last executing test programs:

3m56.672940111s ago: executing program 4 (id=2190):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000600)="3001fb90647586f4601659c5ad2644b99bfd65452e947b394c96c29278d097c5f170d77283a744139d2ce2a2f4bb5bb37e7396e7bac14056f25d17145e73bc2461b20ea3fce771f1b32d1585e8a456763cfafcf7189145a6e261af6232014cbf8a0f898bf6d14136874b6a1fd7caf8ec9966b0419be0420dc6e247d1a44f038ae29eb4bc67d6a04e80dfb7715ebafaa20fcbc57ade23cba05da1fbe4bba675b742472eebaabf356adc99866930e146125a272cef5baf5dfad4a28a01208d9908183ab2085a781e531f1bed4ac9c245ec19be383047656a7d857d364e6f69eccea5aca3964f", 0xe5}, {&(0x7f0000000b00)="79dfe4263f037de282e588f3c773eca5f0c383e7425d1573aa90a44223bfeced3ff85afe9d0c0b3b5a7ed7fcdb96a3934fe7af73ee25d5d36ba42e2a858c3d134299abc0393e031db435b2156e55eb2b2b2e2300e0706dfc5c4ec73ba929ffe8a7bb7ce55d95fb6e58560c45d96a58a13aa944b98c481a82927ec071b272b4592616116116527fd2dbc0dfd540810275770aa531098c572f714f6852063afc8358fb33cc7ef5c52565d58643e6805bb8a95460b32b4e26bea604e534d8983790b5e2a180fed88108b0f5a499d5f80b4e4047d9ecc03d21856a4ec0d0d41496d99dddfa9098d327d9559e82fceb2b1b1c7be309200691488d6616780cd4e9020865ef41a22175dc52d35dac1232ae1164d7fee64a50651978436207fca4a9026a8a903e7857324458b7e8a143e6fdac0823c8d1a3ac864ad2d0402344aee2511247e716436fe118e65455da74ef25627785638dfa4bf365840fe12fbf73f0d42bcc66efc8693855156f6151e49471e1b7cccbfb01344f76cca177551c73147c32615b53f74a0b7c7ac25b86a01ce3", 0x18e}, {&(0x7f0000000cc0)="f2a0f0f863621b483b19e7ecfce0d34e53fbf295927214684f4d69e90f0ec506442d2126c3f5ab0cdfd79dc1815274c3ee57068b3793c25fab48eb353478689f452328afb023f75f93229060bc2c82dd05d1e8c3a549a06e280ca4eaf77b4aed57a0c5f6120d25a3d5121895638ec5e2e600000000f5be12a64e075c60dd63e0b00e8f42bfb7671a56925477029cec7e7f16b358404edfb5e7a055fdeb2ba044d0d54e341d1d1ef1eb2c317f587f591626ceed08555ca0b2f31a3e7bf5ba7541db275e6a6b6501b87cc74c4804f6da7d3de93327287204cc97f9cb747576d2ab23a6e35c6da6b3240c92ae18b31cb6e7bc60066994e2cb401c76b1840d3e231621355f10ff35ea91ffd463228d000000000000000e454d3c36efee949f6311c6ad78b5a8f091d2ebb008925107e4a4584dab83f7f0cb5ad94266e71e2b7aaa01cf4f9f5e1d52e1e5086e9633cbee8126a200"/349, 0x15d}, {&(0x7f0000000700)="15c84609b06c6d85a5ca6f3a9a242f214aee4e7093161b717090c0c852a05393abd8992d91576f57bbd3488e85d8456d6c6c09de5c5228ee18819665861f01a2823a7cfa8e9260a5fe3921638db2dc5156149f86916810f913a944e1c8cd7fccb63f37900c5b287016e512b050ca214125b2217260c9ce3019e88b80985402ff7ca34be17e0dbda4f028cec9973a2b9eed83eee86f35f2c0adf50a04296e99c0f709fb3990aa5d0e74a125", 0xab}], 0x4, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

3m56.470684158s ago: executing program 4 (id=2192):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socket$nl_xfrm(0x10, 0x3, 0x6)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000), 0x4)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000ac0)={0x0, 0xd0}, &(0x7f0000000b00)=0x8)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_DIRENTPLUS(r5, &(0x7f0000000840)=ANY=[@ANYBLOB="b0000000daffff", @ANYRES64=0x3, @ANYBLOB="040000000000000000000000000000000000000000000080040000000000000000000000ff000000010000000000f900060000000000", @ANYRES32], 0xb0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10)
setsockopt$SO_BINDTODEVICE_wg(r6, 0x1, 0x19, &(0x7f0000000080)='wg1\x00', 0x4)
sendto$inet(r6, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), 0xffffffffffffffff)

3m55.338596081s ago: executing program 4 (id=2195):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205649, &(0x7f00000006c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x3, '\x00', @p_u8=&(0x7f0000000280)=0x3}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
syz_open_dev$usbfs(0x0, 0x75, 0x40082)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, 0x0, &(0x7f0000000480))
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, &(0x7f0000000500))
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000680)={0x0, 0xfc000000}, 0x8)
syz_open_dev$media(&(0x7f0000000240), 0x2, 0x60c580)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'netdevsim0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x4000)
bind$inet6(r3, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8)

3m52.972554037s ago: executing program 4 (id=2198):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xffffffffffffffff}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000280))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f00000002c0)={@host})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r3, 0x7a8, &(0x7f0000000240)={{@hyper, 0x5}, @my=0x1, 0x0, 0x4, 0x4, 0x5, 0x4, 0x100, 0x5})
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r3, 0x7a4, &(0x7f0000000180)={{@host}, 0xe1, 0x800000000000002, 0x20007fff})
openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x127e40, 0x0)
ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000240)='/proc/asound/card0/oss_mixer\x00', 0x298f3cc22e12b39a, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
write$proc_mixer(r4, &(0x7f00000016c0)=ANY=[@ANYBLOB="4c494e453120274d61737465722043617074757265272030303030303030303030303030303030303030300a4344202743442043617074757265272030303030303030303030fc3030"], 0x178)
dup3(r5, r4, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0)

3m50.866087157s ago: executing program 4 (id=2201):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
socket(0x28, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
munlockall()
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_on}]})
r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000100)='./file1\x00', &(0x7f0000000180)='./file0\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={0x0}, 0x18)
creat(&(0x7f0000000880)='./file0\x00', 0x0)

3m49.508984495s ago: executing program 4 (id=2204):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_setup(0x281, &(0x7f0000000100))
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
modify_ldt$read(0x0, &(0x7f0000000840)=""/4096, 0x1000)
memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\x00\x00\x00\x00\x00\x00\x00\t8f\xf2\xde\xa0xk>\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7)
syz_open_procfs(0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
dup(r4)

3m33.480157414s ago: executing program 32 (id=2204):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_setup(0x281, &(0x7f0000000100))
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e)
syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x54}, 0x1, 0x0, 0x0, 0x20008000}, 0x30)
modify_ldt$read(0x0, &(0x7f0000000840)=""/4096, 0x1000)
memfd_create(&(0x7f0000002bc0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\x99K\xcd\xab\x1a\x034btY\xdb\v\x86\xca<\x02R\xd6a\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7\x80\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8\x88\'\x06f\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\xad\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51\tz\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e<\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ|4\xaf\xcf\r\xcfz Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\x97\xad\xef~\x15\xfd\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\\L\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf1<cN\xb6p\xd5\rb\xfa\xdf\v\x00X9\xcd\xb2\xfaF\xb9\x00\x00\x00\x00\x00\x00\x00\t8f\xf2\xde\xa0xk>\xad&\x86\xcb\xf3\xad\x9e[\x8b\xc0\xd6\x1e\xe4N\x92\xf2\x905\xe0\x13\x90\xaeQ\xed\xea\xad\x9b\xcc\x9f\xc0P\xff_\xaa\xb2L\xf5\x1f\xc1\xa4[\xe51\xcb B*\xaa\a\x003\xc9\xae\x1f\x8c\xcdm\xb8\xce\x01\xdb\xaa\x1c\xc35\x16#\x04\xb7W4\xfd\'\xbe\x922\xde\xd6\x18\xf7`\xff\xfe%\x06\x02\xc6\x81Jr\x10\x88G\xea+^LA\x96\xed\x1d\xe1V\xbd\xebbyq\xd6\xb3', 0x7)
syz_open_procfs(0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
dup(r4)

9.971930694s ago: executing program 0 (id=2754):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x10, &(0x7f0000000a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x23}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000000)=ANY=[@ANYRES32=r1], 0x0)
syz_genetlink_get_family_id$nfc(&(0x7f0000000040), 0xffffffffffffffff)
syz_usb_control_io$hid(r2, &(0x7f0000000bc0)={0x24, 0x0, &(0x7f0000004800)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000940)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r3=>0x0)
sched_setscheduler(r3, 0x6, &(0x7f0000000100)=0x2)

9.955901776s ago: executing program 1 (id=2755):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@max_read={'max_read', 0x3d, 0x6}}]}})
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x50, 0x0, 0x0)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
lseek(r1, 0x10001, 0x0)
openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r2, 0x0)
syz_emit_ethernet(0x1253, &(0x7f0000002140)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x26}, @multicast, @val={@void, {0x8100, 0x3, 0x1}}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0400", 0x1219, 0x3a, 0xff, @private2={0xfc, 0x2, '\x00', 0x21}, @dev={0xfe, 0x80, '\x00', 0x34}, {[], @ndisc_ns={0x87, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x15}, [{0x18, 0xc, "a20c593b0d446420c6d142a2cbe5de03f6c2737f9415791eb20be9a4650feddadfa4820d6b82c99bb50251d155f535ff5022ceb7a5316d6f425ab65c024a87eeade09fbd68ff355eb66eb8d9adc73b2a0c0e0ea70f3702c42cdd2660f72e72e7c7af"}, {0x18, 0x4, "4e27c42076fdb6cdebb42db198e7cdb0c7f23797fda9fc9803e7c35378148415cddc"}, {0x1, 0x14, "2308e9b481934e5735f9a90a3e98333902ea8a7bc4e4efd251e6a437e0364f5571666e54ae019e0ee09faa837bca91b9e9c37da2182cd99519c682e4d671e8405e0d2b78af7b233690df8847fc7f7f56bf84697eea9b4a4734a7be14488dc012ab3f504d6c1148d9129187f4697e0041d03335202927a24d0d6bab6d043f65eca2aa43211c106833e8f663bbc0d36362f2bec8a737a1d1b50b5095f436f2917e2a91"}, {0x1, 0x17, "25c3d1c52a9ab104eed6d724383959207452fb9afe6cfd75b57ee90a79d34da8e75cb5fc95beb2e2f041e3767843893d8be4d8b05ff4ef101fa45790e41ae4c76e350283d779444aa97486ea08e4971dc514e6e9f4b63d07e2e0f966c33007f5e2ca9c269fcd8070fb26025ef3e1efeece1627a2deecc6625aaf1c86991c8ad1424a9e6566ce3c0b0b8e6ba973b1719824d0639b1eb599bcdfef1258c2018808f8ca70ab9d17e21e5f64c81d5054a058f3490f712e0759ee63e1adfbc5"}, {0x2, 0x200, "72e2c2c1821686604bac6afece521dbfea57be38068a8c49c724b3d001c66966ea5591c9c3ce0ae8363815f6ca004e1786833ece08e43088ca777373d4b9869d3a191bc35da85e09acfdd5824493677ee80519daeb597672b06985275c7d43bc5e3d0ac63883f9e309d04b15f074cd3ab9f35832317606bb0128842c2da29ad2b3900476fd7ca16ef246e76bb51c636b01d4fa48fbefdae1f52c639af41f109bd597d555fb6fe215571d32e8e0a2aa06c733aedb287f3328c68ad10850e6fd890e698da17f66fd9f3ed4c1e0aa4840016b511afceda3f35c1c7065e90896cecdfb9f0578ec34f37327259efe3ba75ea913cfa60197a0f2b2205349fdaa968c7c48741891d5b248d17f4dab6db6fb79b29be34931153018256e2b4b14814a1dae78d31a3bda1fb665dee1ea36b4d73851a74863bc41734a2e1fc6179d3dc77fcd6e4608a84cf27f7acffe1f31871d4747b0e6596b11cabaa6e3bf8f5c77ae1268c0b8384efa158019bfbed5309460bda8a900e74ee854936217f1c7aed1b047309dabb120d96917d7700c79192064942b50dd226ecca0b838eb78a0a49079ee29959c86fe36d2c7ff1a2e86830f461bab9a42944b0b7958ec8f2a6bdbd03c57a79c85e590cc6963a9a109130f9335bfade803599ec124bd8d8458b9884ee04ac4d9e59565a56129dd64010882ae1d7cb8c1b2dc0c5bcd2e5a36572c94e106448549e04f16fcbda250a6014238cbc0be2e5a353a7bec84cece6b9bd77db00199df186a20543da49cc1991f9de43952adb8cd2d6dd61bc9310e28e06af22e7e48e3efbf2b821ba53b687e7367709186d6f1fb75a0f60b2ea07a40987d3a75ea63b92973a7db82972a05534dbd5eaf956dfcbf7ef13fd9865f483d738ed7f6fdc6a8fd3acaab1df23dc99a2ce891af1fc7ceb4db79ba0409f1e24fe3804dd3a702cf456ba17f162aaa6436c0fbe438f8f8d62eaf767258ad4477689f55e201520279e8a408cdce055c62bdda405b4f9d77109af4b71707d22464d2253641b12e07723dec79561b6392b0d46bc46fa4b24c4c98d32d90547f431f0ac79cfca2beb8524f9608d87c3ee28578693f0c368b0c0bb8f7bc789630e668db780a931fc849cd98e8d6bae1e9230da32c7b82c6f003043133670df73000b932ff08a67a071fa958d2a65a0b0e3d5833c6dea69a8d275bb295c0c3220e575bbbc87011061d031f66140675a954ff1fc8ec053335ee9cff9c72a5bc0b9abc98319e623fa8cc43e5d0dabacb5e8fec3e2a27aa42ae2e4f6ef161f70b1e67205c90b1ca25592fec3615bc84c5ac8484c1e06f15086b1aeeb2b59ed7b24ad0d18d24c51c72934a61b88f67fe7187d8c604353ed0ea42befbab7acff2f122616873548489110b97cd14bb4b1490801faa94714b3f56a5465957505f5b46f7d39b7e29741054e892dce2e81ed264621b7f5e4d914bab42be6a5394e3e21451d52a71b0e3440f498e32a9919e8889e1f9d98872ef879ec8de7632d1f18698de9f77a7665cb4ca6210b4dce9c6980c6e210e65ba3b82b7c3f6bfe15c34df01273a6974b0605bc0acdf12713c02acbd81c55ffe5dfe013cd2c54c5d54a18ff2fa78226aba9f69b534cfceb569bcc7e260a75c55b8ce829b91568511133db1d595909d141e941ad8c1f7123e2d1ce313b159cf9fd0f7215cab2f21e8abb6b38ff34cffc45a5ea98af2ced318265d7a5a4974d524dbe124cc070047213680a6d7f8e6210478c315c7e70966f8e6447b10e45f2b02a03c163830d36682f0340518997201fa78f19913fea8169fc3f1df7171a138d13e2459494de0690a915e902a11a793e7fda3734cfe453852f79cb0b01aae37e74cf03f94adc09ecc9d48b58f5c065eacada83039cccf51b31f4a48a2fb71504b132acb597caf5d4db01757ed8cb240192c563724767c480e78640c5b3f09bfe2ddef6c914bb9ebcb68f97a43ed682e3a76689120041c93e4462b5c71dc1e85c59636212fa537d3ffe9d0cabf1361608f55c075fca3b100dde3b997bde4d2e9d1dbfd3bb566e952c5d4ede0062108b58a684109287aae4f87fdb22b5ce3f36cc7b05f91df798fcd708acb1a86f5060d06c33e21cd984be617fbf14c0566e4244c2b2206c4f63777575add50997705bcbcb36b616f671d097c3e74fab29d1d34e2698df9042dec5bcc3e9ba32942432f5c975b97ec94ae99f9718fd01803d8abc826ce8db60af9f1b322ea8ed21282228c6cd5014b2b7bd55a18b1d936ae079bcff7edffd6802627a1137a903f7597ef79c0247fb4ec5991456b827cba090b108eaa77027ae3e0cfddf25a785e306a7b6fc621ffb61f7e627c69f1825c3dc7f0a12afd065aff7a4f64d6cdc33b1053c6eb224b0084405a14bdc682dd38e021c61bcad77738f362925c12c2bbbef74e46993136bde894795a8fc881aa61cb80061389697ddceec70ca3298ca526d4065d27661a14c6ae4745372d52ae7a2e525cc5d546d9b3241e5cfa54adc7e19504f943e146fbc8bb0976a5743df001f347a48db4d5c70d9e8806b532f204eeff9ce28e401217ecd301058129b8f5ed9e18680b3ebb279eeddbcfd07a1767c8fe24dc238c3b9575c071f2d8f89dfa72323d84c2c8820d321f92fdc68f1eca73a9b00113c19100fd7f96c5eb93f3ec02e0ae692e9d196dcc94566322a4fcac8e619cf30e311ec401c01c32c679a30a920c6852c75f05b5ac77be4b00c51e81df629b739e495b36d32a502e6eaf1e6fbfac609ed915eda57d339da7c4d51e6f69eb213bf37202fbedb43c710ac11e1dfac7b63024899ec809a17f44c38843c498c9fabb7d7b1a8a82f981ab53cf85fe81445accf45d884abafe82472e07f711c2dc8fe1b1854a427d6424fb3fb3eb6aabb47ed6d4401cfb61b20dce4b925544110aa9d20dcebefd42bcee1003675e4ee8e16b6393eed1f2917ca072904d433febf4ab1e2b495f89c0e9d3f2cbc1c61dcdac2371084593ff8cac38c94db548367277effa382e2af1754f290e3c3b89d06791dd926ba1ba962eeada620486361c2e450f0b00893405017a2d50d5b27414b0660d6419dcbed4cefab1cf55b107751c142ef4be9c6151e1274c1963b19e552fe6fe6b6b8b4932b7fa51f242e9405ee4569cda5efe94a192d6c4e3134751d87875fbafe56a747cdfce83196465397d4e654326f7468855e88704fcadb50ba00160ba9be57a827489fc48e6822093c00fd40b45ee405e0c8a1512400db0e530f2e4a2aaab88fd8336e0f7810d026eaa61f9fb17070bfd048fda0d9c97cc3db7109211bc5b774b9aeb09c99239900c8423ee3f92caad0398a0d8c1d79fe2fcbe6d3d5070f4712313adde46cd467888a8b2d2a566524e405bba9523dd3e8ba64a2ab91c7cae0df53890fd56de402e4077d003736cd27db9a7692fef5c8cbc7c24bb46ad1b49bcb1d3f2dc4afdcaed193c13d54330f15472339540ed89c7f2ac7aa85a99f1bd40a99470732513a8817c11fedfe8112cfd8c47b14dc03d8535d5423f93bfca78786b6136e83ae7870ff4df3a156809e1032e753cfb004a93076fcc8ab7b70a86fcfc35cca6d205c1cc36ea029dd458e440b1569fda2bb795a18f526d7073e45bdce6dc3f28bcd7152b204e1b141f951cad84eb37735202422c206972182a20a0a6d306a60f1fd025da91d5810a4d8e387601cd936db51c61be8e8dc97dbb33f052f8bd96231ff0df97f4be9afc1e02f63fb4a077d1da868132e3335d31a87aa76e4aa20ec8646e7094cfb754d38c294a6c0a37f57e0d5a459e7c28593b67065ba4704a240aa17fa9cffc67196665d864a94571bdc6ce16bf910ae7e937464c768454fee0cd0a3a3f10291ef19754d11fe7321ee49981614e3252e3a2dc7253b3e793ba318bb0c4c4bc5203874e9ec054ac7d6ddc64390f99fc23a446477a82e5a0d8fd70eecb55fc9b7d8be1b9ab76a6e84ddd5d19c036b6602166d100083fe42d736850f1cc6da0d5ff74a9094ad2e3ef7e78b2040bd01f670499c416c40500912a64b9bb8db6677caa6eceb53f216629fbbb8eab0bcd86307a92363ba53308bbeb8bcadc53373df57f9d61d4c3a9744e5e83d3a9632da1c4c8e6a23da7ca8bf3c2eb806f53e788f0dc452d5848b085a572d97d1b65fb3aad4bdf4a658fe7a09507f640bf1047ea5223a01798ce31b45e3c1123e5e24162a58d69a469d6594a88bcf2500394158f473abcb98f9d989bb7e00f9303ab49c6e55a53d80d1303de1520c21c3a77c28f8eaa22e7164944d16d8efcea21e73c8141e10d49356ae87d05807049266203fcb33937798a776bd658d46d3e5e779248a81525e67aaa69b7507cbe51822c68b833711f46b912343d707424b6102e52a375183e0769d4c24a4e51b461edeb93df13473eae2c20a5092f07665fba0620bdd649342585bfc51e625fc76261b0cd99bc1b7d300a938a74ba118a65f593e8d8cc48ec0dd5b91e855a2b9eab8f817859c113e3fac2d2c4780fdff95ed2719514a8594e5e5879e95658ac19e99cec8ad6cb83cce998f4c85ea2629b63f5db720679dfec1dd2ccbf83ac1cd33443d6c1d856642866c36ccd98fe2934c42a8a1648727b97ed62094506e559efd8f7711bdd959dae2664375d70e94d15412a94bd600cb7035e4e1ca4e941b8b2068ba1910c7da8fa73af0ece91c2773d37183d2195079a226ebfd7edf02b56b43b4999b7a271c607bd3a4cca51e96f6057d2e47b9a0a1714fbb80cc61bd02aa6b066d5f20ef579a08da629286fc8bb2d199afd859003b88e8528ae0645e12c77542a1002bc3b622aedd1fc66ad6c40bce12297672dba22ec7e384a77b8e722627b326333bed840f1f658a79c0e04d3dea2b760a0e05d5ad7fabfc7d255a27398b5eb89d911be1727049d79df1352143ac4f56972bb515eb9088eccfc83492d2d77b62d1867851641c1e07c400ee12fef7d97707786a03d07650d8df7c15ae9aaa41712120625b8a9f036128fea79bfd60a3df3acc82874e714b64cd8f277df8ed451717f0f83acce9b2d7fd1022652db98e8cd043799e64d644a0858574eb5c741cb2ecc69cfc354b20c5873a5d13beab8e6925f9cfdc59f14d03e2ae071ac8b9bce94730a442cfe2b44fddd33aacd14c898a35633ef03c2d5f78ea62eef3805547b9ef939c93a3118fc94855e194f6bd6ccbd58abd16149a5973ab3b7292a913f0d8a509a9fda68a5916d87e72d0cd973a98407a9d617485aca1af1eb5fb935cb8e4b3fb4279b09041b64d0025c09d352bb0c47b05af23dadc3629841721a769b74c2032ed6ce8fc39b1940b794d393220b9f06e5af7224167afe029b397fdb7ffe10c9389a8438c938d10607a054487c15ad26bb5f741601692069e89692a973f6c8c9784bf55e7f087eaa7a55134384b0c478f8ee70caa068ec037e1ff9871e6eaaa55a9cc24d10d018a15780827af2cbe1763fe567b1b7bb515f59fec013e22a016ff439abec034c2dae142e87edb62f8bf57fc1488b4d48e9e61fec5dd4a06a29afd4dce97772e4c62069a52c701d919d3300d3eba8f1f0ea84b1b4ce8ab46f8360ca72d81e84f1628b9c268a81642389255ab1b4d620b157895812d3bc3f489c92fd2276a5ee83f389b9a78cd2d0c813db436cb52031b321aab22ed45efe63bec8821285e00faa2a0f04822efb9833dbefbe50c24dc70d13d128daf64ec5863e5ddf26a0697cbe170d066f172293df9ff02693727ff7900b27a87a380a3406eebfe5d38778b37b4933bbfcd1579edd68841a"}, {0x2, 0x0, "01f3a7828b"}, {0xe, 0x2, "3031ab1ca9fbe5ad0f771e8ee53146"}]}}}}}}, 0x0)
r3 = fsopen(&(0x7f0000000400)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000340)='cgroup.stat\x00', 0x300, 0x0)
open_by_handle_at(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000200000007"], 0x40)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_dsack\x00', 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$rxrpc(0x21, 0x2, 0xa)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x0, 0x0, 0xfffffdfc}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
r9 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r9}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

7.714493838s ago: executing program 1 (id=2759):
r0 = socket$igmp(0x2, 0x3, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb261a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2, &(0x7f0000000240)=0x9, 0x4)
setsockopt$sock_int(r1, 0x1, 0x2, &(0x7f00000002c0)=0xffff, 0x4)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x80)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c000000020601020000000000000000000000000c0007800800124000060000050001000600"], 0x4c}}, 0x0)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000180)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x6}, {0x0, [0x30, 0x61, 0x61, 0x4f]}}, &(0x7f00000001c0)=""/199, 0x1e, 0xc7, 0x1, 0x3, 0x10000, @value}, 0x28)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x49, &(0x7f00000000c0)})
bind$bt_hci(r5, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r5, &(0x7f0000000040)=ANY=[], 0x6)
r6 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r6, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
setsockopt$sock_attach_bpf(r6, 0x6, 0xd, &(0x7f0000000000), 0x4)
setsockopt$sock_attach_bpf(r6, 0x1, 0x24, &(0x7f0000000000), 0x4)
write(r4, &(0x7f0000000340)="ad4add7b05aa7618a9a6ca4ca0e606e6d7f26dd535c8e8d3e2c679285c6483da3d265ba2865c3891685846261c2611bd61f009cb159aafcd1f7b7d70cc8300dc6c4bfd3dff0a642b6d5bba1bd995597ac53cbbc238c1fc535c59c259b7e95745959beaa36b15d34ffe2eceb58857924b0d811d0d799b265f6f6ede5317a8d3cbdd771078913476167c094bc2e0c0f6fc35186e165a1e3dea326deffd", 0x9c)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x3, &(0x7f00000006c0)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000002, 0x42073, 0xffffffffffffffff, 0xaba00000)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000240), 0x4)
close(0x3)
r7 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x1)
fsmount(r7, 0x0, 0x20)

7.102499306s ago: executing program 1 (id=2760):
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='suspend_resume\x00', r0}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x1, 0x0, 0xfffffffd}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_io_uring_setup(0x10e, &(0x7f00000004c0)={0x0, 0x310, 0x4000, 0xffffffff, 0x10b}, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_triestat\x00')
preadv(r4, 0x0, 0x0, 0x0, 0x6)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000100005308030000000000000033000000002ddce8f312cc946857fd930000000000000000"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x7, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000ea001d00000000008500000008000000bc09080000000000b60a0100000000000f000000001600003f93001000000000b5030000000000008500040000000000b700000000000400950000000000000002437f00150c18aae55ec83a5ecce650490eff80ed7b610f754a33612a55c02c9de870ad4b82d4676428fff5024fe1420d55780017117cb0d911d2786a853259a56fe4b4a5b8560d13ec17f8319b18d28cafc6ec9f021805633bd30bcbc93d854b91d60a4ab8c88eee29b3dc0222a1d83ed95677a411170e9ca0e3f01cd0449b8da400000000000000000000000000007e5d55e55f27f5ef03436da121d1be6b247961aa8e5e4fc54e6262537bb5215d9cb47a73346e52cf2faf"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
pipe2(&(0x7f0000000480)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
fcntl$setpipe(r6, 0x407, 0x7ffffffe)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000380)={0x2, r6})
socket$inet_tcp(0x2, 0x1, 0x0)
r7 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, 0x0, &(0x7f00000000c0)='%(,:', 0x0)
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee0000000000000000020000", 0x56}, {&(0x7f0000000000)="abd9", 0x2}], 0x2)

6.954598754s ago: executing program 0 (id=2762):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

6.890483725s ago: executing program 3 (id=2763):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x2}, 0xc)
open_tree(0xffffffffffffff9c, &(0x7f0000000200)='\x00', 0x0)
mkdirat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x87}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
ptrace(0x4207, r1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="08000000010003", 0x7)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r4, &(0x7f0000000040)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}], 0x1, 0x0, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000a00)={0x8, {"7e92e4cf5b7ddf03fbbe0fe6510d8072011840a9c23d865569a4d14fff20b7f9cccc980970b40536c44f8d3dd5ed8758cfd0cb14c086d4a6ac0542e812017aa0d7849e88a65e4e4b8a7766261a6fbcd59ab8dd52383bbb1f064aa85ea8b20dfe62f25ac6e5bc371b0bbd859c4b71eac97ad31e8ae87fbbdeb1c695d72ad63f83199c3718bbefa73a4efc393a4b0a1e42dc121ae281b272fc968035a4eb058b591e89ab1b713d78341d2b95768b7966668eb57aff39a78e1fdcb4b72e591af1e9cca644545b9f1a7aa0733d029d0bc6024ae9afa0bcd81bdb045ab2de5dd5af3af3b39286566b71ba9daaf6a5b1e0364e665d9ae068c59e6b82914ad703d5f7fe48fd219941c46993c0ace49f44635391cdb99dcafc2845f20f2641a8386ce48062270219a2cef7f86039adb2638a8138b7598dd3cb455de19b64e0d2ea1e4b46302d68002d5cc781de626f1e8e057c12a8c69730d7f3e444ef1faee533825696e740aa8e464d1c5dd13f18ec48781a8858eee352f69465b1b26220a63347a9f2e2b87e8d1f1849a691f12604feeb1b47f58c753a5bb6d4d03981fa0e3951425687b78e6516b7668fe4d5a6091f49cec0c8da8be0f89fe576fb35e44d724215fb07c8fe05d4d9011cc9a1448ce11e18f197a0e6677225b8f3c3617b9f2e7d035feeffd3abd94287321a5106608a22af339be013b6c057c3b3ef7fb5a714ce92740cf62faea18b00ec198f2f779d280be3eb9bde4f9ba17575ce9b9a319e437cb45ea9e1ce2b8c8bfbe198f1571718489920e93d812534ff58e35a930a3af85cdfc9d7bd55cd885bb59be6ac326f84042abb8803c2b466912f422e4794d398c2fba58c95f3adb7f7df02fe06fff2b3f457af28ea6ccbcda38602a38e180c0071e654f1f75407fcca2a003fa0f693baa078c3adcd3f13f4bff6acd4d93906788bf3cb93141c98a9015e489fa8157ef626dc0e6509c6a1d1d76dd98c344fbc2c4830b222a0719d2fbaf13381d22fbe5d0c90ce2553e7858fb8b2e25e796e6320a2328ecfb8a1571a5f07effd9bc7aa4cc0e07209e1555d4b3e1db350f6f265167ccebc46fc85f4388be0df85f541217a34212986f568552faadda1d0be89918e11d8892fef3aefb51c15e90b9d383d6446c79e0e499ea74667905693774e2cc7533b4cb37093ed97ef9c03daff45ea7146c23c64b7261a6bf3dd47e6beaf0766824d28dc2144871efa52db27ce8cf8262a90b44257921cf3a9060643a73e6cd633577eb1418d3bc3c504c0b056f1a28d382940e2c4c39964dd668fe1128a15df01d0a62caefa9cdb769e581bf2673f838b33b963c4ec0f7deef07df684db97d48d0e1db9f35014be2ea9acf2787cc7d6b5a11f9675970503e16c5353270577684fee484db373ffce364aa30962785a7e6897bf040913582beb9889ea0bd519eda24897006ff70cc4db22f3595a163b33d744a84827f424daae8716c3d2688337763ce9278cca42574b737ee55d9fa8aa80a97870976260a8a9e07765abcbb641c434c671b923e02e7982e25cf30271dbfaee1c606a30ebb04bde1bb88214137de552b86b1259b11b580d6d765d5cd7134a6de8072cbde5fd94c9ed76596dcf75da893a9510821ea8ef8a9ef79bbf57b4705440bb3267c23a1ca95e54ba91e9fe6c0200fd37924bf519784d3b13810e1a0abc58a9ef62612e0ab8cc9fb0c500027e30c04e5772a4065df1ef83f6778f8c2c3c360825bf1db745314c3a0a857c38bc099317ea7c93d02de2acf44abbc017e1139c168cc767bfc4e21e7d4269f1e572332ad420a2bd5989333831ff8acb3fcab1ada0c711c9e431b4ae27a9164384648a6749bac524dfcbe109e9f391c590c744613d0f1159fb092ed2f853c0c04add0e783111ef7cbfaf98dd122d56177621363ea8c7176f1e4c2dd3d94f5918edaab73518e55e6876912a6411faa38f479e0fd9aed468895cf8f9de2b00eeeae9ebd49dd8411c7202127dd48bae96d1163c79978433b7c98639451e1646c786aaf0bd08b14f1ffeb1d61f835e99a50230c0a867b82452fe3fd2605e0beb1be8916733997aed76815c80e6e09b2ca9ec2b92337217e073654e0d633497c2624ec2e3abed78966182e3bb05e1a22cad12b562fcec57db84e07136bdc3be7e5f9ac1e8873f4a1029a2dd5d1cfd11e581ec7c192b97efc02f1fab4a072abd0c975f584ee86aa1f0dccff88ddda727a470ecf8258320dde1bfc9054c1f3530ef6afa157e109215b00edf8f45ad373570ad3f28e19c128144691a67583882e9e84643babfb837ada0d4db4a403f872df08a8df03252ff5d0d093816fea8ed36797eda05838837657816c0d5d077de3bcaa8996b926444353ba1c41ce28ae2805764d8964a02ea51a714e543091ba21218b7a381980d1d72e13ad04990f2d80572ad22e88379137a11d66e564d3fd7bc68c32e32fe503ac537d37315256e5c3908fc1ec7b4cdc9839aff1b55d9ac5ad0571917bf1724661fdf589b9f8c1a599b3316ab7fb863fa23ea2679faea83f8d6408d79a57d41302ead7257ac962abcaed7e5836aadda7aee6165367c9c3a8b20359b238b9485f190600e931429d918b1ac20a9a902b89a0a597490f7e8f9137febaf82db281b261edc17cea371642a7a9e6193b15c0c70322302c3a49b91698273b4850e6b6c58febf69b80cffef663043330ff17a9a9cb92232e903f80791e0c83e0ea14ae5c64676d111c903a26f32fc8bf276790a955624b76173b4c09d0fd66edbf9cc89abb26817323170dcf5f16b31a54d38ce2602d04ab16273f404d2a801f4c0f85c27e8e29b32674f2b6ad7aa53ac1a069c297ce1aad58692f9fa0bd0da125a404c51fd3a6486549af7c2a197ddc4087d1fd5b63fde0a72be1078f24036466c281f1b1e76e9664b5b488fe3f1291ee1d817bb1da52eced89376c6e857c410169e20f25b62c7b343dfd1d24d83835e063782fd87f1e3f14f1a0a7b445ebfd60ba5ee10758f3ae6c6b4abb792de86706a62686537487ef52bbf6f760ffb8adeacddf4fb316243ae0eabc54e7619d20cd3f7d60d49da8f6145eaa6170aa0302c34759a787d79eb3835232d38804bc2548db2dcfa7655566157773bd8e0df3cb4d4128c8cdac03f1fbaab37a985561a299ab203374b8643617371f80ae57cf821d8a0382b340c0860af0a612b7d50830678492fc29ffea37002de2e67357f44be3f7e4bd2641ea6c6b81075795170a9705d5d2b9df91120a78f703d0ada583b5f5d159a91b7f010289a659615ea9f621fcae53c992df4e43fb38b3204f7a6205b1d3112dcf2f01843f346f0b0cee4758bc5e367a38c5b7e1c8cf03aa129679b43762b9da1dddf8c827e6a73a5af5a0a3f8e6fa012fb9c0834d04aac82f820582beeab929613a99f2b8b567b1d4ef57ff58b8757e35c9699bf4a4836e683123d5ea158e8666e576ea38a1e0258c42b4ad92fed0fa5d1f209e2202e36ad2430cd9d7ca8d8fbd68e23f9d3bba1b5774173ee10e082bfb0dc83e3ba4b15ba1d39db2895070b02f6b53e506163d8284e198bea9b733cf24d66f60c59b79c41f4bc5e25515e0f753871106d73a54e6064c172ba374a13a1f71c7f197a79ae854fbf4ca23de609dd05104352186c662e760bfe88982b3c9d6201a1729c8f6969beeb942317260d247cc8274c8fdff60aaf4a533a62ba5a8fbe9dc69fd6ed40fb80a9f6d0cc113564def0e1d3b684b2db39072ba3c0960054e1bbeaff408ee266e6e5a17667ae8abf89e403548f19da9074213e39040566b03b417877be011c647412069694ab79b2462349dd9f1c1a846a0771439523566f585149bebe949a46b78301557f1efe85340cd8d097cce6c98baaa13700e40e0f4355834fb94331b1b0012020cb05dcb422f38a928e80998bd4f046af1f6b1554dc8516833b077ae2c97f46c05f35ebba6b399f2c2f86ef1d8cb610ebd72d5986ca8fd367e4ae7e2f40a07546cdc4d6ed61363b39c5b22233db6ae9e755401d54634972b7c410774bab6e2cd729d15670aa6a62517cfdbbe7b941f20d6d46e8ad231f382a2bbe472b8af40992b8ad8cbfad64637fb04c67916c2919532ef7af2e75ff987044f48e8c34746688b95b28b744f1e38564d7a3cd0549046b5ca347b8b46e24b7dfc21ed236947d5c6b17e259a154856bbeafb1eb48ea9ecc7afb4e050ec440d6cdd9be44ec054ae76f33c5334fe4d3c728313a49a1c1c290c41f30f9223d41a91b434edfe9e4d68fe3937b21b9e3800fa5356080a730f7aba722e8394abbb3d5dbc5661d9e114fe80808d183ac4b29a1a13d5f3f0e135875ae6fdbbdac751cc05b6634134d5a548d94af282f14ed89a7238564f571b38e8627508387c9e519f684da6c406db7927eee60431309a29ad31b9c39c6653659c84b66c3a4d7a077bb09193fafa41866436c7cbb211e338cacd07a1fabedfcae40dccb4e83db2c7edef85ed2b651b8cc573a37d4b43fb952b1ddaa22049833fdffb4f5f88ab9e6637f14ce4061b89a6d1c926ac8c480dbbab496d5ccce1d89cfdf16c6a6a1f667f35c59ffab32943eba6addaf5f2df6ef98f75a80b4f74b18a90b7d6f87a6ee39e414560a97202e42382a3e4fdfbade2591d0c2f5d3c200281ddb954a44b763325a3e10c299d592adc68b5620d52e5d949952f1f64ad1240f55e50c5f7829d5f609e7363b8417c21069d893acf40fc98545b38c412fbfbeee915472a2bf6c84983c42ea553715f791d45a8b0404a57a5477a8771e664030b467b2e904b520992025d5da967f0245abf6b8fd36202fde76cca642f836cc65b5043d71c50285b1f29b705b4ea95f4c62437c05b3b8b0b9176643901b92ae213a9f2197578c38feb17116c254f6cd73c40a26d00a66a2f51b38e07dd0b5faa3aba8da627a17ebe3b906e572de0156c2261c878da38553055ae7a3a8c090175cae92e9618cddd52c8f60dcebe80ce96bb2a16366a627cc98d2bf48ebf9d79d6a33ad95ce8607932802dd7193e0c70a567d8588f278a3e50be89d19eec2ade1bf30794087a526e3f39d6a672bb03a37d66ff6c418d292c80ea8be3118718425d985a02ef7c4a6174c0a2e61f7da2119a4957e75e8edc4794f05a7e2784bd5de45ef3c7b7d733d4e612d29526ede3b0451809d70bbbb88626bc2c2c7133ad58d169d20a527d8f4cda4fa37280d760c8426ba4398ed99f517733a99bef6bf431a13dbe86bcc883a8295d30deb1efd5bff65b3b88e81db6b95da98848cb2fc1b5b04cc8d568c93af3d436cd641f9bc7f5a1309ef14561e9c361f7066d6609189ee537167f853dc2660808338df017a77e2cf2805cd2036411c8f7e413d870eeca51c69b155595e30e0b3fb52d3172c5b9038d74f40ff964a886fe2b674465fafe494255d9c4e98199a4dff44f71899f542207a9a57f0e7d21dd38b94c5e7e0a7854f807a7434a0798101f2bd143cb092b36811afdf7dd77e853ddedbf156cb9c2142c27014bf2ca427abaa44b8a41120678b0c7a939c52a29ae2fb801b49b9af6013a765a9cf33e55d5875a9f8039752979d7f75b4521ce8bd53eaaec36a3d36cb72b80fb53bac067aafb07c83142dd43aabe735736fd02eb5d60d7c8409853e8cb4cd66a29237fb05b6006e5f2231fe6007fb848a8cadc28db4101318393089e510174760d959a44d28bae1c22409f0d55096ed6cac0c8ce077e6c7c9fb9429981d6f4a9d25ac6f3fce009403927ddc606a278f8160bf0126fbebdcd0a4cc27fe3ce0b1b1bb1782", 0x1000}}, 0x1006)

6.775820898s ago: executing program 5 (id=2764):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r4, 0x29, 0x50, 0x0, &(0x7f00000005c0))

5.763571285s ago: executing program 5 (id=2765):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000600)="3001fb90647586f460", 0x9}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

5.417739214s ago: executing program 0 (id=2766):
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x6, 0x3, 0x0, 0x8000002, 0xffffffff, 0xfffffffc}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}]}}}]}, 0x58}}, 0x0)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

5.264741833s ago: executing program 5 (id=2767):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000110000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x1405, 0x400, 0x70bd28, 0x25dfdbfe, "", [{{0x8, 0x1, 0x1}, {0x8, 0x3, 0x3}}]}, 0x20}, 0x1, 0x0, 0x0, 0x495531ee89cbfca6}, 0x20000000)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket(0x2, 0x3, 0xff)
sendmsg$inet(r3, &(0x7f0000000a40)={&(0x7f0000000680)={0x2, 0x4e24, @loopback}, 0x10, 0x0, 0x0, &(0x7f00000009c0)=[@ip_retopts={{0x10}}], 0x10}, 0x24000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000300), 0x109000)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000340)={0x1, 0x2, {0x1, 0x1, 0x0, 0x3, 0x4}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0xfffffffffffffff5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r8, &(0x7f000000ac40)={0x2020}, 0x2020)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000200)='contention_begin\x00', r0}, 0x10)
r9 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
ioctl$IOCTL_STATUS_ACCEL_DEV(r9, 0x40046103, &(0x7f00000002c0)={0x4, 0x4, 0x6, 0x8, 0xd, 0x10, 0x1, 0x5, 0x5, 0xbc, 0x4, "234a420686410a703076db6f2329a03df7e328085037aa0fb4eafcb4490ad091"})

4.923940315s ago: executing program 2 (id=2768):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f00000005c0))

4.362529733s ago: executing program 3 (id=2769):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/vlan/config\x00')
preadv(r3, &(0x7f0000000500)=[{&(0x7f0000000000)=""/82, 0x52}], 0x1, 0x7, 0x1)
pread64(r3, &(0x7f0000000080)=""/17, 0x11, 0xf0b)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000300)='xprtrdma_frwr_sgerr\x00', r3, 0x0, 0x1a00000000}, 0xfffffffffffffdb0)
fchmod(r4, 0xe9)
ioctl$TIOCL_SETSEL(r4, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0xa00, 0x0, 0x80, 0x100}})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{}, &(0x7f0000000240), &(0x7f00000003c0)}, 0x20)

4.271785122s ago: executing program 5 (id=2770):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000030020f003176c400000000001090224725100000000090400001207010300090501020000000000090582020002"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_usb_connect(0x1, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x300, 0xd3, 0x6e, 0xd6, 0x8, 0x19d2, 0xff6c, 0xc0bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x2, 0x6, 0x10, 0x8, [{{0x9, 0x4, 0x3f, 0x1, 0x1, 0xff, 0xff, 0xff, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0x5, 0x5}}], [{{0x9, 0x5, 0xc, 0x10, 0x20, 0x4, 0x7, 0x42}}]}}]}}]}}, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x80000000)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1b, &(0x7f0000000040)=0x7fffffff, 0x4)
syz_usb_control_io$printer(r1, &(0x7f0000000240)={0x14, &(0x7f0000000080)={0x0, 0x5, 0x47, {0x47, 0x23, "17b40c632ab64ebfe787818067ec1dcc23ff1fadd455bdaa10ee83015f1cce286f074eb238492b242a3fec8a308b1ebe4a5cea69cc0d8c543c0c088ea4a33eaa2f876dc9d3"}}, &(0x7f0000000140)={0x0, 0x3, 0x76, @string={0x76, 0x3, "4392be817e85412acb9559a88bb6c505ff5dbb2629f46d3d2803e98adefc7c7ca9241ba641417999ae949226b028d5ec7a0cc49e6223c40892eaf1d482404b336f56ba3335e0e9d17c95db873a521aeb1ebfae45191c1ea57457fecdd1eb636e3f65b188af200a81d360edbfeadc3b682a0cf6da"}}}, &(0x7f0000000500)={0x34, &(0x7f0000000380)={0x20, 0x6, 0xf5, "70ce6393f1e683c92f0fd9707212d470f9a3ccee08524a5c988e60be21aa4cd502a4ab499b5f20d9846237180b1471fa1929115f026effa904db8f5648ad7fc6937513a9338ae68fa7091ef83a2459f6eacd83beafccb630a3c9dbd05bec2d219cd122a88b46fccec25f0e250a6e35aa7e0f2910a5ccaf55b73acf8b59ccab712035558efd6e9e3e2ead293c0368497d345dbbf423824ee8cf164f6e70f4121fb01769e36b69ba66755d2dfa3242f7a12079425dcc9dbeb163fdbf8462bd47bc5639a14d24d46644340dbcb1514faa0c59f68d4492750e7f98d2eeb13b9328c49f3c3f2ba8473c953c5e5e31fde181be826de56b36"}, &(0x7f0000000280)={0x0, 0xa, 0x1, 0x3}, &(0x7f00000002c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000300)={0x20, 0x0, 0x1b, {0x19, "9c49edc323e049d0ae8b55da258448166136d705d027385ab3"}}, &(0x7f0000000480)={0x20, 0x1, 0x1, 0xad}, &(0x7f00000004c0)={0x20, 0x0, 0x1, 0x5}})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x4048aecb, &(0x7f0000000000))
writev(r2, &(0x7f0000001580)=[{&(0x7f0000000340)="80", 0x1}, {0x0}], 0x2)

4.10977376s ago: executing program 2 (id=2771):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x0) (fail_nth: 1)

4.07860194s ago: executing program 0 (id=2772):
r0 = openat2(0xffffffffffffff9c, 0x0, &(0x7f0000000040)={0x5dec27c15c02ebb2, 0x0, 0x4}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_NEW_SERVICE(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0x6}]}]}, 0x4c}}, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000080)={{0x0, 0x0, 0x101, 0x1ec3cec4, 'syz0\x00', 0xb187}, 0x1, [0xc3, 0x1, 0xc4, 0x3, 0xc8e, 0x2, 0x5, 0xb179, 0xfffffffffffff0e5, 0x10001, 0xfffffffffffffff9, 0xff, 0x7ff, 0x7, 0x28000, 0x8, 0x4, 0x7fd, 0x7fff, 0x800, 0x4, 0x3, 0x8, 0x7fffffff, 0xffff, 0x4, 0x10000, 0x0, 0x7, 0x7, 0x8, 0x4, 0x5, 0x4, 0x1, 0x3, 0x0, 0x2, 0x1, 0x5, 0xe, 0xfffffffffffffff9, 0x2, 0x2, 0x0, 0x4, 0x1b37, 0x4, 0x8, 0x8, 0xe0, 0x28, 0x9, 0x7, 0xffff, 0xffffffffffffffff, 0x22, 0x0, 0x9e, 0x2, 0x2, 0x5, 0x8000, 0x401, 0x5, 0x6, 0x5, 0x3, 0x80000000000871d, 0x6, 0x3, 0x6, 0x6, 0xffffffffffffffff, 0x101, 0x8000000000000001, 0x2, 0x7, 0xffffffffffffffff, 0x88a, 0x5, 0x9, 0x3, 0x2, 0x8000000000000001, 0x1, 0x7fff, 0x6, 0x8, 0x0, 0xc0000000, 0x6, 0x800, 0x3, 0x2, 0x400000000000, 0x2, 0x7, 0x1, 0x6, 0x800000000000100, 0x2f3f7787, 0x6, 0x58, 0x3, 0x6, 0x10, 0x6, 0x4, 0x81, 0x6, 0x8, 0xfffffffffffffffa, 0xfff, 0x1, 0x8, 0x4, 0x8, 0x4, 0x7, 0x0, 0x7da38d3, 0x7, 0xffff, 0x5, 0x5, 0xa72, 0x3]})

3.345582143s ago: executing program 2 (id=2773):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000002"], 0x110)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000004c0)={0x2, {{0x2, 0x4e22, @multicast2}}, {{0x2, 0x4e20, @loopback}}}, 0x108) (fail_nth: 1)

3.247701255s ago: executing program 3 (id=2774):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r3, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r3, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)

3.2085704s ago: executing program 2 (id=2775):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x2, &(0x7f0000001c40)=ANY=[@ANYBLOB="85000000a800000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280))
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r5, 0x29, 0x50, 0x0, &(0x7f00000005c0))
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x5, 0x28200)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000100)={r9, 0x0, 0x0, 0x0, 0x0, [], [0x0, 0x4], [0x0, 0x0, 0x0, 0x40000], [0x0, 0x1, 0x1, 0x1]})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000006"], 0x66)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0c000000040000000400000009"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000024c0), &(0x7f0000000280)="043d7be46a4c91bc1af5a82de21d73a660363f1a061aa08c73343c916a589c1365d24fe1bebfc2ccfe38bfa3928ab9dae276e453d9b2fad4069600d32b4009441718f9ac3b65b3eae847831aaf65cbc3660c35e1dd09734c4c47f8f74d4134f9d64d3a9180bad06c9c32c3ec2a2e2c9ef5fb9bce63de2530ac6419db60ddc9975ea3b6835ce41603a32bb4b507de424e41d72e79c6752b098d4bcc959af22fd7f9f7a76d40ef16d70f6b06d9f66924bc192038d19749a95d7a854419783b3be86df1ef5780d6afd54ef6dbbb00d18f046b427f1383a5528b02d98d82f69f819965675a0cb7", 0xffffffff, r10, 0x0, 0x300}, 0x38)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)

3.13949715s ago: executing program 1 (id=2776):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff00", @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000100)=ANY=[@ANYRESHEX=r3, @ANYRES8=r4, @ANYRESHEX=r1], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @log={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LOG_GROUP={0x6, 0x1, 0x1, 0x0, 0x7}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x70}}, 0x0)
dup(0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_coalesce={0xf, 0x80, 0x10000, 0x6, 0xc6, 0x8001, 0xb28e, 0x46, 0x6, 0x81, 0x6, 0x3, 0x8, 0x8008, 0x8000, 0xae, 0x101, 0x2, 0xfff, 0x4d, 0x1000000, 0x1000001, 0x15b}})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a}}, 0x1c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x68, 0x14, 0xf0b, 0xfffffffe, 0x0, {0x2, 0x0, 0x0, 0x0, {0x0, 0xb}, {0xfff1, 0x5}, {0x6, 0xffff}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}}, {0x4}}, {{0x1c, 0x1, {0xd, 0x4, 0xc, 0x487, 0x1, 0x0, 0xfffffffc}}, {0x4}}]}]}, 0x68}}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
dup(0xffffffffffffffff)

3.075469929s ago: executing program 0 (id=2777):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x18)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r2, 0x8914, &(0x7f0000000000))
r3 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448e4, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r4 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
bind$ax25(r4, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48)
ioctl$EVIOCGABS0(0xffffffffffffffff, 0x80184540, 0x0)
connect$ax25(r4, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_ifreq(r3, 0x8990, &(0x7f0000000180)={'bond0\x00', @ifru_names='rose0\x00'})

1.787853502s ago: executing program 0 (id=2778):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f00080000000000000000850000000e000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0xc3000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000755f3220dd1700555ed3010203010902120001000000000904000000f042a400a1abc03f6cc4be4648abd52af7cc95fb23237952c790f57c434efe42ae512ef14e75aa7c04f6badd2c894cf96c5770ee142554a97d8ca9e91d8e1e2daa6f0aebd28ac860248dd9b61a655aa73703fa871fc8a95fb083673f"], 0x0)
r1 = mq_open(&(0x7f0000000040)='!se\xf7ih,\x17i\xacP\xe6lNnuxselinux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000300)={0xfffffffffffffffd, 0x1, 0x7, 0x4})
mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0)

1.55052424s ago: executing program 1 (id=2779):
r0 = socket(0x10, 0x80002, 0x0)
r1 = openat$yama_ptrace_scope(0xffffff9c, 0x0, 0x2, 0x0)
ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
socket$nl_route(0x10, 0x3, 0x0)
r5 = gettid()
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@var={0x4, 0x0, 0x0, 0xe, 0x3}, @func={0x1, 0x0, 0x0, 0x12}, @ptr={0x0, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x2e]}}, 0x0, 0x43, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001440)=ANY=[@ANYBLOB="1c0000005e0021a5553ff73042486134529f62054673877e37"], 0x1c}}, 0x0)
recvmmsg$unix(r0, &(0x7f0000002380)=[{{0x0, 0x0, &(0x7f0000001340)=[{&(0x7f00000002c0)=""/4096, 0x1004}], 0x1}}], 0x8, 0x34000, 0x0)

1.548577436s ago: executing program 3 (id=2780):
r0 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r0, &(0x7f0000000100)={0x11, 0x4}, 0x14)
syz_emit_ethernet(0x46, &(0x7f00000000c0)=ANY=[], 0x0)

1.463161447s ago: executing program 3 (id=2781):
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000040)=0x2800, 0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x54, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x28, 0x1e, 0x1, 0x0, 0x25dfdbff, {0x7}, [@NDA_LLADDR={0xa}]}, 0x28}}, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
r5 = creat(&(0x7f0000000080)='./file0\x00', 0x8d)
close(r5)
socket$unix(0x1, 0x5, 0x0)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="0100"])
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{0x6, 0x3, 0x0, 0x8000002, 0xffffffff, 0xfffffffc}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd}}]}}}]}, 0x58}}, 0x0)
sendmsg$inet(r0, &(0x7f00000015c0)={0x0, 0x14, &(0x7f0000001600)=[{&(0x7f0000000240)=' ', 0xffffff1f}], 0x1}, 0x0)

1.396336572s ago: executing program 2 (id=2782):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet6_int(r0, 0x29, 0x50, 0x0, &(0x7f00000005c0))

1.244322188s ago: executing program 2 (id=2783):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
socket$nl_audit(0x10, 0x3, 0x9)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x17, 0x4, 0x6, 0xfffa}, 0x1d, [0x2, 0xc95a, 0x1, 0x9, 0x80, 0x2, 0x3, 0x3f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x6, 0x0, 0x5, 0x4, 0x7, 0xa, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x87fff, 0xb, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x71, 0x2, 0x6, 0x3, 0x2, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x92a3, 0x4, 0x1, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000004, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x1000, 0xfffffffc, 0x3, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x1, 0x4, 0x8000, 0x9, 0x3fe, 0x401, 0x6, 0x1, 0xff, 0x5, 0x3, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5bf0f272, 0x8040, 0x1, 0xfe000000, 0x9, 0x2, 0x7f, 0x9, 0x3, 0x7fffffff, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c9368e, 0x42, 0x2], [0x7, 0x6, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x1, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x1, 0x8, 0x86, 0x1, 0x9, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x3, 0x8, 0x4, 0x8001, 0x9, 0x38, 0xff, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x10002, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x200, 0x6, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x25], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x1, 0x3d9, 0x4006, 0x0, 0x5, 0xce7, 0x200, 0x2, 0x7, 0x5, 0x1003, 0x102, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0x0, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0xb, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x4, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x3ff, 0xffff3441, 0xfff]}, 0x45c)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
creat(&(0x7f0000000240)='./file0\x00', 0x122)
setxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003ac9bcc20d118af1ebb5a0102030109022400010700800b0904bb06023ae504000905070020000508ce090503021000750102"], &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, &(0x7f0000000e80)={0x84, &(0x7f0000000140)=ANY=[@ANYBLOB="400d02000000e21db615f8cd85b027597f57"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f00000006c0)=@v2={0x2000000, [{0x2, 0xeec}, {0xe8000000, 0xffff8000}]}, 0x14, 0x1)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x508, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x568)
syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x40082)
syz_emit_vhci(&(0x7f0000000180)=ANY=[], 0xc)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x24)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r5, 0x6, 0xb, 0x0, &(0x7f0000000100))
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000"], 0x7c}}, 0x0)

578.949946ms ago: executing program 5 (id=2784):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000000c0)=0x6)
read$dsp(r0, &(0x7f00000011c0)=""/4117, 0x200021d5) (fail_nth: 1)

546.203964ms ago: executing program 3 (id=2785):
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000001980)={0x2, 0x0, @empty}, 0x10)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="38000000031401002cbd7000fcdbdf250900020073797a32000000000800410073697700140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x400c844)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x18, 0x1404, 0x1, 0x70bd2d, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x671ec167a4b76164}, 0x0)

433.800111ms ago: executing program 1 (id=2786):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0xb8}}, 0x4004)
socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x7d, &(0x7f0000000000)=@sack_info={0x0, 0xff, 0x10000}, 0xc)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000040)=ANY=[], 0xb8}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r2)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="1400000013000159993dde440113e90005"], 0x14}], 0x1, 0x0, 0x0, 0x24049080}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000003c0)={'batadv0\x00', <r5=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x1c, r3, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="b8000000190001004000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000029000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000900000000000000000000000000000000000000000000000200000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0700"/112], 0xb8}}, 0x10)

0s ago: executing program 5 (id=2787):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3cd2e7b3d6526bf5}}}, 0x68}}, 0x0)
r1 = socket$kcm(0x2, 0x3, 0x84)
sendmsg$inet(r1, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000600)="3001fb90647586f4601659c5ad", 0xd}], 0x1, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

kernel console output (not intermixed with test programs):

45] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1188.426540][ T9627] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[ 1188.591756][ T9627] usb 4-1: Using ep0 maxpacket: 32
[ 1188.622892][ T9627] usb 4-1: config 0 has an invalid interface number: 183 but max is 0
[ 1188.656119][ T9627] usb 4-1: config 0 has no interface number 0
[ 1188.679596][ T9627] usb 4-1: config 0 interface 183 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528
[ 1188.918376][T16162] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2476'.
[ 1189.046882][ T9627] usb 4-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8
[ 1189.098435][ T9627] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.124972][ T9627] usb 4-1: Product: syz
[ 1189.192520][T16167] netlink: 'syz.0.2471': attribute type 10 has an invalid length.
[ 1189.200926][T16167] netlink: 55 bytes leftover after parsing attributes in process `syz.0.2471'.
[ 1189.368786][ T9627] usb 4-1: Manufacturer: syz
[ 1189.408905][ T9627] usb 4-1: SerialNumber: syz
[ 1189.569635][ T9627] usb 4-1: config 0 descriptor??
[ 1189.579425][T16155] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1190.684950][T16177] netlink: 'syz.3.2474': attribute type 10 has an invalid length.
[ 1190.696368][T16177] netlink: 55 bytes leftover after parsing attributes in process `syz.3.2474'.
[ 1191.221518][ T5928] net1080 1-1:0.183: probe with driver net1080 failed with error -71
[ 1191.312637][ T5928] usb 1-1: USB disconnect, device number 29
[ 1192.068021][ T3568] IPVS: stop unused estimator thread 0...
[ 1192.854378][T16203] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2482'.
[ 1194.560199][ T9627] net1080 4-1:0.183: probe with driver net1080 failed with error -71
[ 1194.598024][ T9627] usb 4-1: USB disconnect, device number 23
[ 1198.411884][T16282] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2498'.
[ 1199.367174][T16293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1200.365371][ T9627] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 1200.739909][ T9627] usb 3-1: Using ep0 maxpacket: 32
[ 1200.796326][ T9627] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1200.805183][ T9627] usb 3-1: config 7 has an invalid interface number: 187 but max is 0
[ 1200.813624][ T9627] usb 3-1: config 7 has no interface number 0
[ 1200.827820][ T9627] usb 3-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[ 1200.840446][ T9627] usb 3-1: config 7 interface 187 has no altsetting 0
[ 1200.854471][ T9627] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1200.865438][ T9627] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.873700][ T9627] usb 3-1: Product: syz
[ 1200.983153][ T9627] usb 3-1: Manufacturer: syz
[ 1201.273813][T16317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1201.639993][ T9627] usb 3-1: SerialNumber: syz
[ 1201.708090][T16300] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1202.348378][ T9627] usb 3-1: Cannot retrieve CPort count: -110
[ 1202.358530][ T9627] usb 3-1: Cannot retrieve CPort count: -110
[ 1202.389939][ T9627] es2_ap_driver 3-1:7.187: probe with driver es2_ap_driver failed with error -110
[ 1202.659484][ T5875] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1203.335315][ T5875] usb 1-1: Using ep0 maxpacket: 32
[ 1203.351506][ T5875] usb 1-1: config 64 has an invalid interface number: 4 but max is 0
[ 1203.359723][ T5875] usb 1-1: config 64 has no interface number 0
[ 1203.379165][ T5875] usb 1-1: config 64 interface 4 has no altsetting 0
[ 1203.394774][ T5875] usb 1-1: New USB device found, idVendor=05c6, idProduct=9215, bcdDevice=28.46
[ 1203.410144][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1203.442390][ T5875] usb 1-1: Product: syz
[ 1203.456213][ T5875] usb 1-1: Manufacturer: syz
[ 1203.479173][ T5875] usb 1-1: SerialNumber: syz
[ 1203.898897][T16344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1203.908176][T16344] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1204.746872][ T5822] usb 3-1: USB disconnect, device number 31
[ 1206.056562][ T5875] qmi_wwan 1-1:64.4: probe with driver qmi_wwan failed with error -22
[ 1206.092165][ T5875] usb 1-1: USB disconnect, device number 30
[ 1208.303012][T16395] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1208.317303][T16395] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1209.880883][T16411] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2520'.
[ 1209.912109][T16413] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1209.930412][T16413] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1209.954700][T15175] Bluetooth: hci3: command 0x0406 tx timeout
[ 1210.185547][ T5875] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1210.351518][ T5875] usb 6-1: Using ep0 maxpacket: 32
[ 1210.657058][ T5875] usb 6-1: config 0 has an invalid interface number: 183 but max is 0
[ 1210.729411][ T5875] usb 6-1: config 0 has no interface number 0
[ 1210.778550][ T5875] usb 6-1: config 0 interface 183 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528
[ 1210.822065][ T5875] usb 6-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8
[ 1210.842004][ T5875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1210.865475][ T5875] usb 6-1: Product: syz
[ 1210.870950][ T5875] usb 6-1: Manufacturer: syz
[ 1210.918136][ T5875] usb 6-1: SerialNumber: syz
[ 1210.951404][ T5875] usb 6-1: config 0 descriptor??
[ 1211.026721][T16412] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1211.166903][T16432] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1215.008998][T16471] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2529'.
[ 1216.682429][ T5875] net1080 6-1:0.183: probe with driver net1080 failed with error -110
[ 1216.781958][ T5928] usb 6-1: USB disconnect, device number 4
[ 1220.775480][T15725] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1221.084629][T15725] usb 6-1: Using ep0 maxpacket: 32
[ 1221.097248][T15725] usb 6-1: config 0 has an invalid interface number: 222 but max is 0
[ 1221.130304][T15725] usb 6-1: config 0 has no interface number 0
[ 1221.152712][T15725] usb 6-1: New USB device found, idVendor=0ab4, idProduct=0010, bcdDevice=61.2f
[ 1221.259736][T16549] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1221.660622][T15725] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1221.697253][T15725] usb 6-1: Product: syz
[ 1221.786699][T15725] usb 6-1: Manufacturer: syz
[ 1221.805319][T15725] usb 6-1: SerialNumber: syz
[ 1221.882095][T15725] usb 6-1: config 0 descriptor??
[ 1221.927887][T15725] esd_usb 6-1:0.222: sending version message failed
[ 1221.934576][T15725] esd_usb 6-1:0.222: probe with driver esd_usb failed with error -22
[ 1223.265987][   T93] usb 6-1: USB disconnect, device number 5
[ 1223.595660][T16581] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1226.659527][T16622] FAULT_INJECTION: forcing a failure.
[ 1226.659527][T16622] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 1226.892203][T16626] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1227.524948][T16622] CPU: 1 UID: 0 PID: 16622 Comm: syz.5.2555 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1227.524976][T16622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1227.524987][T16622] Call Trace:
[ 1227.524992][T16622]  <TASK>
[ 1227.524998][T16622]  dump_stack_lvl+0x16c/0x1f0
[ 1227.525028][T16622]  should_fail_ex+0x512/0x640
[ 1227.525052][T16622]  strncpy_from_user+0x3b/0x2e0
[ 1227.525074][T16622]  getname_flags.part.0+0x8f/0x550
[ 1227.525095][T16622]  getname_flags+0x93/0xf0
[ 1227.525115][T16622]  user_path_at+0x24/0x60
[ 1227.525136][T16622]  __x64_sys_mount+0x1fc/0x310
[ 1227.525160][T16622]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1227.525187][T16622]  do_syscall_64+0xcd/0x4c0
[ 1227.525211][T16622]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1227.525231][T16622] RIP: 0033:0x7fc1d638e929
[ 1227.525244][T16622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1227.525258][T16622] RSP: 002b:00007fc1d71be038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1227.525273][T16622] RAX: ffffffffffffffda RBX: 00007fc1d65b6080 RCX: 00007fc1d638e929
[ 1227.525283][T16622] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000200000000040
[ 1227.525292][T16622] RBP: 00007fc1d71be090 R08: 0000000000000000 R09: 0000000000000000
[ 1227.525300][T16622] R10: 000000000008184c R11: 0000000000000246 R12: 0000000000000001
[ 1227.525309][T16622] R13: 0000000000000000 R14: 00007fc1d65b6080 R15: 00007ffc53471108
[ 1227.525330][T16622]  </TASK>
[ 1227.853609][   T30] kauditd_printk_skb: 5 callbacks suppressed
[ 1227.853636][   T30] audit: type=1400 audit(1750736990.992:609): avc:  denied  { unmount } for  pid=15173 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1228.192300][T16639] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1228.201450][T16639] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1229.489575][   T30] audit: type=1400 audit(1750736992.632:610): avc:  denied  { getopt } for  pid=16651 comm="syz.1.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1229.552399][   T30] audit: type=1400 audit(1750736992.632:611): avc:  denied  { setopt } for  pid=16651 comm="syz.1.2566" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1229.701047][T16660] FAULT_INJECTION: forcing a failure.
[ 1229.701047][T16660] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1229.752014][T16662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=50630 sclass=netlink_route_socket pid=16662 comm=syz.3.2569
[ 1229.760260][T16660] CPU: 0 UID: 0 PID: 16660 Comm: syz.0.2568 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1229.760291][T16660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1229.760301][T16660] Call Trace:
[ 1229.760308][T16660]  <TASK>
[ 1229.760316][T16660]  dump_stack_lvl+0x16c/0x1f0
[ 1229.760343][T16660]  should_fail_ex+0x512/0x640
[ 1229.760368][T16660]  _copy_from_user+0x2e/0xd0
[ 1229.760391][T16660]  copy_msghdr_from_user+0x98/0x160
[ 1229.760413][T16660]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1229.760444][T16660]  ___sys_sendmsg+0xfe/0x1d0
[ 1229.760466][T16660]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1229.760486][T16660]  ? __lock_acquire+0x622/0x1c90
[ 1229.760536][T16660]  __sys_sendmsg+0x16d/0x220
[ 1229.760557][T16660]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1229.760592][T16660]  do_syscall_64+0xcd/0x4c0
[ 1229.760616][T16660]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1229.760642][T16660] RIP: 0033:0x7f4efff8e929
[ 1229.760656][T16660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1229.760671][T16660] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1229.760690][T16660] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1229.760701][T16660] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003
[ 1229.760711][T16660] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1229.760721][T16660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1229.760731][T16660] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1229.760752][T16660]  </TASK>
[ 1230.644669][T16678] FAULT_INJECTION: forcing a failure.
[ 1230.644669][T16678] name failslab, interval 1, probability 0, space 0, times 1
[ 1230.670873][   T30] audit: type=1400 audit(1750736993.782:612): avc:  denied  { read } for  pid=16670 comm="syz.0.2573" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1230.725359][T16678] CPU: 1 UID: 0 PID: 16678 Comm: syz.3.2569 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1230.725393][T16678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1230.725405][T16678] Call Trace:
[ 1230.725412][T16678]  <TASK>
[ 1230.725420][T16678]  dump_stack_lvl+0x16c/0x1f0
[ 1230.725451][T16678]  should_fail_ex+0x512/0x640
[ 1230.725475][T16678]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1230.725502][T16678]  should_failslab+0xc2/0x120
[ 1230.725528][T16678]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1230.725550][T16678]  ? __alloc_skb+0x2b2/0x380
[ 1230.725578][T16678]  __alloc_skb+0x2b2/0x380
[ 1230.725601][T16678]  ? __pfx___alloc_skb+0x10/0x10
[ 1230.725628][T16678]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1230.725662][T16678]  netlink_alloc_large_skb+0x69/0x130
[ 1230.725681][T16678]  netlink_sendmsg+0x6a1/0xdd0
[ 1230.725704][T16678]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1230.725731][T16678]  ____sys_sendmsg+0xa95/0xc70
[ 1230.725751][T16678]  ? copy_msghdr_from_user+0x10a/0x160
[ 1230.725781][T16678]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1230.725812][T16678]  ___sys_sendmsg+0x134/0x1d0
[ 1230.725838][T16678]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1230.725861][T16678]  ? __lock_acquire+0x622/0x1c90
[ 1230.725920][T16678]  __sys_sendmsg+0x16d/0x220
[ 1230.725945][T16678]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1230.725968][T16678]  ? irqentry_exit+0x3b/0x90
[ 1230.726009][T16678]  do_syscall_64+0xcd/0x4c0
[ 1230.726035][T16678]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1230.726053][T16678] RIP: 0033:0x7f8205f8e929
[ 1230.726069][T16678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1230.726087][T16678] RSP: 002b:00007f8206de6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1230.726107][T16678] RAX: ffffffffffffffda RBX: 00007f82061b6160 RCX: 00007f8205f8e929
[ 1230.726119][T16678] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000f
[ 1230.726130][T16678] RBP: 00007f8206de6090 R08: 0000000000000000 R09: 0000000000000000
[ 1230.726141][T16678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1230.726152][T16678] R13: 0000000000000000 R14: 00007f82061b6160 R15: 00007fff11432c38
[ 1230.726176][T16678]  </TASK>
[ 1230.967441][ T5928] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[ 1231.135390][ T5928] usb 2-1: Using ep0 maxpacket: 32
[ 1231.142701][ T5928] usb 2-1: config 0 has an invalid interface number: 222 but max is 0
[ 1231.151063][ T5928] usb 2-1: config 0 has no interface number 0
[ 1231.159426][ T5928] usb 2-1: New USB device found, idVendor=0ab4, idProduct=0010, bcdDevice=61.2f
[ 1231.168829][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1231.177013][ T5928] usb 2-1: Product: syz
[ 1231.181345][ T5928] usb 2-1: Manufacturer: syz
[ 1231.186168][ T5928] usb 2-1: SerialNumber: syz
[ 1231.194022][ T5928] usb 2-1: config 0 descriptor??
[ 1231.202883][ T5928] esd_usb 2-1:0.222: sending version message failed
[ 1231.209753][ T5928] esd_usb 2-1:0.222: probe with driver esd_usb failed with error -22
[ 1231.428526][T16685] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2572'.
[ 1232.525651][ T5928] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 1233.490094][T15725] usb 2-1: USB disconnect, device number 31
[ 1233.853960][T16703] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1233.863547][T16702] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1233.907663][ T5928] usb 3-1: Using ep0 maxpacket: 32
[ 1233.953072][ T5928] usb 3-1: config 0 has an invalid interface number: 222 but max is 0
[ 1234.159731][ T5928] usb 3-1: config 0 has no interface number 0
[ 1234.168890][ T5928] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0010, bcdDevice=61.2f
[ 1234.178146][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1234.207200][ T5928] usb 3-1: Product: syz
[ 1234.225307][ T5928] usb 3-1: Manufacturer: syz
[ 1234.368072][ T5928] usb 3-1: SerialNumber: syz
[ 1234.398205][ T5928] usb 3-1: config 0 descriptor??
[ 1234.418926][   T30] audit: type=1400 audit(1750736997.572:613): avc:  denied  { create } for  pid=16710 comm="syz.3.2580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1234.441301][ T5928] esd_usb 3-1:0.222: sending version message failed
[ 1234.517348][T16712] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1234.940994][   T30] audit: type=1400 audit(1750736997.572:614): avc:  denied  { append } for  pid=16710 comm="syz.3.2580" name="nbd3" dev="devtmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1234.947405][ T5928] esd_usb 3-1:0.222: probe with driver esd_usb failed with error -22
[ 1235.730223][ T5875] usb 3-1: USB disconnect, device number 32
[ 1235.931076][   T30] audit: type=1400 audit(1750736997.572:615): avc:  denied  { write } for  pid=16710 comm="syz.3.2580" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[ 1236.125371][T16729] FAULT_INJECTION: forcing a failure.
[ 1236.125371][T16729] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1236.138585][T16729] CPU: 0 UID: 0 PID: 16729 Comm: syz.1.2582 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1236.138609][T16729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1236.138619][T16729] Call Trace:
[ 1236.138625][T16729]  <TASK>
[ 1236.138632][T16729]  dump_stack_lvl+0x16c/0x1f0
[ 1236.138662][T16729]  should_fail_ex+0x512/0x640
[ 1236.138688][T16729]  _copy_from_user+0x2e/0xd0
[ 1236.138714][T16729]  core_sys_select+0x2c8/0xc10
[ 1236.138743][T16729]  ? __pfx_core_sys_select+0x10/0x10
[ 1236.138763][T16729]  ? __schedule+0x1181/0x5de0
[ 1236.138809][T16729]  ? set_user_sigmask+0x21b/0x2b0
[ 1236.138829][T16729]  ? __pfx_set_user_sigmask+0x10/0x10
[ 1236.138847][T16729]  ? rcu_is_watching+0x12/0xc0
[ 1236.138868][T16729]  ? irqentry_exit+0x3b/0x90
[ 1236.138894][T16729]  do_pselect.constprop.0+0x19f/0x1e0
[ 1236.138918][T16729]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[ 1236.138942][T16729]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1236.138965][T16729]  ? __sanitizer_cov_trace_pc+0x8/0x70
[ 1236.138989][T16729]  __x64_sys_pselect6+0x182/0x240
[ 1236.139012][T16729]  ? __pfx___x64_sys_pselect6+0x10/0x10
[ 1236.139043][T16729]  do_syscall_64+0xcd/0x4c0
[ 1236.139069][T16729]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1236.139086][T16729] RIP: 0033:0x7fcd0dd8e929
[ 1236.139100][T16729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1236.139116][T16729] RSP: 002b:00007fcd0bbf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[ 1236.139133][T16729] RAX: ffffffffffffffda RBX: 00007fcd0dfb6080 RCX: 00007fcd0dd8e929
[ 1236.139144][T16729] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000040
[ 1236.139154][T16729] RBP: 00007fcd0bbf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1236.139164][T16729] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[ 1236.139174][T16729] R13: 0000000000000001 R14: 00007fcd0dfb6080 R15: 00007ffe3bdc6d28
[ 1236.139197][T16729]  </TASK>
[ 1236.412886][T16731] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1237.295365][T16750] FAULT_INJECTION: forcing a failure.
[ 1237.295365][T16750] name failslab, interval 1, probability 0, space 0, times 0
[ 1237.308164][T16750] CPU: 1 UID: 0 PID: 16750 Comm: syz.3.2584 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1237.308188][T16750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1237.308199][T16750] Call Trace:
[ 1237.308205][T16750]  <TASK>
[ 1237.308211][T16750]  dump_stack_lvl+0x16c/0x1f0
[ 1237.308242][T16750]  should_fail_ex+0x512/0x640
[ 1237.308264][T16750]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1237.308290][T16750]  should_failslab+0xc2/0x120
[ 1237.308316][T16750]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1237.308338][T16750]  ? __alloc_skb+0x2b2/0x380
[ 1237.308364][T16750]  __alloc_skb+0x2b2/0x380
[ 1237.308385][T16750]  ? __pfx___alloc_skb+0x10/0x10
[ 1237.308417][T16750]  pfkey_sendmsg+0x16e/0x850
[ 1237.308448][T16750]  ____sys_sendmsg+0xa95/0xc70
[ 1237.308467][T16750]  ? copy_msghdr_from_user+0x10a/0x160
[ 1237.308495][T16750]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1237.308518][T16750]  ? __pfx__kstrtoull+0x10/0x10
[ 1237.308541][T16750]  ___sys_sendmsg+0x134/0x1d0
[ 1237.308565][T16750]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1237.308601][T16750]  ? find_held_lock+0x2b/0x80
[ 1237.308639][T16750]  __sys_sendmmsg+0x200/0x420
[ 1237.308666][T16750]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1237.308710][T16750]  ? fput+0x70/0xf0
[ 1237.308736][T16750]  ? ksys_write+0x1ac/0x250
[ 1237.308762][T16750]  __x64_sys_sendmmsg+0x9c/0x100
[ 1237.308786][T16750]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1237.308810][T16750]  do_syscall_64+0xcd/0x4c0
[ 1237.308836][T16750]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1237.308854][T16750] RIP: 0033:0x7f8205f8e929
[ 1237.308869][T16750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1237.308886][T16750] RSP: 002b:00007f8206de6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1237.308903][T16750] RAX: ffffffffffffffda RBX: 00007f82061b6160 RCX: 00007f8205f8e929
[ 1237.308914][T16750] RDX: 000000000400008a RSI: 0000200000000180 RDI: 0000000000000009
[ 1237.308925][T16750] RBP: 00007f8206de6090 R08: 0000000000000000 R09: 0000000000000000
[ 1237.308935][T16750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1237.308945][T16750] R13: 0000000000000000 R14: 00007f82061b6160 R15: 00007fff11432c38
[ 1237.308969][T16750]  </TASK>
[ 1237.552912][   T30] audit: type=1400 audit(1750737000.382:616): avc:  denied  { ioctl } for  pid=16748 comm="syz.2.2589" path="socket:[42495]" dev="sockfs" ino=42495 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1237.614308][   T30] audit: type=1400 audit(1750737000.382:617): avc:  denied  { bind } for  pid=16748 comm="syz.2.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1237.663020][   T30] audit: type=1400 audit(1750737000.752:618): avc:  denied  { write } for  pid=16748 comm="syz.2.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1237.685816][   T30] audit: type=1400 audit(1750737000.802:619): avc:  denied  { setopt } for  pid=16748 comm="syz.2.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1237.707050][   T30] audit: type=1400 audit(1750737000.802:620): avc:  denied  { bind } for  pid=16748 comm="syz.2.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1237.726437][   T30] audit: type=1400 audit(1750737000.862:621): avc:  denied  { write } for  pid=16748 comm="syz.2.2589" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1238.528755][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.283383][T16779] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1239.594276][T16776] binder: 16775:16776 ioctl c0306201 0 returned -14
[ 1239.775132][T16785] CUSE: unknown device info "�KJéH+ßãÛ¤2Lh¸änLþ1Õ`†CcÝòn§õ†îì8­¨×0º©®(À3Õ¶ië®â>f¡Çè_Ù®,�°
ð<Ö_e¤FÀÆ"
[ 1239.804990][T16785] CUSE: unknown device info "3�ÜŸ•,²¥Ì˜õ"
[ 1239.873785][T16785] CUSE: unknown device info "Jô©Ð2SZûü !e/ëÅúãõž‘­J½+-n´¸a4¼ßØÁDÿ|G$öó­5O~©q	´ƒ
[ 1239.873785][T16785] f𳦧ìýzóÚXÁSAäx¡Ùjª½T¾Ç”¨åw—üæšxR�É�Q÷®(hÒ�j	pøVdY0¨Æ|M?2JÿúIšvö^
RÎ@´å"
[ 1239.896423][T16785] CUSE: unknown device info "!ToÛ}Ý�&|L+U²‡â"
[ 1239.902624][T16785] CUSE: unknown device info "ϲ±„Ð"–¨FstVµ:׌E•gJºî‹ÂÁ<@cÁ”²ûŽ4ÊTáM˜M|©·š‚ô"
[ 1239.979662][T16785] CUSE: DEVNAME unspecified
[ 1239.980727][T16788] =======================================================
[ 1239.980727][T16788] WARNING: The mand mount option has been deprecated and
[ 1239.980727][T16788]          and is ignored by this kernel. Remove the mand
[ 1239.980727][T16788]          option from the mount to silence this warning.
[ 1239.980727][T16788] =======================================================
[ 1239.990180][   T30] audit: type=1400 audit(1750737003.132:622): avc:  denied  { mounton } for  pid=16784 comm="syz.2.2595" path="/528/file0/file0" dev="afs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[ 1240.019029][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1240.469771][   T48] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[ 1240.725447][   T48] usb 4-1: Using ep0 maxpacket: 32
[ 1241.227265][   T48] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1241.303114][   T48] usb 4-1: config 7 has an invalid interface number: 187 but max is 0
[ 1241.321749][   T48] usb 4-1: config 7 has no interface number 0
[ 1241.343989][   T48] usb 4-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[ 1241.396074][   T48] usb 4-1: config 7 interface 187 has no altsetting 0
[ 1241.448575][   T48] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1241.460042][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1241.483563][   T48] usb 4-1: Product: syz
[ 1241.508538][   T48] usb 4-1: Manufacturer: syz
[ 1241.534389][   T48] usb 4-1: SerialNumber: syz
[ 1241.568912][T16801] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1241.819649][   T48] usb 4-1: Limiting number of CPorts to U8_MAX
[ 1241.858817][   T48] usb 4-1: Unknown endpoint type found, address 0x07
[ 1241.890232][   T48] usb 4-1: Not enough endpoints found in device, aborting!
[ 1242.649525][   T30] audit: type=1400 audit(1750737005.802:623): avc:  denied  { append } for  pid=16840 comm="syz.1.2602" name="usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1242.682430][   T30] audit: type=1400 audit(1750737005.802:624): avc:  denied  { open } for  pid=16840 comm="syz.1.2602" path="/dev/usbmon5" dev="devtmpfs" ino=731 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[ 1242.811036][T16841] 9pnet_fd: Insufficient options for proto=fd
[ 1243.323668][   T30] audit: type=1400 audit(1750737006.472:625): avc:  denied  { read } for  pid=16850 comm="syz.1.2604" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1243.367818][   T30] audit: type=1400 audit(1750737006.472:626): avc:  denied  { open } for  pid=16850 comm="syz.1.2604" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1243.391432][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.467359][   T30] audit: type=1400 audit(1750737006.482:627): avc:  denied  { ioctl } for  pid=16850 comm="syz.1.2604" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x460f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1243.492436][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.545782][ T5868] usb 4-1: USB disconnect, device number 24
[ 1243.845761][   T30] audit: type=1400 audit(1750737006.782:628): avc:  denied  { name_connect } for  pid=16856 comm="syz.2.2606" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[ 1244.435372][   T30] audit: type=1400 audit(1750737006.852:629): avc:  denied  { listen } for  pid=16856 comm="syz.2.2606" lport=55704 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1244.555415][   T30] audit: type=1400 audit(1750737006.972:630): avc:  denied  { remount } for  pid=16862 comm="syz.3.2607" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1245.167103][   T30] audit: type=1400 audit(1750737007.102:631): avc:  denied  { accept } for  pid=16856 comm="syz.2.2606" lport=55704 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1245.277898][T16872] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2606'.
[ 1245.280308][   T30] audit: type=1400 audit(1750737007.102:632): avc:  denied  { unmount } for  pid=5808 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1245.487997][T16880] syzkaller1: entered promiscuous mode
[ 1245.518062][T16880] syzkaller1: entered allmulticast mode
[ 1246.169753][T16884] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=16884 comm=syz.5.2612
[ 1246.198925][T16884] netlink: 'syz.5.2612': attribute type 10 has an invalid length.
[ 1246.206909][T16884] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2612'.
[ 1246.396517][T16884] dummy0: entered promiscuous mode
[ 1246.406765][T16884] bridge0: port 3(dummy0) entered blocking state
[ 1246.413855][T16884] bridge0: port 3(dummy0) entered disabled state
[ 1246.421597][T16884] dummy0: entered allmulticast mode
[ 1246.445136][T16884] bridge0: port 3(dummy0) entered blocking state
[ 1246.451827][T16884] bridge0: port 3(dummy0) entered forwarding state
[ 1246.611777][T16890] FAULT_INJECTION: forcing a failure.
[ 1246.611777][T16890] name failslab, interval 1, probability 0, space 0, times 0
[ 1246.720247][T16890] CPU: 0 UID: 0 PID: 16890 Comm: syz.0.2613 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1246.720276][T16890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1246.720287][T16890] Call Trace:
[ 1246.720293][T16890]  <TASK>
[ 1246.720300][T16890]  dump_stack_lvl+0x16c/0x1f0
[ 1246.720328][T16890]  should_fail_ex+0x512/0x640
[ 1246.720349][T16890]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1246.720370][T16890]  should_failslab+0xc2/0x120
[ 1246.720392][T16890]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1246.720409][T16890]  ? nfnl_err_add+0x4e/0x350
[ 1246.720438][T16890]  nfnl_err_add+0x4e/0x350
[ 1246.720456][T16890]  nfnetlink_rcv_batch+0xc95/0x2330
[ 1246.720487][T16890]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[ 1246.720520][T16890]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1246.720571][T16890]  ? __nla_parse+0x40/0x60
[ 1246.720598][T16890]  nfnetlink_rcv+0x3c1/0x430
[ 1246.720617][T16890]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1246.720630][T16893] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2614'.
[ 1246.720643][T16890]  netlink_unicast+0x53a/0x7f0
[ 1246.720662][T16890]  ? __pfx_netlink_unicast+0x10/0x10
[ 1246.720681][T16890]  netlink_sendmsg+0x8d1/0xdd0
[ 1246.720698][T16890]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1246.720721][T16890]  ____sys_sendmsg+0xa95/0xc70
[ 1246.720738][T16890]  ? copy_msghdr_from_user+0x10a/0x160
[ 1246.720757][T16890]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1246.720783][T16890]  ___sys_sendmsg+0x134/0x1d0
[ 1246.720805][T16890]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1246.720823][T16890]  ? __lock_acquire+0x622/0x1c90
[ 1246.720873][T16890]  __sys_sendmsg+0x16d/0x220
[ 1246.720893][T16890]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1246.720928][T16890]  do_syscall_64+0xcd/0x4c0
[ 1246.720950][T16890]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1246.720966][T16890] RIP: 0033:0x7f4efff8e929
[ 1246.720980][T16890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1246.720995][T16890] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1246.721009][T16890] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1246.721019][T16890] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[ 1246.721028][T16890] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1246.721036][T16890] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1246.721044][T16890] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1246.721064][T16890]  </TASK>
[ 1246.973156][T16893] netlink: 'syz.3.2614': attribute type 5 has an invalid length.
[ 1246.981294][T16893] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2614'.
[ 1247.072552][T16893] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0
[ 1247.081824][T16893] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[ 1247.133224][T16893] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[ 1247.163917][T16893] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[ 1247.206139][T16893] geneve2: entered promiscuous mode
[ 1247.245632][T16893] geneve2: entered allmulticast mode
[ 1247.533492][T16916] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1247.682733][T16917] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1249.800181][T16927] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2622'.
[ 1250.435508][T16938] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1251.439125][T16953] FAULT_INJECTION: forcing a failure.
[ 1251.439125][T16953] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1251.452549][T16953] CPU: 0 UID: 0 PID: 16953 Comm: syz.5.2626 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1251.452564][T16953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1251.452570][T16953] Call Trace:
[ 1251.452574][T16953]  <TASK>
[ 1251.452578][T16953]  dump_stack_lvl+0x16c/0x1f0
[ 1251.452598][T16953]  should_fail_ex+0x512/0x640
[ 1251.452614][T16953]  _copy_to_user+0x32/0xd0
[ 1251.452630][T16953]  simple_read_from_buffer+0xcb/0x170
[ 1251.452645][T16953]  proc_fail_nth_read+0x197/0x270
[ 1251.452659][T16953]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1251.452672][T16953]  ? rw_verify_area+0xcf/0x680
[ 1251.452684][T16953]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1251.452697][T16953]  vfs_read+0x1e1/0xc60
[ 1251.452711][T16953]  ? __pfx___mutex_lock+0x10/0x10
[ 1251.452727][T16953]  ? __pfx_vfs_read+0x10/0x10
[ 1251.452743][T16953]  ? __fget_files+0x20e/0x3c0
[ 1251.452762][T16953]  ksys_read+0x12a/0x250
[ 1251.452774][T16953]  ? __pfx_ksys_read+0x10/0x10
[ 1251.452790][T16953]  do_syscall_64+0xcd/0x4c0
[ 1251.452806][T16953]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1251.452817][T16953] RIP: 0033:0x7fc1d638d33c
[ 1251.452827][T16953] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1251.452837][T16953] RSP: 002b:00007fc1d71df030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1251.452847][T16953] RAX: ffffffffffffffda RBX: 00007fc1d65b5fa0 RCX: 00007fc1d638d33c
[ 1251.452853][T16953] RDX: 000000000000000f RSI: 00007fc1d71df0a0 RDI: 0000000000000007
[ 1251.452859][T16953] RBP: 00007fc1d71df090 R08: 0000000000000000 R09: 0000000000000000
[ 1251.452865][T16953] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001
[ 1251.452871][T16953] R13: 0000000000000000 R14: 00007fc1d65b5fa0 R15: 00007ffc53471108
[ 1251.452883][T16953]  </TASK>
[ 1251.846298][T16967] FAULT_INJECTION: forcing a failure.
[ 1251.846298][T16967] name failslab, interval 1, probability 0, space 0, times 0
[ 1251.878872][T16967] CPU: 0 UID: 0 PID: 16967 Comm: syz.5.2631 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1251.878899][T16967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1251.878909][T16967] Call Trace:
[ 1251.878915][T16967]  <TASK>
[ 1251.878922][T16967]  dump_stack_lvl+0x16c/0x1f0
[ 1251.878953][T16967]  should_fail_ex+0x512/0x640
[ 1251.878975][T16967]  ? __kmalloc_node_noprof+0xc5/0x500
[ 1251.879003][T16967]  should_failslab+0xc2/0x120
[ 1251.879028][T16967]  __kmalloc_node_noprof+0xd8/0x500
[ 1251.879050][T16967]  ? crypto_alg_lookup+0x113/0x1e0
[ 1251.879066][T16967]  ? crypto_alloc_tfmmem.isra.0+0x38/0x110
[ 1251.879097][T16967]  ? __pfx_crypto_alg_extsize+0x10/0x10
[ 1251.879118][T16967]  crypto_alloc_tfmmem.isra.0+0x38/0x110
[ 1251.879148][T16967]  crypto_create_tfm_node+0x85/0x350
[ 1251.879168][T16967]  crypto_alloc_tfm_node+0x102/0x260
[ 1251.879188][T16967]  sctp_inet_listen+0x873/0xaf0
[ 1251.879210][T16967]  ? __pfx_sctp_inet_listen+0x10/0x10
[ 1251.879236][T16967]  ? __fget_files+0x20e/0x3c0
[ 1251.879265][T16967]  __sys_listen_socket+0x114/0x160
[ 1251.879285][T16967]  __sys_listen+0xa7/0x130
[ 1251.879305][T16967]  __x64_sys_listen+0x53/0x80
[ 1251.879324][T16967]  do_syscall_64+0xcd/0x4c0
[ 1251.879349][T16967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1251.879373][T16967] RIP: 0033:0x7fc1d638e929
[ 1251.879387][T16967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1251.879403][T16967] RSP: 002b:00007fc1d71df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
[ 1251.879420][T16967] RAX: ffffffffffffffda RBX: 00007fc1d65b5fa0 RCX: 00007fc1d638e929
[ 1251.879431][T16967] RDX: 0000000000000000 RSI: 0000000000000050 RDI: 0000000000000005
[ 1251.879440][T16967] RBP: 00007fc1d71df090 R08: 0000000000000000 R09: 0000000000000000
[ 1251.879451][T16967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1251.879460][T16967] R13: 0000000000000000 R14: 00007fc1d65b5fa0 R15: 00007ffc53471108
[ 1251.879483][T16967]  </TASK>
[ 1251.879493][T16967] sctp: failed to load transform for md5: -12
[ 1251.942459][   T30] audit: type=1400 audit(1750737015.092:633): avc:  denied  { write } for  pid=16963 comm="syz.0.2629" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[ 1251.952378][T16958] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2628'.
[ 1252.393692][T16987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1252.410495][   T48] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[ 1252.535402][ T5928] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[ 1252.585094][   T48] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1252.585181][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.587366][   T48] usb 4-1: Product: syz
[ 1252.587438][   T48] usb 4-1: Manufacturer: syz
[ 1252.587482][   T48] usb 4-1: SerialNumber: syz
[ 1252.757838][   T48] usb 4-1: config 0 descriptor??
[ 1252.781187][   T48] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 025
[ 1252.912914][ T5928] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1252.934478][ T5928] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1252.947259][ T5928] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1252.947279][ T5928] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.947290][ T5928] usb 6-1: Product: syz
[ 1252.947298][ T5928] usb 6-1: Manufacturer: syz
[ 1252.947307][ T5928] usb 6-1: SerialNumber: syz
[ 1252.971654][ T5928] usb 6-1: selecting invalid altsetting 1
[ 1253.001387][T16990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2634'.
[ 1253.017578][T16990] IPv6: sit1: Disabled Multicast RS
[ 1253.110879][T16990] sit1: entered allmulticast mode
[ 1253.189087][ T5928] cdc_ncm 6-1:1.0: bind() failure
[ 1253.201980][   T48]  (null): failure reading functionality
[ 1253.217759][ T5928] usb 6-1: USB disconnect, device number 6
[ 1253.235814][   T48] i2c i2c-1: connected i2c-tiny-usb device
[ 1253.299336][   T30] audit: type=1400 audit(1750737016.432:634): avc:  denied  { mount } for  pid=16989 comm="syz.2.2634" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[ 1253.433169][   T48] usb 4-1: USB disconnect, device number 25
[ 1253.529494][T17001] misc userio: Begin command sent, but we're already running
[ 1253.924507][T17007] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1253.993860][   T30] audit: type=1400 audit(1750737017.142:635): avc:  denied  { connect } for  pid=16989 comm="syz.2.2634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1254.089017][T17004] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2634'.
[ 1254.304532][T17011] syz.3.2639: attempt to access beyond end of device
[ 1254.304532][T17011] nbd3: rw=0, sector=0, nr_sectors = 1 limit=0
[ 1254.440120][   T30] audit: type=1326 audit(1750737017.222:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1254.658998][   T30] audit: type=1326 audit(1750737017.222:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1254.771411][   T30] audit: type=1326 audit(1750737017.222:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1254.907376][T17022] FAULT_INJECTION: forcing a failure.
[ 1254.907376][T17022] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1254.912473][T17018] Bluetooth: MGMT ver 1.23
[ 1254.930906][   T30] audit: type=1326 audit(1750737017.222:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1254.993141][T17022] CPU: 0 UID: 0 PID: 17022 Comm: syz.3.2641 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1254.993168][T17022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1254.993178][T17022] Call Trace:
[ 1254.993185][T17022]  <TASK>
[ 1254.993193][T17022]  dump_stack_lvl+0x16c/0x1f0
[ 1254.993223][T17022]  should_fail_ex+0x512/0x640
[ 1254.993251][T17022]  _copy_from_user+0x2e/0xd0
[ 1254.993275][T17022]  copy_msghdr_from_user+0x98/0x160
[ 1254.993301][T17022]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1254.993336][T17022]  ___sys_sendmsg+0xfe/0x1d0
[ 1254.993368][T17022]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1254.993390][T17022]  ? __lock_acquire+0x622/0x1c90
[ 1254.993448][T17022]  __sys_sendmsg+0x16d/0x220
[ 1254.993472][T17022]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1254.993512][T17022]  do_syscall_64+0xcd/0x4c0
[ 1254.993538][T17022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1254.993555][T17022] RIP: 0033:0x7f8205f8e929
[ 1254.993569][T17022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1254.993586][T17022] RSP: 002b:00007f8206e28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1254.993603][T17022] RAX: ffffffffffffffda RBX: 00007f82061b5fa0 RCX: 00007f8205f8e929
[ 1254.993614][T17022] RDX: 0000000020000050 RSI: 0000200000000540 RDI: 0000000000000003
[ 1254.993625][T17022] RBP: 00007f8206e28090 R08: 0000000000000000 R09: 0000000000000000
[ 1254.993635][T17022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1254.993644][T17022] R13: 0000000000000000 R14: 00007f82061b5fa0 R15: 00007fff11432c38
[ 1254.993667][T17022]  </TASK>
[ 1255.002368][   T30] audit: type=1326 audit(1750737017.222:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1255.435452][   T30] audit: type=1326 audit(1750737017.222:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1255.546654][T17031] overlayfs: failed to resolve './file0': -2
[ 1255.558347][   T30] audit: type=1326 audit(1750737017.222:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16989 comm="syz.2.2634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f6258e929 code=0x7ffc0000
[ 1255.605697][ T5928] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[ 1255.617310][T17026] usb usb9: check_ctrlrecip: process 17026 (syz.5.2644) requesting ep 01 but needs 81
[ 1255.637771][T17026] usb usb9: usbfs: process 17026 (syz.5.2644) did not claim interface 0 before use
[ 1255.667713][T17034] warning: `syz.1.2646' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 1255.683762][T17031] capability: warning: `syz.2.2645' uses 32-bit capabilities (legacy support in use)
[ 1255.795340][ T5928] usb 4-1: Invalid ep0 maxpacket: 32
[ 1255.925291][ T5928] usb 4-1: new low-speed USB device number 27 using dummy_hcd
[ 1256.056294][T17050] FAULT_INJECTION: forcing a failure.
[ 1256.056294][T17050] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1256.072162][T17050] CPU: 1 UID: 0 PID: 17050 Comm: syz.1.2649 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1256.072188][T17050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1256.072199][T17050] Call Trace:
[ 1256.072205][T17050]  <TASK>
[ 1256.072212][T17050]  dump_stack_lvl+0x16c/0x1f0
[ 1256.072244][T17050]  should_fail_ex+0x512/0x640
[ 1256.072270][T17050]  _copy_to_user+0x32/0xd0
[ 1256.072297][T17050]  simple_read_from_buffer+0xcb/0x170
[ 1256.072322][T17050]  proc_fail_nth_read+0x197/0x270
[ 1256.072345][T17050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1256.072375][T17050]  ? rw_verify_area+0xcf/0x680
[ 1256.072394][T17050]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1256.072416][T17050]  vfs_read+0x1e1/0xc60
[ 1256.072441][T17050]  ? __pfx___mutex_lock+0x10/0x10
[ 1256.072467][T17050]  ? __pfx_vfs_read+0x10/0x10
[ 1256.072495][T17050]  ? __fget_files+0x20e/0x3c0
[ 1256.072526][T17050]  ksys_read+0x12a/0x250
[ 1256.072547][T17050]  ? __pfx_ksys_read+0x10/0x10
[ 1256.072569][T17050]  ? fdget+0x187/0x210
[ 1256.072596][T17050]  do_syscall_64+0xcd/0x4c0
[ 1256.072622][T17050]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1256.072641][T17050] RIP: 0033:0x7fcd0dd8d33c
[ 1256.072656][T17050] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1256.072673][T17050] RSP: 002b:00007fcd0bbd5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1256.072690][T17050] RAX: ffffffffffffffda RBX: 00007fcd0dfb6160 RCX: 00007fcd0dd8d33c
[ 1256.072701][T17050] RDX: 000000000000000f RSI: 00007fcd0bbd50a0 RDI: 0000000000000005
[ 1256.072711][T17050] RBP: 00007fcd0bbd5090 R08: 0000000000000000 R09: 0000000000000000
[ 1256.072720][T17050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1256.072730][T17050] R13: 0000000000000000 R14: 00007fcd0dfb6160 R15: 00007ffe3bdc6d28
[ 1256.072753][T17050]  </TASK>
[ 1256.530360][T17053] ALSA: mixer_oss: invalid OSS volume ''
[ 1256.705789][T17053] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1257.218493][ T5928] usb 4-1: Invalid ep0 maxpacket: 32
[ 1257.230754][ T5928] usb usb4-port1: attempt power cycle
[ 1257.264617][   T30] kauditd_printk_skb: 24 callbacks suppressed
[ 1257.264634][   T30] audit: type=1400 audit(1750737020.412:667): avc:  denied  { watch watch_reads } for  pid=17046 comm="syz.5.2651" path="/69/file0/file0" dev="afs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[ 1257.294018][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1257.845746][   T30] audit: type=1400 audit(1750737021.002:668): avc:  denied  { write } for  pid=17054 comm="syz.5.2652" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1257.885131][ T5928] usb 4-1: new low-speed USB device number 28 using dummy_hcd
[ 1257.963052][ T5928] usb 4-1: Invalid ep0 maxpacket: 32
[ 1258.060570][   T30] audit: type=1400 audit(1750737021.212:669): avc:  denied  { write } for  pid=17057 comm="syz.0.2653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1258.135558][ T5928] usb 4-1: new low-speed USB device number 29 using dummy_hcd
[ 1258.171751][T17061] input input10: cannot allocate more than FF_MAX_EFFECTS effects
[ 1258.173964][   T30] audit: type=1400 audit(1750737021.322:670): avc:  denied  { ioctl } for  pid=17060 comm="syz.1.2654" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5501 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1258.216117][T17063] FAULT_INJECTION: forcing a failure.
[ 1258.216117][T17063] name failslab, interval 1, probability 0, space 0, times 0
[ 1258.230719][ T5928] usb 4-1: Invalid ep0 maxpacket: 32
[ 1258.236482][ T5928] usb usb4-port1: unable to enumerate USB device
[ 1258.244531][T17063] CPU: 1 UID: 0 PID: 17063 Comm: syz.0.2655 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1258.244555][T17063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1258.244565][T17063] Call Trace:
[ 1258.244571][T17063]  <TASK>
[ 1258.244577][T17063]  dump_stack_lvl+0x16c/0x1f0
[ 1258.244623][T17063]  should_fail_ex+0x512/0x640
[ 1258.244644][T17063]  ? fs_reclaim_acquire+0xae/0x150
[ 1258.244662][T17063]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1258.244683][T17063]  should_failslab+0xc2/0x120
[ 1258.244705][T17063]  __kmalloc_noprof+0xd2/0x510
[ 1258.244731][T17063]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1258.244756][T17063]  ? tomoyo_profile+0x47/0x60
[ 1258.244783][T17063]  tomoyo_path_number_perm+0x245/0x580
[ 1258.244802][T17063]  ? tomoyo_path_number_perm+0x237/0x580
[ 1258.244823][T17063]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1258.244844][T17063]  ? find_held_lock+0x2b/0x80
[ 1258.244885][T17063]  ? find_held_lock+0x2b/0x80
[ 1258.244904][T17063]  ? hook_file_ioctl_common+0x145/0x410
[ 1258.244935][T17063]  ? __fget_files+0x20e/0x3c0
[ 1258.244962][T17063]  security_file_ioctl+0x9b/0x240
[ 1258.244986][T17063]  __x64_sys_ioctl+0xb7/0x210
[ 1258.245005][T17063]  do_syscall_64+0xcd/0x4c0
[ 1258.245031][T17063]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1258.245048][T17063] RIP: 0033:0x7f4efff8e929
[ 1258.245061][T17063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1258.245077][T17063] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1258.245093][T17063] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1258.245104][T17063] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[ 1258.245113][T17063] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1258.245123][T17063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1258.245133][T17063] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1258.245155][T17063]  </TASK>
[ 1258.454208][T17063] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1258.461043][T17063] input input11: cannot allocate more than FF_MAX_EFFECTS effects
[ 1258.619224][   T30] audit: type=1400 audit(1750737021.772:671): avc:  denied  { create } for  pid=17070 comm="syz.1.2659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1258.756750][T17075] netlink: 'syz.1.2659': attribute type 10 has an invalid length.
[ 1258.796854][ T5875] usb 1-1: new low-speed USB device number 31 using dummy_hcd
[ 1258.915416][ T5928] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[ 1258.959434][ T5875] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1258.974399][ T5875] usb 1-1: too many configurations: 174, using maximum allowed: 8
[ 1258.997836][ T5875] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1259.017295][ T5875] usb 1-1: can't read configurations, error -61
[ 1259.076957][ T5928] usb 4-1: Using ep0 maxpacket: 16
[ 1259.106859][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1259.126568][T17080] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2661'.
[ 1259.127836][ T5928] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1259.145894][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1259.154372][ T5928] usb 4-1: Product: syz
[ 1259.170985][ T5875] usb 1-1: new low-speed USB device number 32 using dummy_hcd
[ 1259.172020][ T5928] usb 4-1: Manufacturer: syz
[ 1259.227828][ T5928] usb 4-1: SerialNumber: syz
[ 1259.383403][ T5875] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1259.389206][ T5928] usb 4-1: config 0 descriptor??
[ 1259.419012][ T5875] usb 1-1: too many configurations: 174, using maximum allowed: 8
[ 1259.426224][ T5928] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1259.437771][ T5928] em28xx 4-1:0.0: DVB interface 0 found: bulk
[ 1259.465291][ T5875] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1259.488552][ T5875] usb 1-1: can't read configurations, error -61
[ 1259.496469][ T5875] usb usb1-port1: attempt power cycle
[ 1259.615423][T15175] Bluetooth: hci5: command 0x1003 tx timeout
[ 1259.621732][ T5818] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1259.760283][T17083] FAULT_INJECTION: forcing a failure.
[ 1259.760283][T17083] name failslab, interval 1, probability 0, space 0, times 0
[ 1259.773776][T17083] CPU: 0 UID: 0 PID: 17083 Comm: syz.2.2662 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1259.773799][T17083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1259.773809][T17083] Call Trace:
[ 1259.773814][T17083]  <TASK>
[ 1259.773820][T17083]  dump_stack_lvl+0x16c/0x1f0
[ 1259.773846][T17083]  should_fail_ex+0x512/0x640
[ 1259.773866][T17083]  ? fs_reclaim_acquire+0xae/0x150
[ 1259.773885][T17083]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1259.773907][T17083]  should_failslab+0xc2/0x120
[ 1259.773928][T17083]  __kmalloc_noprof+0xd2/0x510
[ 1259.773955][T17083]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1259.773977][T17083]  ? tomoyo_profile+0x47/0x60
[ 1259.774002][T17083]  tomoyo_path_number_perm+0x245/0x580
[ 1259.774020][T17083]  ? tomoyo_path_number_perm+0x237/0x580
[ 1259.774040][T17083]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1259.774061][T17083]  ? find_held_lock+0x2b/0x80
[ 1259.774109][T17083]  ? find_held_lock+0x2b/0x80
[ 1259.774128][T17083]  ? hook_file_ioctl_common+0x145/0x410
[ 1259.774161][T17083]  ? __fget_files+0x20e/0x3c0
[ 1259.774187][T17083]  security_file_ioctl+0x9b/0x240
[ 1259.774212][T17083]  __x64_sys_ioctl+0xb7/0x210
[ 1259.774234][T17083]  do_syscall_64+0xcd/0x4c0
[ 1259.774261][T17083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1259.774279][T17083] RIP: 0033:0x7f0f6258e929
[ 1259.774293][T17083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1259.774310][T17083] RSP: 002b:00007f0f6345b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1259.774331][T17083] RAX: ffffffffffffffda RBX: 00007f0f627b5fa0 RCX: 00007f0f6258e929
[ 1259.774342][T17083] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1259.774352][T17083] RBP: 00007f0f6345b090 R08: 0000000000000000 R09: 0000000000000000
[ 1259.774362][T17083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1259.774371][T17083] R13: 0000000000000000 R14: 00007f0f627b5fa0 R15: 00007ffc1b7260f8
[ 1259.774395][T17083]  </TASK>
[ 1259.774465][T17083] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1259.925418][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1260.045314][ T5875] usb 1-1: new low-speed USB device number 33 using dummy_hcd
[ 1260.062975][   T30] audit: type=1400 audit(1750737023.212:672): avc:  denied  { ioctl } for  pid=17086 comm="syz.5.2663" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1260.134647][ T5875] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1260.136492][ T5928] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1260.142360][ T5875] usb 1-1: too many configurations: 174, using maximum allowed: 8
[ 1260.172390][ T5875] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1260.185335][ T5875] usb 1-1: can't read configurations, error -61
[ 1260.210586][T17093] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[ 1260.214208][T17095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2666'.
[ 1260.345086][ T5875] usb 1-1: new low-speed USB device number 34 using dummy_hcd
[ 1260.395682][ T5875] usb 1-1: No LPM exit latency info found, disabling LPM.
[ 1260.419515][ T5875] usb 1-1: too many configurations: 174, using maximum allowed: 8
[ 1260.433372][ T5875] usb 1-1: unable to read config index 0 descriptor/start: -61
[ 1260.458268][ T5875] usb 1-1: can't read configurations, error -61
[ 1260.477478][ T5875] usb usb1-port1: unable to enumerate USB device
[ 1260.602984][T17110] FAULT_INJECTION: forcing a failure.
[ 1260.602984][T17110] name failslab, interval 1, probability 0, space 0, times 0
[ 1260.616193][T17110] CPU: 1 UID: 0 PID: 17110 Comm: syz.1.2670 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1260.616218][T17110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1260.616229][T17110] Call Trace:
[ 1260.616235][T17110]  <TASK>
[ 1260.616241][T17110]  dump_stack_lvl+0x16c/0x1f0
[ 1260.616275][T17110]  should_fail_ex+0x512/0x640
[ 1260.616297][T17110]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[ 1260.616322][T17110]  should_failslab+0xc2/0x120
[ 1260.616347][T17110]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1260.616376][T17110]  ? getname_flags.part.0+0x4c/0x550
[ 1260.616398][T17110]  getname_flags.part.0+0x4c/0x550
[ 1260.616419][T17110]  getname_flags+0x93/0xf0
[ 1260.616442][T17110]  do_sys_openat2+0xb8/0x1d0
[ 1260.616458][T17110]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1260.616476][T17110]  ? __fget_files+0x20e/0x3c0
[ 1260.616505][T17110]  __x64_sys_open+0x153/0x1e0
[ 1260.616521][T17110]  ? __pfx___x64_sys_open+0x10/0x10
[ 1260.616542][T17110]  ? rcu_is_watching+0x12/0xc0
[ 1260.616566][T17110]  do_syscall_64+0xcd/0x4c0
[ 1260.616593][T17110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1260.616609][T17110] RIP: 0033:0x7fcd0dd8e929
[ 1260.616623][T17110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1260.616639][T17110] RSP: 002b:00007fcd0eb19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1260.616656][T17110] RAX: ffffffffffffffda RBX: 00007fcd0dfb5fa0 RCX: 00007fcd0dd8e929
[ 1260.616667][T17110] RDX: 0000000000000000 RSI: 0000000000066842 RDI: 00002000000005c0
[ 1260.616677][T17110] RBP: 00007fcd0eb19090 R08: 0000000000000000 R09: 0000000000000000
[ 1260.616686][T17110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1260.616696][T17110] R13: 0000000000000000 R14: 00007fcd0dfb5fa0 R15: 00007ffe3bdc6d28
[ 1260.616719][T17110]  </TASK>
[ 1260.852632][ T5818] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11
[ 1260.861906][T17114] FAULT_INJECTION: forcing a failure.
[ 1260.861906][T17114] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1260.894267][T17114] CPU: 1 UID: 0 PID: 17114 Comm: syz.2.2671 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1260.894294][T17114] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1260.894305][T17114] Call Trace:
[ 1260.894312][T17114]  <TASK>
[ 1260.894318][T17114]  dump_stack_lvl+0x16c/0x1f0
[ 1260.894348][T17114]  should_fail_ex+0x512/0x640
[ 1260.894376][T17114]  _copy_to_user+0x32/0xd0
[ 1260.894402][T17114]  simple_read_from_buffer+0xcb/0x170
[ 1260.894427][T17114]  proc_fail_nth_read+0x197/0x270
[ 1260.894449][T17114]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1260.894472][T17114]  ? rw_verify_area+0xcf/0x680
[ 1260.894490][T17114]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1260.894512][T17114]  vfs_read+0x1e1/0xc60
[ 1260.894537][T17114]  ? __pfx___mutex_lock+0x10/0x10
[ 1260.894562][T17114]  ? __pfx_vfs_read+0x10/0x10
[ 1260.894601][T17114]  ? __fget_files+0x20e/0x3c0
[ 1260.894633][T17114]  ksys_read+0x12a/0x250
[ 1260.894654][T17114]  ? __pfx_ksys_read+0x10/0x10
[ 1260.894682][T17114]  do_syscall_64+0xcd/0x4c0
[ 1260.894707][T17114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1260.894726][T17114] RIP: 0033:0x7f0f6258d33c
[ 1260.894740][T17114] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1260.894758][T17114] RSP: 002b:00007f0f6345b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1260.894775][T17114] RAX: ffffffffffffffda RBX: 00007f0f627b5fa0 RCX: 00007f0f6258d33c
[ 1260.894787][T17114] RDX: 000000000000000f RSI: 00007f0f6345b0a0 RDI: 0000000000000005
[ 1260.894796][T17114] RBP: 00007f0f6345b090 R08: 0000000000000000 R09: 0000000000000000
[ 1260.894806][T17114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1260.894816][T17114] R13: 0000000000000000 R14: 00007f0f627b5fa0 R15: 00007ffc1b7260f8
[ 1260.894840][T17114]  </TASK>
[ 1261.105475][ T5928] em28xx 4-1:0.0: write to i2c device at 0xa0 failed with unknown error (status=1)
[ 1261.116550][ T5928] em28xx 4-1:0.0: failed to read eeprom (err=-5)
[ 1261.123286][ T5928] em28xx 4-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[ 1261.270386][ T5868] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1261.505350][ T5868] usb 6-1: Using ep0 maxpacket: 8
[ 1261.512081][ T5868] usb 6-1: config 5 has an invalid interface number: 153 but max is 0
[ 1261.522431][ T5868] usb 6-1: config 5 has no interface number 0
[ 1261.647602][ T5868] usb 6-1: config 5 interface 153 has no altsetting 0
[ 1261.674867][ T5868] usb 6-1: New USB device found, idVendor=12d1, idProduct=763a, bcdDevice=4a.a8
[ 1261.757761][T17123] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1262.084420][ T5868] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1262.092565][ T5868] usb 6-1: Product: syz
[ 1262.096776][ T5868] usb 6-1: Manufacturer: syz
[ 1262.101386][ T5868] usb 6-1: SerialNumber: syz
[ 1262.230089][T17131] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2675'.
[ 1262.245896][ T5928] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1262.303912][ T5928] em28xx 4-1:0.0: dvb set to bulk mode.
[ 1262.473328][T15725] em28xx 4-1:0.0: Binding DVB extension
[ 1262.607116][ T5928] usb 4-1: USB disconnect, device number 30
[ 1262.619114][ T5868] huawei_cdc_ncm 6-1:5.153: CDC Union missing and no IAD found
[ 1262.628221][ T5928] em28xx 4-1:0.0: Disconnecting em28xx
[ 1262.650481][ T5868] huawei_cdc_ncm 6-1:5.153: bind() failure
[ 1262.710853][ T5868] usb 6-1: USB disconnect, device number 7
[ 1262.801029][T17140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2678'.
[ 1263.062552][T15725] em28xx 4-1:0.0: Registering input extension
[ 1263.079315][ T5928] em28xx 4-1:0.0: Closing input extension
[ 1263.122005][ T9627] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 1263.273239][ T5928] em28xx 4-1:0.0: Freeing device
[ 1263.289959][ T9627] usb 3-1: Using ep0 maxpacket: 8
[ 1263.301097][ T9627] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1263.312359][ T9627] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1263.319682][T17149] syz_tun: left allmulticast mode
[ 1263.323681][ T9627] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10
[ 1263.327566][T17149] syz_tun: left promiscuous mode
[ 1263.337788][ T5875] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[ 1263.344212][T17149] bridge0: port 3(syz_tun) entered disabled state
[ 1263.646655][T17149] bridge_slave_0: left allmulticast mode
[ 1263.674201][T17149] bridge_slave_0: left promiscuous mode
[ 1263.772063][ T9627] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024
[ 1263.789913][T17149] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1263.861421][ T9627] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1263.870773][ T9627] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1263.886095][ T9627] hub 3-1:1.0: bad descriptor, ignoring hub
[ 1263.892050][ T9627] hub 3-1:1.0: probe with driver hub failed with error -5
[ 1263.899702][ T9627] cdc_wdm 3-1:1.0: skipping garbage
[ 1263.904921][ T9627] cdc_wdm 3-1:1.0: skipping garbage
[ 1263.922774][ T9627] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[ 1263.937448][ T9627] cdc_wdm 3-1:1.0: Unknown control protocol
[ 1263.981086][   T30] audit: type=1400 audit(1750737027.132:673): avc:  denied  { write } for  pid=17153 comm="syz.0.2684" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1264.037411][ T5875] usb 2-1: Using ep0 maxpacket: 8
[ 1264.056204][ T5875] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[ 1264.064686][ T5875] usb 2-1: config 0 has an invalid interface number: 21 but max is 0
[ 1264.098668][ T5875] usb 2-1: config 0 has no interface number 0
[ 1264.127831][ T5875] usb 2-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1264.152695][ T5875] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1264.166959][ T5875] usb 2-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1264.186017][   T30] audit: type=1400 audit(1750737027.232:674): avc:  denied  { write } for  pid=17151 comm="syz.5.2683" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1264.236037][   T30] audit: type=1400 audit(1750737027.242:675): avc:  denied  { read write } for  pid=17135 comm="syz.2.2677" name="cdc-wdm0" dev="devtmpfs" ino=3199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[ 1264.261696][T17149] bridge_slave_1: left allmulticast mode
[ 1264.268457][ T5875] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[ 1264.281450][T17149] bridge_slave_1: left promiscuous mode
[ 1264.282796][ T5875] usb 2-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[ 1264.291292][T17149] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1264.306119][   T30] audit: type=1400 audit(1750737027.242:676): avc:  denied  { open } for  pid=17135 comm="syz.2.2677" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3199 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[ 1264.331439][ T5875] usb 2-1: Product: syz
[ 1264.335492][T17149] bond0: (slave bond_slave_0): Releasing backup interface
[ 1264.335902][ T5875] usb 2-1: Manufacturer: syz
[ 1264.351354][T17149] bond0: (slave bond_slave_1): Releasing backup interface
[ 1264.353531][ T5875] usb 2-1: config 0 descriptor??
[ 1264.368032][T17142] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[ 1264.389000][T17149] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1264.397081][T17149] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1264.405777][T17165] FAULT_INJECTION: forcing a failure.
[ 1264.405777][T17165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1264.418801][T17149] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1264.419465][T17165] CPU: 0 UID: 0 PID: 17165 Comm: syz.0.2686 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1264.419487][T17165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1264.419495][T17165] Call Trace:
[ 1264.419501][T17165]  <TASK>
[ 1264.419507][T17165]  dump_stack_lvl+0x16c/0x1f0
[ 1264.419536][T17165]  should_fail_ex+0x512/0x640
[ 1264.419560][T17165]  _copy_from_user+0x2e/0xd0
[ 1264.419581][T17165]  __sys_bpf+0x21d/0x4d80
[ 1264.419612][T17165]  ? __pfx___sys_bpf+0x10/0x10
[ 1264.419632][T17165]  ? ksys_write+0x190/0x250
[ 1264.419654][T17165]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1264.419689][T17165]  ? fput+0x70/0xf0
[ 1264.419710][T17165]  ? ksys_write+0x1ac/0x250
[ 1264.419727][T17165]  ? __pfx_ksys_write+0x10/0x10
[ 1264.419749][T17165]  __x64_sys_bpf+0x78/0xc0
[ 1264.419768][T17165]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1264.419788][T17165]  do_syscall_64+0xcd/0x4c0
[ 1264.419810][T17165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1264.419826][T17165] RIP: 0033:0x7f4efff8e929
[ 1264.419838][T17165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1264.419852][T17165] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1264.419867][T17165] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1264.419876][T17165] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[ 1264.419885][T17165] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1264.419894][T17165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1264.419902][T17165] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1264.419922][T17165]  </TASK>
[ 1264.556898][ T5896] usb 3-1: USB disconnect, device number 33
[ 1264.561360][T17149] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1264.623081][T17149] bond0: (slave wlan1): Releasing backup interface
[ 1264.706049][T17169] netlink: 288 bytes leftover after parsing attributes in process `syz.3.2688'.
[ 1264.900820][T17172] ALSA: mixer_oss: invalid OSS volume ''
[ 1264.922984][T17172] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1265.275146][T17175] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2689'.
[ 1265.275392][T17142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1265.313659][T17142] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1265.365488][ T5928] usb 4-1: new low-speed USB device number 31 using dummy_hcd
[ 1265.716021][ T5928] usb 4-1: config index 0 descriptor too short (expected 1307, got 27)
[ 1265.739369][ T5875] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.21/input/input13
[ 1265.739614][ T5928] usb 4-1: config 0 has an invalid interface number: 0 but max is -1
[ 1265.845741][T17183] FAULT_INJECTION: forcing a failure.
[ 1265.845741][T17183] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1265.859647][T17183] CPU: 0 UID: 0 PID: 17183 Comm: syz.0.2691 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1265.859671][T17183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1265.859681][T17183] Call Trace:
[ 1265.859687][T17183]  <TASK>
[ 1265.859694][T17183]  dump_stack_lvl+0x16c/0x1f0
[ 1265.859723][T17183]  should_fail_ex+0x512/0x640
[ 1265.859750][T17183]  _copy_to_user+0x32/0xd0
[ 1265.859776][T17183]  put_itimerspec64+0xbd/0x1d0
[ 1265.859802][T17183]  ? __pfx_put_itimerspec64+0x10/0x10
[ 1265.859828][T17183]  ? do_timerfd_gettime+0x293/0x5e0
[ 1265.859859][T17183]  __x64_sys_timerfd_gettime+0x13f/0x170
[ 1265.859887][T17183]  ? __pfx___x64_sys_timerfd_gettime+0x10/0x10
[ 1265.859914][T17183]  ? ksys_write+0x1ac/0x250
[ 1265.859943][T17183]  do_syscall_64+0xcd/0x4c0
[ 1265.859970][T17183]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1265.859987][T17183] RIP: 0033:0x7f4efff8e929
[ 1265.860002][T17183] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1265.860019][T17183] RSP: 002b:00007f4f00df8038 EFLAGS: 00000246 ORIG_RAX: 000000000000011f
[ 1265.860036][T17183] RAX: ffffffffffffffda RBX: 00007f4f001b6080 RCX: 00007f4efff8e929
[ 1265.860047][T17183] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[ 1265.860057][T17183] RBP: 00007f4f00df8090 R08: 0000000000000000 R09: 0000000000000000
[ 1265.860067][T17183] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1265.860077][T17183] R13: 0000000000000000 R14: 00007f4f001b6080 R15: 00007ffd8b556ce8
[ 1265.860100][T17183]  </TASK>
[ 1266.629255][ T5928] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0
[ 1266.639173][ T5928] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30
[ 1266.651951][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[ 1266.663884][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 1266.675772][ T5928] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[ 1266.687656][ T5928] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246
[ 1266.708086][ T5928] usb 4-1: string descriptor 0 read error: -22
[ 1266.714416][ T5928] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[ 1266.726475][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1266.746110][ T5928] usb 4-1: config 0 descriptor??
[ 1266.754462][ T5928] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1266.774517][   T48] usb 2-1: USB disconnect, device number 32
[ 1266.774651][    C0] keyspan_remote 2-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[ 1266.799006][ T5928] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1266.827343][ T5928] input: USB Acecad 302 Tablet 0460:0008 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input14
[ 1267.342643][T17169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1267.366337][T17169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1267.411366][T17169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1267.496889][T17169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1267.542914][   T30] audit: type=1400 audit(1750737030.692:677): avc:  denied  { kexec_image_load } for  pid=17204 comm="syz.1.2697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1267.871042][   T30] audit: type=1400 audit(1750737031.022:678): avc:  denied  { append } for  pid=17168 comm="syz.3.2688" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1267.900939][   T30] audit: type=1400 audit(1750737031.022:679): avc:  denied  { ioctl } for  pid=17168 comm="syz.3.2688" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1268.525508][ T5928] usb 4-1: USB disconnect, device number 31
[ 1269.174033][T17233] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1269.180588][T17233] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1269.189688][T17231] FAULT_INJECTION: forcing a failure.
[ 1269.189688][T17231] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1269.202773][T17231] CPU: 0 UID: 0 PID: 17231 Comm: syz.0.2704 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1269.202788][T17231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1269.202795][T17231] Call Trace:
[ 1269.202798][T17231]  <TASK>
[ 1269.202802][T17231]  dump_stack_lvl+0x16c/0x1f0
[ 1269.202826][T17231]  should_fail_ex+0x512/0x640
[ 1269.202842][T17231]  _copy_from_user+0x2e/0xd0
[ 1269.202857][T17231]  __sys_bpf+0x21d/0x4d80
[ 1269.202874][T17231]  ? __pfx___sys_bpf+0x10/0x10
[ 1269.202889][T17231]  ? ksys_write+0x190/0x250
[ 1269.202905][T17231]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1269.202929][T17231]  ? fput+0x70/0xf0
[ 1269.202944][T17231]  ? ksys_write+0x1ac/0x250
[ 1269.202956][T17231]  ? __pfx_ksys_write+0x10/0x10
[ 1269.202971][T17231]  __x64_sys_bpf+0x78/0xc0
[ 1269.202985][T17231]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1269.202999][T17231]  do_syscall_64+0xcd/0x4c0
[ 1269.203015][T17231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1269.203026][T17231] RIP: 0033:0x7f4efff8e929
[ 1269.203035][T17231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1269.203046][T17231] RSP: 002b:00007f4f00df8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1269.203056][T17231] RAX: ffffffffffffffda RBX: 00007f4f001b6080 RCX: 00007f4efff8e929
[ 1269.203062][T17231] RDX: 0000000000000070 RSI: 0000200000000440 RDI: 0000000000000005
[ 1269.203068][T17231] RBP: 00007f4f00df8090 R08: 0000000000000000 R09: 0000000000000000
[ 1269.203074][T17231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1269.203080][T17231] R13: 0000000000000000 R14: 00007f4f001b6080 R15: 00007ffd8b556ce8
[ 1269.203093][T17231]  </TASK>
[ 1269.378658][T17233] vhci_hcd vhci_hcd.0: Device attached
[ 1269.421543][T17234] vhci_hcd: connection closed
[ 1269.421820][ T6142] vhci_hcd: stop threads
[ 1269.430897][ T5875] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[ 1269.441912][ T6142] vhci_hcd: release socket
[ 1269.449291][ T6142] vhci_hcd: disconnect device
[ 1269.585323][ T5875] usb 3-1: Using ep0 maxpacket: 16
[ 1269.592614][ T5875] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1269.610005][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1269.621672][ T5875] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1269.632016][ T5875] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1269.642296][ T5875] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1269.660275][ T5875] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1269.670105][ T5875] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1269.678592][ T5875] usb 3-1: Manufacturer: syz
[ 1269.683754][   T30] audit: type=1400 audit(1750737032.832:680): avc:  denied  { getopt } for  pid=17240 comm="syz.3.2707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1269.710698][ T5875] usb 3-1: config 0 descriptor??
[ 1270.067598][T17249] input: syz0 as /devices/virtual/input/input15
[ 1270.101494][T15725] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[ 1271.815426][T15725] usb 2-1: Using ep0 maxpacket: 16
[ 1271.925481][T15725] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 1271.934252][T15725] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1271.973331][T15725] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1272.035026][T15725] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1272.048432][T15725] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1272.057510][T15725] usb 2-1: Product: syz
[ 1272.061709][T15725] usb 2-1: Manufacturer: syz
[ 1272.069054][T15725] usb 2-1: SerialNumber: syz
[ 1272.096476][   T30] audit: type=1400 audit(1750737291.238:681): avc:  denied  { module_request } for  pid=17253 comm="syz.3.2710" kmod="net-pf-10-proto-0-type-4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1272.162887][ T5875] rc_core: IR keymap rc-hauppauge not found
[ 1272.169861][ T5875] Registered IR keymap rc-empty
[ 1272.175066][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.216127][ T5928] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[ 1272.218112][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.387741][ T5928] usb 6-1: Using ep0 maxpacket: 32
[ 1272.520589][ T5875] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[ 1272.552607][T15725] usb 2-1: 0:2 : does not exist
[ 1272.553641][ T5875] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input16
[ 1272.559171][ T5928] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1272.600527][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.675448][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.695088][ T5928] usb 6-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1272.713228][ T5928] usb 6-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[ 1272.715428][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.735832][ T5928] usb 6-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1272.746865][ T5928] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1272.757238][ T5928] usb 6-1: Product: syz
[ 1272.761590][ T5928] usb 6-1: Manufacturer: syz
[ 1272.768365][ T5928] usb 6-1: SerialNumber: syz
[ 1272.775474][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.808401][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.835368][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.855331][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.877235][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.898051][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.925755][ T5875] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[ 1272.950693][ T5875] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[ 1272.960986][ T5875] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1272.974714][ T5875] usb 3-1: USB disconnect, device number 34
[ 1273.159393][T17245] netlink: 'syz.1.2708': attribute type 10 has an invalid length.
[ 1273.170927][T17245] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1273.297478][T17245] bridge_slave_1: left allmulticast mode
[ 1273.303167][T17245] bridge_slave_1: left promiscuous mode
[ 1273.315324][ T5875] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[ 1273.743766][T17245] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1273.929321][T17245] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[ 1274.010343][T17285] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1274.065386][ T5875] usb 3-1: Using ep0 maxpacket: 32
[ 1274.563002][ T5875] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1274.574352][ T5875] usb 3-1: config 7 has an invalid interface number: 187 but max is 0
[ 1274.583029][ T5875] usb 3-1: config 7 has no interface number 0
[ 1274.679153][ T5875] usb 3-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[ 1274.704174][T15725] usb 2-1: USB disconnect, device number 33
[ 1274.799413][T17289] FAULT_INJECTION: forcing a failure.
[ 1274.799413][T17289] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1274.817672][T16537] udevd[16537]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1274.833599][ T5875] usb 3-1: config 7 interface 187 has no altsetting 0
[ 1274.838156][T17289] CPU: 1 UID: 0 PID: 17289 Comm: syz.0.2721 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1274.838181][T17289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1274.838190][T17289] Call Trace:
[ 1274.838213][T17289]  <TASK>
[ 1274.838219][T17289]  dump_stack_lvl+0x16c/0x1f0
[ 1274.838245][T17289]  should_fail_ex+0x512/0x640
[ 1274.838268][T17289]  _copy_from_user+0x2e/0xd0
[ 1274.838290][T17289]  copy_msghdr_from_user+0x98/0x160
[ 1274.838312][T17289]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1274.838336][T17289]  ? __pfx__kstrtoull+0x10/0x10
[ 1274.838355][T17289]  ___sys_sendmsg+0xfe/0x1d0
[ 1274.838376][T17289]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1274.838406][T17289]  ? find_held_lock+0x2b/0x80
[ 1274.838438][T17289]  __sys_sendmmsg+0x200/0x420
[ 1274.838464][T17289]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1274.838491][T17289]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1274.838522][T17289]  ? fput+0x70/0xf0
[ 1274.838544][T17289]  ? ksys_write+0x1ac/0x250
[ 1274.838562][T17289]  ? __pfx_ksys_write+0x10/0x10
[ 1274.838583][T17289]  __x64_sys_sendmmsg+0x9c/0x100
[ 1274.838603][T17289]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1274.838623][T17289]  do_syscall_64+0xcd/0x4c0
[ 1274.838645][T17289]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1274.838660][T17289] RIP: 0033:0x7f4efff8e929
[ 1274.838673][T17289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1274.838687][T17289] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1274.838701][T17289] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1274.838711][T17289] RDX: 00000000000004ff RSI: 00002000000092c0 RDI: 0000000000000003
[ 1274.838720][T17289] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1274.838729][T17289] R10: 000000007ffffff7 R11: 0000000000000246 R12: 0000000000000001
[ 1274.838737][T17289] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1274.838757][T17289]  </TASK>
[ 1275.169441][ T5875] usb 3-1: string descriptor 0 read error: -71
[ 1275.195458][ T5875] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1275.196842][   T48] usb 6-1: USB disconnect, device number 8
[ 1275.657065][T17300] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1275.669703][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1275.731982][ T5875] usb 3-1: can't set config #7, error -71
[ 1275.756659][T17300] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2722'.
[ 1275.782904][ T5875] usb 3-1: USB disconnect, device number 35
[ 1275.856698][T17300] exFAT-fs (nullb0): mounting with "discard" option, but the device does not support discard
[ 1275.867634][   T30] audit: type=1400 audit(1750737294.998:682): avc:  denied  { read } for  pid=17295 comm="syz.1.2722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1275.905183][T17300] exFAT-fs (nullb0): invalid boot record signature
[ 1275.912028][T17300] exFAT-fs (nullb0): failed to read boot sector
[ 1275.921456][T17300] exFAT-fs (nullb0): failed to recognize exfat type
[ 1275.936575][   T30] audit: type=1400 audit(1750737295.048:683): avc:  denied  { ioctl } for  pid=17295 comm="syz.1.2722" path="socket:[45581]" dev="sockfs" ino=45581 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1276.065898][T17316] FAULT_INJECTION: forcing a failure.
[ 1276.065898][T17316] name failslab, interval 1, probability 0, space 0, times 0
[ 1276.087555][T17316] CPU: 1 UID: 0 PID: 17316 Comm: syz.0.2730 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1276.087585][T17316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1276.087596][T17316] Call Trace:
[ 1276.087602][T17316]  <TASK>
[ 1276.087609][T17316]  dump_stack_lvl+0x16c/0x1f0
[ 1276.087639][T17316]  should_fail_ex+0x512/0x640
[ 1276.087662][T17316]  ? __kmalloc_cache_noprof+0x57/0x3e0
[ 1276.087685][T17316]  should_failslab+0xc2/0x120
[ 1276.087710][T17316]  __kmalloc_cache_noprof+0x6a/0x3e0
[ 1276.087728][T17316]  ? arch_syscall_is_vdso_sigreturn+0xb6/0x230
[ 1276.087751][T17316]  ? do_epoll_create+0x62/0x470
[ 1276.087776][T17316]  do_epoll_create+0x62/0x470
[ 1276.087799][T17316]  __x64_sys_epoll_create1+0x30/0x40
[ 1276.087820][T17316]  do_syscall_64+0xcd/0x4c0
[ 1276.087846][T17316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.087864][T17316] RIP: 0033:0x7f4efff8e929
[ 1276.087879][T17316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.087895][T17316] RSP: 002b:00007f4f00e19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000123
[ 1276.087913][T17316] RAX: ffffffffffffffda RBX: 00007f4f001b5fa0 RCX: 00007f4efff8e929
[ 1276.087924][T17316] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1276.087934][T17316] RBP: 00007f4f00e19090 R08: 0000000000000000 R09: 0000000000000000
[ 1276.087943][T17316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1276.087953][T17316] R13: 0000000000000000 R14: 00007f4f001b5fa0 R15: 00007ffd8b556ce8
[ 1276.087976][T17316]  </TASK>
[ 1276.254589][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1276.512318][T17324] FAULT_INJECTION: forcing a failure.
[ 1276.512318][T17324] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1276.537050][   T48] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[ 1276.549643][T17324] CPU: 1 UID: 0 PID: 17324 Comm: syz.0.2733 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1276.549670][T17324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1276.549681][T17324] Call Trace:
[ 1276.549687][T17324]  <TASK>
[ 1276.549694][T17324]  dump_stack_lvl+0x16c/0x1f0
[ 1276.549725][T17324]  should_fail_ex+0x512/0x640
[ 1276.549751][T17324]  _copy_from_user+0x2e/0xd0
[ 1276.549777][T17324]  __x64_sys_timer_create+0x10d/0x1d0
[ 1276.549795][T17324]  ? __pfx___x64_sys_timer_create+0x10/0x10
[ 1276.549810][T17324]  ? fput+0x70/0xf0
[ 1276.549851][T17324]  do_syscall_64+0xcd/0x4c0
[ 1276.549878][T17324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.549896][T17324] RIP: 0033:0x7f4efff8e929
[ 1276.549911][T17324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.549928][T17324] RSP: 002b:00007f4f00df8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000de
[ 1276.549945][T17324] RAX: ffffffffffffffda RBX: 00007f4f001b6080 RCX: 00007f4efff8e929
[ 1276.549956][T17324] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000003
[ 1276.549967][T17324] RBP: 00007f4f00df8090 R08: 0000000000000000 R09: 0000000000000000
[ 1276.549977][T17324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1276.549987][T17324] R13: 0000000000000000 R14: 00007f4f001b6080 R15: 00007ffd8b556ce8
[ 1276.550010][T17324]  </TASK>
[ 1276.697862][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1276.785430][   T48] usb 4-1: Using ep0 maxpacket: 32
[ 1276.798306][   T48] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[ 1276.806772][   T48] usb 4-1: config 0 has no interface number 0
[ 1276.813206][   T48] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1276.823815][   T48] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[ 1276.834008][   T48] usb 4-1: config 0 interface 126 has no altsetting 0
[ 1277.033959][   T48] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[ 1277.057557][   T48] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1277.079449][   T48] usb 4-1: Product: syz
[ 1277.117800][   T48] usb 4-1: Manufacturer: syz
[ 1277.139462][   T48] usb 4-1: SerialNumber: syz
[ 1277.192028][   T48] usb 4-1: config 0 descriptor??
[ 1277.223453][   T30] audit: type=1400 audit(1750737296.358:684): avc:  denied  { create } for  pid=17329 comm="syz.5.2735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1277.243819][T17318] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1277.253102][T17318] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1277.260633][   T30] audit: type=1400 audit(1750737296.368:685): avc:  denied  { bind } for  pid=17329 comm="syz.5.2735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1277.280195][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1277.301808][T17334] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1277.316587][T17334] bond0: (slave rose0): Enslaving as an active interface with an up link
[ 1277.335355][   T30] audit: type=1400 audit(1750737296.368:686): avc:  denied  { connect } for  pid=17329 comm="syz.5.2735" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1277.430839][   T30] audit: type=1400 audit(1750737296.448:687): avc:  denied  { ioctl } for  pid=17329 comm="syz.5.2735" path="socket:[44933]" dev="sockfs" ino=44933 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1277.464294][T17318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1277.477839][ T5868] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[ 1277.485937][T17318] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1277.569278][ T5896] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[ 1277.809725][   T30] audit: type=1400 audit(1750737296.808:688): avc:  denied  { write } for  pid=17342 comm="syz.5.2738" lport=50886 faddr=fc02:: scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1277.875329][T17347] block nbd0: server does not support multiple connections per device.
[ 1277.894660][T17347] block nbd0: shutting down sockets
[ 1277.910529][ T5868] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[ 1277.921389][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1277.942517][ T5868] usb 2-1: config 0 descriptor??
[ 1277.952092][ T5868] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[ 1278.039037][ T5896] usb 1-1: Using ep0 maxpacket: 32
[ 1278.048617][ T5896] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1278.060270][ T5896] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[ 1278.071295][ T5896] usb 1-1: config 7 has 0 interfaces, different from the descriptor's value: 1
[ 1278.092394][ T5896] usb 1-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1278.103825][ T5896] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1278.112475][ T5896] usb 1-1: Product: syz
[ 1278.119158][ T5896] usb 1-1: Manufacturer: syz
[ 1278.132910][ T5896] usb 1-1: SerialNumber: syz
[ 1278.137745][ T5875] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[ 1278.190052][ T5868] gp8psk: usb in 128 operation failed.
[ 1278.222120][ T5868] gp8psk: usb in 137 operation failed.
[ 1278.245052][ T5868] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1278.352440][ T5868] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[ 1278.361290][ T5875] usb 3-1: Using ep0 maxpacket: 32
[ 1278.380185][ T5875] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1278.397043][ T5868] usb 2-1: media controller created
[ 1278.579269][   T30] audit: type=1400 audit(1750737297.728:689): avc:  denied  { watch } for  pid=17328 comm="syz.1.2734" path="/543/net_prio.prioidx" dev="tmpfs" ino=2911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1279.107880][ T5875] usb 3-1: config 7 has an invalid interface number: 187 but max is 0
[ 1279.132786][ T5875] usb 3-1: config 7 has no interface number 0
[ 1279.154510][ T5875] usb 3-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[ 1279.176829][ T5868] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1279.193225][   T30] audit: type=1400 audit(1750737297.728:690): avc:  denied  { watch_sb watch_reads } for  pid=17328 comm="syz.1.2734" path="/543/net_prio.prioidx" dev="tmpfs" ino=2911 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1279.222548][ T5875] usb 3-1: config 7 interface 187 has no altsetting 0
[ 1279.253444][   T48] ir_usb 4-1:0.126: IR Dongle converter detected
[ 1279.276372][ T5868] gp8psk_fe: Frontend attached
[ 1279.281702][ T5868] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[ 1279.291964][ T5875] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1279.306303][   T48] usb 4-1: IRDA class descriptor not found, device not bound
[ 1279.306720][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1279.342749][ T5868] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[ 1279.352653][ T5875] usb 3-1: Product: syz
[ 1279.360155][ T5875] usb 3-1: Manufacturer: syz
[ 1279.371662][   T48] usb 4-1: USB disconnect, device number 32
[ 1279.390595][ T5875] usb 3-1: SerialNumber: syz
[ 1279.401190][T17373] netlink: 'syz.3.2740': attribute type 29 has an invalid length.
[ 1279.429047][T17344] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[ 1279.645351][ T5875] usb 3-1: Limiting number of CPorts to U8_MAX
[ 1279.652234][ T5875] usb 3-1: Unknown endpoint type found, address 0x07
[ 1279.700598][ T5868] gp8psk: usb in 138 operation failed.
[ 1279.724614][ T5868] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[ 1279.778619][ T5875] usb 3-1: Not enough endpoints found in device, aborting!
[ 1279.824921][ T5868] gp8psk: found Genpix USB device pID = 203 (hex)
[ 1279.882422][ T5868] usb 2-1: USB disconnect, device number 34
[ 1280.163371][ T5868] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[ 1280.275623][ T5875] usb 1-1: USB disconnect, device number 35
[ 1280.568906][T17395] FAULT_INJECTION: forcing a failure.
[ 1280.568906][T17395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1280.582779][T17395] CPU: 1 UID: 0 PID: 17395 Comm: syz.0.2744 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1280.582793][T17395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1280.582800][T17395] Call Trace:
[ 1280.582803][T17395]  <TASK>
[ 1280.582807][T17395]  dump_stack_lvl+0x16c/0x1f0
[ 1280.582827][T17395]  should_fail_ex+0x512/0x640
[ 1280.582843][T17395]  _copy_from_user+0x2e/0xd0
[ 1280.582858][T17395]  copy_msghdr_from_user+0x98/0x160
[ 1280.582874][T17395]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1280.582895][T17395]  ___sys_sendmsg+0xfe/0x1d0
[ 1280.582909][T17395]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1280.582922][T17395]  ? __lock_acquire+0x622/0x1c90
[ 1280.582953][T17395]  __sys_sendmsg+0x16d/0x220
[ 1280.582967][T17395]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1280.582989][T17395]  do_syscall_64+0xcd/0x4c0
[ 1280.583006][T17395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1280.583017][T17395] RIP: 0033:0x7f4efff8e929
[ 1280.583026][T17395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1280.583036][T17395] RSP: 002b:00007f4f00df8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1280.583046][T17395] RAX: ffffffffffffffda RBX: 00007f4f001b6080 RCX: 00007f4efff8e929
[ 1280.583052][T17395] RDX: 0000000020000000 RSI: 0000200000000040 RDI: 0000000000000006
[ 1280.583058][T17395] RBP: 00007f4f00df8090 R08: 0000000000000000 R09: 0000000000000000
[ 1280.583064][T17395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1280.583069][T17395] R13: 0000000000000000 R14: 00007f4f001b6080 R15: 00007ffd8b556ce8
[ 1280.583082][T17395]  </TASK>
[ 1280.876070][ T5963] usb 3-1: USB disconnect, device number 36
[ 1281.419039][T17412] FAULT_INJECTION: forcing a failure.
[ 1281.419039][T17412] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1281.464747][T17412] CPU: 1 UID: 0 PID: 17412 Comm: syz.2.2748 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1281.464776][T17412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1281.464787][T17412] Call Trace:
[ 1281.464793][T17412]  <TASK>
[ 1281.464800][T17412]  dump_stack_lvl+0x16c/0x1f0
[ 1281.464831][T17412]  should_fail_ex+0x512/0x640
[ 1281.464858][T17412]  _copy_from_user+0x2e/0xd0
[ 1281.464884][T17412]  do_sock_getsockopt+0x5f4/0x800
[ 1281.464904][T17412]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1281.464920][T17412]  ? __fget_files+0x204/0x3c0
[ 1281.464955][T17412]  __sys_getsockopt+0x12f/0x260
[ 1281.464983][T17412]  __x64_sys_getsockopt+0xbd/0x160
[ 1281.465005][T17412]  ? do_syscall_64+0x91/0x4c0
[ 1281.465029][T17412]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1281.465053][T17412]  do_syscall_64+0xcd/0x4c0
[ 1281.465080][T17412]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1281.465098][T17412] RIP: 0033:0x7f0f6258e929
[ 1281.465113][T17412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1281.465129][T17412] RSP: 002b:00007f0f6345b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1281.465147][T17412] RAX: ffffffffffffffda RBX: 00007f0f627b5fa0 RCX: 00007f0f6258e929
[ 1281.465158][T17412] RDX: 0000000000000012 RSI: 0000000000000084 RDI: 0000000000000003
[ 1281.465168][T17412] RBP: 00007f0f6345b090 R08: 0000200000000480 R09: 0000000000000000
[ 1281.465177][T17412] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[ 1281.465187][T17412] R13: 0000000000000000 R14: 00007f0f627b5fa0 R15: 00007ffc1b7260f8
[ 1281.465218][T17412]  </TASK>
[ 1282.027291][T17416] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[ 1282.033850][T17416] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1282.156017][T17416] vhci_hcd vhci_hcd.0: Device attached
[ 1282.404730][T17428] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2751'.
[ 1282.545669][ T5963] usb 43-1: new high-speed USB device number 2 using vhci_hcd
[ 1282.625415][ T5868] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1283.666460][   T48] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[ 1283.779347][ T5868] usb 6-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[ 1283.795822][ T5868] usb 6-1: New USB device strings: Mfr=14, Product=0, SerialNumber=0
[ 1283.803938][ T5868] usb 6-1: Manufacturer: syz
[ 1283.835533][   T48] usb 1-1: device descriptor read/64, error -71
[ 1284.075627][   T48] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[ 1284.275542][   T48] usb 1-1: device descriptor read/64, error -71
[ 1284.457859][ T5868] usb 6-1: config 0 descriptor??
[ 1284.464134][ T5868] ftdi_sio 6-1:0.0: FTDI USB Serial Device converter detected
[ 1284.475996][   T48] usb usb1-port1: attempt power cycle
[ 1284.482183][ T5868] ftdi_sio ttyUSB0: unknown device type: 0xc698
[ 1284.560892][T17457] FAULT_INJECTION: forcing a failure.
[ 1284.560892][T17457] name failslab, interval 1, probability 0, space 0, times 0
[ 1284.588328][   T30] audit: type=1400 audit(1750737303.738:691): avc:  denied  { ioctl } for  pid=17440 comm="syz.0.2754" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1284.626462][T17457] CPU: 1 UID: 0 PID: 17457 Comm: syz.3.2758 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1284.626489][T17457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1284.626498][T17457] Call Trace:
[ 1284.626503][T17457]  <TASK>
[ 1284.626509][T17457]  dump_stack_lvl+0x16c/0x1f0
[ 1284.626536][T17457]  should_fail_ex+0x512/0x640
[ 1284.626557][T17457]  ? fs_reclaim_acquire+0xae/0x150
[ 1284.626573][T17457]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[ 1284.626595][T17457]  should_failslab+0xc2/0x120
[ 1284.626621][T17457]  __kmalloc_noprof+0xd2/0x510
[ 1284.626646][T17457]  tomoyo_realpath_from_path+0xc2/0x6e0
[ 1284.626669][T17457]  ? tomoyo_profile+0x47/0x60
[ 1284.626695][T17457]  tomoyo_path_number_perm+0x245/0x580
[ 1284.626713][T17457]  ? tomoyo_path_number_perm+0x237/0x580
[ 1284.626732][T17457]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1284.626745][T17457]  ? find_held_lock+0x2b/0x80
[ 1284.626771][T17457]  ? find_held_lock+0x2b/0x80
[ 1284.626783][T17457]  ? hook_file_ioctl_common+0x145/0x410
[ 1284.626803][T17457]  ? __fget_files+0x20e/0x3c0
[ 1284.626820][T17457]  security_file_ioctl+0x9b/0x240
[ 1284.626836][T17457]  __x64_sys_ioctl+0xb7/0x210
[ 1284.626850][T17457]  do_syscall_64+0xcd/0x4c0
[ 1284.626867][T17457]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1284.626878][T17457] RIP: 0033:0x7f8205f8e929
[ 1284.626887][T17457] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1284.626897][T17457] RSP: 002b:00007f8206e28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1284.626907][T17457] RAX: ffffffffffffffda RBX: 00007f82061b5fa0 RCX: 00007f8205f8e929
[ 1284.626913][T17457] RDX: 0000200000000000 RSI: 000000000000541c RDI: 0000000000000003
[ 1284.626919][T17457] RBP: 00007f8206e28090 R08: 0000000000000000 R09: 0000000000000000
[ 1284.626925][T17457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1284.626931][T17457] R13: 0000000000000000 R14: 00007f82061b5fa0 R15: 00007fff11432c38
[ 1284.626944][T17457]  </TASK>
[ 1284.634538][   T30] audit: type=1400 audit(1750737303.778:692): avc:  denied  { create } for  pid=17455 comm="syz.2.2757" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1284.867739][T17457] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1284.896490][   T30] audit: type=1400 audit(1750737303.778:693): avc:  denied  { module_request } for  pid=17455 comm="syz.2.2757" kmod="net-pf-10-proto-11-type-0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[ 1284.955484][   T48] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[ 1284.966216][   T30] audit: type=1400 audit(1750737304.018:694): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1284.992498][   T48] usb 1-1: device descriptor read/8, error -71
[ 1285.032287][   T30] audit: type=1400 audit(1750737304.028:695): avc:  denied  { read write } for  pid=17455 comm="syz.2.2757" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1285.068177][   T30] audit: type=1400 audit(1750737304.028:696): avc:  denied  { open } for  pid=17455 comm="syz.2.2757" path="/dev/raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1285.147349][ T5896] usb 6-1: USB disconnect, device number 9
[ 1285.154313][T17417] vhci_hcd: connection reset by peer
[ 1285.163252][ T5896] ftdi_sio 6-1:0.0: device disconnected
[ 1285.173768][ T1304] vhci_hcd: stop threads
[ 1285.201836][ T1304] vhci_hcd: release socket
[ 1285.235047][   T30] audit: type=1400 audit(1750737304.048:697): avc:  denied  { execmem } for  pid=17456 comm="syz.3.2758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[ 1285.254670][   T30] audit: type=1400 audit(1750737304.078:698): avc:  denied  { create } for  pid=17415 comm="syz.5.2749" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1285.261915][ T1304] vhci_hcd: disconnect device
[ 1285.275534][   T30] audit: type=1400 audit(1750737304.078:699): avc:  denied  { write } for  pid=17415 comm="syz.5.2749" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[ 1285.305333][ T5928] usb 3-1: new low-speed USB device number 37 using dummy_hcd
[ 1285.324466][   T30] audit: type=1400 audit(1750737304.238:700): avc:  denied  { prog_load } for  pid=17456 comm="syz.3.2758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1285.340351][T17467] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2759'.
[ 1285.355308][   T48] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[ 1285.377972][   T48] usb 1-1: device descriptor read/8, error -71
[ 1285.470144][ T5928] usb 3-1: config 1 has an invalid interface number: 114 but max is 3
[ 1285.478841][ T5928] usb 3-1: config 1 has an invalid interface number: 205 but max is 3
[ 1285.487480][   T48] usb usb1-port1: unable to enumerate USB device
[ 1285.585815][ T5928] usb 3-1: config 1 has an invalid interface number: 158 but max is 3
[ 1285.594025][ T5928] usb 3-1: config 1 has an invalid interface number: 186 but max is 3
[ 1285.617364][ T5928] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1285.660924][ T5928] usb 3-1: config 1 has an invalid descriptor of length 210, skipping remainder of the config
[ 1285.679217][ T5928] usb 3-1: config 1 has no interface number 0
[ 1285.685843][ T5928] usb 3-1: config 1 has no interface number 1
[ 1285.685866][ T5928] usb 3-1: config 1 has no interface number 2
[ 1285.685882][ T5928] usb 3-1: config 1 has no interface number 3
[ 1285.685942][ T5928] usb 3-1: config 1 interface 114 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 8
[ 1285.685966][ T5928] usb 3-1: config 1 interface 114 altsetting 2 endpoint 0xE has invalid maxpacket 64, setting to 8
[ 1285.686001][ T5928] usb 3-1: config 1 interface 205 altsetting 8 endpoint 0x7 has invalid maxpacket 32, setting to 8
[ 1285.686024][ T5928] usb 3-1: config 1 interface 205 altsetting 8 endpoint 0xF has an invalid bInterval 98, changing to 4
[ 1285.686047][ T5928] usb 3-1: config 1 interface 205 altsetting 8 endpoint 0xF has invalid maxpacket 1096, setting to 0
[ 1285.696175][ T5928] usb 3-1: config 1 interface 205 altsetting 8 has an invalid descriptor for endpoint zero, skipping
[ 1285.696204][ T5928] usb 3-1: config 1 interface 205 altsetting 8 endpoint 0x6 has invalid maxpacket 1136, setting to 8
[ 1285.696230][ T5928] usb 3-1: config 1 interface 205 altsetting 8 endpoint 0x3 has invalid maxpacket 48, setting to 8
[ 1285.696253][ T5928] usb 3-1: config 1 interface 205 altsetting 8 has a duplicate endpoint with address 0x3, skipping
[ 1285.696289][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xB, skipping
[ 1285.696309][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0x3, skipping
[ 1285.696329][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xD, skipping
[ 1285.696347][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xD, skipping
[ 1285.696368][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0x6, skipping
[ 1285.696386][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[ 1285.696403][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has an invalid descriptor for endpoint zero, skipping
[ 1285.696429][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xD, skipping
[ 1285.696447][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xF, skipping
[ 1285.696468][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xB, skipping
[ 1285.696488][ T5928] usb 3-1: config 1 interface 158 altsetting 64 has a duplicate endpoint with address 0xD, skipping
[ 1285.696517][ T5928] usb 3-1: config 1 interface 186 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[ 1285.696540][ T5928] usb 3-1: config 1 interface 114 has no altsetting 0
[ 1285.696555][ T5928] usb 3-1: config 1 interface 205 has no altsetting 0
[ 1285.696570][ T5928] usb 3-1: config 1 interface 158 has no altsetting 0
[ 1285.696586][ T5928] usb 3-1: config 1 interface 186 has no altsetting 0
[ 1285.929462][T17482] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1287.620174][ T5928] usb 3-1: string descriptor 0 read error: -71
[ 1287.637177][ T5928] usb 3-1: New USB device found, idVendor=07aa, idProduct=9601, bcdDevice=b2.da
[ 1287.695440][ T5963] vhci_hcd: vhci_device speed not set
[ 1288.205787][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1288.241814][ T5928] usb 3-1: can't set config #1, error -71
[ 1288.263707][ T5928] usb 3-1: USB disconnect, device number 37
[ 1288.533179][T17506] FAULT_INJECTION: forcing a failure.
[ 1288.533179][T17506] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1288.753125][T17506] CPU: 1 UID: 0 PID: 17506 Comm: syz.2.2771 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1288.753157][T17506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1288.753168][T17506] Call Trace:
[ 1288.753174][T17506]  <TASK>
[ 1288.753181][T17506]  dump_stack_lvl+0x16c/0x1f0
[ 1288.753213][T17506]  should_fail_ex+0x512/0x640
[ 1288.753241][T17506]  _copy_from_user+0x2e/0xd0
[ 1288.753266][T17506]  copy_msghdr_from_user+0x98/0x160
[ 1288.753291][T17506]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1288.753327][T17506]  ___sys_sendmsg+0xfe/0x1d0
[ 1288.753352][T17506]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1288.753373][T17506]  ? __lock_acquire+0x622/0x1c90
[ 1288.753432][T17506]  __sys_sendmsg+0x16d/0x220
[ 1288.753456][T17506]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1288.753496][T17506]  do_syscall_64+0xcd/0x4c0
[ 1288.753522][T17506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1288.753540][T17506] RIP: 0033:0x7f0f6258e929
[ 1288.753554][T17506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1288.753571][T17506] RSP: 002b:00007f0f6345b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1288.753588][T17506] RAX: ffffffffffffffda RBX: 00007f0f627b5fa0 RCX: 00007f0f6258e929
[ 1288.753599][T17506] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000003
[ 1288.753609][T17506] RBP: 00007f0f6345b090 R08: 0000000000000000 R09: 0000000000000000
[ 1288.753619][T17506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1288.753628][T17506] R13: 0000000000000000 R14: 00007f0f627b5fa0 R15: 00007ffc1b7260f8
[ 1288.753651][T17506]  </TASK>
[ 1288.946455][ T5896] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[ 1288.959779][T17510] FAULT_INJECTION: forcing a failure.
[ 1288.959779][T17510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1288.973105][T17510] CPU: 1 UID: 0 PID: 17510 Comm: syz.2.2773 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1288.973121][T17510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1288.973127][T17510] Call Trace:
[ 1288.973132][T17510]  <TASK>
[ 1288.973143][T17510]  dump_stack_lvl+0x16c/0x1f0
[ 1288.973163][T17510]  should_fail_ex+0x512/0x640
[ 1288.973180][T17510]  _copy_from_user+0x2e/0xd0
[ 1288.973195][T17510]  copy_from_sockptr_offset.constprop.0+0x153/0x1a0
[ 1288.973210][T17510]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[ 1288.973225][T17510]  ? __lock_acquire+0x622/0x1c90
[ 1288.973243][T17510]  copy_group_source_from_sockptr+0x17a/0x570
[ 1288.973257][T17510]  ? __pfx_copy_group_source_from_sockptr+0x10/0x10
[ 1288.973277][T17510]  ? find_held_lock+0x2b/0x80
[ 1288.973290][T17510]  ? is_bpf_text_address+0x8a/0x1a0
[ 1288.973302][T17510]  ? bpf_ksym_find+0x127/0x1c0
[ 1288.973318][T17510]  ? __lock_acquire+0xb8a/0x1c90
[ 1288.973337][T17510]  do_mcast_group_source+0xd0/0x2e0
[ 1288.973350][T17510]  ? __pfx_do_mcast_group_source+0x10/0x10
[ 1288.973363][T17510]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1288.973396][T17510]  ? __local_bh_enable_ip+0xa4/0x120
[ 1288.973409][T17510]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1288.973426][T17510]  do_ip_setsockopt+0xebb/0x3240
[ 1288.973440][T17510]  ? __pfx_do_ip_setsockopt+0x10/0x10
[ 1288.973455][T17510]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[ 1288.973470][T17510]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[ 1288.973484][T17510]  ? proc_fail_nth_write+0x9f/0x250
[ 1288.973502][T17510]  ip_setsockopt+0x59/0xf0
[ 1288.973516][T17510]  udp_setsockopt+0x7d/0xd0
[ 1288.973529][T17510]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1288.973547][T17510]  do_sock_setsockopt+0x221/0x470
[ 1288.973564][T17510]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1288.973588][T17510]  __sys_setsockopt+0x1a0/0x230
[ 1288.973603][T17510]  __x64_sys_setsockopt+0xbd/0x160
[ 1288.973616][T17510]  ? do_syscall_64+0x91/0x4c0
[ 1288.973631][T17510]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1288.973644][T17510]  do_syscall_64+0xcd/0x4c0
[ 1288.973660][T17510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1288.973671][T17510] RIP: 0033:0x7f0f6258e929
[ 1288.973680][T17510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1288.973690][T17510] RSP: 002b:00007f0f6345b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1288.973701][T17510] RAX: ffffffffffffffda RBX: 00007f0f627b5fa0 RCX: 00007f0f6258e929
[ 1288.973708][T17510] RDX: 000000000000002b RSI: 0000000000000000 RDI: 0000000000000003
[ 1288.973713][T17510] RBP: 00007f0f6345b090 R08: 0000000000000108 R09: 0000000000000000
[ 1288.973719][T17510] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001
[ 1288.973725][T17510] R13: 0000000000000000 R14: 00007f0f627b5fa0 R15: 00007ffc1b7260f8
[ 1288.973737][T17510]  </TASK>
[ 1289.342854][T17511] IPVS: Scheduler module ip_vs_sip not found
[ 1289.507344][ T5896] usb 6-1: Using ep0 maxpacket: 32
[ 1289.524009][ T5896] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[ 1289.533341][ T5896] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[ 1289.663657][T17524] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[ 1289.684193][ T5896] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[ 1289.693705][ T5896] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1289.704066][ T5896] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1290.524134][   T30] kauditd_printk_skb: 38 callbacks suppressed
[ 1290.524170][   T30] audit: type=1400 audit(1750737309.528:739): avc:  denied  { read } for  pid=17517 comm="syz.2.2775" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1290.560218][   T30] audit: type=1400 audit(1750737309.528:740): avc:  denied  { open } for  pid=17517 comm="syz.2.2775" path="/dev/dri/card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1290.585400][   T30] audit: type=1400 audit(1750737309.528:741): avc:  denied  { ioctl } for  pid=17517 comm="syz.2.2775" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x64a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1290.610900][ T5896] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1290.934494][ T5896] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[ 1290.944799][ T5896] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1290.996375][ T5896] usb 6-1: config 0 descriptor??
[ 1291.011652][   T30] audit: type=1400 audit(1750737309.528:742): avc:  denied  { map_read map_write } for  pid=17517 comm="syz.2.2775" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1291.105346][   T30] audit: type=1400 audit(1750737310.228:743): avc:  denied  { create } for  pid=17533 comm="syz.3.2780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1291.149020][   T30] audit: type=1400 audit(1750737310.238:744): avc:  denied  { bind } for  pid=17533 comm="syz.3.2780" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1291.220588][T17503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1291.229536][T17503] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1291.239723][ T5896] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[ 1291.273852][T17538] 9pnet_fd: Insufficient options for proto=fd
[ 1291.280451][   T30] audit: type=1400 audit(1750737310.408:745): avc:  denied  { create } for  pid=17537 comm="syz.3.2781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1291.315304][ T5928] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[ 1291.329084][   T30] audit: type=1400 audit(1750737310.408:746): avc:  denied  { ioctl } for  pid=17502 comm="syz.5.2770" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1291.353614][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1291.390135][ T5896] usb 6-1: USB disconnect, device number 10
[ 1291.406882][ T5896] usblp0: removed
[ 1291.414532][   T30] audit: type=1400 audit(1750737310.418:747): avc:  denied  { setopt } for  pid=17537 comm="syz.3.2781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1291.434025][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1291.450441][   T30] audit: type=1400 audit(1750737310.418:748): avc:  denied  { mounton } for  pid=17537 comm="syz.3.2781" path="/563/file0" dev="tmpfs" ino=3052 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1291.565343][ T5928] usb 1-1: Using ep0 maxpacket: 32
[ 1291.573709][ T5928] usb 1-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=d3.5e
[ 1291.582944][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1291.591496][ T5928] usb 1-1: Product: syz
[ 1291.596266][ T5928] usb 1-1: Manufacturer: syz
[ 1291.707613][ T5928] usb 1-1: SerialNumber: syz
[ 1291.861405][   T93] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[ 1291.900959][ T5928] usb 1-1: config 0 descriptor??
[ 1291.917103][ T5928] cypress_m8 1-1:0.0: HID->COM RS232 Adapter converter detected
[ 1291.928429][ T5928] cyphidcom ttyUSB0: required endpoint is missing
[ 1292.035320][   T93] usb 3-1: Using ep0 maxpacket: 32
[ 1292.061428][   T93] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1292.079583][   T93] usb 3-1: config 7 has an invalid interface number: 187 but max is 0
[ 1292.088187][   T93] usb 3-1: config 7 has no interface number 0
[ 1292.094402][   T93] usb 3-1: config 7 interface 187 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 16
[ 1292.119014][ T5928] usb 1-1: USB disconnect, device number 40
[ 1292.126074][ T5928] cypress_m8 1-1:0.0: device disconnected
[ 1292.143502][   T93] usb 3-1: config 7 interface 187 has no altsetting 0
[ 1292.154265][   T93] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[ 1292.183183][   T93] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1292.202732][   T93] usb 3-1: Product: syz
[ 1292.203925][T17548] FAULT_INJECTION: forcing a failure.
[ 1292.203925][T17548] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1292.226974][T17548] CPU: 0 UID: 0 PID: 17548 Comm: syz.5.2784 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1292.227001][T17548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1292.227012][T17548] Call Trace:
[ 1292.227018][T17548]  <TASK>
[ 1292.227025][T17548]  dump_stack_lvl+0x16c/0x1f0
[ 1292.227056][T17548]  should_fail_ex+0x512/0x640
[ 1292.227096][T17548]  _copy_to_user+0x32/0xd0
[ 1292.227124][T17548]  snd_pcm_oss_read2+0x294/0x410
[ 1292.227146][T17548]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[ 1292.227163][T17548]  ? snd_pcm_kernel_ioctl+0x267/0x2e0
[ 1292.227185][T17548]  ? snd_pcm_oss_prepare+0x11e/0x220
[ 1292.227216][T17548]  snd_pcm_oss_read+0x5d3/0x760
[ 1292.227239][T17548]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[ 1292.227258][T17548]  vfs_read+0x1e1/0xc60
[ 1292.227287][T17548]  ? __pfx_vfs_read+0x10/0x10
[ 1292.227305][T17548]  ? find_held_lock+0x2b/0x80
[ 1292.227327][T17548]  ? __fget_files+0x204/0x3c0
[ 1292.227355][T17548]  ? __fget_files+0x20e/0x3c0
[ 1292.227385][T17548]  ksys_read+0x12a/0x250
[ 1292.227406][T17548]  ? __pfx_ksys_read+0x10/0x10
[ 1292.227430][T17548]  ? rcu_is_watching+0x12/0xc0
[ 1292.227454][T17548]  do_syscall_64+0xcd/0x4c0
[ 1292.227482][T17548]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1292.227500][T17548] RIP: 0033:0x7fc1d638e929
[ 1292.227514][T17548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1292.227531][T17548] RSP: 002b:00007fc1d71df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1292.227549][T17548] RAX: ffffffffffffffda RBX: 00007fc1d65b5fa0 RCX: 00007fc1d638e929
[ 1292.227559][T17548] RDX: 00000000200021d5 RSI: 00002000000011c0 RDI: 0000000000000003
[ 1292.227568][T17548] RBP: 00007fc1d71df090 R08: 0000000000000000 R09: 0000000000000000
[ 1292.227577][T17548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1292.227587][T17548] R13: 0000000000000000 R14: 00007fc1d65b5fa0 R15: 00007ffc53471108
[ 1292.227610][T17548]  </TASK>
[ 1292.359044][   T93] usb 3-1: Manufacturer: syz
[ 1292.435909][T17553] lo speed is unknown, defaulting to 1000
[ 1292.441973][T17553] lo speed is unknown, defaulting to 1000
[ 1292.449084][T17553] lo speed is unknown, defaulting to 1000
[ 1292.457685][T17553] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1292.469965][T17553] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1292.490048][T17553] lo speed is unknown, defaulting to 1000
[ 1292.496873][T17553] lo speed is unknown, defaulting to 1000
[ 1292.503345][T17553] lo speed is unknown, defaulting to 1000
[ 1292.509844][T17553] lo speed is unknown, defaulting to 1000
[ 1292.516302][T17553] lo speed is unknown, defaulting to 1000
[ 1292.524502][T17550] smc: removing ib device syz!
[ 1292.567389][   T93] usb 3-1: SerialNumber: syz
[ 1293.009747][T17550] ------------[ cut here ]------------
[ 1293.015284][T17550] WARNING: CPU: 1 PID: 17550 at drivers/infiniband/sw/rxe/rxe_pool.c:116 rxe_pool_cleanup+0x41/0x60
[ 1293.026104][T17550] Modules linked in:
[ 1293.030221][T17550] CPU: 1 UID: 0 PID: 17550 Comm: syz.3.2785 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1293.042318][T17550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.052385][T17550] RIP: 0010:rxe_pool_cleanup+0x41/0x60
[ 1293.057866][T17550] Code: 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1f 48 83 bb 80 00 00 00 00 75 06 5b e9 25 ad 0a f9 e8 20 ad 0a f9 90 <0f> 0b 90 5b e9 16 ad 0a f9 e8 71 89 71 f9 eb da 66 66 2e 0f 1f 84
[ 1293.077656][T17550] RSP: 0018:ffffc90004b7f1f0 EFLAGS: 00010246
[ 1293.083737][T17550] RAX: 0000000000080000 RBX: ffff88807d359320 RCX: ffffc9000cdc1000
[ 1293.091747][T17550] RDX: 0000000000080000 RSI: ffffffff88b17080 RDI: ffff88807d3593a0
[ 1293.100166][T17550] RBP: ffffffff88afd530 R08: 0000000000000005 R09: 0000000000000001
[ 1293.108176][T17550] R10: 0000000000000002 R11: 0000000000000001 R12: ffff88807d358668
[ 1293.116176][T17550] R13: ffff88807d357fe0 R14: ffff88807d357fe0 R15: ffff88807d359080
[ 1293.124154][T17550] FS:  00007f8206e286c0(0000) GS:ffff888124853000(0000) knlGS:0000000000000000
[ 1293.133355][T17550] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1293.139997][T17550] CR2: 00007fc1d70e56c0 CR3: 0000000057224000 CR4: 00000000003526f0
[ 1293.147993][T17550] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1293.156005][T17550] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1293.163960][T17550] Call Trace:
[ 1293.167269][T17550]  <TASK>
[ 1293.170185][T17550]  rxe_dealloc+0x25/0xc0
[ 1293.174412][T17550]  ib_dealloc_device+0x49/0x230
[ 1293.179272][T17550]  __ib_unregister_device+0x396/0x480
[ 1293.184641][T17550]  ? __pfx_ib_device_get_by_index+0x10/0x10
[ 1293.190546][T17550]  ib_unregister_device_and_put+0x5a/0x80
[ 1293.196876][T17550]  nldev_dellink+0x21f/0x320
[ 1293.201489][T17550]  ? __pfx_nldev_dellink+0x10/0x10
[ 1293.206644][T17550]  ? cap_capable+0xb3/0x250
[ 1293.211147][T17550]  ? bpf_lsm_capable+0x9/0x10
[ 1293.215853][T17550]  ? security_capable+0x7e/0x260
[ 1293.220793][T17550]  ? ns_capable+0xd7/0x110
[ 1293.225236][T17550]  ? __pfx_nldev_dellink+0x10/0x10
[ 1293.230344][T17550]  rdma_nl_rcv_msg+0x38a/0x6e0
[ 1293.235103][T17550]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[ 1293.240411][T17550]  ? __lock_acquire+0x622/0x1c90
[ 1293.245348][T17550]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430
[ 1293.251771][T17550]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[ 1293.258716][T17550]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1293.263989][T17550]  ? is_vmalloc_addr+0x86/0xa0
[ 1293.268766][T17550]  netlink_unicast+0x53a/0x7f0
[ 1293.273525][T17550]  ? __pfx_netlink_unicast+0x10/0x10
[ 1293.278819][T17550]  netlink_sendmsg+0x8d1/0xdd0
[ 1293.283579][T17550]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1293.288864][T17550]  ____sys_sendmsg+0xa95/0xc70
[ 1293.293621][T17550]  ? copy_msghdr_from_user+0x10a/0x160
[ 1293.299693][T17550]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1293.305007][T17550]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1293.310317][T17550]  ___sys_sendmsg+0x134/0x1d0
[ 1293.314995][T17550]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1293.320206][T17550]  ? __lock_acquire+0x622/0x1c90
[ 1293.325161][T17550]  __sys_sendmsg+0x16d/0x220
[ 1293.329777][T17550]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1293.334893][T17550]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1293.339864][T17550]  do_syscall_64+0xcd/0x4c0
[ 1293.344370][T17550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1293.350276][T17550] RIP: 0033:0x7f8205f8e929
[ 1293.354682][T17550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1293.374306][T17550] RSP: 002b:00007f8206e28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1293.382777][T17550] RAX: ffffffffffffffda RBX: 00007f82061b5fa0 RCX: 00007f8205f8e929
[ 1293.390787][T17550] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[ 1293.398776][T17550] RBP: 00007f8206010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1293.407178][T17550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1293.415141][T17550] R13: 0000000000000000 R14: 00007f82061b5fa0 R15: 00007fff11432c38
[ 1293.423142][T17550]  </TASK>
[ 1293.426161][T17550] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1293.433439][T17550] CPU: 1 UID: 0 PID: 17550 Comm: syz.3.2785 Not tainted 6.16.0-rc3-syzkaller-00042-g78f4e737a53e #0 PREEMPT(full) 
[ 1293.445482][T17550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1293.455550][T17550] Call Trace:
[ 1293.458813][T17550]  <TASK>
[ 1293.461722][T17550]  dump_stack_lvl+0x3d/0x1f0
[ 1293.466304][T17550]  panic+0x71c/0x800
[ 1293.470183][T17550]  ? __pfx_panic+0x10/0x10
[ 1293.474579][T17550]  ? show_trace_log_lvl+0x29b/0x3e0
[ 1293.479778][T17550]  ? rxe_pool_cleanup+0x41/0x60
[ 1293.484621][T17550]  check_panic_on_warn+0xab/0xb0
[ 1293.489558][T17550]  __warn+0xf6/0x3c0
[ 1293.493436][T17550]  ? rxe_pool_cleanup+0x41/0x60
[ 1293.498267][T17550]  report_bug+0x3c3/0x580
[ 1293.502576][T17550]  ? rxe_pool_cleanup+0x41/0x60
[ 1293.507413][T17550]  handle_bug+0x184/0x210
[ 1293.511734][T17550]  exc_invalid_op+0x17/0x50
[ 1293.516215][T17550]  asm_exc_invalid_op+0x1a/0x20
[ 1293.521044][T17550] RIP: 0010:rxe_pool_cleanup+0x41/0x60
[ 1293.526498][T17550] Code: 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 1f 48 83 bb 80 00 00 00 00 75 06 5b e9 25 ad 0a f9 e8 20 ad 0a f9 90 <0f> 0b 90 5b e9 16 ad 0a f9 e8 71 89 71 f9 eb da 66 66 2e 0f 1f 84
[ 1293.546088][T17550] RSP: 0018:ffffc90004b7f1f0 EFLAGS: 00010246
[ 1293.552140][T17550] RAX: 0000000000080000 RBX: ffff88807d359320 RCX: ffffc9000cdc1000
[ 1293.560089][T17550] RDX: 0000000000080000 RSI: ffffffff88b17080 RDI: ffff88807d3593a0
[ 1293.568040][T17550] RBP: ffffffff88afd530 R08: 0000000000000005 R09: 0000000000000001
[ 1293.575989][T17550] R10: 0000000000000002 R11: 0000000000000001 R12: ffff88807d358668
[ 1293.583949][T17550] R13: ffff88807d357fe0 R14: ffff88807d357fe0 R15: ffff88807d359080
[ 1293.591920][T17550]  ? __pfx_rxe_dealloc+0x10/0x10
[ 1293.596844][T17550]  ? rxe_pool_cleanup+0x40/0x60
[ 1293.601683][T17550]  rxe_dealloc+0x25/0xc0
[ 1293.605913][T17550]  ib_dealloc_device+0x49/0x230
[ 1293.610766][T17550]  __ib_unregister_device+0x396/0x480
[ 1293.616124][T17550]  ? __pfx_ib_device_get_by_index+0x10/0x10
[ 1293.622007][T17550]  ib_unregister_device_and_put+0x5a/0x80
[ 1293.627709][T17550]  nldev_dellink+0x21f/0x320
[ 1293.632280][T17550]  ? __pfx_nldev_dellink+0x10/0x10
[ 1293.637449][T17550]  ? cap_capable+0xb3/0x250
[ 1293.641971][T17550]  ? bpf_lsm_capable+0x9/0x10
[ 1293.646639][T17550]  ? security_capable+0x7e/0x260
[ 1293.651556][T17550]  ? ns_capable+0xd7/0x110
[ 1293.655961][T17550]  ? __pfx_nldev_dellink+0x10/0x10
[ 1293.661054][T17550]  rdma_nl_rcv_msg+0x38a/0x6e0
[ 1293.665809][T17550]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[ 1293.671073][T17550]  ? __lock_acquire+0x622/0x1c90
[ 1293.675997][T17550]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2d0/0x430
[ 1293.682390][T17550]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[ 1293.689313][T17550]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1293.694592][T17550]  ? is_vmalloc_addr+0x86/0xa0
[ 1293.699338][T17550]  netlink_unicast+0x53a/0x7f0
[ 1293.704094][T17550]  ? __pfx_netlink_unicast+0x10/0x10
[ 1293.709379][T17550]  netlink_sendmsg+0x8d1/0xdd0
[ 1293.714127][T17550]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1293.719395][T17550]  ____sys_sendmsg+0xa95/0xc70
[ 1293.724136][T17550]  ? copy_msghdr_from_user+0x10a/0x160
[ 1293.729575][T17550]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1293.734837][T17550]  ? __pfx_futex_wake_mark+0x10/0x10
[ 1293.740115][T17550]  ___sys_sendmsg+0x134/0x1d0
[ 1293.744777][T17550]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1293.749954][T17550]  ? __lock_acquire+0x622/0x1c90
[ 1293.754890][T17550]  __sys_sendmsg+0x16d/0x220
[ 1293.759460][T17550]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1293.764552][T17550]  ? __x64_sys_futex+0x1e0/0x4c0
[ 1293.769479][T17550]  do_syscall_64+0xcd/0x4c0
[ 1293.773967][T17550]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1293.779836][T17550] RIP: 0033:0x7f8205f8e929
[ 1293.784229][T17550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1293.803827][T17550] RSP: 002b:00007f8206e28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1293.812220][T17550] RAX: ffffffffffffffda RBX: 00007f82061b5fa0 RCX: 00007f8205f8e929
[ 1293.820179][T17550] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000004
[ 1293.828140][T17550] RBP: 00007f8206010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1293.836090][T17550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1293.844043][T17550] R13: 0000000000000000 R14: 00007f82061b5fa0 R15: 00007fff11432c38
[ 1293.852001][T17550]  </TASK>
[ 1293.855220][T17550] Kernel Offset: disabled
[ 1293.859524][T17550] Rebooting in 86400 seconds..