last executing test programs:

13.834456493s ago: executing program 2 (id=1103):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000619b3b4063070120af9c0000000109021b0002000000000904b60000ff81ca000904"], 0x0)
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r3, &(0x7f0000000040)="8ad6b4a0970883f6c42688a935a37b340c115234fe6e67bfe42442818fe7c6371027b9bddcecc1f35d1d83", 0x2b)
recvmmsg(r3, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4081, 0xff1}], 0x1}, 0x7}], 0x1, 0x2102, 0x0)

10.829197072s ago: executing program 0 (id=1116):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x1})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001e0001020000960f00000000000073d5006d7f000000002000"], 0x20}, 0x1, 0x0, 0x0, 0x2008001}, 0x4040)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x803}, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)

10.177019135s ago: executing program 2 (id=1118):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0xa, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='X\bJ@', @ANYRES16, @ANYBLOB="100026bd7000fddbdf25440000000c00990067e200003b000000381070000500020000000000050002000100000004100300f4cc4c3220673abb03a2dcdd29691f5e20a5b7e24d0c07b159a9baac2a1d29bf5e53a7de92a9d1a0e5102722a7e36b4c85d6975b7d9a9dca731ce045309a04a8ad79ed500f0e0bea34a026c61248827ee8fd296faf49994a767615d378972e31b60c51d387d3c21fcb1bc6acea1fa6df38fc587375a07ceebdcb7c85c35405fc5529d97c84b794545012a8b1c38f04942f94aaf618551cfbb7fec02bceed3a579aa79ecf3e23c263f4792f3e02b1c8ad9045a049a4a4a46f1b0dc7c18ce393d0e57ec024978e87deef901e926e10f29a2b44aa96b8a94a2004c9c063188c590e9950119c93addf88e8500f4d855a2af224cd1a731e6a3eb5715a73bb1fd32ebd1aedaba2e6263c6a0d571062a14d3ec9954edf861bb4eefc9beca148e186316a83ed31c0d3516f786309b2606e0746927c87d901f3b4ea3c205499d22e5366d93ac6c7129cf27998938613a410da1f3fb204b1c7a3ceb97acbf08f0adb8ae1f9004ee6144a1047a53fa65cf5a38039474b5dda9523ff193a8f3483195ff604e22ee69db3da6dadc9b0eaed3e68e574087dd20fef7d7af8c332abf369fb0af390dea2e53f2f488e852508836f5fcf97a3afa987cb37ca374b46d3abf90044618a03a9fe4be20bf483fcf5d12f2d68382a9e93b2e50c35e2cb9618beedec2cfcf666d1c0a4972176ba55b1f05f4658a705d52ea1a8e9c1f56d13dc42be9616ae88f9f372d711de50114fdcebda20564e1c3310fa1800dfec5f45c2df86b6eae05437f5b99a9a0e84317f25b4ff8c4e1827cdefbfd24ae932fc6196e23ffd80687f0c72396718d6afea13578a4661689d2abcaa99962f9f3e8a50ed2f6fda13ee140cff37d22fdd89bd1da8cdb974fbe9029fb730342152c1a04efa538613cd3f989af23b6c3ff4a0ff4bb6562afccb428ab9c6421b4e773721e591301ed96c8d21826a221ffe89652d63597206b17e88dc8e07119589c89204fc3bdcfc068e004eaf017c0e9ff9ea03670d7f9518a62399875b1c73ec5ef9b14f787a948433658d54770f379ca08a32dd3fca827cf0c02c8a10c7d9f9b31d2eb915ddbe4d80af41ad73fee0cbac24e9e7431b456f5ec43ece993c177bb54e6c1f169e78bdb426339bf43491a787bedcf064554e97a8840b98e28c7144e42f88fb3f89cd8be65cb277de8c527f29711a4c70e4679a28738c4d27e557d1578c21458712a91a8f26b818684c80bd6c094be2614fd1bc18dc8463ec8652861dd924a9bef1ae3fa5656defd078038591cb24a9015ac18d595fbc2074f42e202930c053e489857e63a57d5180d8de0dc710cba7f93540f8f9ac40253432c6edb804301df3644e919277882b741c5ca6d06ed2ab58317f7c40d64cab89969f0eb9337937eb26df8b1d895280240ff6e19927aa9c3cb7e279f83be26063678db19563bcded1a8c68c70819fce7050f722883942363c843c8ee4235feb353f35aa02f76bbd933c1b89d0e9c7e8cde51e2370394a62f146cbe1f6dec5c74dd940c78a5354f5ae51417a949feadd59862393ba9f843aeb9fcf2533ec32e119877514749785f78f2f7b7d48b16d7fc0fef6362269dbfe306133ff68ac59c813814d5faacb4f0dc1e806bb9d6d14791c8720610a4f594a5ebd7dfc58cd335dafa2c2ecb88d2cbb8c405842f5d86c2f59db0c05d0144418dd2beaee1b8e6227eb17077e4c5161b9d7680f53e70db83f5c0661a3767621d9eaacd84a7a9417405ba83daf6770bdccffdf444dbcd9713ee6f5d694aeb87f308e1623abcea74218c23f5d6e19bb0d3bcc5a914f0719be4d8383661616c3c71651d85a44144c0fa6e006dabfb48d367e12388bcb8f33d2606744df2f95065f793d2954c1ac6a70230540d27d1c2288c3dc85cafe4683333cd78476e152bc3093c031cd313bc02afba5337fd6b0e8589917aaec4fd47599a6dff95322395e7fc813d49ed942878007bbd87aac848e89f19ca81fe7269c474dfca528d41d86bcb362107fae40a806f7058dcb0591924a99d32b4964590a4511e90222ec5ed3da9da0f3da81b681269315b1ac6491f159cc2a86457914d3a6ca746bd473879734c208a82428306b71a4c6af8c7f7d9b1fe0ca99ec7db0e884e7b95f2ece7a8c1abe27c06c9dad79f9e5321516ffc56f0b63b914"], 0x1058}, 0x1, 0x0, 0x0, 0x2}, 0x800)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

10.15521843s ago: executing program 0 (id=1119):
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x14000, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0x9)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000000004102, 0x0)
dup(r1)
r2 = mq_open(&(0x7f0000000680)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05|\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7jo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2\x1e\xd8\xdfJ\xcc\xd7\x9b\xfa\xf0\x0f\x05\xf1\xc4 \xde@\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xec\x87\x1b\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8\x99$\xfb(\x9b5\xcbF4?O\x1d\xd7\x01*\xc9\xd6L\x86 \x1b\xab9\x1b\x12k\xf9\xec\xd8\x16E\x11-\xfd\x10\x89\x8d\xccbP\x14\x89w\xef\x90\x1d\xc9\x02\xeb\x01V\xfbm\x86\x8a\xc1.m\xd0\xa2\xa4\xc9\a;(\n\xc0\"\x1f\xe4\x1d\x85\xb3\x95\xec\xbb\x9b\x01\x85\xffx\xf2\a\f=\xd1\xcf\xec\xb8!\v\x958\xbf\x15b-\x92\xd6\xb5\xbf\xe2\x92\xc2\xa3}\xd0;\xd1\x96\x86\x8a\x1b\xe1w\xf9\xb0\xd2\xab\xc9\x8a\x19\n\xc5o\x1e\x13/\xe4\x91\x7f\xa5\xf1\xddW\xdb\x98\xcd\x94\xfc\x90\xa0\x05*', 0x6e93ebbbcc0884f2, 0x15b, &(0x7f0000000040)={0x0, 0x1, 0x5})
mq_getsetattr(r2, &(0x7f0000000300)={0x800, 0x0, 0x1}, 0x0)
mq_timedreceive(r2, &(0x7f0000000340)=""/195, 0xc3, 0xfffffffffffffffc, 0x0)
r3 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRES64=r1], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000018c0)={r0, 0x0, 0x89, 0xfa, &(0x7f0000000240)="1daadbe963073e19acdde244179211c893aad24d808ea2705bac15f2be5c74a824418fb1bc13a9171b6b721be886d3b6ee3783a84f25e054df8b4547ff90bbaf05de446f43f2194b7b8e4e1ad276fd2edbb138e32d0116da9f314981da6737949bc0f01c1df4999a70b954b716c19dc9aeb54b406588da71d92ebe67ad0405ea02d5830c16b54188cd", &(0x7f0000000440)=""/250, 0x7fffffff, 0x0, 0xf8, 0x7f, &(0x7f0000000540)="55b9dcbe07359e42b449bf7c7bddbe0078e3b159b777fedd3de1d35c0a494b434e493bb126bdfca0697b9bb5c0e5053c1209906291ad8d1663deb6d20d3aa7fdbcc5477e8f2c09550270ca7a25909a93ea18120e12dfa1fb5978e4f07a066226b4e7ec4b2bf8aec643da883781bfc455a49790282871f323dae059884b0d27da0eb1f086c983db03a149c189ef0de58d0ba4703020407a6dcb391f6826a23510ced3e3ac15e49bc6f22c7e491f9ec9f68252cc5cfc548da46c8cb727e3600aae737ea184525363b3ff12970b05248be5629285711cbd3d250838db6f78f1cd9c2ecc2c421f6810593106bc2980bc5608c6a87b635ba1c884", &(0x7f0000001840)="04ff51338d38d328d5312b87c768a411653cdb5d27d4169f31a7d2350332ba8c9c275d2638eab7b65076c341e26fd0c66e88eb755a0e62e7f132315aa87e2a54b7954943a8fe6b078b16f6c0bfb24f8fd0354095af2b712a217405356e8358a545a0bbd8e4c3d672149ce113b7ff181162e4cdb78f867087427f9c7e58a8a8", 0x1, 0x0, 0x5}, 0x50)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc0009001e0006990600000015001500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
syz_usb_disconnect(r3)
close_range(r4, r4, 0x0)
mq_timedreceive(r2, &(0x7f0000000100)=""/92, 0x5c, 0x4, 0x0)
r6 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x4)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r6, 0x0)
flock(r2, 0x12)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x800}, 0x10)
modify_ldt$read(0x0, &(0x7f0000000840)=""/4096, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='auxv\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6}]})
creat(0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

9.265597643s ago: executing program 2 (id=1122):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c"], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x17, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb06030000e816952301090224000100006400"], 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
pwrite64(r3, &(0x7f00000000c0)='0', 0x1, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x20, 0x1, 0x15, {0x15, 0xa, "fed86168948170a2177131f6356d702df3b3b3"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000180)={0x1c, &(0x7f0000000200)={0x0, 0x5, 0xfc, "0207b370c4080c092dc7a70ff05fd85bc78236eb76c50cda5d81edd386dd3d454f30d0e4ef63d751aa9d2c1c0b1fc7c05d6eaa5eea7a5ca726ced90df08121d706d7a698d205e009922138a395f95441f1729c5bf12e437078841d8a68e37806e82c2cdf6980a0ce09df01f4776ef72720b9566c59538da6b3e687a54d90138d082722194abb00fc9271cee5993715a05da9089b66bd4624918e168bcdf3441b735b99dad9f3e11bf0588c6ad5be73b76bab73f7560b9586b8ab45625eb07b60b288f613867a1c7c37155fcb1336f2d24462cee37ce750f0e030ecae58e045381ce7da14287c50a1f9b865953d260042970e02b4ca8c676ac916f951"}, &(0x7f0000000100)={0x0, 0xa, 0x1, 0xbb}, &(0x7f0000000140)={0x0, 0x8, 0x1, 0xe6}})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB="fb52f01500042b908427027ddf80f68488d6042b63aaf91729e063"], 0x0, 0x0})

8.928319885s ago: executing program 4 (id=1124):
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f0000000100001000000000000000000fc020000000000000000000000000000e00002010000000000000000000000000008cf9a"], 0xf0}}, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = dup(r0)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendfile(r3, r2, 0x0, 0x8a000)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a000907000000000000000000000005001a"], 0x38}}, 0x0)

8.459222508s ago: executing program 3 (id=1126):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r1, &(0x7f0000000000)=""/73, 0x49)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

8.4108617s ago: executing program 1 (id=1127):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
execve(&(0x7f0000000300)='./file0\x00', &(0x7f0000000540)={[&(0x7f0000000340), &(0x7f0000000380)='syz0\x00', &(0x7f00000003c0)=']#{\'&,/+\x00', &(0x7f0000000400)='*\x00', &(0x7f0000000480)='syz0\x00', &(0x7f00000001c0)='hugetlb.2MB.usage_in_bytes\x00', &(0x7f0000000500)='+^{&\x00']}, &(0x7f0000000600)={[&(0x7f0000000580)='hugetlb.2MB.usage_in_bytes\x00', &(0x7f00000005c0)='syz0\x00']})
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000200)={"fe0d1acce4a37ef94acd000200", 0xffffffffffffffff, <r2=>0xffffffffffffffff})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
kcmp(0x0, 0x0, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_SUBDEV_G_EDID(r3, 0xc0285628, &(0x7f0000000440)={0x0, 0x3, 0x6, '\x00', &(0x7f0000000400)=0x4})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x22242, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x9, 0x12, r5, 0xf6b94000)
dup(r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='ext4_allocate_blocks\x00', r6, 0x0, 0x800}, 0x18)
close_range(r1, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB="a4000000", @ANYRES16, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="8800330080800000ffffffffffff080211000000000000000000000000006ac10006020202020202010003010404060000000007000602ffff2503009c412a01013c040908050c2d1a020012ff01000000000000070000000b000000000801040000077206030303030303710700000100010c41dd060000f540b878"], 0xa4}}, 0x20000000)

8.271242474s ago: executing program 1 (id=1128):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
r2 = socket(0x15, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
openat$sequencer2(0xffffff9c, 0x0, 0x0, 0x0)
quotactl_fd$Q_SETQUOTA(r1, 0x80000300, 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f00000001c0)={{}, {0x1, 0x1}, [{0x2, 0x6}], {0x4, 0x1}, [], {0x10, 0x2}, {0x20, 0x1}}, 0x2c, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
dup(r8)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)

7.431317071s ago: executing program 4 (id=1129):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
openat$audio(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x1})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001e0001020000960f00000000000073d5006d7f000000002000"], 0x20}, 0x1, 0x0, 0x0, 0x2008001}, 0x4040)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x803}, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)

7.141320166s ago: executing program 1 (id=1130):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000619b3b4063070120af9c0000000109021b0002000000000904b60000ff81ca000904"], 0x0)
r3 = socket(0x1e, 0x1, 0x0)
connect$tipc(r3, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r3, &(0x7f0000000040)="8ad6b4a0970883f6c42688a935a37b340c115234fe6e67bfe42442818fe7c6371027b9bddcecc1f35d1d83", 0x2b)
recvmmsg(r3, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000500)=""/4081, 0xff1}], 0x1}, 0x7}], 0x1, 0x2102, 0x0)

6.795735935s ago: executing program 0 (id=1131):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0xfffffffc, 0x34324152, 0x0, 0x0, [{}, {}, {}, {}, {}, {0x2}], 0x10, 0xf9}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb7030000080000002d01000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[], 0x0, 0x2d, 0x0, 0x1, 0x3, 0x10000, @value}, 0x28)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f00000002c0)={0x28, 0x0, 0x0, @host}, 0x10)
connect$vsock_stream(r3, &(0x7f0000000100), 0x10)
connect$vsock_stream(r3, &(0x7f0000002240)={0x28, 0x0, 0x0, @hyper}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

6.765947745s ago: executing program 4 (id=1132):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0xa, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='X\bJ@', @ANYRES16, @ANYBLOB="100026bd7000fddbdf25440000000c00990067e200003b000000381070000500020000000000050002000100000004100300f4cc4c3220673abb03a2dcdd29691f5e20a5b7e24d0c07b159a9baac2a1d29bf5e53a7de92a9d1a0e5102722a7e36b4c85d6975b7d9a9dca731ce045309a04a8ad79ed500f0e0bea34a026c61248827ee8fd296faf49994a767615d378972e31b60c51d387d3c21fcb1bc6acea1fa6df38fc587375a07ceebdcb7c85c35405fc5529d97c84b794545012a8b1c38f04942f94aaf618551cfbb7fec02bceed3a579aa79ecf3e23c263f4792f3e02b1c8ad9045a049a4a4a46f1b0dc7c18ce393d0e57ec024978e87deef901e926e10f29a2b44aa96b8a94a2004c9c063188c590e9950119c93addf88e8500f4d855a2af224cd1a731e6a3eb5715a73bb1fd32ebd1aedaba2e6263c6a0d571062a14d3ec9954edf861bb4eefc9beca148e186316a83ed31c0d3516f786309b2606e0746927c87d901f3b4ea3c205499d22e5366d93ac6c7129cf27998938613a410da1f3fb204b1c7a3ceb97acbf08f0adb8ae1f9004ee6144a1047a53fa65cf5a38039474b5dda9523ff193a8f3483195ff604e22ee69db3da6dadc9b0eaed3e68e574087dd20fef7d7af8c332abf369fb0af390dea2e53f2f488e852508836f5fcf97a3afa987cb37ca374b46d3abf90044618a03a9fe4be20bf483fcf5d12f2d68382a9e93b2e50c35e2cb9618beedec2cfcf666d1c0a4972176ba55b1f05f4658a705d52ea1a8e9c1f56d13dc42be9616ae88f9f372d711de50114fdcebda20564e1c3310fa1800dfec5f45c2df86b6eae05437f5b99a9a0e84317f25b4ff8c4e1827cdefbfd24ae932fc6196e23ffd80687f0c72396718d6afea13578a4661689d2abcaa99962f9f3e8a50ed2f6fda13ee140cff37d22fdd89bd1da8cdb974fbe9029fb730342152c1a04efa538613cd3f989af23b6c3ff4a0ff4bb6562afccb428ab9c6421b4e773721e591301ed96c8d21826a221ffe89652d63597206b17e88dc8e07119589c89204fc3bdcfc068e004eaf017c0e9ff9ea03670d7f9518a62399875b1c73ec5ef9b14f787a948433658d54770f379ca08a32dd3fca827cf0c02c8a10c7d9f9b31d2eb915ddbe4d80af41ad73fee0cbac24e9e7431b456f5ec43ece993c177bb54e6c1f169e78bdb426339bf43491a787bedcf064554e97a8840b98e28c7144e42f88fb3f89cd8be65cb277de8c527f29711a4c70e4679a28738c4d27e557d1578c21458712a91a8f26b818684c80bd6c094be2614fd1bc18dc8463ec8652861dd924a9bef1ae3fa5656defd078038591cb24a9015ac18d595fbc2074f42e202930c053e489857e63a57d5180d8de0dc710cba7f93540f8f9ac40253432c6edb804301df3644e919277882b741c5ca6d06ed2ab58317f7c40d64cab89969f0eb9337937eb26df8b1d895280240ff6e19927aa9c3cb7e279f83be26063678db19563bcded1a8c68c70819fce7050f722883942363c843c8ee4235feb353f35aa02f76bbd933c1b89d0e9c7e8cde51e2370394a62f146cbe1f6dec5c74dd940c78a5354f5ae51417a949feadd59862393ba9f843aeb9fcf2533ec32e119877514749785f78f2f7b7d48b16d7fc0fef6362269dbfe306133ff68ac59c813814d5faacb4f0dc1e806bb9d6d14791c8720610a4f594a5ebd7dfc58cd335dafa2c2ecb88d2cbb8c405842f5d86c2f59db0c05d0144418dd2beaee1b8e6227eb17077e4c5161b9d7680f53e70db83f5c0661a3767621d9eaacd84a7a9417405ba83daf6770bdccffdf444dbcd9713ee6f5d694aeb87f308e1623abcea74218c23f5d6e19bb0d3bcc5a914f0719be4d8383661616c3c71651d85a44144c0fa6e006dabfb48d367e12388bcb8f33d2606744df2f95065f793d2954c1ac6a70230540d27d1c2288c3dc85cafe4683333cd78476e152bc3093c031cd313bc02afba5337fd6b0e8589917aaec4fd47599a6dff95322395e7fc813d49ed942878007bbd87aac848e89f19ca81fe7269c474dfca528d41d86bcb362107fae40a806f7058dcb0591924a99d32b4964590a4511e90222ec5ed3da9da0f3da81b681269315b1ac6491f159cc2a86457914d3a6ca746bd473879734c208a82428306b71a4c6af8c7f7d9b1fe0ca99ec7db0e884e7b95f2ece7a8c1abe27c06c9dad79f9e5321516ffc56f0b63b914"], 0x1058}, 0x1, 0x0, 0x0, 0x2}, 0x800)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

6.115380374s ago: executing program 4 (id=1133):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
ioperm(0x8, 0x2, 0x747)
alarm(0x9)
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
fchdir(r0)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5', 0x0)
ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file3\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_nanosleep(0xfffffffa, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f0000000000))
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0x208e24b)

5.974679295s ago: executing program 3 (id=1134):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
bind$bt_rfcomm(r0, &(0x7f0000000240)={0x1f, @none, 0x8}, 0xa)
r1 = syz_clone(0x88200, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
msgget(0x0, 0x4)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4e, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaa"], 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x20, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
quotactl_fd$Q_GETFMT(0xffffffffffffffff, 0x80000c07, 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0x8, 0x1a5800)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r5 = socket$inet_sctp(0x2, 0x400000000001, 0x84)
sendto$inet(r5, &(0x7f0000000080)="e3", 0x1, 0x0, &(0x7f0000000040)={0x2, 0x0, @rand_addr=0x64010100}, 0x10)
r6 = syz_pidfd_open(0x0, 0x0)
pidfd_send_signal(r6, 0x2, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
listen(r5, 0xda8c)
accept4(r4, &(0x7f0000000100)=@nfc, 0x0, 0x0)
ioperm(0x0, 0x3ff, 0x6)

5.196295887s ago: executing program 0 (id=1135):
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
msgctl$IPC_RMID(0x0, 0x0)
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
memfd_create(&(0x7f00000000c0)='\x00', 0x4)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)

5.170909695s ago: executing program 2 (id=1136):
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000040)={0x0, "d2c4924d08b1e22900000000000000f3f70000000400"})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0xf0}}, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
dup(r2)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvfrom(r4, &(0x7f0000000080)=""/175, 0x59000, 0x0, 0x0, 0x10000000000000)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a000907000000000000000000000005001a"], 0x38}}, 0x0)

5.042812478s ago: executing program 3 (id=1137):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r0 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12', 0x2)
ftruncate(r0, 0xffff)
fcntl$addseals(r0, 0x409, 0x7)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x4)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8929, &(0x7f0000000280)={'gre0\x00', 0x2000081})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$midi(&(0x7f0000000040), 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40010)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x810c5701, &(0x7f0000000580))
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f0000000100)=0x3)
mount$bpf(0x0, &(0x7f00000003c0)='./cgroup\x00', &(0x7f0000000280), 0x18, &(0x7f0000000480)=ANY=[])
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_ASSOCIATE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="01002bbd7000fedbdf252600000008000300", @ANYRES32=r9, @ANYRESDEC=r5], 0x24}, 0x1, 0x0, 0x0, 0x4000815}, 0x850)
set_mempolicy_home_node(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xfffffffffffffffc, 0x0)

3.785121849s ago: executing program 0 (id=1138):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$SNDCTL_DSP_GETOSPACE(0xffffffffffffffff, 0x8010500c, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x1})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001e0001020000960f00000000000073d5006d7f000000002000"], 0x20}, 0x1, 0x0, 0x0, 0x2008001}, 0x4040)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd3860800000080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c600000000d7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r5, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000638477fbac141716e000030a07070403fe80000000000002845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x700}, 0x2c)

3.784657557s ago: executing program 1 (id=1139):
socket$vsock_stream(0x28, 0x1, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=ANY=[@ANYBLOB="f0000000100001000000000000000000fc020000000000000000000000000000e00002010000000000000000000000000008cf9a"], 0xf0}}, 0x0)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = dup(r0)
r3 = accept4(r1, 0x0, 0x0, 0x0)
sendfile(r3, r2, 0x0, 0x8a000)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="020a000907000000000000000000000005001a"], 0x38}}, 0x0)

3.78327155s ago: executing program 2 (id=1140):
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_GET_TIMERSLACK(0x1e)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000001600), 0xffffffffffffffff)
r2 = socket(0xa, 0x1, 0x2)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk', 0x1, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x7ffffffd, 0xa538, 0x5, 0x6, 0x8, 0x7, 0xf9, 0x0, 0x5, 0x81, 0x8, 0x8, 0x407}, {0x10, 0xc, 0x2, 0xb, 0x1, 0xd4, 0x3, 0x9, 0x5, 0x81, 0x70, 0x4, 0xee}, {0x7, 0x3, 0x4, 0xc9, 0x4, 0xd, 0x80, 0x7, 0xb, 0x0, 0x7, 0x2e, 0x19e8}], 0x2})
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
getdents(r4, &(0x7f0000000100)=""/171, 0xab)
r5 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r5, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r6, 0x5b16, 0x0)
getdents(r4, 0x0, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
bind$alg(r7, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)
write$rfkill(r3, 0x0, 0x0)
sendmsg$TIPC_CMD_SHOW_PORTS(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000280)={0x1c, r1, 0x1}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socket(0x10, 0x803, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.350650143s ago: executing program 0 (id=1141):
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x14000, 0x0)
ioctl$AUTOFS_IOC_SETTIMEOUT(r0, 0x80049367, &(0x7f0000000040)=0x9)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000000004102, 0x0)
r2 = dup(r1)
r3 = mq_open(&(0x7f0000000680)='\r\x00elinu\xef\xe3elinux\x00\x96\xf6\x92\n#*\xac\x05|\xf8D\\\x9a\xe6[]L+\xf6\v\xe8\xf2\xd3\b\x15\n\xb8F!Q9o\x1f#\xbdt\r\xfb\"\x18%\xfdM\xaf_t\xd2\xdcJ\x10\a\xbab\x1a\xdf\xb1\xbdU\xd7jo\xe7\xac\x81\x10k\xce-\xf5@\xbb\x9d;\xe8\xf6\xffQ\x04\xaai\x92k\x1b;\xddM\xa2\xe1-\x0e\xd8\xde\x00\xff\x18\xdd\bL\xfb\xa2\x1e\xd8\xdfJ\xcc\xd7\x9b\xfa\xf0\x0f\x05\xf1\xc4 \xde@\x80q\xf7\x04\xf5\x85T\x1f\xc2S]*\xc9lw\xd3J\xc5\xe8\x02\xcb\xbbAHxr\xac\xb77F\xdf\x1c\xcb\xd4\xce\x88L\xf1\xf9[\x98\xd4+pTx\x95\xb5\x1b]x\x1a\x95\xe1c6\xe7`83\xb7n#\xe0\xc1_\xec\xba\xec\x87\x1b\xde\a\x8b\xc5\x86woo\xbc\x1c\xa3r\x82\xf3enq-\x90/\xed\xff\xad+\x03\x10\t\xda\xfd\xa2\xd0\xef4\n%\xf1\xd8\x99$\xfb(\x9b5\xcbF4?O\x1d\xd7\x01*\xc9\xd6L\x86 \x1b\xab9\x1b\x12k\xf9\xec\xd8\x16E\x11-\xfd\x10\x89\x8d\xccbP\x14\x89w\xef\x90\x1d\xc9\x02\xeb\x01V\xfbm\x86\x8a\xc1.m\xd0\xa2\xa4\xc9\a;(\n\xc0\"\x1f\xe4\x1d\x85\xb3\x95\xec\xbb\x9b\x01\x85\xffx\xf2\a\f=\xd1\xcf\xec\xb8!\v\x958\xbf\x15b-\x92\xd6\xb5\xbf\xe2\x92\xc2\xa3}\xd0;\xd1\x96\x86\x8a\x1b\xe1w\xf9\xb0\xd2\xab\xc9\x8a\x19\n\xc5o\x1e\x13/\xe4\x91\x7f\xa5\xf1\xddW\xdb\x98\xcd\x94\xfc\x90\xa0\x05*', 0x6e93ebbbcc0884f2, 0x15b, &(0x7f0000000040)={0x0, 0x1, 0x5})
mq_getsetattr(r3, &(0x7f0000000300)={0x800, 0x0, 0x1}, 0x0)
mq_timedreceive(r3, &(0x7f0000000340)=""/195, 0xc3, 0xfffffffffffffffc, 0x0)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRES64=r1], 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000018c0)={r0, 0x0, 0x89, 0xfa, &(0x7f0000000240)="1daadbe963073e19acdde244179211c893aad24d808ea2705bac15f2be5c74a824418fb1bc13a9171b6b721be886d3b6ee3783a84f25e054df8b4547ff90bbaf05de446f43f2194b7b8e4e1ad276fd2edbb138e32d0116da9f314981da6737949bc0f01c1df4999a70b954b716c19dc9aeb54b406588da71d92ebe67ad0405ea02d5830c16b54188cd", &(0x7f0000000440)=""/250, 0x7fffffff, 0x0, 0xf8, 0x7f, &(0x7f0000000540)="55b9dcbe07359e42b449bf7c7bddbe0078e3b159b777fedd3de1d35c0a494b434e493bb126bdfca0697b9bb5c0e5053c1209906291ad8d1663deb6d20d3aa7fdbcc5477e8f2c09550270ca7a25909a93ea18120e12dfa1fb5978e4f07a066226b4e7ec4b2bf8aec643da883781bfc455a49790282871f323dae059884b0d27da0eb1f086c983db03a149c189ef0de58d0ba4703020407a6dcb391f6826a23510ced3e3ac15e49bc6f22c7e491f9ec9f68252cc5cfc548da46c8cb727e3600aae737ea184525363b3ff12970b05248be5629285711cbd3d250838db6f78f1cd9c2ecc2c421f6810593106bc2980bc5608c6a87b635ba1c884", &(0x7f0000001840)="04ff51338d38d328d5312b87c768a411653cdb5d27d4169f31a7d2350332ba8c9c275d2638eab7b65076c341e26fd0c66e88eb755a0e62e7f132315aa87e2a54b7954943a8fe6b078b16f6c0bfb24f8fd0354095af2b712a217405356e8358a545a0bbd8e4c3d672149ce113b7ff181162e4cdb78f867087427f9c7e58a8a8", 0x1, 0x0, 0x5}, 0x50)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000140)="d800000018007b29e00212ba0d8105040a601800fe0f040b067c55a1bc0009001e0006990600000015001500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ccd40dd601edef3d93452a92307ff0ff0e97031e9f05e9f16e9cb500"/216, 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
syz_usb_disconnect(r4)
close_range(r5, r5, 0x0)
mq_timedreceive(r3, &(0x7f0000000100)=""/92, 0x5c, 0x4, 0x0)
r7 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x4)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r7, 0x0)
flock(r3, 0x12)
modify_ldt$write2(0x11, &(0x7f0000000040)={0x800}, 0x10)
modify_ldt$read(0x0, &(0x7f0000000840)=""/4096, 0x1000)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='auxv\x00')
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6}]})
creat(0x0, 0x0)
write$RDMA_USER_CM_CMD_REJECT(r2, &(0x7f0000000300)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0x7f, "cb74df", "54e7543cf8591a6d59caaa3bc03402f63f3aa04af0d6b1c3b6316d149b884fa1f7178f3957647265392599f58538288a471f3b14dd4a41c9520a232917de211275545021f1413ff63c72f17892656d8299ed344d5bcb4448fc07c1ebae534116016f148ee9838644b848729700225185cef2f6b23ac2725320063539ccd7d9f4fcf91e9766956a1d93d3705270511e40a0fdcf77c700a06a1105b09497236ac7fcbd44cc6b27f6d3d317a3045cc57e46f04778c43943cb7d7be63a27d1666ac3ef67ccf1c85a8042b989ef0c905fc0866bc7604ec99e64bbc947db6c96faddbfd39def2b055e6c285568a50f5137ec6cf19a4b8c2ca820c6788cece642ef2b3e"}}, 0x110)

3.303737439s ago: executing program 3 (id=1142):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
openat$audio(0xffffffffffffff9c, 0x0, 0x800, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x1})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@func_proto]}, {0x0, [0x0, 0x61]}}, 0x0, 0x28, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4, 0x8, &(0x7f0000000180)={0x0, 0x1}, 0xe800, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000001e0001020000960f00000000000073d5006d7f000000002000"], 0x20}, 0x1, 0x0, 0x0, 0x2008001}, 0x4040)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x803}, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c)

2.825321303s ago: executing program 3 (id=1143):
socket$inet6(0xa, 0x3, 0x87)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_BLANKSCREEN(r3, 0x5609, &(0x7f0000000000))
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r4, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
r6 = openat$pidfd(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
fcntl$notify(r6, 0x402, 0x29)
r7 = syz_open_procfs(0x0, &(0x7f0000000000)='task\x00')
getdents64(r7, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r9}, 0x10)
close(r8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0))
ioctl$SIOCSIFHWADDR(r8, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000340)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}}}, 0x108)

1.883556783s ago: executing program 1 (id=1144):
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0xa, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x3938700}, 0x1, 0x0, 0x1})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
readv(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000200)=""/147, 0x93}], 0x1)
ioctl$VIDIOC_G_SELECTION(0xffffffffffffffff, 0xc040565e, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB='X\bJ@', @ANYRES16, @ANYBLOB="100026bd7000fddbdf25440000000c00990067e200003b000000381070000500020000000000050002000100000004100300f4cc4c3220673abb03a2dcdd29691f5e20a5b7e24d0c07b159a9baac2a1d29bf5e53a7de92a9d1a0e5102722a7e36b4c85d6975b7d9a9dca731ce045309a04a8ad79ed500f0e0bea34a026c61248827ee8fd296faf49994a767615d378972e31b60c51d387d3c21fcb1bc6acea1fa6df38fc587375a07ceebdcb7c85c35405fc5529d97c84b794545012a8b1c38f04942f94aaf618551cfbb7fec02bceed3a579aa79ecf3e23c263f4792f3e02b1c8ad9045a049a4a4a46f1b0dc7c18ce393d0e57ec024978e87deef901e926e10f29a2b44aa96b8a94a2004c9c063188c590e9950119c93addf88e8500f4d855a2af224cd1a731e6a3eb5715a73bb1fd32ebd1aedaba2e6263c6a0d571062a14d3ec9954edf861bb4eefc9beca148e186316a83ed31c0d3516f786309b2606e0746927c87d901f3b4ea3c205499d22e5366d93ac6c7129cf27998938613a410da1f3fb204b1c7a3ceb97acbf08f0adb8ae1f9004ee6144a1047a53fa65cf5a38039474b5dda9523ff193a8f3483195ff604e22ee69db3da6dadc9b0eaed3e68e574087dd20fef7d7af8c332abf369fb0af390dea2e53f2f488e852508836f5fcf97a3afa987cb37ca374b46d3abf90044618a03a9fe4be20bf483fcf5d12f2d68382a9e93b2e50c35e2cb9618beedec2cfcf666d1c0a4972176ba55b1f05f4658a705d52ea1a8e9c1f56d13dc42be9616ae88f9f372d711de50114fdcebda20564e1c3310fa1800dfec5f45c2df86b6eae05437f5b99a9a0e84317f25b4ff8c4e1827cdefbfd24ae932fc6196e23ffd80687f0c72396718d6afea13578a4661689d2abcaa99962f9f3e8a50ed2f6fda13ee140cff37d22fdd89bd1da8cdb974fbe9029fb730342152c1a04efa538613cd3f989af23b6c3ff4a0ff4bb6562afccb428ab9c6421b4e773721e591301ed96c8d21826a221ffe89652d63597206b17e88dc8e07119589c89204fc3bdcfc068e004eaf017c0e9ff9ea03670d7f9518a62399875b1c73ec5ef9b14f787a948433658d54770f379ca08a32dd3fca827cf0c02c8a10c7d9f9b31d2eb915ddbe4d80af41ad73fee0cbac24e9e7431b456f5ec43ece993c177bb54e6c1f169e78bdb426339bf43491a787bedcf064554e97a8840b98e28c7144e42f88fb3f89cd8be65cb277de8c527f29711a4c70e4679a28738c4d27e557d1578c21458712a91a8f26b818684c80bd6c094be2614fd1bc18dc8463ec8652861dd924a9bef1ae3fa5656defd078038591cb24a9015ac18d595fbc2074f42e202930c053e489857e63a57d5180d8de0dc710cba7f93540f8f9ac40253432c6edb804301df3644e919277882b741c5ca6d06ed2ab58317f7c40d64cab89969f0eb9337937eb26df8b1d895280240ff6e19927aa9c3cb7e279f83be26063678db19563bcded1a8c68c70819fce7050f722883942363c843c8ee4235feb353f35aa02f76bbd933c1b89d0e9c7e8cde51e2370394a62f146cbe1f6dec5c74dd940c78a5354f5ae51417a949feadd59862393ba9f843aeb9fcf2533ec32e119877514749785f78f2f7b7d48b16d7fc0fef6362269dbfe306133ff68ac59c813814d5faacb4f0dc1e806bb9d6d14791c8720610a4f594a5ebd7dfc58cd335dafa2c2ecb88d2cbb8c405842f5d86c2f59db0c05d0144418dd2beaee1b8e6227eb17077e4c5161b9d7680f53e70db83f5c0661a3767621d9eaacd84a7a9417405ba83daf6770bdccffdf444dbcd9713ee6f5d694aeb87f308e1623abcea74218c23f5d6e19bb0d3bcc5a914f0719be4d8383661616c3c71651d85a44144c0fa6e006dabfb48d367e12388bcb8f33d2606744df2f95065f793d2954c1ac6a70230540d27d1c2288c3dc85cafe4683333cd78476e152bc3093c031cd313bc02afba5337fd6b0e8589917aaec4fd47599a6dff95322395e7fc813d49ed942878007bbd87aac848e89f19ca81fe7269c474dfca528d41d86bcb362107fae40a806f7058dcb0591924a99d32b4964590a4511e90222ec5ed3da9da0f3da81b681269315b1ac6491f159cc2a86457914d3a6ca746bd473879734c208a82428306b71a4c6af8c7f7d9b1fe0ca99ec7db0e884e7b95f2ece7a8c1abe27c06c9dad79f9e5321516ffc56f0b63b914"], 0x1058}, 0x1, 0x0, 0x0, 0x2}, 0x800)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

1.879650089s ago: executing program 4 (id=1145):
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x3, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000200)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x7fff0010}]})
msgget(0x3, 0x282)
r0 = syz_open_dev$sndctrl(&(0x7f0000000140), 0x0, 0x100)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000240)={0x4, 0x4, 0xfffffff7, 0x5, 'syz1\x00', 0xfca})
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x3)
syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000340)=""/102392, 0x18ff8)
shmctl$IPC_RMID(0x0, 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000040), 0x8, 0x0)
ppoll(&(0x7f00000000c0)=[{r2, 0x404}, {0xffffffffffffffff, 0x2614}], 0x2, 0x0, 0x0, 0x0)
r3 = gettid()
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xffffffff7ffffffd]}, 0x0, 0x8)
timer_create(0x3, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r3}, &(0x7f0000044000))
timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{}, {0x0, 0x989680}}, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r5)
r6 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r6, &(0x7f0000000080), 0x10)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="0000000000e4ce881ce155000000000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r7}, &(0x7f0000000000), &(0x7f0000000080)=r5}, 0x20)
recvfrom$unix(r6, 0x0, 0x0, 0x2, 0x0, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000080)=0xff)

1.78926849s ago: executing program 3 (id=1146):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c"], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x17, 0x5, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a8000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb06030000e816952301090224000100006400"], 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
pwrite64(r3, &(0x7f00000000c0)='0', 0x1, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, &(0x7f00000000c0)={0x14, &(0x7f0000000040)={0x20, 0x1, 0x15, {0x15, 0xa, "fed86168948170a2177131f6356d702df3b3b3"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000180)={0x1c, &(0x7f0000000200)={0x0, 0x5, 0xfc, "0207b370c4080c092dc7a70ff05fd85bc78236eb76c50cda5d81edd386dd3d454f30d0e4ef63d751aa9d2c1c0b1fc7c05d6eaa5eea7a5ca726ced90df08121d706d7a698d205e009922138a395f95441f1729c5bf12e437078841d8a68e37806e82c2cdf6980a0ce09df01f4776ef72720b9566c59538da6b3e687a54d90138d082722194abb00fc9271cee5993715a05da9089b66bd4624918e168bcdf3441b735b99dad9f3e11bf0588c6ad5be73b76bab73f7560b9586b8ab45625eb07b60b288f613867a1c7c37155fcb1336f2d24462cee37ce750f0e030ecae58e045381ce7da14287c50a1f9b865953d260042970e02b4ca8c676ac916f951"}, &(0x7f0000000100)={0x0, 0xa, 0x1, 0xbb}, &(0x7f0000000140)={0x0, 0x8, 0x1, 0xe6}})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000340)=ANY=[@ANYBLOB="fb52f01500042b908427027ddf80f68488d6042b63aaf91729e063"], 0x0, 0x0})

839.377717ms ago: executing program 2 (id=1147):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
pipe(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write$binfmt_script(r4, 0x0, 0xb)
splice(r5, 0x0, r4, 0x0, 0x1000, 0x0)
write$binfmt_misc(r6, &(0x7f00000000c0), 0xfdef)
splice(r3, 0x0, r6, 0x0, 0x80, 0x0)
r7 = dup2(r0, r0)
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000040)=0x1)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x2)

806.216094ms ago: executing program 1 (id=1148):
openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
msgctl$IPC_RMID(0x0, 0x0)
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r3, 0x80044dfd, &(0x7f0000000040))
syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
memfd_create(0x0, 0x4)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000100)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000740)={0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "65366a50432b7ee2c7feddd91df868e7cfc6fa7272f3bf0a71b5d0c19323a260"}})
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)

0s ago: executing program 4 (id=1149):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000040)=""/43, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x120)
write$UHID_DESTROY(r0, &(0x7f0000000140), 0x4)
write$UHID_SET_REPORT_REPLY(r0, 0x0, 0xb1) (fail_nth: 2)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setsig(r1, 0xa, 0x13)
fcntl$setlease(r1, 0x400, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x3938700}}, 0x0)
truncate(&(0x7f0000000140)='./file0\x00', 0x0)

kernel console output (not intermixed with test programs):

ind } for  pid=7717 comm="syz.1.436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  229.458277][  T971] usb 3-1: device descriptor read/8, error -71
[  230.467620][   T29] audit: type=1400 audit(1733224753.686:384): avc:  denied  { mounton } for  pid=7717 comm="syz.1.436" path="/proc/313/task" dev="proc" ino=14548 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  230.692316][  T971] usb usb3-port1: unable to enumerate USB device
[  230.709793][ T5901] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  230.974468][ T5901] usb 1-1: config 0 has an invalid interface number: 182 but max is 1
[  231.644980][   T29] audit: type=1400 audit(1733224755.146:385): avc:  denied  { egress } for  pid=7730 comm="syz.3.439" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  231.738761][ T5901] usb 1-1: config 0 has no interface number 1
[  231.828258][ T5901] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  231.923451][   T29] audit: type=1400 audit(1733224755.146:386): avc:  denied  { sendto } for  pid=7730 comm="syz.3.439" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  232.017359][ T7737] veth7: entered promiscuous mode
[  232.079915][ T7737] veth7: entered allmulticast mode
[  232.105069][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.158070][ T5901] usb 1-1: config 0 descriptor??
[  232.297550][   T29] audit: type=1400 audit(1733224755.926:387): avc:  denied  { read } for  pid=7739 comm="syz.2.440" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  232.539730][   T29] audit: type=1400 audit(1733224755.956:388): avc:  denied  { open } for  pid=7739 comm="syz.2.440" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  232.583199][   T29] audit: type=1400 audit(1733224755.966:389): avc:  denied  { ioctl } for  pid=7739 comm="syz.2.440" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  232.624956][ T7741] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  232.673473][   T47] usb 1-1: USB disconnect, device number 5
[  232.697080][ T7751] dccp_invalid_packet: P.Data Offset(0) too small
[  232.797690][ T7754] hsr0: entered promiscuous mode
[  232.968244][ T7747] Bluetooth: hci0: Opcode 0x080f failed: -4
[  233.519843][   T47] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  233.689317][   T47] usb 5-1: Using ep0 maxpacket: 32
[  233.721272][   T47] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  233.753837][   T47] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  233.773474][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.782753][   T47] usb 5-1: Product: syz
[  233.939396][   T47] usb 5-1: Manufacturer: syz
[  233.944655][   T47] usb 5-1: SerialNumber: syz
[  233.951581][   T47] usb 5-1: config 0 descriptor??
[  233.957313][ T7761] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  233.965638][   T47] hub 5-1:0.0: bad descriptor, ignoring hub
[  233.971826][   T47] hub 5-1:0.0: probe with driver hub failed with error -5
[  233.981489][   T47] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input10
[  234.816856][ T5825] Bluetooth: hci0: command 0x0406 tx timeout
[  234.931268][ T5901] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  235.149637][  T971] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  235.162409][ T7768] sctp: failed to load transform for md5: -4
[  235.182987][ T5901] usb 4-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77
[  235.200881][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  235.219313][ T5901] usb 4-1: Product: syz
[  235.226372][ T5901] usb 4-1: Manufacturer: syz
[  235.236216][ T5901] usb 4-1: SerialNumber: syz
[  235.289752][  T971] usb 3-1: device descriptor read/64, error -71
[  235.455215][ T5901] usb 4-1: config 0 descriptor??
[  235.958972][  T971] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  236.029772][ T7766] netlink: 4 bytes leftover after parsing attributes in process `syz.3.447'.
[  236.044173][    C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  236.050405][   T29] audit: type=1400 audit(1733224759.686:390): avc:  denied  { unmount } for  pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  236.053336][ T5901] usb 5-1: USB disconnect, device number 15
[  236.088616][   T29] audit: type=1400 audit(1733224759.716:391): avc:  denied  { write } for  pid=7765 comm="syz.3.447" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  236.099681][  T971] usb 3-1: device descriptor read/64, error -71
[  236.300434][  T971] usb usb3-port1: attempt power cycle
[  236.342937][ T7766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.411026][ T7766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.453050][ T7788] vlan2: entered promiscuous mode
[  236.547743][ T7788] bond0: entered promiscuous mode
[  236.609621][ T7788] bond_slave_0: entered promiscuous mode
[  236.625450][ T7788] bond_slave_1: entered promiscuous mode
[  236.639102][ T7766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  236.653448][ T7788] bond0: left promiscuous mode
[  236.658612][ T7788] bond_slave_0: left promiscuous mode
[  236.666935][ T7788] bond_slave_1: left promiscuous mode
[  236.672980][ T7766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  236.703543][    T9] usb 4-1: USB disconnect, device number 16
[  236.735288][ T7790] veth13: entered promiscuous mode
[  236.744399][ T7790] veth13: entered allmulticast mode
[  236.869647][ T5131] Bluetooth: hci0: command 0x0406 tx timeout
[  236.877733][  T971] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  236.911218][  T971] usb 3-1: device descriptor read/8, error -71
[  237.240280][ T7806] FAULT_INJECTION: forcing a failure.
[  237.240280][ T7806] name failslab, interval 1, probability 0, space 0, times 0
[  237.307334][ T7806] CPU: 0 UID: 0 PID: 7806 Comm: syz.2.459 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  237.317996][ T7806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  237.328079][ T7806] Call Trace:
[  237.331395][ T7806]  <TASK>
[  237.334345][ T7806]  dump_stack_lvl+0x16c/0x1f0
[  237.339061][ T7806]  should_fail_ex+0x497/0x5b0
[  237.343782][ T7806]  ? fs_reclaim_acquire+0xae/0x150
[  237.348924][ T7806]  should_failslab+0xc2/0x120
[  237.353722][ T7806]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  237.359569][ T7806]  ? __alloc_skb+0x2b1/0x380
[  237.364210][ T7806]  __alloc_skb+0x2b1/0x380
[  237.368672][ T7806]  ? __pfx___alloc_skb+0x10/0x10
[  237.373656][ T7806]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  237.379686][ T7806]  netlink_alloc_large_skb+0x69/0x130
[  237.385107][ T7806]  netlink_sendmsg+0x689/0xd70
[  237.389933][ T7806]  ? __pfx_netlink_sendmsg+0x10/0x10
[  237.395299][ T7806]  ____sys_sendmsg+0xaaf/0xc90
[  237.400108][ T7806]  ? copy_msghdr_from_user+0x10b/0x160
[  237.405601][ T7806]  ? __pfx_____sys_sendmsg+0x10/0x10
[  237.410932][ T7806]  ___sys_sendmsg+0x135/0x1e0
[  237.415615][ T7806]  ? __pfx____sys_sendmsg+0x10/0x10
[  237.420834][ T7806]  ? __pfx_lock_release+0x10/0x10
[  237.425847][ T7806]  ? trace_lock_acquire+0x14e/0x1f0
[  237.431049][ T7806]  ? __fget_files+0x206/0x3a0
[  237.435721][ T7806]  __sys_sendmsg+0x16e/0x220
[  237.440296][ T7806]  ? __pfx___sys_sendmsg+0x10/0x10
[  237.445401][ T7806]  do_syscall_64+0xcd/0x250
[  237.449901][ T7806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.455789][ T7806] RIP: 0033:0x7fe57cb7ff19
[  237.460197][ T7806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  237.479818][ T7806] RSP: 002b:00007fe57da51058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  237.488235][ T7806] RAX: ffffffffffffffda RBX: 00007fe57cd45fa0 RCX: 00007fe57cb7ff19
[  237.496226][ T7806] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000004
[  237.504210][ T7806] RBP: 00007fe57da510a0 R08: 0000000000000000 R09: 0000000000000000
[  237.512176][ T7806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.520139][ T7806] R13: 0000000000000000 R14: 00007fe57cd45fa0 R15: 00007ffc4076a1d8
[  237.528113][ T7806]  </TASK>
[  237.854956][ T7814] xt_nfacct: accounting object `syz0' does not exists
[  238.097463][   T29] audit: type=1326 audit(1733224761.726:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7815 comm="syz.2.462" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe57cb7ff19 code=0x0
[  239.980549][    T8] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  240.064465][ T7847] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  240.215262][    T8] usb 4-1: device descriptor read/64, error -71
[  240.463793][    T8] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  240.604943][    T8] usb 4-1: device descriptor read/64, error -71
[  240.750380][    T8] usb usb4-port1: attempt power cycle
[  240.772021][ T7859] xt_nfacct: accounting object `syz0' does not exists
[  240.844377][ T7860] syz.4.468[7860] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  240.844613][ T7860] syz.4.468[7860] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  240.919860][ T5901] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  240.956224][ T7860] syz.4.468[7860] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  241.103421][ T5901] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  241.130740][    T8] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  241.139570][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.161666][ T5901] usb 1-1: Product: syz
[  241.166175][ T5901] usb 1-1: Manufacturer: syz
[  241.166319][    T8] usb 4-1: device descriptor read/8, error -71
[  241.174446][ T5901] usb 1-1: SerialNumber: syz
[  241.196663][ T5901] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  241.230062][   T47] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  241.431827][    T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  241.486147][    T8] usb 4-1: device descriptor read/8, error -71
[  241.609902][    T8] usb usb4-port1: unable to enumerate USB device
[  242.429791][ T7854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  242.438503][ T7854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  242.447963][   T47] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  242.463236][   T47] ath9k_htc: Failed to initialize the device
[  242.633420][   T47] usb 1-1: ath9k_htc: USB layer deinitialized
[  243.085210][    T9] usb 1-1: USB disconnect, device number 6
[  245.181476][ T7910] syz.0.485[7910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.181569][ T7910] syz.0.485[7910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.193036][ T7910] syz.0.485[7910] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  245.792294][    T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  245.947236][ T7916] dccp_invalid_packet: P.Data Offset(0) too small
[  245.992310][    T9] usb 3-1: Using ep0 maxpacket: 32
[  246.110503][    T9] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  247.071849][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.080259][    T9] usb 3-1: Product: syz
[  247.084513][    T9] usb 3-1: Manufacturer: syz
[  247.089206][    T9] usb 3-1: SerialNumber: syz
[  247.128407][    T9] usb 3-1: config 0 descriptor??
[  247.835563][    T9] rtl8150 3-1:0.0: couldn't reset the device
[  248.482771][ T7925] overlayfs: failed to resolve './file0': -2
[  248.489212][    T9] rtl8150 3-1:0.0: probe with driver rtl8150 failed with error -5
[  248.530281][    T9] usb 3-1: USB disconnect, device number 15
[  249.369816][ T7931] veth15: entered promiscuous mode
[  249.375102][ T7931] veth15: entered allmulticast mode
[  250.757001][   T29] audit: type=1400 audit(1733224773.816:393): avc:  denied  { execute } for  pid=7935 comm="syz.2.494" path="/dev/dsp" dev="devtmpfs" ino=1283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  251.037461][   T29] audit: type=1400 audit(1733224774.666:394): avc:  denied  { create } for  pid=7954 comm="syz.2.499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  251.070135][   T29] audit: type=1400 audit(1733224774.666:395): avc:  denied  { connect } for  pid=7954 comm="syz.2.499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  251.139810][   T29] audit: type=1400 audit(1733224774.666:396): avc:  denied  { getopt } for  pid=7954 comm="syz.2.499" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  251.202766][ T7946] veth3: entered promiscuous mode
[  251.207860][ T7946] veth3: entered allmulticast mode
[  251.287720][   T29] audit: type=1400 audit(1733224774.796:397): avc:  denied  { write } for  pid=5174 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  251.330782][   T29] audit: type=1400 audit(1733224774.796:398): avc:  denied  { remove_name } for  pid=5174 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  251.353691][   T29] audit: type=1400 audit(1733224774.796:399): avc:  denied  { add_name } for  pid=5174 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  251.369685][  T971] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  251.555218][  T971] usb 4-1: config 0 has an invalid interface number: 102 but max is 0
[  251.564567][  T971] usb 4-1: config 0 has no interface number 0
[  251.591670][ T7955] sg_write: data in/out 1048540/17 bytes for SCSI command 0x0-- guessing data in;
[  251.591670][ T7955]    program syz.2.499 not setting count and/or reply_len properly
[  251.614820][  T971] usb 4-1: config 0 interface 102 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[  251.691722][  T971] usb 4-1: config 0 interface 102 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[  251.736773][  T971] usb 4-1: config 0 interface 102 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[  251.795214][ T7964] dccp_invalid_packet: P.Data Offset(0) too small
[  251.819676][  T971] usb 4-1: config 0 interface 102 altsetting 64 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  252.493193][  T971] usb 4-1: config 0 interface 102 altsetting 64 has a duplicate endpoint with address 0xA, skipping
[  252.504409][  T971] usb 4-1: config 0 interface 102 altsetting 64 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  252.515631][  T971] usb 4-1: config 0 interface 102 has no altsetting 0
[  252.583240][  T971] usb 4-1: Dual-Role OTG device on HNP port
[  252.609702][  T971] usb 4-1: New USB device found, idVendor=07a6, idProduct=8515, bcdDevice=3c.28
[  252.624930][   T29] audit: type=1400 audit(1733224776.256:400): avc:  denied  { append } for  pid=7969 comm="syz.2.501" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  252.686121][  T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.878541][  T971] usb 4-1: Product: syz
[  252.894260][  T971] usb 4-1: Manufacturer: syz
[  252.902943][  T971] usb 4-1: SerialNumber: syz
[  252.914409][  T971] usb 4-1: config 0 descriptor??
[  252.936463][ T7957] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  253.018962][   T29] audit: type=1400 audit(1733224776.646:401): avc:  denied  { create } for  pid=7973 comm="syz.1.502" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  253.177931][  T971] pegasus 4-1:0.102: probe with driver pegasus failed with error -71
[  253.221400][  T971] usb 4-1: USB disconnect, device number 21
[  253.375966][   T29] audit: type=1400 audit(1733224776.996:402): avc:  denied  { create } for  pid=7979 comm="syz.4.505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  253.649597][    T9] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  253.779595][    T9] usb 5-1: device descriptor read/64, error -71
[  253.823815][   T25] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  254.019711][    T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  254.110982][   T25] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  254.121418][   T25] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  254.130573][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  254.140420][   T25] usb 1-1: config 0 descriptor??
[  254.155171][   T25] pwc: Askey VC010 type 2 USB webcam detected.
[  254.368654][   T25] pwc: send_video_command error -71
[  254.378704][   T25] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  254.656760][    T9] usb 5-1: device descriptor read/64, error -71
[  254.670682][   T25] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  254.792831][    T9] usb usb5-port1: attempt power cycle
[  254.868445][   T25] usb 1-1: USB disconnect, device number 7
[  255.279770][    T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  255.899861][   T25] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  256.126561][    T9] usb 5-1: device descriptor read/8, error -71
[  256.513401][    T9] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  256.875334][    T9] usb 5-1: device descriptor read/8, error -71
[  256.947100][   T25] usb 1-1: device descriptor read/all, error -71
[  257.094377][    T9] usb usb5-port1: unable to enumerate USB device
[  257.111033][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  257.117373][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  257.404112][ T8030] 9pnet_fd: Insufficient options for proto=fd
[  259.649694][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  259.649717][   T29] audit: type=1400 audit(1733224783.276:404): avc:  denied  { create } for  pid=8037 comm="syz.4.524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  262.370944][ T8070] syz.4.529[8070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.371371][ T8070] syz.4.529[8070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  262.383671][ T8070] syz.4.529[8070] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  263.318820][   T29] audit: type=1400 audit(1733224786.946:405): avc:  denied  { create } for  pid=8055 comm="syz.0.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  263.351788][   T29] audit: type=1400 audit(1733224786.956:406): avc:  denied  { setopt } for  pid=8055 comm="syz.0.526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  263.439710][   T47] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  263.530241][   T29] audit: type=1400 audit(1733224787.136:407): avc:  denied  { setattr } for  pid=8082 comm="syz.4.533" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  263.553832][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.560247][   T29] audit: type=1326 audit(1733224787.156:408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f11d0376ee7 code=0x7ffc0000
[  263.583344][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.589885][   T29] audit: type=1326 audit(1733224787.156:409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f11d031c129 code=0x7ffc0000
[  263.613651][   T29] audit: type=1326 audit(1733224787.156:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f11d037ff19 code=0x7ffc0000
[  263.619859][   T47] usb 2-1: Using ep0 maxpacket: 32
[  263.636868][    C0] vkms_vblank_simulate: vblank timer overrun
[  263.637509][   T29] audit: type=1326 audit(1733224787.156:411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f11d0376ee7 code=0x7ffc0000
[  263.671510][   T29] audit: type=1326 audit(1733224787.156:412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f11d031c129 code=0x7ffc0000
[  263.688671][   T47] usb 2-1: device descriptor read/all, error -71
[  263.694964][   T29] audit: type=1326 audit(1733224787.156:413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8082 comm="syz.4.533" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f11d0376ee7 code=0x7ffc0000
[  264.939713][ T5899] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  265.157960][ T8111] syz.3.541[8111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  265.158062][ T8111] syz.3.541[8111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  265.169694][ T8111] syz.3.541[8111] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  265.879656][ T5899] usb 5-1: device descriptor read/64, error -71
[  266.225285][ T8122] trusted_key: encrypted_key: insufficient parameters specified
[  266.259721][ T5899] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  266.431682][ T5899] usb 5-1: device descriptor read/64, error -71
[  266.999106][ T5899] usb usb5-port1: attempt power cycle
[  269.267523][ T8134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.548'.
[  269.431096][ T8153] overlayfs: failed to resolve './file0': -2
[  269.571760][   T25] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  270.329170][   T25] usb 5-1: unable to get BOS descriptor or descriptor too short
[  270.348883][   T25] usb 5-1: not running at top speed; connect to a high speed hub
[  270.358794][   T25] usb 5-1: config 219 has 1 interface, different from the descriptor's value: 2
[  270.361088][ T8163] ubi0: attaching mtd0
[  270.528962][ T8164] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  270.874476][   T25] usb 5-1: config 219 interface 0 has no altsetting 0
[  270.881853][   T25] usb 5-1: config 219 interface 0 has no altsetting 1
[  270.919723][ T8163] ubi0 error: ubi_attach_mtd_dev: bad VID header (8454144) or data offsets (8454208)
[  270.932240][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.556'.
[  271.049047][   T25] usb 5-1: New USB device found, idVendor=2b73, idProduct=0017, bcdDevice=a2.0e
[  271.068580][   T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.078303][   T25] usb 5-1: Product: syz
[  271.082660][   T25] usb 5-1: Manufacturer: syz
[  271.113542][   T25] usb 5-1: can't set config #219, error -71
[  271.123828][   T25] usb 5-1: USB disconnect, device number 23
[  271.336759][ T8172] syz.4.558[8172] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.337190][ T8172] syz.4.558[8172] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.349055][ T8172] syz.4.558[8172] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  271.808464][ T8175] dccp_invalid_packet: P.Data Offset(0) too small
[  273.551686][ T8189] syz.1.561[8189] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  273.551778][ T8189] syz.1.561[8189] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  273.563185][ T8189] syz.1.561[8189] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  274.495044][ T8190] xt_nfacct: accounting object `syz0' does not exists
[  274.521451][ T5901] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  274.693809][ T5901] usb 4-1: Using ep0 maxpacket: 32
[  274.733424][ T5901] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  274.745498][ T5901] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  274.755967][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.764330][ T5901] usb 4-1: Product: syz
[  274.768575][ T5901] usb 4-1: Manufacturer: syz
[  274.774388][ T5901] usb 4-1: SerialNumber: syz
[  274.781074][ T5901] usb 4-1: config 0 descriptor??
[  275.189814][    T8] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  275.301547][ T5901] usb 4-1: can't set config #0, error -71
[  275.425905][ T5901] usb 4-1: USB disconnect, device number 22
[  275.629712][    T8] usb 5-1: Using ep0 maxpacket: 16
[  275.655668][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  275.799718][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  275.901906][    T8] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  275.942437][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.007035][    T8] usb 5-1: Product: syz
[  276.011295][    T8] usb 5-1: Manufacturer: syz
[  276.015880][    T8] usb 5-1: SerialNumber: syz
[  276.023491][    T8] usb 5-1: config 0 descriptor??
[  276.371955][ T8224] syz.0.570[8224] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.372358][ T8224] syz.0.570[8224] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  276.384409][ T8224] syz.0.570[8224] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  277.012406][ T8232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  277.049758][ T8232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  277.277269][ T8220] syz.3.572[8220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  277.629934][ T8220] syz.3.572[8220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  277.648783][ T8220] syz.3.572[8220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  277.749941][ T8244] dccp_invalid_packet: P.Data Offset(0) too small
[  278.033516][ T8247] netlink: 8 bytes leftover after parsing attributes in process `syz.1.576'.
[  279.659798][   T25] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  279.939676][    T8] usb 5-1: USB disconnect, device number 24
[  280.289571][   T25] usb 3-1: Using ep0 maxpacket: 32
[  280.297215][   T25] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  280.366311][ T8265] syz.4.581[8265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  280.366734][ T8265] syz.4.581[8265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  280.378682][ T8265] syz.4.581[8265] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  280.711840][   T25] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  280.866842][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.895481][   T25] usb 3-1: Product: syz
[  281.264018][   T25] usb 3-1: Manufacturer: syz
[  281.268692][   T25] usb 3-1: SerialNumber: syz
[  281.420912][   T25] usb 3-1: config 0 descriptor??
[  281.427726][   T25] usb 3-1: can't set config #0, error -71
[  281.461369][   T25] usb 3-1: USB disconnect, device number 16
[  283.747695][ T8277] syz.1.585[8277] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  283.747791][ T8277] syz.1.585[8277] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  284.305734][ T8277] syz.1.585[8277] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  284.878485][ T8299] netlink: 8 bytes leftover after parsing attributes in process `syz.0.590'.
[  285.040984][ T8312] xt_nfacct: accounting object `syz0' does not exists
[  287.037521][ T8308] syz.3.593 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  287.426811][ T8338] netlink: 8 bytes leftover after parsing attributes in process `syz.4.602'.
[  289.514963][ T8357] netlink: 8 bytes leftover after parsing attributes in process `syz.0.608'.
[  290.703161][ T5901] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  291.447380][  T969] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  292.914050][  T969] usb 3-1: Using ep0 maxpacket: 32
[  292.920228][ T5901] usb 4-1: unable to read config index 0 descriptor/start: -71
[  292.928021][  T969] usb 3-1: device descriptor read/all, error -71
[  293.011614][ T5901] usb 4-1: can't read configurations, error -71
[  294.287051][ T8416] xt_nfacct: accounting object `syz0' does not exists
[  295.409036][ T8432] trusted_key: encrypted_key: insufficient parameters specified
[  297.686436][ T8465] netlink: 8 bytes leftover after parsing attributes in process `syz.3.633'.
[  297.907442][   T29] kauditd_printk_skb: 641 callbacks suppressed
[  297.907461][   T29] audit: type=1400 audit(1733224821.536:1055): avc:  denied  { ioctl } for  pid=8467 comm="syz.2.637" path="socket:[17534]" dev="sockfs" ino=17534 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  297.961583][ T8470] netlink: 'syz.2.637': attribute type 10 has an invalid length.
[  298.409949][ T8480] xt_nfacct: accounting object `syz0' does not exists
[  301.989745][ T5825] Bluetooth: hci4: command 0x0406 tx timeout
[  302.748466][   T29] audit: type=1400 audit(1733224826.376:1056): avc:  denied  { map } for  pid=8516 comm="syz.3.650" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  302.889601][   T29] audit: type=1400 audit(1733224826.376:1057): avc:  denied  { execute } for  pid=8516 comm="syz.3.650" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  303.713062][ T8529] veth17: entered promiscuous mode
[  303.718460][ T8529] veth17: entered allmulticast mode
[  303.779567][ T5825] Bluetooth: hci2: Malformed LE Event: 0x1b
[  304.550908][ T5901] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  304.709861][ T5901] usb 2-1: Using ep0 maxpacket: 16
[  304.730519][ T5901] usb 2-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[  304.796540][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.821247][ T5901] usb 2-1: config 0 descriptor??
[  304.867922][ T5901] usb 2-1: invalid MIDI EP
[  305.003659][ T5901] usb 2-1: snd-bcd2000: error during probing
[  305.206379][ T5901] snd-bcd2000 2-1:0.0: probe with driver snd-bcd2000 failed with error -22
[  305.233221][ T8524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  305.278653][ T8524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  305.659555][ T5901] usb 2-1: USB disconnect, device number 14
[  306.962139][ T5131] Bluetooth: hci4: command 0x0406 tx timeout
[  308.884789][ T8585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.665'.
[  308.939775][    T8] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  309.159614][   T25] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  309.240152][    T8] usb 2-1: Using ep0 maxpacket: 8
[  309.254644][    T8] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09
[  309.274381][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.314930][    T8] usb 2-1: Product: syz
[  309.365144][    T8] usb 2-1: Manufacturer: syz
[  310.021147][   T25] usb 5-1: config 0 has an invalid interface number: 182 but max is 1
[  310.034102][    T8] usb 2-1: SerialNumber: syz
[  310.035790][   T25] usb 5-1: config 0 has no interface number 1
[  310.046005][    T8] usb 2-1: config 0 descriptor??
[  310.053905][    T8] go7007 2-1:0.0: probe with driver go7007 failed with error -12
[  310.079793][   T25] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  310.088898][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.162687][   T25] usb 5-1: config 0 descriptor??
[  310.413604][ T8577] input: syz1 as /devices/virtual/input/input11
[  310.420302][    T8] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  310.498043][ T5899] usb 2-1: USB disconnect, device number 15
[  310.633003][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  310.661063][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  310.683901][    T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  310.696696][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.709624][   T25] usb 5-1: USB disconnect, device number 25
[  310.755565][    T8] usb 3-1: config 0 descriptor??
[  311.534640][    T8] vrc2 0003:07C0:1125.0005: fixing up VRC-2 report descriptor
[  311.545744][    T8] input: HID 07c0:1125 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:07C0:1125.0005/input/input12
[  311.698529][    T8] vrc2 0003:07C0:1125.0005: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.2-1/input0
[  312.008115][ T5899] usb 3-1: USB disconnect, device number 19
[  313.660135][    T8] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  313.881752][ T8628] netlink: 8 bytes leftover after parsing attributes in process `syz.0.678'.
[  314.113397][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.595319][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.605655][    T8] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  314.624678][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.635349][    T8] usb 2-1: config 0 descriptor??
[  315.501835][    T8] usbhid 2-1:0.0: can't add hid device: -71
[  315.507987][    T8] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  315.531861][    T8] usb 2-1: USB disconnect, device number 16
[  317.560645][ T8680] veth5: entered promiscuous mode
[  317.565706][ T8680] veth5: entered allmulticast mode
[  318.581408][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  318.595218][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  321.049018][ T5901] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  321.166569][ T8725] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.184258][ T8725] batadv_slave_1: entered promiscuous mode
[  321.208224][ T8718] veth7: entered promiscuous mode
[  321.213559][ T8718] veth7: entered allmulticast mode
[  321.228095][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  321.239271][ T5901] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  321.249600][ T5901] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  321.258685][ T5901] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  321.259044][   T29] audit: type=1400 audit(1733224844.886:1058): avc:  denied  { read } for  pid=8724 comm="syz.4.703" path="socket:[18479]" dev="sockfs" ino=18479 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  321.295544][ T5901] usb 1-1: config 0 descriptor??
[  321.320780][ T5901] usb 1-1: can't set config #0, error -71
[  321.341322][ T5901] usb 1-1: USB disconnect, device number 10
[  321.378764][ T8729] dccp_invalid_packet: P.Data Offset(0) too small
[  321.516716][ T8732] process 'syz.3.705' launched '/dev/fd/4' with NULL argv: empty string added
[  321.525921][   T29] audit: type=1400 audit(1733224845.146:1059): avc:  denied  { execute } for  pid=8730 comm="syz.3.705" dev="hugetlbfs" ino=18495 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  322.018272][ T5901] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  322.098658][   T29] audit: type=1400 audit(1733224845.186:1060): avc:  denied  { execute_no_trans } for  pid=8730 comm="syz.3.705" path=2F6D656D66643A202864656C6574656429 dev="hugetlbfs" ino=18495 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  322.229932][ T5901] usb 1-1: Using ep0 maxpacket: 32
[  322.366547][ T5901] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  322.385581][ T5901] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  322.575512][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.584540][ T5901] usb 1-1: Product: syz
[  322.589332][ T5901] usb 1-1: Manufacturer: syz
[  322.594825][ T5901] usb 1-1: SerialNumber: syz
[  322.601431][ T5901] usb 1-1: config 0 descriptor??
[  322.607212][ T8736] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  322.615939][ T5901] hub 1-1:0.0: bad descriptor, ignoring hub
[  322.622164][ T5901] hub 1-1:0.0: probe with driver hub failed with error -5
[  322.632468][ T5901] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input13
[  323.606677][ T8753] dccp_invalid_packet: P.Data Offset(0) too small
[  323.690156][ T8751] veth9: entered promiscuous mode
[  323.695469][ T8751] veth9: entered allmulticast mode
[  324.835120][ T5901] usb 1-1: USB disconnect, device number 11
[  324.841236][    C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  327.147075][ T8790] syz.1.718[8790] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  327.147452][ T8790] syz.1.718[8790] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  327.159359][ T8790] syz.1.718[8790] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  328.106404][ T8792] overlayfs: failed to resolve './file0': -2
[  332.123830][ T8820] veth9: entered promiscuous mode
[  332.128929][ T8820] veth9: entered allmulticast mode
[  332.259647][   T25] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  332.529734][ T8838] xt_nfacct: accounting object `syz0' does not exists
[  332.799759][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.817082][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.827038][   T25] usb 1-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  332.836563][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  332.850374][   T25] usb 1-1: config 0 descriptor??
[  333.237424][ T8840] 9pnet_fd: Insufficient options for proto=fd
[  333.246492][   T29] audit: type=1400 audit(1733224856.866:1061): avc:  denied  { mounton } for  pid=8839 comm="syz.1.730" path="/143/file0" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  333.269085][   T25] vrc2 0003:07C0:1125.0006: fixing up VRC-2 report descriptor
[  333.281917][   T25] input: HID 07c0:1125 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:07C0:1125.0006/input/input14
[  333.419052][   T25] vrc2 0003:07C0:1125.0006: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.0-1/input0
[  333.643501][ T8851] overlayfs: failed to resolve './file0': -2
[  333.876420][    T9] usb 1-1: USB disconnect, device number 12
[  339.263917][ T8911] overlayfs: failed to resolve './file0': -2
[  339.506767][   T29] audit: type=1400 audit(1733224863.136:1062): avc:  denied  { execute_no_trans } for  pid=8916 comm="syz.2.748" path="/138/file0" dev="tmpfs" ino=778 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  339.530469][ T5131] Bluetooth: hci4: command 0x0406 tx timeout
[  340.527016][ T8937] syz.0.754[8937] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  340.527476][ T8937] syz.0.754[8937] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  340.539399][ T8937] syz.0.754[8937] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  344.089694][ T8964] overlayfs: failed to resolve './file0': -2
[  346.769763][ T5131] Bluetooth: hci4: command 0x0406 tx timeout
[  348.009970][   T25] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  349.280358][   T25] usb 3-1: Using ep0 maxpacket: 16
[  349.453510][   T29] audit: type=1400 audit(1733224873.086:1063): avc:  denied  { mount } for  pid=9030 comm="syz.0.777" name="/" dev="configfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  349.529685][   T29] audit: type=1400 audit(1733224873.116:1064): avc:  denied  { search } for  pid=9030 comm="syz.0.777" name="/" dev="configfs" ino=95 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  349.804760][   T25] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  349.815125][   T25] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  351.215593][   T25] usb 3-1: string descriptor 0 read error: -71
[  351.269676][   T25] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  351.278765][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.543177][   T25] usb 3-1: config 0 descriptor??
[  351.594004][   T25] usb 3-1: can't set config #0, error -71
[  351.660356][   T25] usb 3-1: USB disconnect, device number 20
[  353.379933][   T25] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  353.420978][ T5901] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  353.580428][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  353.593937][   T25] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  353.609625][ T5901] usb 1-1: Using ep0 maxpacket: 16
[  353.626583][ T5901] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.659627][ T5901] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  353.676889][   T25] usb 2-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.00
[  353.749817][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.773948][ T5901] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  353.783671][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.793099][   T25] usb 2-1: config 0 descriptor??
[  353.798518][ T5901] usb 1-1: Product: syz
[  353.816089][ T5901] usb 1-1: Manufacturer: syz
[  353.821148][ T5901] usb 1-1: SerialNumber: syz
[  353.828623][ T5901] usb 1-1: config 0 descriptor??
[  354.995958][   T25] vrc2 0003:07C0:1125.0007: fixing up VRC-2 report descriptor
[  355.009559][    T9] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  355.036679][   T25] input: HID 07c0:1125 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:07C0:1125.0007/input/input15
[  355.051676][   T25] vrc2 0003:07C0:1125.0007: input,hidraw0: USB HID v0.00 Joystick [HID 07c0:1125] on usb-dummy_hcd.1-1/input0
[  355.067194][   T25] usb 2-1: USB disconnect, device number 17
[  356.586830][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  356.603269][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  356.615847][    T9] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  356.740389][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.753531][    T9] usb 5-1: config 0 descriptor??
[  358.067113][ T5871] usb 5-1: USB disconnect, device number 26
[  359.042748][    T9] usb 1-1: USB disconnect, device number 13
[  359.285746][ T9108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.794'.
[  360.749331][ T9153] FAULT_INJECTION: forcing a failure.
[  360.749331][ T9153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  360.890952][ T9153] CPU: 0 UID: 0 PID: 9153 Comm: syz.3.804 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  360.901621][ T9153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  360.911704][ T9153] Call Trace:
[  360.914997][ T9153]  <TASK>
[  360.917945][ T9153]  dump_stack_lvl+0x16c/0x1f0
[  360.922673][ T9153]  should_fail_ex+0x497/0x5b0
[  360.927397][ T9153]  _copy_to_user+0x32/0xd0
[  360.931846][ T9153]  simple_read_from_buffer+0xd0/0x160
[  360.937264][ T9153]  proc_fail_nth_read+0x198/0x270
[  360.942329][ T9153]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.947906][ T9153]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  360.953480][ T9153]  vfs_read+0x1df/0xbe0
[  360.957636][ T9153]  ? __fget_files+0x1fc/0x3a0
[  360.962311][ T9153]  ? __pfx___mutex_lock+0x10/0x10
[  360.967326][ T9153]  ? __pfx_vfs_read+0x10/0x10
[  360.971989][ T9153]  ? __fget_files+0x206/0x3a0
[  360.976674][ T9153]  ksys_read+0x12b/0x250
[  360.980912][ T9153]  ? __pfx_ksys_read+0x10/0x10
[  360.985663][ T9153]  do_syscall_64+0xcd/0x250
[  360.990159][ T9153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.996046][ T9153] RIP: 0033:0x7fef9c77e92c
[  361.000452][ T9153] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  361.020072][ T9153] RSP: 002b:00007fef9d525050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  361.028497][ T9153] RAX: ffffffffffffffda RBX: 00007fef9c945fa0 RCX: 00007fef9c77e92c
[  361.036452][ T9153] RDX: 000000000000000f RSI: 00007fef9d5250b0 RDI: 0000000000000005
[  361.044405][ T9153] RBP: 00007fef9d5250a0 R08: 0000000000000000 R09: 0000000000000000
[  361.052360][ T9153] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  361.060314][ T9153] R13: 0000000000000000 R14: 00007fef9c945fa0 R15: 00007fffb7268d78
[  361.068278][ T9153]  </TASK>
[  363.162438][   T29] audit: type=1400 audit(1733224885.896:1065): avc:  denied  { recv } for  pid=9158 comm="syz.3.806" saddr=10.128.0.169 src=49500 daddr=10.128.1.108 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  363.796464][ T9170] veth19: entered promiscuous mode
[  363.808543][ T9170] veth19: entered allmulticast mode
[  363.974453][ T9175] ieee802154 phy0 wpan0: encryption failed: -22
[  363.980891][   T29] audit: type=1400 audit(1733224887.606:1066): avc:  denied  { write } for  pid=9174 comm="syz.2.809" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  365.555884][ T9215] syz.4.820[9215] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  365.556277][ T9215] syz.4.820[9215] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  365.568140][ T9215] syz.4.820[9215] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  366.327385][ T9220] veth11: entered promiscuous mode
[  366.344150][ T9220] veth11: entered allmulticast mode
[  367.322857][ T9246] xt_nfacct: accounting object `syz0' does not exists
[  368.957915][ T9268] dccp_invalid_packet: P.Data Offset(0) too small
[  369.231330][ T9267] dccp_invalid_packet: P.Data Offset(0) too small
[  369.605422][  T969] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  369.799593][  T969] usb 3-1: Using ep0 maxpacket: 32
[  369.807010][  T969] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  369.824963][  T969] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  369.977795][  T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.986423][  T969] usb 3-1: Product: syz
[  369.990901][  T969] usb 3-1: Manufacturer: syz
[  369.995541][  T969] usb 3-1: SerialNumber: syz
[  370.001836][  T969] usb 3-1: config 0 descriptor??
[  370.010333][ T9273] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  370.018863][  T969] hub 3-1:0.0: bad descriptor, ignoring hub
[  370.025050][  T969] hub 3-1:0.0: probe with driver hub failed with error -5
[  370.048693][  T969] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input16
[  370.359758][  T969] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  370.669805][  T969] usb 2-1: Using ep0 maxpacket: 32
[  370.684206][  T969] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  370.707058][  T969] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  370.717806][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.727238][  T969] usb 2-1: Product: syz
[  370.777339][  T969] usb 2-1: Manufacturer: syz
[  370.782232][  T969] usb 2-1: SerialNumber: syz
[  370.877299][  T969] usb 2-1: config 0 descriptor??
[  370.889871][ T9272] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  370.898487][  T969] hub 2-1:0.0: bad descriptor, ignoring hub
[  370.904716][  T969] hub 2-1:0.0: probe with driver hub failed with error -5
[  370.915003][  T969] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input17
[  371.128446][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  371.138328][  T971] usb 2-1: USB disconnect, device number 18
[  371.235334][ T9299] netlink: 8 bytes leftover after parsing attributes in process `syz.3.839'.
[  371.300358][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  371.690402][    T9] usb 1-1: Using ep0 maxpacket: 32
[  371.798211][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 119, changing to 10
[  371.829763][    T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  371.869413][    T9] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  371.999480][ T5871] usb 3-1: USB disconnect, device number 21
[  371.999533][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  372.060086][    T9] usb 1-1: language id specifier not provided by device, defaulting to English
[  372.582340][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  372.603605][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  372.612307][    T9] usb 1-1: Product: 蘾諴᪚�뮘簃˚�ܼ뢿轜ﴹ鈸䯤�ꭀ�涼ᵉ懕ߦ林眊ㅫ늭⹉騬脽�㇄�뷒Դ�弼쭮핚꫌ⳗꃅ乀澦䂚�슛餘餟૕�ẞ��掗儕쫬�䞔⠼嫣⾎�퀜톽⚷럧탟냀슒ྖꃅ㞎��㚌ລ�奜�楓⾤ﮈ䥃�瞟�㥹䄦�憣讌㼞쥞륟ᜅ漷
[  372.643670][    T9] usb 1-1: Manufacturer: 格噕♥�䚪஼︌蕙槑�ㄔꚃ룦ꈩ皗�↎��敬佹�䗳澭莖桄崎ክ⥌ᄉ鲙螦㥜烙⨀怹
[  372.660010][    T9] usb 1-1: SerialNumber: Њ
[  373.974914][    T9] cdc_ncm 1-1:1.0: bind() failure
[  373.985621][    T9] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  373.992762][    T9] cdc_ncm 1-1:1.1: bind() failure
[  374.028816][    T9] usb 1-1: USB disconnect, device number 14
[  374.344623][ T9335] syz.4.846[9335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  374.344710][ T9335] syz.4.846[9335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  374.356202][ T9335] syz.4.846[9335] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  374.671813][ T9342] netlink: 'syz.0.851': attribute type 2 has an invalid length.
[  374.697089][ T9342] netlink: 'syz.0.851': attribute type 8 has an invalid length.
[  374.705457][ T9342] netlink: 'syz.0.851': attribute type 9 has an invalid length.
[  374.719807][ T9342] netlink: 'syz.0.851': attribute type 10 has an invalid length.
[  374.727862][ T9342] netlink: 'syz.0.851': attribute type 11 has an invalid length.
[  374.812458][ T5899] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  375.405389][ T9353] iso9660: Unknown parameter 'ÃÚ*	…A?£F¢R]Þ�
®Äæ"—;ÕµÛ…ësý ¡MˆU:GÂÌ1¶`Ï^Ò÷
šÁ–¬‘ž«?ªª9"��'YzwƒÑ[4c$w‘�í®Öá²»Œ8 H04XgM¶j³””F¡oùý
áÊý¦RP'˜àPYZƒñ‡Éé9o¢É8b…²yŒ‡;ÚC'
[  375.959046][ T5899] usb 2-1: Using ep0 maxpacket: 8
[  375.966360][ T5899] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  375.974754][ T5899] usb 2-1: config 179 has no interface number 0
[  375.981117][ T5899] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  375.992600][ T5899] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  376.516230][ T5899] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  376.531021][ T5899] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  376.541542][ T5899] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  376.555178][ T5899] usb 2-1: config 179 interface 65 has no altsetting 0
[  376.570056][  T971] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  376.577784][ T5899] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  376.587535][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.603557][ T5899] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input18
[  377.568427][  T971] usb 1-1: config 0 has an invalid interface number: 182 but max is 1
[  377.587545][ T9365] evm: overlay not supported
[  377.617655][  T971] usb 1-1: config 0 has no interface number 1
[  377.624925][  T971] usb 1-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  377.634213][  T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.652893][  T971] usb 1-1: config 0 descriptor??
[  377.906541][   T29] audit: type=1400 audit(1733224901.536:1067): avc:  denied  { read } for  pid=9378 comm="syz.4.860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  378.149594][    T8] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  378.320538][    T8] usb 3-1: config 0 has an invalid interface number: 182 but max is 1
[  378.328801][    T8] usb 3-1: config 0 has no interface number 1
[  378.339620][    T8] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  378.348793][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.363227][    T8] usb 3-1: config 0 descriptor??
[  378.585331][    T8] usb 2-1: USB disconnect, device number 19
[  378.591475][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  378.658454][ T9391] syz.4.863[9391] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.658845][ T9391] syz.4.863[9391] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.670761][ T9391] syz.4.863[9391] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  378.807784][   T25] usb 3-1: USB disconnect, device number 22
[  379.033204][    T8] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  379.064388][  T969] usb 1-1: USB disconnect, device number 15
[  380.454573][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  380.461040][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  380.771247][ T9412] xt_nfacct: accounting object `syz0' does not exists
[  383.813471][ T5901] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  384.510159][ T9433] netlink: 8 bytes leftover after parsing attributes in process `syz.3.874'.
[  384.715582][ T5901] usb 5-1: Using ep0 maxpacket: 8
[  384.723794][ T5901] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  384.735836][ T5901] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  384.747092][ T5901] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  384.758105][ T5901] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  384.771750][ T5901] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  384.799010][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.841269][ T9444] syz.0.875[9444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  384.841680][ T9444] syz.0.875[9444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  384.853933][ T9444] syz.0.875[9444] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  385.692868][ T5901] usb 5-1: GET_CAPABILITIES returned 0
[  385.725531][ T5901] usbtmc 5-1:16.0: can't read capabilities
[  385.972634][ T9460] FAULT_INJECTION: forcing a failure.
[  385.972634][ T9460] name failslab, interval 1, probability 0, space 0, times 0
[  385.986329][ T9460] CPU: 0 UID: 0 PID: 9460 Comm: syz.3.877 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  385.996958][ T9460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  386.007023][ T9460] Call Trace:
[  386.010301][ T9460]  <TASK>
[  386.013235][ T9460]  dump_stack_lvl+0x16c/0x1f0
[  386.017943][ T9460]  should_fail_ex+0x497/0x5b0
[  386.022627][ T9460]  ? fs_reclaim_acquire+0xae/0x150
[  386.027754][ T9460]  should_failslab+0xc2/0x120
[  386.032441][ T9460]  __kmalloc_cache_noprof+0x68/0x410
[  386.037805][ T9460]  snd_pcm_oss_change_params_locked+0x1d6/0x3a60
[  386.044199][ T9460]  ? __mutex_init+0x85/0x120
[  386.048804][ T9460]  ? snd_pcm_oss_read+0x374/0x750
[  386.053835][ T9460]  ? rcu_is_watching+0x12/0xc0
[  386.058605][ T9460]  ? trace_contention_end+0xee/0x140
[  386.063894][ T9460]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  386.070668][ T9460]  ? snd_pcm_oss_read+0x374/0x750
[  386.075715][ T9460]  snd_pcm_oss_make_ready_locked+0xb7/0x130
[  386.081627][ T9460]  snd_pcm_oss_read+0x396/0x750
[  386.086494][ T9460]  ? bpf_lsm_file_permission+0x9/0x10
[  386.091888][ T9460]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  386.097272][ T9460]  vfs_read+0x1df/0xbe0
[  386.101435][ T9460]  ? __fget_files+0x1fc/0x3a0
[  386.106116][ T9460]  ? __pfx_lock_release+0x10/0x10
[  386.111145][ T9460]  ? __pfx_vfs_read+0x10/0x10
[  386.115821][ T9460]  ? lock_acquire+0x2f/0xb0
[  386.120323][ T9460]  ? __fget_files+0x40/0x3a0
[  386.124914][ T9460]  ? __fget_files+0x206/0x3a0
[  386.129596][ T9460]  ksys_read+0x12b/0x250
[  386.133838][ T9460]  ? __pfx_ksys_read+0x10/0x10
[  386.138604][ T9460]  do_syscall_64+0xcd/0x250
[  386.143116][ T9460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.149012][ T9460] RIP: 0033:0x7fef9c77ff19
[  386.153426][ T9460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.173063][ T9460] RSP: 002b:00007fef9d4e3058 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  386.181541][ T9460] RAX: ffffffffffffffda RBX: 00007fef9c946160 RCX: 00007fef9c77ff19
[  386.189500][ T9460] RDX: 0000000000002020 RSI: 0000000020000180 RDI: 0000000000000006
[  386.197497][ T9460] RBP: 00007fef9d4e30a0 R08: 0000000000000000 R09: 0000000000000000
[  386.205460][ T9460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.213411][ T9460] R13: 0000000000000000 R14: 00007fef9c946160 R15: 00007fffb7268d78
[  386.221459][ T9460]  </TASK>
[  386.242580][  T969] usb 5-1: USB disconnect, device number 27
[  387.275166][   T29] audit: type=1400 audit(1733224910.846:1068): avc:  denied  { ioctl } for  pid=9464 comm="syz.2.880" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  392.512104][ T9513] netlink: 'syz.0.888': attribute type 1 has an invalid length.
[  393.186857][ T9522] xt_nfacct: accounting object `syz0' does not exists
[  393.257885][ T9523] VFS: could not find a valid V7 on nullb0.
[  393.874158][  T971] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  394.135187][  T971] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  394.215918][  T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.303710][  T971] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  394.313151][  T971] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  394.321327][  T971] usb 4-1: Manufacturer: syz
[  394.340757][  T971] usb 4-1: config 0 descriptor??
[  394.449812][  T971] rc_core: IR keymap rc-hauppauge not found
[  394.455969][  T971] Registered IR keymap rc-empty
[  394.463144][  T971] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  394.475278][  T971] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input19
[  396.295756][  T969] usb 4-1: USB disconnect, device number 25
[  396.914215][ T9564] xt_nfacct: accounting object `syz0' does not exists
[  397.372653][ T9568] netlink: zone id is out of range
[  397.378168][ T9568] netlink: zone id is out of range
[  397.383459][ T9568] netlink: zone id is out of range
[  397.388889][ T9568] netlink: zone id is out of range
[  397.397498][ T9568] netlink: zone id is out of range
[  397.476690][ T9568] netlink: zone id is out of range
[  397.482550][ T9568] netlink: zone id is out of range
[  397.487771][ T9568] netlink: zone id is out of range
[  397.497412][ T9568] netlink: set zone limit has 8 unknown bytes
[  401.368389][ T9623] FAULT_INJECTION: forcing a failure.
[  401.368389][ T9623] name failslab, interval 1, probability 0, space 0, times 0
[  401.381706][ T9623] CPU: 1 UID: 0 PID: 9623 Comm: syz.2.916 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  401.392323][ T9623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  401.402379][ T9623] Call Trace:
[  401.405656][ T9623]  <TASK>
[  401.408569][ T9623]  dump_stack_lvl+0x16c/0x1f0
[  401.413241][ T9623]  should_fail_ex+0x497/0x5b0
[  401.417909][ T9623]  ? fs_reclaim_acquire+0xae/0x150
[  401.423011][ T9623]  should_failslab+0xc2/0x120
[  401.427675][ T9623]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  401.433468][ T9623]  ? __alloc_skb+0x2b1/0x380
[  401.438054][ T9623]  __alloc_skb+0x2b1/0x380
[  401.442462][ T9623]  ? __pfx___alloc_skb+0x10/0x10
[  401.447391][ T9623]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  401.453366][ T9623]  netlink_alloc_large_skb+0x69/0x130
[  401.458728][ T9623]  netlink_sendmsg+0x689/0xd70
[  401.463483][ T9623]  ? __pfx_netlink_sendmsg+0x10/0x10
[  401.468759][ T9623]  ____sys_sendmsg+0xaaf/0xc90
[  401.473511][ T9623]  ? copy_msghdr_from_user+0x10b/0x160
[  401.478953][ T9623]  ? __pfx_____sys_sendmsg+0x10/0x10
[  401.484233][ T9623]  ___sys_sendmsg+0x135/0x1e0
[  401.488897][ T9623]  ? __pfx____sys_sendmsg+0x10/0x10
[  401.494085][ T9623]  ? __pfx_lock_release+0x10/0x10
[  401.499094][ T9623]  ? trace_lock_acquire+0x14e/0x1f0
[  401.504287][ T9623]  ? __fget_files+0x206/0x3a0
[  401.508952][ T9623]  __sys_sendmsg+0x16e/0x220
[  401.513536][ T9623]  ? __pfx___sys_sendmsg+0x10/0x10
[  401.518658][ T9623]  do_syscall_64+0xcd/0x250
[  401.523154][ T9623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.529055][ T9623] RIP: 0033:0x7fe57cb7ff19
[  401.533455][ T9623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  401.553065][ T9623] RSP: 002b:00007fe57da51058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  401.561465][ T9623] RAX: ffffffffffffffda RBX: 00007fe57cd45fa0 RCX: 00007fe57cb7ff19
[  401.569425][ T9623] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003
[  401.577381][ T9623] RBP: 00007fe57da510a0 R08: 0000000000000000 R09: 0000000000000000
[  401.585332][ T9623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  401.593288][ T9623] R13: 0000000000000000 R14: 00007fe57cd45fa0 R15: 00007ffc4076a1d8
[  401.601251][ T9623]  </TASK>
[  403.076719][ T9638] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  404.467596][ T5899] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  404.691765][ T5899] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.723490][ T5899] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  404.747961][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.780966][ T5899] usb 2-1: config 0 descriptor??
[  404.793451][ T9663] dccp_invalid_packet: P.Data Offset(0) too small
[  404.814261][ T5899] pwc: Askey VC010 type 2 USB webcam detected.
[  404.958161][ T9667] netlink: set zone limit has 8 unknown bytes
[  405.479831][ T5871] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  405.608270][ T5899] pwc: recv_control_msg error -32 req 02 val 2b00
[  405.615714][ T5899] pwc: recv_control_msg error -32 req 02 val 2700
[  405.622742][ T5899] pwc: recv_control_msg error -32 req 02 val 2c00
[  405.629851][ T5899] pwc: recv_control_msg error -32 req 04 val 1000
[  405.641548][ T5899] pwc: recv_control_msg error -32 req 04 val 1300
[  405.691907][ T5871] usb 3-1: Using ep0 maxpacket: 32
[  405.831701][ T5899] pwc: recv_control_msg error -32 req 04 val 1400
[  405.857244][ T5899] pwc: recv_control_msg error -32 req 02 val 2000
[  405.857479][ T5871] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  405.867407][ T5899] pwc: recv_control_msg error -32 req 02 val 2100
[  405.877890][ T5871] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  405.899587][    T9] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  406.145358][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.155457][ T5871] usb 3-1: Product: syz
[  406.160526][ T5871] usb 3-1: Manufacturer: syz
[  406.165682][ T5871] usb 3-1: SerialNumber: syz
[  406.883001][ T9654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  406.892916][ T9654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  406.945425][ T5899] pwc: recv_control_msg error -32 req 04 val 1500
[  406.953481][ T5899] pwc: recv_control_msg error -32 req 02 val 2500
[  406.962787][ T5899] pwc: recv_control_msg error -71 req 02 val 2400
[  406.970480][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  406.981007][ T5899] pwc: recv_control_msg error -71 req 02 val 2600
[  406.987947][ T5899] pwc: recv_control_msg error -71 req 02 val 2900
[  406.994738][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  407.013670][ T5899] pwc: recv_control_msg error -71 req 02 val 2800
[  407.024733][ T5871] usb 3-1: config 0 descriptor??
[  407.030725][ T9673] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  407.038802][ T5871] hub 3-1:0.0: bad descriptor, ignoring hub
[  407.042222][ T5899] pwc: recv_control_msg error -71 req 04 val 1100
[  407.045000][ T5871] hub 3-1:0.0: probe with driver hub failed with error -5
[  407.061604][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  407.065860][ T5871] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input20
[  407.081891][ T5899] pwc: recv_control_msg error -71 req 04 val 1200
[  407.091461][ T5899] pwc: Registered as video103.
[  407.097125][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input21
[  407.116743][    T9] usb 4-1: config 0 descriptor??
[  407.133590][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  407.140802][    T8] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  407.164922][ T9687] xt_nfacct: accounting object `syz0' does not exists
[  407.169746][ T5899] usb 2-1: USB disconnect, device number 20
[  407.365680][    T8] usb 1-1: Using ep0 maxpacket: 16
[  407.398570][    T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  407.410913][    T8] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  407.432905][    T8] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  407.443788][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.454637][    T8] usb 1-1: Product: syz
[  407.459169][    T8] usb 1-1: Manufacturer: syz
[  407.464704][    T8] usb 1-1: SerialNumber: syz
[  407.473326][    T8] usb 1-1: config 0 descriptor??
[  407.572316][ T9670] fuse: Bad value for 'group_id'
[  407.578102][ T9670] fuse: Bad value for 'group_id'
[  407.594361][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  407.607639][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  407.616818][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  407.625007][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  407.645536][    T9] pwc: recv_control_msg error -32 req 04 val 1300
[  407.657016][    T9] pwc: recv_control_msg error -32 req 04 val 1400
[  407.664420][    T9] pwc: recv_control_msg error -32 req 02 val 2000
[  407.674545][ T9670] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.683506][    T9] pwc: recv_control_msg error -32 req 02 val 2100
[  407.693902][ T9670] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.714876][    T9] pwc: recv_control_msg error -32 req 04 val 1500
[  407.722466][    T9] pwc: recv_control_msg error -32 req 02 val 2500
[  407.741233][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  407.759769][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  407.781658][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  407.818551][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  407.829138][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  407.862719][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  407.882884][    T9] pwc: Registered as video103.
[  407.888665][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input22
[  407.917346][   T29] audit: type=1400 audit(1733224931.546:1069): avc:  denied  { write } for  pid=9690 comm="syz.1.939" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  407.943176][    T9] usb 4-1: USB disconnect, device number 26
[  408.540716][ T5899] usb 3-1: USB disconnect, device number 23
[  408.540803][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  408.837197][ T9698] overlayfs: conflicting lowerdir path
[  408.969651][   T29] audit: type=1400 audit(1733224932.516:1070): avc:  denied  { create } for  pid=9690 comm="syz.1.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  409.003804][ T9703] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  409.013706][ T9703] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  409.335903][   T29] audit: type=1400 audit(1733224932.956:1071): avc:  denied  { module_request } for  pid=9683 comm="syz.0.936" kmod="block-major-0-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  409.755534][ T9692] netlink: 'syz.1.939': attribute type 1 has an invalid length.
[  409.779356][ T9692] 8021q: adding VLAN 0 to HW filter on device bond1
[  409.899562][ T9715] netlink: zone id is out of range
[  409.906573][ T9715] netlink: zone id is out of range
[  409.912583][ T9715] netlink: zone id is out of range
[  409.918739][ T9715] netlink: zone id is out of range
[  409.924486][ T9715] netlink: zone id is out of range
[  409.930782][ T9715] netlink: zone id is out of range
[  409.936149][ T9715] netlink: zone id is out of range
[  409.942983][ T9715] netlink: zone id is out of range
[  409.966173][ T9715] netlink: set zone limit has 8 unknown bytes
[  411.346776][    T9] usb 1-1: USB disconnect, device number 16
[  411.426135][ T9738] dccp_invalid_packet: P.Data Offset(0) too small
[  411.545330][   T29] audit: type=1400 audit(1733224935.176:1072): avc:  denied  { read write } for  pid=9736 comm="syz.0.949" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  411.622801][ T9744] xt_nfacct: accounting object `syz0' does not exists
[  411.638930][   T29] audit: type=1400 audit(1733224935.216:1073): avc:  denied  { open } for  pid=9736 comm="syz.0.949" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  412.167230][ T5901] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  412.329645][ T5901] usb 3-1: Using ep0 maxpacket: 32
[  412.361470][ T5901] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  412.379376][   T29] audit: type=1400 audit(1733224936.006:1074): avc:  denied  { ioctl } for  pid=9749 comm="syz.4.951" path="/dev/rtc0" dev="devtmpfs" ino=921 ioctlcmd=0x700f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  412.446227][ T5901] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  412.509122][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.556259][ T5901] usb 3-1: Product: syz
[  412.570552][ T5901] usb 3-1: Manufacturer: syz
[  412.576609][ T5901] usb 3-1: SerialNumber: syz
[  412.647524][ T5901] usb 3-1: config 0 descriptor??
[  412.654827][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  412.662871][ T9747] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  412.679294][ T5901] hub 3-1:0.0: bad descriptor, ignoring hub
[  412.686666][ T5901] hub 3-1:0.0: probe with driver hub failed with error -5
[  412.743518][ T5901] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input23
[  412.998173][    T9] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  413.009633][    T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  413.020280][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  413.029825][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  413.559933][    T9] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  413.569226][    T9] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  413.577408][    T9] usb 1-1: Product: syz
[  413.581712][    T9] usb 1-1: Manufacturer: syz
[  413.620913][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  413.639626][    T9] cdc_wdm 1-1:1.0: skipping garbage
[  413.689716][    T9] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  413.695902][    T9] cdc_wdm 1-1:1.0: Unknown control protocol
[  413.903862][    T9] usb 1-1: USB disconnect, device number 17
[  414.259669][   T29] audit: type=1326 audit(1733224937.886:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9736 comm="syz.0.949" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d4d57ff19 code=0x0
[  414.699026][ T5901] usb 3-1: USB disconnect, device number 24
[  414.705087][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  417.459024][ T9809] dccp_invalid_packet: P.Data Offset(0) too small
[  418.225066][ T5901] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  418.381153][ T5901] usb 3-1: Using ep0 maxpacket: 32
[  418.682100][ T5901] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  418.983997][ T5901] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  418.993844][ T5901] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.001957][ T5901] usb 3-1: Product: syz
[  419.006225][ T5901] usb 3-1: Manufacturer: syz
[  419.010994][ T5901] usb 3-1: SerialNumber: syz
[  419.023482][ T9824] netlink: 8 bytes leftover after parsing attributes in process `syz.0.968'.
[  419.038762][ T5901] usb 3-1: config 0 descriptor??
[  419.051828][ T9834] veth11: entered promiscuous mode
[  419.075588][ T9834] veth11: entered allmulticast mode
[  419.081484][ T9817] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  419.096005][ T9821] netlink: 8 bytes leftover after parsing attributes in process `syz.3.970'.
[  419.111844][ T5901] hub 3-1:0.0: bad descriptor, ignoring hub
[  419.165305][ T5901] hub 3-1:0.0: probe with driver hub failed with error -5
[  419.199522][ T5901] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input24
[  419.910004][ T9840] dccp_invalid_packet: P.Data Offset(0) too small
[  421.040043][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  421.049195][  T969] usb 3-1: USB disconnect, device number 25
[  421.199607][    T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  421.423567][    T8] usb 1-1: Using ep0 maxpacket: 32
[  421.525598][    T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  421.625083][    T8] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  421.634586][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.642695][    T8] usb 1-1: Product: syz
[  421.647005][    T8] usb 1-1: Manufacturer: syz
[  421.651677][    T8] usb 1-1: SerialNumber: syz
[  421.658148][    T8] usb 1-1: config 0 descriptor??
[  421.665964][ T9847] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  421.676704][    T8] hub 1-1:0.0: bad descriptor, ignoring hub
[  421.683555][    T8] hub 1-1:0.0: probe with driver hub failed with error -5
[  421.697306][    T8] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input25
[  423.009999][ T5901] usb 1-1: USB disconnect, device number 18
[  423.010109][    C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  426.189586][ T9896] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  428.290340][ T9915] dccp_invalid_packet: P.Data Offset(0) too small
[  428.344467][ T9923] binder: 9914:9923 ioctl c0306201 0 returned -14
[  428.352199][ T9923] binder: 9914:9923 ioctl ae41 3fffffffffc returned -22
[  429.588231][  T969] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  429.729213][   T29] audit: type=1400 audit(1733224953.356:1076): avc:  denied  { write } for  pid=9932 comm="syz.4.999" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  429.939545][  T969] usb 3-1: Using ep0 maxpacket: 32
[  429.946444][  T969] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32
[  429.961646][  T969] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  430.184445][ T5901] usb 2-1: new low-speed USB device number 21 using dummy_hcd
[  430.197383][  T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.368252][ T5901] usb 2-1: unable to get BOS descriptor or descriptor too short
[  430.474236][ T5901] usb 2-1: config 8 has an invalid interface number: 145 but max is 0
[  430.557487][  T969] usb 3-1: Product: syz
[  430.565120][ T5901] usb 2-1: config 8 has no interface number 0
[  430.580702][  T969] usb 3-1: Manufacturer: syz
[  430.585634][ T5901] usb 2-1: config 8 interface 145 has no altsetting 0
[  430.592740][  T969] usb 3-1: SerialNumber: syz
[  430.600238][  T969] usb 3-1: config 0 descriptor??
[  430.612233][ T9927] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  430.620680][  T969] hub 3-1:0.0: bad descriptor, ignoring hub
[  430.651777][  T969] hub 3-1:0.0: probe with driver hub failed with error -5
[  430.730583][  T969] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input26
[  430.740456][ T5901] usb 2-1: string descriptor 0 read error: -22
[  430.746710][ T5901] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=83.cc
[  430.755881][ T5901] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.962191][ T5901] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  431.576791][ T5901] gspca_sunplus: reg_r err -110
[  431.669593][    T9] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  431.802310][ T9957] Process accounting resumed
[  431.874490][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  431.922362][    T9] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  432.054137][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.079487][ T5899] usb 3-1: USB disconnect, device number 26
[  432.079578][    C1] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  432.100581][    T9] usb 4-1: config 0 descriptor??
[  432.156165][    T9] pwc: Askey VC010 type 2 USB webcam detected.
[  432.427590][    T8] usb 2-1: USB disconnect, device number 21
[  432.463157][ T9969] No control pipe specified
[  432.840339][ T9972] xt_nfacct: accounting object `syz0' does not exists
[  432.854801][ T9946] fuse: Bad value for 'group_id'
[  432.860314][ T9946] fuse: Bad value for 'group_id'
[  433.376183][    T9] pwc: recv_control_msg error -32 req 02 val 2b00
[  433.418876][    T9] pwc: recv_control_msg error -32 req 02 val 2700
[  433.439594][ T5899] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  434.251965][    T9] pwc: recv_control_msg error -32 req 02 val 2c00
[  434.259326][    T9] pwc: recv_control_msg error -32 req 04 val 1000
[  434.266694][    T9] pwc: recv_control_msg error -32 req 04 val 1300
[  434.273767][    T9] pwc: recv_control_msg error -32 req 04 val 1400
[  434.281107][    T9] pwc: recv_control_msg error -32 req 02 val 2000
[  434.288186][    T9] pwc: recv_control_msg error -32 req 02 val 2100
[  434.288880][ T9946] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.316964][ T9946] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  434.329234][    T9] pwc: recv_control_msg error -32 req 04 val 1500
[  434.336589][    T9] pwc: recv_control_msg error -32 req 02 val 2500
[  434.374752][ T5899] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  434.385386][ T5899] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  434.409101][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.452203][    T9] pwc: recv_control_msg error -71 req 02 val 2400
[  434.463025][ T5899] usb 3-1: config 0 descriptor??
[  434.468355][    T9] pwc: recv_control_msg error -71 req 02 val 2600
[  434.512498][    T9] pwc: recv_control_msg error -71 req 02 val 2900
[  434.523654][    T9] pwc: recv_control_msg error -71 req 02 val 2800
[  434.533846][    T9] pwc: recv_control_msg error -71 req 04 val 1100
[  434.550166][    T9] pwc: recv_control_msg error -71 req 04 val 1200
[  434.559323][ T5899] pwc: Askey VC010 type 2 USB webcam detected.
[  434.566111][    T9] pwc: Registered as video103.
[  434.571594][    T9] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input27
[  434.585019][    T9] usb 4-1: USB disconnect, device number 27
[  437.403028][ T5899] pwc: recv_control_msg error -71 req 02 val 2b00
[  437.410188][ T5899] pwc: recv_control_msg error -71 req 02 val 2700
[  437.439172][ T5899] pwc: recv_control_msg error -71 req 02 val 2c00
[  437.491194][ T5899] pwc: recv_control_msg error -71 req 04 val 1000
[  437.536672][ T5899] pwc: recv_control_msg error -71 req 04 val 1300
[  437.557952][T10018] FAULT_INJECTION: forcing a failure.
[  437.557952][T10018] name failslab, interval 1, probability 0, space 0, times 0
[  437.584175][ T5899] pwc: recv_control_msg error -71 req 04 val 1400
[  437.631541][ T5899] pwc: recv_control_msg error -71 req 02 val 2000
[  437.665096][T10022] No control pipe specified
[  437.672810][T10018] CPU: 1 UID: 0 PID: 10018 Comm: syz.0.1019 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  437.675343][ T5899] pwc: recv_control_msg error -71 req 02 val 2100
[  437.683624][T10018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  437.683651][T10018] Call Trace:
[  437.683659][T10018]  <TASK>
[  437.683667][T10018]  dump_stack_lvl+0x16c/0x1f0
[  437.683704][T10018]  should_fail_ex+0x497/0x5b0
[  437.683734][T10018]  ? fs_reclaim_acquire+0xae/0x150
[  437.699609][T10023] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1020'.
[  437.700181][T10018]  should_failslab+0xc2/0x120
[  437.730444][ T5899] pwc: recv_control_msg error -71 req 04 val 1500
[  437.734449][T10018]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  437.734491][T10018]  ? __alloc_skb+0x2b1/0x380
[  437.751340][T10018]  __alloc_skb+0x2b1/0x380
[  437.755901][T10018]  ? __pfx___alloc_skb+0x10/0x10
[  437.760590][   T29] audit: type=1400 audit(1733224961.356:1077): avc:  denied  { mount } for  pid=10020 comm="syz.3.1020" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  437.760858][T10018]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  437.789934][T10018]  ? import_ubuf+0x1b6/0x220
[  437.794583][T10018]  pfkey_sendmsg+0x16e/0x840
[  437.799209][T10018]  ____sys_sendmsg+0xaaf/0xc90
[  437.803971][T10018]  ? copy_msghdr_from_user+0x10b/0x160
[  437.809419][T10018]  ? __pfx_____sys_sendmsg+0x10/0x10
[  437.814694][T10018]  ? __lock_acquire+0xcc5/0x3c40
[  437.819633][T10018]  ___sys_sendmsg+0x135/0x1e0
[  437.824474][T10018]  ? __pfx____sys_sendmsg+0x10/0x10
[  437.829666][T10018]  ? trace_lock_acquire+0x14e/0x1f0
[  437.834870][T10018]  __sys_sendmmsg+0x201/0x420
[  437.839535][T10018]  ? __pfx___sys_sendmmsg+0x10/0x10
[  437.844723][T10018]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  437.850703][T10018]  ? fput+0x67/0x440
[  437.854590][T10018]  ? ksys_write+0x1ba/0x250
[  437.859078][T10018]  ? __pfx_ksys_write+0x10/0x10
[  437.863917][T10018]  __x64_sys_sendmmsg+0x9c/0x100
[  437.868839][T10018]  ? lockdep_hardirqs_on+0x7c/0x110
[  437.874029][T10018]  do_syscall_64+0xcd/0x250
[  437.878525][T10018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.884412][T10018] RIP: 0033:0x7f6d4d57ff19
[  437.888814][T10018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.909118][T10018] RSP: 002b:00007f6d4e2c3058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  437.917633][T10018] RAX: ffffffffffffffda RBX: 00007f6d4d745fa0 RCX: 00007f6d4d57ff19
[  437.925596][T10018] RDX: 000000000400008a RSI: 0000000020000180 RDI: 0000000000000003
[  437.933559][T10018] RBP: 00007f6d4e2c30a0 R08: 0000000000000000 R09: 0000000000000000
[  437.941562][T10018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.949558][T10018] R13: 0000000000000000 R14: 00007f6d4d745fa0 R15: 00007fff8f7f10e8
[  437.957530][T10018]  </TASK>
[  437.960837][ T5899] pwc: recv_control_msg error -71 req 02 val 2500
[  437.979222][ T5899] pwc: recv_control_msg error -71 req 02 val 2400
[  437.993818][ T5899] pwc: recv_control_msg error -71 req 02 val 2600
[  438.005658][   T29] audit: type=1400 audit(1733224961.416:1078): avc:  denied  { mounton } for  pid=10020 comm="syz.3.1020" path="/218/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  438.058215][ T5899] pwc: recv_control_msg error -71 req 02 val 2900
[  438.070182][ T5899] pwc: recv_control_msg error -71 req 02 val 2800
[  438.080376][T10031] xt_nfacct: accounting object `syz0' does not exists
[  438.088450][ T5899] pwc: recv_control_msg error -71 req 04 val 1100
[  438.100127][ T5899] pwc: recv_control_msg error -71 req 04 val 1200
[  438.123024][   T29] audit: type=1400 audit(1733224961.626:1079): avc:  denied  { read } for  pid=10020 comm="syz.3.1020" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  438.200448][ T5899] pwc: Registered as video103.
[  438.340964][ T5899] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input28
[  438.349627][   T29] audit: type=1400 audit(1733224961.626:1080): avc:  denied  { open } for  pid=10020 comm="syz.3.1020" path="/218/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  438.377783][ T5899] usb 3-1: USB disconnect, device number 27
[  438.663070][   T29] audit: type=1400 audit(1733224962.296:1081): avc:  denied  { unmount } for  pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  441.218970][T10069] sg_write: data in/out 1521864121/1 bytes for SCSI command 0x8a-- guessing data in;
[  441.218970][T10069]    program syz.4.1035 not setting count and/or reply_len properly
[  442.196756][ T1292] ieee802154 phy0 wpan0: encryption failed: -22
[  442.203279][ T1292] ieee802154 phy1 wpan1: encryption failed: -22
[  442.401194][T10069] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3
[  443.359353][T10086] FAULT_INJECTION: forcing a failure.
[  443.359353][T10086] name failslab, interval 1, probability 0, space 0, times 0
[  443.398509][T10086] CPU: 0 UID: 0 PID: 10086 Comm: syz.4.1037 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  443.409342][T10086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  443.419404][T10086] Call Trace:
[  443.422698][T10086]  <TASK>
[  443.425647][T10086]  dump_stack_lvl+0x16c/0x1f0
[  443.430351][T10086]  should_fail_ex+0x497/0x5b0
[  443.435047][T10086]  ? fs_reclaim_acquire+0xae/0x150
[  443.440182][T10086]  should_failslab+0xc2/0x120
[  443.444875][T10086]  __kmalloc_noprof+0xcb/0x510
[  443.449653][T10086]  ? rcu_is_watching+0x12/0xc0
[  443.454438][T10086]  tomoyo_encode2+0x100/0x3e0
[  443.459144][T10086]  tomoyo_encode+0x29/0x50
[  443.463600][T10086]  tomoyo_realpath_from_path+0x19d/0x720
[  443.469266][T10086]  ? tomoyo_path_number_perm+0x235/0x590
[  443.474926][T10086]  tomoyo_path_number_perm+0x248/0x590
[  443.480411][T10086]  ? tomoyo_path_number_perm+0x235/0x590
[  443.486079][T10086]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  443.492115][T10086]  ? __pfx_lock_release+0x10/0x10
[  443.497171][T10086]  ? trace_lock_acquire+0x14e/0x1f0
[  443.502412][T10086]  ? lock_acquire+0x2f/0xb0
[  443.505951][  T969] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  443.506926][T10086]  ? __fget_files+0x40/0x3a0
[  443.519067][T10086]  ? __fget_files+0x206/0x3a0
[  443.523743][T10086]  security_file_ioctl+0x9b/0x240
[  443.530877][T10086]  __x64_sys_ioctl+0xb7/0x200
[  443.535555][T10086]  do_syscall_64+0xcd/0x250
[  443.540065][T10086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.545976][T10086] RIP: 0033:0x7f11d037ff19
[  443.550426][T10086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.570052][T10086] RSP: 002b:00007f11d1208058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  443.578540][T10086] RAX: ffffffffffffffda RBX: 00007f11d0545fa0 RCX: 00007f11d037ff19
[  443.586517][T10086] RDX: 0000000020000140 RSI: 00000000c048aeca RDI: 000000000000000a
[  443.594480][T10086] RBP: 00007f11d12080a0 R08: 0000000000000000 R09: 0000000000000000
[  443.602440][T10086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.610407][T10086] R13: 0000000000000000 R14: 00007f11d0545fa0 R15: 00007ffcae78f858
[  443.618368][T10086]  </TASK>
[  443.621506][    C0] vkms_vblank_simulate: vblank timer overrun
[  443.629566][T10086] ERROR: Out of memory at tomoyo_realpath_from_path.
[  443.683596][  T969] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  443.694064][  T969] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  443.703357][  T969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.740876][  T969] usb 1-1: config 0 descriptor??
[  443.748829][  T969] pwc: Askey VC010 type 2 USB webcam detected.
[  443.895313][  T969] pwc: send_video_command error -71
[  444.022463][  T969] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  444.072910][  T969] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[  444.236177][  T969] usb 1-1: USB disconnect, device number 19
[  444.484961][T10108] FAULT_INJECTION: forcing a failure.
[  444.484961][T10108] name failslab, interval 1, probability 0, space 0, times 0
[  444.498067][T10108] CPU: 0 UID: 0 PID: 10108 Comm: syz.4.1043 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  444.508919][T10108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  444.519002][T10108] Call Trace:
[  444.522294][T10108]  <TASK>
[  444.525232][T10108]  dump_stack_lvl+0x16c/0x1f0
[  444.529939][T10108]  should_fail_ex+0x497/0x5b0
[  444.534644][T10108]  ? fs_reclaim_acquire+0xae/0x150
[  444.539783][T10108]  should_failslab+0xc2/0x120
[  444.544482][T10108]  __kmalloc_noprof+0xcb/0x510
[  444.549268][T10108]  ? rcu_is_watching+0x12/0xc0
[  444.554245][T10108]  tomoyo_encode2+0x100/0x3e0
[  444.558952][T10108]  tomoyo_encode+0x29/0x50
[  444.563392][T10108]  tomoyo_realpath_from_path+0x19d/0x720
[  444.569048][T10108]  ? tomoyo_path_number_perm+0x235/0x590
[  444.574705][T10108]  tomoyo_path_number_perm+0x248/0x590
[  444.580183][T10108]  ? tomoyo_path_number_perm+0x235/0x590
[  444.585838][T10108]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  444.591864][T10108]  ? __pfx_lock_release+0x10/0x10
[  444.596904][T10108]  ? trace_lock_acquire+0x14e/0x1f0
[  444.602126][T10108]  ? lock_acquire+0x2f/0xb0
[  444.606646][T10108]  ? __fget_files+0x40/0x3a0
[  444.611265][T10108]  ? __fget_files+0x206/0x3a0
[  444.615981][T10108]  security_file_ioctl+0x9b/0x240
[  444.621013][T10108]  __x64_sys_ioctl+0xb7/0x200
[  444.625726][T10108]  do_syscall_64+0xcd/0x250
[  444.630253][T10108]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  444.636159][T10108] RIP: 0033:0x7f11d037ff19
[  444.640586][T10108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  444.660220][T10108] RSP: 002b:00007f11d1208058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  444.668670][T10108] RAX: ffffffffffffffda RBX: 00007f11d0545fa0 RCX: 00007f11d037ff19
[  444.676710][T10108] RDX: 0000000020000080 RSI: 00000000c048aeca RDI: 000000000000000a
[  444.684710][T10108] RBP: 00007f11d12080a0 R08: 0000000000000000 R09: 0000000000000000
[  444.692718][T10108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  444.700716][T10108] R13: 0000000000000000 R14: 00007f11d0545fa0 R15: 00007ffcae78f858
[  444.708816][T10108]  </TASK>
[  444.712004][    C0] vkms_vblank_simulate: vblank timer overrun
[  444.712136][  T969] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  445.668427][T10108] ERROR: Out of memory at tomoyo_realpath_from_path.
[  445.929657][  T969] usb 1-1: Using ep0 maxpacket: 32
[  445.937826][  T969] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  445.955868][  T969] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  445.966463][  T969] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  445.982205][  T969] usb 1-1: Product: syz
[  445.988159][  T969] usb 1-1: Manufacturer: syz
[  445.995992][  T969] usb 1-1: SerialNumber: syz
[  446.006648][  T969] usb 1-1: config 0 descriptor??
[  446.012543][T10102] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  446.209603][ T5871] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  446.616651][ T5871] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  446.698673][ T5871] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  446.721921][ T5901] usb 1-1: USB disconnect, device number 20
[  446.730339][ T5871] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  446.743835][ T5871] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  446.757350][ T5871] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  446.759544][    T8] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  446.766895][ T5871] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  446.783139][ T5871] usb 3-1: Product: syz
[  446.787316][ T5871] usb 3-1: Manufacturer: syz
[  446.794575][ T5871] cdc_wdm 3-1:1.0: skipping garbage
[  446.800137][ T5871] cdc_wdm 3-1:1.0: skipping garbage
[  446.807546][ T5871] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  446.813545][ T5871] cdc_wdm 3-1:1.0: Unknown control protocol
[  446.925320][    T8] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  446.934812][    T8] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  446.945020][    T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  446.955384][    T8] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  446.964504][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.972611][    T8] usb 5-1: Product: syz
[  446.977365][    T8] usb 5-1: Manufacturer: syz
[  446.982364][    T8] usb 5-1: SerialNumber: syz
[  447.039122][ T5871] usb 3-1: USB disconnect, device number 28
[  447.193066][T10124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.193297][T10133] SELinux:  Context system_u:object_r:devpts_t:s0 is not valid (left unmapped).
[  447.205361][T10124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.212996][   T29] audit: type=1400 audit(1733224970.836:1082): avc:  denied  { relabelto } for  pid=10123 comm="syz.4.1048" name="217" dev="tmpfs" ino=1235 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devpts_t:s0"
[  447.225481][T10124] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  447.251750][   T29] audit: type=1400 audit(1733224970.886:1083): avc:  denied  { associate } for  pid=10123 comm="syz.4.1048" name="217" dev="tmpfs" ino=1235 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:devpts_t:s0"
[  447.253500][T10124] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  447.287646][    C1] vkms_vblank_simulate: vblank timer overrun
[  447.297335][ T5901] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  447.344584][   T29] audit: type=1400 audit(1733224970.976:1084): avc:  denied  { write } for  pid=5828 comm="syz-executor" name="217" dev="tmpfs" ino=1235 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devpts_t:s0"
[  447.375040][    T8] usb 5-1: 0:2 : does not exist
[  447.388636][    T8] usb 5-1: USB disconnect, device number 28
[  447.399015][   T29] audit: type=1400 audit(1733224970.976:1085): avc:  denied  { remove_name } for  pid=5828 comm="syz-executor" name="cgroup" dev="tmpfs" ino=1236 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devpts_t:s0"
[  447.442682][   T29] audit: type=1400 audit(1733224970.986:1086): avc:  denied  { rmdir } for  pid=5828 comm="syz-executor" name="217" dev="tmpfs" ino=1235 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:devpts_t:s0"
[  447.664801][ T5901] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  447.675463][ T5901] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  447.684703][ T5901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  447.694938][T10143] FAULT_INJECTION: forcing a failure.
[  447.694938][T10143] name failslab, interval 1, probability 0, space 0, times 0
[  447.695258][ T5901] usb 2-1: config 0 descriptor??
[  447.711381][T10143] CPU: 0 UID: 0 PID: 10143 Comm: syz.0.1053 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  447.715143][ T5901] pwc: Askey VC010 type 2 USB webcam detected.
[  447.723381][T10143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  447.723403][T10143] Call Trace:
[  447.723413][T10143]  <TASK>
[  447.723423][T10143]  dump_stack_lvl+0x16c/0x1f0
[  447.723458][T10143]  should_fail_ex+0x497/0x5b0
[  447.723484][T10143]  ? fs_reclaim_acquire+0xae/0x150
[  447.723511][T10143]  should_failslab+0xc2/0x120
[  447.723533][T10143]  __kmalloc_noprof+0xcb/0x510
[  447.723558][T10143]  ? d_absolute_path+0x137/0x1b0
[  447.774666][T10143]  ? rcu_is_watching+0x12/0xc0
[  447.779446][T10143]  tomoyo_encode2+0x100/0x3e0
[  447.784134][T10143]  tomoyo_encode+0x29/0x50
[  447.788533][T10143]  tomoyo_realpath_from_path+0x19d/0x720
[  447.794171][T10143]  tomoyo_path_number_perm+0x248/0x590
[  447.799616][T10143]  ? tomoyo_path_number_perm+0x235/0x590
[  447.805261][T10143]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  447.811283][T10143]  ? __pfx_lock_release+0x10/0x10
[  447.816303][T10143]  ? trace_lock_acquire+0x14e/0x1f0
[  447.821490][T10143]  ? lock_acquire+0x2f/0xb0
[  447.825971][T10143]  ? __fget_files+0x40/0x3a0
[  447.830573][T10143]  ? __fget_files+0x206/0x3a0
[  447.835246][T10143]  security_file_ioctl+0x9b/0x240
[  447.840257][T10143]  __x64_sys_ioctl+0xb7/0x200
[  447.844922][T10143]  do_syscall_64+0xcd/0x250
[  447.849428][T10143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.855339][T10143] RIP: 0033:0x7f6d4d57ff19
[  447.859768][T10143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.879398][T10143] RSP: 002b:00007f6d4e2c3058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  447.887808][T10143] RAX: ffffffffffffffda RBX: 00007f6d4d745fa0 RCX: 00007f6d4d57ff19
[  447.895773][T10143] RDX: 0000000020000d40 RSI: 00000000c0386105 RDI: 0000000000000003
[  447.903743][T10143] RBP: 00007f6d4e2c30a0 R08: 0000000000000000 R09: 0000000000000000
[  447.911722][T10143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  447.919684][T10143] R13: 0000000000000000 R14: 00007f6d4d745fa0 R15: 00007fff8f7f10e8
[  447.927741][T10143]  </TASK>
[  448.041805][T10143] ERROR: Out of memory at tomoyo_realpath_from_path.
[  449.387955][T10132] fuse: Bad value for 'group_id'
[  449.393505][T10132] fuse: Bad value for 'group_id'
[  449.410505][ T5901] pwc: recv_control_msg error -32 req 02 val 2b00
[  449.424844][T10146] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1055'.
[  449.434791][ T5901] pwc: recv_control_msg error -32 req 02 val 2700
[  449.495773][ T5901] pwc: recv_control_msg error -32 req 02 val 2c00
[  449.510981][ T5901] pwc: recv_control_msg error -32 req 04 val 1000
[  449.521359][ T5901] pwc: recv_control_msg error -32 req 04 val 1300
[  449.550859][ T5901] pwc: recv_control_msg error -32 req 04 val 1400
[  449.570478][ T5901] pwc: recv_control_msg error -32 req 02 val 2000
[  449.589825][T10132] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  449.607934][ T5901] pwc: recv_control_msg error -32 req 02 val 2100
[  449.615122][T10132] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  449.636172][ T5901] pwc: recv_control_msg error -32 req 04 val 1500
[  449.652400][ T5901] pwc: recv_control_msg error -32 req 02 val 2500
[  449.664913][ T5901] pwc: recv_control_msg error -71 req 02 val 2400
[  449.674116][ T5901] pwc: recv_control_msg error -71 req 02 val 2600
[  449.706400][ T5901] pwc: recv_control_msg error -71 req 02 val 2900
[  449.814584][ T5901] pwc: recv_control_msg error -71 req 02 val 2800
[  449.823007][ T5901] pwc: recv_control_msg error -71 req 04 val 1100
[  449.830542][ T5901] pwc: recv_control_msg error -71 req 04 val 1200
[  449.851084][ T5901] pwc: Registered as video103.
[  449.858152][ T5901] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input29
[  450.429984][ T5901] usb 2-1: USB disconnect, device number 22
[  451.093736][T10169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1059'.
[  451.328536][   T29] audit: type=1400 audit(1733224974.956:1087): avc:  denied  { create } for  pid=10178 comm="syz.1.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  451.388649][   T29] audit: type=1400 audit(1733224974.956:1088): avc:  denied  { write } for  pid=10178 comm="syz.1.1062" path="socket:[21997]" dev="sockfs" ino=21997 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  451.578484][   T29] audit: type=1400 audit(1733224974.956:1089): avc:  denied  { nlmsg_read } for  pid=10178 comm="syz.1.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  451.891481][ T5901] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  452.091763][ T5901] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  452.173537][ T5901] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  452.187644][ T5901] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  452.197013][ T5901] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14385, setting to 64
[  452.198596][T10199] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  452.222759][ T5901] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  452.224115][   T29] audit: type=1400 audit(1733224975.836:1090): avc:  denied  { bind } for  pid=10198 comm="syz.0.1066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  452.253869][ T5901] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  452.262976][T10199] batadv_slave_1: entered promiscuous mode
[  452.268957][ T5901] usb 4-1: Product: syz
[  452.286147][ T5901] usb 4-1: Manufacturer: syz
[  452.297317][ T5901] cdc_wdm 4-1:1.0: skipping garbage
[  452.316898][ T5901] cdc_wdm 4-1:1.0: skipping garbage
[  452.345121][ T5901] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  452.358375][ T5901] cdc_wdm 4-1:1.0: Unknown control protocol
[  452.494368][T10206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1068'.
[  452.510963][ T5901] usb 4-1: USB disconnect, device number 28
[  452.729678][    T8] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  453.291497][    T8] usb 3-1: Using ep0 maxpacket: 16
[  453.298173][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  453.309386][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  453.319382][    T8] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  453.332724][    T8] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  453.342102][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.360472][    T8] usb 3-1: config 0 descriptor??
[  453.479625][ T5870] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  453.633427][ T5870] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  453.644375][ T5870] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  453.655930][ T5870] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  453.667343][ T5870] usb 1-1: config 0 descriptor??
[  453.679615][ T5870] pwc: Askey VC010 type 2 USB webcam detected.
[  453.996990][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  454.010905][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  454.042859][    T8] usb 3-1: USB disconnect, device number 29
[  454.084459][T10224] fuse: Bad value for 'group_id'
[  454.099623][T10224] fuse: Bad value for 'group_id'
[  454.114448][ T5870] pwc: recv_control_msg error -32 req 02 val 2b00
[  454.132201][ T5870] pwc: recv_control_msg error -32 req 02 val 2700
[  454.219679][T10236] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  454.231944][   T29] audit: type=1400 audit(1733224977.846:1091): avc:  denied  { bind } for  pid=10232 comm="syz.3.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  454.265931][ T5870] pwc: recv_control_msg error -32 req 02 val 2c00
[  454.279096][ T5870] pwc: recv_control_msg error -32 req 04 val 1000
[  454.286677][ T5870] pwc: recv_control_msg error -32 req 04 val 1300
[  454.293889][ T5870] pwc: recv_control_msg error -32 req 04 val 1400
[  454.301215][ T5870] pwc: recv_control_msg error -32 req 02 val 2000
[  454.309046][T10224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  454.331229][T10224] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  454.807971][ T5870] pwc: recv_control_msg error -32 req 02 val 2100
[  454.815703][ T5870] pwc: recv_control_msg error -32 req 04 val 1500
[  454.839694][ T5870] pwc: recv_control_msg error -32 req 02 val 2500
[  454.857890][ T5870] pwc: recv_control_msg error -71 req 02 val 2400
[  454.879049][ T5870] pwc: recv_control_msg error -71 req 02 val 2600
[  454.923812][ T5870] pwc: recv_control_msg error -71 req 02 val 2900
[  454.979567][ T5870] pwc: recv_control_msg error -71 req 02 val 2800
[  454.986449][ T5870] pwc: recv_control_msg error -71 req 04 val 1100
[  455.008510][ T5870] pwc: recv_control_msg error -71 req 04 val 1200
[  455.050544][ T5870] pwc: Registered as video103.
[  455.097788][ T5870] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input30
[  455.116778][ T5870] usb 1-1: USB disconnect, device number 21
[  455.291695][   T29] audit: type=1400 audit(1733224978.866:1092): avc:  denied  { mount } for  pid=10244 comm="syz.1.1079" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  455.679772][   T29] audit: type=1400 audit(1733224979.276:1093): avc:  denied  { write } for  pid=10262 comm="syz.1.1084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  456.089547][ T5870] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  456.462357][ T5870] usb 5-1: config 0 has an invalid interface number: 182 but max is 1
[  456.499662][ T5870] usb 5-1: config 0 has no interface number 1
[  456.505986][ T5870] usb 5-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  456.515266][ T5870] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.528163][ T5870] usb 5-1: config 0 descriptor??
[  458.619952][T10299] syz.2.1092[10299] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  458.620541][T10299] syz.2.1092[10299] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  458.632934][T10299] syz.2.1092[10299] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  459.520432][ T5870] usb 5-1: USB disconnect, device number 29
[  459.628166][T10304] lo speed is unknown, defaulting to 1000
[  459.656815][T10304] lo speed is unknown, defaulting to 1000
[  459.667344][T10304] lo speed is unknown, defaulting to 1000
[  459.892433][ T5901] lo speed is unknown, defaulting to 1000
[  459.901368][T10304] infiniband syz0: set active
[  459.906675][T10304] infiniband syz0: added lo
[  460.382301][T10304] RDS/IB: syz0: added
[  460.387103][T10304] smc: adding ib device syz0 with port count 1
[  460.393971][T10304] smc:    ib device syz0 port 1 has pnetid 
[  460.407676][    T9] lo speed is unknown, defaulting to 1000
[  460.415753][T10304] lo speed is unknown, defaulting to 1000
[  460.459637][    T8] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  460.467492][ T5870] usb 4-1: new low-speed USB device number 29 using dummy_hcd
[  460.557376][T10304] lo speed is unknown, defaulting to 1000
[  460.610924][T10304] lo speed is unknown, defaulting to 1000
[  460.624236][ T5870] usb 4-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 64, setting to 8
[  460.642613][ T5870] usb 4-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  460.658809][    T8] usb 3-1: config 0 has an invalid interface number: 182 but max is 1
[  460.669853][ T5870] usb 4-1: config 1 interface 0 has no altsetting 0
[  460.676629][    T8] usb 3-1: config 0 has no interface number 1
[  460.683212][T10304] lo speed is unknown, defaulting to 1000
[  460.686078][    T8] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  460.700241][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.712057][ T5870] usb 4-1: string descriptor 0 read error: -22
[  460.722586][ T5870] usb 4-1: New USB device found, idVendor=172f, idProduct=0038, bcdDevice= 0.40
[  460.756129][T10304] lo speed is unknown, defaulting to 1000
[  460.799693][ T5901] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  460.805939][ T5870] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.828968][    T8] usb 3-1: config 0 descriptor??
[  460.837540][T10312] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  460.956455][ T5901] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  460.967774][ T5901] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  461.032718][ T5901] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  461.106792][ T5901] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.181644][ T5901] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  461.219489][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  461.227794][ T5901] usb 1-1: Product: syz
[  461.249581][ T5901] usb 1-1: Manufacturer: syz
[  461.417207][ T5901] cdc_wdm 1-1:1.0: skipping garbage
[  461.439470][ T5901] cdc_wdm 1-1:1.0: skipping garbage
[  461.451004][   T29] audit: type=1400 audit(1733224985.076:1094): avc:  denied  { bind } for  pid=10311 comm="syz.3.1097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  461.470369][    C1] vkms_vblank_simulate: vblank timer overrun
[  461.482997][ T5901] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  461.488993][ T5901] cdc_wdm 1-1:1.0: Unknown control protocol
[  461.499807][   T29] audit: type=1400 audit(1733224985.136:1095): avc:  denied  { write } for  pid=10311 comm="syz.3.1097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  461.871710][    T8] usb 1-1: USB disconnect, device number 22
[  462.158159][ T5870] usbhid 4-1:1.0: can't add hid device: -71
[  462.176877][   T29] audit: type=1326 audit(1733224985.796:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10315 comm="syz.0.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d4d57ff19 code=0x0
[  462.715190][ T5870] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  462.727256][ T5870] usb 4-1: USB disconnect, device number 29
[  462.787910][    T9] usb 3-1: USB disconnect, device number 30
[  463.219700][    T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  463.342594][T10342] IPVS: sync thread started: state = MASTER, mcast_ifn = ip6gre0, syncid = 1, id = 0
[  463.396201][    T9] usb 3-1: config 0 has an invalid interface number: 182 but max is 1
[  463.412364][    T9] usb 3-1: config 0 has no interface number 1
[  463.438981][    T9] usb 3-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  463.499362][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  463.537526][    T9] usb 3-1: config 0 descriptor??
[  464.787015][   T29] audit: type=1326 audit(1733224988.416:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10357 comm="syz.1.1110" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f144dd7ff19 code=0x0
[  464.874219][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1109'.
[  464.883602][   T29] audit: type=1400 audit(1733224988.466:1098): avc:  denied  { setopt } for  pid=10357 comm="syz.1.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  465.763123][   T29] audit: type=1400 audit(1733224989.396:1099): avc:  denied  { setopt } for  pid=10378 comm="syz.0.1114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  465.802912][   T29] audit: type=1400 audit(1733224989.396:1100): avc:  denied  { read } for  pid=10378 comm="syz.0.1114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  466.388639][ T5871] usb 3-1: USB disconnect, device number 31
[  466.749655][ T5901] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  467.021967][ T5901] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  467.030861][ T5901] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  467.050194][ T5901] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  467.075069][ T5901] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  467.127376][ T5901] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  467.160422][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  467.328631][ T5901] usb 1-1: Product: syz
[  467.389463][ T5901] usb 1-1: Manufacturer: syz
[  467.532161][ T5901] cdc_wdm 1-1:1.0: skipping garbage
[  467.619623][    T9] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  467.627630][ T5901] cdc_wdm 1-1:1.0: skipping garbage
[  467.637957][ T5901] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  467.644007][ T5901] cdc_wdm 1-1:1.0: Unknown control protocol
[  467.724998][ T5901] usb 1-1: USB disconnect, device number 23
[  467.789908][    T9] usb 3-1: Using ep0 maxpacket: 16
[  468.051442][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  468.061038][   T29] audit: type=1326 audit(1733224991.686:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10390 comm="syz.0.1119" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d4d57ff19 code=0x0
[  468.084920][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  468.086826][    T9] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  468.182250][T10419] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1123'.
[  468.217168][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.225342][    T9] usb 3-1: Product: syz
[  468.229628][    T9] usb 3-1: Manufacturer: syz
[  468.234249][    T9] usb 3-1: SerialNumber: syz
[  468.242177][    T9] usb 3-1: config 0 descriptor??
[  468.488348][ T5901] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  469.179545][ T5901] usb 4-1: Using ep0 maxpacket: 8
[  469.187429][ T5901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  469.209014][ T5901] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  469.218772][ T5901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.238969][ T5901] usb 4-1: config 0 descriptor??
[  469.494039][T10443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.501122][ T5901] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  469.506389][T10443] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  470.081829][   T25] usb 4-1: USB disconnect, device number 30
[  470.142496][    T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  470.342981][    T9] usb 2-1: config 0 has an invalid interface number: 182 but max is 1
[  470.353860][    T9] usb 2-1: config 0 has no interface number 1
[  470.362677][    T9] usb 2-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=9c.af
[  470.373594][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  470.384603][    T9] usb 2-1: config 0 descriptor??
[  471.434311][    T9] usb 3-1: USB disconnect, device number 32
[  472.661619][T10477] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1137'.
[  472.840469][    T8] usb 2-1: USB disconnect, device number 23
[  473.439718][ T5901] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  473.687009][ T5871] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  473.759855][ T5901] usb 3-1: Using ep0 maxpacket: 8
[  473.766720][ T5901] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  473.803042][ T5901] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  473.823826][ T5901] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  473.834593][ T5901] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  473.848478][ T5901] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  473.857733][ T5901] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.094844][ T5901] usb 3-1: GET_CAPABILITIES returned 0
[  474.100512][ T5901] usbtmc 3-1:16.0: can't read capabilities
[  474.112908][ T5871] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  474.121832][ T5871] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  474.132043][ T5871] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  474.141923][ T5871] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  474.407303][T10501] warning: `syz.3.1143' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  474.594664][   T29] audit: type=1400 audit(1733224997.986:1102): avc:  denied  { watch watch_reads } for  pid=10498 comm="syz.3.1143" path="/proc/868" dev="proc" ino=22515 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  474.838338][ T5871] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  474.848813][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  474.856935][ T5871] usb 1-1: Product: syz
[  474.861893][ T5871] usb 1-1: Manufacturer: syz
[  474.874272][ T5871] cdc_wdm 1-1:1.0: skipping garbage
[  474.888160][ T5871] cdc_wdm 1-1:1.0: skipping garbage
[  474.898147][ T5871] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device
[  474.912984][ T5871] cdc_wdm 1-1:1.0: Unknown control protocol
[  475.009014][ T5871] usb 3-1: USB disconnect, device number 33
[  475.080587][ T5901] usb 1-1: USB disconnect, device number 24
[  475.250091][    T8] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  475.392918][   T29] audit: type=1326 audit(1733224999.016:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10492 comm="syz.0.1141" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6d4d57ff19 code=0x0
[  475.561784][   T29] audit: type=1400 audit(1733224999.196:1104): avc:  denied  { read } for  pid=10507 comm="syz.4.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  475.581394][    T8] usb 4-1: Using ep0 maxpacket: 16
[  475.614074][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  475.642428][    T8] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  475.677740][    T8] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  475.697676][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.705997][    T8] usb 4-1: Product: syz
[  475.710274][    T8] usb 4-1: Manufacturer: syz
[  475.714868][    T8] usb 4-1: SerialNumber: syz
[  475.766012][    T8] usb 4-1: config 0 descriptor??
[  476.032765][T10518] syz.2.1147[10518] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  476.032863][T10518] syz.2.1147[10518] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  476.044525][T10518] syz.2.1147[10518] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  476.658480][T10526] FAULT_INJECTION: forcing a failure.
[  476.658480][T10526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  476.659301][T10526] 
[  476.659315][T10526] ======================================================
[  476.659322][T10526] WARNING: possible circular locking dependency detected
[  476.659327][T10526] 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Not tainted
[  476.659333][T10526] ------------------------------------------------------
[  476.659337][T10526] syz.4.1149/10526 is trying to acquire lock:
[  476.659342][T10526] ffffffff8e0c8800 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  476.659377][T10526] 
[  476.659377][T10526] but task is already holding lock:
[  476.659384][T10526] ffff8880b863ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  476.659407][T10526] 
[  476.659407][T10526] which lock already depends on the new lock.
[  476.659407][T10526] 
[  476.659410][T10526] 
[  476.659410][T10526] the existing dependency chain (in reverse order) is:
[  476.659413][T10526] 
[  476.659413][T10526] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  476.659424][T10526]        _raw_spin_lock_nested+0x31/0x40
[  476.659440][T10526]        raw_spin_rq_lock_nested+0x29/0x130
[  476.659449][T10526]        task_rq_lock+0xcf/0x3b0
[  476.659458][T10526]        cgroup_move_task+0x82/0x250
[  476.659467][T10526]        css_set_move_task+0x288/0x5f0
[  476.659479][T10526]        cgroup_post_fork+0x1c6/0x910
[  476.659491][T10526]        copy_process+0x50d9/0x8df0
[  476.659505][T10526]        kernel_clone+0xfd/0x960
[  476.659516][T10526]        user_mode_thread+0xb4/0xf0
[  476.659527][T10526]        rest_init+0x23/0x2b0
[  476.659540][T10526]        start_kernel+0x3e4/0x4d0
[  476.659557][T10526]        x86_64_start_reservations+0x18/0x30
[  476.659571][T10526]        x86_64_start_kernel+0xb2/0xc0
[  476.659582][T10526]        common_startup_64+0x13e/0x148
[  476.659596][T10526] 
[  476.659596][T10526] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  476.659608][T10526]        _raw_spin_lock_irqsave+0x3a/0x60
[  476.659617][T10526]        try_to_wake_up+0xb6/0x1490
[  476.659626][T10526]        __wake_up_common+0x131/0x1e0
[  476.659639][T10526]        __wake_up+0x31/0x60
[  476.659647][T10526]        tty_port_default_wakeup+0x2a/0x40
[  476.659661][T10526]        serial8250_tx_chars+0x68e/0x860
[  476.659677][T10526]        serial8250_handle_irq+0x74d/0xc80
[  476.659688][T10526]        serial8250_default_handle_irq+0x9a/0x210
[  476.659703][T10526]        serial8250_interrupt+0x103/0x210
[  476.659716][T10526]        __handle_irq_event_percpu+0x229/0x7d0
[  476.659729][T10526]        handle_irq_event+0xab/0x1e0
[  476.659740][T10526]        handle_edge_irq+0x263/0xd10
[  476.659752][T10526]        __common_interrupt+0xdf/0x250
[  476.659767][T10526]        common_interrupt+0xba/0xe0
[  476.659774][T10526]        asm_common_interrupt+0x26/0x40
[  476.659788][T10526]        unwind_next_frame+0x4e6/0x20c0
[  476.659800][T10526]        arch_stack_walk+0x95/0x100
[  476.659812][T10526]        stack_trace_save+0x95/0xd0
[  476.659827][T10526]        kasan_save_stack+0x33/0x60
[  476.659839][T10526]        kasan_save_track+0x14/0x30
[  476.659848][T10526]        __kasan_kmalloc+0xaa/0xb0
[  476.659856][T10526]        selinux_netlbl_sock_genattr+0xe8/0x4f0
[  476.659869][T10526]        selinux_netlbl_socket_post_create+0xb0/0x1b0
[  476.659880][T10526]        selinux_socket_post_create+0x2fa/0x7f0
[  476.659891][T10526]        security_socket_post_create+0x247/0x260
[  476.659902][T10526]        __sock_create+0x738/0x8d0
[  476.659917][T10526]        __sys_socket+0x14f/0x260
[  476.659928][T10526]        __x64_sys_socket+0x72/0xb0
[  476.659938][T10526]        do_syscall_64+0xcd/0x250
[  476.659950][T10526]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.659961][T10526] 
[  476.659961][T10526] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  476.659973][T10526]        _raw_spin_lock_irqsave+0x3a/0x60
[  476.659982][T10526]        __wake_up+0x1c/0x60
[  476.659989][T10526]        tty_port_default_wakeup+0x2a/0x40
[  476.659998][T10526]        serial8250_tx_chars+0x68e/0x860
[  476.660007][T10526]        serial8250_handle_irq+0x74d/0xc80
[  476.660018][T10526]        serial8250_default_handle_irq+0x9a/0x210
[  476.660033][T10526]        serial8250_interrupt+0x103/0x210
[  476.660044][T10526]        __handle_irq_event_percpu+0x229/0x7d0
[  476.660055][T10526]        handle_irq_event+0xab/0x1e0
[  476.660066][T10526]        handle_edge_irq+0x263/0xd10
[  476.660077][T10526]        __common_interrupt+0xdf/0x250
[  476.660089][T10526]        common_interrupt+0xba/0xe0
[  476.660096][T10526]        asm_common_interrupt+0x26/0x40
[  476.660107][T10526]        _raw_spin_unlock_irqrestore+0x31/0x80
[  476.660117][T10526]        uart_write+0x2a4/0xb30
[  476.660127][T10526]        n_tty_write+0x419/0x1140
[  476.660139][T10526]        file_tty_write.constprop.0+0x506/0x9a0
[  476.660148][T10526]        redirected_tty_write+0xcc/0x140
[  476.660157][T10526]        vfs_write+0x5ae/0x1150
[  476.660167][T10526]        ksys_write+0x12b/0x250
[  476.660175][T10526]        do_syscall_64+0xcd/0x250
[  476.660186][T10526]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.660198][T10526] 
[  476.660198][T10526] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  476.660213][T10526]        _raw_spin_lock_irqsave+0x3a/0x60
[  476.660223][T10526]        serial8250_console_write+0xb56/0x17c0
[  476.660235][T10526]        console_flush_all+0x803/0xc60
[  476.660247][T10526]        console_unlock+0xd9/0x210
[  476.660258][T10526]        vprintk_emit+0x424/0x6f0
[  476.660270][T10526]        vprintk+0x7f/0xa0
[  476.660282][T10526]        _printk+0xc8/0x100
[  476.660292][T10526]        register_console+0xbfd/0x1170
[  476.660304][T10526]        univ8250_console_init+0x5f/0x90
[  476.660319][T10526]        console_init+0x154/0x690
[  476.660333][T10526]        start_kernel+0x29a/0x4d0
[  476.660345][T10526]        x86_64_start_reservations+0x18/0x30
[  476.660357][T10526]        x86_64_start_kernel+0xb2/0xc0
[  476.660368][T10526]        common_startup_64+0x13e/0x148
[  476.660379][T10526] 
[  476.660379][T10526] -> #0 (console_owner){-.-.}-{0:0}:
[  476.660390][T10526]        __lock_acquire+0x249e/0x3c40
[  476.660401][T10526]        lock_acquire.part.0+0x11b/0x380
[  476.660411][T10526]        console_lock_spinning_enable+0xb0/0xd0
[  476.660423][T10526]        console_flush_all+0x7ac/0xc60
[  476.660437][T10526]        console_unlock+0xd9/0x210
[  476.660448][T10526]        vprintk_emit+0x424/0x6f0
[  476.660460][T10526]        vprintk+0x7f/0xa0
[  476.660472][T10526]        _printk+0xc8/0x100
[  476.660481][T10526]        should_fail_ex+0x46c/0x5b0
[  476.660496][T10526]        copy_to_user_nofault+0xac/0x180
[  476.660508][T10526]        bpf_probe_write_user+0xaf/0xf0
[  476.660524][T10526]        bpf_prog_6303d92f98284ad8+0x44/0x48
[  476.660532][T10526]        bpf_trace_run4+0x245/0x5a0
[  476.660541][T10526]        __bpf_trace_sched_switch+0x13e/0x190
[  476.660553][T10526]        __traceiter_sched_switch+0x6c/0xc0
[  476.660565][T10526]        __schedule+0x1b71/0x5ad0
[  476.660575][T10526]        preempt_schedule_irq+0x51/0x90
[  476.660585][T10526]        irqentry_exit+0x36/0x90
[  476.660596][T10526]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  476.660608][T10526]        mt_find+0x5ea/0xa20
[  476.660622][T10526]        find_vma+0xc0/0x140
[  476.660631][T10526]        lock_mm_and_find_vma+0x62/0x6a0
[  476.660641][T10526]        do_user_addr_fault+0x2b5/0x13f0
[  476.660651][T10526]        exc_page_fault+0x5c/0xc0
[  476.660661][T10526]        asm_exc_page_fault+0x26/0x30
[  476.660672][T10526]        rep_movs_alternative+0x4a/0x70
[  476.660681][T10526]        _copy_from_user+0x9a/0xd0
[  476.660691][T10526]        uhid_char_write+0x190/0x10b0
[  476.660704][T10526]        vfs_write+0x24c/0x1150
[  476.660712][T10526]        ksys_write+0x207/0x250
[  476.660720][T10526]        do_syscall_64+0xcd/0x250
[  476.660732][T10526]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.660746][T10526] 
[  476.660746][T10526] other info that might help us debug this:
[  476.660746][T10526] 
[  476.660749][T10526] Chain exists of:
[  476.660749][T10526]   console_owner --> &p->pi_lock --> &rq->__lock
[  476.660749][T10526] 
[  476.660762][T10526]  Possible unsafe locking scenario:
[  476.660762][T10526] 
[  476.660765][T10526]        CPU0                    CPU1
[  476.660767][T10526]        ----                    ----
[  476.660770][T10526]   lock(&rq->__lock);
[  476.660775][T10526]                                lock(&p->pi_lock);
[  476.660781][T10526]                                lock(&rq->__lock);
[  476.660787][T10526]   lock(console_owner);
[  476.660792][T10526] 
[  476.660792][T10526]  *** DEADLOCK ***
[  476.660792][T10526] 
[  476.660795][T10526] 7 locks held by syz.4.1149/10526:
[  476.660800][T10526]  #0: ffff88805a160068 (&uhid->devlock){+.+.}-{4:4}, at: uhid_char_write+0x6b/0x10b0
[  476.660822][T10526]  #1: ffff888033f88ba0 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x35/0x6a0
[  476.660843][T10526]  #2: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: mt_find+0x154/0xa20
[  476.660867][T10526]  #3: ffff8880b863ebd8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  476.660888][T10526]  #4: ffffffff8e1bb500 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1d6/0x5a0
[  476.660909][T10526]  #5: ffffffff8e1a8c40 (console_lock){+.+.}-{0:0}, at: vprintk+0x7f/0xa0
[  476.660934][T10526]  #6: ffffffff8e1a8cb0 (console_srcu){....}-{0:0}, at: console_flush_all+0x159/0xc60
[  476.660957][T10526] 
[  476.660957][T10526] stack backtrace:
[  476.660964][T10526] CPU: 0 UID: 0 PID: 10526 Comm: syz.4.1149 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  476.660975][T10526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  476.660982][T10526] Call Trace:
[  476.660985][T10526]  <TASK>
[  476.660990][T10526]  dump_stack_lvl+0x116/0x1f0
[  476.661005][T10526]  print_circular_bug+0x419/0x5d0
[  476.661016][T10526]  check_noncircular+0x31a/0x400
[  476.661029][T10526]  ? __pfx_check_noncircular+0x10/0x10
[  476.661041][T10526]  ? lockdep_lock+0xc6/0x200
[  476.661055][T10526]  ? __pfx_lockdep_lock+0x10/0x10
[  476.661069][T10526]  __lock_acquire+0x249e/0x3c40
[  476.661081][T10526]  ? __pfx___lock_acquire+0x10/0x10
[  476.661093][T10526]  lock_acquire.part.0+0x11b/0x380
[  476.661103][T10526]  ? console_lock_spinning_enable+0x9f/0xd0
[  476.661117][T10526]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  476.661128][T10526]  ? rcu_is_watching+0x12/0xc0
[  476.661142][T10526]  ? trace_lock_acquire+0x14e/0x1f0
[  476.661156][T10526]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  476.661168][T10526]  ? console_lock_spinning_enable+0x9f/0xd0
[  476.661181][T10526]  ? lock_acquire+0x2f/0xb0
[  476.661190][T10526]  ? console_lock_spinning_enable+0x9f/0xd0
[  476.661204][T10526]  console_lock_spinning_enable+0xb0/0xd0
[  476.661216][T10526]  ? console_lock_spinning_enable+0x9f/0xd0
[  476.661229][T10526]  console_flush_all+0x7ac/0xc60
[  476.661243][T10526]  ? __pfx_console_flush_all+0x10/0x10
[  476.661257][T10526]  ? printk_percpu_data_ready+0x9/0x20
[  476.661268][T10526]  ? nbcon_get_cpu_emergency_nesting+0x3b/0x50
[  476.661281][T10526]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  476.661296][T10526]  console_unlock+0xd9/0x210
[  476.661309][T10526]  ? __pfx_console_unlock+0x10/0x10
[  476.661321][T10526]  ? lock_acquire+0x2f/0xb0
[  476.661331][T10526]  ? vprintk+0x7f/0xa0
[  476.661345][T10526]  ? __down_trylock_console_sem+0xb0/0x140
[  476.661357][T10526]  vprintk_emit+0x424/0x6f0
[  476.661370][T10526]  ? __pfx_vprintk_emit+0x10/0x10
[  476.661384][T10526]  vprintk+0x7f/0xa0
[  476.661397][T10526]  _printk+0xc8/0x100
[  476.661407][T10526]  ? __pfx__printk+0x10/0x10
[  476.661417][T10526]  ? ___ratelimit+0x24c/0x570
[  476.661429][T10526]  ? __pfx____ratelimit+0x10/0x10
[  476.661441][T10526]  should_fail_ex+0x46c/0x5b0
[  476.661456][T10526]  copy_to_user_nofault+0xac/0x180
[  476.661467][T10526]  bpf_probe_write_user+0xaf/0xf0
[  476.661481][T10526]  bpf_prog_6303d92f98284ad8+0x44/0x48
[  476.661489][T10526]  bpf_trace_run4+0x245/0x5a0
[  476.661499][T10526]  ? __pfx_bpf_trace_run4+0x10/0x10
[  476.661509][T10526]  ? __pfx_lock_release+0x10/0x10
[  476.661521][T10526]  __bpf_trace_sched_switch+0x13e/0x190
[  476.661532][T10526]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  476.661543][T10526]  ? psi_group_change+0x6dc/0xd20
[  476.661555][T10526]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  476.661570][T10526]  __traceiter_sched_switch+0x6c/0xc0
[  476.661581][T10526]  __schedule+0x1b71/0x5ad0
[  476.661592][T10526]  ? __pfx_mark_lock+0x10/0x10
[  476.661603][T10526]  ? __pfx___schedule+0x10/0x10
[  476.661612][T10526]  ? hlock_class+0x4e/0x130
[  476.661625][T10526]  ? __pfx___lock_acquire+0x10/0x10
[  476.661637][T10526]  ? mark_held_locks+0x9f/0xe0
[  476.661648][T10526]  preempt_schedule_irq+0x51/0x90
[  476.661659][T10526]  irqentry_exit+0x36/0x90
[  476.661670][T10526]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  476.661683][T10526] RIP: 0010:mt_find+0x5ea/0xa20
[  476.661697][T10526] Code: 00 89 ee e8 a8 a4 76 f6 83 fd 01 0f 85 db 03 00 00 e8 5a a2 76 f6 be 01 00 00 00 bf 01 00 00 00 e8 8b a4 76 f6 e9 af fb ff ff <e8> 41 a2 76 f6 48 89 de bf 00 10 00 00 e8 a4 a4 76 f6 48 81 fb 00
[  476.661706][T10526] RSP: 0018:ffffc9000f327998 EFLAGS: 00000246
[  476.661714][T10526] RAX: 0000000000000000 RBX: ffff88807b220e1e RCX: ffffffff8b2360ae
[  476.661720][T10526] RDX: ffff88807da72440 RSI: 0000000000000002 RDI: 0000000000000007
[  476.661726][T10526] RBP: dffffc0000000000 R08: 0000000000000007 R09: 0000000000000002
[  476.661732][T10526] R10: 0000000000000002 R11: 0000000000000002 R12: 0000000000000001
[  476.661738][T10526] R13: ffffc9000f327ad8 R14: 0000000000000002 R15: 0000000000000300
[  476.661746][T10526]  ? mt_find+0x2ce/0xa20
[  476.661759][T10526]  ? mt_find+0x2ce/0xa20
[  476.661772][T10526]  ? __pfx_mt_find+0x10/0x10
[  476.661784][T10526]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  476.661797][T10526]  ? lock_acquire+0x2f/0xb0
[  476.661810][T10526]  find_vma+0xc0/0x140
[  476.661819][T10526]  ? __pfx_find_vma+0x10/0x10
[  476.661829][T10526]  lock_mm_and_find_vma+0x62/0x6a0
[  476.661839][T10526]  do_user_addr_fault+0x2b5/0x13f0
[  476.661850][T10526]  exc_page_fault+0x5c/0xc0
[  476.661861][T10526]  asm_exc_page_fault+0x26/0x30
[  476.661873][T10526] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  476.661883][T10526] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  476.661892][T10526] RSP: 0018:ffffc9000f327cb0 EFLAGS: 00050206
[  476.661899][T10526] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000000b1
[  476.661905][T10526] RDX: ffffed100b42c02d RSI: 0000000000000000 RDI: ffff88805a1600b0
[  476.661911][T10526] RBP: 00000000000000b1 R08: 0000000000000001 R09: ffffed100b42c02c
[  476.661917][T10526] R10: ffff88805a160160 R11: 0000000000000000 R12: 0000000000000000
[  476.661923][T10526] R13: ffff88805a1600b0 R14: 00000000000000b1 R15: ffff88805a1600b0
[  476.661931][T10526]  _copy_from_user+0x9a/0xd0
[  476.661941][T10526]  uhid_char_write+0x190/0x10b0
[  476.661951][T10526]  ? rw_verify_area+0xd0/0x700
[  476.661966][T10526]  ? __pfx_uhid_char_write+0x10/0x10
[  476.661975][T10526]  vfs_write+0x24c/0x1150
[  476.661985][T10526]  ? __fget_files+0x1fc/0x3a0
[  476.661996][T10526]  ? __pfx_lock_release+0x10/0x10
[  476.662006][T10526]  ? __pfx_vfs_write+0x10/0x10
[  476.662015][T10526]  ? lock_acquire+0x2f/0xb0
[  476.662029][T10526]  ? __fget_files+0x40/0x3a0
[  476.662039][T10526]  ? __fget_files+0x206/0x3a0
[  476.662050][T10526]  ksys_write+0x207/0x250
[  476.662059][T10526]  ? __pfx_ksys_write+0x10/0x10
[  476.662069][T10526]  do_syscall_64+0xcd/0x250
[  476.662082][T10526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.662094][T10526] RIP: 0033:0x7f11d037ff19
[  476.662104][T10526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  476.662113][T10526] RSP: 002b:00007f11d1208058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  476.662122][T10526] RAX: ffffffffffffffda RBX: 00007f11d0545fa0 RCX: 00007f11d037ff19
[  476.662128][T10526] RDX: 00000000000000b1 RSI: 0000000000000000 RDI: 0000000000000003
[  476.662133][T10526] RBP: 00007f11d12080a0 R08: 0000000000000000 R09: 0000000000000000
[  476.662139][T10526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  476.662145][T10526] R13: 0000000000000000 R14: 00007f11d0545fa0 R15: 00007ffcae78f858
[  476.662153][T10526]  </TASK>
[  478.211712][T10526] CPU: 0 UID: 0 PID: 10526 Comm: syz.4.1149 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0
[  478.222453][T10526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  478.232571][T10526] Call Trace:
[  478.235829][T10526]  <TASK>
[  478.238749][T10526]  dump_stack_lvl+0x116/0x1f0
[  478.243419][T10526]  should_fail_ex+0x497/0x5b0
[  478.248088][T10526]  copy_to_user_nofault+0xac/0x180
[  478.253186][T10526]  bpf_probe_write_user+0xaf/0xf0
[  478.258231][T10526]  bpf_prog_6303d92f98284ad8+0x44/0x48
[  478.263693][T10526]  bpf_trace_run4+0x245/0x5a0
[  478.268386][T10526]  ? __pfx_bpf_trace_run4+0x10/0x10
[  478.273561][T10526]  ? __pfx_lock_release+0x10/0x10
[  478.278584][T10526]  __bpf_trace_sched_switch+0x13e/0x190
[  478.284119][T10526]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  478.290162][T10526]  ? psi_group_change+0x6dc/0xd20
[  478.295165][T10526]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  478.301835][T10526]  __traceiter_sched_switch+0x6c/0xc0
[  478.307188][T10526]  __schedule+0x1b71/0x5ad0
[  478.311686][T10526]  ? __pfx_mark_lock+0x10/0x10
[  478.316435][T10526]  ? __pfx___schedule+0x10/0x10
[  478.321257][T10526]  ? hlock_class+0x4e/0x130
[  478.325738][T10526]  ? __pfx___lock_acquire+0x10/0x10
[  478.330912][T10526]  ? mark_held_locks+0x9f/0xe0
[  478.335648][T10526]  preempt_schedule_irq+0x51/0x90
[  478.340645][T10526]  irqentry_exit+0x36/0x90
[  478.345049][T10526]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  478.351019][T10526] RIP: 0010:mt_find+0x5ea/0xa20
[  478.355851][T10526] Code: 00 89 ee e8 a8 a4 76 f6 83 fd 01 0f 85 db 03 00 00 e8 5a a2 76 f6 be 01 00 00 00 bf 01 00 00 00 e8 8b a4 76 f6 e9 af fb ff ff <e8> 41 a2 76 f6 48 89 de bf 00 10 00 00 e8 a4 a4 76 f6 48 81 fb 00
[  478.375436][T10526] RSP: 0018:ffffc9000f327998 EFLAGS: 00000246
[  478.381474][T10526] RAX: 0000000000000000 RBX: ffff88807b220e1e RCX: ffffffff8b2360ae
[  478.389417][T10526] RDX: ffff88807da72440 RSI: 0000000000000002 RDI: 0000000000000007
[  478.397363][T10526] RBP: dffffc0000000000 R08: 0000000000000007 R09: 0000000000000002
[  478.405308][T10526] R10: 0000000000000002 R11: 0000000000000002 R12: 0000000000000001
[  478.413254][T10526] R13: ffffc9000f327ad8 R14: 0000000000000002 R15: 0000000000000300
[  478.421209][T10526]  ? mt_find+0x2ce/0xa20
[  478.425434][T10526]  ? mt_find+0x2ce/0xa20
[  478.429649][T10526]  ? __pfx_mt_find+0x10/0x10
[  478.434211][T10526]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  478.439828][T10526]  ? lock_acquire+0x2f/0xb0
[  478.444309][T10526]  find_vma+0xc0/0x140
[  478.448359][T10526]  ? __pfx_find_vma+0x10/0x10
[  478.453005][T10526]  lock_mm_and_find_vma+0x62/0x6a0
[  478.458090][T10526]  do_user_addr_fault+0x2b5/0x13f0
[  478.463177][T10526]  exc_page_fault+0x5c/0xc0
[  478.467653][T10526]  asm_exc_page_fault+0x26/0x30
[  478.472483][T10526] RIP: 0010:rep_movs_alternative+0x4a/0x70
[  478.478266][T10526] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 <f3> a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1
[  478.497851][T10526] RSP: 0018:ffffc9000f327cb0 EFLAGS: 00050206
[  478.503891][T10526] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 00000000000000b1
[  478.511833][T10526] RDX: ffffed100b42c02d RSI: 0000000000000000 RDI: ffff88805a1600b0
[  478.519789][T10526] RBP: 00000000000000b1 R08: 0000000000000001 R09: ffffed100b42c02c
[  478.527748][T10526] R10: ffff88805a160160 R11: 0000000000000000 R12: 0000000000000000
[  478.535701][T10526] R13: ffff88805a1600b0 R14: 00000000000000b1 R15: ffff88805a1600b0
[  478.543657][T10526]  _copy_from_user+0x9a/0xd0
[  478.548222][T10526]  uhid_char_write+0x190/0x10b0
[  478.553055][T10526]  ? rw_verify_area+0xd0/0x700
[  478.557796][T10526]  ? __pfx_uhid_char_write+0x10/0x10
[  478.563052][T10526]  vfs_write+0x24c/0x1150
[  478.567356][T10526]  ? __fget_files+0x1fc/0x3a0
[  478.572006][T10526]  ? __pfx_lock_release+0x10/0x10
[  478.577006][T10526]  ? __pfx_vfs_write+0x10/0x10
[  478.581748][T10526]  ? lock_acquire+0x2f/0xb0
[  478.586225][T10526]  ? __fget_files+0x40/0x3a0
[  478.590802][T10526]  ? __fget_files+0x206/0x3a0
[  478.595455][T10526]  ksys_write+0x207/0x250
[  478.599774][T10526]  ? __pfx_ksys_write+0x10/0x10
[  478.604600][T10526]  do_syscall_64+0xcd/0x250
[  478.609088][T10526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.614970][T10526] RIP: 0033:0x7f11d037ff19
[  478.619379][T10526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.638962][T10526] RSP: 002b:00007f11d1208058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  478.647363][T10526] RAX: ffffffffffffffda RBX: 00007f11d0545fa0 RCX: 00007f11d037ff19
[  478.655393][T10526] RDX: 00000000000000b1 RSI: 0000000000000000 RDI: 0000000000000003
[  478.663334][T10526] RBP: 00007f11d12080a0 R08: 0000000000000000 R09: 0000000000000000
[  478.671276][T10526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.679220][T10526] R13: 0000000000000000 R14: 00007f11d0545fa0 R15: 00007ffcae78f858
[  478.687187][T10526]  </TASK>
[  478.690308][    C0] vkms_vblank_simulate: vblank timer overrun
[  478.830831][ T5871] usb 4-1: USB disconnect, device number 31