last executing test programs:

12.093755529s ago: executing program 4 (id=1749):
socket$nl_netfilter(0x10, 0x3, 0xc)
mq_open(0x0, 0x800, 0x1be, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x2, 0x7}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0xfffffffffffffe4a, &(0x7f0000000280)=0xca)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@deltfilter={0x44, 0x2d, 0x200, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x7, 0x5}, {0x5, 0x8}, {0x2, 0xf}}, [@TCA_RATE={0x6, 0x5, {0x5, 0x8}}, @TCA_RATE={0x6, 0x5, {0x10}}, @TCA_RATE={0x6, 0x5, {0x0, 0x2}}, @TCA_RATE={0x6, 0x5, {0xd2, 0xbd}}]}, 0x44}}, 0x8014)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=ANY=[@ANYRESDEC=r1, @ANYRESOCT=r1], 0x80}, 0x1, 0x0, 0x0, 0x200008c0}, 0x4040084)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SOUND_OLD_MIXER_INFO(0xffffffffffffffff, 0x80304d65, &(0x7f00000006c0))
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000041)
r2 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000180)={0x2, 0x4, 0x0, 0xe}, 0x10)
add_key$keyring(&(0x7f0000000240), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, 0x0)
write(r2, &(0x7f0000000000)="1c0000001a005f0214f9f4070009010000000000fe03000100000000", 0x1c)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
getsockopt(r2, 0x10117, 0x1002, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
r3 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$6lowpan_enable(r3, &(0x7f00000000c0)='1', 0x1)

9.448839911s ago: executing program 0 (id=1750):
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x400600, 0xa8)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="071101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_route(0x10, 0x3, 0x0)
signalfd4(r1, 0x0, 0x0, 0x80000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000080)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffdb1, &(0x7f0000000280)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x8, 0x0)
lseek(0xffffffffffffffff, 0x1000000, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000025300)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="100a06000908010014001a8010000580"], 0x34}, 0x1, 0x0, 0x0, 0x200080d0}, 0x14)
r6 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r6, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x0, 0x6040000})
prlimit64(0x0, 0x0, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r7 = getpid()
sched_setscheduler(r7, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480))

8.857174307s ago: executing program 1 (id=1751):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002100b704000000000000850000005700000095"], 0x0, 0x100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x1e)

8.576605792s ago: executing program 1 (id=1754):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000001000000000700000a54000000060a0d040000000000000000020000000900020073797a32000000000900010073797a300000000028000480240001800a0001007175657565000000140002800600014000030000060002"], 0x7c}}, 0x0)

8.564887048s ago: executing program 1 (id=1755):
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
io_uring_setup(0x94f, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
r0 = socket$can_raw(0x1d, 0x3, 0x1)
accept4(r0, &(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @loopback}}, &(0x7f0000000100)=0x80, 0x80000)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0xe, &(0x7f0000001d80)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b70600007fffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000002b000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e6185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc5f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f659cb132b803000000661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b32a0080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c61a137462c7f2539479f49d4eb2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e14861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc16e7c337642d3e5a815232f5e16b089f37b3591a15c0a9be6eb18208404c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c0977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6040099d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663dd472021d202eedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe3594d4a3f2239cfe00000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed180d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35f267632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e80339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12a851810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f314001a62863f6e04b4506ac2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab79e609c57a2a7332f4d8764c302ccd5aac114482b619fca4d97a0ae75ccf11e29a854380e2b4bb9905a1517ec40bb3fa44f9959bad67ccaba76408da35e9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296e99d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55000048e150695ffae3a676555b10da11751865126d19336116a1e58ab727dda6b343cc97f9479136a66f552abf8fe3d134f6d69df1cf7800b4bda4db5e68aaccf44d24e09f8a769e3ae7bf246673f15e3d1adae4384bdb7cd30a33e30466b421feb96006c810fd3830a1c75af2580727ffc699d2b04f476acc21419fad9b1baec88974da2db29b80859bde08b85c8086e4b7f1fd568042ad5396d3179c71b1dc43291e450ce9b8d7d80fcb44966d7ad4691a37870000000000000000000000000000000000000000000000000000000000000000000083a5765d06da91165d24bc316607e2d69344aa1c07ff7cd7bc3d17f122478b6e81077782b9c298edc2546045feff90e7aa7dc1a869fa5551b873e2c838e979e033b7707df75b93cf5b8d25242741a88f2d54a7107375b25911aa11efa3a4f87fc14f180e353615b3cb9a5cf5ea843014a277c3694a5a83266f73ef039dd739187923715548d58ff43be997e357e0cbed29faef19c0082e26fb867bf0ff0000000000000000000000a0616252abda1102c3eee13eddef0275f21752ee474e32d790ae1f3df77e303ae1968c2a4419d1ca13b97b2c3123ab5b8473b880644e6acfe1d346d1528262c6e91f38029ec24eeb4fe5c1b3726bcfd386ba153fed11692170e5a09432bd02fa9dba861ecad4dbf61a93733a21aeff5f541b8f78bccbf1ac0000000000000000000000145aaaa62ff74b216b2977e7b9261824f663cea60ec6e0fa03bd596cec6d12316c8ed147d4cdd140857444c27c1946b1afcd4ec260694cb71e421744cf1f860840b0decf9be35aeb02d1bf6137b3189edb2d21557e6804ed52305e7deace8b97cd2b423cb79c541762097e29c386634a4bcc3ee91266d808706aadbc4650183d71bf5341edfe4c815d3a87c05d75da20b260d39cdd8559292000cb06faf9972683d379565dcd932fbc6bfb13f938a693252fc3af8088fcf8e06a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe, 0x6000002c, &(0x7f0000000100)="b9ff03316844268cb89e14f0080048e0050000000000008877fbac141516e0000001440404feb180008903040000845013f2325f003901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0103461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014c0000c0adc043084617d7ecf41effff38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d7da058f6efa6d1f5f7ff400"/254, 0x0, 0xfe, 0x60000000, 0x0, 0xfffffffe}, 0x2c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/mcfilter6\x00')
write(0xffffffffffffffff, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
connect$can_bcm(r2, &(0x7f00000005c0), 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000600)=ANY=[@ANYBLOB="6c000000100039040000000000100001000000007a8b17a78f4445ec4786a63fd4d0ec7c74cf1245d98fab92e18bce0f8f9c8661c370d54d4d8c5310138f66897aba3d6715", @ANYRES32=0x0, @ANYBLOB="00000000404000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc020000000000000000000000000000050010008b00000008001e0000000000"], 0x6c}}, 0x0)

7.815610038s ago: executing program 4 (id=1756):
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x700)

7.727999566s ago: executing program 4 (id=1758):
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r2, 0x114, 0x6, &(0x7f0000000140)=0x1, 0x4)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40001}, 0x0)
setsockopt$RDS_CONG_MONITOR(r1, 0x114, 0x6, &(0x7f0000000000)=0xfffffffe, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_buf(r3, 0x0, 0x8008000000010, &(0x7f0000005e40)="17000000020001000003d68c5ee17688a2003208020300ecff3f0200000300000a000000009afc5ad9485bbb6a880000d6c8db0000dba67e060180000a0000f10607bdff59100ac45761407a681f009cee4a5acb3da400001fb700674f19b44e09f9315033bf79ac2dff060115003901000000000000ea000000000000000009ffff02dfccebf6ba0008400200000000e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e000"/184, 0xb8)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xac5)
syz_clone3(&(0x7f0000000180)={0x23800000, &(0x7f0000000040)=<r4=>0xffffffffffffffff, 0x0, 0x0, {0x27}, 0x0, 0x0, 0x0, 0x0}, 0x58)
io_setup(0x482, &(0x7f0000000600)=<r5=>0x0)
io_submit(r5, 0x2, &(0x7f0000000500)=[&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0xd, r3, &(0x7f0000000380)="8e7bebb71120badfcf73f26071e00aab489b58af7eefc2b9629f3be6b1be1be4843897805c6c6ba946b34ee8f8910f994e8b660c1603356d6c5fc373d66261265fd68e003ddb5a35676a228116274175f99a2999d4df9e7394a8653438d94f44ef41f74daa93e8f5ea47f58f02e0135fcf38e889dbb7ffa9153a53f730cf964cb8661dba6341a359dab88e633fc56fbf1ee5c45ee331c946845e74996189a4f9114ca1c2a2962d2592b1a667454b1eab", 0xb0, 0x6, 0x0, 0x2}, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0xb, r0, &(0x7f0000000480)="2508501e78aa1269031ff8", 0xb, 0x4, 0x0, 0x2}])
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
connect$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
setsockopt$sock_int(r3, 0x1, 0x12, &(0x7f0000000100)=0x8, 0x4)
fchdir(r0)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000339000/0x2000)=nil, 0x2000, 0xb635773f06ebbeee, 0x11, r4, 0xffffd000)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)

7.170688702s ago: executing program 1 (id=1759):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x800003fc, 0x0, 0x32, 0x803}, 0x9c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1194}, 0x1, 0x0, 0x0, 0x4048000}, 0x4000880)
chdir(&(0x7f0000000000)='./file0\x00')
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000180)=0x7, 0x4)
openat$full(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f0000000240), 0x0, 0x40010121, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
socket$netlink(0x10, 0x3, 0x10)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1ff, 0x0)
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff})
r6 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0021ca102b20bc4da4597840000000000000000000000000c9a482bc40ac1edd0100000000000079257033d24b7f193dacf5ff6dd46bd4df054cb236bfd27bdf5a5a370c49dbc8526c1acf3f7db88b97fd0ad1eacf42222c26434225c3d377164cc726f787536382f21087220bef5a94c3bdea3907b6764b600a8e1d0900e375ba58ac42da1c7c71d9c209c8041db4c53af24b8c8d3792d462e58d92f41c922b04578af74137dba3495a8d8ed587a6c35b0f3027eb3de0741cebddb3d125c5c0ee68e836feb0aa882cba90f7e8a6009d97fdcf246687d9be85b08547b3bb3d3e9d94ff2a91411a45b01365fe50acddb02070551c1a60ea06895f0588a1b3f5f1005b7347d79de1"], 0x48)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000000c0)={r7, &(0x7f0000000200), 0x0}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@bloom_filter={0x1e, 0x5, 0x5, 0x1, 0x208, r5, 0x2, '\x00', 0x0, r6, 0x5, 0x5, 0x0, 0xc}, 0x50)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000001c0)={0x8000, 0x2, 0x4})
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000001780), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(0xffffffffffffffff, 0x0, 0x80)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
r10 = fsopen(&(0x7f0000000080)='exfat\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r10, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c::\x00\x00', 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r4, 0xc01c64a3, &(0x7f0000000040)={0x3, r9, 0x10000000, 0x80000001, 0xb, 0x1fd, 0x1})

6.98901168s ago: executing program 4 (id=1760):
unshare(0x62040200)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3f}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x8}, @IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x48}}, 0x0)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x54, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x17e5}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x54}}, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000009060102000000f8ffffff00000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000050)

5.904960045s ago: executing program 1 (id=1762):
unshare(0x2c020400)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bond0\x00'})
syz_open_dev$loop(0x0, 0x2, 0x2001)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
pipe2(&(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000001c0), 0x901089, &(0x7f0000000640)=ANY=[]) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000140)=@abs, 0x6e) (async)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(r4, 0x0, 0x0) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 64)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) (async, rerun: 64)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r5, r5, 0x200000000000000) (async, rerun: 32)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00') (rerun: 32)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000480)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x24, r1}, 0x94)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000001c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xfffffffc, 0x30, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000340)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x4}, 0x50) (async)
r8 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r9 = syz_open_dev$cec(&(0x7f0000000200), 0xffffffffffffffff, 0x101)
ioctl$CEC_TRANSMIT(r9, 0xc0386105, &(0x7f0000000100)={0xfffffffffffffff7, 0x7fffffff, 0x1, 0xc, 0x6, 0x7fff, "16b0bc450cfc47961ed5d8167d4f7865", 0x1, 0x52, 0xbb, 0x3, 0x9, 0x9, 0xd}) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r10)

5.672287644s ago: executing program 1 (id=1764):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
rt_sigtimedwait(&(0x7f0000000040)={[0x9]}, 0x0, 0x0, 0x8)
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
close(r0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
openat(r0, &(0x7f0000004280)='./file0\x00', 0x2400, 0x100)
lseek(0xffffffffffffffff, 0x2, 0x893b8993f4d168b9)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
recvfrom(r0, &(0x7f0000000000), 0x0, 0x183, 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
pipe2$watch_queue(0x0, 0x80)
unshare(0x8000000)
setresuid(0xee01, 0xee00, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x57)
syz_usb_connect$uac3(0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000300), 0x80b2, &(0x7f0000000340)={[{@uuid_off}, {@userxattr}], [{@func={'func', 0x3d, 'MMAP_CHECK'}}]})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r2 = io_uring_setup(0x9f9, &(0x7f0000000040)={0x0, 0x76be, 0xc000, 0x3, 0x20002f7})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e24, @empty}}, 0x80, 0x0}, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

5.375368546s ago: executing program 0 (id=1767):
iopl(0x7)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0)
read$char_usb(r0, &(0x7f00000000c0)=""/104, 0x12)
fcntl$setstatus(r0, 0x4, 0xc00)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000001c0)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x5, '\x00', r1, 0xffffffffffffffff, 0x3, 0x4, 0x5}, 0x50)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r3, &(0x7f0000000440), 0x10)
listen(r3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$KDGKBTYPE(r4, 0x4b48, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000480)=ANY=[@ANYBLOB="040e080e1b0c02c3d87cfc35af321671ac4e56f9498bb9866b7ba64a4d8f29d83d3d2a56ef8252523e5ce231fb8896abe624d0b7868aa23f9aa9f1cedff1836a3db1e60f28869eaa1aaec186f9e7b5212a49a9d8cd7f7f47b6b2e0f51f74cddad1d8be781b73f1b27df3bb62ae212b34557d9dd682da2e1204f1e9f8f95a28c4234625154d8729dd35b196fbc1601d4e2116aa7a6fc1f5b30d35538f8f3d10b8f7326c0d5c80bf7139879f4a4a18ec930e920bf96b0c81fb9ee725030fa2acca858233422d10083054975bfbca2ae04757fcb7eee098bb084a05b6f038febbca71233dc7e458aea121a2e21b5c252abd4705030cf2013953de2825d7b7cf954bfdc2feddcd491026bb41646dde6e22e82049c6e75ccb46050a5e275ee0b1f2b199488fec42cd17c305a90fda1490a5b02c8d116675c64dbfdd365fd8dd7413968173128baa243d"], 0xb)
syz_emit_ethernet(0x4e, &(0x7f0000000680)=ANY=[@ANYBLOB="aaaaaaaaaaaa4910075ad2b986dd604dd7080018060020010000000000000000000000000001fe8000000000000000000000000000aa00004001", @ANYRES32=r1, @ANYRES32=0x41424344, @ANYRES64=r4], 0x0)
r5 = syz_open_dev$video4linux(&(0x7f0000000300), 0x4, 0x101a82)
ioctl$VIDIOC_QUERYMENU(r5, 0xc02c5625, &(0x7f0000000000)={0x74d4, 0x7, @name="45597ee80b482e3a03cb208608ff855d8ef6ae1c48cc0af977fa116f745d2cc4"})
socket$vsock_stream(0x28, 0x1, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
dup(r6)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x0, 0x4, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, r4, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ffff}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r8}, 0xc)

5.064939623s ago: executing program 3 (id=1769):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
r1 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x1000000d})
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
semop(0x0, &(0x7f0000000100)=[{0x2, 0x0, 0xae900ca740621e5a}], 0x1)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000038c0), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, 0x0)
r5 = io_uring_setup(0x64a, &(0x7f0000000200)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_buf(r6, 0x0, 0x29, 0x0, &(0x7f0000695ffc))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8982, &(0x7f0000000180)={0x6, 'ip6gre0\x00', {0x3}, 0x6})
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0xcc17f, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/sem\x00', 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x334000, 0x1000}, 0x20)

4.153568752s ago: executing program 3 (id=1771):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x7, 0x8, 0xa, 0x0, 0x1, 0xfffffffd}, 0x50)
getresuid(&(0x7f00000000c0), &(0x7f0000002d00), &(0x7f0000000100))
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000010400)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1, r0}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000080)={0x0, <r2=>0x0}, 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x21, 0x1b, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3ff}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @exit, @alu={0x7, 0x1, 0x4, 0x1, 0x9, 0x80, 0xfffffffffffffff5}, @cb_func={0x18, 0x7, 0x4, 0x0, 0xfffffffffffffffa}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='GPL\x00', 0x8d, 0x41, &(0x7f0000000300)=""/65, 0x41000, 0x54, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x0, 0x7, 0xd, 0xfffffffc}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x1], 0x0, 0x10, 0x1}, 0x94)
ioctl$XFS_IOC_GET_RESBLKS(r3, 0x80105873, &(0x7f00000004c0))
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip6gre0\x00', &(0x7f0000000500)={'syztnl2\x00', <r4=>0x0, 0x2f, 0x4, 0xf, 0x7, 0x20, @rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, 0x8, 0x8000, 0x4}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fc2b0000850000000e00000095", @ANYRES16=r3], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', r4, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, r3, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
socket$unix(0x1, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21}, &(0x7f0000000300)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0x42795000)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x3736, 0x0, 0x0, 0x41100, 0x11, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r7, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
r8 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r8, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}, {{&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0, 0x80000001}, 0x1c, &(0x7f0000000800)=[{&(0x7f0000000180)="ed", 0x1}], 0x1}}], 0x2, 0x0)
shutdown(r8, 0x1)
epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r0, &(0x7f0000000680)={0x80000003})
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r8, 0x84, 0x70, &(0x7f0000000380)={0x0, @in6={{0xa, 0x4e21, 0x516, @empty, 0x80000055}}, [0x1d, 0x4, 0xfffffffffffffffc, 0x5243d027, 0xd6, 0x4, 0x7f, 0x7f, 0x3, 0x0, 0x101, 0x7, 0x3, 0xffffffffffffffff, 0x3]}, &(0x7f0000000080)=0x100)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x40, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2141, 0x59)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r5, 0x18000000000002a0, 0x36, 0x0, &(0x7f0000000140)="29125c9f0e054e08c9b9ffef86dd843604a3be779c5a20de175a2637846931b1a6c8a3937815f5ca9e316d5e1c2db2dcf24e061b116d", 0x0, 0x10, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.01537156s ago: executing program 0 (id=1773):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYRESOCT], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0xc, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
socket$inet6(0xa, 0x805, 0x0)
socket$inet(0x2, 0x80000, 0x3ff)
fsopen(&(0x7f0000000180)='btrfs\x00', 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = getpgrp(0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000340)={r7, 0x101, 0x3, 0x0, 0x0, [<r8=>0x0], [0x0, 0xb, 0x0, 0xfffffffc], [0x0, 0x80000006, 0x2], [0x5, 0x0, 0x1, 0x2005]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r8})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = socket$kcm(0x29, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000200)={r0, r1})
sendmmsg$inet(r10, &(0x7f00000028c0)=[{{&(0x7f00000001c0)={0x2, 0x4e20, @rand_addr=0x64010101}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000000280)="7fe1b33315b1", 0x6}, {0x0}], 0x2}}], 0x1, 0x40)

3.801224692s ago: executing program 4 (id=1774):
r0 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049dc)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r1, 0x80506409, &(0x7f0000000180)={0x1, 0x80, 0x80, 0xd, 0x10, 0x3e8, 0x2, 0x0, 0x20, 0x1, 0x20, 0xffffffff, &(0x7f0000000600)=[0x7], 0x1, 0x0})
r2 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x8000, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x15)
recvmsg$inet_nvme(r0, 0x0, 0x2)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
ioctl$int_in(r3, 0x5452, &(0x7f0000000340)=0x9)
pselect6(0x40, &(0x7f0000000040)={0x0, 0xfffffffffffffffc, 0x7, 0x8, 0xffffff8, 0x3, 0x0, 0x3}, &(0x7f0000000000)={0x18, 0x2, 0x7, 0x0, 0x7ff, 0x400000, 0x0, 0x92}, 0x0, 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x2804}, 0x8000000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="020d00001c000000000000000000050005000600000000000a00000000000000fc010000000000000000000000000000000000000000000004000400000000000000000000000000000000000000000000000000000000000200120002000200bb6b6e000000000006003200000000000000000000000000fe880000000000000000000000000001fc01000000000000000000000000000005000500000000000a00"/171], 0xe0}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
r7 = inotify_init()
inotify_add_watch(r7, &(0x7f0000000340)='.\x00', 0xa50003d1)
readv(r7, &(0x7f00000004c0)=[{&(0x7f0000000040)=""/177, 0xb1}], 0x1)
r8 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_MFETCH(r8, 0xc0109207, &(0x7f00000006c0)={0x0, 0x0, 0xfffffffd})

2.967356956s ago: executing program 0 (id=1775):
syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0)

2.893656884s ago: executing program 3 (id=1776):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000002100b704000000000000850000005700000095"], 0x0, 0x100}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x1e)

2.876007052s ago: executing program 2 (id=1777):
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40) (async, rerun: 64)
r0 = socket$inet6_udp(0xa, 0x2, 0x0) (async, rerun: 64)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x4000)=nil) (async, rerun: 64)
mprotect(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0) (async, rerun: 64)
mprotect(&(0x7f0000ffb000/0x5000)=nil, 0x5000, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYRES32=r3, @ANYRESDEC=r3], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x4004040) (async, rerun: 64)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x320, 0x18c, 0x203, 0x320, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x0, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x1, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) (async, rerun: 64)
gettid() (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000b28000)=0x3) (async, rerun: 32)
fcntl$setsig(r4, 0xa, 0x12) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x3, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
r6 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r6, &(0x7f0000000b80)=""/102396, 0x18ffc)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) (async, rerun: 32)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) (rerun: 32)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) (async)
r8 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local, 0xc}, {0xa, 0x4e24, 0x0, @empty}, 0x1}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd2, &(0x7f0000000000)={{0xa, 0x4e24, 0x7, @dev={0xfe, 0x80, '\x00', 0x1c}, 0x4}, {0xa, 0x4e23, 0x7, @empty, 0xd473}, 0x0, {[0x4, 0x7, 0x3, 0x4008001, 0x9, 0xe, 0x3, 0xdfff]}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r8, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c)
dup2(r4, r5)

2.790363967s ago: executing program 3 (id=1778):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000300)={0x34, r1, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x20, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x34}}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e22, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x1000}, 0x1c)

2.693115562s ago: executing program 2 (id=1779):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="50000000090601020000ffff00000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070011000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000000700)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118)
sendmmsg$inet6(r1, &(0x7f0000000ec0)=[{{&(0x7f0000000280)={0xa, 0x4e24, 0x1, @private0, 0x1000002}, 0x1c, &(0x7f0000000400)=[{&(0x7f0000000140)="ec", 0x1}], 0x1, &(0x7f0000001240)=ANY=[@ANYBLOB='@'], 0x40}}], 0x1, 0x40)

2.660449052s ago: executing program 3 (id=1780):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[], 0xf8}, 0x1, 0x0, 0x0, 0x4000040}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001600)={0x40, 0x43, 0x1, 0xfffffffe, 0x25dfdbf8, {0x2, 0x7c}, [@nested={0x4, 0x145}, @nested={0x28, 0x1, 0x0, 0x1, [@typed={0x14, 0xd3, 0x0, 0x0, @ipv6=@loopback}, @typed={0x8, 0xde, 0x0, 0x0, @fd}, @typed={0x8, 0x62, 0x0, 0x0, @pid}]}]}, 0x40}, 0x1, 0x0, 0x0, 0xc044}, 0xc000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x20000)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x4058534c, &(0x7f0000000180)={0x80000000, 0xfff, 0x4, 0x5f, 0x5, 0xe})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000010c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000600)="c9f7b98600"/14, 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.600043711s ago: executing program 2 (id=1781):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="230800000000030000000b00000008000300", @ANYRES32=r3, @ANYBLOB="0a0006000802110000010000200050800500020002000000090001007ee5d52ffd0000000800030002ac0f"], 0x48}}, 0x40000)

2.503393408s ago: executing program 2 (id=1782):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
r1 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x1000000d})
prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
semop(0x0, &(0x7f0000000100)=[{0x2, 0x0, 0xae900ca740621e5a}], 0x1)
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000038c0), r2)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x28, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_SECLEVEL={0x5, 0x2a, 0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x80)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, 0x0, 0x0)
r5 = io_uring_setup(0x64a, &(0x7f0000000200)={0x0, 0x8835c, 0xc000, 0x20000a, 0x33c})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_buf(r6, 0x0, 0x29, 0x0, &(0x7f0000695ffc))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8982, &(0x7f0000000180)={0x6, 'ip6gre0\x00', {0x3}, 0x6})
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0xcc17f, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sysvipc/sem\x00', 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x10)
r7 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r7, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x334000, 0x1000}, 0x20)

2.483456903s ago: executing program 0 (id=1783):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000})

2.348601592s ago: executing program 2 (id=1784):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2, 0x0, 0xffffffff}, 0x7, 0x0, &(0x7f0000000040), 0x5, 0x0}})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x7)
pipe(0x0)
ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)={0xffffffff, 0xc9a, 0x80080000, 0x6, 0xe, "dce4f0020100000000001b347d5c00010200"})
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffff)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x34, r5, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0xfe}, @ETHTOOL_A_LINKINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x20009805}, 0x4000080)
r6 = getpid()
sched_setaffinity(0x0, 0x4, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r9 = open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)
ftruncate(r9, 0x2007ffc)

2.285216323s ago: executing program 0 (id=1785):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xb4e02000)
r0 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ptrace$ARCH_GET_UNTAG_MASK(0x1e, r0, 0x0, 0x4001)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x9)
ioctl$BLKRAGET(0xffffffffffffffff, 0x1263, 0x0)
syz_open_dev$vcsa(&(0x7f0000000a80), 0x86, 0x940)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1e00000000000000080000000200000000", @ANYBLOB, @ANYRES32, @ANYBLOB="000000000100000000000000180000000000000000000000000000001b0df67ddf9b0f49003e02b673b344bd1be6d99bad4e20d8266b1e0c85b56e461cb46fb939ce23e8eb85f35784387f790f6e08c51bbfe2311f33d985b843113c5c15bd8e72b1a4e00177"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x20, &(0x7f0000000c40)=ANY=[@ANYBLOB="18000000ffffffff0000000081000000186000000c00000000000000ffffffff18450000fcffffff0000000000000000ed4202000400000018150000", @ANYRES32, @ANYBLOB="00000000000000006879100001000000db830100fcffffff18460000f8ffffff00000000000000", @ANYBLOB="d52e7bb72ea5b86d866c80738f9f49d30f2287511c57b69a2ccb376b2303b9e99c1dc647dfc2cbc89f00fc2da050f0b49bea72506f36b8a1565f7f784540ad275ddedd0b8e3c339507a97bc005b3fd9964da5950ee6e21b451af0219b30294", @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000a0000000000000000c3000000bfa200000000000007020000f8ff"], &(0x7f0000000440)='GPL\x00', 0x40, 0xb4, &(0x7f0000000480)=""/180, 0x41000, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000840)={0x6, 0x4}, 0x8, 0x10, &(0x7f0000000880)={0x4, 0xc, 0xfff, 0xd}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000bc0), &(0x7f0000000c00)=[{0x3, 0x3, 0xe, 0x8}, {0x4, 0x1, 0x2, 0x7}], 0x10, 0x7f}, 0x94)
syz_80211_inject_frame(0x0, 0x0, 0x0)

2.284830485s ago: executing program 3 (id=1786):
timer_create(0x0, 0x0, 0x0)
r0 = socket(0x2d, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x103}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
rt_tgsigqueueinfo(r1, r1, 0x2a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={@empty, 0x42})
mount(0x0, 0x0, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f00000001c0)='\x00', 0x0, 0xffffffffffffffff)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='personality\x00')
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20050840)
lseek(r4, 0xfffd, 0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x4})
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x2172, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001000)='fd/3\x00')
read$FUSE(r5, &(0x7f0000001040)={0x2020}, 0x2020)
write$cgroup_int(r5, &(0x7f0000000000)=0x9, 0x12)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)

2.214735568s ago: executing program 4 (id=1787):
r0 = socket$nl_route(0x10, 0x3, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040))
ioctl$KVM_SET_TSC_KHZ_vm(0xffffffffffffffff, 0xaea2, 0x4ef1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xffffd000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@mss, @window={0x3, 0x7}, @window={0x3, 0x0, 0x401}, @window], 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0xc9100120, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000800)=[{&(0x7f0000000380)=""/149, 0x95}], 0x1, 0x4, 0x3)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r4, 0x3ba0, &(0x7f0000000040)={0x48, 0x2, r5, 0x0, 0x0, 0x0, 0x0, 0x1})
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
ioctl$DRM_IOCTL_PANTHOR_VM_CREATE(0xffffffffffffffff, 0xc0106441, &(0x7f0000000240)={0x0, <r7=>0x0, 0x6})
ioctl$DRM_IOCTL_PANTHOR_TILER_HEAP_CREATE(0xffffffffffffffff, 0xc028644b, &(0x7f00000002c0)={r7, 0xfffffffb, 0x40000, 0x0, 0xfffffffe, 0x0, 0x3, 0x4})
close_range(r6, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="30000000200001002abd7000ffdb9f250a0040040000000700000000100002"], 0x30}, 0x1, 0x0, 0x0, 0x19af90f06f4514f1}, 0x40)

0s ago: executing program 2 (id=1788):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, 0x0)
r0 = inotify_init()
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x8000102)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r2, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="0cfd05001000010000000000000000000300001a14000000110001000000010000000000028e4dc0870000000a"], 0x28}}, 0x0)
inotify_add_watch(r0, &(0x7f0000000340)='.\x00', 0xa50003d1)
getpid()
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000))
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000400), r3)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan0\x00'})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_ADD_SECLEVEL(r4, 0x0, 0x4008010)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r5, 0x2000031, 0x867, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

kernel console output (not intermixed with test programs):

18] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  559.954777][ T5718] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  559.996134][ T5718] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  560.073560][ T5718] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  560.129456][ T5718] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  560.218435][   T29] audit: type=1400 audit(1778120422.714:628): avc:  denied  { nlmsg_read } for  pid=10271 comm="syz.4.1181" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  560.493890][ T5718] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  560.552661][   T29] audit: type=1400 audit(1778120423.044:629): avc:  denied  { write } for  pid=10255 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  560.832605][ T5718] usb 5-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc
[  561.243240][ T5718] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  561.304031][ T5718] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280
[  561.399244][ T5703] usb 1-1: USB disconnect, device number 27
[  561.519096][   T29] audit: type=1400 audit(1778120424.014:630): avc:  denied  { write } for  pid=10290 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  562.200757][ T5718] gspca_sn9c20x: Write register 1001 failed -110
[  562.230967][ T5718] gspca_sn9c20x: Device initialization failed
[  562.258097][ T5718] gspca_sn9c20x 5-1:252.0: probe with driver gspca_sn9c20x failed with error -110
[  562.311720][ T5718] usb 5-1: USB disconnect, device number 32
[  563.123366][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  563.130617][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  563.808769][   T29] audit: type=1400 audit(1778120426.304:631): avc:  denied  { write } for  pid=10293 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  563.955369][ T5703] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  564.123142][ T5703] usb 4-1: device descriptor read/64, error -71
[  564.254219][   T29] audit: type=1400 audit(1778120426.754:632): avc:  denied  { write } for  pid=10332 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  565.129091][ T5703] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  565.303154][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[  565.310458][    C1] bridge0: port 1(bridge_slave_0) entered learning state
[  565.324601][ T5703] usb 4-1: device descriptor read/64, error -71
[  565.464872][ T5703] usb usb4-port1: attempt power cycle
[  565.523132][ T5739] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  565.694051][ T5739] usb 1-1: Using ep0 maxpacket: 32
[  565.714232][ T5739] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  565.750717][ T5739] usb 1-1: config 0 has no interface number 0
[  565.765935][ T5739] usb 1-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  565.813138][ T5739] usb 1-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  565.835336][ T5703] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  565.846579][ T5739] usb 1-1: config 0 interface 12 has no altsetting 0
[  565.864173][ T5739] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  565.876562][ T5703] usb 4-1: device descriptor read/8, error -71
[  565.934072][ T5739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  565.984844][ T5739] usb 1-1: Product: syz
[  566.005063][ T5739] usb 1-1: Manufacturer: syz
[  566.020031][ T5739] usb 1-1: SerialNumber: syz
[  566.053886][ T5739] usb 1-1: config 0 descriptor??
[  566.080503][ T5739] f81534 1-1:0.12: unsupported endpoint max packet size
[  566.123282][ T5703] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  566.175825][ T5703] usb 4-1: device descriptor read/8, error -71
[  566.282676][T10346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.309051][ T5703] usb usb4-port1: unable to enumerate USB device
[  566.322382][T10346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.350159][ T5703] usb 1-1: USB disconnect, device number 28
[  566.467638][   T29] audit: type=1400 audit(1778120428.964:633): avc:  denied  { write } for  pid=10348 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  566.827778][   T29] audit: type=1400 audit(1778120429.314:634): avc:  denied  { write } for  pid=10362 comm="rm" name="hook-state" dev="tmpfs" ino=1776 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  568.423138][ T5739] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  568.436622][T10388] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  568.570473][T10378] nbd: must specify at least one socket
[  568.604832][ T5739] usb 4-1: Using ep0 maxpacket: 32
[  568.650934][ T5739] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  568.703666][ T5739] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.742245][ T5739] usb 4-1: config 0 descriptor??
[  568.831827][T10399] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00bb with DS=0x1f
[  569.081053][ T5739] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  569.156293][ T5739] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  569.226958][ T5739] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  570.394397][ T5739] usb 4-1: media controller created
[  570.409746][T10403] netlink: 'syz.0.1208': attribute type 6 has an invalid length.
[  570.428889][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1199'.
[  570.462534][ T5739] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  570.541342][T10410] netlink: 'syz.4.1209': attribute type 6 has an invalid length.
[  573.064305][ T5739] az6027: usb out operation failed. (-110)
[  573.460345][ T5739] az6027: usb out operation failed. (-32)
[  573.480429][ T5739] stb0899_attach: Driver disabled by Kconfig
[  573.512442][ T5739] az6027: no front-end attached
[  573.512442][ T5739] 
[  573.536620][T10429] erofs (device nullb0): cannot find valid erofs superblock
[  573.549822][ T5739] az6027: usb out operation failed. (-71)
[  573.568249][ T5739] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  573.678232][ T5739] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input30
[  573.714567][ T5739] dvb-usb: schedule remote query interval to 400 msecs.
[  573.929961][ T5739] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  573.998021][ T5739] usb 4-1: USB disconnect, device number 33
[  574.034614][T10434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1217'.
[  574.232277][ T5739] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  574.591495][   T29] audit: type=1400 audit(1778120437.084:635): avc:  denied  { getopt } for  pid=10446 comm="syz.0.1220" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  574.850667][ T5703] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  575.034834][ T5703] usb 2-1: Using ep0 maxpacket: 16
[  575.053939][ T5703] usb 2-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  575.527323][ T5703] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  575.564955][ T5703] usb 2-1: config 0 descriptor??
[  575.603208][ T5703] gspca_main: sonixj-2.14.0 probing 0471:0327
[  575.653124][  T804] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  575.827158][  T804] usb 5-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[  575.848574][  T804] usb 5-1: too many endpoints for config 253 interface 0 altsetting 0: 255, using maximum allowed: 30
[  575.873869][  T804] usb 5-1: config 253 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  575.902517][  T804] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  575.915557][  T804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  575.931561][  T804] usb 5-1: SerialNumber: syz
[  575.950636][  T804] cdc_acm 5-1:253.0: Zero length descriptor references
[  575.963824][  T804] cdc_acm 5-1:253.0: probe with driver cdc_acm failed with error -22
[  575.984862][  T804] usb-storage 5-1:253.0: USB Mass Storage device detected
[  576.021729][  T804] usb-storage 5-1:253.0: Quirks match for vid 0525 pid a4a5: 10000
[  576.133410][ T5703] gspca_sonixj: reg_w1 err -110
[  576.143139][ T5703] sonixj 2-1:0.0: probe with driver sonixj failed with error -110
[  576.287193][ T5703] usb 5-1: USB disconnect, device number 33
[  576.444030][   T29] audit: type=1800 audit(1778120438.944:636): pid=10469 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.0.1226" name="/newroot/242" dev="tmpfs" ino=1271 res=0 errno=0
[  576.543128][  T804] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  576.703139][  T804] usb 1-1: Using ep0 maxpacket: 32
[  576.719379][  T804] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  576.742581][  T804] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  576.766024][  T804] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  576.790102][  T804] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  576.804506][  T804] usb 1-1: config 0 descriptor??
[  577.286989][   T29] audit: type=1400 audit(1778120439.784:637): avc:  denied  { ioctl } for  pid=10476 comm="syz.3.1227" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  577.334172][ T5797] usb 2-1: USB disconnect, device number 34
[  577.816762][T10486] netlink: 'syz.1.1229': attribute type 10 has an invalid length.
[  577.824126][  T804] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  577.920639][  T804] usb 1-1: USB disconnect, device number 29
[  578.026181][T10488] fido_id[10488]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  580.663105][    C0] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.670383][    C0] bridge0: topology change detected, propagating
[  580.677060][    C1] bridge0: port 1(bridge_slave_0) entered forwarding state
[  580.684668][    C1] bridge0: topology change detected, propagating
[  581.085549][T10506] nbd: must specify at least one socket
[  581.123573][T10515] netlink: 'syz.2.1236': attribute type 6 has an invalid length.
[  581.958502][T10522] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1239'.
[  582.193605][T10526] netlink: 5940 bytes leftover after parsing attributes in process `syz.0.1240'.
[  582.202903][T10526] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  583.103101][ T5704] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  583.263581][T10539] futex_wake_op: syz.1.1245 tries to shift op by 144; fix this program
[  583.287781][ T5704] usb 5-1: Using ep0 maxpacket: 32
[  583.305917][ T5704] usb 5-1: config 0 has an invalid interface number: 132 but max is 0
[  583.326439][ T5704] usb 5-1: config 0 has no interface number 0
[  583.350172][ T5704] usb 5-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  583.388174][ T5704] usb 5-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  583.413126][ T5704] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.438818][ T5704] usb 5-1: Product: syz
[  583.456580][ T5704] usb 5-1: Manufacturer: syz
[  583.607577][ T5704] usb 5-1: SerialNumber: syz
[  583.643708][ T5704] usb 5-1: config 0 descriptor??
[  583.683935][ T5704] em28xx 5-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  583.720063][ T5704] em28xx 5-1:0.132: Video interface 132 found:
[  584.083653][ T5704] em28xx 5-1:0.132: unknown em28xx chip ID (0)
[  584.279385][   T29] audit: type=1400 audit(1778120446.774:638): avc:  denied  { append } for  pid=10551 comm="syz.3.1249" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  584.511018][T10528] netlink: 16150 bytes leftover after parsing attributes in process `syz.4.1241'.
[  584.541333][T10528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.568524][T10528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  584.603272][T10528] overlayfs: conflicting lowerdir path
[  584.618518][ T5704] em28xx 5-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=0)
[  584.632686][ T5704] em28xx 5-1:0.132: board has no eeprom
[  585.537190][ T5704] em28xx 5-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  585.551123][ T5704] em28xx 5-1:0.132: analog set to bulk mode.
[  585.557938][ T5703] em28xx 5-1:0.132: Registering V4L2 extension
[  585.600549][ T5704] usb 5-1: USB disconnect, device number 34
[  585.625816][ T5704] em28xx 5-1:0.132: Disconnecting em28xx
[  585.695724][   T29] audit: type=1400 audit(1778120448.194:639): avc:  denied  { read } for  pid=10561 comm="syz.0.1252" dev="sockfs" ino=29413 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  585.989276][ T5703] em28xx 5-1:0.132: Config register raw data: 0xffffffed
[  586.004379][ T5703] em28xx 5-1:0.132: AC97 chip type couldn't be determined
[  586.024874][ T5703] em28xx 5-1:0.132: No AC97 audio processor
[  586.093189][ T5718] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  586.125865][ T5703] usb 5-1: Decoder not found
[  586.136023][ T5703] em28xx 5-1:0.132: failed to create media graph
[  586.149359][ T5703] em28xx 5-1:0.132: V4L2 device video103 deregistered
[  586.224732][ T5703] em28xx 5-1:0.132: Remote control support is not available for this card.
[  586.243790][ T5704] em28xx 5-1:0.132: Closing input extension
[  586.353435][ T5704] em28xx 5-1:0.132: Freeing device
[  586.780878][ T5718] usb 1-1: Using ep0 maxpacket: 8
[  586.808647][T10576] ipt_ECN: cannot use operation on non-tcp rule
[  586.861745][ T5718] usb 1-1: config 1 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  586.884235][ T5718] usb 1-1: config 1 interface 0 has no altsetting 0
[  586.923455][ T5718] usb 1-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice= 0.40
[  586.935882][ T5718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.945250][ T5718] usb 1-1: Product: syz
[  586.953699][ T5718] usb 1-1: Manufacturer: syz
[  586.960129][ T5718] usb 1-1: SerialNumber: syz
[  587.043382][ T5704] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  587.214078][ T5704] usb 5-1: Using ep0 maxpacket: 16
[  587.226162][T10586] netlink: 5940 bytes leftover after parsing attributes in process `syz.3.1258'.
[  587.235602][T10586] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  587.313856][ T5704] usb 5-1: unable to get BOS descriptor or descriptor too short
[  587.321106][ T5718] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input31
[  587.385756][ T5704] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  587.583241][ T5704] usb 5-1: string descriptor 0 read error: -22
[  587.687912][ T5704] usb 5-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  587.804303][ T5704] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.088088][ T5718] usb 1-1: USB disconnect, device number 30
[  588.088152][    C0] appletouch 1-1:1.0: atp_complete: usb_submit_urb failed with result -19
[  588.530204][ T5718] appletouch 1-1:1.0: input: appletouch disconnected
[  588.572031][ T5704] snd-ua101 5-1:1.0: invalid num_altsetting
[  588.907602][T10598] netlink: 5940 bytes leftover after parsing attributes in process `syz.0.1263'.
[  588.917043][T10598] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  589.006368][T10576] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1256'.
[  589.077875][T10576] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1256'.
[  589.244962][T10581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.335117][T10581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.372796][T10576] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1256'.
[  589.386931][ T5718] usb 5-1: USB disconnect, device number 35
[  589.580435][T10609] virt_wifi0 speed is unknown, defaulting to 1000
[  589.873833][ T5703] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  590.085793][ T5703] usb 2-1: Using ep0 maxpacket: 8
[  590.176389][ T5703] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  590.275043][ T5703] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  590.316592][ T5703] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  590.363793][ T5703] usb 2-1: config 0 descriptor??
[  590.656810][ T5703] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  590.749531][T10627] futex_wake_op: syz.4.1269 tries to shift op by 144; fix this program
[  590.764848][T10623] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  591.368110][ T5703] usb 2-1: USB disconnect, device number 35
[  591.740118][T10640] SET target dimension over the limit!
[  592.743863][ T5703] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  592.893255][ T5703] usb 2-1: device descriptor read/64, error -71
[  593.026968][   T29] audit: type=1400 audit(1778120455.524:640): avc:  denied  { getopt } for  pid=10654 comm="syz.0.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  593.443878][ T5703] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  593.604469][ T5703] usb 2-1: device descriptor read/64, error -71
[  593.823508][ T5703] usb usb2-port1: attempt power cycle
[  594.643057][ T5703] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  594.664096][ T5703] usb 2-1: device descriptor read/8, error -71
[  594.898315][   T29] audit: type=1400 audit(1778120457.384:641): avc:  denied  { setopt } for  pid=10667 comm="syz.4.1284" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  595.163335][ T5703] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  595.273908][ T5703] usb 2-1: device descriptor read/8, error -71
[  595.413483][ T5703] usb usb2-port1: unable to enumerate USB device
[  595.450696][   T29] audit: type=1326 audit(1778120457.944:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  595.739556][   T29] audit: type=1326 audit(1778120457.944:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  595.840882][T10686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  596.185763][   T29] audit: type=1326 audit(1778120457.944:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.252524][   T29] audit: type=1326 audit(1778120457.944:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.295979][   T29] audit: type=1326 audit(1778120457.944:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.404149][   T29] audit: type=1326 audit(1778120457.944:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.438725][   T29] audit: type=1326 audit(1778120457.944:648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.663780][   T29] audit: type=1326 audit(1778120457.944:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10679 comm="syz.4.1287" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c41b9cdd9 code=0x7ffc0000
[  596.772570][T10691] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  598.053098][ T5703] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  598.693061][ T5703] usb 5-1: Using ep0 maxpacket: 32
[  598.706800][ T5703] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  598.728157][ T5703] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.769727][ T5703] gspca_main: nw80x-2.14.0 probing 055f:d001
[  598.975225][T10705] SET target dimension over the limit!
[  599.255490][T10710] futex_wake_op: syz.1.1295 tries to shift op by 144; fix this program
[  599.551182][T10711] 
�: renamed from dummy0 (while UP)
[  599.858534][ T5703] gspca_nw80x: reg_w err -71
[  599.871624][ T5703] nw80x 5-1:3.0: probe with driver nw80x failed with error -71
[  599.909017][ T5703] usb 5-1: USB disconnect, device number 36
[  600.225680][T10716] netlink: 'syz.3.1297': attribute type 6 has an invalid length.
[  600.837365][T10720] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1299'.
[  601.573364][ T5703] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  601.723140][ T5718] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  601.753069][ T5703] usb 4-1: Using ep0 maxpacket: 16
[  601.763643][ T5703] usb 4-1: unable to get BOS descriptor or descriptor too short
[  601.774009][ T5703] usb 4-1: config 1 has an invalid interface number: 82 but max is 2
[  601.782609][ T5703] usb 4-1: config 1 has an invalid descriptor of length 161, skipping remainder of the config
[  601.794013][ T5703] usb 4-1: config 1 has 4 interfaces, different from the descriptor's value: 3
[  601.833088][ T5703] usb 4-1: config 1 has no interface number 3
[  601.847393][ T5703] usb 4-1: too many endpoints for config 1 interface 82 altsetting 39: 209, using maximum allowed: 30
[  601.862475][ T5703] usb 4-1: config 1 interface 82 altsetting 39 has 0 endpoint descriptors, different from the interface descriptor's value: 209
[  601.873252][ T5718] usb 5-1: device descriptor read/64, error -71
[  601.876960][ T5703] usb 4-1: config 1 interface 82 has no altsetting 0
[  601.910796][ T5703] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  601.920792][ T5703] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.929652][ T5703] usb 4-1: Product: syz
[  601.934194][ T5703] usb 4-1: Manufacturer: syz
[  601.958231][ T5703] usb 4-1: SerialNumber: syz
[  602.144804][ T5718] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  602.413447][ T5718] usb 5-1: device descriptor read/64, error -71
[  602.533744][ T5718] usb usb5-port1: attempt power cycle
[  602.883132][ T5718] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  602.905122][ T5718] usb 5-1: device descriptor read/8, error -71
[  603.143206][ T5718] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  603.163949][ T5718] usb 5-1: device descriptor read/8, error -71
[  603.273737][ T5718] usb usb5-port1: unable to enumerate USB device
[  603.500844][   T50] Bluetooth: hci1: ISO packet too small
[  603.510071][   T29] kauditd_printk_skb: 27 callbacks suppressed
[  603.510105][   T29] audit: type=1400 audit(1778120466.004:677): avc:  denied  { getopt } for  pid=10747 comm="syz.1.1309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  603.671250][T10754] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1311'.
[  604.160691][ T5703] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  604.188171][ T5703] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  604.223216][ T5718] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  604.365214][ T5703] usb 4-1: unknown interface protocol 0x8f, assuming v1
[  604.372369][ T5703] usb 4-1: cannot find UAC_HEADER
[  605.298979][ T5703] snd-usb-audio 4-1:1.82: probe with driver snd-usb-audio failed with error -22
[  605.305322][ T5718] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  605.319314][ T5718] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  605.333882][ T5718] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  605.343834][ T5718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  605.368057][ T5703] usb 4-1: USB disconnect, device number 34
[  605.468704][ T6095] udevd[6095]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  605.572280][   T29] audit: type=1400 audit(1778120468.064:678): avc:  denied  { getopt } for  pid=10767 comm="syz.4.1317" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  605.779359][ T5703] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  605.806357][ T5718] usb 2-1: usb_control_msg returned -32
[  605.817634][ T5718] usbtmc 2-1:16.0: can't read capabilities
[  606.101776][   T29] audit: type=1400 audit(1778120468.594:679): avc:  denied  { create } for  pid=10771 comm="syz.2.1318" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  606.203073][ T5703] usb 4-1: Using ep0 maxpacket: 16
[  606.659080][ T5703] usb 4-1: unable to get BOS descriptor or descriptor too short
[  606.681445][ T5703] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  606.715401][ T5703] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[  606.732137][ T8139] usb 2-1: USB disconnect, device number 40
[  606.762643][ T5703] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.794209][ T5703] usb 4-1: Product: syz
[  606.818872][ T5703] usb 4-1: Manufacturer: syz
[  606.829037][ T5703] usb 4-1: SerialNumber: syz
[  607.083456][   T29] audit: type=1400 audit(1778120469.374:680): avc:  denied  { getopt } for  pid=10781 comm="syz.0.1321" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  608.197471][   T29] audit: type=1400 audit(1778120470.104:681): avc:  denied  { write } for  pid=10781 comm="syz.0.1321" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  608.272302][ T5703] usb 4-1: Audio class v2/v3 interfaces need an interface association
[  608.299039][T10789] FAULT_INJECTION: forcing a failure.
[  608.299039][T10789] name failslab, interval 1, probability 0, space 0, times 0
[  608.315805][ T5703] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22
[  608.333218][T10789] CPU: 1 UID: 0 PID: 10789 Comm: syz.0.1323 Not tainted syzkaller #0 PREEMPT(full) 
[  608.333247][T10789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  608.333260][T10789] Call Trace:
[  608.333267][T10789]  <TASK>
[  608.333274][T10789]  dump_stack_lvl+0x100/0x190
[  608.333303][T10789]  should_fail_ex.cold+0x5/0xa
[  608.333331][T10789]  ? vb2_core_allocated_buffers_storage+0xc4/0x220
[  608.333365][T10789]  should_failslab+0xc2/0x120
[  608.333388][T10789]  __kmalloc_noprof+0xe0/0x850
[  608.333422][T10789]  vb2_core_allocated_buffers_storage+0xc4/0x220
[  608.333451][T10789]  vb2_core_reqbufs+0x382/0xf30
[  608.333472][T10789]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  608.333502][T10789]  __vb2_init_fileio+0x32d/0x1000
[  608.333518][T10789]  ? vb2_fop_write+0xe5/0x550
[  608.333541][T10789]  ? __lock_acquire+0x4a5/0x2630
[  608.333569][T10789]  __vb2_perform_fileio+0x91e/0x1380
[  608.333592][T10789]  ? __pfx___vb2_perform_fileio+0x10/0x10
[  608.333617][T10789]  vb2_fop_write+0x1f8/0x550
[  608.333645][T10789]  v4l2_write+0x229/0x2c0
[  608.333672][T10789]  vfs_write+0x2aa/0x1070
[  608.333692][T10789]  ? __pfx_v4l2_write+0x10/0x10
[  608.333716][T10789]  ? __pfx_vfs_write+0x10/0x10
[  608.333732][T10789]  ? find_held_lock+0x2b/0x80
[  608.333748][T10789]  ? __fget_files+0x215/0x3d0
[  608.333769][T10789]  ? __fget_files+0x215/0x3d0
[  608.333794][T10789]  ? __fget_files+0x21f/0x3d0
[  608.333821][T10789]  ksys_write+0x12a/0x250
[  608.333840][T10789]  ? __pfx_ksys_write+0x10/0x10
[  608.333860][T10789]  ? rcu_is_watching+0x12/0xc0
[  608.333888][T10789]  do_syscall_64+0x10b/0xf80
[  608.333908][T10789]  ? clear_bhb_loop+0x40/0x90
[  608.333929][T10789]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.333946][T10789] RIP: 0033:0x7fcb5219cdd9
[  608.333960][T10789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  608.333977][T10789] RSP: 002b:00007fcb52f73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  608.333993][T10789] RAX: ffffffffffffffda RBX: 00007fcb52415fa0 RCX: 00007fcb5219cdd9
[  608.334005][T10789] RDX: 00000000fffffd9d RSI: 0000200000000100 RDI: 0000000000000005
[  608.334015][T10789] RBP: 00007fcb52f73090 R08: 0000000000000000 R09: 0000000000000000
[  608.334025][T10789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  608.334035][T10789] R13: 00007fcb52416038 R14: 00007fcb52415fa0 R15: 00007ffead13de88
[  608.334059][T10789]  </TASK>
[  608.736694][T10789] vivid-000: kernel_thread() failed
[  608.880630][T10800] fuse: Unknown parameter 'grou00000000000000000000'
[  608.937555][T10803] fuse: Unknown parameter 'group_i00000000000000000000'
[  609.047455][ T5703] usb 4-1: USB disconnect, device number 35
[  609.146466][ T5704] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  609.304793][ T5704] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  609.315347][ T5704] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  609.324486][ T5704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.339988][ T5704] gspca_main: stv0680-2.14.0 probing 041e:4007
[  609.960131][T10822] syzkaller0: entered promiscuous mode
[  610.013618][   T29] audit: type=1400 audit(1778120472.514:682): avc:  denied  { getopt } for  pid=10812 comm="syz.3.1330" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  610.042680][T10817] tmpfs: Bad value for 'mpol'
[  610.427923][ T5704] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -71
[  610.450571][ T5704] stv0680 1-1:4.0: STV(e): camera ping failed!!
[  610.470098][ T5704] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  610.497521][ T5704] stv0680 1-1:4.0: last error: 0,  command = 0x0
[  610.544577][T10834] nbd: must specify at least one socket
[  610.555238][ T5704] usb 1-1: USB disconnect, device number 31
[  610.798431][   T29] audit: type=1800 audit(1778120473.284:683): pid=10840 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1337" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  610.843162][ T5703] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  610.859763][   T29] audit: type=1400 audit(1778120473.354:684): avc:  denied  { ioctl } for  pid=10839 comm="syz.0.1337" path="socket:[30056]" dev="sockfs" ino=30056 ioctlcmd=0x9435 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  610.938797][T10840] vxcan1: entered promiscuous mode
[  610.993343][ T5703] usb 2-1: device descriptor read/64, error -71
[  611.442701][T10847] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10847 comm=syz.3.1339
[  611.476339][ T5703] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  612.172372][   T29] audit: type=1400 audit(1778120474.664:685): avc:  denied  { map } for  pid=10848 comm="syz.0.1340" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  612.209851][T10849] FAULT_INJECTION: forcing a failure.
[  612.209851][T10849] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  612.224941][T10849] CPU: 0 UID: 0 PID: 10849 Comm: syz.0.1340 Not tainted syzkaller #0 PREEMPT(full) 
[  612.224970][T10849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  612.224982][T10849] Call Trace:
[  612.224989][T10849]  <TASK>
[  612.224998][T10849]  dump_stack_lvl+0x100/0x190
[  612.225026][T10849]  should_fail_ex.cold+0x5/0xa
[  612.225050][T10849]  ? prepare_alloc_pages+0x16d/0x5f0
[  612.225079][T10849]  should_fail_alloc_page+0xeb/0x140
[  612.225104][T10849]  prepare_alloc_pages+0x1f0/0x5f0
[  612.225139][T10849]  __alloc_frozen_pages_noprof+0x19a/0x2bc0
[  612.225176][T10849]  ? __pfx_stack_trace_save+0x10/0x10
[  612.225198][T10849]  ? clockevents_program_event+0x23e/0x820
[  612.225231][T10849]  ? stack_depot_save_flags+0x27/0x9d0
[  612.225259][T10849]  ? kasan_save_stack+0x30/0x50
[  612.225281][T10849]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  612.225314][T10849]  ? __lock_acquire+0x4a5/0x2630
[  612.225341][T10849]  ? __do_sys_mincore+0x294/0x610
[  612.225368][T10849]  ? do_syscall_64+0x10b/0xf80
[  612.225393][T10849]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.225423][T10849]  ? __lock_acquire+0x4a5/0x2630
[  612.225451][T10849]  ? find_held_lock+0x2b/0x80
[  612.225473][T10849]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  612.225500][T10849]  ? policy_nodemask+0xed/0x4f0
[  612.225526][T10849]  alloc_pages_mpol+0x1fb/0x540
[  612.225550][T10849]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  612.225574][T10849]  ? __anon_vma_prepare+0x2db/0x5e0
[  612.225603][T10849]  ? __anon_vma_prepare+0x2db/0x5e0
[  612.225636][T10849]  folio_alloc_mpol_noprof+0x36/0x260
[  612.225665][T10849]  vma_alloc_folio_noprof+0xed/0x1d0
[  612.225692][T10849]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  612.225717][T10849]  ? __anon_vma_prepare+0x2e2/0x5e0
[  612.225753][T10849]  do_wp_page+0x1ee1/0x4350
[  612.225788][T10849]  ? __pfx_do_wp_page+0x10/0x10
[  612.225816][T10849]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  612.225855][T10849]  __handle_mm_fault+0x1ab6/0x2a00
[  612.225889][T10849]  ? mt_find+0x45e/0x8e0
[  612.225917][T10849]  ? __pfx___handle_mm_fault+0x10/0x10
[  612.225944][T10849]  ? __pfx_mt_find+0x10/0x10
[  612.225986][T10849]  ? find_vma+0xbf/0x140
[  612.226006][T10849]  ? __pfx_find_vma+0x10/0x10
[  612.226031][T10849]  handle_mm_fault+0x36d/0xa20
[  612.226066][T10849]  do_user_addr_fault+0x74c/0x12f0
[  612.226099][T10849]  ? trace_page_fault_kernel+0x7a/0x200
[  612.226136][T10849]  exc_page_fault+0x6f/0xd0
[  612.226161][T10849]  asm_exc_page_fault+0x26/0x30
[  612.226182][T10849] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  612.226215][T10849] Code: 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  612.226235][T10849] RSP: 0018:ffffc90004c67e68 EFLAGS: 00050206
[  612.226252][T10849] RAX: 0000000000000001 RBX: 0000000000000400 RCX: 0000000000000400
[  612.226264][T10849] RDX: 0000000000000001 RSI: ffff88806a2bf000 RDI: 0000200000000000
[  612.226277][T10849] RBP: 0000200000000000 R08: 0000000000000000 R09: ffffed100d457e7f
[  612.226290][T10849] R10: ffff88806a2bf3ff R11: 0000000000000000 R12: ffff88806a2bf000
[  612.226304][T10849] R13: 0000200000000400 R14: 00007ffffffff000 R15: 0000000000000000
[  612.226332][T10849]  _copy_to_user+0xa4/0xd0
[  612.226365][T10849]  __do_sys_mincore+0x294/0x610
[  612.226401][T10849]  do_syscall_64+0x10b/0xf80
[  612.226425][T10849]  ? clear_bhb_loop+0x40/0x90
[  612.226451][T10849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  612.226472][T10849] RIP: 0033:0x7fcb5219cdd9
[  612.226490][T10849] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  612.226508][T10849] RSP: 002b:00007fcb52f73028 EFLAGS: 00000246 ORIG_RAX: 000000000000001b
[  612.226526][T10849] RAX: ffffffffffffffda RBX: 00007fcb52415fa0 RCX: 00007fcb5219cdd9
[  612.226539][T10849] RDX: 0000200000000000 RSI: 0000000000800000 RDI: 0000200000000000
[  612.226552][T10849] RBP: 00007fcb52f73090 R08: 0000000000000000 R09: 0000000000000000
[  612.226564][T10849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  612.226576][T10849] R13: 00007fcb52416038 R14: 00007fcb52415fa0 R15: 00007ffead13de88
[  612.226605][T10849]  </TASK>
[  612.639318][ T5703] usb 2-1: device descriptor read/64, error -71
[  612.727240][T10854] fuse: Unknown parameter 'grou00000000000000000000'
[  612.756676][ T5703] usb usb2-port1: attempt power cycle
[  613.103083][ T5703] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  613.123950][ T5703] usb 2-1: device descriptor read/8, error -71
[  613.363250][ T5703] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  613.393887][ T5703] usb 2-1: device descriptor read/8, error -71
[  613.503546][ T5703] usb usb2-port1: unable to enumerate USB device
[  613.595281][ T5739] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  613.755782][ T5739] usb 5-1: device descriptor read/64, error -71
[  613.760276][T10869] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1345'.
[  614.074248][ T5739] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  614.373085][ T5739] usb 5-1: device descriptor read/64, error -71
[  614.415117][T10876] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  615.286511][ T5739] usb usb5-port1: attempt power cycle
[  615.320592][T10879] netlink: 'syz.1.1349': attribute type 6 has an invalid length.
[  615.771095][   T29] audit: type=1400 audit(1778120478.264:686): avc:  denied  { read append } for  pid=10873 comm="syz.0.1347" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  615.814343][   T29] audit: type=1400 audit(1778120478.264:687): avc:  denied  { open } for  pid=10873 comm="syz.0.1347" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  616.053120][ T5739] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  616.146454][ T5739] usb 5-1: device descriptor read/8, error -71
[  616.625747][T10902] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1355'.
[  616.793086][T10898] nbd: must specify at least one socket
[  616.922145][T10904] fuse: Unknown parameter 'group_i00000000000000000000'
[  618.281564][T10921] futex_wake_op: syz.1.1362 tries to shift op by 144; fix this program
[  618.883710][ T5739] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  619.043939][ T5739] usb 1-1: Using ep0 maxpacket: 16
[  619.058811][ T5739] usb 1-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  619.086886][ T5739] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  619.107346][ T5739] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  619.116821][ T5739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  619.125281][ T5739] usb 1-1: Product: syz
[  619.129705][ T5739] usb 1-1: Manufacturer: syz
[  619.135102][ T5739] usb 1-1: SerialNumber: syz
[  619.156408][ T5739] usb 1-1: 0:2 : does not exist
[  619.162545][ T5739] usb 1-1: unit 9 not found!
[  619.351067][T10924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.359993][T10924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.382940][T10924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.391969][T10924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  621.059270][T10948] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1370'.
[  621.103887][   T29] audit: type=1400 audit(1778120483.554:688): avc:  denied  { write } for  pid=10947 comm="syz.2.1370" path="socket:[30854]" dev="sockfs" ino=30854 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  621.358080][T10954] fuse: fd is not a fuse device
[  622.557805][ T5739] usb 1-1: 4:0: cannot get min/max values for control 5 (id 4)
[  623.153205][ T5739] usb 1-1: 4:0: cannot get min/max values for control 6 (id 4)
[  623.166060][ T5739] usb 1-1: 4:0: cannot get min/max values for control 7 (id 4)
[  623.178321][ T5739] usb 1-1: 4:0: cannot get min/max values for control 8 (id 4)
[  623.190756][ T5739] usb 1-1: 4:0: cannot get min/max values for control 9 (id 4)
[  623.203307][ T5739] usb 1-1: 4:0: cannot get min/max values for control 10 (id 4)
[  623.281057][ T5739] usb 1-1: USB disconnect, device number 32
[  623.586362][ T6095] udevd[6095]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  623.624488][T10959] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.710250][T10964] futex_wake_op: syz.2.1375 tries to shift op by 144; fix this program
[  623.767464][T10967] fuse: Unknown parameter 'group_id00000000000000000000'
[  623.916801][T10965] nbd: must specify at least one socket
[  623.956465][T10971] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1377'.
[  624.193004][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  624.200604][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  626.270263][T10982] netlink: 'syz.2.1380': attribute type 6 has an invalid length.
[  626.522498][T10987] netlink: 5940 bytes leftover after parsing attributes in process `syz.3.1382'.
[  626.550850][T10987] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  626.593150][ T5703] usb 5-1: new full-speed USB device number 45 using dummy_hcd
[  627.326501][ T5703] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  627.335782][ T5703] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.344367][ T5703] usb 5-1: Product: syz
[  627.349253][ T5703] usb 5-1: Manufacturer: syz
[  627.356644][ T5703] usb 5-1: SerialNumber: syz
[  627.376284][ T5703] usb 5-1: config 0 descriptor??
[  627.399256][ T5703] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  627.422905][ T5703] dvb-usb: bulk message failed: -22 (4/0)
[  627.442914][ T5703] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  627.469869][ T5703] dvb-usb: bulk message failed: -22 (5/0)
[  627.482390][ T5703] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  627.514918][ T5703] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  627.546599][ T5703] dvb-usb: Pinnacle 450e DVB-S USB2.0 error while loading driver (-19)
[  627.954784][   T50] Bluetooth: hci2: connection err: -111
[  628.462940][ T5703] usb 5-1: USB disconnect, device number 45
[  629.236051][T11010] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1388'.
[  629.285021][T11010] ipt_ECN: cannot use operation on non-tcp rule
[  629.564565][ T5703] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  629.652184][T11017] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  629.734419][T11024] binder: binder_mmap: 11019 2000003d3000-2000003d7000 bad vm_flags failed -1
[  629.745519][ T5703] usb 4-1: Using ep0 maxpacket: 16
[  629.759721][ T5703] usb 4-1: unable to get BOS descriptor or descriptor too short
[  629.774798][ T5703] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  629.795078][ T5703] usb 4-1: string descriptor 0 read error: -22
[  629.802708][ T5703] usb 4-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  629.818443][ T5703] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.973565][ T5739] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  630.179260][ T5703] snd-ua101 4-1:1.0: invalid num_altsetting
[  630.192927][T11008] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1388'.
[  630.224104][T11008] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1388'.
[  630.258267][ T5739] usb 5-1: Using ep0 maxpacket: 8
[  630.399765][ T5739] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  630.413147][T11010] netlink: 'syz.3.1388': attribute type 10 has an invalid length.
[  630.431456][T11030] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1395'.
[  630.446480][T11010] bridge0: port 2(bridge_slave_1) entered disabled state
[  630.453776][T11010] bridge0: port 1(bridge_slave_0) entered disabled state
[  630.467005][ T5739] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[  630.481185][ T5739] usb 5-1: config 0 has no interface number 1
[  630.508023][ T5739] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  630.537539][ T5739] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.566997][T11008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  630.589940][ T5739] usb 5-1: config 0 descriptor??
[  630.608634][T11008] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  630.634107][ T5739] usb 5-1: unknown number of interfaces: 2
[  630.645518][T11008] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1388'.
[  630.906206][ T8146] usb 4-1: USB disconnect, device number 36
[  631.202345][ T5739] usb 5-1: USB disconnect, device number 46
[  631.479399][   T29] audit: type=1400 audit(1778120493.974:689): avc:  denied  { name_bind } for  pid=11039 comm="syz.0.1398" path="socket:[30531]" dev="sockfs" ino=30531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  633.141610][T11058] XFS (nullb0): Invalid superblock magic number
[  633.420731][T11069] nbd: must specify at least one socket
[  633.908280][T11080] netlink: 'syz.4.1407': attribute type 1 has an invalid length.
[  633.924057][   T29] audit: type=1400 audit(1778120496.424:690): avc:  denied  { setopt } for  pid=11077 comm="syz.3.1406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  633.943934][ T8146] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  633.979177][   T29] audit: type=1400 audit(1778120496.474:691): avc:  denied  { write } for  pid=11077 comm="syz.3.1406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  634.081922][T11080] 8021q: adding VLAN 0 to HW filter on device bond2
[  634.133801][ T8146] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  634.166828][ T8146] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  634.171870][T11078] tipc: Started in network mode
[  634.193543][T11078] tipc: Node identity 4, cluster identity 4711
[  634.201285][   T29] audit: type=1400 audit(1778120496.694:692): avc:  denied  { ioctl } for  pid=11077 comm="syz.3.1406" path="socket:[31076]" dev="sockfs" ino=31076 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  634.203831][T11078] tipc: Node number set to 4
[  634.229569][ T8146] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  634.267852][T11093] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1406'.
[  634.281403][ T8146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  634.305581][ T8146] usb 1-1: Product: syz
[  634.310929][T11093] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1406'.
[  634.320398][ T8146] usb 1-1: Manufacturer: syz
[  634.326280][ T8146] usb 1-1: SerialNumber: syz
[  634.344424][T11093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1406'.
[  634.484999][T11087] vlan3: entered allmulticast mode
[  634.493159][T11087] bond2: entered allmulticast mode
[  634.574157][T11080] bond2: (slave geneve2): making interface the new active one
[  634.581677][T11080] geneve2: entered allmulticast mode
[  634.588930][T11080] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  634.597686][   T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  634.617608][   T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  634.643399][   T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  634.767687][ T6231] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  635.317669][   T29] audit: type=1400 audit(1778120497.814:693): avc:  denied  { mounton } for  pid=11105 comm="syz.1.1411" path="/283/file0" dev="tmpfs" ino=1507 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  635.398629][T11112] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1404'.
[  635.888014][T11117] fuse: fd is not a fuse device
[  635.894992][   T29] audit: type=1400 audit(1778120498.384:694): avc:  denied  { mount } for  pid=11115 comm="syz.2.1413" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  636.868075][ T8146] cdc_ncm 1-1:1.0: bind() failure
[  637.049323][ T8146] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  637.092943][ T8146] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  637.129068][ T8146] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  637.179065][ T8146] usb 1-1: USB disconnect, device number 33
[  637.372407][T11123] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  637.633212][T11123] syzkaller0: entered promiscuous mode
[  637.645638][T11123] syzkaller0: entered allmulticast mode
[  637.661016][T11123] tipc: Resetting bearer <eth:syzkaller0>
[  637.672316][T11126] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  637.687993][T11122] tipc: Resetting bearer <eth:syzkaller0>
[  638.431440][T11131] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1417'.
[  638.512945][   T29] audit: type=1400 audit(1778120501.004:695): avc:  denied  { getopt } for  pid=11130 comm="syz.2.1417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  640.414833][T11145] 9p: Bad value for 'rfdno'
[  640.419945][   T29] audit: type=1400 audit(1778120502.894:696): avc:  denied  { open } for  pid=11142 comm="syz.3.1420" path="/dev/ptyqa" dev="devtmpfs" ino=129 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  640.541381][   T29] audit: type=1400 audit(1778120502.904:697): avc:  denied  { ioctl } for  pid=11142 comm="syz.3.1420" path="/dev/ptyqa" dev="devtmpfs" ino=129 ioctlcmd=0x5404 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  641.730731][T11147] nbd: must specify at least one socket
[  642.603519][T11152] fuse: Bad value for 'fd'
[  643.606991][T11157] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1423'.
[  643.671374][T11155] ipt_ECN: cannot use operation on non-tcp rule
[  643.946260][ T8146] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  644.131410][ T8146] usb 5-1: Using ep0 maxpacket: 16
[  644.153505][ T8146] usb 5-1: unable to get BOS descriptor or descriptor too short
[  644.174265][ T8146] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  644.294752][ T8146] usb 5-1: string descriptor 0 read error: -22
[  644.301076][ T8146] usb 5-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  644.310306][ T8146] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.338807][ T8146] snd-ua101 5-1:1.0: invalid num_altsetting
[  644.569765][T11155] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1423'.
[  644.579378][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1423'.
[  644.649037][T11158] netlink: 'syz.4.1423': attribute type 10 has an invalid length.
[  644.714546][T11159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  644.731825][T11159] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  644.742933][T11159] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1423'.
[  645.193309][T11122] tipc: Disabling bearer <eth:syzkaller0>
[  645.203451][T11143] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  645.266350][ T8139] usb 5-1: USB disconnect, device number 47
[  645.615948][T11168] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6erspan0
[  645.627401][T11168] random: crng reseeded on system resumption
[  646.559139][T11179] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1427'.
[  646.882183][T11188] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1430'.
[  647.617641][T11196] fuse: Bad value for 'fd'
[  647.743274][T11203] SET target dimension over the limit!
[  647.772912][T11205] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  648.036318][T11210] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1437'.
[  648.070691][T11210] bridge0: Device is already in use.
[  648.091684][T11210] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1437'.
[  648.122357][T11210] bridge0: Device is already in use.
[  648.318513][T11218] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1441'.
[  648.328216][ T5704] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  648.388885][T11218] ipt_ECN: cannot use operation on non-tcp rule
[  648.477867][   T29] audit: type=1326 audit(1778120510.974:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11226 comm="syz.2.1444" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f12edd9cdd9 code=0x0
[  648.504752][ T5704] usb 1-1: Using ep0 maxpacket: 16
[  648.531579][ T5704] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[  648.545679][ T5704] usb 1-1: config 128 has 0 interfaces, different from the descriptor's value: 1
[  648.557649][ T5704] usb 1-1: New USB device found, idVendor=05ac, idProduct=120a, bcdDevice=37.32
[  648.567417][ T5704] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  648.575932][ T5704] usb 1-1: Product: syz
[  648.580355][ T5704] usb 1-1: Manufacturer: syz
[  648.586249][ T5704] usb 1-1: SerialNumber: syz
[  648.791412][ T5703] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  648.835654][ T5704] apple-mfi-fastcharge 1-1: USB disconnect, device number 34
[  649.754197][ T5703] usb 5-1: Using ep0 maxpacket: 16
[  649.762791][ T5703] usb 5-1: unable to get BOS descriptor or descriptor too short
[  649.772591][ T5703] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  649.795450][ T5703] usb 5-1: string descriptor 0 read error: -22
[  649.804721][ T5703] usb 5-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  649.814232][ T5703] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.831656][ T5703] snd-ua101 5-1:1.0: invalid num_altsetting
[  650.034606][T11218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1441'.
[  650.043745][T11218] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1441'.
[  650.054285][T11218] netlink: 'syz.4.1441': attribute type 10 has an invalid length.
[  650.065219][T11218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  650.074803][T11218] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  650.084580][T11218] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1441'.
[  650.100129][ T8139] usb 5-1: USB disconnect, device number 48
[  650.248088][T11235] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  650.275724][T11235] syzkaller0: entered promiscuous mode
[  650.281206][T11235] syzkaller0: entered allmulticast mode
[  650.302150][T11235] tipc: Resetting bearer <eth:syzkaller0>
[  650.317714][T11234] tipc: Resetting bearer <eth:syzkaller0>
[  650.721604][ T5704] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  650.853061][ T5704] usb 4-1: device descriptor read/64, error -71
[  651.074894][ T8146] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  651.095806][ T5704] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  651.255255][ T8146] usb 5-1: Using ep0 maxpacket: 8
[  651.260572][ T5704] usb 4-1: device descriptor read/64, error -71
[  651.280583][ T8146] usb 5-1: unable to get BOS descriptor or descriptor too short
[  651.291173][ T8146] usb 5-1: config 6 has an invalid interface number: 172 but max is 0
[  651.319883][ T8146] usb 5-1: config 6 has no interface number 0
[  651.328435][ T8146] usb 5-1: config 6 interface 172 has no altsetting 0
[  651.356368][ T8146] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  651.367149][ T8146] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.391279][ T5704] usb usb4-port1: attempt power cycle
[  651.400662][ T8146] usb 5-1: Product: syz
[  651.406753][ T8146] usb 5-1: Manufacturer: syz
[  651.412147][ T8146] usb 5-1: SerialNumber: syz
[  651.733140][ T5704] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  651.782126][T11243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  651.793244][T11243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  651.824407][ T5704] usb 4-1: device descriptor read/8, error -71
[  652.117562][   T29] audit: type=1400 audit(1778120514.604:699): avc:  denied  { audit_read } for  pid=11244 comm="syz.1.1450" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  652.139228][ T5704] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  652.215984][ T5704] usb 4-1: device descriptor read/8, error -71
[  652.406146][ T5704] usb usb4-port1: unable to enumerate USB device
[  652.583817][ T5704] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  652.807338][ T5704] usb 2-1: Using ep0 maxpacket: 8
[  652.830580][ T5704] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  652.861082][ T5704] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  652.913862][ T5704] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  652.972648][ T5704] usb 2-1: config 0 descriptor??
[  653.302866][ T5704] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  653.756715][ T5704] usb 2-1: USB disconnect, device number 45
[  653.811704][T11260] fuse: Bad value for 'fd'
[  655.529806][T11283] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  656.359243][T11291] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=11291 comm=syz.4.1462
[  657.564845][ T5704] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  657.753217][T11234] tipc: Disabling bearer <eth:syzkaller0>
[  657.799425][ T8146] usb_8dev 5-1:6.172 can0: sending command message failed
[  657.813527][ T5704] usb 2-1: unable to get BOS descriptor or descriptor too short
[  657.826039][ T8146] usb_8dev 5-1:6.172 can0: can't get firmware version
[  657.852902][ T5704] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  657.873043][ T5704] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  657.890729][ T5704] usb 2-1: config 1 interface 0 has no altsetting 0
[  657.903907][ T5704] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40
[  657.918333][ T5704] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.928517][ T5704] usb 2-1: Product: syz
[  657.932725][ T5704] usb 2-1: Manufacturer: syz
[  657.940003][ T5704] usb 2-1: SerialNumber: syz
[  657.952576][ T5704] usb 2-1: selecting invalid altsetting 1
[  657.959163][ T5704] usb 2-1: unit 6 not found!
[  658.041388][ T5704] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[  658.155332][ T8146] usb_8dev 5-1:6.172: probe with driver usb_8dev failed with error -22
[  658.170292][ T5704] usb 2-1: USB disconnect, device number 46
[  658.176081][ T5981] udevd[5981]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  658.236877][ T8146] usb 5-1: USB disconnect, device number 49
[  658.862625][T11326] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  660.360492][T11349] FAULT_INJECTION: forcing a failure.
[  660.360492][T11349] name failslab, interval 1, probability 0, space 0, times 0
[  660.374989][T11349] CPU: 1 UID: 0 PID: 11349 Comm: syz.4.1476 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  660.375022][T11349] Tainted: [L]=SOFTLOCKUP
[  660.375030][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  660.375042][T11349] Call Trace:
[  660.375049][T11349]  <TASK>
[  660.375057][T11349]  dump_stack_lvl+0x100/0x190
[  660.375089][T11349]  should_fail_ex.cold+0x5/0xa
[  660.375119][T11349]  should_failslab+0xc2/0x120
[  660.375144][T11349]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  660.375176][T11349]  ? sock_alloc_inode+0x26/0x290
[  660.375197][T11349]  ? selinux_socket_create+0xec/0x590
[  660.375228][T11349]  ? __pfx_sock_alloc_inode+0x10/0x10
[  660.375252][T11349]  sock_alloc_inode+0x26/0x290
[  660.375274][T11349]  ? __pfx_sock_alloc_inode+0x10/0x10
[  660.375295][T11349]  alloc_inode+0x68/0x250
[  660.375316][T11349]  sock_alloc+0x44/0x280
[  660.375335][T11349]  ? security_socket_create+0x7f/0x250
[  660.375360][T11349]  __sock_create+0xc2/0x860
[  660.375390][T11349]  udp_sock_create4+0xa6/0x450
[  660.375414][T11349]  ? __pfx_udp_sock_create4+0x10/0x10
[  660.375435][T11349]  ? crng_make_state+0x489/0x6c0
[  660.375467][T11349]  ? crng_make_state+0x497/0x6c0
[  660.375501][T11349]  ? crng_make_state+0x2b0/0x6c0
[  660.375536][T11349]  rxrpc_open_socket+0x4ef/0x6b0
[  660.375577][T11349]  ? __pfx_rxrpc_open_socket+0x10/0x10
[  660.375623][T11349]  ? rcu_is_watching+0x12/0xc0
[  660.375655][T11349]  ? trace_rxrpc_local+0x80/0x250
[  660.375688][T11349]  rxrpc_lookup_local+0xac7/0x1220
[  660.375727][T11349]  ? __pfx_rxrpc_lookup_local+0x10/0x10
[  660.375763][T11349]  ? __local_bh_enable_ip+0x9e/0x120
[  660.375797][T11349]  rxrpc_sendmsg+0x34a/0x680
[  660.375824][T11349]  ____sys_sendmsg+0x9e1/0xb70
[  660.375847][T11349]  ? __pfx_rxrpc_sendmsg+0x10/0x10
[  660.375871][T11349]  ? __pfx_____sys_sendmsg+0x10/0x10
[  660.375909][T11349]  ___sys_sendmsg+0x190/0x1e0
[  660.375937][T11349]  ? __pfx____sys_sendmsg+0x10/0x10
[  660.375998][T11349]  __sys_sendmsg+0x170/0x220
[  660.376030][T11349]  ? __pfx___sys_sendmsg+0x10/0x10
[  660.376075][T11349]  ? rcu_is_watching+0x12/0xc0
[  660.376109][T11349]  do_syscall_64+0x10b/0xf80
[  660.376133][T11349]  ? clear_bhb_loop+0x40/0x90
[  660.376158][T11349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.376179][T11349] RIP: 0033:0x7f1c41b9cdd9
[  660.376197][T11349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  660.376217][T11349] RSP: 002b:00007f1c42a49028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  660.376237][T11349] RAX: ffffffffffffffda RBX: 00007f1c41e16180 RCX: 00007f1c41b9cdd9
[  660.376251][T11349] RDX: 000000000000ff4c RSI: 0000200000000000 RDI: 0000000000000006
[  660.376263][T11349] RBP: 00007f1c42a49090 R08: 0000000000000000 R09: 0000000000000000
[  660.376276][T11349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.376287][T11349] R13: 00007f1c41e16218 R14: 00007f1c41e16180 R15: 00007ffcd2bd0f08
[  660.376316][T11349]  </TASK>
[  660.376477][T11349] socket: no more sockets
[  661.471406][T11350] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  661.559341][T11355] fuse: Unknown parameter 'user_id00000000000000000000'
[  661.588063][   T29] audit: type=1400 audit(1778120524.084:700): avc:  denied  { mount } for  pid=11353 comm="syz.4.1479" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  661.614165][   T29] audit: type=1400 audit(1778120524.084:701): avc:  denied  { mounton } for  pid=11353 comm="syz.4.1479" path="/277/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  661.851640][   T29] audit: type=1400 audit(1778120524.344:702): avc:  denied  { connect } for  pid=11364 comm="syz.2.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  662.026234][   T50] Bluetooth: hci0: command 0x0406 tx timeout
[  662.083125][ T8146] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  662.337038][T11371] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  662.732270][ T8146] usb 5-1: Using ep0 maxpacket: 32
[  662.757774][ T8146] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  662.781533][ T8146] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  662.860459][ T8146] usb 5-1: config 0 descriptor??
[  663.008178][T11375] SET target dimension over the limit!
[  663.066225][T11373] syzkaller0: entered promiscuous mode
[  663.101350][ T8146] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  663.136311][ T8146] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  663.161085][T11373] syzkaller0: entered allmulticast mode
[  663.226520][ T8146] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  663.244723][T11380] fuse: Bad value for 'fd'
[  663.253542][ T8146] usb 5-1: media controller created
[  663.413737][T11382] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1482'.
[  663.774918][ T8146] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  663.809379][T11373] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  663.877368][T11372] tipc: Resetting bearer <eth:syzkaller0>
[  663.888089][ T8146] az6027: usb out operation failed. (-71)
[  663.932467][ T8146] az6027: usb out operation failed. (-71)
[  663.942902][ T8146] stb0899_attach: Driver disabled by Kconfig
[  663.956317][ T8146] az6027: no front-end attached
[  663.956317][ T8146] 
[  663.974259][ T8146] az6027: usb out operation failed. (-71)
[  663.987498][ T8146] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  664.009640][ T8146] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input33
[  664.034000][T11372] tipc: Disabling bearer <eth:syzkaller0>
[  664.042946][ T8146] dvb-usb: schedule remote query interval to 400 msecs.
[  664.076378][ T8146] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  664.145929][ T8146] usb 5-1: USB disconnect, device number 50
[  664.157088][T11387] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  664.375718][ T8146] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  664.397189][T11387] syzkaller0: entered promiscuous mode
[  664.425909][T11387] syzkaller0: entered allmulticast mode
[  664.451592][T11395] fuse: Bad value for 'fd'
[  664.464577][T11387] tipc: Resetting bearer <eth:syzkaller0>
[  664.546108][T11386] tipc: Resetting bearer <eth:syzkaller0>
[  665.540569][T11414] SET target dimension over the limit!
[  665.549182][ T8146] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  665.717521][ T8146] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  665.727191][ T8146] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  665.730215][   T29] audit: type=1400 audit(1778120528.214:703): avc:  denied  { bind } for  pid=11416 comm="syz.1.1500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  665.758002][ T8146] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  665.758054][ T8146] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  665.758084][ T8146] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  665.759649][ T8146] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  666.738575][ T8146] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  666.765691][ T8146] usb 4-1: Product: syz
[  666.769921][ T8146] usb 4-1: Manufacturer: syz
[  666.797083][ T8146] cdc_wdm 4-1:1.0: skipping garbage
[  666.820936][ T8146] cdc_wdm 4-1:1.0: skipping garbage
[  666.831826][ T8146] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  666.855972][ T8146] cdc_wdm 4-1:1.0: Unknown control protocol
[  667.600939][T11440] input: syz1 as /devices/virtual/input/input34
[  668.665003][ T8139] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  669.337609][ T8139] usb 2-1: Using ep0 maxpacket: 32
[  669.461034][ T8139] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  669.472918][ T8139] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  669.518171][ T8139] usb 2-1: config 0 descriptor??
[  669.731926][ T8139] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  669.744376][ T8139] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  669.756283][ T8139] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  669.780037][ T8139] usb 2-1: media controller created
[  669.806835][ T8139] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  670.284273][T11386] tipc: Disabling bearer <eth:syzkaller0>
[  670.734908][T11453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1504'.
[  670.747607][ T6227] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  670.820862][T11457] fuse: Bad value for 'fd'
[  670.973718][ T8139] az6027: usb out operation failed. (-71)
[  670.982596][ T8139] az6027: usb out operation failed. (-71)
[  671.002910][ T8139] stb0899_attach: Driver disabled by Kconfig
[  671.005236][ T5739] usb 4-1: USB disconnect, device number 41
[  671.010773][ T8139] az6027: no front-end attached
[  671.010773][ T8139] 
[  671.060031][ T8139] az6027: usb out operation failed. (-71)
[  671.087740][ T8139] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  671.237655][ T8139] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input35
[  671.289219][ T8139] dvb-usb: schedule remote query interval to 400 msecs.
[  671.296221][ T8139] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  671.376952][ T8139] usb 2-1: USB disconnect, device number 47
[  671.545932][ T8139] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  671.812536][ T4930] Bluetooth: hci3: unexpected event for opcode 0x0c7c
[  672.018711][T11474] netlink: 'syz.0.1514': attribute type 1 has an invalid length.
[  672.046759][T11474] smc: adding net device bond0 with user defined pnetid SYZ2
[  672.085899][T11474] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1514'.
[  672.104593][T11474] 8021q: adding VLAN 0 to HW filter on device bond0
[  672.130288][T11474] 8021q: adding VLAN 0 to HW filter on device bond0
[  672.146569][T11474] bond0: (slave geneve2): making interface the new active one
[  672.157680][T11474] bond0: (slave geneve2): Enslaving as an active interface with an up link
[  672.167527][   T13] netdevsim netdevsim0 eth0: set [1, 1] type 2 family 0 port 20004 - 0
[  672.179935][   T13] netdevsim netdevsim0 eth1: set [1, 1] type 2 family 0 port 20004 - 0
[  672.202035][   T13] netdevsim netdevsim0 eth2: set [1, 1] type 2 family 0 port 20004 - 0
[  672.212679][   T13] netdevsim netdevsim0 eth3: set [1, 1] type 2 family 0 port 20004 - 0
[  672.389788][   T29] audit: type=1400 audit(1778120534.884:704): avc:  denied  { bind } for  pid=11481 comm="syz.3.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  672.410315][   T29] audit: type=1400 audit(1778120534.904:705): avc:  denied  { listen } for  pid=11481 comm="syz.3.1516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  672.585722][T11485] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  673.033314][T11491] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  673.083103][ T5739] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  673.102599][T11491] syzkaller0: entered promiscuous mode
[  673.108323][T11491] syzkaller0: entered allmulticast mode
[  673.115299][T11491] tipc: Resetting bearer <eth:syzkaller0>
[  673.128003][T11490] tipc: Resetting bearer <eth:syzkaller0>
[  673.316489][ T5739] usb 1-1: device descriptor read/64, error -71
[  673.893081][ T5739] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  674.050631][ T5739] usb 1-1: device descriptor read/64, error -71
[  674.163483][ T5739] usb usb1-port1: attempt power cycle
[  674.513383][ T5739] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  674.543717][ T5739] usb 1-1: device descriptor read/8, error -71
[  674.690837][T11510] fuse: Invalid rootmode
[  674.802430][ T5739] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  674.841641][ T5739] usb 1-1: device descriptor read/8, error -71
[  674.961957][ T5739] usb usb1-port1: unable to enumerate USB device
[  675.804741][ T5718] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  675.837286][T11520] FAULT_INJECTION: forcing a failure.
[  675.837286][T11520] name failslab, interval 1, probability 0, space 0, times 0
[  675.850314][T11520] CPU: 1 UID: 0 PID: 11520 Comm: syz.0.1526 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  675.850346][T11520] Tainted: [L]=SOFTLOCKUP
[  675.850354][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  675.850367][T11520] Call Trace:
[  675.850373][T11520]  <TASK>
[  675.850381][T11520]  dump_stack_lvl+0x100/0x190
[  675.850418][T11520]  should_fail_ex.cold+0x5/0xa
[  675.850449][T11520]  should_failslab+0xc2/0x120
[  675.850473][T11520]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  675.850504][T11520]  ? skb_clone+0x190/0x400
[  675.850542][T11520]  skb_clone+0x190/0x400
[  675.850575][T11520]  raw_local_deliver+0x84c/0xd40
[  675.850615][T11520]  ? __pfx_raw_local_deliver+0x10/0x10
[  675.850646][T11520]  ? lock_acquire+0x1b1/0x370
[  675.850676][T11520]  ip_protocol_deliver_rcu+0xeb/0x4d0
[  675.850703][T11520]  ip_local_deliver_finish+0x3f2/0x6e0
[  675.850729][T11520]  ip_local_deliver+0x19a/0x1f0
[  675.850749][T11520]  ? __pfx_ip_local_deliver+0x10/0x10
[  675.850770][T11520]  ip_rcv+0x33a/0x3c0
[  675.850791][T11520]  ? __pfx_ip_rcv+0x10/0x10
[  675.850809][T11520]  __netif_receive_skb_one_core+0x197/0x1e0
[  675.850838][T11520]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  675.850869][T11520]  ? lock_acquire+0x1b1/0x370
[  675.850903][T11520]  __netif_receive_skb+0x1f/0x120
[  675.850932][T11520]  netif_receive_skb+0x13b/0x7f0
[  675.850957][T11520]  ? tun_build_skb.constprop.0+0x9b5/0x18f0
[  675.850986][T11520]  ? __pfx_netif_receive_skb+0x10/0x10
[  675.851025][T11520]  tun_rx_batched.isra.0+0x3f6/0x750
[  675.851054][T11520]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[  675.851089][T11520]  ? rcu_is_watching+0x12/0xc0
[  675.851120][T11520]  ? tun_get_user+0x1cc8/0x3c20
[  675.851149][T11520]  tun_get_user+0x1e31/0x3c20
[  675.851190][T11520]  ? __pfx_tun_get_user+0x10/0x10
[  675.851219][T11520]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  675.851251][T11520]  ? find_held_lock+0x2b/0x80
[  675.851270][T11520]  ? tun_get+0x191/0x370
[  675.851292][T11520]  ? tun_get+0x191/0x370
[  675.851325][T11520]  tun_chr_write_iter+0xdc/0x200
[  675.851355][T11520]  vfs_write+0x6ac/0x1070
[  675.851380][T11520]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  675.851409][T11520]  ? __pfx_vfs_write+0x10/0x10
[  675.851435][T11520]  ? find_held_lock+0x2b/0x80
[  675.851474][T11520]  ksys_write+0x12a/0x250
[  675.851495][T11520]  ? __pfx_ksys_write+0x10/0x10
[  675.851520][T11520]  ? rcu_is_watching+0x12/0xc0
[  675.851553][T11520]  do_syscall_64+0x10b/0xf80
[  675.851578][T11520]  ? clear_bhb_loop+0x40/0x90
[  675.851603][T11520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.851625][T11520] RIP: 0033:0x7fcb5215d60e
[  675.851643][T11520] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  675.851662][T11520] RSP: 002b:00007fcb52f72fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  675.851680][T11520] RAX: ffffffffffffffda RBX: 00007fcb52f736c0 RCX: 00007fcb5215d60e
[  675.851694][T11520] RDX: 00000000000000c2 RSI: 0000200000000380 RDI: 00000000000000c8
[  675.851707][T11520] RBP: 00007fcb52f73090 R08: 0000000000000000 R09: 0000000000000000
[  675.851719][T11520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.851731][T11520] R13: 00007fcb52416038 R14: 00007fcb52415fa0 R15: 00007ffead13de88
[  675.851760][T11520]  </TASK>
[  676.469757][T11525] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  676.788614][ T5718] usb 5-1: Using ep0 maxpacket: 8
[  676.905288][ T5718] usb 5-1: unable to get BOS descriptor or descriptor too short
[  676.914852][ T5718] usb 5-1: config 117 has an invalid interface number: 163 but max is 0
[  676.925702][ T5718] usb 5-1: config 117 has no interface number 0
[  676.934744][ T5718] usb 5-1: config 117 interface 163 has no altsetting 0
[  676.948082][ T5718] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=5d.24
[  676.958712][ T5718] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  676.967617][ T5718] usb 5-1: Product: syz
[  676.972447][ T5718] usb 5-1: Manufacturer: syz
[  676.978169][ T5718] usb 5-1: SerialNumber: syz
[  677.413973][ T8146] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  677.593136][ T8146] usb 4-1: Using ep0 maxpacket: 8
[  677.600288][ T8146] usb 4-1: config 2 has an invalid interface number: 215 but max is 0
[  677.608815][ T8146] usb 4-1: config 2 has an invalid interface descriptor of length 2, skipping
[  677.618092][ T8146] usb 4-1: config 2 has no interface number 0
[  677.624388][ T8146] usb 4-1: config 2 interface 215 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  677.637762][ T8146] usb 4-1: config 2 interface 215 has no altsetting 0
[  677.654000][ T8146] usb 4-1: New USB device found, idVendor=257a, idProduct=360f, bcdDevice=88.da
[  677.663407][ T8146] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.671525][ T8146] usb 4-1: Product: syz
[  677.675954][ T8146] usb 4-1: Manufacturer: syz
[  677.680616][ T8146] usb 4-1: SerialNumber: syz
[  679.172914][ T8139] usb 5-1: USB disconnect, device number 51
[  679.224709][ T8139] f81534a_ctrl 5-1:117.163: failed to enable ports: -19
[  679.598686][T11490] tipc: Disabling bearer <eth:syzkaller0>
[  680.048413][ T8146] option 4-1:2.215: GSM modem (1-port) converter detected
[  680.254496][ T8146] usb 4-1: USB disconnect, device number 42
[  680.638548][ T8146] option 4-1:2.215: device disconnected
[  680.807032][T11550] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1532'.
[  680.828992][T11550] ipt_ECN: cannot use operation on non-tcp rule
[  680.982091][T11559] fuse: Invalid rootmode
[  682.211942][ T8146] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  682.399897][ T8146] usb 1-1: Using ep0 maxpacket: 16
[  682.479714][ T8146] usb 1-1: unable to get BOS descriptor or descriptor too short
[  682.536646][T11569] nbd: must specify at least one socket
[  682.545550][ T8146] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  682.660797][ T8146] usb 1-1: string descriptor 0 read error: -22
[  682.694986][ T8146] usb 1-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  682.829727][ T8146] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.043824][ T8146] snd-ua101 1-1:1.0: invalid num_altsetting
[  683.063170][ T4930] Bluetooth: hci1: command 0x0406 tx timeout
[  683.259175][T11578] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  683.263564][T11548] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1532'.
[  683.283210][T11548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1532'.
[  683.316609][T11550] netlink: 'syz.0.1532': attribute type 10 has an invalid length.
[  683.369269][T11578] syzkaller0: entered promiscuous mode
[  683.382915][T11578] syzkaller0: entered allmulticast mode
[  683.397101][T11581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  683.422013][T11578] tipc: Resetting bearer <eth:syzkaller0>
[  683.439517][T11581] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  683.459411][T11581] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1532'.
[  683.504782][T11577] tipc: Resetting bearer <eth:syzkaller0>
[  684.966688][T11593] netlink: 'syz.3.1543': attribute type 10 has an invalid length.
[  685.631820][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  685.638282][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  688.045147][T11577] tipc: Disabling bearer <eth:syzkaller0>
[  688.077869][ T8146] usb 1-1: USB disconnect, device number 39
[  688.107042][T11588] bridge0: port 2(bridge_slave_1) entered blocking state
[  688.114244][T11588] bridge0: port 2(bridge_slave_1) entered listening state
[  688.121790][T11588] bridge0: port 1(bridge_slave_0) entered blocking state
[  688.128997][T11588] bridge0: port 1(bridge_slave_0) entered listening state
[  688.160438][T11588] 8021q: adding VLAN 0 to HW filter on device bond0
[  688.250214][T11593] syz_tun: entered promiscuous mode
[  688.268006][T11593] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  689.266647][ T4930] Bluetooth: hci4: unexpected event for opcode 0x0c5b
[  689.887562][ T5703] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  690.106930][ T5703] usb 1-1: Using ep0 maxpacket: 8
[  690.250443][ T5703] usb 1-1: config 1 interface 0 has no altsetting 0
[  690.524804][T11631] fuse: Unknown parameter 'user_i00000000000000000000'
[  690.540235][ T5703] usb 1-1: New USB device found, idVendor=056a, idProduct=005d, bcdDevice= 0.40
[  690.563262][ T5703] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.581705][ T5703] usb 1-1: Product: Ⰹ
[  690.592735][ T5703] usb 1-1: Manufacturer: וּ鰢헴✒譽冓瓲멝鈛铉㟔ؔ莀߰髍㳎廐㇓炚屛꠼䙓興אָ긜ꡘ䗬檨泓캳쏇閽뗬뭎姶്ᔞ☀ꭼ畴杤⌘주餟ꊿ睰形ꏠ꤬ꅓ㙎闿뙓곙ᣒ缗ॹ戴；䬏孉ἇᗈᠺ卩쒄成坅κ欥푙伖貓紐䕇✔꒎仠ଡ଼鑏
[  690.626294][ T5703] usb 1-1: SerialNumber: ᑥ
[  690.688553][T11634] netlink: 'syz.2.1555': attribute type 6 has an invalid length.
[  690.807375][T11636] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1556'.
[  690.918692][T11615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  690.930400][T11615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  690.980842][T11640] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  690.998256][T11637] netlink: 120 bytes leftover after parsing attributes in process `syz.0.1551'.
[  691.014868][T11637] netlink: 'syz.0.1551': attribute type 1 has an invalid length.
[  691.031140][T11637] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1551'.
[  691.086300][T11640] syzkaller0: entered promiscuous mode
[  691.105790][T11640] syzkaller0: entered allmulticast mode
[  691.115685][T11640] tipc: Resetting bearer <eth:syzkaller0>
[  691.130956][T11639] tipc: Resetting bearer <eth:syzkaller0>
[  691.667585][ T5739] IPVS: starting estimator thread 0...
[  691.791143][T11653] IPVS: using max 37 ests per chain, 88800 per kthread
[  691.853161][ T5718] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  692.028761][ T5718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  692.056991][ T5718] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  692.082385][ T5718] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  692.101650][ T5718] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  692.134148][ T5718] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  692.162920][ T5718] usb 5-1: config 0 descriptor??
[  692.733069][ T5718] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  695.293459][ T5739] usb 5-1: USB disconnect, device number 52
[  695.813585][ T5703] usbhid 1-1:1.0: can't add hid device: -32
[  695.846806][ T5703] usbhid 1-1:1.0: probe with driver usbhid failed with error -32
[  696.887511][T11639] tipc: Disabling bearer <eth:syzkaller0>
[  696.902520][ T5703] usb 1-1: USB disconnect, device number 40
[  697.390912][T11691] fuse: Unknown parameter 'user_i00000000000000000000'
[  697.458514][T11694] netlink: 'syz.0.1567': attribute type 6 has an invalid length.
[  697.864095][T11682] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  698.504837][ T5703] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  698.702905][ T5703] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  698.741931][T11704] fuse: fd is not a fuse device
[  699.085193][   T29] audit: type=1400 audit(1778120561.584:706): avc:  denied  { ioctl } for  pid=11701 comm="syz.1.1572" path="socket:[33921]" dev="sockfs" ino=33921 ioctlcmd=0x8921 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  699.283108][ T5703] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  699.440858][T11721] netlink: 'syz.3.1576': attribute type 6 has an invalid length.
[  699.467995][ T5703] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  699.493869][ T5703] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  699.532831][ T5703] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  699.574880][ T5703] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  699.622376][ T5703] usb 5-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  699.670887][ T5703] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.722587][ T5703] usb 5-1: config 0 descriptor??
[  699.779351][T11726] FAULT_INJECTION: forcing a failure.
[  699.779351][T11726] name failslab, interval 1, probability 0, space 0, times 0
[  699.837310][T11726] CPU: 1 UID: 0 PID: 11726 Comm: syz.3.1578 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  699.837344][T11726] Tainted: [L]=SOFTLOCKUP
[  699.837351][T11726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  699.837362][T11726] Call Trace:
[  699.837369][T11726]  <TASK>
[  699.837376][T11726]  dump_stack_lvl+0x100/0x190
[  699.837404][T11726]  should_fail_ex.cold+0x5/0xa
[  699.837431][T11726]  should_failslab+0xc2/0x120
[  699.837453][T11726]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  699.837483][T11726]  ? skb_clone+0x190/0x400
[  699.837516][T11726]  skb_clone+0x190/0x400
[  699.837545][T11726]  netlink_deliver_tap+0xaed/0xcc0
[  699.837577][T11726]  netlink_unicast+0x62b/0x850
[  699.837621][T11726]  ? __pfx_netlink_unicast+0x10/0x10
[  699.837654][T11726]  netlink_sendmsg+0x8b0/0xda0
[  699.837684][T11726]  ? __pfx_netlink_sendmsg+0x10/0x10
[  699.837706][T11726]  ? __might_fault+0x90/0x140
[  699.837752][T11726]  ____sys_sendmsg+0x9e1/0xb70
[  699.837774][T11726]  ? __pfx_netlink_sendmsg+0x10/0x10
[  699.837802][T11726]  ? __pfx_____sys_sendmsg+0x10/0x10
[  699.837838][T11726]  ___sys_sendmsg+0x190/0x1e0
[  699.837864][T11726]  ? __pfx____sys_sendmsg+0x10/0x10
[  699.837922][T11726]  __sys_sendmsg+0x170/0x220
[  699.837954][T11726]  ? __pfx___sys_sendmsg+0x10/0x10
[  699.837996][T11726]  ? rcu_is_watching+0x12/0xc0
[  699.838031][T11726]  do_syscall_64+0x10b/0xf80
[  699.838055][T11726]  ? clear_bhb_loop+0x40/0x90
[  699.838081][T11726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.838101][T11726] RIP: 0033:0x7f18a1d9cdd9
[  699.838117][T11726] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  699.838134][T11726] RSP: 002b:00007f18a2ce7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  699.838151][T11726] RAX: ffffffffffffffda RBX: 00007f18a2015fa0 RCX: 00007f18a1d9cdd9
[  699.838164][T11726] RDX: 0000000004000000 RSI: 0000200000000280 RDI: 0000000000000003
[  699.838175][T11726] RBP: 00007f18a2ce7090 R08: 0000000000000000 R09: 0000000000000000
[  699.838185][T11726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.838196][T11726] R13: 00007f18a2016038 R14: 00007f18a2015fa0 R15: 00007ffc9f71e818
[  699.838219][T11726]  </TASK>
[  699.839353][T11727] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1579'.
[  700.112918][ T5703] hdpvr 5-1:0.0: firmware version 0xf4 dated �Ahk¶�^ہg���y����]���G}kB~�������9rW[
[  700.151592][ T5703] hdpvr 5-1:0.0: untested firmware, the driver might not work.
[  700.261995][T11742] netlink: 'syz.2.1583': attribute type 1 has an invalid length.
[  700.333871][T11707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  700.403737][T11745] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1583'.
[  700.433890][T11707] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  700.514863][ T5703] hdpvr 5-1:0.0: device init failed
[  700.520242][ T5703] hdpvr 5-1:0.0: probe with driver hdpvr failed with error -12
[  700.555283][ T5703] usb 5-1: USB disconnect, device number 53
[  700.597860][T11742] 8021q: adding VLAN 0 to HW filter on device bond1
[  702.926757][T11752] fuse: fd is not a fuse device
[  702.934510][ T5718] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  703.536458][ T5718] usb 2-1: Using ep0 maxpacket: 8
[  703.543096][    C0] bridge0: port 1(bridge_slave_0) entered learning state
[  703.550397][    C0] bridge0: port 2(bridge_slave_1) entered learning state
[  703.596052][ T5718] usb 2-1: unable to get BOS descriptor or descriptor too short
[  703.634430][ T5718] usb 2-1: config 6 has an invalid interface number: 172 but max is 0
[  703.652786][ T5718] usb 2-1: config 6 has no interface number 0
[  703.661080][ T5718] usb 2-1: config 6 interface 172 has no altsetting 0
[  703.684050][ T5718] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  703.700630][ T5718] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.716430][ T5718] usb 2-1: Product: syz
[  703.798531][ T5718] usb 2-1: Manufacturer: syz
[  703.844018][ T5718] usb 2-1: SerialNumber: syz
[  703.926359][   T29] audit: type=1326 audit(1778120566.424:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11761 comm="syz.2.1589" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f12edd9cdd9 code=0x0
[  703.931015][ T5718] usb 2-1: can't set config #6, error -71
[  704.198930][T11765] syzkaller1: entered promiscuous mode
[  704.220835][T11765] syzkaller1: entered allmulticast mode
[  704.304945][T11769] netlink: 'syz.4.1588': attribute type 6 has an invalid length.
[  704.306453][ T5718] usb 2-1: USB disconnect, device number 48
[  705.045946][T11775] nbd: must specify at least one socket
[  705.142718][T11780] loop6: detected capacity change from 0 to 2640
[  705.165729][T11780] buffer_io_error: 11 callbacks suppressed
[  705.165761][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.203342][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.247344][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.298218][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.323250][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.425750][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.449079][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.461870][T11782] netlink: 'syz.1.1594': attribute type 16 has an invalid length.
[  705.466155][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.485592][T11780] ldm_validate_partition_table(): Disk read failed.
[  705.498436][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.512460][T11780] Buffer I/O error on dev loop6, logical block 0, async page read
[  705.665169][T11782] netlink: 'syz.1.1594': attribute type 17 has an invalid length.
[  705.843915][T11780] Dev loop6: unable to read RDB block 0
[  705.859788][T11780]  loop6: unable to read partition table
[  705.884493][T11780] loop_reread_partitions: partition scan of loop6 (3�����) failed (rc=-5)
[  705.964046][T11782] 8021q: adding VLAN 0 to HW filter on device bond0
[  706.060782][T11782] bridge0: port 3(dummy0) entered blocking state
[  706.069237][T11782] bridge0: port 3(dummy0) entered forwarding state
[  706.093058][ T8146] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  706.261255][ T8146] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 255, changing to 7
[  706.335347][ T8146] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid maxpacket 1040, setting to 1024
[  706.367824][T11782] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  706.410322][ T8146] usb 2-1: New USB device found, idVendor=1235, idProduct=8211, bcdDevice= 0.40
[  706.423505][T11798] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1598'.
[  706.434835][ T8146] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.451280][T11782] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  706.463312][ T8146] usb 2-1: Product: syz
[  706.633730][ T8146] usb 2-1: Manufacturer: syz
[  706.638652][ T8146] usb 2-1: SerialNumber: syz
[  706.662411][T11782] veth1_vlan: left promiscuous mode
[  706.671163][T11782] veth0_vlan: left promiscuous mode
[  706.678148][T11782] veth0_vlan: entered promiscuous mode
[  706.717380][T11782] veth1_vlan: entered promiscuous mode
[  706.810506][T11801] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  707.419446][T11782] veth1_macvtap: left promiscuous mode
[  707.436055][T11782] veth0_macvtap: left promiscuous mode
[  707.448583][T11782] veth0_macvtap: entered promiscuous mode
[  707.455545][T11782] veth1_macvtap: entered promiscuous mode
[  707.510707][T11782] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  707.564296][T11782] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  707.583636][T11782] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  707.600916][T11782] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  707.695176][T11782] vlan2: left allmulticast mode
[  707.700297][T11782] netdevsim netdevsim1 netdevsim0: left allmulticast mode
[  707.711257][T11782] macsec1: left promiscuous mode
[  707.758445][ T6231] bridge0: port 1(bridge_slave_0) entered blocking state
[  707.765612][ T6231] bridge0: port 1(bridge_slave_0) entered forwarding state
[  707.828235][ T6231] bridge0: port 2(bridge_slave_1) entered blocking state
[  707.844120][ T6231] bridge0: port 2(bridge_slave_1) entered forwarding state
[  707.866249][ T5718] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  707.932704][T11807] netlink: 'syz.2.1600': attribute type 2 has an invalid length.
[  707.956200][ T8146] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  707.966606][T11807] netlink: 'syz.2.1600': attribute type 1 has an invalid length.
[  707.975151][ T8146] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  708.034738][ T5718] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  708.071516][ T5718] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  708.101898][ T5718] usb 1-1: config 1 has no interface number 0
[  708.134078][ T5718] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  708.177090][ T5718] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  708.219334][ T5718] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  708.245362][ T5718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.257507][ T9408] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  708.276628][ T9408] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  708.286279][ T5718] usb 1-1: Product: syz
[  708.292221][ T5718] usb 1-1: Manufacturer: syz
[  708.324527][ T9408] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  708.337538][ T5718] usb 1-1: SerialNumber: syz
[  708.366573][ T9408] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  708.617393][ T8146] usb 2-1: USB disconnect, device number 49
[  708.915667][T11654] udevd[11654]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  709.000879][T11815] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1601'.
[  710.042196][T11821] netlink: 'syz.1.1603': attribute type 6 has an invalid length.
[  711.011684][T11833] netlink: 'syz.3.1606': attribute type 4 has an invalid length.
[  711.020303][T11833] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1606'.
[  711.245304][T11833] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1606'.
[  713.041455][ T5718] cdc_ncm 1-1:1.1: failed GET_NTB_PARAMETERS
[  713.085787][ T5718] cdc_ncm 1-1:1.1: bind() failure
[  713.157584][ T5718] usb 1-1: USB disconnect, device number 41
[  713.412283][T11848] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1611'.
[  713.706144][T11851] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  717.484638][T11859] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1616'.
[  718.626870][T11881] netlink: 'syz.4.1620': attribute type 3 has an invalid length.
[  718.661746][T11881] comedi comedi3: das16m1: I/O base address not correctly aligned
[  718.906550][    C0] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.913896][    C0] bridge0: topology change detected, propagating
[  718.920688][    C0] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.928023][    C0] bridge0: topology change detected, propagating
[  721.382580][T11917] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1624'.
[  721.734780][T11921] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  722.147592][   T29] audit: type=1400 audit(1778120584.624:708): avc:  denied  { accept } for  pid=11922 comm="syz.2.1626" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  722.399169][   T29] audit: type=1326 audit(1778120584.874:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.426166][   T29] audit: type=1326 audit(1778120584.874:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.452897][   T29] audit: type=1326 audit(1778120584.874:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.559153][   T29] audit: type=1326 audit(1778120584.874:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.613051][ T8146] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  722.622533][   T29] audit: type=1326 audit(1778120584.874:713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=461 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.649622][   T29] audit: type=1326 audit(1778120584.874:714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.679797][   T29] audit: type=1326 audit(1778120584.874:715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.737468][   T29] audit: type=1326 audit(1778120584.874:716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.769251][   T29] audit: type=1326 audit(1778120584.874:717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11927 comm="syz.3.1628" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f18a1d9cdd9 code=0x7ffc0000
[  722.826037][ T8146] usb 5-1: Using ep0 maxpacket: 8
[  722.838135][ T8146] usb 5-1: unable to get BOS descriptor or descriptor too short
[  722.851957][ T8146] usb 5-1: config 6 has an invalid interface number: 172 but max is 0
[  722.876024][ T8146] usb 5-1: config 6 has no interface number 0
[  722.900587][ T8146] usb 5-1: config 6 interface 172 has no altsetting 0
[  722.947089][ T8146] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  723.000584][ T8146] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  723.025836][ T8146] usb 5-1: Product: syz
[  723.040339][ T8146] usb 5-1: Manufacturer: syz
[  723.052362][ T8146] usb 5-1: SerialNumber: syz
[  723.706602][ T8146] usb_8dev 5-1:6.172 can0: sending command message failed
[  723.714969][ T8146] usb_8dev 5-1:6.172 can0: can't get firmware version
[  723.893834][ T8146] usb_8dev 5-1:6.172: probe with driver usb_8dev failed with error -22
[  724.041132][ T8146] usb 5-1: USB disconnect, device number 54
[  726.194884][ T2167] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  726.390804][ T2167] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  726.431107][ T2167] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  726.462931][ T2167] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.495838][ T2167] usb 1-1: config 0 descriptor??
[  727.182512][ T2167] usbhid 1-1:0.0: can't add hid device: -71
[  727.229156][ T2167] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  727.353196][ T5703] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  727.389387][ T2167] usb 1-1: USB disconnect, device number 42
[  727.543243][ T5703] usb 2-1: Using ep0 maxpacket: 8
[  728.214183][ T5703] usb 2-1: unable to get BOS descriptor or descriptor too short
[  728.390936][ T5703] usb 2-1: config 6 has an invalid interface number: 172 but max is 0
[  728.512154][ T5703] usb 2-1: config 6 has no interface number 0
[  728.582437][ T5703] usb 2-1: config 6 interface 172 has no altsetting 0
[  728.675017][ T5703] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  728.747693][ T5703] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.816068][ T5703] usb 2-1: Product: syz
[  728.858353][ T5703] usb 2-1: Manufacturer: syz
[  728.901546][ T5703] usb 2-1: SerialNumber: syz
[  728.928550][   T46] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  729.666763][T11979] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.678248][T11979] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  730.183138][ T2167] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  730.299566][T11995] SET target dimension over the limit!
[  730.695965][ T5703] usb_8dev 2-1:6.172 can0: sending command message failed
[  730.790272][ T5703] usb_8dev 2-1:6.172 can0: can't get firmware version
[  731.235518][T12005] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1650'.
[  732.206100][T12012] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  732.436072][ T5703] usb_8dev 2-1:6.172: probe with driver usb_8dev failed with error -22
[  733.116323][ T5703] usb 2-1: USB disconnect, device number 50
[  733.695817][T12015] netlink: 'syz.3.1652': attribute type 4 has an invalid length.
[  734.425517][T12028] kAFS: unable to lookup cell '�'
[  734.755367][T12033] netlink: 'syz.3.1658': attribute type 6 has an invalid length.
[  735.472904][T12039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1660'.
[  735.540468][   T29] kauditd_printk_skb: 53 callbacks suppressed
[  735.540493][   T29] audit: type=1400 audit(1778120598.024:771): avc:  denied  { firmware_load } for  pid=12037 comm="syz.3.1660" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  735.598425][   T46] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  735.809257][   T46] usb 2-1: Using ep0 maxpacket: 8
[  736.038240][   T46] usb 2-1: unable to get BOS descriptor or descriptor too short
[  736.253503][ T5718] usb 5-1: new high-speed USB device number 55 using dummy_hcd
[  736.395590][   T46] usb 2-1: config 6 has an invalid interface number: 172 but max is 0
[  737.092718][   T46] usb 2-1: config 6 has no interface number 0
[  737.846155][   T46] usb 2-1: config 6 interface 172 has no altsetting 0
[  737.896672][   T46] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  737.911178][T12038] syz.3.1660 (12038) used greatest stack depth: 18536 bytes left
[  737.925186][ T5718] usb 5-1: Using ep0 maxpacket: 8
[  737.931345][   T46] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.969133][ T5718] usb 5-1: unable to get BOS descriptor or descriptor too short
[  737.985602][   T46] usb 2-1: Product: syz
[  738.005768][   T46] usb 2-1: Manufacturer: syz
[  738.016428][ T5718] usb 5-1: config 6 has an invalid interface number: 172 but max is 0
[  738.032243][   T46] usb 2-1: SerialNumber: syz
[  738.044555][ T5718] usb 5-1: config 6 has no interface number 0
[  738.076077][ T5718] usb 5-1: config 6 interface 172 has no altsetting 0
[  738.645481][ T5718] usb 5-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=76.1a
[  738.657429][ T5718] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  738.729793][ T5718] usb 5-1: Product: syz
[  738.770133][ T5718] usb 5-1: Manufacturer: syz
[  738.806801][ T5718] usb 5-1: SerialNumber: syz
[  738.870496][ T5718] usb 5-1: can't set config #6, error -71
[  738.926107][ T5718] usb 5-1: USB disconnect, device number 55
[  738.936009][   T46] usb_8dev 2-1:6.172 can0: sending command message failed
[  738.947866][   T46] usb_8dev 2-1:6.172 can0: can't get firmware version
[  739.017631][   T29] audit: type=1800 audit(1778120601.514:772): pid=12055 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.1666" name="nullb0" dev="tmpfs" ino=1533 res=0 errno=0
[  739.065700][   T46] usb_8dev 2-1:6.172: probe with driver usb_8dev failed with error -22
[  739.092606][   T46] usb 2-1: USB disconnect, device number 51
[  739.113055][ T5703] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  739.140815][T12059] netlink: 'syz.3.1667': attribute type 4 has an invalid length.
[  739.288448][ T5703] usb 1-1: Using ep0 maxpacket: 32
[  739.394569][ T5703] usb 1-1: config 2 has an invalid interface number: 88 but max is 0
[  739.407312][ T5703] usb 1-1: config 2 has no interface number 0
[  739.420816][ T5703] usb 1-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256
[  739.762385][ T5703] usb 1-1: config 2 interface 88 has no altsetting 0
[  739.771610][ T5703] usb 1-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e
[  739.780934][ T5703] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  739.789053][ T5703] usb 1-1: Product: syz
[  739.793280][ T5703] usb 1-1: Manufacturer: syz
[  739.797886][ T5703] usb 1-1: SerialNumber: syz
[  739.806545][T12063] misc userio: Can't change port type on an already running userio instance
[  739.912320][T12052] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  740.512202][T12052] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  740.954240][   T29] audit: type=1400 audit(1778120603.444:773): avc:  denied  { bind } for  pid=12049 comm="syz.0.1664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  740.976588][   T29] audit: type=1400 audit(1778120603.464:774): avc:  denied  { listen } for  pid=12049 comm="syz.0.1664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  741.883294][ T4930] Bluetooth: hci1: command 0x0406 tx timeout
[  741.904706][ T5703] asix 1-1:2.88 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  741.918340][ T5703] asix 1-1:2.88: probe with driver asix failed with error -71
[  742.249309][ T5703] usb 1-1: USB disconnect, device number 44
[  742.661838][T12085] ipt_ECN: cannot use operation on non-tcp rule
[  742.895309][T12094] netlink: 'syz.0.1678': attribute type 1 has an invalid length.
[  742.903388][T12094] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1678'.
[  742.916014][ T2167] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  745.356230][ T4930] Bluetooth: hci1: command 0x0406 tx timeout
[  745.375991][T12097] virt_wifi0 speed is unknown, defaulting to 1000
[  745.430380][ T2167] usb 2-1: Using ep0 maxpacket: 16
[  746.293849][T12081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1674'.
[  746.314379][ T2167] usb 2-1: unable to get BOS descriptor or descriptor too short
[  746.328795][ T2167] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[  746.441444][T12081] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1674'.
[  746.700102][ T2167] usb 2-1: string descriptor 0 read error: -22
[  746.700676][T12105] netlink: 'syz.1.1674': attribute type 10 has an invalid length.
[  746.719817][ T2167] usb 2-1: New USB device found, idVendor=0582, idProduct=007d, bcdDevice= 0.40
[  747.491595][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  747.509464][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  747.531505][ T2167] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.673698][T12105] bridge0: port 3(dummy0) entered disabled state
[  747.680255][T12105] bridge0: port 2(bridge_slave_1) entered disabled state
[  747.687766][T12105] bridge0: port 1(bridge_slave_0) entered disabled state
[  747.748958][ T2167] usb 2-1: can't set config #1, error -71
[  747.849772][ T2167] usb 2-1: USB disconnect, device number 52
[  748.085654][   T29] audit: type=1400 audit(1778120610.584:775): avc:  denied  { connect } for  pid=12116 comm="syz.2.1685" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  748.193059][ T2167] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  748.353228][ T2167] usb 2-1: Using ep0 maxpacket: 8
[  748.375002][ T2167] usb 2-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=4d.89
[  748.395651][ T2167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.421073][ T2167] usb 2-1: config 0 descriptor??
[  748.515896][ T2167] gm12u320 2-1:0.0: [drm:gm12u320_misc_request.constprop.0] *ERROR* Misc. req. error -22
[  748.597905][ T2167] gm12u320 2-1:0.0: probe with driver gm12u320 failed with error -5
[  748.652009][ T2167] usb-storage 2-1:0.0: USB Mass Storage device detected
[  748.687052][ T2167] usb-storage 2-1:0.0: device ignored
[  749.281912][ T2167] usb 2-1: USB disconnect, device number 53
[  749.553799][   T29] audit: type=1400 audit(1778120612.044:776): avc:  denied  { map } for  pid=12132 comm="syz.3.1689" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  750.154232][ T2167] usb 5-1: new high-speed USB device number 56 using dummy_hcd
[  751.343119][ T2167] usb 5-1: Using ep0 maxpacket: 8
[  753.342528][ T5704] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  753.589515][T12149] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  753.599689][T12149] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  754.496812][ T5704] usb 1-1: config index 0 descriptor too short (expected 36, got 18)
[  754.581426][ T5704] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  754.709475][ T2167] usb 5-1: device descriptor read/all, error -71
[  754.767384][ T5704] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  754.864148][ T5704] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  754.930537][ T5704] usb 1-1: Product: syz
[  754.957866][ T5704] usb 1-1: Manufacturer: syz
[  754.989228][ T5704] usb 1-1: SerialNumber: syz
[  755.077655][ T5704] usb 1-1: config 0 descriptor??
[  756.122416][ T5704] usb 1-1: can't set config #0, error -71
[  756.175279][ T5704] usb 1-1: USB disconnect, device number 45
[  756.610390][T12173] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  757.532876][T12181] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1699'.
[  757.807189][T12185] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  760.120596][T12200] netlink: 'syz.2.1704': attribute type 3 has an invalid length.
[  762.873085][ T5704] usb 4-1: new full-speed USB device number 44 using dummy_hcd
[  763.393046][ T5704] usb 4-1: not running at top speed; connect to a high speed hub
[  763.427542][ T5704] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  763.467047][ T5704] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 0.40
[  763.500847][ T5704] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  763.534743][ T5704] usb 4-1: Product: syz
[  763.560762][ T5704] usb 4-1: Manufacturer: syz
[  763.573757][ T5704] usb 4-1: SerialNumber: syz
[  763.899651][T12232] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  764.065045][T12234] syzkaller0: entered promiscuous mode
[  764.084436][T12234] syzkaller0: entered allmulticast mode
[  764.098104][ T5704] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  764.368122][   T29] audit: type=1400 audit(1778120626.694:777): avc:  denied  { mounton } for  pid=12229 comm="syz.4.1710" path="/317/file0" dev="tmpfs" ino=1682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  764.446530][ T5704] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -2
[  764.489543][ T5704] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  764.535565][ T5704] snd-usb-audio 4-1:1.1: probe with driver snd-usb-audio failed with error -2
[  764.674999][ T5704] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  764.741455][   T29] audit: type=1400 audit(1778120627.204:778): avc:  denied  { watch_mount } for  pid=12231 comm="syz.0.1711" path="/330" dev="tmpfs" ino=1728 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  764.750328][ T5704] snd-usb-audio 4-1:1.2: probe with driver snd-usb-audio failed with error -2
[  764.779309][ T5704] usb 4-1: USB disconnect, device number 44
[  764.894349][T11986] udevd[11986]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  764.936151][T12231] tipc: Resetting bearer <eth:syzkaller0>
[  764.965665][T12231] tipc: Disabling bearer <eth:syzkaller0>
[  766.318680][   T29] audit: type=1400 audit(1778120628.184:779): avc:  denied  { write } for  pid=12248 comm="syz.1.1717" path="socket:[33631]" dev="sockfs" ino=33631 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  767.284667][ T8142] usb 5-1: new high-speed USB device number 58 using dummy_hcd
[  767.793640][ T8142] usb 5-1: Using ep0 maxpacket: 32
[  767.807974][   T29] audit: type=1400 audit(1778120628.184:780): avc:  denied  { map } for  pid=12248 comm="syz.1.1717" path="/proc/1172/maps" dev="proc" ino=33700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  767.835487][ T8142] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  767.861510][ T8142] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  767.892917][ T8142] usb 5-1: config 0 descriptor??
[  768.186624][ T8142] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware
[  768.223818][ T8142] usb 5-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2
[  768.254154][   T29] audit: type=1400 audit(1778120630.754:781): avc:  denied  { firmware_load } for  pid=8142 comm="kworker/0:9" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  768.274906][ T8142] usb 5-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw
[  768.498376][   T29] audit: type=1400 audit(1778120630.904:782): avc:  denied  { write } for  pid=12271 comm="syz.3.1722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  768.735305][T12279] .: renamed from syz_tun
[  769.124323][T12286] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12286 comm=syz.2.1725
[  770.703019][ T5704] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  770.991639][ T5704] usb 4-1: device descriptor read/64, error -71
[  771.442884][   T29] audit: type=1400 audit(1778120633.934:783): avc:  denied  { read } for  pid=12304 comm="syz.0.1731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  771.543275][ T5704] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  771.964082][ T5704] usb 4-1: device descriptor read/64, error -71
[  772.101016][ T5704] usb usb4-port1: attempt power cycle
[  772.333364][ T2167] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  772.663087][ T5704] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  772.960163][T12317] virt_wifi0 speed is unknown, defaulting to 1000
[  775.395072][ T2167] usb 1-1: Using ep0 maxpacket: 8
[  775.468569][ T2167] usb 1-1: device descriptor read/all, error -71
[  775.496744][ T5704] usb 4-1: device descriptor read/8, error -71
[  775.586573][T12322] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1736'.
[  776.369497][T12332] syz_tun: entered allmulticast mode
[  776.713257][ T5704] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  776.746280][ T5704] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  776.768287][ T5704] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  776.787991][ T5704] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  776.804910][ T5704] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.826022][T12336] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  776.852740][ T5704] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  777.314761][ T5718] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  777.514769][T12336] netlink: 'syz.3.1741': attribute type 4 has an invalid length.
[  777.619203][T12360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  777.662035][T12360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  777.705054][ T5718] usb 2-1: Using ep0 maxpacket: 16
[  777.705517][ T5703] usb 4-1: USB disconnect, device number 48
[  777.728254][ T5718] usb 2-1: config 2 has an invalid interface number: 114 but max is 0
[  777.752542][   T29] audit: type=1400 audit(1778120640.244:784): avc:  denied  { map } for  pid=12361 comm="syz.0.1747" path="pipe:[5233]" dev="pipefs" ino=5233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  777.777859][   T29] audit: type=1400 audit(1778120640.244:785): avc:  denied  { execute } for  pid=12361 comm="syz.0.1747" path="pipe:[5233]" dev="pipefs" ino=5233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  777.813066][ T5718] usb 2-1: config 2 has no interface number 0
[  777.819478][ T5718] usb 2-1: config 2 interface 114 has no altsetting 0
[  777.941389][ T5718] usb 2-1: New USB device found, idVendor=0458, idProduct=7005, bcdDevice=f7.de
[  777.980853][ T5718] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  778.000605][ T5718] usb 2-1: Product: syz
[  778.012566][ T5718] usb 2-1: Manufacturer: syz
[  778.145800][ T5718] usb 2-1: SerialNumber: syz
[  778.445837][T12366] virt_wifi0 speed is unknown, defaulting to 1000
[  781.201485][ T5718] gspca_main: sn9c2028-2.14.0 probing 0458:7005
[  781.257802][ T5718] gspca_sn9c2028: read1 error -71
[  781.296075][ T5718] gspca_sn9c2028: read1 error -71
[  781.301893][   T29] audit: type=1400 audit(1778120643.794:786): avc:  denied  { read } for  pid=12375 comm="syz.3.1752" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  781.319843][ T5718] gspca_sn9c2028: read1 error -71
[  781.364078][ T5718] sn9c2028 2-1:2.114: probe with driver sn9c2028 failed with error -71
[  781.406538][ T5718] usb 2-1: USB disconnect, device number 54
[  781.570396][   T29] audit: type=1400 audit(1778120644.064:787): avc:  denied  { accept } for  pid=12384 comm="syz.1.1755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  781.896941][T12387] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1755'.
[  782.549372][T12397] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1757'.
[  782.976383][ T5703] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  783.135074][ T5703] usb 1-1: Using ep0 maxpacket: 32
[  783.151334][ T5703] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  783.169753][T12405] virt_wifi0 speed is unknown, defaulting to 1000
[  783.217423][ T5703] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.247213][ T5703] usb 1-1: config 0 descriptor??
[  783.468833][ T5703] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  783.484605][ T5703] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  783.494580][ T5703] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  783.501785][ T5703] usb 1-1: media controller created
[  783.512871][ T5703] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  783.984970][T12411] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1750'.
[  784.097702][ T5703] az6027: usb out operation failed. (-71)
[  784.116724][ T5703] az6027: usb out operation failed. (-71)
[  784.129523][ T5703] stb0899_attach: Driver disabled by Kconfig
[  784.143042][ T5703] az6027: no front-end attached
[  784.143042][ T5703] 
[  784.162179][ T5703] az6027: usb out operation failed. (-71)
[  784.180386][ T5703] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  784.198639][ T5703] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input37
[  784.227471][ T5703] dvb-usb: schedule remote query interval to 400 msecs.
[  784.236077][ T5703] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  784.253643][ T5703] usb 1-1: USB disconnect, device number 48
[  784.382384][ T5703] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  784.821174][T12431] netlink: 'syz.3.1768': attribute type 1 has an invalid length.
[  784.830219][T12431] netlink: 'syz.3.1768': attribute type 2 has an invalid length.
[  784.839418][T12431] netlink: 'syz.3.1768': attribute type 1 has an invalid length.
[  784.848286][T12431] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1768'.
[  784.959098][   T50] Bluetooth: hci3: unexpected event for opcode 0x0c1b
[  787.362862][T12457] virt_wifi0 speed is unknown, defaulting to 1000
[  787.456728][T12470] netlink: zone id is out of range
[  790.066803][T12481] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  790.593560][   T29] audit: type=1400 audit(1778120653.064:788): avc:  denied  { ioctl } for  pid=12486 comm="syz.3.1786" path="socket:[35628]" dev="sockfs" ino=35628 ioctlcmd=0x8916 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  895.282891][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  895.289886][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P11654/1:b..l
[  895.298533][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=79517, q=404 ncpus=2)
[  895.306249][    C0] task:udevd           state:R  running task     stack:24600 pid:11654 tgid:11654 ppid:4978   task_flags:0x400140 flags:0x00080000
[  895.321057][    C0] Call Trace:
[  895.324348][    C0]  <TASK>
[  895.327280][    C0]  __schedule+0x10e9/0x6820
[  895.331790][    C0]  ? stack_trace_save+0x8e/0xc0
[  895.336653][    C0]  ? __pfx___schedule+0x10/0x10
[  895.341505][    C0]  ? mark_held_locks+0x40/0x70
[  895.346273][    C0]  preempt_schedule_irq+0x50/0x90
[  895.351300][    C0]  irqentry_exit+0x1fe/0x790
[  895.355897][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  895.361876][    C0] RIP: 0010:lock_acquire+0x5e/0x370
[  895.367087][    C0] Code: 05 bb 3d 26 12 83 f8 07 0f 87 d9 02 00 00 48 0f a3 05 c6 29 f3 0e 0f 82 a4 02 00 00 8b 35 4e 5d f3 0e 85 f6 0f 85 bf 00 00 00 <48> 8b 44 24 30 65 48 2b 05 5d 3d 26 12 0f 85 ed 02 00 00 48 83 c4
[  895.386706][    C0] RSP: 0018:ffffc900038d77e8 EFLAGS: 00000206
[  895.392778][    C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000001
[  895.400746][    C0] RDX: 0000000000000000 RSI: ffffffff8defaa14 RDI: ffffffff8c1c3680
[  895.408710][    C0] RBP: ffffffff8e7e54e0 R08: 0000000064a9034e R09: 0000000000000007
[  895.416689][    C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002
[  895.424668][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  895.432660][    C0]  ? kernfs_root+0xee/0x2a0
[  895.437165][    C0]  ? kernfs_root+0xee/0x2a0
[  895.441673][    C0]  kernfs_root+0x34/0x2a0
[  895.446004][    C0]  ? kernfs_root+0x23/0x2a0
[  895.450502][    C0]  kernfs_iop_get_link+0x3c8/0x16a0
[  895.455710][    C0]  pick_link+0xd17/0x13c0
[  895.460038][    C0]  ? __pfx_kernfs_iop_get_link+0x10/0x10
[  895.465671][    C0]  step_into_slowpath+0x9ba/0xf90
[  895.470695][    C0]  ? __pfx___up_read+0x10/0x10
[  895.475464][    C0]  ? kernfs_dop_revalidate+0x3c6/0x7e0
[  895.480941][    C0]  ? kernfs_dop_revalidate+0x3c6/0x7e0
[  895.486426][    C0]  ? __pfx_step_into_slowpath+0x10/0x10
[  895.491978][    C0]  ? kernfs_dop_revalidate+0xd0/0x7e0
[  895.497370][    C0]  ? lookup_fast+0x2da/0x600
[  895.501959][    C0]  path_openat+0xf95/0x31a0
[  895.506475][    C0]  ? __pfx_path_openat+0x10/0x10
[  895.511429][    C0]  do_file_open+0x20e/0x430
[  895.515938][    C0]  ? __pfx_do_file_open+0x10/0x10
[  895.520986][    C0]  ? alloc_fd+0x476/0x790
[  895.525324][    C0]  ? do_getname+0x191/0x390
[  895.529836][    C0]  do_sys_openat2+0x10d/0x1e0
[  895.534519][    C0]  ? __pfx_do_sys_openat2+0x10/0x10
[  895.539716][    C0]  ? __pfx_lo_ioctl+0x10/0x10
[  895.544399][    C0]  ? blkdev_ioctl+0x449/0x6f0
[  895.549070][    C0]  ? __pfx_lo_ioctl+0x10/0x10
[  895.553753][    C0]  __x64_sys_openat+0x12d/0x210
[  895.558611][    C0]  ? __pfx___x64_sys_openat+0x10/0x10
[  895.563985][    C0]  ? selinux_file_ioctl+0xb6/0x290
[  895.569108][    C0]  ? rcu_is_watching+0x12/0xc0
[  895.573879][    C0]  do_syscall_64+0x10b/0xf80
[  895.578468][    C0]  ? clear_bhb_loop+0x40/0x90
[  895.583155][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  895.589068][    C0] RIP: 0033:0x7fd30f6a7407
[  895.593480][    C0] RSP: 002b:00007fff4ca00920 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  895.601925][    C0] RAX: ffffffffffffffda RBX: 00007fd30feb5880 RCX: 00007fd30f6a7407
[  895.609893][    C0] RDX: 0000000000080000 RSI: 0000555dd51331e0 RDI: ffffffffffffff9c
[  895.617858][    C0] RBP: 0000555dd51331e0 R08: 0000000000000000 R09: 0000000000000000
[  895.625828][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  895.633792][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000009
[  895.641773][    C0]  </TASK>
[  895.644796][    C0] rcu: rcu_preempt kthread starved for 10471 jiffies! g79517 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  895.655980][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  895.665941][    C0] rcu: RCU grace-period kthread stack dump:
[  895.671815][    C0] task:rcu_preempt     state:R  running task     stack:28216 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  895.685307][    C0] Call Trace:
[  895.688577][    C0]  <TASK>
[  895.691505][    C0]  __schedule+0x10e9/0x6820
[  895.696041][    C0]  ? __pfx___schedule+0x10/0x10
[  895.700897][    C0]  ? find_held_lock+0x2b/0x80
[  895.705574][    C0]  ? schedule+0x2bf/0x390
[  895.709904][    C0]  schedule+0xdd/0x390
[  895.713971][    C0]  schedule_timeout+0x127/0x280
[  895.718833][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  895.724211][    C0]  ? __pfx_process_timeout+0x10/0x10
[  895.729494][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  895.735294][    C0]  ? prepare_to_swait_event+0xdf/0x4a0
[  895.740759][    C0]  rcu_gp_fqs_loop+0x1a9/0x900
[  895.745521][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  895.750805][    C0]  ? prepare_to_swait_event+0xae/0x4a0
[  895.756275][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  895.761214][    C0]  ? __pfx_rcu_gp_cleanup+0x10/0x10
[  895.766670][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  895.772476][    C0]  rcu_gp_kthread+0x179/0x230
[  895.777152][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  895.782344][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  895.788147][    C0]  ? __kthread_parkme+0x18c/0x230
[  895.793170][    C0]  ? kthread+0x13a/0x450
[  895.797411][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  895.802608][    C0]  kthread+0x370/0x450
[  895.806674][    C0]  ? __pfx_kthread+0x10/0x10
[  895.811260][    C0]  ret_from_fork+0x72b/0xd50
[  895.815849][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  895.820960][    C0]  ? __switch_to+0x800/0x1100
[  895.825644][    C0]  ? __pfx_kthread+0x10/0x10
[  895.830235][    C0]  ret_from_fork_asm+0x1a/0x30
[  895.835018][    C0]  </TASK>
[  895.838024][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  895.844340][    C0] CPU: 0 UID: 0 PID: 12493 Comm: syz.4.1787 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  895.855268][    C0] Tainted: [L]=SOFTLOCKUP
[  895.859579][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  895.869620][    C0] RIP: 0010:smp_call_function_many_cond+0x589/0x1700
[  895.876296][    C0] Code: b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 79 83 0c 00 f3 90 <41> 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 63 0f 00 00 8b 45 08 31
[  895.895893][    C0] RSP: 0018:ffffc9000204f268 EFLAGS: 00000246
[  895.901953][    C0] RAX: 0000000000080000 RBX: 0000000000000001 RCX: ffffc9000e6f3000
[  895.909922][    C0] RDX: 0000000000080000 RSI: ffffffff81fc0fa7 RDI: ffff88801e7f0000
[  895.917888][    C0] RBP: ffff8880b8540f40 R08: 0000000000000005 R09: 0000000000000000
[  895.925853][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[  895.933811][    C0] R13: ffffed10170a81e9 R14: 0000000000000001 R15: ffff8880b843c5c0
[  895.941773][    C0] FS:  00007f1c42a6a6c0(0000) GS:ffff888124375000(0000) knlGS:0000000000000000
[  895.950694][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  895.957271][    C0] CR2: 0000200000b36030 CR3: 000000003bdee000 CR4: 00000000003526f0
[  895.965232][    C0] Call Trace:
[  895.968501][    C0]  <TASK>
[  895.971427][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  895.976801][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  895.982019][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  895.988350][    C0]  ? find_held_lock+0x2b/0x80
[  895.993024][    C0]  ? lock_acquire+0x1b1/0x370
[  895.997700][    C0]  ? rcu_is_watching+0x12/0xc0
[  896.002475][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  896.007755][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  896.013122][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  896.018236][    C0]  flush_tlb_mm_range+0x45f/0x16f0
[  896.023349][    C0]  ? page_table_check_clear+0x47e/0x8f0
[  896.028893][    C0]  ? __page_table_check_pte_clear+0xa9/0x100
[  896.034866][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  896.040410][    C0]  ? __pfx_pte_mkwrite+0x10/0x10
[  896.045343][    C0]  ptep_clear_flush+0x148/0x170
[  896.050193][    C0]  do_wp_page+0x12a4/0x4350
[  896.054704][    C0]  ? __pfx_do_wp_page+0x10/0x10
[  896.059560][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  896.064945][    C0]  __handle_mm_fault+0x1ab6/0x2a00
[  896.070068][    C0]  ? mt_find+0x45e/0x8e0
[  896.074313][    C0]  ? __pfx___handle_mm_fault+0x10/0x10
[  896.079776][    C0]  ? __pfx_mt_find+0x10/0x10
[  896.084381][    C0]  ? find_vma+0xbf/0x140
[  896.088617][    C0]  ? __pfx_find_vma+0x10/0x10
[  896.093289][    C0]  handle_mm_fault+0x36d/0xa20
[  896.098060][    C0]  do_user_addr_fault+0x74c/0x12f0
[  896.103176][    C0]  ? trace_page_fault_kernel+0x7a/0x200
[  896.108731][    C0]  exc_page_fault+0x6f/0xd0
[  896.113232][    C0]  asm_exc_page_fault+0x26/0x30
[  896.118080][    C0] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  896.123799][    C0] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 c7 d7 03 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  896.143411][    C0] RSP: 0018:ffffc9000204f9d8 EFLAGS: 00050246
[  896.149472][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000b36030
[  896.157436][    C0] RDX: 0000000000080000 RSI: ffffffff895585c1 RDI: ffff88801e7f0000
[  896.165396][    C0] RBP: ffffc9000204fd78 R08: 0000000000000005 R09: 0000000000000000
[  896.173359][    C0] R10: 0000000000000002 R11: 0000000000000000 R12: 0000000000000000
[  896.181324][    C0] R13: 0000200000b36000 R14: ffffc9000204fdbc R15: 0000000000000002
[  896.189385][    C0]  ? ____sys_recvmsg+0x2e1/0x640
[  896.194325][    C0]  ____sys_recvmsg+0x2ec/0x640
[  896.199085][    C0]  ? __pfx_unix_dgram_recvmsg+0x10/0x10
[  896.204645][    C0]  ? __pfx_____sys_recvmsg+0x10/0x10
[  896.209942][    C0]  ? rcu_is_watching+0x12/0xc0
[  896.214713][    C0]  ? ___sys_recvmsg+0x177/0x1a0
[  896.219556][    C0]  ? kfree+0x1dd/0x6c0
[  896.223626][    C0]  ___sys_recvmsg+0x16a/0x1a0
[  896.228301][    C0]  ? __pfx____sys_recvmsg+0x10/0x10
[  896.233518][    C0]  ? __pfx___might_resched+0x10/0x10
[  896.238809][    C0]  do_recvmmsg+0x301/0x760
[  896.243230][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  896.248173][    C0]  ? __sched_setaffinity+0x17c/0x280
[  896.253459][    C0]  ? do_futex+0x192/0x350
[  896.257799][    C0]  ? __x64_sys_futex+0x34f/0x4d0
[  896.262743][    C0]  __x64_sys_recvmmsg+0x22a/0x280
[  896.267762][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  896.273311][    C0]  ? __pfx___x64_sys_sched_setaffinity+0x10/0x10
[  896.279637][    C0]  ? rcu_is_watching+0x12/0xc0
[  896.284410][    C0]  do_syscall_64+0x10b/0xf80
[  896.288995][    C0]  ? clear_bhb_loop+0x40/0x90
[  896.293668][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  896.299554][    C0] RIP: 0033:0x7f1c41b9cdd9
[  896.303966][    C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  896.323567][    C0] RSP: 002b:00007f1c42a6a028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  896.331973][    C0] RAX: ffffffffffffffda RBX: 00007f1c41e16090 RCX: 00007f1c41b9cdd9
[  896.339932][    C0] RDX: 00000000080002c1 RSI: 0000200000000040 RDI: 0000000000000007
[  896.347899][    C0] RBP: 00007f1c41c32d69 R08: 0000000000000000 R09: 0000000000000000
[  896.355858][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  896.363827][    C0] R13: 00007f1c41e16128 R14: 00007f1c41e16090 R15: 00007ffcd2bd0f08
[  896.371803][    C0]  </TASK>