336][ T5926] usb 1-1: USB disconnect, device number 75
[  450.415348][ T5926] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0
[  450.465210][ T5926] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1
[  450.512846][ T6091] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  450.527444][ T5926] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2
[  450.713851][ T6091] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.734580][ T5926] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3
[  450.774738][ T6091] usb 4-1: Product: syz
[  450.842996][ T6091] usb 4-1: Manufacturer: syz
[  450.895415][ T5926] keyspan 1-1:0.107: device disconnected
[  450.937883][ T6091] usb 4-1: SerialNumber: syz
[  451.183011][ T6091] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  451.218689][ T5874] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  451.450019][T11087] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  451.552447][T11089] FAULT_INJECTION: forcing a failure.
[  451.552447][T11089] name failslab, interval 1, probability 0, space 0, times 0
[  451.612774][T11089] CPU: 0 UID: 0 PID: 11089 Comm: syz.0.1532 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  451.612800][T11089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  451.612811][T11089] Call Trace:
[  451.612817][T11089]  <TASK>
[  451.612824][T11089]  dump_stack_lvl+0x16c/0x1f0
[  451.612850][T11089]  should_fail_ex+0x512/0x640
[  451.612867][T11089]  ? __kmalloc_noprof+0xbf/0x510
[  451.612885][T11089]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  451.612911][T11089]  should_failslab+0xc2/0x120
[  451.612931][T11089]  __kmalloc_noprof+0xd2/0x510
[  451.612954][T11089]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  451.612980][T11089]  ? cred_has_capability.isra.0+0x193/0x2f0
[  451.613008][T11089]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  451.613033][T11089]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  451.613065][T11089]  ? bpf_lsm_capable+0x9/0x10
[  451.613080][T11089]  ? security_capable+0x7e/0x260
[  451.613105][T11089]  genl_rcv_msg+0x55c/0x800
[  451.613132][T11089]  ? __pfx_genl_rcv_msg+0x10/0x10
[  451.613157][T11089]  ? __pfx_netlbl_calipso_remove+0x10/0x10
[  451.613182][T11089]  ? __lock_acquire+0xaa4/0x1ba0
[  451.613204][T11089]  netlink_rcv_skb+0x16a/0x440
[  451.613224][T11089]  ? __pfx_genl_rcv_msg+0x10/0x10
[  451.613248][T11089]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  451.613282][T11089]  ? __pfx_down_read+0x10/0x10
[  451.613305][T11089]  ? netlink_deliver_tap+0x1ae/0xd30
[  451.613330][T11089]  genl_rcv+0x28/0x40
[  451.613350][T11089]  netlink_unicast+0x53a/0x7f0
[  451.613373][T11089]  ? __pfx_netlink_unicast+0x10/0x10
[  451.613400][T11089]  netlink_sendmsg+0x8d1/0xdd0
[  451.613425][T11089]  ? __pfx_netlink_sendmsg+0x10/0x10
[  451.613457][T11089]  ____sys_sendmsg+0xa95/0xc70
[  451.613487][T11089]  ? copy_msghdr_from_user+0x10a/0x160
[  451.613506][T11089]  ? __pfx_____sys_sendmsg+0x10/0x10
[  451.613540][T11089]  ___sys_sendmsg+0x134/0x1d0
[  451.613561][T11089]  ? __pfx____sys_sendmsg+0x10/0x10
[  451.613612][T11089]  __sys_sendmsg+0x16d/0x220
[  451.613633][T11089]  ? __pfx___sys_sendmsg+0x10/0x10
[  451.613660][T11089]  ? rcu_is_watching+0x12/0xc0
[  451.613686][T11089]  do_syscall_64+0xcd/0x260
[  451.613708][T11089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.613726][T11089] RIP: 0033:0x7faa0e78d169
[  451.613740][T11089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.613756][T11089] RSP: 002b:00007faa0f5cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  451.613772][T11089] RAX: ffffffffffffffda RBX: 00007faa0e9a5fa0 RCX: 00007faa0e78d169
[  451.613783][T11089] RDX: 0000000000004040 RSI: 0000200000000500 RDI: 0000000000000004
[  451.613793][T11089] RBP: 00007faa0f5cc090 R08: 0000000000000000 R09: 0000000000000000
[  451.613803][T11089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  451.613813][T11089] R13: 0000000000000000 R14: 00007faa0e9a5fa0 R15: 00007ffc11baa1c8
[  451.613835][T11089]  </TASK>
[  452.469496][ T5874] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  452.476645][ T5874] ath9k_htc: Failed to initialize the device
[  454.147341][   T30] kauditd_printk_skb: 47 callbacks suppressed
[  454.147366][   T30] audit: type=1400 audit(1743739206.734:883): avc:  denied  { accept } for  pid=11092 comm="syz.0.1534" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  455.064693][ T5874] usb 4-1: ath9k_htc: USB layer deinitialized
[  455.252923][    T9] usb 4-1: USB disconnect, device number 78
[  456.439682][ T1556] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[  456.519507][    T9] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  456.562784][T11133] syzkaller1: entered promiscuous mode
[  456.568355][T11133] syzkaller1: entered allmulticast mode
[  456.601369][ T1556] usb 3-1: Using ep0 maxpacket: 32
[  456.614704][ T1556] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  456.723231][ T1556] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  456.749693][    T9] usb 4-1: Using ep0 maxpacket: 8
[  456.754945][ T1556] usb 3-1: config 0 has no interface number 0
[  456.806463][T11137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1546'.
[  456.851683][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  456.969515][T11137] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1546'.
[  457.034775][ T1556] usb 3-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  457.048080][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  457.139538][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  457.157236][ T1556] usb 3-1: New USB device found, idVendor=04ff, idProduct=0066, bcdDevice=d8.b0
[  457.157699][T11146] FAULT_INJECTION: forcing a failure.
[  457.157699][T11146] name failslab, interval 1, probability 0, space 0, times 0
[  457.200674][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  457.214798][ T1556] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.214893][T11146] CPU: 1 UID: 0 PID: 11146 Comm: syz.0.1549 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  457.214913][T11146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  457.214922][T11146] Call Trace:
[  457.214927][T11146]  <TASK>
[  457.214933][T11146]  dump_stack_lvl+0x16c/0x1f0
[  457.214956][T11146]  should_fail_ex+0x512/0x640
[  457.214970][T11146]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  457.214989][T11146]  should_failslab+0xc2/0x120
[  457.215006][T11146]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  457.215021][T11146]  ? __alloc_skb+0x2b2/0x380
[  457.215039][T11146]  __alloc_skb+0x2b2/0x380
[  457.215054][T11146]  ? __pfx___alloc_skb+0x10/0x10
[  457.215072][T11146]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  457.215093][T11146]  netlink_alloc_large_skb+0x69/0x130
[  457.215112][T11146]  netlink_sendmsg+0x6a1/0xdd0
[  457.215133][T11146]  ? __pfx_netlink_sendmsg+0x10/0x10
[  457.215157][T11146]  ____sys_sendmsg+0xa95/0xc70
[  457.215177][T11146]  ? copy_msghdr_from_user+0x10a/0x160
[  457.215193][T11146]  ? __pfx_____sys_sendmsg+0x10/0x10
[  457.215222][T11146]  ___sys_sendmsg+0x134/0x1d0
[  457.215239][T11146]  ? __pfx____sys_sendmsg+0x10/0x10
[  457.215279][T11146]  __sys_sendmsg+0x16d/0x220
[  457.215296][T11146]  ? __pfx___sys_sendmsg+0x10/0x10
[  457.215317][T11146]  ? rcu_is_watching+0x12/0xc0
[  457.215341][T11146]  do_syscall_64+0xcd/0x260
[  457.215360][T11146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.215375][T11146] RIP: 0033:0x7faa0e78d169
[  457.215387][T11146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.215400][T11146] RSP: 002b:00007faa0f5cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  457.215414][T11146] RAX: ffffffffffffffda RBX: 00007faa0e9a5fa0 RCX: 00007faa0e78d169
[  457.215424][T11146] RDX: 0000000020040048 RSI: 0000200000000740 RDI: 0000000000000003
[  457.215433][T11146] RBP: 00007faa0f5cc090 R08: 0000000000000000 R09: 0000000000000000
[  457.215441][T11146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.215465][T11146] R13: 0000000000000000 R14: 00007faa0e9a5fa0 R15: 00007ffc11baa1c8
[  457.215484][T11146]  </TASK>
[  457.453750][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  457.525443][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.907008][    T9] usb 4-1: usb_control_msg returned -71
[  457.912909][    T9] usbtmc 4-1:16.0: can't read capabilities
[  457.935419][    T9] usb 4-1: USB disconnect, device number 79
[  457.952101][ T1556] usb 3-1: config 0 descriptor??
[  457.968105][ T1556] usb 3-1: bad CDC descriptors
[  458.624928][T11162] SELinux:  Context : is not valid (left unmapped).
[  458.642631][   T30] audit: type=1400 audit(1743739211.974:884): avc:  denied  { relabelto } for  pid=11156 comm="syz.1.1553" name="rdma.current" dev="tmpfs" ino=1660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":"
[  458.668102][   T30] audit: type=1400 audit(1743739211.974:885): avc:  denied  { associate } for  pid=11156 comm="syz.1.1553" name="rdma.current" dev="tmpfs" ino=1660 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon=":"
[  458.693205][    C1] vkms_vblank_simulate: vblank timer overrun
[  459.109851][   T30] audit: type=1400 audit(1743739212.444:886): avc:  denied  { unlink } for  pid=5825 comm="syz-executor" name="rdma.current" dev="tmpfs" ino=1660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon=":"
[  459.976015][ T1556] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  460.177145][    T9] usb 3-1: USB disconnect, device number 78
[  460.412122][ T1556] usb 4-1: Using ep0 maxpacket: 16
[  460.414977][T11182] FAULT_INJECTION: forcing a failure.
[  460.414977][T11182] name failslab, interval 1, probability 0, space 0, times 0
[  460.435468][T11182] CPU: 1 UID: 0 PID: 11182 Comm: syz.4.1559 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  460.435497][T11182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  460.435507][T11182] Call Trace:
[  460.435513][T11182]  <TASK>
[  460.435519][T11182]  dump_stack_lvl+0x16c/0x1f0
[  460.435542][T11182]  should_fail_ex+0x512/0x640
[  460.435563][T11182]  should_failslab+0xc2/0x120
[  460.435582][T11182]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  460.435600][T11182]  ? skb_clone+0x190/0x3f0
[  460.435616][T11182]  skb_clone+0x190/0x3f0
[  460.435628][T11182]  netlink_deliver_tap+0xabd/0xd30
[  460.435644][T11182]  netlink_unicast+0x5df/0x7f0
[  460.435658][T11182]  ? __pfx_netlink_unicast+0x10/0x10
[  460.435674][T11182]  netlink_sendmsg+0x8d1/0xdd0
[  460.435689][T11182]  ? __pfx_netlink_sendmsg+0x10/0x10
[  460.435706][T11182]  ____sys_sendmsg+0xa95/0xc70
[  460.435721][T11182]  ? copy_msghdr_from_user+0x10a/0x160
[  460.435732][T11182]  ? __pfx_____sys_sendmsg+0x10/0x10
[  460.435754][T11182]  ___sys_sendmsg+0x134/0x1d0
[  460.435767][T11182]  ? __pfx____sys_sendmsg+0x10/0x10
[  460.435794][T11182]  __sys_sendmsg+0x16d/0x220
[  460.435806][T11182]  ? __pfx___sys_sendmsg+0x10/0x10
[  460.435821][T11182]  ? rcu_is_watching+0x12/0xc0
[  460.435838][T11182]  do_syscall_64+0xcd/0x260
[  460.435851][T11182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  460.435861][T11182] RIP: 0033:0x7fafa698d169
[  460.435870][T11182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  460.435880][T11182] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  460.435891][T11182] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  460.435897][T11182] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  460.435903][T11182] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  460.435909][T11182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  460.435914][T11182] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  460.435927][T11182]  </TASK>
[  460.644904][    C1] vkms_vblank_simulate: vblank timer overrun
[  460.678823][T11182] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1559'.
[  460.728472][ T1556] usb 4-1: config 0 interface 0 has no altsetting 0
[  460.809499][ T1556] usb 4-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.00
[  460.828817][   T30] audit: type=1400 audit(1743739214.154:887): avc:  denied  { accept } for  pid=11183 comm="syz.2.1560" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  460.869071][ T1556] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.878209][   T30] audit: type=1400 audit(1743739214.164:888): avc:  denied  { mount } for  pid=11186 comm="syz.0.1563" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  460.926327][ T1556] usb 4-1: config 0 descriptor??
[  460.939511][   T30] audit: type=1400 audit(1743739214.194:889): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  460.959672][    C1] vkms_vblank_simulate: vblank timer overrun
[  460.999597][T11192] FAULT_INJECTION: forcing a failure.
[  460.999597][T11192] name failslab, interval 1, probability 0, space 0, times 0
[  461.029484][T11192] CPU: 0 UID: 0 PID: 11192 Comm: syz.1.1566 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  461.029509][T11192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  461.029520][T11192] Call Trace:
[  461.029525][T11192]  <TASK>
[  461.029532][T11192]  dump_stack_lvl+0x16c/0x1f0
[  461.029558][T11192]  should_fail_ex+0x512/0x640
[  461.029583][T11192]  should_failslab+0xc2/0x120
[  461.029601][T11192]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  461.029618][T11192]  ? skb_clone+0x190/0x3f0
[  461.029640][T11192]  skb_clone+0x190/0x3f0
[  461.029658][T11192]  netlink_deliver_tap+0xabd/0xd30
[  461.029683][T11192]  netlink_unicast+0x5df/0x7f0
[  461.029705][T11192]  ? __pfx_netlink_unicast+0x10/0x10
[  461.029723][T11192]  ? __build_skb_around+0x278/0x3b0
[  461.029754][T11192]  netlink_sendmsg+0x8d1/0xdd0
[  461.029778][T11192]  ? __pfx_netlink_sendmsg+0x10/0x10
[  461.029807][T11192]  ____sys_sendmsg+0xa95/0xc70
[  461.029830][T11192]  ? copy_msghdr_from_user+0x10a/0x160
[  461.029849][T11192]  ? __pfx_____sys_sendmsg+0x10/0x10
[  461.029881][T11192]  ___sys_sendmsg+0x134/0x1d0
[  461.029901][T11192]  ? __pfx____sys_sendmsg+0x10/0x10
[  461.029946][T11192]  __sys_sendmsg+0x16d/0x220
[  461.029963][T11192]  ? __pfx___sys_sendmsg+0x10/0x10
[  461.029987][T11192]  ? rcu_is_watching+0x12/0xc0
[  461.030012][T11192]  do_syscall_64+0xcd/0x260
[  461.030034][T11192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  461.030051][T11192] RIP: 0033:0x7efec138d169
[  461.030065][T11192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  461.030080][T11192] RSP: 002b:00007efebf1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  461.030097][T11192] RAX: ffffffffffffffda RBX: 00007efec15a5fa0 RCX: 00007efec138d169
[  461.030107][T11192] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  461.030117][T11192] RBP: 00007efebf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  461.030126][T11192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  461.030135][T11192] R13: 0000000000000000 R14: 00007efec15a5fa0 R15: 00007fffbe67d5a8
[  461.030157][T11192]  </TASK>
[  461.032652][T11192] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.1566'.
[  461.078734][T11199] 9pnet_fd: Insufficient options for proto=fd
[  461.082719][T11192] openvswitch: netlink: ufid size 3068 bytes exceeds the range (1, 16)
[  461.291482][   T92] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  461.312766][T11171] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.321488][T11171] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.451346][    T9] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[  461.489511][   T92] usb 5-1: Using ep0 maxpacket: 8
[  461.496263][   T92] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  461.507029][   T92] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  461.517524][   T92] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  462.065312][   T92] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  462.078667][   T92] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  462.088004][   T92] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.109561][ T5871] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  462.129483][    T9] usb 1-1: Using ep0 maxpacket: 16
[  462.136102][    T9] usb 1-1: config 0 has no interfaces?
[  462.142783][    T9] usb 1-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  462.151955][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.162422][    T9] usb 1-1: config 0 descriptor??
[  462.269666][ T5871] usb 3-1: Using ep0 maxpacket: 32
[  462.275741][T11210] sctp: [Deprecated]: syz.1.1571 (pid 11210) Use of struct sctp_assoc_value in delayed_ack socket option.
[  462.275741][T11210] Use struct sctp_sack_info instead
[  462.276632][ T5871] usb 3-1: config 0 has an invalid interface number: 4 but max is 0
[  462.303467][ T5871] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  462.314496][ T5871] usb 3-1: config 0 has no interface number 0
[  462.321490][ T5871] usb 3-1: config 0 interface 4 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  462.334754][ T5871] usb 3-1: New USB device found, idVendor=04ff, idProduct=0066, bcdDevice=d8.b0
[  462.344027][ T5871] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.355337][ T5871] usb 3-1: config 0 descriptor??
[  462.366590][ T5871] usb 3-1: bad CDC descriptors
[  462.419295][   T92] usb 5-1: usb_control_msg returned -71
[  462.432605][T11194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.449008][   T92] usbtmc 5-1:16.0: can't read capabilities
[  462.454753][T11194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.475331][   T92] usb 5-1: USB disconnect, device number 66
[  462.492591][ T1556] usbhid 4-1:0.0: can't add hid device: -71
[  462.524931][ T1556] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  462.541535][ T1556] usb 4-1: USB disconnect, device number 80
[  463.369301][ T1556] usb 1-1: USB disconnect, device number 76
[  464.259511][   T30] audit: type=1400 audit(1743739216.804:890): avc:  denied  { create } for  pid=11222 comm="syz.3.1574" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  464.305620][   T30] audit: type=1400 audit(1743739216.814:891): avc:  denied  { write } for  pid=11222 comm="syz.3.1574" name="file0" dev="tmpfs" ino=1658 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  464.328080][    C1] vkms_vblank_simulate: vblank timer overrun
[  464.376394][   T30] audit: type=1400 audit(1743739216.814:892): avc:  denied  { open } for  pid=11222 comm="syz.3.1574" path="/314/file0" dev="tmpfs" ino=1658 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  464.433626][ T1556] usb 3-1: USB disconnect, device number 79
[  464.499332][   T30] audit: type=1400 audit(1743739216.814:893): avc:  denied  { ioctl } for  pid=11222 comm="syz.3.1574" path="/314/file0" dev="tmpfs" ino=1658 ioctlcmd=0x127c scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  464.526168][   T30] audit: type=1400 audit(1743739216.884:894): avc:  denied  { mount } for  pid=11222 comm="syz.3.1574" name="/" dev="autofs" ino=31866 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  464.549838][   T30] audit: type=1400 audit(1743739217.824:895): avc:  denied  { unlink } for  pid=5829 comm="syz-executor" name="file0" dev="tmpfs" ino=1658 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  464.573758][   T30] audit: type=1400 audit(1743739217.824:896): avc:  denied  { unmount } for  pid=5829 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  464.666524][T11230] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1576'.
[  464.964217][ T5874] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  465.436792][T11257] sctp: [Deprecated]: syz.0.1582 (pid 11257) Use of struct sctp_assoc_value in delayed_ack socket option.
[  465.436792][T11257] Use struct sctp_sack_info instead
[  465.474410][ T5874] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  465.501854][ T5874] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  465.522162][ T5874] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  465.541095][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.029652][T11235] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  466.051874][ T5874] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  466.104995][T11266] netlink: 'syz.2.1584': attribute type 2 has an invalid length.
[  466.267664][T11235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.287265][T11235] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  466.450423][T11235] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  466.995067][T11235] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  467.065433][T11284] FAULT_INJECTION: forcing a failure.
[  467.065433][T11284] name failslab, interval 1, probability 0, space 0, times 0
[  467.078529][T11284] CPU: 1 UID: 0 PID: 11284 Comm: syz.1.1588 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  467.078553][T11284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  467.078564][T11284] Call Trace:
[  467.078570][T11284]  <TASK>
[  467.078576][T11284]  dump_stack_lvl+0x16c/0x1f0
[  467.078603][T11284]  should_fail_ex+0x512/0x640
[  467.078620][T11284]  ? __kmalloc_noprof+0xbf/0x510
[  467.078639][T11284]  ? lsm_blob_alloc+0x68/0x90
[  467.078655][T11284]  should_failslab+0xc2/0x120
[  467.078675][T11284]  __kmalloc_noprof+0xd2/0x510
[  467.078697][T11284]  lsm_blob_alloc+0x68/0x90
[  467.078713][T11284]  security_sk_alloc+0x30/0x270
[  467.078734][T11284]  sk_prot_alloc+0x1c7/0x2a0
[  467.078760][T11284]  sk_alloc+0x36/0xc20
[  467.078778][T11284]  bpf_prog_test_run_skb+0x330/0x2280
[  467.078800][T11284]  ? __fget_files+0x204/0x3c0
[  467.078820][T11284]  ? __fget_files+0x20e/0x3c0
[  467.078834][T11284]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  467.078857][T11284]  ? fput+0x70/0xf0
[  467.078879][T11284]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  467.078899][T11284]  __sys_bpf+0x1485/0x4d80
[  467.078924][T11284]  ? __pfx___sys_bpf+0x10/0x10
[  467.078946][T11284]  ? ksys_write+0x190/0x240
[  467.078965][T11284]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  467.079001][T11284]  ? fput+0x70/0xf0
[  467.079020][T11284]  ? ksys_write+0x1b9/0x240
[  467.079035][T11284]  ? __pfx_ksys_write+0x10/0x10
[  467.079049][T11284]  ? rcu_is_watching+0x12/0xc0
[  467.079074][T11284]  __x64_sys_bpf+0x78/0xc0
[  467.079096][T11284]  ? lockdep_hardirqs_on+0x7c/0x110
[  467.079116][T11284]  do_syscall_64+0xcd/0x260
[  467.079139][T11284]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.079155][T11284] RIP: 0033:0x7efec138d169
[  467.079169][T11284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  467.079185][T11284] RSP: 002b:00007efebf1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  467.079201][T11284] RAX: ffffffffffffffda RBX: 00007efec15a5fa0 RCX: 00007efec138d169
[  467.079212][T11284] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a
[  467.079221][T11284] RBP: 00007efebf1f6090 R08: 0000000000000000 R09: 0000000000000000
[  467.079231][T11284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  467.079240][T11284] R13: 0000000000000000 R14: 00007efec15a5fa0 R15: 00007fffbe67d5a8
[  467.079263][T11284]  </TASK>
[  467.354280][ T1556] usb 4-1: USB disconnect, device number 81
[  467.535536][T11293] IPv6: NLM_F_CREATE should be specified when creating new route
[  467.723312][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  467.723329][   T30] audit: type=1400 audit(1743739221.064:899): avc:  denied  { map } for  pid=11300 comm="syz.1.1593" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  467.959524][ T6091] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[  468.119640][ T6091] usb 1-1: Using ep0 maxpacket: 8
[  468.131264][ T6091] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  468.225631][ T6091] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  468.304814][ T6091] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  468.333709][ T6091] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  468.394130][ T6091] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  468.425321][ T6091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.695221][T11328] befs: (nullb0): No write support. Marking filesystem read-only
[  468.704523][T11328] befs: (nullb0): invalid magic header
[  468.803834][T11329] xt_cgroup: invalid path, errno=-2
[  469.190166][ T6091] usb 1-1: usb_control_msg returned -71
[  469.215535][ T6091] usbtmc 1-1:16.0: can't read capabilities
[  469.269135][ T6091] usb 1-1: USB disconnect, device number 77
[  469.311700][T11336] FAULT_INJECTION: forcing a failure.
[  469.311700][T11336] name failslab, interval 1, probability 0, space 0, times 0
[  469.339447][T11336] CPU: 0 UID: 0 PID: 11336 Comm: syz.4.1600 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  469.339472][T11336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  469.339480][T11336] Call Trace:
[  469.339486][T11336]  <TASK>
[  469.339492][T11336]  dump_stack_lvl+0x16c/0x1f0
[  469.339516][T11336]  should_fail_ex+0x512/0x640
[  469.339536][T11336]  should_failslab+0xc2/0x120
[  469.339553][T11336]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  469.339578][T11336]  ? skb_clone+0x190/0x3f0
[  469.339599][T11336]  skb_clone+0x190/0x3f0
[  469.339619][T11336]  netlink_deliver_tap+0xabd/0xd30
[  469.339643][T11336]  netlink_unicast+0x5df/0x7f0
[  469.339665][T11336]  ? __pfx_netlink_unicast+0x10/0x10
[  469.339692][T11336]  netlink_sendmsg+0x8d1/0xdd0
[  469.339716][T11336]  ? __pfx_netlink_sendmsg+0x10/0x10
[  469.339743][T11336]  ____sys_sendmsg+0xa95/0xc70
[  469.339764][T11336]  ? copy_msghdr_from_user+0x10a/0x160
[  469.339782][T11336]  ? __pfx_____sys_sendmsg+0x10/0x10
[  469.339813][T11336]  ___sys_sendmsg+0x134/0x1d0
[  469.339833][T11336]  ? __pfx____sys_sendmsg+0x10/0x10
[  469.339881][T11336]  __sys_sendmsg+0x16d/0x220
[  469.339899][T11336]  ? __pfx___sys_sendmsg+0x10/0x10
[  469.339924][T11336]  ? rcu_is_watching+0x12/0xc0
[  469.339954][T11336]  do_syscall_64+0xcd/0x260
[  469.339975][T11336]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.339990][T11336] RIP: 0033:0x7fafa698d169
[  469.340004][T11336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.340018][T11336] RSP: 002b:00007fafa788a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  469.340033][T11336] RAX: ffffffffffffffda RBX: 00007fafa6ba5fa0 RCX: 00007fafa698d169
[  469.340043][T11336] RDX: 0000000020048000 RSI: 0000200000000140 RDI: 0000000000000003
[  469.340053][T11336] RBP: 00007fafa788a090 R08: 0000000000000000 R09: 0000000000000000
[  469.340061][T11336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.340070][T11336] R13: 0000000000000000 R14: 00007fafa6ba5fa0 R15: 00007fffb6aa19f8
[  469.340092][T11336]  </TASK>
[  470.072767][   T30] audit: type=1400 audit(1743739223.404:900): avc:  denied  { write } for  pid=11349 comm="syz.4.1605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  470.211981][T11372] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(11)
[  470.218820][T11372] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  470.227593][T11372] vhci_hcd vhci_hcd.0: Device attached
[  470.409576][ T5926] vhci_hcd: vhci_device speed not set
[  470.459530][ T6091] usb 3-1: new low-speed USB device number 80 using dummy_hcd
[  470.469416][ T5926] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  470.539882][   T30] audit: type=1400 audit(1743739223.474:901): avc:  denied  { ioctl } for  pid=11365 comm="syz.2.1609" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  470.654435][T11382] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  470.749832][T11382] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  470.760250][ T6091] usb 3-1: config 0 has no interfaces?
[  470.760284][ T6091] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  470.760303][ T6091] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.790328][ T6091] usb 3-1: config 0 descriptor??
[  471.220556][   T30] audit: type=1400 audit(1743739224.224:902): avc:  denied  { append } for  pid=11377 comm="syz.3.1612" name="sg0" dev="devtmpfs" ino=738 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  471.256900][T11373] usbip_core: unknown command
[  471.263660][T11373] vhci_hcd: unknown pdu 2842879516
[  471.264949][T11382] hsr0: entered promiscuous mode
[  471.273826][T11373] usbip_core: unknown command
[  471.293211][ T1103] vhci_hcd: stop threads
[  471.297865][ T1103] vhci_hcd: release socket
[  471.306372][ T1103] vhci_hcd: disconnect device
[  471.319669][ T5926] vhci_hcd: vhci_device speed not set
[  471.334228][T11382] hsr0: entered allmulticast mode
[  471.349115][T11382] hsr_slave_0: entered allmulticast mode
[  471.371933][T11382] hsr_slave_1: entered allmulticast mode
[  471.378314][T11380] fuse: Unknown parameter 'Qd'
[  471.508737][T11397] FAULT_INJECTION: forcing a failure.
[  471.508737][T11397] name failslab, interval 1, probability 0, space 0, times 0
[  471.530764][T11397] CPU: 1 UID: 0 PID: 11397 Comm: syz.3.1614 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  471.530791][T11397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  471.530801][T11397] Call Trace:
[  471.530807][T11397]  <TASK>
[  471.530814][T11397]  dump_stack_lvl+0x16c/0x1f0
[  471.530839][T11397]  should_fail_ex+0x512/0x640
[  471.530856][T11397]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  471.530877][T11397]  should_failslab+0xc2/0x120
[  471.530896][T11397]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  471.530913][T11397]  ? mas_alloc_nodes+0x18b/0x8b0
[  471.530934][T11397]  mas_alloc_nodes+0x18b/0x8b0
[  471.530956][T11397]  mas_node_count_gfp+0x105/0x130
[  471.530976][T11397]  mas_preallocate+0x53e/0xcd0
[  471.531001][T11397]  ? __lock_acquire+0xaa4/0x1ba0
[  471.531018][T11397]  ? __pfx_mas_preallocate+0x10/0x10
[  471.531046][T11397]  ? __asan_memset+0x23/0x50
[  471.531072][T11397]  commit_merge+0x29a/0x1020
[  471.531093][T11397]  ? __pfx_commit_merge+0x10/0x10
[  471.531113][T11397]  ? vma_expand+0x682/0x8c0
[  471.531130][T11397]  ? dup_anon_vma.constprop.0+0x74/0x320
[  471.531150][T11397]  vma_expand+0x3c1/0x8c0
[  471.531167][T11397]  ? __pfx_vma_expand+0x10/0x10
[  471.531184][T11397]  ? can_vma_merge_right+0xa4/0x630
[  471.531210][T11397]  vma_merge_new_range+0x33b/0xc10
[  471.531233][T11397]  vma_merge_extend+0x25e/0x310
[  471.531250][T11397]  ? __pfx_vma_merge_extend+0x10/0x10
[  471.531276][T11397]  ? bpf_lsm_mmap_addr+0x9/0x10
[  471.531296][T11397]  ? security_mmap_addr+0x6c/0x1e0
[  471.531320][T11397]  ? __get_unmapped_area+0x26a/0x440
[  471.531346][T11397]  __do_sys_mremap+0x122f/0x15c0
[  471.531369][T11397]  ? __pfx___do_sys_mremap+0x10/0x10
[  471.531387][T11397]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  471.531411][T11397]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  471.531446][T11397]  ? rcu_is_watching+0x12/0xc0
[  471.531473][T11397]  do_syscall_64+0xcd/0x260
[  471.531496][T11397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.531514][T11397] RIP: 0033:0x7f2275b8d169
[  471.531529][T11397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  471.531551][T11397] RSP: 002b:00007f2276a83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  471.531568][T11397] RAX: ffffffffffffffda RBX: 00007f2275da5fa0 RCX: 00007f2275b8d169
[  471.531579][T11397] RDX: 0000000000003000 RSI: 0000000000001000 RDI: 0000200000ffc000
[  471.531589][T11397] RBP: 00007f2276a83090 R08: 0000200000ffa000 R09: 0000000000000000
[  471.531600][T11397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  471.531610][T11397] R13: 0000000000000000 R14: 00007f2275da5fa0 R15: 00007ffc3ccfe918
[  471.531633][T11397]  </TASK>
[  471.531661][T11397] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] SMP KASAN NOPTI
[  471.807021][T11397] KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
[  471.815417][T11397] CPU: 1 UID: 0 PID: 11397 Comm: syz.3.1614 Not tainted 6.14.0-syzkaller-12966-ga2cc6ff5ec8f #0 PREEMPT(full) 
[  471.827112][T11397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  471.837165][T11397] RIP: 0010:__do_sys_mremap+0x1392/0x15c0
[  471.842869][T11397] Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 18 34 af ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00
[  471.862458][T11397] RSP: 0018:ffffc90004dc7d20 EFLAGS: 00010293
[  471.868502][T11397] RAX: dffffc0000000004 RBX: ffff8880798ab200 RCX: ffffffff821183c6
[  471.876458][T11397] RDX: ffff88805049a440 RSI: ffffffff820c0cb8 RDI: 0000000000000005
[  471.884405][T11397] RBP: ffff888026096140 R08: 0000000000000005 R09: 0000000000000000
[  471.892362][T11397] R10: 00000000fffffff4 R11: fffffffffffd9f50 R12: 0000000000002000
[  471.900310][T11397] R13: 1ffff920009b8faa R14: 0000200000ffc000 R15: ffff8880798ab370
[  471.908264][T11397] FS:  00007f2276a836c0(0000) GS:ffff888124ab8000(0000) knlGS:0000000000000000
[  471.917174][T11397] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  471.923736][T11397] CR2: 00007f1137dc6324 CR3: 0000000012b96000 CR4: 00000000003526f0
[  471.931690][T11397] DR0: 0000000100000001 DR1: 0000000000000001 DR2: 0000000000000006
[  471.939638][T11397] DR3: 0000000000000003 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  471.947586][T11397] Call Trace:
[  471.950842][T11397]  <TASK>
[  471.953751][T11397]  ? __pfx___do_sys_mremap+0x10/0x10
[  471.959017][T11397]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  471.964632][T11397]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  471.970594][T11397]  ? rcu_is_watching+0x12/0xc0
[  471.975351][T11397]  do_syscall_64+0xcd/0x260
[  471.979852][T11397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  471.985745][T11397] RIP: 0033:0x7f2275b8d169
[  471.990673][T11397] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  472.010271][T11397] RSP: 002b:00007f2276a83038 EFLAGS: 00000246 ORIG_RAX: 0000000000000019
[  472.018679][T11397] RAX: ffffffffffffffda RBX: 00007f2275da5fa0 RCX: 00007f2275b8d169
[  472.026631][T11397] RDX: 0000000000003000 RSI: 0000000000001000 RDI: 0000200000ffc000
[  472.034581][T11397] RBP: 00007f2276a83090 R08: 0000200000ffa000 R09: 0000000000000000
[  472.042531][T11397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  472.050479][T11397] R13: 0000000000000000 R14: 00007f2275da5fa0 R15: 00007ffc3ccfe918
[  472.058433][T11397]  </TASK>
[  472.061427][T11397] Modules linked in:
[  472.065358][    C1] vkms_vblank_simulate: vblank timer overrun
[  472.071734][T11397] ---[ end trace 0000000000000000 ]---
[  472.149539][ T6091] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  472.158329][T11397] RIP: 0010:__do_sys_mremap+0x1392/0x15c0
[  472.177281][T11397] Code: 0f 85 45 02 00 00 48 8b 04 24 c6 84 24 70 01 00 00 01 48 01 85 68 02 00 00 eb 9a e8 18 34 af ff 48 b8 04 00 00 00 00 fc ff df <80> 38 00 0f 85 a7 01 00 00 48 8b 2c 25 20 00 00 00 31 ff 81 e5 00
[  472.319558][T11397] RSP: 0018:ffffc90004dc7d20 EFLAGS: 00010293
[  472.333501][T11397] RAX: dffffc0000000004 RBX: ffff8880798ab200 RCX: ffffffff821183c6
[  472.354137][ T6091] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  472.365144][ T6091] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.365157][T11397] RDX: ffff88805049a440 RSI: ffffffff820c0cb8 RDI: 0000000000000005
[  472.401954][T11397] RBP: ffff888026096140 R08: 0000000000000005 R09: 0000000000000000
[  472.407371][ T6091] usb 1-1: Product: syz
[  472.414153][ T6091] usb 1-1: Manufacturer: syz
[  472.419307][ T6091] usb 1-1: SerialNumber: syz
[  472.424021][T11397] R10: 00000000fffffff4 R11: fffffffffffd9f50 R12: 0000000000002000
[  472.440270][ T6091] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  472.449562][T11397] R13: 1ffff920009b8faa R14: 0000200000ffc000 R15: ffff8880798ab370
[  472.457755][T11397] FS:  00007f2276a836c0(0000) GS:ffff8881249b8000(0000) knlGS:0000000000000000
[  472.461286][   T92] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  472.466903][T11397] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  472.482500][T11397] CR2: 0000001b2fd0fff8 CR3: 0000000012b96000 CR4: 00000000003526f0
[  472.490553][T11397] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  472.498551][T11397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  472.506689][T11397] Kernel panic - not syncing: Fatal exception
[  472.512936][T11397] Kernel Offset: disabled
[  472.517240][T11397] Rebooting in 86400 seconds..