last executing test programs:

9m18.176161883s ago: executing program 1 (id=1094):
r0 = socket(0x15, 0x5, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x7fff, 0x400)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000340)={0x0, 0x1, 0x0, &(0x7f0000001600)=""/118, 0x0, 0x3332f000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000100))
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000040)={0x0, r3})
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000fcffffff00000000000000008500000036000000180100006420002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000180"], &(0x7f00000001c0)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x5, 0x14, 0x0, &(0x7f0000000140)="259a00f271a76d1708fff74588a80a3888a82f15", 0x0, 0xd11, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x34, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0)
r6 = socket$kcm(0x29, 0x2, 0x0)
close(r6)
r7 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r7, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, 0x0}, 0x30004040)
setsockopt$sock_attach_bpf(r6, 0x1, 0xd, &(0x7f00000000c0), 0xfe11)
close(r6)

9m17.52961503s ago: executing program 1 (id=1096):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x3, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001011ff00000000000100070000002000000000ff0200000000000000000000000000014f194e20"], 0xfdef)

9m17.401771018s ago: executing program 1 (id=1097):
r0 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000010ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c947420000000000000000ff4a70f3"}, 0x17d, 0x5})
preadv(r0, &(0x7f0000000480)=[{&(0x7f0000000180)=""/1, 0x1}], 0x1, 0x1, 0xd)
ioctl$DVB_DEMUX_DMX_SET_BUFFER_SIZE(r0, 0x6f2d, 0xff)

9m16.737867478s ago: executing program 1 (id=1103):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
mount$bind(&(0x7f0000002280)='.\x00', &(0x7f00000022c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00')

9m16.653793533s ago: executing program 1 (id=1105):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000580)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x300, 0x18c, 0x203, 0x0, 0x19030000, 0x3f0, 0x2e0, 0x2e0, 0x3f0, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x300, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x1d}, {0x20}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xe}, {}, {0x0, 0x0, 0x3}, {0x2}, {}, {0x0, 0x0, 0x0, 0x1}, {}, {}, {0x16}, {}, {}, {0x7}, {}, {0x0, 0x0, 0x0, 0x101}, {}, {}, {}, {}, {}, {}, {0xfffe}, {}, {}, {}, {0x0, 0xfd}, {}, {0x7a04}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb84, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {}, {}, {}, {}, {0x0, 0x0, 0xfe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xffff}, {0x4}]}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)

9m16.213777306s ago: executing program 1 (id=1109):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)

9m16.081591518s ago: executing program 32 (id=1109):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x400000000000284, 0xf00)

12.197425851s ago: executing program 2 (id=3972):
r0 = memfd_create(&(0x7f0000000500)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x1c\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\x83\x11\v}k+\xeb\xc3\xc0O\xae\xd2\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb901nEy\x82\x83\x80\xd3O\x00|hP\x00\x00\x00\x00\x00\x00\x00\x05\x86\xfe\xd9\xa5\xc6\nSy\xa3N\xba-]\'q\xc6\xfb\x02\x9a\xa9Z\xa8\x80Bx\xbd74\xcf\"\xa5\xea$\x95\xfd\x06T\xef\x89\xe4j\x06\xdc\x15\xe7\xc3\xb5H\xf7\xdc\xee\x182\xab\xe2?\"\xbewm\x9d\xd8x\xd92\xeeS/\xd2\xcd[\x9dcO1\xcb\x12lZ$\xa7\x9d\xf8b\xf6}\xc5``\xfe0\x8a\'v-\x99`?\x97\x8c\xdd\xd6\xfa\xa2\x06>\xf3\xe2uI\xe65C\xdb\x84\xe6eU\xe8RK\xd6=s\xcd\x9d\x1f#3\xc5\x16\xd0\xbbD\xc5\xde\xc8/\v\xa5W\xbep\x87\x15\x10\xcdm\xa7\x93\x01\x1c,9V8\xdc\xfd\xb7\xc0\xfc\x04\x00p\xad\x12\xb2\xbf\xfbFZ\x1a\f\x99\x05\xe4\x1eP\xed\x87\x89\xbeo\xfbv\xb6\x8a\xee\xf6Oc8\xaf\x11[\xc3\x98w-\xf0\xb2z\xc7\xaf;\x92\xad4\x1b\x92L\x97<\xbdh\x80\xf2\xc0\xd0n)K\xf2#Ncp\xe4\xb4\xfb\x94\x18\xc2-TWA\x13\xfe\xea\xad\v\xc4\xa5\x02\xf9\xed]\xf4\\\x01\xab\xdc\xb6\xcdP\x93\xf2\xc3\x96\xf2\xc0\xd6-x\xd5\xd6\xc7\x9d\xa5\x1f\xd2t\xd7\x8f}b\x9749\xd4a7\x18\xe0\x91KV7[\xb8\x8dL\xc8\xc8\x8f>sbE\xf5\xa7\xdb|\xb0m\x16c\x84\r\"\xf2\x92s\xeb\xaf\x1c\x00\xf4\x8dL\xa5\x10\x89FB\xfb8\xf9\x9d\xcbm\x1c\x91\xe9fd$5\xdc\xad\xec\xef\x90\xd9\xefX\xd2m\x9e\xec\x94w\xb3\xf9\xd9\x0eu-z\x81\xbb\xa6\xc0\x00\xa1\xd9\xcbI\xda\xa3\b\x9e@\xb8\xc8k\xdeQ/\xb8X\x9c\xff4Np~\xc4\xc1_\x1c#zX\a\xd41\x1c\x7fH\x91\xd9k\x05\x1f\n\b\b\x88\xd6\xcf4i\xa0B\xe7\x9c\x9c\xe6\xcax\xca\xa1E#6\xe9\xf31W\xd0\x1bY3/\x00I#\xfa\xb0\f\xd5!\x9fR[\x0e\xdb`\xdb\x82M\'k\x16(\xfa\xc2\xec\x96e\\Q\xe9\x19\xe1u\x86\xcb\xc3\xb0\xb8\x19\xb9l\x1fk!R\xb1P\x8b\xda\xffE\x89\x97\n\x17m\xd10\x1a\xe7Qz\xd8\bi\x8dRw+\xa1^N\xaf\x1b\x1dg\x8f$\xbe\x93\x8d\x8b\xfd\r\xee<\x84\x95\x82)TH\xcac9\x98\x13WW@;\xb4\xd5\x0f\xa1\xb3xX(\x80\xe8\x89\xed e.\xe04\xba\x9c=\xc6\x04\f\xbf\x06\xce5\xf99GD8@\xd2\r\xd0\xdf@\xe3\xbe\"qq#]\x86W\tA\xa7\x91\x85\xae\x9c\x8dO\xa6\xa3\xf9i\x83\xc5\xa8C\x164\xef\xa4\\\a\xaa%\x94!3k]\xd5\xbe\'U\xf17', 0x1)
r1 = accept(0xffffffffffffffff, &(0x7f0000000040)=@l2tp6={0xa, 0x0, 0x0, @local}, &(0x7f00000000c0)=0x80)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100)=0x6, &(0x7f0000000140)=0x4)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r3, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
write$binfmt_aout(r3, 0x0, 0xffffffdb)
add_key(&(0x7f0000000040)='pkcs7_test\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
r4 = dup(r0)
r5 = dup(r4)
write$binfmt_elf64(r5, &(0x7f00000006c0)=ANY=[], 0x178)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

10.193952092s ago: executing program 2 (id=3980):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f0000000180)={0x0, 0xfff, 0x100fe})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44004)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000000200000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32eda04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d730300f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc69839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000800000000000000000000000000000000000000000000000009e9a0bfc62aaae909c682890aed704fc098318d52a04f2a6293674ce655a9f51ad5e26b3b904934e3559fcaaf5000159e9d4c7bf168ff7c5f60e0000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c080000040601530300000000007ac0a2e48a46bb3fe3e400000000"], 0x1c}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
pread64(0xffffffffffffffff, &(0x7f0000000940)=""/4096, 0x1000, 0x3)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000202, 0x0, 0x0, &(0x7f0000000040)='./file0\x00')
socket$inet6(0xa, 0x1, 0x88)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000900)={0x14, r5, 0x301, 0x70bd29, 0x25dfdbfb, {0x21}}, 0x14}, 0x1, 0x0, 0x0, 0x815}, 0x20004814)

6.11339769s ago: executing program 0 (id=4005):
socket$inet6(0xa, 0x3, 0x4)
r0 = openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x2e)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f0000000080)='./file1\x00', 0x8)
getitimer(0x1, &(0x7f0000000140))
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x3f}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x4000}}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x800000}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$RFKILL_IOC_MAX_SIZE(r2, 0x2, &(0x7f0000000180)=0x10001)
chdir(&(0x7f00000000c0)='./file1\x00')
sched_setaffinity(0x0, 0xfffffffffffffd7a, &(0x7f0000000580)=0x8000000002)
syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x40000)
r3 = getpid()
sched_setscheduler(r3, 0x1, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680))
r4 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f0000000180)=0x6f)
r5 = dup2(r4, r4)
read$FUSE(r5, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.current\x00', 0x275a, 0x0)
fallocate(r6, 0x0, 0xfea000, 0x2000402)

5.621575649s ago: executing program 0 (id=4008):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x2004000)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x200})
r1 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x814}, 0x4000)
preadv(r0, &(0x7f0000000300)=[{&(0x7f0000000340)=""/4, 0x2}], 0x3e8, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
sendmsg$nl_route(r1, 0x0, 0xc0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0xffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
sendmsg$NLBL_MGMT_C_ADDDEF(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x34, r5, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @remote}, @NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x2400cc04}, 0x0)
read$msr(r2, &(0x7f0000007880)=""/102400, 0x19000)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
getpid()
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_int(r7, 0x29, 0x10, 0x0, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
symlink(0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
socket(0x10, 0x4, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000040)={'vxcan0\x00', <r9=>0x0})
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000140)={'vxcan1\x00', <r10=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYRES8=r10, @ANYRES8, @ANYBLOB='\b\x00\t\x00', @ANYRES32=r9, @ANYRES32=r8, @ANYRES8=r6, @ANYRES64=r0], 0x44}}, 0x0)

4.90144027s ago: executing program 0 (id=4015):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000"], 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r0, @ANYBLOB="a787000000ff000000000b0000040400"], 0x18}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDCTL_SEQ_RESET(0xffffffffffffffff, 0x5100)

4.665559175s ago: executing program 2 (id=4017):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xa8603, 0x0)
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x13)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x450000, 0x0)
r0 = syz_usb_connect$rtl8150(0x6, 0x3f, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_usb_control_io$rtl8150(r0, 0x0, 0x0)
r1 = userfaultfd(0x801)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x4d0})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000104000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r7, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newqdisc={0x38, 0x28, 0x4ee4e6a52ff56541, 0x3fff, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, {0x4}, {0xffff, 0xffff}, {0xfff1, 0x1}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x7, 0x80}}]}, 0x38}, 0x1, 0x0, 0x0, 0xdc}, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

4.394001374s ago: executing program 4 (id=4021):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x2})
r0 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r1 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x2}})
write$tun(0xffffffffffffffff, &(0x7f00000003c0)=ANY=[@ANYBLOB="000030f6bbbbbbbbbbbb0180c200000388a8000081000002"], 0x36)

4.331733555s ago: executing program 4 (id=4022):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x141, 0x0)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000380), 0x8)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0xfffffffffffffffc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x4)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x208800, 0x8)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x42, &(0x7f0000003480)={0x0, 0x2710}, 0x10)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e23, 0x101, @private2, 0x8e4}}, 0x0, 0x0, 0x2b, 0x0, "bb02a3c364ca41d6357e54452401400400941292f4925a1e1ea6324d6193fcf19b49f3eefb1f56c54dc46d8b6d2ccd118aa0cc1dc2767bbe000100060000010100"}, 0xd8)
r3 = socket$kcm(0x23, 0x5, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
setsockopt$sock_int(r3, 0x1, 0x6, &(0x7f0000000240)=0x9, 0x4)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
listen(r3, 0x800)
r5 = socket$kcm(0x2, 0xa, 0x2)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @remote}, 0x1c)
syz_emit_ethernet(0x42, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x21, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x4, 0x2, 0x0, 0xe7, {[@timestamp={0x8, 0xa, 0x6, 0x4000}]}}}}}}}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x25, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000040)={0x8000, 0x4, 0xba, 0xfe0, 0x2})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000140)='GPL\x00'}, 0x94)

4.065004956s ago: executing program 0 (id=4023):
r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41)
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x11, &(0x7f0000000040)={@local, @remote, @void, {@generic={0x5, "c0e302"}}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
dup(r1)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)={&(0x7f0000000000)=ANY=[@ANYBLOB="d4000000", @ANYRES16=r3, @ANYBLOB="01002abd7000ffdbdf250300000008000100000000000c00060003"], 0xd4}, 0x1, 0x0, 0x0, 0x4000010}, 0x2048000)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x45ffffb, 0x122c42)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f0000001ac0)={r4, 0x0, {0x0, 0x0, 0x0, 0x1, 0x1ffffe, 0x0, 0x0, 0x0, 0x15, "339f020bbe82b38b000000000000000000070d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded147e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd2bf35239d2", "4f000000dd9d9ac2f63a7ad700", [0x5]}})
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r6 = io_uring_setup(0x7cc, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x401}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x18c6}, 0x0, 0x0)
ioctl$DVB_DEMUX_DMX_SET_FILTER(r0, 0x403c6f2b, &(0x7f0000000040)={0x1, {"40ad68bf607c2094e9c6a0c0f550f7f8", "241e6a0b37e28869f574458eb6417d55", "a34d3bcc4817356e5c266b26fe399bde"}, 0x7, 0x7})

3.877916865s ago: executing program 0 (id=4024):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005740)={&(0x7f00000055c0)={0x150, 0x2, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa}]}}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7ff}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_NAT_SRC={0x114, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @CTA_NAT_PROTO={0x4c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_PROTO={0x3c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010100}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x3}]}, 0x150}, 0x1, 0x0, 0x0, 0x40}, 0x2000c004)

3.876402169s ago: executing program 0 (id=4025):
r0 = socket$inet6(0xa, 0x80000, 0x1)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x50, &(0x7f0000000000)={0x0, 0x0}, 0x16)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x3, 0x0, 0x9, 0x1, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r3, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r3, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x23, &(0x7f00000000c0)=0xfe, 0x4)
sendmsg$NFT_BATCH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
unshare(0x8040480)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000004, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000240), 0x75, 0x58103)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x3, "5a77bd318786aeb202dfcdcdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a544304cfb2d22415e11068881e50f68530c2b21a100ef00000000ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171111d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b30855a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
fsopen(&(0x7f0000000740)='autofs\x00', 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000280)={&(0x7f00000059c0), 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

3.848830198s ago: executing program 2 (id=4027):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f00000000c0)={0x0, &(0x7f0000000240)})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0502103, &(0x7f0000000180)={0x0, 0xfff, 0x100fe})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44004)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f0000000d00)=ANY=[@ANYBLOB="b702000000200000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32eda04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d730300f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc69839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c4608800000000800000000000000000000000000000000000000000000000009e9a0bfc62aaae909c682890aed704fc098318d52a04f2a6293674ce655a9f51ad5e26b3b904934e3559fcaaf5000159e9d4c7bf168ff7c5f60e0000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r1, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c080000040601530300000000007ac0a2e48a46bb3fe3e400000000"], 0x1c}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000400), 0xffffffffffffffff)
socket$pppl2tp(0x18, 0x1, 0x1)
pread64(0xffffffffffffffff, &(0x7f0000000940)=""/4096, 0x1000, 0x3)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
quotactl$Q_QUOTAON(0xffffffff80000202, 0x0, 0x0, &(0x7f0000000040)='./file0\x00')
socket$inet6(0xa, 0x1, 0x88)
sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000900)={0x14, r5, 0x301, 0x70bd29, 0x25dfdbfb, {0x21}}, 0x14}, 0x1, 0x0, 0x0, 0x815}, 0x20004814)

3.661297551s ago: executing program 4 (id=4028):
syz_open_dev$usbmon(&(0x7f0000000000), 0x7, 0xa2002)
io_setup(0x8, &(0x7f0000004200))
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a14604fe52837a19dd6952fe2724c0105ab158a54a4a23ff0f4bc43c0e0e426e51258e40bb4b68ff4e3a8fe3"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000018c0)=@raw={'raw\x00', 0x8, 0x3, 0x540, 0x0, 0x11, 0x148, 0x340, 0x7f000000, 0x4a8, 0x2a8, 0x2a8, 0x4a8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r2}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, '\x00', {0x7}}}}, {{@uncond, 0x0, 0x128, 0x168, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'veth1_to_bridge\x00', {}, 'erspan0\x00', {0xff}, 0x4, 0x1e}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x2}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x3, {0xff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5a0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="20010000100021040000000000000000fe880000000000000000000000000001e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001000000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d983f8bebddd818700000000000000000000000000000000000000000000000002000000000000000000000014000e"], 0x120}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x4000000)
r6 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x12, r6, 0x0)
keyctl$join(0x1, &(0x7f0000000340)={'syz', 0x1})
write$selinux_load(0xffffffffffffffff, 0x0, 0x2000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x2, 0x5, 0x6, 0xce020b, 0x0, 0x9}, 0x9c)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='uid_map\x00')
write$dsp(r7, &(0x7f0000000380)="9e2b2dd1232e61764b8180ba78a820a17a3a3f54d708b1d27e0c00a044ab3f3dd2f6646c5dada4c06aab7e80e2562fa097fc483a942c3f99d414bbe19152c6ff55b452a3b16781da33e5d6bc2d4cf8261215c7eb890c3909c89eb957645bb0c5fb58c4cf433110ff74333b39aaa23992e1cc2fe9a1211aa6dd13760b5e8df1035768ac66011e84119c7fa7b7d5b2a9f3df794b86f2842f66270e48175231afd180bff352bb059e879ea74642b4ffc7f8df4b956b1d27e3e0c6bbd072e48d0241dac3afea04c2cb5e153199f3ff130e36b683aee19e17034de5cd29bde5e391c9eac1d6fce881b3eed58629275452", 0xee)
io_setup(0x5, &(0x7f00000000c0)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2}])
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000001c0)={@empty, @remote}, 0xc)

3.29747723s ago: executing program 5 (id=4029):
getpid()
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000b00)=ANY=[@ANYBLOB="1201000000000008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x2040000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000042000100fffffffffddbdf250200000004003880100001800c00c8000200000000000000100004800400c98008003500", @ANYRES32, @ANYBLOB="89bfc7684cf54df7196137f2c36c07ae6dde7697856d7c704e743b57002456734348d6042c"], 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1f, 0xc, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4], 0x6f4}}, 0x8044)

3.123135568s ago: executing program 4 (id=4030):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x6b, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000385352608f20446b76e8e01020301090259000104e9000909049300000e0100ff0a2401020005028a010209240603040001a53011240606040508000400050006000100050924030506030501f909240702020005cbad092403060101"], &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@gettfilter={0x4c, 0x2e, 0x2, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0x5, 0x10}, {0x0, 0x7}, {0xf, 0xfff3}}, [{0x8, 0xb, 0x7f}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x5}, {0x8, 0xb, 0x1f}, {0x8, 0xb, 0x7}]}, 0x4c}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c00128009000100626f6e64000000001c00028005000100040000000600180000100000060019"], 0x4c}}, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x100)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r2, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000380)={@in6={{0xa, 0x4e24, 0x1, @loopback, 0x9}}, 0x0, 0x0, 0x32, 0x0, "aae37be4753f0a28060a80cdd60fe31d6ba25cec257a3a485a338d600a8402d23df4854ed4cf29109f0e30e8d115e434392db157494620680fffb8cb989ab0cfc17eb88225e0fb0a062dd7a81eb098d3"}, 0xd8)
add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r4 = getpid()
syz_pidfd_open(r4, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000080), 0x22883, 0x0)
r5 = syz_io_uring_setup(0xf03, &(0x7f0000000400)={0x0, 0x595f, 0x10000, 0x0, 0x51}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000080)=<r8=>0x0)
syz_io_uring_submit(r6, r7, r8, &(0x7f0000000280)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x4110}, 0x1})
io_uring_enter(r5, 0x2000, 0xfffffffd, 0x9, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x65, 0x0, 0x95, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0xa, 0x1, 0x8, 0x0, 0x1000, {[@generic={0x13, 0x12, "08c09758c52aa04f25dfa64378059665"}]}}}}}}}, 0x0)

2.445594836s ago: executing program 3 (id=4031):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004840, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'syzkaller0\x00'})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8b0b, &(0x7f0000000000)={'wlan1\x00', @random="0100"})

2.36510699s ago: executing program 5 (id=4032):
r0 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x13012, r0, 0x0)
mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0xb)
r1 = openat$ppp(0xffffff9c, &(0x7f0000000180), 0x902, 0x0)
ioctl$PPPIOCUNBRIDGECHAN(r1, 0x7434)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xd}, @hci_ev_le_ltk_req={{}, {0xc8, 0x3, 0x80}}}}, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000200)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r4})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000340)={r6})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = getpid()
sched_setscheduler(r7, 0x1, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r8)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14, r9, 0x72b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), r8)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0c00470c", @ANYRESDEC], 0x7)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)

1.953421604s ago: executing program 5 (id=4033):
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000"], 0x0)
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r1, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r0, @ANYBLOB="a787000000ff000000000b0000040400"], 0x18}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDCTL_SEQ_RESET(0xffffffffffffffff, 0x5100)

1.470283788s ago: executing program 3 (id=4034):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1f, 0x8, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x200003, 0x0, 0x0, 0x0, 0xfffffffc}, [@call={0x85, 0x0, 0x0, 0x7b}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000, 0x38, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r1, 0xffffffffffffffff, 0x1000000}, 0xc)

1.341316772s ago: executing program 3 (id=4035):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, 0x0, 0x4d0d8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file2\x00', 0x1000, 0x0)
r3 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0], 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(0xffffffffffffffff, 0xc03864bc, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, 0x0, 0x0)
landlock_restrict_self(r3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r4, 0x84, 0x18, &(0x7f0000000000)=""/4103, &(0x7f0000001080)=0x1007)
renameat2(0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0, 0x2)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000003780)={&(0x7f00000010c0)=@newtaction={0x494, 0x30, 0x12f, 0x0, 0x0, {}, [{0x480, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x3, 0x7}, {0x7, 0x0, 0x2, 0x0, 0x0, 0x7}, 0x0, 0x3}}], []]}, {0x4}, {0xc, 0xb}, {0xc, 0xa, {0x0, 0x2}}}}, @m_xt={0x14c, 0x0, 0x0, 0x0, {{0x7}, {0x40, 0x2, 0x0, 0x1, [@TCA_IPT_INDEX={0x8, 0x3, 0x50000000}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TABLE={0x24, 0x1, 'filter\x00'}]}, {0xe6, 0x6, "0c6899db58a6144b622708ae0cca11f83bb2a18d15788bf08964587b3ac5aaf638055aecbc7cf70a5bdf4596e96f7bd3bc257e17dfc3c5114256b9a34ee0a3ec0218d0792ae6e0fbed3ea705c7e7c162f2f0c6b8dc12089d18486aefc8ae8d7d192abdfbe88ecc36c7ecc588609713fc4f5ebee560c10b9215ff2b6501fcfbbfe124b117daf1531d72f3a98979748b1a0e6b207c960bdbb8c4dec9ec19dcaa89f87ee9be251d62cd3eaafbbe3ecccd776d03933cc9bc8585b38a8fdd35d1a5d1659a606fcdb5827a4b1b78db7e5794c113948aa82fa5dc73cdd09dc06960aead59db"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ct={0x160, 0x1b, 0x0, 0x0, {{0x7}, {0x64, 0x2, 0x0, 0x1, [@TCA_CT_LABELS_MASK={0x14, 0x8, "dff21d16d06e732436e71566f77a2fbf"}, @TCA_CT_ACTION={0x6, 0x3, 0x16}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @multicast2}, @TCA_CT_MARK={0x8, 0x5, 0x1000}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @multicast2}, @TCA_CT_PARMS={0x18, 0x1, {0xa97, 0x7, 0x2, 0x1c15, 0x9}}]}, {0xd8, 0x6, "91a55d2a29e16c7e89043cd247f1a0768aa387e684e5060233256fc126eb53326a1dab6745d03ef40c43c75c532feae839919378606321b94d27613998f3db1c0e79c945904d234986e5be24f994dfb7479e61c92bdeeb095b92e5e43fc66ae23fa44ed7143dffe2c6e8e9cc109bd8286d949f27c738d2e2577a69a4c72682b32b6fd7b20e443b5af56bba2f8922fa1c54d07cffc67302a2d3f3d72b66784bda6670fde946e34d9f7515d3cd005003a1facd0c28d8d0766c2fdfc06acb2b81f630206d6947a3e3e4e01fef6799ca74fe48a9a379"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x3}}}}, @m_ctinfo={0xf0, 0xc, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x2}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x1}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x2}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x2}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x4}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0xd73}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x100}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8}]}, {0x7a, 0x6, "c5047172d46161d611416b888940c012ede4394a0b85f19dc19c03a434cf5880f8610cbbe8a0eb054c994e46d3e7ab606c9f353c661e2136ef2a7ab1119161417c8473de9ccac3203da9d43e73f7d32711c1d9088c4a0399b49f3348e99ad0d0ac969fbebd8d6c7801fd608699c995a3ad3b5eee8677"}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_connmark={0x74, 0x16, 0x0, 0x0, {{0xd}, {0x4}, {0x44, 0x6, "4600e0952f915373166a3d3d449b2411c863d590e211c77c11769981a4f625b0fef6243c433fa702d91f139998958356f0e55ad76140a74639e5713adabd53d0"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2}}}}]}]}, 0x494}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='loginuid\x00')

1.238601847s ago: executing program 4 (id=4036):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000005780)={0x0, 0x0, &(0x7f0000005740)={&(0x7f00000055c0)={0x148, 0x2, 0x1, 0x201, 0x0, 0x0, {0x3}, [@CTA_PROTOINFO={0x10, 0x4, 0x0, 0x1, @CTA_PROTOINFO_SCTP={0xc, 0x3, 0x0, 0x1, [@CTA_PROTOINFO_SCTP_VTAG_REPLY={0x8, 0x3, 0x1, 0x0, 0xa}]}}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0x7ff}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_NAT_SRC={0x114, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @CTA_NAT_PROTO={0x4c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @rand_addr=0x64010102}, @CTA_NAT_PROTO={0x3c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e22}]}, @CTA_NAT_V4_MINIP={0x8, 0x1, @remote}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @rand_addr=0x64010100}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @private1}, @CTA_NAT_PROTO={0x34, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e24}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e20}]}]}]}, 0x148}, 0x1, 0x0, 0x0, 0x40}, 0x2000c004)

935.238327ms ago: executing program 5 (id=4037):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x100008, 0x4, 0x8, 0x1, 0xffffffffffffffff, 0x400000}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000000100), 0x4, r0}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r0}, 0x38) (fail_nth: 4)

930.023408ms ago: executing program 4 (id=4038):
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b"], 0x0)
syz_usb_connect(0x5, 0x139, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
recvmmsg(r0, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e1c}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYBLOB="a787000000ff000000000b00000404000180"], 0x18}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1a, 0xf, 0x0, &(0x7f0000000180)='GPL\x00', 0x7, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4a6}, 0x94)

881.638745ms ago: executing program 2 (id=4039):
socket$inet6(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x2000000000000021, 0x2, 0x2)
shutdown(r0, 0x2)
shutdown(r0, 0x2)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc0bc5310, &(0x7f0000000300)={0x18, 0xffffffff, 0x0, 'queue1\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
syz_extract_tcp_res(&(0x7f0000000080), 0x80000000, 0xd)
syz_extract_tcp_res$synack(&(0x7f00000001c0), 0x1, 0x0)
syz_emit_ethernet(0x6e, 0x0, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)=[{0x0}], 0x1}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_io_uring_setup(0x106b, &(0x7f00000002c0)={0x0, 0x8e58, 0x2000, 0xfffffffe, 0x3c5}, 0x0, 0x0, &(0x7f0000000100))
syz_open_dev$sndpcmp(0x0, 0x3, 0x480400)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000000)=0x2)
ioctl$PPPIOCSPASS(r4, 0x40107447, &(0x7f0000000180)={0x2, &(0x7f0000000080)=[{0x40, 0x0, 0x7, 0x2}, {0x6, 0xfd}]})
write$ppp(r4, &(0x7f00000000c0)="43f1", 0x2)
syz_clone(0x18200000, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0))
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
socket$l2tp6(0xa, 0x2, 0x73)

560.291001ms ago: executing program 5 (id=4040):
syz_open_dev$usbmon(&(0x7f0000000000), 0x7, 0xa2002)
io_setup(0x8, &(0x7f0000004200))
syz_open_dev$sndpcmc(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x1, 0x5, &(0x7f00000007c0)=ANY=[@ANYBLOB="bf16000000000000b70700000200f0ff4070000000000000480000000000e1ff95000000000000002ba7e1d30cb599e83f040000f300000000bd01212fb56f040026fbfefc41056bd8174b79ed317142fa9ea4158123751c5c652fbc1626cca2a2ad75806150ae0209e62f51ee988e6e06c8206ac6879fc404004900c788b277be1cb79b0a4dcf23d410f6accd3641110bec4e90a634199e07f8f6eb968f200e011ea665c45a3449abe802f5ab3e89cf6cfdffffffb8580218ce740068720000074e8b1715807ea0ca469e468eea3fd2f73902ebcfcf49822775985bf313405b367e81c700000040000000000200000000005335000000143ea70c2ab40c7cb70cc8943a6d60d7c4900282e147d08e0af4b29df814f5691db43a5c00000004000000000089faff01210cce39bf405f1e846c12423a164a330100846f26ad03dd65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d6155102b1ced1e8019e63c850af895abba14f6fbd7fb5e2a431ab914040000000000010092c9f4609646b6c5c29647d2f950a959cf9938d6dfcb8ed2cbdc2ba9d580609e31c3fa90812a533ce206e7e57a79d6fce424c2204dd418c005479ecab19bdfb15a32a4fd67ce446adb431d07db79240acaf091231b986e77d05d988d6efdffdf48dca02113a38300cabf2b5543ffc166955709009e000000000061629d1822f720ec23812770d72c700a44e113d17088fdd00600000f7889b8c7044f56ff030000000000006cd4970400cac6f45a6922ded2e29514af463f747c08f4010586903500000000000000000000be34cf0f9d640dd782ac0cbc46903243d0d0f4bc7f253d0500000032daaf281c450e64c33aac8ff7e7d1c94c4505a9839688b008c370494f6734b771546d9552d3bb2da0d000000000000000009125c97f0400f5e1671bc5eb7739daa7820a91cb0e732df2ae1d39c747e00a4fbfe8942fa859cd28bdaa1509309926c77fbcb15ec58b42b400005a6b649dd5f13cd776e6c7c4b5c4b0de20e033b378553ead4c8cc530b62c36364e6505992209bdbc6203da7a3797246a6adef071102f0aa2c40095ddd05176f5cb8bd99e1ba0f9568f3e3876bba7bf973334e7919a080000000000000004fb996ad919f7e9672ce107000000ad882f2aead166c94500be902ee7dabc768eb9ec13f334aae90981ecaf5f744f22f2e45afe2c9e8632276cffe5f1fc215c0797d0244cf1ce269d10525745caaa3f77d1b80116cb9a38400242010000000100000091a0116f4693133138583da5e10b434697b0443b7b4ddfb3ace29e16e5a881336aad0974269a1025f2a9a135c0508af1aec2926627b43bba1229a7466bdca64f514b7911458da083e8681916d408d753226a83ae2434ccd3fc508216aea86833030f569d61dc998620fcf4eeb92e7bc511df63c53b82514493b8f3c74f44ba184d40e87612024da1a1ebe316923865f037c01d71b5de81121046d84b18acb5cbea7eecad9b6dd46ed83515cd9f140e5f00019be25b5910a3193e90be231a05fd82e6003969c3f081ff1d0eb50a04d14644234828cbb5aaa0ece702abdd425fa25ae04a2315c89064df633700000000d9e5953ea67310993d01000000000000003ac753358791b1490273ca535e05b11d815237743a5b79ad45de2a3c91257f02c2f30f5513662809073710937ed0055b238f466e1442f8ec7a5b394228035039ceeb452dca75f9ff5332b4c4777a58a0aa9a821667c68549e9da89ad4274ce2d3d7619936768a84a1465fff4eedba55955434f132ab7b8840558b3f918d675a79907a72a8252cd3fbaea5d3006a03507838231a335ae759ed25534f2e90a7def4b3d4af7fd47ab1a701e4b7a7dfc1d12775ed0a31bc7b5855880aa767e68196c7aa5ac115724b6cb8fcebb67719eccd87b06b38566cf61ad2f307a79d2ce9801837bf0bd3af0271de700eef2795d28cb0017000000000000000000e052d93194121b774d21a0317d0346078400004652c769fd3d3e661a2fb5ff0f000002ab2ac4eb3f19c042163e0bdb88b82de384a8055e8b1e24294b0546cce481ff5618b7b9585dbb64d66debf219fa479abf22f3d64fe82e466ea6f27859946e72f80bb1c9cfcde57b79625e2979fe689a5a246cbbdf6ad488f43f46b2536f175f46dfb27d5229467270246ab53616c46edf34c559d3de0c59ca3305e66825715e5e4cd5b54c1b05c09f04337a76a30373baac3ecec91fd546eb7c32dbecb18a308a0004be94dfab28c2a51dc856df0000000000c12254f041804f7f7074356789b1d4dd55f3e045a48241a4ce04d06acb2cf11eab759ba78da5da0f26126d4cf2c73e5f94030000040000000000000000c301985d603403592486204054be3fdda91f9e315886941928e5a8bc1a00e69a98c0a8f7192f6ee93cc4124cf4e7610915efc08c834a44e1d685d6835a40b5bc615949cbcd98d0e68d7eef5d32d5fcc7923d7544fa492aa38717481455e86dcd7816ad8940bd1995369d89ae6eadeb9117e8b94ab422c8d62f858875dccdbc89572231ef5d6df6a9c55f8df763c7c64da7cc017e1e3f5cd4cb9fe6d19b11d4d38239d318016e622b9683b7e46be64dc097982e23462392a0cd05afb2e060fd42ef00dfbd057311aab94f307d10c7a1af0d8e5a0fcb547475d13c0000000000000000f1cc97103d714d1abb901f866d9d629b4fb185f45790517c4a0f5c6a5024e3359e8d83e3f6edf9e2afb5ab59c7b2b45cfb0a3c1303a98e4ed531ac11cca1cd744b431de74c7cd6533adaa8ec749061b2959d53da626aa189781dc1be4d5c81aebc0cada819895b377d6cf0a7878ba99864ae84464744c605646caf2e06b13eba7ba10acf77d91b2297e9573abb0a4da534d735a223626402b308daf7835780fa6f4e410000000000fb00000000000000000000b14952139bd4bdbccc5e334c49584655c4fce8c5bb7c54664aef6d780100358aa54b4b49926c4be9ee4659153d9fa95d07cc4efdab2c5f4503148d0255d0b748366dafe042d78479c21d832e1431ed6d646d13e8e7230300920a5642bbed1dee9b46b6f02e572024ccf3c8edd82660e5d74c22e46af480c300000000000000000000000000000000000044ff72f96f084f4b6cdcb1b4a9d8e9f99f1b85497d0c3df704c8a0034c09caeeb0e34799b755649883539258a7b33dcef15d8fd1953ebaaa3cff81a0de7a05a440f20f6b273ceb8678f10378b670be7504dabd1471355d853292775d0366891f0bcf0a6087ed4f1f25ef52394db3e9d8318bbb9baff3db95bfd68a08ded502cc08a485c804e4fd107a7ca2a64ca081c6b2f7b895cdf98b763ebab9451c65eced6f5f97a541210806d885762ac3150225036c7eccd7a05593abd963f9a02df58085115e54f675e6a08d25b5722cabf989b4bbc562e073b81bae61f05c5e1f90e021340b60cc5fb8fdb09b6d20b0d87a6ed800000000000000000000000000000000006cc6f64f583a26a78f7f417f66c0af32f5194ddfce51e5aff28f621bb2fd2a5ab719823488d6e869b08d3d4ac7950c60144cf77437e29895a23282e3c65e015d1c334832a90ee77d93596e3f12e9ca8c67c7f3c9b66c9cb03edec184ad1d9544c7a3be250e471dca00000078544d79c0efe4094e561eeb26ee4c81106d03c004bc1589ef6e13648999c8735e2634e89aaa90c571fa3c07238697b1db783c52715055445e96995fe3273b0346b03fc742c06aa3947e0d9cf0c99b5e245ede85893112deea8bd3355a32ec15e1242f170a51f28cea4105541e96a52da4984d26bd29cb0623f00c6b0a4c00ad406d729babc9d1550a683c349017a340444000000000000000000000920ca49f7cc8194aaebdcae5a62bb7587b57f41f1c2034911f23e6bd0291b3319f03a0a15dea685a8ab75b3c60391afa5483231305402b52a8f98638009c142751518f73a847ca583e855d70c6a4a53f61ad753d5e740db44afd32b019d9e8b41361c2c1b9a8a14604fe52837a19dd6952fe2724c0105ab158a54a4a23ff0f4bc43c0e0e426e51258e40bb4b68ff4e3a8fe3"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28}, 0x94)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f00000018c0)=@raw={'raw\x00', 0x8, 0x3, 0x540, 0x0, 0x11, 0x148, 0x340, 0x7f000000, 0x4a8, 0x2a8, 0x2a8, 0x4a8, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x88000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @fd={0x2, 0x0, r2}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, '\x00', {0x7}}}}, {{@uncond, 0x0, 0x128, 0x168, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'veth1_to_bridge\x00', {}, 'erspan0\x00', {0xff}, 0x4, 0x1e}}, @common=@osf={{0x50}, {'syz0\x00', 0x0, 0xd, 0x0, 0x2}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x5, 0x3, {0xff}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x5a0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000580)=ANY=[@ANYBLOB="20010000100021040000000000000000fe880000000000000000000000000001e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff010000000000000000000000000001000000002b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d983f8bebddd818700000000000000000000000000000000000000000000000002000000000000000000000014000e"], 0x120}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, 0x0, 0x4000000)
r6 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000b, 0x12, r6, 0x0)
keyctl$join(0x1, &(0x7f0000000340)={'syz', 0x1})
write$selinux_load(0xffffffffffffffff, 0x0, 0x2000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @empty}}, 0x0, 0x2, 0x5, 0x6, 0xce020b, 0x0, 0x9}, 0x9c)
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='uid_map\x00')
write$dsp(r7, &(0x7f0000000380)="9e2b2dd1232e61764b8180ba78a820a17a3a3f54d708b1d27e0c00a044ab3f3dd2f6646c5dada4c06aab7e80e2562fa097fc483a942c3f99d414bbe19152c6ff55b452a3b16781da33e5d6bc2d4cf8261215c7eb890c3909c89eb957645bb0c5fb58c4cf433110ff74333b39aaa23992e1cc2fe9a1211aa6dd13760b5e8df1035768ac66011e84119c7fa7b7d5b2a9f3df794b86f2842f66270e48175231afd180bff352bb059e879ea74642b4ffc7f8df4b956b1d27e3e0c6bbd072e48d0241dac3afea04c2cb5e153199f3ff130e36b683aee19e17034de5cd29bde5e391c9eac1d6fce881b3eed58629275452", 0xee)
io_setup(0x5, &(0x7f00000000c0)=<r8=>0x0)
io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x2}])
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f00000001c0)={@empty, @remote}, 0xc)

395.006259ms ago: executing program 3 (id=4041):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_INITSTATE(r1, 0x113, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4)
syz_open_procfs(0x0, &(0x7f0000000180)='environ\x00')
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/113, 0x71}], 0x1, 0x6, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'bridge0\x00', <r3=>0x0})
syz_open_dev$sndctrl(0x0, 0x0, 0xa002)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = io_uring_setup(0x512e, &(0x7f0000000040)={0x0, 0x67eb, 0x800, 0x0, 0x9})
io_uring_setup(0x47c8, &(0x7f00000000c0)={0x0, 0xb29a, 0x4000, 0x3, 0x90, 0x0, r5})
setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f00000001c0)={0x84, @remote, 0x0, 0x0, 'lblc\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_DEL(r4, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'lblcr\x00'}, 0x2c)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x40, 0x1}, 0x10)
bind$tipc(r6, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x200004}}, 0x10)
r7 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r7, 0x89ee, &(0x7f0000000000))
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@ipv4_getnetconf={0x3c, 0x52, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x2}, @NETCONFA_RP_FILTER={0x8, 0x3, 0x81}, @NETCONFA_FORWARDING={0x8, 0x2, 0x400}, @NETCONFA_IFINDEX={0x8, 0x1, r3}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0xfffffe01}]}, 0x3c}, 0x1, 0x0, 0x0, 0x240088d0}, 0x0)

353.783903ms ago: executing program 2 (id=4042):
getpid()
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000b00)=ANY=[@ANYBLOB="1201000000000008d804dd0000000000000109022400010000a008090400fe01030001000921fffffd0122050009058103"], 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40050}, 0x2040000)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000680)=ANY=[@ANYBLOB="3800000042000100fffffffffddbdf250200000004003880100001800c00c8000200000000000000100004800400c98008003500", @ANYRES32, @ANYBLOB="89bfc7684cf54df7196137f2c36c07ae6dde7697856d7c704e743b57002456734348d6042c"], 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4040)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000740), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x1f, 0xc, 0x0, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4], 0x6f4}}, 0x8044)

195.644667ms ago: executing program 3 (id=4043):
r0 = socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x13012, r0, 0x0)
mprotect(&(0x7f0000ff7000/0x1000)=nil, 0x1000, 0xb)
r1 = openat$ppp(0xffffff9c, &(0x7f0000000180), 0x902, 0x0)
ioctl$PPPIOCUNBRIDGECHAN(r1, 0x7434)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0xd}, @hci_ev_le_ltk_req={{}, {0xc8, 0x3, 0x80}}}}, 0x10)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfe, 0x7fff0006}]})
r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000200)={0x20004, <r4=>r2, 0x2})
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r4})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000300)={r6})
ioctl$DRM_IOCTL_GEM_FLINK(r5, 0xc008640a, &(0x7f0000000340)={r6})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = getpid()
sched_setscheduler(r7, 0x1, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000480), r8)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x14, r9, 0x72b, 0x0, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x41}, 0x0)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000080), r8)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0c00470c", @ANYRESDEC], 0x7)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)

104.400142ms ago: executing program 5 (id=4044):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20004840, 0x0, 0x0)
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x8008000000010, &(0x7f00000004c0)="17000000020001000003be8c5ee17688a20032000203000a0292000098fc5ad90a00bb6a880000d6c8db0000dba67e06020000e28900000200df018002000000fc0607bdff59100ac45761547a681f009cee4a5a2d8f89814bc6c252674f00c88ebb01005033bf79ac2dfc060115003901000000000000ea0000000000000800b59bd2b8e50ce5af649a702202ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5a1b47b6806323deb3", 0xb8)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'syzkaller0\x00'})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8b0b, &(0x7f0000000000)={'wlan1\x00', @random="0100"})

0s ago: executing program 3 (id=4045):
socket$inet_sctp(0x2, 0x1, 0x84)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
socket$inet_mptcp(0x2, 0x1, 0x106)
socket(0x10, 0x803, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x1c3902, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0xc, 0x2, [@TCA_ROUTE4_IIF={0x8}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
msgsnd(0x0, &(0x7f0000000440)=ANY=[], 0x2000, 0x0)
ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, &(0x7f0000000200))
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)

kernel console output (not intermixed with test programs):

ew full-speed USB device number 86 using dummy_hcd
[  679.206240][T13769] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  679.273014][T13769] usb 41-1: new full-speed USB device number 5 using vhci_hcd
[  679.350330][ T5708] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  679.359321][ T5708] usb 3-1: config 0 has no interface number 0
[  679.365712][ T5708] usb 3-1: config 0 interface 41 has no altsetting 0
[  679.380973][ T5708] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  679.408750][ T5708] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.444081][ T5708] usb 3-1: Product: syz
[  679.461094][ T5708] usb 3-1: Manufacturer: syz
[  679.479904][ T5708] usb 3-1: SerialNumber: syz
[  679.503921][ T5708] usb 3-1: config 0 descriptor??
[  679.862774][T17741] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  679.877096][T17745] vhci_hcd: connection reset by peer
[  679.924221][ T5892] vhci_hcd vhci_hcd.4: stop threads
[  680.207478][ T5892] vhci_hcd vhci_hcd.4: release socket
[  680.218401][T17741] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  680.268625][ T5892] vhci_hcd vhci_hcd.4: disconnect device
[  680.408410][   T29] audit: type=1400 audit(1782093222.833:1718): avc:  denied  { mounton } for  pid=17755 comm="syz.3.3491" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  680.483269][   T29] audit: type=1400 audit(1782093222.860:1719): avc:  denied  { mount } for  pid=17755 comm="syz.3.3491" name="/" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  680.508402][   T29] audit: type=1400 audit(1782093222.934:1720): avc:  denied  { unmount } for  pid=17072 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  680.512816][T17758] xt_ecn: cannot match TCP bits for non-tcp packets
[  680.543289][T17760] fuse: Bad value for 'user_id'
[  680.548245][T17760] fuse: Bad value for 'user_id'
[  680.593267][   T29] audit: type=1400 audit(1782093223.008:1721): avc:  denied  { getopt } for  pid=17759 comm="syz.3.3493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  681.070160][   T29] audit: type=1400 audit(1782093223.442:1722): avc:  denied  { getopt } for  pid=17740 comm="syz.2.3487" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  681.361728][T17773] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3495'.
[  682.073826][T17780] xt_ecn: cannot match TCP bits for non-tcp packets
[  682.243075][ T5708] CoreChips 3-1:0.41: probe with driver CoreChips failed with error -71
[  682.256436][ T5708] usb 3-1: USB disconnect, device number 86
[  682.323946][   T24] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  682.513012][   T24] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  682.524977][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  682.537497][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  682.547563][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  682.561751][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  682.571202][   T24] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  682.579689][   T24] usb 4-1: Manufacturer: syz
[  682.585521][   T24] usb 4-1: config 0 descriptor??
[  682.608954][T13767] usb 5-1: new high-speed USB device number 85 using dummy_hcd
[  682.816876][T13767] usb 5-1: Using ep0 maxpacket: 32
[  682.832863][T13767] usb 5-1: New USB device found, idVendor=2304, idProduct=0222, bcdDevice=77.3f
[  682.851564][T13767] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.930887][T17795] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  682.940450][T17795] overlayfs: missing 'lowerdir'
[  683.756090][T17798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3504'.
[  683.776797][T17798] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3504'.
[  683.836985][T17798] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3504'.
[  683.895566][T13767] usb 5-1: Product: syz
[  683.900966][   T24] appleir 0003:05AC:8243.0014: unknown main item tag 0x0
[  683.909161][T13767] usb 5-1: Manufacturer: syz
[  683.911162][   T24] appleir 0003:05AC:8243.0014: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  683.925491][T13767] usb 5-1: SerialNumber: syz
[  683.932037][T13767] usb 5-1: config 0 descriptor??
[  684.084201][T13767] dvb-usb: found a 'Pinnacle 450e DVB-S USB2.0' in warm state.
[  684.113400][T13767] dvb-usb: bulk message failed: -22 (4/0)
[  684.122920][T13767] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  684.140160][T13767] dvb-usb: bulk message failed: -22 (5/0)
[  684.146189][T13767] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  684.157073][T17804] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  684.174201][T17804] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  684.181994][T13767] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  684.195484][T13767] dvbdev: DVB: registering new adapter (Pinnacle 450e DVB-S USB2.0)
[  684.220400][T13767] usb 5-1: media controller created
[  684.238567][T13767] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  684.310358][T17810] IPv6: NLM_F_CREATE should be specified when creating new route
[  684.318401][T17810] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  684.325671][T17810] IPv6: NLM_F_CREATE should be set when creating new route
[  684.550650][T13767] usb 5-1: selecting invalid altsetting 3
[  684.560748][T13767] ttusb2: set interface to alts=3 failed
[  684.642111][T13767] DVB: Unable to find symbol tda10086_attach()
[  684.664676][T13767] dvb-usb: no frontend was attached by 'Pinnacle 450e DVB-S USB2.0'
[  684.694562][T13767] dvb-usb: bulk message failed: -22 (4/0)
[  684.726433][T13767] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  684.760213][T13767] dvb-usb: bulk message failed: -22 (5/0)
[  685.123759][T17823] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3510'.
[  685.654050][   T24] usb 4-1: reset high-speed USB device number 84 using dummy_hcd
[  685.811737][T13769] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  685.827358][T13767] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  685.833696][T17778] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  685.859684][T13767] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully initialized and connected.
[  686.139807][T17828] xt_hashlimit: max too large, truncated to 1048576
[  686.375620][T17832] xt_ecn: cannot match TCP bits for non-tcp packets
[  686.770210][T13767] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  686.816825][T17839] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.3514'.
[  686.828730][T17839] openvswitch: netlink: Message has 512 unknown bytes.
[  686.840698][T17839] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[  686.890129][T13753] usb 4-1: USB disconnect, device number 84
[  686.931078][T17841] fuse: fd is not a fuse device
[  686.941124][   T29] audit: type=1400 audit(1782093228.868:1723): avc:  denied  { bind } for  pid=17842 comm="syz.3.3516" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  687.042802][T13767] usb 3-1: Using ep0 maxpacket: 8
[  687.042813][   T29] audit: type=1400 audit(1782093228.868:1724): avc:  denied  { name_bind } for  pid=17842 comm="syz.3.3516" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  687.069903][   T29] audit: type=1400 audit(1782093228.868:1725): avc:  denied  { node_bind } for  pid=17842 comm="syz.3.3516" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  687.077793][T13769] usb 5-1: USB disconnect, device number 85
[  687.156233][T17846] FAULT_INJECTION: forcing a failure.
[  687.156233][T17846] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.169989][T17846] CPU: 1 UID: 0 PID: 17846 Comm: syz.3.3516 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  687.170020][T17846] Tainted: [L]=SOFTLOCKUP
[  687.170027][T17846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  687.170037][T17846] Call Trace:
[  687.170044][T17846]  <TASK>
[  687.170051][T17846]  dump_stack_lvl+0x100/0x190
[  687.170075][T17846]  should_fail_ex.cold+0x5/0xa
[  687.170098][T17846]  _copy_from_iter+0x1f4/0x1690
[  687.170124][T17846]  ? __asan_memset+0x23/0x50
[  687.170149][T17846]  ? __pfx__copy_from_iter+0x10/0x10
[  687.170172][T17846]  ? __pfx___alloc_skb+0x10/0x10
[  687.170191][T17846]  ? netlink_autobind.isra.0+0x160/0x370
[  687.170223][T17846]  netlink_sendmsg+0x808/0xda0
[  687.170246][T17846]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.170268][T17846]  ____sys_sendmsg+0xa4d/0xbe0
[  687.170293][T17846]  ? __pfx_netlink_sendmsg+0x10/0x10
[  687.170310][T17846]  ? __pfx_____sys_sendmsg+0x10/0x10
[  687.170337][T17846]  ? __css_rstat_updated+0x1ce/0x5a0
[  687.170356][T17846]  ? kstrtouint_from_user+0x13c/0x1d0
[  687.170376][T17846]  ___sys_sendmsg+0x190/0x1e0
[  687.170393][T17846]  ? __pfx____sys_sendmsg+0x10/0x10
[  687.170408][T17846]  ? rcu_is_watching+0x12/0xc0
[  687.170430][T17846]  ? finish_task_switch.isra.0+0x2c0/0x1010
[  687.170452][T17846]  ? rcu_is_watching+0x12/0xc0
[  687.170477][T17846]  ? rcu_is_watching+0x12/0xc0
[  687.170506][T17846]  __sys_sendmsg+0x160/0x210
[  687.170527][T17846]  ? __pfx___sys_sendmsg+0x10/0x10
[  687.170551][T17846]  ? trace_hardirqs_off+0x70/0x170
[  687.170572][T17846]  ? rcu_is_watching+0x12/0xc0
[  687.170595][T17846]  do_syscall_64+0x115/0x870
[  687.170612][T17846]  ? clear_bhb_loop+0x40/0x90
[  687.170631][T17846]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.170648][T17846] RIP: 0033:0x7f9dbd39ce59
[  687.170662][T17846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  687.170680][T17846] RSP: 002b:00007f9dbe261028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  687.170698][T17846] RAX: ffffffffffffffda RBX: 00007f9dbd616180 RCX: 00007f9dbd39ce59
[  687.170710][T17846] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000007
[  687.170721][T17846] RBP: 00007f9dbe261090 R08: 0000000000000000 R09: 0000000000000000
[  687.170731][T17846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.170741][T17846] R13: 00007f9dbd616218 R14: 00007f9dbd616180 R15: 00007ffd354dc848
[  687.170758][T17846]  </TASK>
[  687.453349][T13767] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  687.466875][T13767] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  687.478261][T13769] dvb-usb: Pinnacle 450e DVB-S USB2.0 successfully deinitialized and disconnected.
[  687.489487][T13767] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 6
[  687.504105][T13767] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  687.520803][T13767] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  687.625620][T13767] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.638596][   T29] audit: type=1400 audit(1782093229.412:1726): avc:  denied  { write } for  pid=17848 comm="syz.4.3518" path="socket:[53788]" dev="sockfs" ino=53788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  687.925936][T13767] usb 3-1: usb_control_msg returned -71
[  687.932235][T13767] usbtmc 3-1:16.0: can't read capabilities
[  687.960474][T13767] usb 3-1: USB disconnect, device number 87
[  688.520542][T17867] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3521'.
[  689.302413][T17871] xt_hashlimit: max too large, truncated to 1048576
[  689.875579][T17878] xt_hashlimit: max too large, truncated to 1048576
[  689.904483][T17878] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3525'.
[  689.966746][ T5708] usb 3-1: new full-speed USB device number 88 using dummy_hcd
[  690.055727][   T29] audit: type=1400 audit(1782093231.747:1727): avc:  denied  { append } for  pid=17887 comm="syz.4.3529" name="comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  690.084001][T17888] genirq: Flags mismatch irq 31. 00200000 (pcmmio) vs. 00200000 (virtio1-input.0)
[  690.163757][ T5708] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  690.180326][ T5708] usb 3-1: config 0 has no interfaces?
[  690.195586][ T5708] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  690.204742][ T5708] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.219313][ T5708] usb 3-1: config 0 descriptor??
[  690.672968][T17903] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3533'.
[  692.258582][T17921] FAULT_INJECTION: forcing a failure.
[  692.258582][T17921] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.285846][T17921] CPU: 0 UID: 0 PID: 17921 Comm: syz.3.3538 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  692.285877][T17921] Tainted: [L]=SOFTLOCKUP
[  692.285883][T17921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  692.285893][T17921] Call Trace:
[  692.285899][T17921]  <TASK>
[  692.285906][T17921]  dump_stack_lvl+0x100/0x190
[  692.285930][T17921]  should_fail_ex.cold+0x5/0xa
[  692.285951][T17921]  _copy_from_user+0x2e/0xd0
[  692.285974][T17921]  copy_msghdr_from_user+0x9f/0x4c0
[  692.285991][T17921]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  692.286009][T17921]  ? kstrtouint_from_user+0x13c/0x1d0
[  692.286027][T17921]  ___sys_sendmsg+0x106/0x1e0
[  692.286043][T17921]  ? __pfx____sys_sendmsg+0x10/0x10
[  692.286058][T17921]  ? get_pid_task+0x106/0x250
[  692.286084][T17921]  ? rcu_is_watching+0x12/0xc0
[  692.286117][T17921]  __sys_sendmsg+0x160/0x210
[  692.286138][T17921]  ? __pfx___sys_sendmsg+0x10/0x10
[  692.286160][T17921]  ? rcu_is_watching+0x12/0xc0
[  692.286182][T17921]  do_syscall_64+0x115/0x870
[  692.286199][T17921]  ? clear_bhb_loop+0x40/0x90
[  692.286217][T17921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.286234][T17921] RIP: 0033:0x7f9dbd39ce59
[  692.286248][T17921] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  692.286263][T17921] RSP: 002b:00007f9dbe2a3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  692.286280][T17921] RAX: ffffffffffffffda RBX: 00007f9dbd615fa0 RCX: 00007f9dbd39ce59
[  692.286291][T17921] RDX: 0000000000040c14 RSI: 0000200000000000 RDI: 0000000000000003
[  692.286301][T17921] RBP: 00007f9dbe2a3090 R08: 0000000000000000 R09: 0000000000000000
[  692.286312][T17921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  692.286322][T17921] R13: 00007f9dbd616038 R14: 00007f9dbd615fa0 R15: 00007ffd354dc848
[  692.286338][T17921]  </TASK>
[  692.885766][T17928] syzkaller0: entered promiscuous mode
[  692.891703][T17928] syzkaller0: entered allmulticast mode
[  694.908709][T13769] usb 3-1: USB disconnect, device number 88
[  695.099627][T17940] xt_hashlimit: max too large, truncated to 1048576
[  695.115231][T17942] SQUASHFS error: Failed to read block 0x0: -5
[  695.122018][   T29] audit: type=1400 audit(1782093236.416:1728): avc:  denied  { mounton } for  pid=17941 comm="syz.2.3543" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  695.164080][T17942] unable to read squashfs_super_block
[  695.318193][T17950] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3542'.
[  696.297297][T17955] Set syz1 is full, maxelem 65536 reached
[  696.398757][T17959] fuse: Bad value for 'fd'
[  696.459672][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  696.467694][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  696.831887][T17967] FAULT_INJECTION: forcing a failure.
[  696.831887][T17967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.189555][T17969] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3549'.
[  697.530175][T17967] CPU: 1 UID: 0 PID: 17967 Comm: syz.2.3550 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  697.530212][T17967] Tainted: [L]=SOFTLOCKUP
[  697.530218][T17967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  697.530229][T17967] Call Trace:
[  697.530235][T17967]  <TASK>
[  697.530242][T17967]  dump_stack_lvl+0x100/0x190
[  697.530267][T17967]  should_fail_ex.cold+0x5/0xa
[  697.530291][T17967]  _copy_to_user+0x32/0xd0
[  697.530315][T17967]  copy_siginfo_to_user+0x27/0xc0
[  697.530340][T17967]  x64_setup_rt_frame+0xa03/0xce0
[  697.530359][T17967]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[  697.530375][T17967]  ? lock_release+0x24d/0x310
[  697.530396][T17967]  arch_do_signal_or_restart+0x5ee/0x7e0
[  697.530414][T17967]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  697.530438][T17967]  ? fput+0x79/0x100
[  697.530454][T17967]  ? rcu_is_watching+0x12/0xc0
[  697.530478][T17967]  exit_to_user_mode_loop+0x139/0x6f0
[  697.530499][T17967]  ? rcu_is_watching+0x12/0xc0
[  697.530527][T17967]  do_syscall_64+0x666/0x870
[  697.530545][T17967]  ? clear_bhb_loop+0x40/0x90
[  697.530564][T17967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.530582][T17967] RIP: 0033:0x7efd4e15d68e
[  697.530595][T17967] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  697.530610][T17967] RSP: 002b:00007efd4f025fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  697.530629][T17967] RAX: 0000000000000001 RBX: 00007efd4f0266c0 RCX: 00007efd4e15d68e
[  697.530641][T17967] RDX: 0000000000000001 RSI: 00007efd4f026090 RDI: 0000000000000007
[  697.530652][T17967] RBP: 00007efd4f026090 R08: 0000000000000000 R09: 0000000000000000
[  697.530663][T17967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  697.530674][T17967] R13: 00007efd4e416038 R14: 00007efd4e415fa0 R15: 00007fff0b4b70f8
[  697.530690][T17967]  </TASK>
[  697.909786][T17979] xt_ecn: cannot match TCP bits for non-tcp packets
[  699.004429][T13769] usb 4-1: new full-speed USB device number 85 using dummy_hcd
[  699.293111][T13769] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  699.308901][T13772] usb 5-1: new high-speed USB device number 86 using dummy_hcd
[  699.439790][T13769] usb 4-1: config 0 has no interfaces?
[  699.462206][T13769] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  699.474082][T13769] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.483092][T17991] xt_hashlimit: max too large, truncated to 1048576
[  699.593865][T17993] syzkaller0: entered promiscuous mode
[  699.599659][T17993] syzkaller0: entered allmulticast mode
[  699.729975][T13769] usb 4-1: config 0 descriptor??
[  699.736367][T17994] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3557'.
[  699.828299][T13772] usb 5-1: Using ep0 maxpacket: 8
[  699.835023][T13772] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  699.845464][T13772] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  699.855411][T13772] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 6
[  699.865772][T13772] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  699.879918][T13772] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  699.889298][T13772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  699.919058][T17998] netlink: 'syz.5.3559': attribute type 1 has an invalid length.
[  699.939453][T17998] 8021q: adding VLAN 0 to HW filter on device bond7
[  699.951304][T17998] mac80211_hwsim hwsim13 wlan0: entered allmulticast mode
[  699.962135][T17998] bond7: (slave wlan0): Enslaving as an active interface with a down link
[  700.514749][   T29] audit: type=1400 audit(1782093241.390:1729): avc:  denied  { read } for  pid=18006 comm="syz.5.3561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  700.555094][T18009] xt_ecn: cannot match TCP bits for non-tcp packets
[  700.580014][T13772] usb 5-1: usb_control_msg returned -71
[  700.859942][T13772] usbtmc 5-1:16.0: can't read capabilities
[  700.894827][T18012] xt_hashlimit: max too large, truncated to 1048576
[  700.905340][T13772] usb 5-1: USB disconnect, device number 86
[  701.774821][T18019] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3564'.
[  702.220255][T18022] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3565'.
[  703.239258][T13753] usb 4-1: USB disconnect, device number 85
[  703.318126][T18027] netlink: 'syz.2.3566': attribute type 1 has an invalid length.
[  703.518213][T18044] xt_hashlimit: max too large, truncated to 1048576
[  703.533657][T18027] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  703.536501][T18044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3569'.
[  703.982419][T13772] usb 5-1: new high-speed USB device number 87 using dummy_hcd
[  704.031815][T18037] veth3: entered promiscuous mode
[  704.146611][T18027] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3566'.
[  704.188570][   T63] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  704.209146][T18027] 8021q: adding VLAN 0 to HW filter on device bond1
[  704.219041][T13772] usb 5-1: Using ep0 maxpacket: 8
[  704.243761][T13772] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  704.267478][T13772] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  704.288727][T13772] usb 5-1: config 0 interface 0 has no altsetting 0
[  704.302084][T13772] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  704.312605][T13772] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  704.380167][T13772] usb 5-1: config 0 descriptor??
[  704.391500][   T12] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  704.552630][T18068] xt_hashlimit: max too large, truncated to 1048576
[  704.860080][T18070] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3576'.
[  705.653940][   T29] audit: type=1400 audit(1782093246.133:1730): avc:  denied  { read write } for  pid=18032 comm="syz.4.3570" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  705.689962][   T29] audit: type=1400 audit(1782093246.133:1731): avc:  denied  { open } for  pid=18032 comm="syz.4.3570" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  705.737338][T13772] usbhid 5-1:0.0: can't add hid device: -71
[  705.762022][T13772] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  705.770546][T18074] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3577'.
[  705.794110][T13772] usb 5-1: USB disconnect, device number 87
[  706.861601][T18085] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  706.893727][T13772] usb 5-1: new high-speed USB device number 88 using dummy_hcd
[  706.920514][T18085] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.016300][T18085] team0: Port device netdevsim1 removed
[  707.022842][T18085] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.072770][T18085] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  707.113234][T13772] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  707.144418][T13772] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.189631][T16630] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  707.212925][T13772] usb 5-1: Product: syz
[  707.232074][T13772] usb 5-1: Manufacturer: syz
[  707.237029][T16630] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  707.260480][T13772] usb 5-1: SerialNumber: syz
[  707.276461][T16630] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  707.312887][T13772] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  707.334838][T16630] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  707.438354][T13761] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  708.257865][T13772] usb 5-1: USB disconnect, device number 88
[  708.985800][T18127] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3588'.
[  709.618689][T13761] usb 5-1: Service connection timeout for: 256
[  709.631779][T13761] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  709.647883][T13761] ath9k_htc: Failed to initialize the device
[  709.654082][T13772] usb 5-1: ath9k_htc: USB layer deinitialized
[  709.772813][T18134] netlink: 'syz.5.3593': attribute type 1 has an invalid length.
[  709.814346][T18140] netlink: 7 bytes leftover after parsing attributes in process `syz.0.3591'.
[  709.851287][   T29] audit: type=1400 audit(1782093249.972:1732): avc:  denied  { read } for  pid=18135 comm="syz.4.3594" name="file0" dev="fuse" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  709.877994][T18134] veth15: entered promiscuous mode
[  709.895633][T18136] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2304 sclass=netlink_route_socket pid=18136 comm=syz.4.3594
[  709.910422][T18134] bond8: (slave veth15): Enslaving as a backup interface with a down link
[  709.936126][T18142] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3593'.
[  709.955021][T18142] 8021q: adding VLAN 0 to HW filter on device bond8
[  709.957101][T18144] fuse: fd is not a fuse device
[  710.014451][T13753] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  710.600627][T18157] xt_hashlimit: max too large, truncated to 1048576
[  710.610689][T13753] usb 4-1: Using ep0 maxpacket: 8
[  710.636483][T13753] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  710.712260][T13753] usb 4-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  710.747082][T13753] usb 4-1: config 0 interface 0 has no altsetting 0
[  710.753717][T13753] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  710.779887][T13753] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.799823][T13753] usb 4-1: config 0 descriptor??
[  711.097489][T13753] usbhid 4-1:0.0: can't add hid device: -71
[  711.107498][T13753] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  711.119564][T13753] usb 4-1: USB disconnect, device number 86
[  711.292551][T18169] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3601'.
[  713.915167][T18195] netlink: 'syz.4.3610': attribute type 1 has an invalid length.
[  713.953135][T18195] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  713.999944][T18195] veth3: entered promiscuous mode
[  714.007203][T18195] bond1: (slave veth3): Enslaving as a backup interface with a down link
[  714.026647][T18195] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3610'.
[  714.037288][T18195] 8021q: adding VLAN 0 to HW filter on device bond1
[  714.039062][T16632] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  714.083841][T18203] netlink: 'syz.3.3612': attribute type 25 has an invalid length.
[  714.103367][T18206] netlink: 'syz.4.3613': attribute type 1 has an invalid length.
[  714.215395][T18213] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3613'.
[  714.224757][   T63] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond
[  714.239987][T18210] veth5: entered promiscuous mode
[  714.425305][T18215] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3615'.
[  715.177738][T18206] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  715.250782][T18219] trusted_key: encrypted_key: key user:syz not found
[  715.676091][T13761] usb 5-1: new high-speed USB device number 89 using dummy_hcd
[  715.866713][T13761] usb 5-1: Using ep0 maxpacket: 32
[  715.890540][T13761] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  715.909483][T13761] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  715.934534][T13761] usb 5-1: config 0 has no interface number 0
[  715.945663][T13761] usb 5-1: config 0 interface 8 altsetting 248 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  715.971040][T13761] usb 5-1: config 0 interface 8 altsetting 248 endpoint 0x2 has invalid wMaxPacketSize 0
[  715.993697][T13761] usb 5-1: config 0 interface 8 altsetting 248 has 2 endpoint descriptors, different from the interface descriptor's value: 10
[  716.039797][T13761] usb 5-1: config 0 interface 8 has no altsetting 0
[  716.063284][T13761] usb 5-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=2d.bb
[  716.082022][T13761] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  716.095455][T13761] usb 5-1: Product: syz
[  716.096701][T18246] netlink: 'syz.0.3627': attribute type 1 has an invalid length.
[  716.121444][T13761] usb 5-1: Manufacturer: syz
[  716.135423][T13761] usb 5-1: SerialNumber: syz
[  716.154818][T13761] usb 5-1: config 0 descriptor??
[  716.179652][T18246] veth7: entered promiscuous mode
[  716.190178][T18246] bond6: (slave veth7): Enslaving as a backup interface with a down link
[  716.210884][T18246] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3627'.
[  716.828646][T18257] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3630'.
[  718.480386][T13772] libceph: connect (1)[c::]:6789 error -101
[  718.486673][   T29] audit: type=1400 audit(1782093257.908:1733): avc:  denied  { read } for  pid=18224 comm="syz.4.3619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  718.592393][T13772] libceph: mon0 (1)[c::]:6789 connect error
[  718.846254][ T5708] usb 4-1: new full-speed USB device number 87 using dummy_hcd
[  718.868549][T13760] libceph: connect (1)[c::]:6789 error -101
[  718.874667][T13760] libceph: mon0 (1)[c::]:6789 connect error
[  719.090707][ T5708] usb 4-1: no configurations
[  719.097244][ T5708] usb 4-1: can't read configurations, error -22
[  719.248439][ T5708] usb 4-1: new full-speed USB device number 88 using dummy_hcd
[  719.431748][T13760] libceph: connect (1)[c::]:6789 error -101
[  719.438907][ T5708] usb 4-1: no configurations
[  719.443592][ T5708] usb 4-1: can't read configurations, error -22
[  719.450045][T13760] libceph: mon0 (1)[c::]:6789 connect error
[  719.456481][ T5708] usb usb4-port1: attempt power cycle
[  719.691700][T13761] ath6kl: Failed to submit usb control message: -110
[  719.703433][T13761] ath6kl: unable to send the bmi data to the device: -110
[  719.728436][T13761] ath6kl: Unable to send get target info: -110
[  719.747628][T13761] ath6kl: Failed to init ath6kl core: -110
[  719.836370][T18259] ceph: No mds server is up or the cluster is laggy
[  719.900291][T13761] ath6kl_usb 5-1:0.8: probe with driver ath6kl_usb failed with error -110
[  719.912802][ T5708] usb 4-1: new full-speed USB device number 89 using dummy_hcd
[  719.939765][T13761] usb 5-1: USB disconnect, device number 89
[  719.958881][ T5708] usb 4-1: no configurations
[  719.976374][ T5708] usb 4-1: can't read configurations, error -22
[  720.136194][ T5708] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[  720.181333][ T5708] usb 4-1: no configurations
[  720.192423][ T5708] usb 4-1: can't read configurations, error -22
[  720.211368][ T5708] usb usb4-port1: unable to enumerate USB device
[  720.563721][T18289] bond9 (unregistering): Released all slaves
[  720.699362][T13753] usb 5-1: new high-speed USB device number 90 using dummy_hcd
[  720.944122][T18298] netlink: 'syz.2.3640': attribute type 9 has an invalid length.
[  721.076447][T13753] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 246, changing to 11
[  721.092323][T13753] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  721.106010][T13753] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  721.115506][T13753] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.211757][T13753] usb 5-1: config 0 descriptor??
[  721.565697][T18304] netlink: 'syz.5.3642': attribute type 1 has an invalid length.
[  721.609365][T18304] veth17: entered promiscuous mode
[  721.657146][T18306] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3642'.
[  721.658982][T18304] bond9: (slave veth17): Enslaving as a backup interface with a down link
[  721.790444][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.798220][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.807874][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.815908][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.823398][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.832553][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.840099][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.847542][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.855044][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.864343][T13753] kovaplus 0003:1E7D:2D50.0015: unknown main item tag 0x0
[  721.905069][T13753] kovaplus 0003:1E7D:2D50.0015: unexpected long global item
[  722.205347][T18311] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3643'.
[  722.874401][T13753] kovaplus 0003:1E7D:2D50.0015: parse failed
[  722.907061][T13753] kovaplus 0003:1E7D:2D50.0015: probe with driver kovaplus failed with error -22
[  723.804469][   T29] audit: type=1400 audit(1782093262.430:1734): avc:  denied  { create } for  pid=18314 comm="syz.2.3645" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  724.113650][T18285] netlink: 112 bytes leftover after parsing attributes in process `syz.4.3637'.
[  725.044972][   T29] audit: type=1400 audit(1782093264.036:1735): avc:  denied  { connect } for  pid=18335 comm="syz.3.3651" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  725.321138][ T5708] usb 5-1: USB disconnect, device number 90
[  725.845446][T18357] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3655'.
[  726.813065][   T24] usb 5-1: new full-speed USB device number 91 using dummy_hcd
[  727.023441][   T24] usb 5-1: no configurations
[  727.042919][   T24] usb 5-1: can't read configurations, error -22
[  727.069825][   T29] audit: type=1400 audit(1782093265.891:1736): avc:  denied  { map } for  pid=18370 comm="syz.2.3660" path="/dev/iommu" dev="devtmpfs" ino=624 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  727.244697][   T24] usb 5-1: new full-speed USB device number 92 using dummy_hcd
[  727.349089][   T29] audit: type=1400 audit(1782093266.158:1737): avc:  denied  { connect } for  pid=18374 comm="syz.5.3662" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  727.454307][   T24] usb 5-1: no configurations
[  727.470143][   T24] usb 5-1: can't read configurations, error -22
[  727.493696][   T24] usb usb5-port1: attempt power cycle
[  727.554131][   T29] audit: type=1326 audit(1782093266.343:1738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.583593][   T29] audit: type=1326 audit(1782093266.343:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.617290][   T29] audit: type=1326 audit(1782093266.343:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.673742][   T29] audit: type=1326 audit(1782093266.343:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.721476][   T29] audit: type=1326 audit(1782093266.343:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.764818][   T29] audit: type=1326 audit(1782093266.343:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.797466][T13753] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  727.811057][   T29] audit: type=1326 audit(1782093266.343:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18366 comm="syz.0.3659" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe02159ce59 code=0x7ffc0000
[  727.905627][   T24] usb 5-1: new full-speed USB device number 93 using dummy_hcd
[  728.004549][   T24] usb 5-1: no configurations
[  728.009619][   T24] usb 5-1: can't read configurations, error -22
[  728.009710][T13753] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  728.029763][T13753] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  728.041772][T13753] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  728.061399][T13753] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  728.072442][T13753] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.084988][T13753] usb 3-1: Product: syz
[  728.089419][T13753] usb 3-1: Manufacturer: syz
[  728.096770][T13753] usb 3-1: SerialNumber: syz
[  728.577835][   T24] usb 5-1: new full-speed USB device number 94 using dummy_hcd
[  728.621398][T13753] usb 3-1: config 0 descriptor??
[  728.679542][   T24] usb 5-1: no configurations
[  728.692880][   T24] usb 5-1: can't read configurations, error -22
[  728.716825][T18380] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  728.742835][T18380] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  728.757338][   T24] usb usb5-port1: unable to enumerate USB device
[  728.901801][T13753] usb 3-1: ucan: probing device on interface #0
[  729.131938][T13753] usb 3-1: ucan: could not read protocol version, ret=0
[  729.165294][T13753] usb 3-1: ucan: probe failed; try to update the device firmware
[  729.416876][T18401] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3664'.
[  730.135919][T18416] netlink: 'syz.5.3676': attribute type 6 has an invalid length.
[  730.246354][   T24] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[  730.500473][   T24] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  730.521637][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.546781][   T24] usb 5-1: Product: syz
[  730.563612][   T24] usb 5-1: Manufacturer: syz
[  730.572525][   T24] usb 5-1: SerialNumber: syz
[  730.592804][   T24] usb 5-1: config 0 descriptor??
[  730.954572][T13753] usb 3-1: USB disconnect, device number 89
[  731.098010][   T24] usb 5-1: Firmware: major: 165, minor: 173, hardware type: UNKNOWN (213)
[  731.648744][T18427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  732.224098][T18427] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.243504][T18429] input: syz0 as /devices/virtual/input/input24
[  732.332242][   T24] usb 5-1: failed to fetch extended address, random address set
[  732.344943][   T24] usb 5-1: atusb_probe: initialization failed, error = -524
[  732.354357][   T24] atusb 5-1:0.0: probe with driver atusb failed with error -524
[  733.467373][T13753] usb 5-1: USB disconnect, device number 95
[  733.647017][T18450] syzkaller0: entered promiscuous mode
[  733.652843][T18450] syzkaller0: entered allmulticast mode
[  733.960611][   T29] kauditd_printk_skb: 33 callbacks suppressed
[  733.962126][   T29] audit: type=1400 audit(1782093272.258:1778): avc:  denied  { ioctl } for  pid=18454 comm="syz.0.3689" path="socket:[57514]" dev="sockfs" ino=57514 ioctlcmd=0x9417 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  735.377748][   T29] audit: type=1400 audit(1782093273.568:1779): avc:  denied  { nlmsg_tty_audit } for  pid=18462 comm="syz.3.3691" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  735.465335][T18465] FAULT_INJECTION: forcing a failure.
[  735.465335][T18465] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.478715][T18465] CPU: 0 UID: 0 PID: 18465 Comm: syz.2.3692 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  735.478743][T18465] Tainted: [L]=SOFTLOCKUP
[  735.478749][T18465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  735.478759][T18465] Call Trace:
[  735.478765][T18465]  <TASK>
[  735.478772][T18465]  dump_stack_lvl+0x100/0x190
[  735.478801][T18465]  should_fail_ex.cold+0x5/0xa
[  735.478822][T18465]  _copy_to_user+0x32/0xd0
[  735.478845][T18465]  drm_ioctl+0x608/0xc60
[  735.478865][T18465]  ? __pfx_drm_mode_getfb2_ioctl+0x10/0x10
[  735.478889][T18465]  ? __pfx_drm_ioctl+0x10/0x10
[  735.478905][T18465]  ? rcu_is_watching+0x12/0xc0
[  735.478932][T18465]  ? selinux_file_ioctl+0x13b/0x290
[  735.478957][T18465]  ? selinux_file_ioctl+0xb6/0x290
[  735.478981][T18465]  ? __pfx_drm_ioctl+0x10/0x10
[  735.478999][T18465]  __x64_sys_ioctl+0x18e/0x210
[  735.479020][T18465]  do_syscall_64+0x115/0x870
[  735.479036][T18465]  ? clear_bhb_loop+0x40/0x90
[  735.479054][T18465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.479071][T18465] RIP: 0033:0x7efd4e19ce59
[  735.479084][T18465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.479101][T18465] RSP: 002b:00007efd4f026028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  735.479118][T18465] RAX: ffffffffffffffda RBX: 00007efd4e415fa0 RCX: 00007efd4e19ce59
[  735.479129][T18465] RDX: 0000200000000440 RSI: 00000000c06864ce RDI: 0000000000000006
[  735.479139][T18465] RBP: 00007efd4f026090 R08: 0000000000000000 R09: 0000000000000000
[  735.479149][T18465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.479160][T18465] R13: 00007efd4e416038 R14: 00007efd4e415fa0 R15: 00007fff0b4b70f8
[  735.479176][T18465]  </TASK>
[  735.735102][   T29] audit: type=1400 audit(1782093273.891:1780): avc:  denied  { ioctl } for  pid=18469 comm="syz.0.3696" path="socket:[56866]" dev="sockfs" ino=56866 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  735.848820][T18484] FAULT_INJECTION: forcing a failure.
[  735.848820][T18484] name failslab, interval 1, probability 0, space 0, times 0
[  735.865062][T18484] CPU: 0 UID: 0 PID: 18484 Comm: syz.4.3698 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  735.865093][T18484] Tainted: [L]=SOFTLOCKUP
[  735.865099][T18484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  735.865110][T18484] Call Trace:
[  735.865117][T18484]  <TASK>
[  735.865125][T18484]  dump_stack_lvl+0x100/0x190
[  735.865150][T18484]  should_fail_ex.cold+0x5/0xa
[  735.865174][T18484]  should_failslab+0xc2/0x120
[  735.865192][T18484]  kmem_cache_alloc_noprof+0x7b/0x6d0
[  735.865220][T18484]  ? skb_clone+0x190/0x400
[  735.865244][T18484]  skb_clone+0x190/0x400
[  735.865265][T18484]  netlink_deliver_tap+0xaed/0xcc0
[  735.865293][T18484]  netlink_dump+0x631/0xd00
[  735.865319][T18484]  ? __pfx_netlink_dump+0x10/0x10
[  735.865348][T18484]  ? __inet_diag_dump_start+0x3cb/0x8f0
[  735.865376][T18484]  __netlink_dump_start+0x6d6/0x990
[  735.865404][T18484]  inet_diag_rcv_msg_compat+0x275/0x2d0
[  735.865432][T18484]  ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10
[  735.865459][T18484]  ? __pfx_inet_diag_dump_start_compat+0x10/0x10
[  735.865485][T18484]  ? __pfx_inet_diag_dump_compat+0x10/0x10
[  735.865509][T18484]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  735.865535][T18484]  ? sock_diag_rcv_msg+0x33d/0x7a0
[  735.865556][T18484]  ? rcu_is_watching+0x12/0xc0
[  735.865578][T18484]  ? sock_diag_rcv_msg+0x33d/0x7a0
[  735.865597][T18484]  ? lock_release+0x24d/0x310
[  735.865616][T18484]  sock_diag_rcv_msg+0x375/0x7a0
[  735.865637][T18484]  netlink_rcv_skb+0x159/0x420
[  735.865654][T18484]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  735.865675][T18484]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  735.865695][T18484]  ? netlink_deliver_tap+0x1ae/0xcc0
[  735.865722][T18484]  netlink_unicast+0x585/0x850
[  735.865740][T18484]  ? __pfx_netlink_unicast+0x10/0x10
[  735.865760][T18484]  netlink_sendmsg+0x8b0/0xda0
[  735.865778][T18484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  735.865804][T18484]  __sys_sendto+0x48b/0x4e0
[  735.865823][T18484]  ? __pfx_netlink_sendmsg+0x10/0x10
[  735.865841][T18484]  ? __pfx___sys_sendto+0x10/0x10
[  735.865862][T18484]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  735.865885][T18484]  ? ksys_write+0x1ac/0x250
[  735.865905][T18484]  ? __pfx_ksys_write+0x10/0x10
[  735.865926][T18484]  __x64_sys_sendto+0xe0/0x1c0
[  735.865945][T18484]  ? trace_irq_enable.constprop.0+0x122/0x160
[  735.865967][T18484]  do_syscall_64+0x115/0x870
[  735.865984][T18484]  ? clear_bhb_loop+0x40/0x90
[  735.866002][T18484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.866020][T18484] RIP: 0033:0x7f82fd19ce59
[  735.866034][T18484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  735.866051][T18484] RSP: 002b:00007f82fe0fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  735.866069][T18484] RAX: ffffffffffffffda RBX: 00007f82fd415fa0 RCX: 00007f82fd19ce59
[  735.866081][T18484] RDX: 000000000000004c RSI: 0000200000000080 RDI: 0000000000000004
[  735.866091][T18484] RBP: 00007f82fe0fd090 R08: 0000000000000000 R09: 0000000000000000
[  735.866102][T18484] R10: 0000000000000810 R11: 0000000000000246 R12: 0000000000000001
[  735.866112][T18484] R13: 00007f82fd416038 R14: 00007f82fd415fa0 R15: 00007fff72215288
[  735.866129][T18484]  </TASK>
[  736.331317][   T29] audit: type=1400 audit(1782093274.445:1781): avc:  denied  { append } for  pid=18487 comm="syz.4.3699" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  737.040179][T18506] xt_ecn: cannot match TCP bits for non-tcp packets
[  737.360188][T18512] xt_ecn: cannot match TCP bits for non-tcp packets
[  737.712990][T13754] usb 4-1: new full-speed USB device number 91 using dummy_hcd
[  737.983466][T18523] netlink: 'syz.5.3711': attribute type 1 has an invalid length.
[  737.991465][T18523] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3711'.
[  738.115114][T13754] usb 4-1: no configurations
[  738.119903][T13754] usb 4-1: can't read configurations, error -22
[  738.287092][T13754] usb 4-1: new full-speed USB device number 92 using dummy_hcd
[  738.384691][T13753] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[  738.484124][T13754] usb 4-1: no configurations
[  738.560406][T13754] usb 4-1: can't read configurations, error -22
[  738.579762][T13753] usb 3-1: Using ep0 maxpacket: 32
[  738.587262][T13754] usb usb4-port1: attempt power cycle
[  738.598624][T13753] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  738.613255][T13753] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  738.641986][T13753] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  738.662650][T13753] usb 3-1: config 1 has no interface number 0
[  738.692219][T13753] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  738.718465][T13753] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  738.733700][T13753] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  738.744849][T13753] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  738.759367][T13753] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  739.011536][T13754] usb 4-1: new full-speed USB device number 93 using dummy_hcd
[  739.089268][T13753] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  739.122498][T13754] usb 4-1: no configurations
[  739.127651][T13754] usb 4-1: can't read configurations, error -22
[  739.239913][T18545] xt_ecn: cannot match TCP bits for non-tcp packets
[  739.294911][T13754] usb 4-1: new full-speed USB device number 94 using dummy_hcd
[  739.342844][   T29] audit: type=1400 audit(1782093277.223:1782): avc:  denied  { append } for  pid=18524 comm="syz.2.3712" name="uinput" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  739.375348][ T5708] usb 3-1: USB disconnect, device number 90
[  739.387709][T18542] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3715'.
[  739.400006][ T5708] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  739.430661][T13754] usb 4-1: no configurations
[  739.431747][   T29] audit: type=1400 audit(1782093277.296:1783): avc:  denied  { getopt } for  pid=18540 comm="syz.4.3715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  739.478921][T13754] usb 4-1: can't read configurations, error -22
[  739.514473][T13754] usb usb4-port1: unable to enumerate USB device
[  739.799172][T18556] xt_ecn: cannot match TCP bits for non-tcp packets
[  739.938157][   T29] audit: type=1400 audit(1782093277.776:1784): avc:  denied  { ioctl } for  pid=18557 comm="syz.4.3719" path="socket:[57774]" dev="sockfs" ino=57774 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  740.329361][T18567] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3722'.
[  741.179756][T18591] xt_ecn: cannot match TCP bits for non-tcp packets
[  741.635200][T18598] fuse: fd is not a fuse device
[  741.690361][   T29] audit: type=1400 audit(1782093279.391:1785): avc:  denied  { accept } for  pid=18596 comm="syz.0.3732" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  741.733169][   T29] audit: type=1400 audit(1782093279.400:1786): avc:  denied  { setattr } for  pid=18596 comm="syz.0.3732" name="PPPOL2TP" dev="sockfs" ino=57846 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  741.910954][   T29] audit: type=1400 audit(1782093279.594:1787): avc:  denied  { map } for  pid=18614 comm="syz.0.3740" path="socket:[57902]" dev="sockfs" ino=57902 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  741.918511][T13753] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[  741.936591][T13761] usb 5-1: new full-speed USB device number 96 using dummy_hcd
[  742.016321][T18616] FAULT_INJECTION: forcing a failure.
[  742.016321][T18616] name failslab, interval 1, probability 0, space 0, times 0
[  742.064986][T18616] CPU: 1 UID: 0 PID: 18616 Comm: syz.3.3738 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  742.065019][T18616] Tainted: [L]=SOFTLOCKUP
[  742.065026][T18616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  742.065036][T18616] Call Trace:
[  742.065042][T18616]  <TASK>
[  742.065049][T18616]  dump_stack_lvl+0x100/0x190
[  742.065074][T18616]  should_fail_ex.cold+0x5/0xa
[  742.065095][T18616]  ? kmem_cache_alloc_noprof+0x54/0x6d0
[  742.065124][T18616]  should_failslab+0xc2/0x120
[  742.065143][T18616]  kmem_cache_alloc_noprof+0x7b/0x6d0
[  742.065168][T18616]  ? security_file_alloc+0x34/0x2c0
[  742.065186][T18616]  ? trace_kmem_cache_alloc+0xdd/0x100
[  742.065208][T18616]  security_file_alloc+0x34/0x2c0
[  742.065225][T18616]  init_file+0x95/0x480
[  742.065240][T18616]  alloc_empty_file+0x79/0x1c0
[  742.065258][T18616]  alloc_file_pseudo+0x183/0x290
[  742.065275][T18616]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  742.065293][T18616]  ? inode_init_always_gfp+0xc98/0xfb0
[  742.065321][T18616]  sock_alloc_file+0x50/0x210
[  742.065344][T18616]  do_accept+0x242/0x530
[  742.065361][T18616]  ? do_raw_spin_lock+0x128/0x260
[  742.065385][T18616]  ? __pfx_do_accept+0x10/0x10
[  742.065401][T18616]  ? rcu_is_watching+0x12/0xc0
[  742.065430][T18616]  __sys_accept4+0x108/0x200
[  742.065449][T18616]  ? __pfx___sys_accept4+0x10/0x10
[  742.065466][T18616]  ? preempt_schedule_notrace_thunk+0x16/0x30
[  742.065485][T18616]  ? trace_irq_enable.constprop.0+0x2f/0x160
[  742.065512][T18616]  __x64_sys_accept4+0x96/0x100
[  742.065531][T18616]  do_syscall_64+0x115/0x870
[  742.065552][T18616]  ? clear_bhb_loop+0x40/0x90
[  742.065571][T18616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.065589][T18616] RIP: 0033:0x7f9dbd39ce59
[  742.065606][T18616] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  742.065624][T18616] RSP: 002b:00007f9dbe261028 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[  742.065649][T18616] RAX: ffffffffffffffda RBX: 00007f9dbd616180 RCX: 00007f9dbd39ce59
[  742.065660][T18616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  742.065671][T18616] RBP: 00007f9dbe261090 R08: 0000000000000000 R09: 0000000000000000
[  742.065682][T18616] R10: 0000000000080800 R11: 0000000000000246 R12: 0000000000000001
[  742.065692][T18616] R13: 00007f9dbd616218 R14: 00007f9dbd616180 R15: 00007ffd354dc848
[  742.065713][T18616]  </TASK>
[  742.378538][T18621] FAULT_INJECTION: forcing a failure.
[  742.378538][T18621] name failslab, interval 1, probability 0, space 0, times 0
[  742.391387][T18621] CPU: 1 UID: 0 PID: 18621 Comm: syz.3.3741 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  742.391418][T18621] Tainted: [L]=SOFTLOCKUP
[  742.391424][T18621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  742.391433][T18621] Call Trace:
[  742.391438][T18621]  <TASK>
[  742.391448][T18621]  dump_stack_lvl+0x100/0x190
[  742.391470][T18621]  should_fail_ex.cold+0x5/0xa
[  742.391489][T18621]  ? fs_reclaim_acquire+0x70/0x100
[  742.391513][T18621]  ? tomoyo_realpath_from_path+0xb6/0x690
[  742.391530][T18621]  should_failslab+0xc2/0x120
[  742.391546][T18621]  __kmalloc_noprof+0xe0/0x840
[  742.391560][T18621]  ? kfree+0x1e5/0x6c0
[  742.391574][T18621]  tomoyo_realpath_from_path+0xb6/0x690
[  742.391586][T18621]  tomoyo_path_number_perm+0x23c/0x580
[  742.391609][T18621]  ? tomoyo_path_number_perm+0x22e/0x580
[  742.391625][T18621]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  742.391646][T18621]  ? preempt_count_add+0x76/0x150
[  742.391661][T18621]  ? rcu_is_watching+0x12/0xc0
[  742.391679][T18621]  ? __fget_files+0x215/0x3d0
[  742.391698][T18621]  ? hook_file_ioctl_common+0x140/0x440
[  742.391710][T18621]  ? lock_release+0x24d/0x310
[  742.391722][T18621]  ? __fget_files+0x21f/0x3d0
[  742.391742][T18621]  security_file_ioctl+0xd3/0x230
[  742.391761][T18621]  __x64_sys_ioctl+0xb7/0x210
[  742.391777][T18621]  do_syscall_64+0x115/0x870
[  742.391788][T18621]  ? clear_bhb_loop+0x40/0x90
[  742.391804][T18621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.391814][T18621] RIP: 0033:0x7f9dbd39ce59
[  742.391823][T18621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  742.391833][T18621] RSP: 002b:00007f9dbe2a3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  742.391848][T18621] RAX: ffffffffffffffda RBX: 00007f9dbd615fa0 RCX: 00007f9dbd39ce59
[  742.391855][T18621] RDX: 0000000000000000 RSI: 00000000c0506107 RDI: 0000000000000003
[  742.391861][T18621] RBP: 00007f9dbe2a3090 R08: 0000000000000000 R09: 0000000000000000
[  742.391867][T18621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.391874][T18621] R13: 00007f9dbd616038 R14: 00007f9dbd615fa0 R15: 00007ffd354dc848
[  742.391883][T18621]  </TASK>
[  742.391899][T18621] ERROR: Out of memory at tomoyo_realpath_from_path.
[  742.654224][T13753] usb 3-1: Using ep0 maxpacket: 32
[  742.662255][T13753] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  742.675065][T13753] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  742.784455][T13761] usb 5-1: config 0 has an invalid interface number: 214 but max is 0
[  742.785798][T13753] usb 3-1: config 0 descriptor??
[  742.805265][T13761] usb 5-1: config 0 has no interface number 0
[  742.813835][T13761] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[  742.825413][T13761] usb 5-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  743.323453][T13753] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  743.842940][T13761] usb 5-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  743.852560][T13761] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  743.864721][T13761] usb 5-1: Manufacturer: syz
[  743.870541][T13761] usb 5-1: SerialNumber: syz
[  743.899223][T13753] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  743.910120][T13753] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  743.917651][T13753] usb 3-1: media controller created
[  743.931291][T13753] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  743.971753][T13761] usb 5-1: config 0 descriptor??
[  743.980026][T18626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  744.018572][T18626] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  744.228039][T13753] az6027: usb out operation failed. (-71)
[  744.234371][T13753] stb0899_attach: Driver disabled by Kconfig
[  744.241892][T13753] az6027: no front-end attached
[  744.241892][T13753] 
[  744.251520][T13753] az6027: usb out operation failed. (-71)
[  744.258162][T13753] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  744.278158][T13753] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input27
[  744.300306][T13753] dvb-usb: schedule remote query interval to 400 msecs.
[  744.308417][T13753] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  744.326949][T13753] usb 3-1: USB disconnect, device number 91
[  744.396604][T13753] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  744.579272][T18638] xt_ecn: cannot match TCP bits for non-tcp packets
[  744.647339][T13761] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.214/input/input26
[  745.032244][T13754] usb 5-1: USB disconnect, device number 96
[  745.611193][T18666] netlink: 'syz.3.3755': attribute type 1 has an invalid length.
[  745.790341][T18666] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3755'.
[  745.808252][T18672] veth3: entered promiscuous mode
[  745.884965][T18677] xt_ecn: cannot match TCP bits for non-tcp packets
[  746.292109][T18684] SQUASHFS error: Failed to read block 0x0: -5
[  746.314618][T18662] syz.2.3751 (18662): drop_caches: 2
[  746.327498][T18684] unable to read squashfs_super_block
[  746.804619][T13761] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[  746.967121][T13761] usb 3-1: Using ep0 maxpacket: 16
[  746.973947][T13761] usb 3-1: config 0 has an invalid interface number: 68 but max is 0
[  746.982827][T13761] usb 3-1: config 0 has no interface number 0
[  746.990130][T13761] usb 3-1: config 0 interface 68 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  747.016467][T13761] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=dc.c4
[  747.028842][T13761] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.044477][T13761] usb 3-1: Product: syz
[  747.051746][T13761] usb 3-1: Manufacturer: syz
[  747.056739][T13761] usb 3-1: SerialNumber: syz
[  747.352932][T18698] Set syz1 is full, maxelem 65536 reached
[  747.367416][T13761] usb 3-1: config 0 descriptor??
[  747.378203][T18700] netlink: 'syz.5.3766': attribute type 1 has an invalid length.
[  747.390247][T18700] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3766'.
[  747.466270][T13761] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  747.508395][T18706] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65300 sclass=netlink_route_socket pid=18706 comm=syz.5.3767
[  747.519925][T13753] usb 5-1: new full-speed USB device number 97 using dummy_hcd
[  747.523621][   T29] audit: type=1400 audit(1782093284.771:1788): avc:  denied  { setopt } for  pid=18705 comm="syz.5.3767" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  747.684543][T18696] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  747.693980][T18696] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  747.703348][   T63] usb 3-1: Failed to submit usb control message: -71
[  747.703582][T13761] usb 3-1: USB disconnect, device number 92
[  747.710520][   T63] usb 3-1: unable to send the bmi data to the device: -71
[  747.725791][   T63] usb 3-1: unable to get target info from device
[  747.733062][   T63] usb 3-1: could not get target info (-71)
[  747.742491][   T63] usb 3-1: could not probe fw (-71)
[  747.750280][T13753] usb 5-1: no configurations
[  747.758535][T13753] usb 5-1: can't read configurations, error -22
[  747.795761][T18714] netlink: 'syz.0.3770': attribute type 1 has an invalid length.
[  747.822769][T18714] veth9: entered promiscuous mode
[  747.830696][T18714] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3770'.
[  747.910331][T13754] usb 4-1: new high-speed USB device number 95 using dummy_hcd
[  747.918105][T13753] usb 5-1: new full-speed USB device number 98 using dummy_hcd
[  748.084647][T13754] usb 4-1: Using ep0 maxpacket: 32
[  748.093501][T13754] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  748.113796][T13754] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 250, changing to 7
[  748.125389][T13753] usb 5-1: no configurations
[  748.130379][T13753] usb 5-1: can't read configurations, error -22
[  748.138648][T13753] usb usb5-port1: attempt power cycle
[  748.245592][T13754] usb 4-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice= 0.40
[  748.255134][T13754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.263813][T13754] usb 4-1: Product: syz
[  748.272422][T13754] usb 4-1: Manufacturer: syz
[  748.277230][T13754] usb 4-1: SerialNumber: syz
[  748.584526][T13753] usb 5-1: new full-speed USB device number 99 using dummy_hcd
[  749.331954][   T29] audit: type=1400 audit(1782093286.441:1789): avc:  denied  { ioctl } for  pid=18710 comm="syz.3.3769" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  749.368178][T13754] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  749.377801][T13753] usb 5-1: no configurations
[  749.386314][T13753] usb 5-1: can't read configurations, error -22
[  749.405062][   T29] audit: type=1400 audit(1782093286.487:1790): avc:  denied  { accept } for  pid=18733 comm="syz.0.3777" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  749.409287][T13754] usb 4-1: disable ehci-hcd to run US-144
[  749.435068][T13754] usb 4-1: USB disconnect, device number 95
[  749.480867][T16651] udevd[16651]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  749.547119][T13753] usb 5-1: new full-speed USB device number 100 using dummy_hcd
[  749.547655][T13761] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[  749.580879][T13753] usb 5-1: no configurations
[  749.585779][T13753] usb 5-1: can't read configurations, error -22
[  749.661274][T13753] usb usb5-port1: unable to enumerate USB device
[  750.771090][T13761] usb 3-1: Using ep0 maxpacket: 8
[  750.777954][T13761] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  750.789545][T13761] usb 3-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  750.799774][T13761] usb 3-1: config 0 interface 0 has no altsetting 0
[  750.806950][T13761] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  750.848699][T13761] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  750.872944][T13761] usb 3-1: config 0 descriptor??
[  751.103376][T18756] netlink: 'syz.0.3782': attribute type 1 has an invalid length.
[  751.175436][T18756] veth11: entered promiscuous mode
[  751.184218][T18756] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3782'.
[  751.229248][T18762] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3785'.
[  751.257346][T18762] block nbd0: not configured, cannot reconfigure
[  751.284429][   T29] audit: type=1400 audit(1782093288.241:1791): avc:  denied  { append } for  pid=18760 comm="syz.4.3785" name="loop5" dev="devtmpfs" ino=652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  751.284732][T18770] loop5: detected capacity change from 0 to 4095
[  751.371035][T13761] usbhid 3-1:0.0: can't add hid device: -71
[  751.391959][T13761] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  751.419782][T13761] usb 3-1: USB disconnect, device number 93
[  754.044564][T13761] usb 5-1: new full-speed USB device number 101 using dummy_hcd
[  754.202992][ T4927] Bluetooth: hci0: command 0x0406 tx timeout
[  754.401843][T13761] usb 5-1: no configurations
[  754.423283][T13761] usb 5-1: can't read configurations, error -22
[  754.542410][ T5708] usb 4-1: new high-speed USB device number 96 using dummy_hcd
[  754.617864][T13761] usb 5-1: new full-speed USB device number 102 using dummy_hcd
[  754.737992][ T5708] usb 4-1: Using ep0 maxpacket: 32
[  754.755622][ T5708] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  754.797634][ T5708] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  754.813935][T13761] usb 5-1: no configurations
[  754.828863][T13761] usb 5-1: can't read configurations, error -22
[  754.854569][ T5708] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  754.867889][T13761] usb usb5-port1: attempt power cycle
[  754.911920][ T5708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.005953][ T5708] usb 4-1: Product: syz
[  755.024538][ T5708] usb 4-1: Manufacturer: syz
[  755.044805][ T5708] usb 4-1: SerialNumber: syz
[  755.060331][ T5708] usb 4-1: config 0 descriptor??
[  755.341982][T13761] usb 5-1: new full-speed USB device number 103 using dummy_hcd
[  755.366404][T13761] usb 5-1: no configurations
[  755.371075][T13761] usb 5-1: can't read configurations, error -22
[  755.493047][T18824] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3802'.
[  755.756192][T13761] usb 5-1: new full-speed USB device number 104 using dummy_hcd
[  755.789528][T13761] usb 5-1: no configurations
[  755.796989][T13761] usb 5-1: can't read configurations, error -22
[  755.807305][T13761] usb usb5-port1: unable to enumerate USB device
[  756.301493][   T29] audit: type=1400 audit(1782093292.873:1792): avc:  denied  { ioctl } for  pid=18800 comm="syz.3.3794" path="/dev/usbmon0" dev="devtmpfs" ino=717 ioctlcmd=0x920a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  757.096852][T18845] overlayfs: failed to clone upperpath
[  757.102746][T13761] usb 3-1: new full-speed USB device number 94 using dummy_hcd
[  757.362898][   T29] audit: type=1326 audit(1782093293.851:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18849 comm="syz.0.3811" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe02159ce59 code=0x0
[  757.469147][T13761] usb 3-1: unable to get BOS descriptor or descriptor too short
[  757.580068][T13761] usb 3-1: not running at top speed; connect to a high speed hub
[  757.589548][T13761] usb 3-1: config 0 has no interfaces?
[  757.596535][T13761] usb 3-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40
[  757.606041][T13761] usb 3-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3
[  757.615076][T13761] usb 3-1: Manufacturer: syz
[  757.620301][T13761] usb 3-1: SerialNumber: syz
[  757.626972][T13761] usb 3-1: config 0 descriptor??
[  757.639993][T13754] usb 4-1: USB disconnect, device number 96
[  757.859201][   T29] audit: type=1326 audit(1782093294.211:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18854 comm="syz.4.3812" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82fd19ce59 code=0x0
[  757.897085][T13754] usb 3-1: USB disconnect, device number 94
[  758.259115][T13753] usb 4-1: new full-speed USB device number 97 using dummy_hcd
[  758.454568][T13753] usb 4-1: no configurations
[  758.464181][T13753] usb 4-1: can't read configurations, error -22
[  758.585970][   T29] audit: type=1400 audit(1782093294.986:1795): avc:  denied  { read append } for  pid=18876 comm="syz.4.3819" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  758.677961][T13753] usb 4-1: new full-speed USB device number 98 using dummy_hcd
[  758.695224][   T29] audit: type=1400 audit(1782093294.986:1796): avc:  denied  { open } for  pid=18876 comm="syz.4.3819" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  759.290133][T13753] usb 4-1: no configurations
[  759.306320][T13753] usb 4-1: can't read configurations, error -22
[  759.358132][T13753] usb usb4-port1: attempt power cycle
[  759.455479][T18895] xt_ecn: cannot match TCP bits for non-tcp packets
[  759.841468][ T4927] Bluetooth: hci1: command 0x0406 tx timeout
[  759.873640][T13753] usb 4-1: new full-speed USB device number 99 using dummy_hcd
[  759.963690][T13767] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[  759.993730][T13753] usb 4-1: no configurations
[  760.007044][T13753] usb 4-1: can't read configurations, error -22
[  760.110275][   T29] audit: type=1326 audit(1782093296.380:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18897 comm="syz.2.3825" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7efd4e19ce59 code=0x0
[  760.307003][T13753] usb 4-1: new full-speed USB device number 100 using dummy_hcd
[  760.317883][T13767] usb 5-1: Using ep0 maxpacket: 8
[  760.326378][T13767] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  760.329513][T13753] usb 4-1: no configurations
[  760.345671][T13767] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  760.356785][T13753] usb 4-1: can't read configurations, error -22
[  760.361128][T13767] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 6
[  760.381110][T13767] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  760.395238][T13753] usb usb4-port1: unable to enumerate USB device
[  760.409567][T13767] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  760.426173][T13767] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.710182][T13767] usb 5-1: usb_control_msg returned -71
[  760.719808][T13767] usbtmc 5-1:16.0: can't read capabilities
[  760.745693][T13767] usb 5-1: USB disconnect, device number 105
[  760.857831][T18911] fuse: Unknown parameter 'd:18 - fusectl fusectl rw
[  760.857831][T18911] 89 83 0:34 / /sys/fs/pstore rw'
[  760.921757][T18913] FAULT_INJECTION: forcing a failure.
[  760.921757][T18913] name failslab, interval 1, probability 0, space 0, times 0
[  760.934787][T18913] CPU: 1 UID: 0 PID: 18913 Comm: syz.2.3829 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  760.934810][T18913] Tainted: [L]=SOFTLOCKUP
[  760.934814][T18913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  760.934820][T18913] Call Trace:
[  760.934824][T18913]  <TASK>
[  760.934828][T18913]  dump_stack_lvl+0x100/0x190
[  760.934844][T18913]  should_fail_ex.cold+0x5/0xa
[  760.934858][T18913]  ? __kmalloc_noprof+0xba/0x840
[  760.934873][T18913]  ? hci_get_dev_list+0x90/0x3b0
[  760.934886][T18913]  should_failslab+0xc2/0x120
[  760.934898][T18913]  __kmalloc_noprof+0xe0/0x840
[  760.934913][T18913]  hci_get_dev_list+0x90/0x3b0
[  760.934925][T18913]  ? hci_sock_ioctl+0x162/0x7e0
[  760.934941][T18913]  hci_sock_ioctl+0x630/0x7e0
[  760.934951][T18913]  ? __pfx_hci_sock_ioctl+0x10/0x10
[  760.934962][T18913]  ? tomoyo_path_number_perm+0x188/0x580
[  760.934980][T18913]  sock_do_ioctl+0x118/0x280
[  760.934996][T18913]  ? __pfx_sock_do_ioctl+0x10/0x10
[  760.935013][T18913]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  760.935027][T18913]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  760.935046][T18913]  sock_ioctl+0x599/0x6b0
[  760.935056][T18913]  ? __pfx_sock_ioctl+0x10/0x10
[  760.935065][T18913]  ? hook_file_ioctl_common+0x140/0x440
[  760.935079][T18913]  ? selinux_file_ioctl+0x13b/0x290
[  760.935095][T18913]  ? selinux_file_ioctl+0xb6/0x290
[  760.935112][T18913]  ? __pfx_sock_ioctl+0x10/0x10
[  760.935122][T18913]  __x64_sys_ioctl+0x18e/0x210
[  760.935136][T18913]  do_syscall_64+0x115/0x870
[  760.935147][T18913]  ? clear_bhb_loop+0x40/0x90
[  760.935159][T18913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  760.935171][T18913] RIP: 0033:0x7efd4e19ce59
[  760.935180][T18913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  760.935193][T18913] RSP: 002b:00007efd4f026028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  760.935210][T18913] RAX: ffffffffffffffda RBX: 00007efd4e415fa0 RCX: 00007efd4e19ce59
[  760.935220][T18913] RDX: 0000200000000040 RSI: 00000000800448d2 RDI: 0000000000000004
[  760.935230][T18913] RBP: 00007efd4f026090 R08: 0000000000000000 R09: 0000000000000000
[  760.935240][T18913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  760.935250][T18913] R13: 00007efd4e416038 R14: 00007efd4e415fa0 R15: 00007fff0b4b70f8
[  760.935262][T18913]  </TASK>
[  762.731833][T18934] xt_ecn: cannot match TCP bits for non-tcp packets
[  763.041828][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[  763.050810][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[  763.298872][   T29] audit: type=1326 audit(1782093299.324:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18944 comm="syz.4.3838" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f82fd19ce59 code=0x0
[  763.696547][T18959] veth1_macvtap: left promiscuous mode
[  763.702553][T18959] macsec0: entered promiscuous mode
[  763.730372][T18959] veth1_macvtap: entered promiscuous mode
[  763.741668][T18959] macsec0: left promiscuous mode
[  764.002441][ T5735] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[  764.095502][T18965] qnx6: unable to read the first superblock
[  764.134964][T18965] qnx6: unable to read the first superblock
[  764.161246][T18966] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[  764.172122][T18965] qnx6: unable to read the first superblock
[  764.189686][ T5735] usb 3-1: device descriptor read/64, error -71
[  764.203676][T18966] ALSA: mixer_oss: invalid index 1374389
[  764.380667][T18976] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3847'.
[  764.479262][ T5735] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[  764.533730][T18981] xt_ecn: cannot match TCP bits for non-tcp packets
[  764.642502][ T5735] usb 3-1: device descriptor read/64, error -71
[  764.858562][ T5735] usb usb3-port1: attempt power cycle
[  764.944889][T18988] fuse: Bad value for 'group_id'
[  764.963066][T18988] fuse: Bad value for 'group_id'
[  765.227042][ T5735] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[  765.335662][ T5735] usb 3-1: device descriptor read/8, error -71
[  765.362941][   T29] audit: type=1400 audit(1782093301.234:1799): avc:  denied  { create } for  pid=18989 comm="syz.0.3853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  765.452427][   T29] audit: type=1400 audit(1782093301.317:1800): avc:  denied  { unlink } for  pid=19005 comm="syz.3.3857" name="file0" dev="tmpfs" ino=427 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  765.536728][   T29] audit: type=1400 audit(1782093301.345:1801): avc:  denied  { rename } for  pid=19005 comm="syz.3.3857" name="file0" dev="tmpfs" ino=427 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  765.627822][ T5735] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[  765.739347][ T5735] usb 3-1: device descriptor read/8, error -71
[  765.863394][T19010] Bluetooth: MGMT ver 1.23
[  766.211744][ T5735] usb usb3-port1: unable to enumerate USB device
[  766.442059][T19016] tc_dump_action: action bad kind
[  766.948299][   T29] audit: type=1400 audit(1782093302.581:1802): avc:  denied  { nlmsg_write } for  pid=19017 comm="syz.3.3861" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  767.153791][T19025] syzkaller0: entered promiscuous mode
[  767.181278][T19025] syzkaller0: entered allmulticast mode
[  767.182188][T19027] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  767.187207][   T29] audit: type=1400 audit(1782093302.913:1803): avc:  denied  { write } for  pid=19019 comm="syz.5.3862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  767.259720][T19025] FAULT_INJECTION: forcing a failure.
[  767.259720][T19025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  767.284429][T19025] CPU: 1 UID: 0 PID: 19025 Comm: syz.2.3863 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  767.284459][T19025] Tainted: [L]=SOFTLOCKUP
[  767.284466][T19025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  767.284477][T19025] Call Trace:
[  767.284482][T19025]  <TASK>
[  767.284489][T19025]  dump_stack_lvl+0x100/0x190
[  767.284515][T19025]  should_fail_ex.cold+0x5/0xa
[  767.284537][T19025]  _copy_from_iter+0x1f4/0x1690
[  767.284563][T19025]  ? __asan_memset+0x23/0x50
[  767.284587][T19025]  ? __pfx__copy_from_iter+0x10/0x10
[  767.284609][T19025]  ? __pfx___alloc_skb+0x10/0x10
[  767.284633][T19025]  ? netlink_autobind.isra.0+0x160/0x370
[  767.284664][T19025]  netlink_sendmsg+0x808/0xda0
[  767.284681][T19025]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.284701][T19025]  ____sys_sendmsg+0xa4d/0xbe0
[  767.284725][T19025]  ? __pfx_netlink_sendmsg+0x10/0x10
[  767.284742][T19025]  ? __pfx_____sys_sendmsg+0x10/0x10
[  767.284768][T19025]  ? kstrtouint_from_user+0x13c/0x1d0
[  767.284788][T19025]  ___sys_sendmsg+0x190/0x1e0
[  767.284806][T19025]  ? __pfx____sys_sendmsg+0x10/0x10
[  767.284823][T19025]  ? get_pid_task+0x106/0x250
[  767.284851][T19025]  ? rcu_is_watching+0x12/0xc0
[  767.284881][T19025]  __sys_sendmsg+0x160/0x210
[  767.284902][T19025]  ? __pfx___sys_sendmsg+0x10/0x10
[  767.284927][T19025]  ? rcu_is_watching+0x12/0xc0
[  767.284950][T19025]  do_syscall_64+0x115/0x870
[  767.284967][T19025]  ? clear_bhb_loop+0x40/0x90
[  767.284986][T19025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  767.285003][T19025] RIP: 0033:0x7efd4e19ce59
[  767.285018][T19025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  767.285034][T19025] RSP: 002b:00007efd4f026028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  767.285052][T19025] RAX: ffffffffffffffda RBX: 00007efd4e415fa0 RCX: 00007efd4e19ce59
[  767.285064][T19025] RDX: 000000000404c004 RSI: 0000200000000200 RDI: 0000000000000009
[  767.285075][T19025] RBP: 00007efd4f026090 R08: 0000000000000000 R09: 0000000000000000
[  767.285085][T19025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  767.285096][T19025] R13: 00007efd4e416038 R14: 00007efd4e415fa0 R15: 00007fff0b4b70f8
[  767.285111][T19025]  </TASK>
[  767.676702][ T5708] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[  767.857142][T19038] xt_hashlimit: max too large, truncated to 1048576
[  768.128664][T19049] xt_hashlimit: max too large, truncated to 1048576
[  768.141635][T19038] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3868'.
[  768.153130][ T5617] Bluetooth: hci0: command 0x0406 tx timeout
[  768.159171][ T4927] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  768.164130][T19049] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3870'.
[  768.206873][ T5708] usb 4-1: Using ep0 maxpacket: 16
[  768.215115][ T5708] usb 4-1: unable to get BOS descriptor or descriptor too short
[  768.254224][ T5708] usb 4-1: string descriptor 0 read error: -22
[  768.265781][ T5708] usb 4-1: New USB device found, idVendor=041e, idProduct=3263, bcdDevice= 0.40
[  768.274929][ T5708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  768.305796][ T5708] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  768.600859][T19063] FAULT_INJECTION: forcing a failure.
[  768.600859][T19063] name failslab, interval 1, probability 0, space 0, times 0
[  768.628887][T19063] CPU: 1 UID: 0 PID: 19063 Comm: syz.4.3873 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  768.628917][T19063] Tainted: [L]=SOFTLOCKUP
[  768.628923][T19063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  768.628932][T19063] Call Trace:
[  768.628938][T19063]  <TASK>
[  768.628945][T19063]  dump_stack_lvl+0x100/0x190
[  768.628967][T19063]  should_fail_ex.cold+0x5/0xa
[  768.628989][T19063]  should_failslab+0xc2/0x120
[  768.629007][T19063]  kmem_cache_alloc_noprof+0x7b/0x6d0
[  768.629031][T19063]  ? skb_clone+0x190/0x400
[  768.629054][T19063]  skb_clone+0x190/0x400
[  768.629074][T19063]  netlink_deliver_tap+0xaed/0xcc0
[  768.629100][T19063]  netlink_unicast+0x62b/0x850
[  768.629118][T19063]  ? __pfx_netlink_unicast+0x10/0x10
[  768.629142][T19063]  netlink_sendmsg+0x8b0/0xda0
[  768.629160][T19063]  ? __pfx_netlink_sendmsg+0x10/0x10
[  768.629180][T19063]  ____sys_sendmsg+0xa4d/0xbe0
[  768.629205][T19063]  ? __pfx_netlink_sendmsg+0x10/0x10
[  768.629221][T19063]  ? __pfx_____sys_sendmsg+0x10/0x10
[  768.629249][T19063]  ? kstrtouint_from_user+0x13c/0x1d0
[  768.629269][T19063]  ___sys_sendmsg+0x190/0x1e0
[  768.629285][T19063]  ? __pfx____sys_sendmsg+0x10/0x10
[  768.629302][T19063]  ? get_pid_task+0x106/0x250
[  768.629330][T19063]  ? rcu_is_watching+0x12/0xc0
[  768.629359][T19063]  __sys_sendmsg+0x160/0x210
[  768.629380][T19063]  ? __pfx___sys_sendmsg+0x10/0x10
[  768.629403][T19063]  ? rcu_is_watching+0x12/0xc0
[  768.629425][T19063]  do_syscall_64+0x115/0x870
[  768.629443][T19063]  ? clear_bhb_loop+0x40/0x90
[  768.629463][T19063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  768.629481][T19063] RIP: 0033:0x7f82fd19ce59
[  768.629496][T19063] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  768.629511][T19063] RSP: 002b:00007f82fe0fd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  768.629528][T19063] RAX: ffffffffffffffda RBX: 00007f82fd415fa0 RCX: 00007f82fd19ce59
[  768.629540][T19063] RDX: 0000000020000080 RSI: 0000200000000180 RDI: 0000000000000003
[  768.629551][T19063] RBP: 00007f82fe0fd090 R08: 0000000000000000 R09: 0000000000000000
[  768.629562][T19063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  768.629573][T19063] R13: 00007f82fd416038 R14: 00007f82fd415fa0 R15: 00007fff72215288
[  768.629590][T19063]  </TASK>
[  769.149938][T13767] usb 3-1: new full-speed USB device number 99 using dummy_hcd
[  769.652601][T13761] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[  769.788453][T13767] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  769.799709][T13767] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  769.860086][T13767] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  769.870337][T13767] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=3
[  769.880963][T13767] usb 3-1: Manufacturer: syz
[  769.885635][T13767] usb 3-1: SerialNumber: syz
[  769.900299][T13761] usb 5-1: device descriptor read/64, error -71
[  770.443683][T13767] usb 3-1: config 0 descriptor??
[  770.466097][T19094] xt_hashlimit: max too large, truncated to 1048576
[  770.476367][T19094] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3884'.
[  770.496387][ T5708] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  770.517011][ T5708] usb 4-1: 2:1 : invalid channels 0
[  770.702595][T13761] usb 5-1: new high-speed USB device number 107 using dummy_hcd
[  770.842372][ T4927] Bluetooth: hci4: command 0x0405 tx timeout
[  770.935839][ T5708] usb 4-1: USB disconnect, device number 101
[  770.952405][T13767] usb 3-1: USB disconnect, device number 99
[  771.105800][T13761] usb 5-1: device descriptor read/64, error -71
[  771.225730][   T29] audit: type=1326 audit(1782093306.641:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19111 comm="syz.5.3891" exe="/root/ci-upstream-kasan-gce-selinux-root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea5ad9ce59 code=0x0
[  771.253066][T13761] usb usb5-port1: attempt power cycle
[  771.294683][T19116] trusted_key: encrypted_key: insufficient parameters specified
[  771.392843][ T5708] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[  771.556491][ T5708] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  771.566919][ T5708] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  771.577493][ T5708] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  771.586860][ T5708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.594891][ T5708] usb 4-1: Product: syz
[  771.599509][ T5708] usb 4-1: Manufacturer: syz
[  771.604121][ T5708] usb 4-1: SerialNumber: syz
[  771.609919][ T5708] usb 4-1: config 0 descriptor??
[  771.621509][T13761] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[  771.653339][T13761] usb 5-1: device descriptor read/8, error -71
[  771.836151][T19103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.855888][T19103] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.892802][ T5708] usb 4-1: USB disconnect, device number 102
[  771.926107][T13761] usb 5-1: new high-speed USB device number 109 using dummy_hcd
[  771.938032][   T29] audit: type=1400 audit(1782093307.306:1805): avc:  denied  { map } for  pid=19125 comm="syz.3.3896" path="socket:[58811]" dev="sockfs" ino=58811 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  771.977839][T13761] usb 5-1: device descriptor read/8, error -71
[  771.988409][   T29] audit: type=1400 audit(1782093307.343:1806): avc:  denied  { execute } for  pid=19118 comm="syz.2.3894" path="/dev/comedi3" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  772.043308][ T5617] Bluetooth: hci4: unexpected event for opcode 0x0c47
[  772.112004][T13761] usb usb5-port1: unable to enumerate USB device
[  772.504486][T19133] syz.3.3897 (19133): drop_caches: 2
[  772.636448][T19139] xt_hashlimit: max too large, truncated to 1048576
[  772.652790][T19139] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3898'.
[  772.901944][T19145] usb usb8: usbfs: process 19145 (syz.3.3899) did not claim interface 0 before use
[  773.670198][ T5617] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  774.069700][ T5708] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[  774.185627][T19158] xt_ecn: cannot match TCP bits for non-tcp packets
[  774.246143][ T5708] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 18, changing to 7
[  774.273891][ T5708] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  774.284596][ T5708] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  774.296476][ T5708] usb 4-1: Product: Ж
[  774.302216][ T5708] usb 4-1: Manufacturer: Н
[  774.314403][ T5708] usb 4-1: SerialNumber: Ѳ⤊貜ꔷ䨏୳Ⱏ⒚뮢莛꧰	尘訯撏쿱ϩ訶紘␊鋑셅ꂒ઎ⓣ팹柷ᰊ⑃䊙ᖅ⠑䩿鹨ъꥤꃩ䄎柖ᒺ͛詾䊱憞鼗ꢚ狎纺㫀訥晖ⅸ㒙臥꽢뛵ゥޝໞ¸蟖ᓰ̵契泙䕎畡ꮈᢳ奴蝎ᴡ⧸櫑蘂띞ꜝ⤌
[  774.607438][   T29] audit: type=1400 audit(1782093309.760:1807): avc:  denied  { ioctl } for  pid=19155 comm="syz.3.3902" path="socket:[60015]" dev="sockfs" ino=60015 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  774.649236][ T5708] usb 4-1: 1:1 : invalid UAC_FORMAT_TYPE desc
[  774.657493][ T5708] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  774.676952][ T5708] usb 4-1: unit 3 not found!
[  774.709527][ T5708] usb 4-1: USB disconnect, device number 103
[  774.735660][T19169] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3907'.
[  775.359373][ T5708] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[  775.533695][ T5708] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[  775.542550][ T5708] usb 3-1: config 0 has no interface number 0
[  775.549324][ T5708] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  775.561350][ T5708] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  775.570831][ T5708] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.579357][ T5708] usb 3-1: Product: syz
[  775.583670][ T5708] usb 3-1: Manufacturer: syz
[  775.588540][ T5708] usb 3-1: SerialNumber: syz
[  775.594828][ T5708] usb 3-1: config 0 descriptor??
[  775.605199][ T5708] yurex 3-1:0.50: Could not find endpoints
[  776.431887][ T5617] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  776.440699][ T5617] Bluetooth: hci4: Injecting HCI hardware error event
[  776.448036][ T5617] Bluetooth: hci4: hardware error 0x00
[  776.497973][T13754] usb 3-1: USB disconnect, device number 100
[  776.756060][T19191] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3913'.
[  776.780605][T19191] FAULT_INJECTION: forcing a failure.
[  776.780605][T19191] name failslab, interval 1, probability 0, space 0, times 0
[  776.793719][T19191] CPU: 1 UID: 0 PID: 19191 Comm: syz.3.3913 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  776.793749][T19191] Tainted: [L]=SOFTLOCKUP
[  776.793756][T19191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  776.793767][T19191] Call Trace:
[  776.793775][T19191]  <TASK>
[  776.793783][T19191]  dump_stack_lvl+0x100/0x190
[  776.793808][T19191]  should_fail_ex.cold+0x5/0xa
[  776.793831][T19191]  should_failslab+0xc2/0x120
[  776.793852][T19191]  __kmalloc_cache_noprof+0x7a/0x6e0
[  776.793876][T19191]  ? sctp_association_new+0xbb/0x2990
[  776.793904][T19191]  sctp_association_new+0xbb/0x2990
[  776.793931][T19191]  sctp_connect_new_asoc+0x1a8/0x770
[  776.793959][T19191]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  776.793988][T19191]  sctp_sendmsg+0x1743/0x22e0
[  776.794016][T19191]  ? __pfx_sctp_sendmsg+0x10/0x10
[  776.794038][T19191]  ? preempt_schedule_irq+0x7b/0x90
[  776.794065][T19191]  ? rcu_is_watching+0x12/0xc0
[  776.794090][T19191]  ? irqentry_exit+0x24d/0xa00
[  776.794111][T19191]  ? inet_sendmsg+0x18/0x140
[  776.794132][T19191]  ? __pfx_sctp_sendmsg+0x10/0x10
[  776.794159][T19191]  inet_sendmsg+0x11c/0x140
[  776.794181][T19191]  ____sys_sendmsg+0x9c9/0xbe0
[  776.794207][T19191]  ? __pfx_inet_sendmsg+0x10/0x10
[  776.794234][T19191]  ? __pfx_____sys_sendmsg+0x10/0x10
[  776.794263][T19191]  ? __import_iovec+0x4bc/0x640
[  776.794288][T19191]  ? copy_msghdr_from_user+0x2d7/0x4c0
[  776.794307][T19191]  ___sys_sendmsg+0x190/0x1e0
[  776.794324][T19191]  ? __pfx____sys_sendmsg+0x10/0x10
[  776.794341][T19191]  ? rcu_is_watching+0x12/0xc0
[  776.794369][T19191]  ? __rcu_read_unlock+0x26a/0x5e0
[  776.794395][T19191]  __sys_sendmsg+0x160/0x210
[  776.794418][T19191]  ? __pfx___sys_sendmsg+0x10/0x10
[  776.794443][T19191]  ? rcu_is_watching+0x12/0xc0
[  776.794468][T19191]  do_syscall_64+0x115/0x870
[  776.794485][T19191]  ? clear_bhb_loop+0x40/0x90
[  776.794505][T19191]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.794524][T19191] RIP: 0033:0x7f9dbd39ce59
[  776.794539][T19191] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  776.794556][T19191] RSP: 002b:00007f9dbe2a3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  776.794574][T19191] RAX: ffffffffffffffda RBX: 00007f9dbd615fa0 RCX: 00007f9dbd39ce59
[  776.794587][T19191] RDX: 0000000000040040 RSI: 00002000000003c0 RDI: 0000000000000004
[  776.794598][T19191] RBP: 00007f9dbe2a3090 R08: 0000000000000000 R09: 0000000000000000
[  776.794609][T19191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  776.794620][T19191] R13: 00007f9dbd616038 R14: 00007f9dbd615fa0 R15: 00007ffd354dc848
[  776.794637][T19191]  </TASK>
[  777.874816][T19196] FAULT_INJECTION: forcing a failure.
[  777.874816][T19196] name failslab, interval 1, probability 0, space 0, times 0
[  777.912638][T19196] CPU: 1 UID: 0 PID: 19196 Comm: syz.2.3915 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  777.912661][T19196] Tainted: [L]=SOFTLOCKUP
[  777.912665][T19196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  777.912671][T19196] Call Trace:
[  777.912675][T19196]  <TASK>
[  777.912679][T19196]  dump_stack_lvl+0x100/0x190
[  777.912696][T19196]  should_fail_ex.cold+0x5/0xa
[  777.912710][T19196]  should_failslab+0xc2/0x120
[  777.912722][T19196]  __kmalloc_node_track_caller_noprof+0xe4/0x890
[  777.912740][T19196]  ? sidtab_sid2str_get+0x17a/0x670
[  777.912751][T19196]  ? lock_acquire+0x301/0x370
[  777.912763][T19196]  kmemdup_noprof+0x29/0x60
[  777.912780][T19196]  sidtab_sid2str_get+0x17a/0x670
[  777.912792][T19196]  security_sid_to_context_core+0x35a/0x6d0
[  777.912809][T19196]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  777.912821][T19196]  avc_audit_post_callback+0x109/0x910
[  777.912833][T19196]  ? __pfx_audit_log_lsm_data+0x10/0x10
[  777.912843][T19196]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  777.912854][T19196]  ? skb_put+0x138/0x180
[  777.912870][T19196]  ? audit_log_n_string+0x256/0x550
[  777.912887][T19196]  ? __pfx_avc_audit_post_callback+0x10/0x10
[  777.912899][T19196]  common_lsm_audit+0x23f/0x2b0
[  777.912909][T19196]  ? __pfx_common_lsm_audit+0x10/0x10
[  777.912919][T19196]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  777.912937][T19196]  slow_avc_audit+0x186/0x210
[  777.912949][T19196]  ? __pfx_slow_avc_audit+0x10/0x10
[  777.912962][T19196]  ? avc_denied+0x14a/0x190
[  777.912974][T19196]  ? avc_has_perm_noaudit+0x2fc/0x3b0
[  777.912987][T19196]  avc_has_perm+0x1a6/0x1e0
[  777.912999][T19196]  ? __pfx_avc_has_perm+0x10/0x10
[  777.913013][T19196]  sock_has_perm+0x253/0x2f0
[  777.913027][T19196]  ? __pfx_sock_has_perm+0x10/0x10
[  777.913041][T19196]  ? kstrtouint_from_user+0x13c/0x1d0
[  777.913053][T19196]  ? get_pid_task+0xfc/0x250
[  777.913069][T19196]  ? rcu_is_watching+0x12/0xc0
[  777.913083][T19196]  ? get_pid_task+0xfc/0x250
[  777.913097][T19196]  ? lock_release+0x24d/0x310
[  777.913108][T19196]  security_socket_getsockopt+0x9b/0x230
[  777.913125][T19196]  do_sock_getsockopt+0x1e3/0x6e0
[  777.913142][T19196]  ? ksys_write+0x12a/0x250
[  777.913155][T19196]  ? lock_release+0x150/0x310
[  777.913166][T19196]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  777.913182][T19196]  ? rcu_is_watching+0x12/0xc0
[  777.913196][T19196]  ? rcu_is_watching+0x12/0xc0
[  777.913210][T19196]  ? __fget_files+0x215/0x3d0
[  777.913231][T19196]  ? __fget_files+0x21f/0x3d0
[  777.913247][T19196]  __sys_getsockopt+0x148/0x260
[  777.913261][T19196]  ? __x64_sys_getsockopt+0xbd/0x160
[  777.913274][T19196]  __x64_sys_getsockopt+0xbd/0x160
[  777.913286][T19196]  ? trace_irq_enable.constprop.0+0x122/0x160
[  777.913300][T19196]  do_syscall_64+0x115/0x870
[  777.913310][T19196]  ? clear_bhb_loop+0x40/0x90
[  777.913322][T19196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.913333][T19196] RIP: 0033:0x7efd4e19ce59
[  777.913342][T19196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  777.913352][T19196] RSP: 002b:00007efd4f026028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  777.913363][T19196] RAX: ffffffffffffffda RBX: 00007efd4e415fa0 RCX: 00007efd4e19ce59
[  777.913370][T19196] RDX: 0000000000000003 RSI: 0000000000000006 RDI: 0000000000000004
[  777.913376][T19196] RBP: 00007efd4f026090 R08: 0000200000000040 R09: 0000000000000000
[  777.913383][T19196] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  777.913389][T19196] R13: 00007efd4e416038 R14: 00007efd4e415fa0 R15: 00007fff0b4b70f8
[  777.913398][T19196]  </TASK>
[  778.079246][   T29] audit: type=1400 audit(1782093312.787:1808): avc:  denied  { getopt } for  pid=19194 comm="syz.2.3915" ssid=148 tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  778.738536][ T5617] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  779.784449][T19223] bond0: (slave team0): Releasing backup interface
[  779.792099][T13761] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[  779.844248][T19223] bridge_slave_0: left allmulticast mode
[  779.855337][T19223] bridge_slave_0: left promiscuous mode
[  779.876664][T19229] xt_hashlimit: max too large, truncated to 1048576
[  779.883811][T19223] bridge0: port 1(bridge_slave_0) entered disabled state
[  779.914995][T19229] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3924'.
[  779.964887][T13761] usb 3-1: Using ep0 maxpacket: 32
[  779.971501][T13761] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  780.001355][T13761] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  780.057986][T13761] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  780.099147][T13761] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  780.118139][T19235] xt_hashlimit: max too large, truncated to 1048576
[  780.135972][T19235] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3925'.
[  780.152228][T13761] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.253224][T19236] overlayfs: failed to clone upperpath
[  780.311727][T13761] usb 3-1: config 0 descriptor??
[  780.323348][T19204] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  780.331482][T13761] hub 3-1:0.0: USB hub found
[  780.357551][T19223] bridge_slave_1: left allmulticast mode
[  780.384294][T19223] bridge_slave_1: left promiscuous mode
[  780.449806][T19223] bridge0: port 2(bridge_slave_1) entered disabled state
[  780.505924][T19223] bond0: (slave bond_slave_0): Releasing backup interface
[  780.544075][T19241] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3926'.
[  780.560118][T19223] bond0: (slave bond_slave_1): Releasing backup interface
[  780.581833][T19223] team0: Port device team_slave_0 removed
[  780.631594][T19223] team0: Port device team_slave_1 removed
[  780.659648][T19223] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  780.809686][T19223] batman_adv: batadv0: Removing interface: batadv_slave_0
[  780.837802][T19223] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  780.857550][T19223] batman_adv: batadv0: Removing interface: batadv_slave_1
[  781.323641][T19223] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  781.418303][   T29] audit: type=1400 audit(1782093316.045:1809): avc:  denied  { attach_queue } for  pid=19217 comm="syz.3.3921" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  781.467936][T19240] veth13: entered promiscuous mode
[  781.671808][T13761] hub 3-1:0.0: config failed, can't read hub descriptor (err -22)
[  781.761793][T13761] usbhid 3-1:0.0: can't add hid device: -71
[  781.787036][T13761] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  781.800773][T19260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3931'.
[  781.840480][T19260] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3931'.
[  781.855195][T13761] usb 3-1: USB disconnect, device number 101
[  783.393517][T19274] netlink: 'syz.0.3933': attribute type 1 has an invalid length.
[  783.449254][T19274] veth13: entered promiscuous mode
[  783.476548][T19279] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3933'.
[  783.525233][T19281] xt_hashlimit: max too large, truncated to 1048576
[  783.550309][T19281] netlink: 48 bytes leftover after parsing attributes in process `syz.3.3935'.
[  783.741490][T19285] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3937'.
[  783.776045][T19287] veth5: entered promiscuous mode
[  783.800720][T13753] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[  783.813984][T19288] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3937'.
[  783.823464][T19287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3938'.
[  783.840793][T19288] netlink: 'syz.0.3937': attribute type 1 has an invalid length.
[  783.963922][T13753] usb 3-1: Using ep0 maxpacket: 8
[  784.000908][T19293] syz.3.3939 (19293): drop_caches: 2
[  784.111468][T13753] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  784.194589][T13753] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  784.194685][T19288] bond9: entered promiscuous mode
[  784.221080][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  784.239613][T13753] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  784.260866][T19288] 8021q: adding VLAN 0 to HW filter on device bond9
[  784.262740][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  784.301272][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  784.329394][T19292] bond9: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  784.369604][T13753] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  784.399513][T19292] bond9: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  784.410102][T13753] usb 3-1: config 168 interface 0 has no altsetting 0
[  784.426925][T19292] bond9: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  784.429026][T13753] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  784.710605][T13753] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  784.739746][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  784.765210][T13753] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  784.778676][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  784.792804][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  784.812311][T13753] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  784.848663][T13753] usb 3-1: config 168 interface 0 has no altsetting 0
[  784.962233][T13753] usb 3-1: config 168 descriptor has 1 excess byte, ignoring
[  784.969828][T13753] usb 3-1: too many endpoints for config 168 interface 0 altsetting 188: 100, using maximum allowed: 30
[  784.981898][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  784.994404][T13753] usb 3-1: config 168 interface 0 altsetting 188 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  785.010193][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  785.024589][T13753] usb 3-1: config 168 interface 0 altsetting 188 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  785.038650][T13753] usb 3-1: config 168 interface 0 altsetting 188 has 2 endpoint descriptors, different from the interface descriptor's value: 100
[  785.054066][T13753] usb 3-1: config 168 interface 0 has no altsetting 0
[  785.263238][   T29] audit: type=1400 audit(1782093319.468:1810): avc:  denied  { ioctl } for  pid=19299 comm="syz.5.3941" path="socket:[60205]" dev="sockfs" ino=60205 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  785.291898][T13753] usb 3-1: string descriptor 0 read error: -22
[  785.298720][T13753] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  785.308411][T13753] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  785.335690][T13753] adutux 3-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  785.678873][T13767] usb 3-1: USB disconnect, device number 102
[  786.044121][T13772] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[  786.195585][T13772] usb 4-1: device descriptor read/64, error -71
[  786.705008][T13753] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[  787.569183][T13772] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[  787.725036][T13772] usb 4-1: device descriptor read/64, error -71
[  787.756075][T13753] usb 5-1: Using ep0 maxpacket: 16
[  787.769783][T13753] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11
[  787.782968][T13753] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  787.797204][T13753] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  787.811503][T13753] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  788.838862][T13772] usb usb4-port1: attempt power cycle
[  788.847320][T13753] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  788.941846][T13753] usb 5-1: config 1 interface 0 has no altsetting 0
[  788.993784][T13753] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  789.012228][T13753] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.052535][T13753] ums-sddr09 5-1:1.0: USB Mass Storage device detected
[  789.219663][T13772] usb usb4-port1: Cannot enable. Maybe the USB cable is bad?
[  789.284045][T13753] scsi host1: usb-storage 5-1:1.0
[  789.403256][T13772] usb 4-1: new full-speed USB device number 107 using dummy_hcd
[  789.457786][T13761] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[  789.475895][T13772] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  789.503936][T13772] usb 4-1: config 0 has no interfaces?
[  789.520522][T13772] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  789.550208][T13772] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.586132][T13772] usb 4-1: config 0 descriptor??
[  789.652762][T13761] usb 3-1: Using ep0 maxpacket: 8
[  789.663328][T13761] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  789.674334][T13761] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  789.685361][T13761] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.696659][T13761] usb 3-1: config 0 descriptor??
[  789.934264][T13761] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  790.030762][T19350] use of bytesused == 0 is deprecated and will be removed in the future,
[  790.039637][T19350] use the actual size instead.
[  790.049727][T19350] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3943'.
[  790.058789][T19350] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3943'.
[  790.720565][ T5892] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  790.873860][ T5892] sd 1:0:0:0: Attached scsi generic sg1 type 0
[  791.664310][T19340] sddr09: could not read card info
[  791.670279][T13761] usb 5-1: USB disconnect, device number 110
[  791.734554][  T142] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  791.758362][  T142] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  791.787935][  T142] sd 1:0:0:0: [sdb] Write Protect is off
[  791.808828][T13772] usb 4-1: USB disconnect, device number 107
[  791.822337][  T142] sd 1:0:0:0: [sdb] Asking for cache data failed
[  791.855397][  T142] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  791.868910][T19353] input: syz1 as /devices/virtual/input/input28
[  792.490861][T13767] usb 3-1: USB disconnect, device number 103
[  793.056558][  T142] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  793.197941][T13754] IPVS: starting estimator thread 0...
[  793.789152][T19369] IPVS: using max 134 ests per chain, 321600 per kthread
[  793.944472][T19358] Set syz1 is full, maxelem 65536 reached
[  794.114675][T16658] udevd[16658]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  794.348862][T19380] xt_hashlimit: max too large, truncated to 1048576
[  795.415415][T16651] udevd[16651]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  795.514280][T19380] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3957'.
[  795.561096][T19385] netlink: 172 bytes leftover after parsing attributes in process `syz.4.3960'.
[  795.602121][T19385] block nbd0: not configured, cannot reconfigure
[  795.615645][T19385] loop5: detected capacity change from 0 to 4095
[  795.733106][T19390] fuse: Unknown parameter 'group_i00000000000000000000'
[  797.812733][T19421] FAULT_INJECTION: forcing a failure.
[  797.812733][T19421] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  797.848344][T19421] CPU: 0 UID: 0 PID: 19421 Comm: syz.4.3968 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  797.848376][T19421] Tainted: [L]=SOFTLOCKUP
[  797.848382][T19421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  797.848392][T19421] Call Trace:
[  797.848398][T19421]  <TASK>
[  797.848405][T19421]  dump_stack_lvl+0x100/0x190
[  797.848428][T19421]  should_fail_ex.cold+0x5/0xa
[  797.848455][T19421]  should_fail_alloc_page+0xeb/0x140
[  797.848475][T19421]  prepare_alloc_pages+0x1f0/0x5f0
[  797.848494][T19421]  ? is_bpf_text_address+0x8a/0x1a0
[  797.848514][T19421]  __alloc_frozen_pages_noprof+0x1af/0x2dc0
[  797.848539][T19421]  ? is_bpf_text_address+0x94/0x1a0
[  797.848558][T19421]  ? kernel_text_address+0x8d/0x100
[  797.848574][T19421]  ? __kernel_text_address+0xd/0x30
[  797.848590][T19421]  ? unwind_get_return_address+0x59/0xa0
[  797.848614][T19421]  ? arch_stack_walk+0xa6/0xf0
[  797.848639][T19421]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  797.848664][T19421]  ? __pfx_stack_trace_save+0x10/0x10
[  797.848690][T19421]  ? rcu_is_watching+0x12/0xc0
[  797.848713][T19421]  ? ima_match_policy+0x8b8/0x2340
[  797.848733][T19421]  ? rcu_is_watching+0x12/0xc0
[  797.848754][T19421]  ? ima_match_policy+0x8b8/0x2340
[  797.848773][T19421]  ? lock_release+0x24d/0x310
[  797.848791][T19421]  ? ima_match_policy+0x8c2/0x2340
[  797.848813][T19421]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  797.848830][T19421]  ? policy_nodemask+0xed/0x4f0
[  797.848848][T19421]  alloc_pages_mpol+0x1fb/0x540
[  797.848867][T19421]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  797.848885][T19421]  ? rcu_is_watching+0x12/0xc0
[  797.848905][T19421]  ? process_measurement+0x4c8/0x2350
[  797.848921][T19421]  ? lock_release+0x24d/0x310
[  797.848937][T19421]  ? down_write+0x146/0x1f0
[  797.848955][T19421]  folio_alloc_mpol_noprof+0x36/0x260
[  797.848977][T19421]  shmem_alloc_folio+0x135/0x160
[  797.848997][T19421]  shmem_alloc_and_add_folio+0x371/0xd40
[  797.849023][T19421]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  797.849046][T19421]  ? shmem_allowable_huge_orders+0x2bd/0x400
[  797.849072][T19421]  shmem_get_folio_gfp+0x6ad/0x1910
[  797.849097][T19421]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  797.849120][T19421]  ? filemap_map_pages+0x1137/0x1f80
[  797.849143][T19421]  shmem_fault+0x1f9/0xa20
[  797.849166][T19421]  ? __pfx_shmem_fault+0x10/0x10
[  797.849189][T19421]  ? __pfx_filemap_map_pages+0x10/0x10
[  797.849210][T19421]  ? unwind_next_frame+0x3be/0x2090
[  797.849236][T19421]  __do_fault+0x10b/0x440
[  797.849252][T19421]  do_fault+0xa99/0x1750
[  797.849272][T19421]  __handle_mm_fault+0x187d/0x2a00
[  797.849295][T19421]  ? mt_find+0x45e/0x8e0
[  797.849313][T19421]  ? __pfx___handle_mm_fault+0x10/0x10
[  797.849334][T19421]  ? __pfx_mt_find+0x10/0x10
[  797.849356][T19421]  ? find_vma+0xbf/0x140
[  797.849372][T19421]  ? __pfx_find_vma+0x10/0x10
[  797.849388][T19421]  handle_mm_fault+0x37b/0xa30
[  797.849411][T19421]  do_user_addr_fault+0x74c/0x12f0
[  797.849441][T19421]  exc_page_fault+0x6f/0xd0
[  797.849457][T19421]  asm_exc_page_fault+0x26/0x30
[  797.849474][T19421] RIP: 0010:rep_movs_alternative+0x4a/0xa0
[  797.849496][T19421] Code: 9e 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 4f 9e 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  797.849512][T19421] RSP: 0018:ffffc90004d0fe00 EFLAGS: 00050206
[  797.849526][T19421] RAX: 0000000000000001 RBX: 00002000000002c0 RCX: 00000000000002c0
[  797.849537][T19421] RDX: 0000000000000001 RSI: 0000200000001000 RDI: ffff888051c8cd40
[  797.849547][T19421] RBP: 0000000000001000 R08: 0000000000000001 R09: ffffed100a3919ff
[  797.849558][T19421] R10: ffff888051c8cfff R11: 0000000000000000 R12: 0000000000000000
[  797.849568][T19421] R13: ffff888051c8c000 R14: 1ffff920009a1fce R15: 0000000000000000
[  797.849584][T19421]  _copy_from_user+0x98/0xd0
[  797.849606][T19421]  copy_mount_options+0x76/0x190
[  797.849626][T19421]  __x64_sys_mount+0x1ab/0x310
[  797.849643][T19421]  ? __pfx___x64_sys_mount+0x10/0x10
[  797.849661][T19421]  ? rcu_is_watching+0x12/0xc0
[  797.849683][T19421]  do_syscall_64+0x115/0x870
[  797.849699][T19421]  ? clear_bhb_loop+0x40/0x90
[  797.849717][T19421]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  797.849733][T19421] RIP: 0033:0x7f82fd19ce59
[  797.849746][T19421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  797.849760][T19421] RSP: 002b:00007f82fe0fd028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  797.849775][T19421] RAX: ffffffffffffffda RBX: 00007f82fd415fa0 RCX: 00007f82fd19ce59
[  797.849786][T19421] RDX: 0000200000000200 RSI: 0000200000000100 RDI: 0000000000000000
[  797.849797][T19421] RBP: 00007f82fe0fd090 R08: 00002000000002c0 R09: 0000000000000000
[  797.849807][T19421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  797.849817][T19421] R13: 00007f82fd416038 R14: 00007f82fd415fa0 R15: 00007fff72215288
[  797.849833][T19421]  </TASK>
[  800.411393][T19435] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  800.831399][T19443] fuse: fd is not a fuse device
[  801.976141][T19476] netlink: 172 bytes leftover after parsing attributes in process `syz.3.3986'.
[  802.003687][T19476] block nbd0: not configured, cannot reconfigure
[  802.035984][T19476] loop5: detected capacity change from 0 to 4095
[  802.083461][T19483] fuse: Unknown parameter 'group_id00000000000000000000'
[  802.582255][T19495] loop9: detected capacity change from 0 to 7
[  802.947569][   T29] audit: type=1400 audit(1782093335.913:1811): avc:  denied  { ioctl } for  pid=19496 comm="syz.4.3992" path="/dev/sg0" dev="devtmpfs" ino=718 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  802.991657][    C1] invalid error, dev loop9, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 3
[  803.001619][    C1] buffer_io_error: 15 callbacks suppressed
[  803.001637][    C1] Buffer I/O error on dev loop9, logical block 0, lost async page write
[  803.284970][   T29] audit: type=1400 audit(1782093336.226:1812): avc:  denied  { write } for  pid=19502 comm="syz.4.3995" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  804.202450][T19519] ptrace attach of "ci-upstream-kasan-gce-selinux-root/syz-executor exec"[17072] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
[  804.396036][T19526] netlink: 172 bytes leftover after parsing attributes in process `syz.4.4000'.
[  804.501616][T19527] loop5: detected capacity change from 0 to 4095
[  804.514317][T19526] block nbd0: not configured, cannot reconfigure
[  805.398628][T13761] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[  805.599425][T13761] usb 4-1: Using ep0 maxpacket: 32
[  805.613625][T13761] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  805.648669][T13761] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  805.652958][T19545] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  805.685449][T13761] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  805.703781][T19547] fuse: fd is not a fuse device
[  805.714321][T13761] usb 4-1: Product: syz
[  805.728764][T13761] usb 4-1: Manufacturer: syz
[  805.744566][T13761] usb 4-1: SerialNumber: syz
[  805.766815][T13761] usb 4-1: config 0 descriptor??
[  805.864557][T19541] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  805.879061][T13761] hub 4-1:0.0: bad descriptor, ignoring hub
[  805.894042][T13761] hub 4-1:0.0: probe with driver hub failed with error -5
[  806.205195][T13761] usb 4-1: USB disconnect, device number 108
[  806.390502][T19566] xt_hashlimit: max too large, truncated to 1048576
[  806.422645][T19566] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4016'.
[  806.594683][T19572] 9p: Bad value for 'rfdno'
[  806.709244][T13761] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[  806.871851][T13761] usb 4-1: Using ep0 maxpacket: 32
[  806.884992][T13761] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  806.903290][T13761] usb 4-1: string descriptor 0 read error: -22
[  806.911363][T13761] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  806.924065][T13761] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  807.077517][   T29] audit: type=1400 audit(1782093339.659:1813): avc:  denied  { listen } for  pid=19582 comm="syz.4.4022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  807.132807][T13761] usb 4-1: config 0 descriptor??
[  807.224479][T19541] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  807.242370][T13761] hub 4-1:0.0: bad descriptor, ignoring hub
[  807.249151][T13761] hub 4-1:0.0: probe with driver hub failed with error -5
[  807.508416][   T29] audit: type=1400 audit(1782093340.121:1814): avc:  denied  { map } for  pid=19540 comm="syz.3.4006" path="/proc/sys/net/ipv4/vs/conntrack" dev="proc" ino=61810 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=file permissive=1
[  807.541690][T19601] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4026'.
[  807.553814][T19601] macvtap1: entered promiscuous mode
[  807.559266][T19601] erspan0: entered promiscuous mode
[  807.564645][T19601] macvtap1: entered allmulticast mode
[  807.570104][T19601] erspan0: entered allmulticast mode
[  807.613299][   T29] audit: type=1400 audit(1782093340.121:1815): avc:  denied  { execute } for  pid=19540 comm="syz.3.4006" path="/proc/sys/net/ipv4/vs/conntrack" dev="proc" ino=61810 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_net_t tclass=file permissive=1
[  807.729809][T19607] xt_hashlimit: max too large, truncated to 1048576
[  807.766493][T19607] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4028'.
[  807.831588][T19612] syzkaller0: entered promiscuous mode
[  807.888382][T19612] syzkaller0: entered allmulticast mode
[  808.085775][T19618] netlink: 1752 bytes leftover after parsing attributes in process `syz.5.4029'.
[  808.150644][ T5735] usb 4-1: USB disconnect, device number 109
[  808.378199][T13772] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[  808.553552][T13772] usb 5-1: Using ep0 maxpacket: 8
[  808.564422][T13772] usb 5-1: unable to get BOS descriptor or descriptor too short
[  808.583365][T13772] usb 5-1: config 4 has an invalid interface number: 147 but max is 0
[  808.617892][T13772] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  808.652358][T13772] usb 5-1: config 4 has no interface number 0
[  808.662661][T13772] usb 5-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  808.671969][T13772] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  808.710897][T13772] usb 5-1: Product: syz
[  808.726281][T13772] usb 5-1: Manufacturer: syz
[  808.740191][T13772] usb 5-1: SerialNumber: syz
[  809.287281][T13772] uvcvideo 5-1:4.147: Found multiple Units with ID 6
[  809.308426][T13772] uvcvideo 5-1:4.147: Found UVC 0.02 device syz (04f2:b746)
[  809.326397][T13772] uvcvideo 5-1:4.147: No streaming interface found for terminal 32774.
[  809.363221][T13772] usb 5-1: USB disconnect, device number 111
[  810.439184][T19649] syz.2.4039 (19649): drop_caches: 2
[  810.709602][T19651] xt_hashlimit: max too large, truncated to 1048576
[  810.728713][T19651] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4040'.
[  810.794713][ T5735] usb 5-1: new full-speed USB device number 112 using dummy_hcd
[  810.891331][   T29] audit: type=1400 audit(1782093343.240:1816): avc:  denied  { getopt } for  pid=19654 comm="syz.3.4041" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  810.932596][T13761] IPVS: starting estimator thread 0...
[  810.939965][   T29] audit: type=1400 audit(1782093343.295:1817): avc:  denied  { ioctl } for  pid=19654 comm="syz.3.4041" path="socket:[60878]" dev="sockfs" ino=60878 ioctlcmd=0x89ee scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  810.991138][ T5735] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  811.010475][ T5735] usb 5-1: config 0 has no interfaces?
[  811.018617][ T5735] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  811.035688][ T5735] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  811.048519][ T5735] usb 5-1: config 0 descriptor??
[  811.054751][T19658] IPVS: using max 73 ests per chain, 175200 per kthread
[  811.130544][T13772] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[  926.876095][    C0] ------------[ cut here ]------------
[  926.881597][    C0] 1
[  926.881608][    C0] WARNING: kernel/rcu/tree_stall.h:1048 at rcu_check_gp_start_stall.part.0+0x1c4/0x4b0, CPU#0: kworker/u8:12/5892
[  926.895985][    C0] Modules linked in:
[  926.899884][    C0] CPU: 0 UID: 0 PID: 5892 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  926.911007][    C0] Tainted: [L]=SOFTLOCKUP
[  926.915325][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  926.925369][    C0] Workqueue: events_unbound toggle_allocation_gate
[  926.931879][    C0] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  926.938815][    C0] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 80 05 20 9b e8 00 15 8c 00 b8 01 00 00 00 87 05 f5 44 32 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 c7 c3 64 5b da 90 48 81 fd 80 13 7f 8e 74 5a 48 b8 00
[  926.958412][    C0] RSP: 0018:ffffc90000007df0 EFLAGS: 00010046
[  926.964470][    C0] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81edc080
[  926.972430][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff9b200580
[  926.980386][    C0] RBP: ffffffff8e7f1380 R08: 0000000000000001 R09: fffffbfff36400b0
[  926.988347][    C0] R10: 0000000000000003 R11: 000000000000000a R12: 1ffffffff1c81e50
[  926.996305][    C0] R13: 0000000000000246 R14: 0000000000000200 R15: 0000000000000000
[  927.004263][    C0] FS:  0000000000000000(0000) GS:ffff888124318000(0000) knlGS:0000000000000000
[  927.013182][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  927.019753][    C0] CR2: 0000200000000240 CR3: 000000000e592000 CR4: 00000000003526f0
[  927.027713][    C0] Call Trace:
[  927.030979][    C0]  <IRQ>
[  927.033811][    C0]  rcu_core+0x2cb/0x10d0
[  927.038048][    C0]  ? sched_clock+0x38/0x60
[  927.042456][    C0]  ? sched_clock_cpu+0x6c/0x570
[  927.047296][    C0]  ? ktime_get+0x9f/0x320
[  927.051617][    C0]  ? ktime_get+0x1a4/0x320
[  927.056024][    C0]  ? __pfx_rcu_core+0x10/0x10
[  927.060694][    C0]  ? clockevents_program_event+0x1ef/0x820
[  927.066498][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.071257][    C0]  handle_softirqs+0x1ea/0x9b0
[  927.076014][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  927.081293][    C0]  ? _raw_spin_unlock+0x28/0x50
[  927.086140][    C0]  ? __hrtimer_rearm_deferred+0x9b/0x720
[  927.091769][    C0]  __irq_exit_rcu+0x162/0x210
[  927.096436][    C0]  irq_exit_rcu+0x9/0x30
[  927.100673][    C0]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  927.106304][    C0]  </IRQ>
[  927.109222][    C0]  <TASK>
[  927.112142][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  927.118111][    C0] RIP: 0010:smp_call_function_many_cond+0x589/0x16c0
[  927.124778][    C0] Code: b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 b9 95 0c 00 f3 90 <41> 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31
[  927.144374][    C0] RSP: 0018:ffffc90004edf878 EFLAGS: 00000293
[  927.150428][    C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81fcc98d
[  927.158386][    C0] RDX: ffff88802744ca80 RSI: ffffffff81fcc967 RDI: ffff88802744ca80
[  927.166347][    C0] RBP: ffff8880b85410c0 R08: 0000000000000005 R09: 0000000000000000
[  927.174305][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[  927.182265][    C0] R13: ffffed10170a8219 R14: 0000000000000001 R15: ffff8880b843c700
[  927.190227][    C0]  ? smp_call_function_many_cond+0x5ad/0x16c0
[  927.196283][    C0]  ? smp_call_function_many_cond+0x587/0x16c0
[  927.202343][    C0]  ? smp_call_function_many_cond+0x587/0x16c0
[  927.208401][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  927.213425][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  927.219741][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  927.225113][    C0]  ? __pfx___text_poke+0x10/0x10
[  927.230048][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  927.235071][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  927.240172][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  927.246670][    C0]  smp_text_poke_batch_finish+0x337/0xc60
[  927.252381][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  927.258874][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  927.265104][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  927.271354][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  927.277323][    C0]  jump_label_update+0x37a/0x550
[  927.282254][    C0]  static_key_disable_cpuslocked+0x162/0x1c0
[  927.288223][    C0]  static_key_disable+0x1a/0x20
[  927.293065][    C0]  toggle_allocation_gate+0x149/0x2d0
[  927.298427][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[  927.304397][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  927.310281][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.315040][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  927.321104][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.325864][    C0]  process_one_work+0xa23/0x1940
[  927.330793][    C0]  ? __pfx_process_one_work+0x10/0x10
[  927.336155][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  927.342038][    C0]  worker_thread+0x5ef/0xe50
[  927.346621][    C0]  ? kthread+0x13a/0x450
[  927.350862][    C0]  ? __pfx_worker_thread+0x10/0x10
[  927.355961][    C0]  kthread+0x370/0x450
[  927.360026][    C0]  ? __pfx_kthread+0x10/0x10
[  927.364612][    C0]  ret_from_fork+0x72b/0xd50
[  927.369204][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  927.374309][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.379066][    C0]  ? __switch_to+0x800/0x10f0
[  927.383739][    C0]  ? __pfx_kthread+0x10/0x10
[  927.388327][    C0]  ret_from_fork_asm+0x1a/0x30
[  927.393093][    C0]  </TASK>
[  927.396101][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  927.403367][    C0] CPU: 0 UID: 0 PID: 5892 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  927.414468][    C0] Tainted: [L]=SOFTLOCKUP
[  927.418776][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026
[  927.428817][    C0] Workqueue: events_unbound toggle_allocation_gate
[  927.435311][    C0] Call Trace:
[  927.438579][    C0]  <IRQ>
[  927.441412][    C0]  dump_stack_lvl+0x100/0x190
[  927.446083][    C0]  vpanic+0x552/0x970
[  927.450056][    C0]  ? __pfx_vpanic+0x10/0x10
[  927.454545][    C0]  ? lock_release+0x24d/0x310
[  927.459214][    C0]  panic+0xd1/0xe0
[  927.462922][    C0]  ? __pfx_panic+0x10/0x10
[  927.467331][    C0]  ? check_panic_on_warn+0x1f/0x90
[  927.472442][    C0]  check_panic_on_warn.cold+0x19/0x34
[  927.477803][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  927.484133][    C0]  __warn.cold+0x191/0x318
[  927.488538][    C0]  __report_bug+0x30f/0x440
[  927.493031][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  927.499358][    C0]  ? __pfx___report_bug+0x10/0x10
[  927.504371][    C0]  ? update_load_avg+0x946/0x1500
[  927.509395][    C0]  ? update_curr+0x238/0x540
[  927.513978][    C0]  ? run_posix_cpu_timers+0x16f/0x820
[  927.519342][    C0]  ? __pfx_run_posix_cpu_timers+0x10/0x10
[  927.525052][    C0]  ? nohz_balance_exit_idle+0x17/0x2f0
[  927.530511][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  927.536837][    C0]  report_bug+0xb2/0x220
[  927.541068][    C0]  ? rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  927.547394][    C0]  handle_bug+0x16a/0x2a0
[  927.551717][    C0]  exc_invalid_op+0x17/0x50
[  927.556211][    C0]  asm_exc_invalid_op+0x1a/0x20
[  927.561053][    C0] RIP: 0010:rcu_check_gp_start_stall.part.0+0x1c4/0x4b0
[  927.567989][    C0] Code: 88 61 01 00 00 be 04 00 00 00 48 c7 c7 80 05 20 9b e8 00 15 8c 00 b8 01 00 00 00 87 05 f5 44 32 19 85 c0 0f 85 3d 01 00 00 90 <0f> 0b 90 48 c7 c3 64 5b da 90 48 81 fd 80 13 7f 8e 74 5a 48 b8 00
[  927.587587][    C0] RSP: 0018:ffffc90000007df0 EFLAGS: 00010046
[  927.593644][    C0] RAX: 0000000000000000 RBX: 0000000000002904 RCX: ffffffff81edc080
[  927.601608][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffffff9b200580
[  927.609566][    C0] RBP: ffffffff8e7f1380 R08: 0000000000000001 R09: fffffbfff36400b0
[  927.617525][    C0] R10: 0000000000000003 R11: 000000000000000a R12: 1ffffffff1c81e50
[  927.625486][    C0] R13: 0000000000000246 R14: 0000000000000200 R15: 0000000000000000
[  927.633447][    C0]  ? rcu_check_gp_start_stall.part.0+0x1b0/0x4b0
[  927.639777][    C0]  rcu_core+0x2cb/0x10d0
[  927.644013][    C0]  ? sched_clock+0x38/0x60
[  927.648420][    C0]  ? sched_clock_cpu+0x6c/0x570
[  927.653259][    C0]  ? ktime_get+0x9f/0x320
[  927.657577][    C0]  ? ktime_get+0x1a4/0x320
[  927.661983][    C0]  ? __pfx_rcu_core+0x10/0x10
[  927.666653][    C0]  ? clockevents_program_event+0x1ef/0x820
[  927.672462][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.677224][    C0]  handle_softirqs+0x1ea/0x9b0
[  927.681982][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  927.687259][    C0]  ? _raw_spin_unlock+0x28/0x50
[  927.692106][    C0]  ? __hrtimer_rearm_deferred+0x9b/0x720
[  927.697740][    C0]  __irq_exit_rcu+0x162/0x210
[  927.702407][    C0]  irq_exit_rcu+0x9/0x30
[  927.706641][    C0]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  927.712277][    C0]  </IRQ>
[  927.715197][    C0]  <TASK>
[  927.718117][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  927.724090][    C0] RIP: 0010:smp_call_function_many_cond+0x589/0x16c0
[  927.730754][    C0] Code: b8 00 00 00 00 00 fc ff df 48 8b 54 24 08 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 b9 95 0c 00 f3 90 <41> 0f b6 45 00 41 38 c4 7c 08 84 c0 0f 85 2c 0f 00 00 8b 45 08 31
[  927.750351][    C0] RSP: 0018:ffffc90004edf878 EFLAGS: 00000293
[  927.756410][    C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffffff81fcc98d
[  927.764367][    C0] RDX: ffff88802744ca80 RSI: ffffffff81fcc967 RDI: ffff88802744ca80
[  927.772328][    C0] RBP: ffff8880b85410c0 R08: 0000000000000005 R09: 0000000000000000
[  927.780287][    C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003
[  927.788246][    C0] R13: ffffed10170a8219 R14: 0000000000000001 R15: ffff8880b843c700
[  927.796210][    C0]  ? smp_call_function_many_cond+0x5ad/0x16c0
[  927.802268][    C0]  ? smp_call_function_many_cond+0x587/0x16c0
[  927.808327][    C0]  ? smp_call_function_many_cond+0x587/0x16c0
[  927.814387][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  927.819412][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  927.825731][    C0]  ? __pfx_text_poke_memcpy+0x10/0x10
[  927.831101][    C0]  ? __pfx___text_poke+0x10/0x10
[  927.836035][    C0]  ? __pfx_do_sync_core+0x10/0x10
[  927.841056][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  927.846158][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  927.852652][    C0]  smp_text_poke_batch_finish+0x337/0xc60
[  927.858368][    C0]  ? kmem_cache_alloc_from_sheaf_noprof+0x39/0x190
[  927.864862][    C0]  ? __pfx_smp_text_poke_batch_finish+0x10/0x10
[  927.871092][    C0]  ? arch_jump_label_transform_queue+0xc0/0x120
[  927.877325][    C0]  arch_jump_label_transform_apply+0x1c/0x30
[  927.883296][    C0]  jump_label_update+0x37a/0x550
[  927.888225][    C0]  static_key_disable_cpuslocked+0x162/0x1c0
[  927.894194][    C0]  static_key_disable+0x1a/0x20
[  927.899033][    C0]  toggle_allocation_gate+0x149/0x2d0
[  927.904395][    C0]  ? __pfx_debug_object_deactivate+0x10/0x10
[  927.910367][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  927.916249][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.921020][    C0]  ? __pfx_autoremove_wake_function+0x10/0x10
[  927.927113][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.931894][    C0]  process_one_work+0xa23/0x1940
[  927.936827][    C0]  ? __pfx_process_one_work+0x10/0x10
[  927.942191][    C0]  ? __pfx_toggle_allocation_gate+0x10/0x10
[  927.948075][    C0]  worker_thread+0x5ef/0xe50
[  927.952665][    C0]  ? kthread+0x13a/0x450
[  927.956907][    C0]  ? __pfx_worker_thread+0x10/0x10
[  927.962008][    C0]  kthread+0x370/0x450
[  927.966075][    C0]  ? __pfx_kthread+0x10/0x10
[  927.970666][    C0]  ret_from_fork+0x72b/0xd50
[  927.975251][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  927.980355][    C0]  ? rcu_is_watching+0x12/0xc0
[  927.985116][    C0]  ? __switch_to+0x800/0x10f0
[  927.989791][    C0]  ? __pfx_kthread+0x10/0x10
[  927.994379][    C0]  ret_from_fork_asm+0x1a/0x30
[  927.999148][    C0]  </TASK>
[  929.098351][    C0] Shutting down cpus with NMI
[  929.103281][    C0] Kernel Offset: disabled
[  929.107585][    C0] Rebooting in 86400 seconds..