last executing test programs:

10.123579958s ago: executing program 4 (id=1370):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000002e00)=ANY=[@ANYRES32=r2], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
futex(0x0, 0x6, 0x4, 0x0, 0x0, 0x2)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
fallocate(0xffffffffffffffff, 0x3, 0x100000000, 0x80000000)
ioctl$DRM_IOCTL_CONTROL(0xffffffffffffffff, 0x40086414, 0x0)

8.867735395s ago: executing program 4 (id=1374):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x80000000000000a, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
write$P9_RSTATu(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="6502000002fd0a4f0524012800001f00000000000000000000000000000000000000000000000c00000001040000000000007dff0a6e6f6465767b65766f03d38b9200000000000000000000000000280070673effeb09b5351f5bde054000000000187899a916638814e5708103b494e1000000000000000002000800ac00f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a440b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a3700398641631d44f4a39b1191937a280e8d889fc220d115ac8e2f184b9a61758d26772ab0f2044d8ef0263ddd97d3c427b3a532efab1d1ce32ca7c1fc231af48408e02b255028b7c9bb85396f4d8af0eb95fc0ecc99f780e22c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00000000000000000000000000000000009bf97f441c69a3", @ANYRES32=0x0, @ANYRES32=0x0], 0xfd85)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000440)=ANY=[@ANYBLOB="4018a8"], 0x0, 0x0, 0x0, 0x0, 0x0})

8.40880672s ago: executing program 2 (id=1376):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xfffffffffffffdf4, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d"], 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0a00000004000000ff0f"], 0x48)

7.91230655s ago: executing program 2 (id=1379):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="4000f801040000000861100000000700ba000000f8693eb9e0bbe43608f8351f3c82af8515634bee65579b2692e431fe39b382663b3106b51384f6985669f557e6afbb24c69b302eb986a71fcbc1b48e71b7dbb6681c4f4c0f4c23be", @ANYRES32=0x0, @ANYBLOB="7fff000004040000140012800b0001006772657461700000040002800a00"], 0x40}}, 0x0)
r1 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @sched_cls, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000580)=ANY=[@ANYRES32=r3, @ANYRES32, @ANYBLOB="2f0000000800000004000000", @ANYRES32, @ANYBLOB="39437b18a2147ec9791002ae5d33085c7ab99369aaf74bc135573159116e9a59e1911e54b54ad078fb670c074c0fbf46dbfe6bfa", @ANYRES64=0x0], 0x20)
sendfile(r1, r2, 0x0, 0x20000023896)
socket$nl_crypto(0x10, 0x3, 0x15)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x10001}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
userfaultfd(0x800)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x410000)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f0000000080)={0x2, 0x0, 0x4, 0x6, 0x4})
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

7.498028626s ago: executing program 2 (id=1382):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000001a40)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000073000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$l2tp(0x2, 0x2, 0x73)
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0xeffd, 0x0, 0x0, 0x0)

7.335379276s ago: executing program 2 (id=1384):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
r3 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r3, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72828f72", {0x1, 0x1, 0x1000, 0x2, 0x5}})
syz_usb_ep_write$ath9k_ep1(r3, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=<r4=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r4])
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r7, 0x402, 0x8000003d)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x1000000d)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r8 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
fallocate(r8, 0x0, 0x0, 0x9000f3)
mmap(&(0x7f00004af000/0x3000)=nil, 0x3000, 0xb635773f05ebbeec, 0x80010, r8, 0x5000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

5.825171005s ago: executing program 0 (id=1394):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000300)={'filter\x00', 0x0, 0x7, 0x6, [0xf, 0x8000093, 0x3, 0xfa7, 0x4, 0x3], 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x78)
bind$netlink(0xffffffffffffffff, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0)
read$midi(0xffffffffffffffff, 0x0, 0x43)
r1 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
r2 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x6080, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121441, 0x0)
ioctl$BLKDISCARD(r3, 0x125f, 0x0)
ioctl$RTC_SET_TIME(r2, 0x40187013, 0x0)
write$RDMA_USER_CM_CMD_QUERY(r1, 0x0, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x4001100, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x20058811)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

5.649284453s ago: executing program 4 (id=1395):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000000)={r2, 0x0, 0x1, 0x0, 0x3})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x2400, 0x2e)
lseek(r3, 0x101, 0x1)
getdents64(r3, 0x0, 0x6d0821ca1fc60d2f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='host1x_channel_submit_complete\x00', r0}, 0x18)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r4 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f00000001c0)={0x980000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}})
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000f7d47101287454e172357f372bafc4"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="180100002020642500000000002020207a1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000700000085000000060000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
connect$unix(r6, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
r10 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, 0x0, 0x0)

5.52709677s ago: executing program 0 (id=1398):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@union={0x8, 0x5, 0x0, 0x5, 0x1, 0x2, [{0x5, 0x4, 0x54f8}, {0xb, 0x5, 0x10001}, {0x2, 0x3, 0x885}, {0x8, 0x0, 0x70c5}, {0xe, 0x5, 0x4}]}]}}, 0x0, 0x62, 0x0, 0x1, 0x3, 0x10000, @value}, 0x28)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
r1 = syz_io_uring_setup(0x64d, &(0x7f0000000c40)={0x0, 0x9607, 0x10000, 0x0, 0x148}, &(0x7f0000000cc0), &(0x7f0000000d00))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xd, &(0x7f0000001c80)={0x1, 0x0, 0x0, &(0x7f0000001c00)=[{0x0}], &(0x7f0000001c40)=[0x8]}, 0x20)
openat$userio(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, <r4=>0x0})
syz_pidfd_open(r4, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
pselect6(0x40, &(0x7f0000000300)={0x10000, 0xa, 0xa6b, 0x8, 0x3, 0x1, 0xfffffffffffffffe, 0x8}, &(0x7f0000000340)={0x6, 0x9, 0x6, 0x100, 0x4, 0x5, 0xfffffffffffffc01, 0x2}, &(0x7f0000000380)={0x1, 0x100000000, 0xffff, 0x419, 0x0, 0x9, 0x9e7, 0x8000000000000001}, &(0x7f00000003c0)={0x0, 0x3938700}, &(0x7f0000000480)={&(0x7f0000000400)={[0x5]}, 0x8})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$binder(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x2000000)
socket(0x848000000015, 0x805, 0x0)
r6 = socket(0x1000000000000010, 0x80802, 0x0)
bind$netlink(r6, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYRES32=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x10000000}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'sit0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}, 0x0, r9})

4.598633326s ago: executing program 4 (id=1399):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x20000004)

4.348113117s ago: executing program 0 (id=1401):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x2c, 0x68, 0x1, 0x100003, 0x25dfdbfe, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)

4.22844988s ago: executing program 0 (id=1403):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000000c0)='sched_switch\x00', r0}, 0x10)
write(0xffffffffffffffff, &(0x7f0000000340), 0x11000)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e3166040860502010a140000000109021b0001100000000904a800015fb94d000905a1"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
io_setup(0x2004, &(0x7f0000000680))

4.160761501s ago: executing program 2 (id=1405):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f0000002340)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4509c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a900d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a3c0db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848022e8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00"/3999], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x5, &(0x7f00000027c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket(0x80000000000000a, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x141842, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
write$P9_RSTATu(r2, &(0x7f00000007c0)=ANY=[@ANYBLOB="6502000002fd0a4f0524012800001f00000000000000000000000000000000000000000000000c00000001040000000000007dff0a6e6f6465767b65766f03d38b9200000000000000000000000000280070673effeb09b5351f5bde054000000000187899a916638814e5708103b494e1000000000000000002000800ac00f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a440b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a3700398641631d44f4a39b1191937a280e8d889fc220d115ac8e2f184b9a61758d26772ab0f2044d8ef0263ddd97d3c427b3a532efab1d1ce32ca7c1fc231af48408e02b255028b7c9bb85396f4d8af0eb95fc0ecc99f780e22c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00000000000000000000000000000000009bf97f441c69a3", @ANYRES32=0x0, @ANYRES32=0x0], 0xfd85)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000440)=ANY=[@ANYBLOB="4018a8"], 0x0, 0x0, 0x0, 0x0, 0x0})

3.768950053s ago: executing program 4 (id=1406):
syz_open_dev$usbmon(&(0x7f0000000180), 0x0, 0x80000)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3, 0x2)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000040)=0x3)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
unshare(0x68040200)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="3c3400400000000000000000000107b885b3ec30f3c20d9376a58d9c3fce8a33d6b2b460481fa65ac2945c3225dc4c17fd8902a289839b9ec81f167163a7a15a04a0ead96fc2644bcb6e3823f744cdfe906beb32ac9783f8cb226870299c3aec5a021aec97e5b83e7f305822de6e8a7724f8fe5ddf0deb1860e6679fc8a7a4ad33350777df769c6b5f4a9f0f537576499a6edc81c00c587d424a6d4166393ea76e245739dd5079e6b0", @ANYRES32], 0x1b0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000000)=0x200, 0x4)
sendmmsg$inet6(r2, &(0x7f00000027c0)=[{{&(0x7f00000002c0)={0xa, 0x4e20, 0x0, @mcast2, 0x41}, 0x1c, &(0x7f0000001180)=[{&(0x7f0000000a40)="e85eb3ad7a85f8ffbfeca731d6c8b8efffe715ca63a772ab76e7cffafb9d389706d2e359133ee025548a9a6dacd710c38203386303f61999708e2e086f02a597d35cb89496800f640fdc0d640b093b6048a305e8b1fe97a29fd305a32a525559ddd5ee389d8bc85b5c014a923f2633e07c9b1306f90aca263b0cbb80cd28e0d43c5e853eafd3471233aa29ffcbf71f5d41e6ac5cd9dd73d7d5a33ff36301367732b1d6d5c7bd74aa59bcbbeace3a5d25c319b37e9b5a1a2f49f5332b818ac6d3c9458fdbe1ac55b4c0560f22e891801c3c7ea9af178d90346e6bf66b6826d57dc05dcf8972c73b85085ebabef39bd87aed18f4de2d0caba6eb22132ee4e6c99097f54ca9742a3ae9bb80ab191d594d82418fadfa0cb593c22a452949e76978b77f7cd812009d64eaeeeb27224b6df92fbfeae6c94fb1c633246609466ac4d8fb1d890081d260b4c7acaf1b8a6f938205c462f4562e73d73546a47e3384abbd05de604e7d50d8053fb15a4ad2cc2d5a96c62fe5f4398362e4b098b6fd3b7fb03144c7a258b344de3fdb78ecb4237e53ae95ca31598a8102bd5990575fa6aff26ad340d7bbf1644ba6f1168d1d9a50aee8a9494c733f2c55dda98db0f23eff7df41a3354c3310c421703c0dad93182e4d10cf579215232e07cca2fa220d4a0751d2ededfd4924845baa5539fd6e666f3df3426afed1cd1c7c12bcf39eed1b848beee", 0x201}], 0x1}}], 0x1, 0x4000090)
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000000)={0x18, 0x0, {0x1, @broadcast, 'lo\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r3, 0x4008b100, &(0x7f0000000240)={0x18, 0x0, {0x3, @broadcast, 'rose0\x00'}})
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, 0x0, 0x0)
r4 = memfd_create(&(0x7f0000000780)='/dev/loop#\x00\xee\b\xce\xde\xe9\x8d\xd3\xd4\xe2\xfd\x7f\xf5R%\xe8]l\xa1s\b\xa5\xd2\xd59\xe8\xda\b\xd6\xb2\x15\xf6F\xb8\xb4{r.\xd2\xea\xec\xdbXe&J \xe9\x16\x82\xe8=\x83\x88sN\x83N`\xf9\xec\xe1\xbb\x05vH\xdd\x01?k\x97\xa5\xbf\x89#=2G<r\xf8\xd56\xaf~Nh%\x14\xf4\x14\xa3\x88i*rR\x17\x1ay\xc4x\x82u\xa3c\x9ez7\x88\x15\xdbz\xd1&\xd1\xca\xcb\xc5C\xa6,\xc7~\x86\xee=\xae}\xeb\xe8N\x11\xef\xb2\xceP\xff\xed\xee\xd7x6}-y #\x17\x8d[~\xe2\xab\xe6\xe3\x17\xd2/&\xfb\x13\xf3\xd9\xf4O\xf2\xdb\x9b\x03)\xae\xde\xef\x06\x03W\xb5;\xa6\xb4\'\'\x17\t\x00\x00\xaa\xe8\x81\xc0\x85\xd2\xfe\xcf\x9bn\xee*\x15\x97#\'\xc4\x06h\x1f@\a\n=7\xeb2\xaa\x0e\xee\x03\xd1\xd4\xc2yT\x8a0\x06=\xe7R\x85\x02\xf3\x15\x99z0]\xc4\x04\xb0\xea^\xd9\x1e\xbf\xb6\xe9\x8a\xfe\xd9G\x82\x93\xbf,J}\xed\x06\x18\x86WQn`\xf1\x9b\xb5\x96\xfe\xcf\xeb\x9f\x878me\x02\x90\xa2\x13O\x9a\xd6\xd0\x12\xf2$7\xb4\x8f\xfaal\xb8\xaaV>\xb16\xfb*\xf5\xd5\\\xa7\xebe\xbe\x9d\xd7\xf5\xb9<\xb2\xc4\xf9:\xef\xc0g\xc3\xa6\x7f\xc0\xcck.5=\xcc\x10Y\xad^*;MVh\xd9\xcf )\x0e%\x84\x95bXy\x81;o\xc9\x94\xc5M\xaf\xdbr\xec\xf6', 0x6)
fallocate(r4, 0x0, 0x0, 0x200401)
fallocate(r4, 0x0, 0x0, 0x200401)
socket(0x10, 0x80002, 0x4)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040040455070000000000010902240001000040b109040000010300a10009210101000122050009058103"], 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r5, 0x29, 0x40, &(0x7f00000000c0)={'mangle\x00', 0x0, [0x4, 0x4000105, 0x0, 0x7, 0x109]}, &(0x7f0000000400)=0x54)

3.746397932s ago: executing program 3 (id=1408):
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
mount(0x0, 0x0, &(0x7f0000000000)='tmpfs\x00', 0x8, 0x0)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[], 0x46e8}, 0x1, 0x0, 0x0, 0x4040040}, 0x0)
syz_open_procfs(0x0, &(0x7f0000000180)='wchan\x00')
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000800)={0x2c, &(0x7f0000000640)={0x0, 0x30, 0xf1, {0xf1, 0x5, "3ad3f59df62120517c99e37e169760b6da3515c91c694494de9bd3514cf2df784bcf41df99d4abaa816e7d87fe94e7cb1329a5a1cde69f96fd7fa923806597ced183c0d6697fdbb23c43e83ada3d6ca5f22e6c06dbf951633d069e268bbf6e9614913ceb4e4086723cdd07a2776ff7a8befd303dab9dd0de7165acee00245bd5c47fb94548dd9578616d9d7b0ee17136d63e91867ac7927e8b02ed3294b5dc6f2816021addf08f9383648d13195243b53d1f1928b5281f1ae7d337e7f80fdf59ffb436032e7a8674cf0c6a6ea73d13553b1acf9dcd5a0c802b71340d1cee11ac3f750de922180e6a4de65e55c7fe5a"}}, &(0x7f0000000580)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x2401}}, &(0x7f0000000740)={0x0, 0xf, 0x58, {0x5, 0xf, 0x58, 0x4, [@ss_container_id={0x14, 0x10, 0x4, 0x3, "45b4a8e437b3f74139d578ae3ce4c9b2"}, @ss_container_id={0x14, 0x10, 0x4, 0x5, "45085d97480589ae2b4f5adb8fbdb600"}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x8, 0x2, 0x7432}, @ssp_cap={0x24, 0x10, 0xa, 0x5c, 0x6, 0x8, 0xf00f, 0x6, [0xc0c0, 0x30, 0xff3f30, 0x60, 0xe9771bf5f1f4e0ef, 0xc000]}]}}, &(0x7f00000005c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x0, 0x0, 0x8, 0x9, "48a46f80", "183565e1"}}, &(0x7f00000007c0)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x4, 0x5, 0x8, 0xd0, 0x7ff, 0x1}}}, &(0x7f0000000e80)={0x84, &(0x7f0000000840)={0x40, 0x15, 0xc8, "2ee81cb05aacc6faac2b0a8ea5639e7f9ecb1ba48f1b90a789c1046c426a8493c7c01a5cc169902c6a1acb22aed795e0e534c6af4b06b3c28782ee0c0faca3e95325fa3c3d70ec94da9e248b7f5a597045fee83384cc4a46f2ce66c0aa45ba71facd15996cbbe47ef4a04feda9ab627330676d5817c4b3173322a6e4dd225f06fac6b497fc87aafc658e0e1fe9f24741c309eacd19046c64d9e95568b072eba66111425df282ce3c996bb32524c406ee4ca3d5623253f1a7984c9d9ea76a1c7118225e3f56787bfd"}, &(0x7f0000000f40)={0x0, 0xa, 0x1, 0xf3}, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x4}, &(0x7f00000009c0)={0x20, 0x0, 0x4, {0x3, 0x3}}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x20, 0x40}}, &(0x7f0000000a40)={0x40, 0x7, 0x2, 0xe}, &(0x7f0000000a80)={0x40, 0x9, 0x1, 0x8}, &(0x7f0000000ac0)={0x40, 0xb, 0x2, "0a94"}, &(0x7f0000000b00)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000b40)={0x40, 0x13, 0x6, @random="bf39da14fe6f"}, &(0x7f0000000b80)={0x40, 0x17, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}, &(0x7f0000000bc0)={0x40, 0x19, 0x2, '^k'}, &(0x7f0000000c00)={0x40, 0x1a, 0x2, 0xa}, &(0x7f0000000c40)={0x40, 0x1c, 0x1, 0x5}, &(0x7f0000000c80)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000000980)={0x40, 0x21, 0x1, 0x8}})
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_control_io(0xffffffffffffffff, &(0x7f0000000780)={0x2c, &(0x7f0000000580)={0x20, 0x22, 0xc3, {0xc3, 0xb, "f2ed5bcce7704b42e863ebd035e2ee4f38410e2f00ebadc6b080f1a6d50f3bb387bb4da9109be223bf4321dad0cefe3ee8685cf4c8b0e16ac73b6f7661af241fcb5472f2fc3b077b1c635aa293779f183e69e9b21813c3213190d233b8c59bea1875dd0c99b54dc58613224140e452d75f781109351731472628ceba7a8d971b7db0ef2192ae9605643f5f6c82add047d3693043da5f952c554cbaa7fc2ece5ecedbb625fcdb93b023563903a39a72a47a899413e1cad2bc12065d8efc0059fef0"}}, &(0x7f0000000f80)=ANY=[@ANYBLOB="e83bb6398df4b7787eb083e1e22235d13182babd2881c35cc60e08b0a9db69158fcc0ea3e055d6abb6afcb933e256cf96dec7dee7347308250a66794ec73905eb53e25e861a6ff7b4f581156f9244c416e2a9c5792b1e647a3efd4fab8346d15209fb02f73e882b6e4cb2f4d62d53d135332a14e8a660f113661e527047096792069cd0b57b88288c60e789272111366bd2377fd080d0a39c585de81ca6e2412c4073ac7f028754f21a321f396d73bd2525f76784e22e5a54a113ecb3355b872fa5b538687638100c6237108b228d23b8a40417ddc7c9bab46fa8150d9315640fcdd923978ceceeb01c9d2d9e5c0"], &(0x7f0000000680)={0x0, 0xf, 0xca, {0x5, 0xf, 0xca, 0x1, [@generic={0xc5, 0x10, 0x6, "7d0074fe3d4a8f6871e877385b3d2c3588ece84454b610afbcc45bfcc2732346a282ddd3c1b4bd6f517aa4b52ba10b058306549494fa7d77f673234dc6558a962541ac435d8481aa7866a0dfde68e1267f937a3aaf1a5a3d8f84dea9cf3eb6d88ca73941914b6404eeca435189ff827512e081bfc893381d4c3f6501530541a43b6862ddf6880c5cf510cb691826f94bc7b1b01c1515f6ec821d3867ebc08b6856a9ed9b6c27c5c44e94ff50930930df2f7e5e97e7becc6d026aa3e1dfa2ce94a802"}]}}, &(0x7f0000000400)={0x20, 0x29, 0xf, {0xf, 0x29, 0x3, 0x4, 0xfe, 0x8b, "72b33249", "731d7d2d"}}, &(0x7f0000000440)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x6, 0x4, 0x0, 0x7f, 0x4, 0x82e, 0x7ff}}}, &(0x7f0000000d80)={0x84, &(0x7f00000007c0)={0x40, 0x16, 0x85, "1ed815adf47bc23a60189869024073b461099576d7c6ecb1d06504c43d031b6089921086ccaa014919ca503c1dbfd85bb84825e28ba09532a8666a77f93da532f8dd9e507882960a513c27a5b6dccd32afeb33c0dd8221f16996bd9c0081b597e702494fae4d0bd2f3cfb8ad74ad24601f8e98814d643ed5778729b89b1e05b70d47a3d77c"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x7}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000900)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000940)={0x20, 0x0, 0x8, {0x100, 0x2, [0xff]}}, &(0x7f0000000980)={0x40, 0x7, 0x2}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0x6}, &(0x7f0000000a00)={0x40, 0xb, 0x2, "a9d5"}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0x4}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @local}, &(0x7f0000000ac0)={0x40, 0x17, 0x6}, &(0x7f0000000c40)={0x40, 0x19, 0x2, "d674"}, &(0x7f0000000c80)={0x40, 0x1a, 0x2, 0x1}, &(0x7f0000000cc0)={0x40, 0x1c, 0x1, 0xff}, &(0x7f0000000d00)={0x40, 0x1e, 0x1, 0x10}, &(0x7f0000000d40)={0x40, 0x21, 0x1, 0x40}})
openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x111401, 0x0)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000b00)={0x118, 0x2e, 0x1, 0x0, 0x25dfdbfc, "", [@nested={0x107, 0xf2, 0x0, 0x1, [@typed={0xc, 0x18, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973de47a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3287b03fffa370d47eb640dc5061dc35817c8a66c29be", @typed={0x4, 0xe9}]}]}, 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)
pread64(0xffffffffffffffff, &(0x7f000001a240)=""/102390, 0xffffffffffffff70, 0x8)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328018, 0x1000}, 0x20)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000e40)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000ed03000000000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r5, 0x20, &(0x7f0000000100)={0x0, 0x0, <r6=>0x0, 0x0}}, 0x10)
r7 = memfd_secret(0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a82, 0x0)
sendfile(r7, r8, 0x0, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x2000000000000158, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = fcntl$getown(r1, 0x9)
setresuid(0x0, 0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, r9, 0x0, 0x0)

3.274843919s ago: executing program 1 (id=1409):
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000000c00)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000000)={r2, 0x0, 0x1, 0x0, 0x3})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x2400, 0x2e)
lseek(r3, 0x101, 0x1)
getdents64(r3, 0x0, 0x6d0821ca1fc60d2f)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='host1x_channel_submit_complete\x00', r0}, 0x18)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
r4 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
ioctl$VIDIOC_TRY_EXT_CTRLS(r4, 0xc0205647, &(0x7f00000001c0)={0x980000, 0x1, 0x7, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}})
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000f7d47101287454e172357f372bafc4"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="180100002020642500000000002020207a1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000700000085000000060000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, 0x0, r5, 0x8, &(0x7f0000000080)={0x0, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0)
connect$unix(r6, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
r10 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r10, 0x29, 0x40, 0x0, 0x0)

3.214658002s ago: executing program 1 (id=1410):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@union={0x8, 0x5, 0x0, 0x5, 0x1, 0x2, [{0x5, 0x4, 0x54f8}, {0xb, 0x5, 0x10001}, {0x2, 0x3, 0x885}, {0x8, 0x0, 0x70c5}, {0xe, 0x5, 0x4}]}]}}, 0x0, 0x62, 0x0, 0x1, 0x3, 0x10000, @value}, 0x28)
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
r1 = syz_io_uring_setup(0x64d, &(0x7f0000000c40)={0x0, 0x9607, 0x10000, 0x0, 0x148}, &(0x7f0000000cc0), &(0x7f0000000d00))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xd, &(0x7f0000001c80)={0x1, 0x0, 0x0, &(0x7f0000001c00)=[{0x0}], &(0x7f0000001c40)=[0x8]}, 0x20)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, <r4=>0x0})
syz_pidfd_open(r4, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
pselect6(0x40, &(0x7f0000000300)={0x10000, 0xa, 0xa6b, 0x8, 0x3, 0x1, 0xfffffffffffffffe, 0x8}, &(0x7f0000000340)={0x6, 0x9, 0x6, 0x100, 0x4, 0x5, 0xfffffffffffffc01, 0x2}, &(0x7f0000000380)={0x1, 0x100000000, 0xffff, 0x419, 0x0, 0x9, 0x9e7, 0x8000000000000001}, &(0x7f00000003c0)={0x0, 0x3938700}, &(0x7f0000000480)={&(0x7f0000000400)={[0x5]}, 0x8})
r5 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$binder(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x2000000)
socket(0x848000000015, 0x805, 0x0)
r6 = socket(0x1000000000000010, 0x80802, 0x0)
bind$netlink(r6, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYRES32=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x10000000}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'sit0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}, 0x0, r9})

2.599970257s ago: executing program 1 (id=1411):
r0 = socket$inet6(0xa, 0x3, 0x3a)
socket(0x28, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x48000, 0x0)
ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000080))
syz_emit_ethernet(0x66, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "000002", 0x30, 0x3a, 0x0, @remote, @local, {[], @pkt_toobig={0x8, 0x2, 0x0, 0x0, {0x0, 0x6, "00f210", 0x0, 0x11, 0x0, @local, @mcast1}}}}}}}, 0x0)

2.513276772s ago: executing program 1 (id=1412):
r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
modify_ldt$write2(0x11, &(0x7f0000000000)={0xffffffff, 0x20001000, 0x2000, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1}, 0x10)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000200)={0x2020}, 0x2020)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$SNDCTL_TMR_CONTINUE(r1, 0x5404)
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r4, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
recvmsg$can_raw(r0, &(0x7f0000002b40)={&(0x7f0000002340)=@pptp, 0x80, &(0x7f00000029c0)=[{&(0x7f00000000c0)=""/23, 0x17}, {&(0x7f00000023c0)=""/232, 0xe8}, {&(0x7f00000024c0)=""/130, 0x82}, {&(0x7f0000002580)=""/255, 0xff}, {&(0x7f0000002680)=""/197, 0xc5}, {&(0x7f0000002780)=""/63, 0x3f}, {&(0x7f00000027c0)=""/160, 0xa0}, {&(0x7f0000002880)=""/122, 0x7a}, {&(0x7f0000002900)=""/150, 0x96}], 0x9, &(0x7f0000002a80)=""/159, 0x9f}, 0x100)
close_range(r2, 0xffffffffffffffff, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$rose(r5, 0x104, 0x4, 0x0, &(0x7f0000000180)=0x37)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000180)='tmpfs\x00', 0x2200890, 0x0)
pread64(r0, &(0x7f0000002240)=""/237, 0xfdef, 0x4eb)
r6 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
sendmsg$NL80211_CMD_CONNECT(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002b80)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="050000000000fedbdf251200000008000300", @ANYBLOB="25000600080211000001000010009d00aa4111a37f6270417eed804c000010000000fd0f05000600"], 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x24000000)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000002000010027bd7000000000000a100800000000041600000014000200fc02000000000000000000000000000114000100200100"/66], 0x44}, 0x1, 0x0, 0x0, 0x91}, 0x40000)
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB='\\\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="00000000000000003c0012800b000100697036746e6c00002c000280140003002001000000000000000000000000000114000200fc0200"/68], 0x5c}}, 0x0)

2.466032375s ago: executing program 1 (id=1413):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@union={0x8, 0x5, 0x0, 0x5, 0x1, 0x2, [{0x5, 0x4, 0x54f8}, {0xb, 0x5, 0x10001}, {0x2, 0x3, 0x885}, {0x8, 0x0, 0x70c5}, {0xe, 0x5, 0x4}]}]}}, 0x0, 0x62, 0x0, 0x1, 0x3, 0x10000, @value}, 0x28)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
r1 = syz_io_uring_setup(0x64d, &(0x7f0000000c40)={0x0, 0x9607, 0x10000, 0x0, 0x148}, &(0x7f0000000cc0), &(0x7f0000000d00))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xd, &(0x7f0000001c80)={0x1, 0x0, 0x0, &(0x7f0000001c00)=[{0x0}], &(0x7f0000001c40)=[0x8]}, 0x20)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, <r4=>0x0})
syz_pidfd_open(r4, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
pselect6(0x40, &(0x7f0000000300)={0x10000, 0xa, 0xa6b, 0x8, 0x3, 0x1, 0xfffffffffffffffe, 0x8}, &(0x7f0000000340)={0x6, 0x9, 0x6, 0x100, 0x4, 0x5, 0xfffffffffffffc01, 0x2}, &(0x7f0000000380)={0x1, 0x100000000, 0xffff, 0x419, 0x0, 0x9, 0x9e7, 0x8000000000000001}, &(0x7f00000003c0)={0x0, 0x3938700}, &(0x7f0000000480)={&(0x7f0000000400)={[0x5]}, 0x8})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$binder(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x2000000)
socket(0x848000000015, 0x805, 0x0)
r6 = socket(0x1000000000000010, 0x80802, 0x0)
bind$netlink(r6, &(0x7f0000000440)={0x10, 0x0, 0x0, 0x100000}, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYRES32=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x10000000}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'sit0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}, 0x0, r9})

1.920104811s ago: executing program 3 (id=1414):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newnexthop={0x2c, 0x68, 0x1, 0x100003, 0x25dfdbfe, {}, [@NHA_GROUP={0xc, 0x2, [{0x1, 0x15}]}, @NHA_GROUP_TYPE={0x6, 0x3, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)

1.855886343s ago: executing program 3 (id=1415):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xe, &(0x7f0000000000)=0xffe, 0x4)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x18d)
r3 = fanotify_init(0x8, 0x80000)
fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = open(&(0x7f0000000580)='./file1\x00', 0x80242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x4, 0x180, 0x20ff, 0x5, 0x89, 0xd615, 0x9, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)

1.720610037s ago: executing program 3 (id=1416):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2, 0x17, 0x4, 0x0, 0x15, 0x0, 0x70bd2d, 0x25dfdbfb, [@sadb_key={0x13, 0x8, 0x470, 0x0, "d65db97e661ca8e755b53483a60d689d9706974e893fd09cf65d7125ac7647837d1ec7521b18019b190fe1da432ee2ec3cdfd0c8d71e7e76f5a8594dce9a8978c29fa93416c47c605ecd3d3fd7e2602864ccbdd881b2fc7cf66f6e53f9d7d4070b4271537155f3e8510b84e8fdc7bbaea8f51536f4d8c8d430c0f1a2d6e60a5009a8079d8f395ac4085b3e9dc764"}]}, 0xa8}}, 0x20000004)

1.658382168s ago: executing program 3 (id=1417):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)

1.53884088s ago: executing program 3 (id=1418):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r1 = dup(r0)
r2 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r2, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72828f72", {0x1, 0x1, 0x1000, 0x2, 0x5}})
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0x20, &(0x7f0000000140)=ANY=[@ANYBLOB="0c00004e1560254722cb66187f3b68d00c08004e"])
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
r5 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r5, 0x402, 0x8000003d)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x0, 0x1000000d)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
fallocate(r6, 0x0, 0x0, 0x9000f3)

1.537690387s ago: executing program 4 (id=1419):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x64, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, r1, 0x800, 0x55007}, [@IFLA_LINKINFO={0x44, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x34, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x2}, @IFLA_BR_MCAST_STARTUP_QUERY_INTVL={0xc, 0x23, 0x1}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}, @IFLA_BR_NF_CALL_IPTABLES={0x5, 0x24, 0x1}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r7, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x1, 0x70bd2b, 0x0, {0x2, 0x0, 0x20, 0x4}, [@FRA_SRC={0x8, 0x2, @multicast1}]}, 0x24}, 0x1, 0x0, 0x0, 0x20048055}, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00!'], 0x28}}, 0x0)
r10 = dup(r7)
write$FUSE_BMAP(r10, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r10, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r6}, 0x2c, {'wfdno', 0x3d, r10}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r11 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r12 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r12, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r11, 0xc0502100, &(0x7f0000000380))
write$UHID_INPUT(r11, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006)
sendmsg$NL80211_CMD_GET_WOWLAN(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000440)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0103000000000000000005"], 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x0)

1.286154965s ago: executing program 1 (id=1420):
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000680)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000100)='contention_end\x00', r2, 0x0, 0x100000200000000}, 0x18)
r3 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r3, 0x29, 0xcb, &(0x7f0000000140)={0xffffffffffffffff, 0x1, 0x40, 0x0, 0xe0}, 0xc)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r4}, 0xc)
r5 = syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r8 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r8, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r9 = socket$inet_sctp(0x2, 0x5, 0x84)
chdir(0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r9, 0x0, 0x482, &(0x7f0000000180)=""/172, &(0x7f0000000380)=0xac)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
syz_io_uring_setup(0x375, 0x0, 0x0, 0x0)
io_uring_enter(r5, 0x3516, 0x0, 0x4, 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r10, 0x4068aea3, &(0x7f0000000500)={0xbe, 0x0, 0x1})

958.905336ms ago: executing program 0 (id=1421):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x48, 0x48, 0x2, [@union={0x8, 0x5, 0x0, 0x5, 0x1, 0x2, [{0x5, 0x4, 0x54f8}, {0xb, 0x5, 0x10001}, {0x2, 0x3, 0x885}, {0x8, 0x0, 0x70c5}, {0xe, 0x5, 0x4}]}]}}, 0x0, 0x62, 0x0, 0x1, 0x3, 0x10000, @value}, 0x28)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4}, &(0x7f0000bbdffc))
r1 = syz_io_uring_setup(0x64d, 0x0, &(0x7f0000000cc0), &(0x7f0000000d00))
io_uring_register$IORING_REGISTER_FILES2(r1, 0xd, &(0x7f0000001c80)={0x1, 0x0, 0x0, &(0x7f0000001c00)=[{0x0}], &(0x7f0000001c40)=[0x8]}, 0x20)
openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, <r4=>0x0})
syz_pidfd_open(r4, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
pselect6(0x40, &(0x7f0000000300)={0x10000, 0xa, 0xa6b, 0x8, 0x3, 0x1, 0xfffffffffffffffe, 0x8}, &(0x7f0000000340)={0x6, 0x9, 0x6, 0x100, 0x4, 0x5, 0xfffffffffffffc01, 0x2}, &(0x7f0000000380)={0x1, 0x100000000, 0xffff, 0x419, 0x0, 0x9, 0x9e7, 0x8000000000000001}, &(0x7f00000003c0)={0x0, 0x3938700}, &(0x7f0000000480)={&(0x7f0000000400)={[0x5]}, 0x8})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="020000000400000008000000010000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32], 0x50)
r5 = openat(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mmap$binder(&(0x7f0000bdf000/0x1000)=nil, 0x1000, 0x1, 0x11, r5, 0x2000000)
socket(0x848000000015, 0x805, 0x0)
r6 = socket(0x1000000000000010, 0x80802, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYRES32=r0], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x10000000}, 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000000)=r7, 0x4)
r8 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'sit0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r8, 0x8918, &(0x7f0000000080)={@loopback={0x0, 0xff00}, 0x0, r9})

957.857116ms ago: executing program 2 (id=1422):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, 0x0, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000000580)=""/102400, 0x19000)
pipe2(&(0x7f0000000000)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
write$P9_RGETLOCK(r4, 0x0, 0xffffff6a)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
tee(r3, r6, 0xfffffffffffffc03, 0x0)
recvmmsg(r0, &(0x7f000001a800)=[{{&(0x7f00000000c0)=@sco={0x1f, @fixed}, 0x80, &(0x7f000001a580)=[{&(0x7f0000000300)=""/179, 0xb3}, {&(0x7f0000000040)=""/35, 0x23}, {&(0x7f00000003c0)=""/30, 0x1e}, {&(0x7f0000000400)=""/180, 0xb4}, {&(0x7f0000019580)=""/4096, 0x1000}, {&(0x7f00000004c0)=""/152, 0x98}], 0x6, &(0x7f000001a880)=""/20, 0x14}, 0x2}, {{&(0x7f000001a640)=@can, 0x80, &(0x7f000001a740)=[{&(0x7f000001a6c0)=""/106, 0x6a}], 0x1, &(0x7f000001a780)=""/125, 0x7d}, 0x5}], 0x2, 0x2, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r7 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f0000000240), 0x4)

0s ago: executing program 0 (id=1423):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b7"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r1, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000280)="b9ff03076804268c989e14f088a8", 0x0, 0x2700, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

kernel console output (not intermixed with test programs):

 3-1: new high-speed USB device number 18 using dummy_hcd
[  355.140097][ T5860] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  355.160001][    T9] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  355.177848][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.194576][    T9] usb 3-1: Product: syz
[  355.202184][    T9] usb 3-1: Manufacturer: syz
[  355.212178][    T9] usb 3-1: SerialNumber: syz
[  355.229581][    T9] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  355.249578][ T5858] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  355.305026][ T5860] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  355.424335][ T5860] usb 1-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  355.435364][ T5860] usb 1-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  355.697085][ T5816] usb 5-1: USB disconnect, device number 17
[  355.738236][ T5860] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  355.784379][ T5860] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.840841][   T30] audit: type=1400 audit(1746194394.660:340): avc:  denied  { create } for  pid=8997 comm="syz.4.873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  355.844386][ T9000] netlink: 'syz.4.873': attribute type 4 has an invalid length.
[  356.016231][ T5860] ath6kl: Failed to submit usb control message: -71
[  356.023986][ T5860] ath6kl: unable to send the bmi data to the device: -71
[  356.031475][ T5860] ath6kl: Unable to send get target info: -71
[  356.039030][ T5860] ath6kl: Failed to init ath6kl core: -71
[  356.045994][ T5860] ath6kl_usb 1-1:4.0: probe with driver ath6kl_usb failed with error -71
[  356.073962][ T5860] usb 1-1: USB disconnect, device number 16
[  356.723897][ T9015] overlayfs: conflicting lowerdir path
[  356.750756][ T5858] usb 3-1: Service connection timeout for: 256
[  356.763343][ T5858] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  356.772731][ T9016] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  356.812566][ T5858] ath9k_htc: Failed to initialize the device
[  357.099504][ T5858] usb 3-1: ath9k_htc: USB layer deinitialized
[  357.234779][   T83] usb 3-1: USB disconnect, device number 18
[  358.453409][   T30] audit: type=1400 audit(1746194397.270:341): avc:  denied  { read write } for  pid=9038 comm="syz.2.882" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  358.718473][   T30] audit: type=1400 audit(1746194397.270:342): avc:  denied  { open } for  pid=9038 comm="syz.2.882" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  359.051473][   T30] audit: type=1400 audit(1746194397.300:343): avc:  denied  { map } for  pid=9038 comm="syz.2.882" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  359.267278][   T30] audit: type=1400 audit(1746194398.090:344): avc:  denied  { ioctl } for  pid=9038 comm="syz.2.882" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  359.908548][   T30] audit: type=1400 audit(1746194398.720:345): avc:  denied  { connect } for  pid=9065 comm="syz.0.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  359.956680][   T30] audit: type=1400 audit(1746194398.720:346): avc:  denied  { ioctl } for  pid=9065 comm="syz.0.891" path="socket:[21539]" dev="sockfs" ino=21539 ioctlcmd=0xb100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  359.991817][   T30] audit: type=1400 audit(1746194398.720:347): avc:  denied  { write } for  pid=9065 comm="syz.0.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  360.014561][   T30] audit: type=1400 audit(1746194398.720:348): avc:  denied  { nlmsg_read } for  pid=9065 comm="syz.0.891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  360.035381][   T30] audit: type=1400 audit(1746194398.730:349): avc:  denied  { name_connect } for  pid=9061 comm="syz.4.888" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  360.055362][    C0] vkms_vblank_simulate: vblank timer overrun
[  360.143356][    T9] usb 1-1: new full-speed USB device number 17 using dummy_hcd
[  360.226195][ T9078] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  360.235314][ T9078] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  360.244141][ T9078] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  360.253292][ T9078] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  360.283629][ T9078] vxlan0: entered promiscuous mode
[  360.292343][ T9078] vxlan0: entered allmulticast mode
[  360.332233][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  360.352947][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  360.388134][    T9] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  360.407537][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  360.423728][ T5858] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  360.451244][    T9] usb 1-1: config 0 descriptor??
[  360.761101][   T83] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  360.777080][ T5858] usb 3-1: device descriptor read/64, error -71
[  360.822805][ T9066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  360.851155][ T9066] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  360.962793][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  360.998608][    T9] usbhid 1-1:0.0: can't add hid device: -71
[  361.006331][    T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  361.016417][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.028413][   T83] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  361.043817][   T83] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.067499][    T9] usb 1-1: USB disconnect, device number 17
[  361.083150][   T83] usb 4-1: config 0 descriptor??
[  361.111794][ T9098] Driver unsupported XDP return value 0 on prog  (id 183) dev N/A, expect packet loss!
[  361.124501][ T5858] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  361.546197][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  361.546213][   T30] audit: type=1400 audit(1746194400.370:351): avc:  denied  { ioctl } for  pid=9084 comm="syz.3.897" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  361.577300][    C0] vkms_vblank_simulate: vblank timer overrun
[  361.599277][   T83] usbhid 4-1:0.0: can't add hid device: -71
[  361.627916][ T5858] usb 3-1: Using ep0 maxpacket: 16
[  361.640097][   T83] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  361.755465][   T83] usb 4-1: USB disconnect, device number 14
[  362.129031][   T30] audit: type=1400 audit(1746194400.560:352): avc:  denied  { setattr } for  pid=9097 comm="syz.4.903" name="PACKET" dev="sockfs" ino=21659 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  362.152799][ T5858] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.162979][ T5858] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  362.202057][ T5858] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  362.230462][ T5858] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.243337][ T5858] usb 3-1: Product: syz
[  362.247537][ T5858] usb 3-1: Manufacturer: syz
[  362.252151][ T5858] usb 3-1: SerialNumber: syz
[  362.275474][ T9109] netlink: 28 bytes leftover after parsing attributes in process `syz.4.906'.
[  362.309220][   T30] audit: type=1400 audit(1746194401.130:353): avc:  denied  { mount } for  pid=9110 comm="syz.0.904" name="/" dev="autofs" ino=21681 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  362.337157][ T9111] FAULT_INJECTION: forcing a failure.
[  362.337157][ T9111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  362.372675][ T9111] CPU: 0 UID: 0 PID: 9111 Comm: syz.0.904 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  362.372706][ T9111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  362.372717][ T9111] Call Trace:
[  362.372722][ T9111]  <TASK>
[  362.372729][ T9111]  dump_stack_lvl+0x16c/0x1f0
[  362.372756][ T9111]  should_fail_ex+0x512/0x640
[  362.372782][ T9111]  _copy_to_user+0x32/0xd0
[  362.372809][ T9111]  simple_read_from_buffer+0xcb/0x170
[  362.372835][ T9111]  proc_fail_nth_read+0x197/0x270
[  362.372862][ T9111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.372888][ T9111]  ? rw_verify_area+0xcf/0x680
[  362.372909][ T9111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  362.372934][ T9111]  vfs_read+0x1de/0xc70
[  362.372960][ T9111]  ? __pfx___mutex_lock+0x10/0x10
[  362.372982][ T9111]  ? __pfx_vfs_read+0x10/0x10
[  362.373013][ T9111]  ? __fget_files+0x20e/0x3c0
[  362.373046][ T9111]  ksys_read+0x12a/0x240
[  362.373069][ T9111]  ? __pfx_ksys_read+0x10/0x10
[  362.373100][ T9111]  do_syscall_64+0xcd/0x260
[  362.373124][ T9111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.373142][ T9111] RIP: 0033:0x7fa9bab8d37c
[  362.373157][ T9111] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  362.373173][ T9111] RSP: 002b:00007fa9bb94a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  362.373189][ T9111] RAX: ffffffffffffffda RBX: 00007fa9badb5fa0 RCX: 00007fa9bab8d37c
[  362.373200][ T9111] RDX: 000000000000000f RSI: 00007fa9bb94a0a0 RDI: 0000000000000005
[  362.373210][ T9111] RBP: 00007fa9bb94a090 R08: 0000000000000000 R09: 0000000000000000
[  362.373219][ T9111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  362.373228][ T9111] R13: 0000000000000000 R14: 00007fa9badb5fa0 R15: 00007ffc6801d278
[  362.373249][ T9111]  </TASK>
[  362.586513][   T30] audit: type=1400 audit(1746194401.410:354): avc:  denied  { unmount } for  pid=5810 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  362.744775][   T30] audit: type=1400 audit(1746194401.570:355): avc:  denied  { bind } for  pid=9121 comm="syz.4.911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  362.765440][ T9122] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  362.773110][ T9122] audit: out of memory in audit_log_start
[  362.784192][ T9122] Bluetooth: MGMT ver 1.23
[  362.797553][ T9089] netlink: 32 bytes leftover after parsing attributes in process `syz.2.899'.
[  362.840690][ T5858] usb 3-1: 0:2 : does not exist
[  362.899237][ T5858] usb 3-1: USB disconnect, device number 20
[  362.983341][   T30] audit: type=1400 audit(1746194401.780:356): avc:  denied  { sqpoll } for  pid=9125 comm="syz.4.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  363.416674][ T8204] udevd[8204]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  366.263359][   T83] usb 4-1: new full-speed USB device number 15 using dummy_hcd
[  366.461113][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  366.508727][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  366.637736][   T83] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  366.723380][   T83] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.774451][   T83] usb 4-1: config 0 descriptor??
[  366.899562][ T9176] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.929'.
[  367.503580][ T5858] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  367.658226][   T83] usbhid 4-1:0.0: can't add hid device: -71
[  367.672945][   T83] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  367.691443][   T83] usb 4-1: USB disconnect, device number 15
[  367.823341][ T5858] usb 5-1: Using ep0 maxpacket: 16
[  367.830027][ T5858] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  367.844067][ T5858] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  367.869087][ T5858] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  367.878778][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.889407][ T5858] usb 5-1: Product: syz
[  367.896473][ T5858] usb 5-1: Manufacturer: syz
[  367.917872][ T5858] usb 5-1: SerialNumber: syz
[  367.994808][    T9] usb 1-1: new full-speed USB device number 18 using dummy_hcd
[  368.165325][    T9] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  368.173704][    T9] usb 1-1: config 0 has no interface number 0
[  368.182809][    T9] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  368.192228][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.200697][    T9] usb 1-1: Product: syz
[  368.205495][    T9] usb 1-1: Manufacturer: syz
[  368.210195][    T9] usb 1-1: SerialNumber: syz
[  368.219558][    T9] usb 1-1: config 0 descriptor??
[  368.367467][   T83] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  368.603582][   T83] usb 2-1: Using ep0 maxpacket: 16
[  368.611315][   T83] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.630062][   T83] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  368.642607][   T83] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  368.654823][   T83] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  368.667140][ T5858] usb 5-1: 0:2 : does not exist
[  368.752601][   T83] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  368.918567][   T83] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  369.003757][   T83] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  369.014907][ T5858] usb 5-1: USB disconnect, device number 18
[  369.029325][   T83] usb 2-1: Manufacturer: syz
[  369.056609][   T83] usb 2-1: config 0 descriptor??
[  369.088544][ T8193] udevd[8193]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  369.544540][   T83] rc_core: IR keymap rc-hauppauge not found
[  369.556790][   T83] Registered IR keymap rc-empty
[  369.567409][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  369.594583][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  369.893349][ T9224] overlayfs: missing 'lowerdir'
[  369.925247][   T83] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  369.957568][   T83] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input5
[  369.983406][   T30] audit: type=1400 audit(1746194408.800:357): avc:  denied  { read } for  pid=5170 comm="acpid" name="event4" dev="devtmpfs" ino=2927 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  370.005849][    C1] vkms_vblank_simulate: vblank timer overrun
[  370.021049][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.073501][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.088359][   T30] audit: type=1400 audit(1746194408.810:358): avc:  denied  { open } for  pid=5170 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2927 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  370.113931][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.133348][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.153003][   T30] audit: type=1400 audit(1746194408.810:359): avc:  denied  { ioctl } for  pid=5170 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2927 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  370.184322][ T5816] usb 4-1: new full-speed USB device number 16 using dummy_hcd
[  370.197222][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.223415][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.243524][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.274211][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.304919][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.353543][   T83] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  370.367872][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  370.380443][ T5816] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  370.402416][   T83] mceusb 2-1:0.0: Registered  with mce emulator interface version 0
[  370.425284][   T83] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  370.443041][ T5816] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  370.643805][   T30] audit: type=1400 audit(1746194409.290:360): avc:  denied  { create } for  pid=9238 comm="syz.2.952" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  370.745077][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.793810][ T5858] usb 1-1: USB disconnect, device number 18
[  370.794382][ T5816] usb 4-1: config 0 descriptor??
[  371.216950][ T9221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  371.233860][ T9221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  371.301638][ T5816] usbhid 4-1:0.0: can't add hid device: -71
[  371.319018][ T5816] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  371.331972][   T83] usb 2-1: USB disconnect, device number 22
[  371.383527][ T5816] usb 4-1: USB disconnect, device number 16
[  373.169558][ T9282] netlink: 130984 bytes leftover after parsing attributes in process `syz.2.965'.
[  373.806955][   T30] audit: type=1326 audit(1746194412.630:361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9293 comm="syz.4.970" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb2bad8e969 code=0x0
[  373.855605][   T83] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  374.095457][   T83] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  374.103758][   T83] usb 4-1: config 0 has no interface number 0
[  374.111797][   T83] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  374.121018][   T83] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.130801][   T83] usb 4-1: Product: syz
[  374.183297][   T83] usb 4-1: Manufacturer: syz
[  374.183606][ T5858] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  374.187931][   T83] usb 4-1: SerialNumber: syz
[  374.209116][   T30] audit: type=1400 audit(1746194413.030:362): avc:  denied  { write } for  pid=5167 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.259244][   T83] usb 4-1: config 0 descriptor??
[  374.262026][   T30] audit: type=1400 audit(1746194413.030:363): avc:  denied  { remove_name } for  pid=5167 comm="syslogd" name="messages" dev="tmpfs" ino=7 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.310743][   T30] audit: type=1400 audit(1746194413.030:364): avc:  denied  { add_name } for  pid=5167 comm="syslogd" name="messages.0" dev="tmpfs" ino=3 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.417753][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  374.429073][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.438965][ T5858] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  374.449905][ T5858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.459919][ T5858] usb 1-1: config 0 descriptor??
[  374.465087][ T5816] usb 2-1: new full-speed USB device number 23 using dummy_hcd
[  374.843780][ T5816] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  374.863879][ T5816] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.870006][ T5858] usbhid 1-1:0.0: can't add hid device: -71
[  374.879576][ T5816] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  374.890232][ T5816] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.904410][ T5816] usb 2-1: config 0 descriptor??
[  374.929632][ T5858] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  374.961900][ T5858] usb 1-1: USB disconnect, device number 19
[  375.286193][   T83] usb 4-1: Firmware version (0.0) predates our first public release.
[  375.373096][   T83] usb 4-1: Please update to version 0.2 or newer
[  375.440937][   T83] usb 4-1: USB disconnect, device number 17
[  375.460451][ T5816] usbhid 2-1:0.0: can't add hid device: -71
[  375.488311][ T5816] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  375.658055][ T5816] usb 2-1: USB disconnect, device number 23
[  377.473797][ T9348] netlink: 'syz.1.985': attribute type 10 has an invalid length.
[  377.513562][ T5816] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  377.663346][    T9] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  377.710689][ T5816] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  377.722243][ T5816] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.732789][ T5816] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  377.742029][ T5816] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.757049][ T5816] hub 4-1:4.0: USB hub found
[  377.783624][   T83] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  377.845057][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  377.863333][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.877591][    T9] usb 5-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  377.890304][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.944499][    T9] usb 5-1: config 0 descriptor??
[  377.945817][   T83] usb 2-1: config 16 has an invalid interface number: 168 but max is 0
[  378.205319][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.215193][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.221823][ T5816] hub 4-1:4.0: 26 ports detected
[  378.240542][ T5816] usb 4-1: selecting invalid altsetting 1
[  378.246620][   T83] usb 2-1: config 16 has no interface number 0
[  378.252846][   T83] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  378.264711][ T5816] hub 4-1:4.0: Using single TT (err -22)
[  378.270527][   T83] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  378.288370][ T5816] hub 4-1:4.0: insufficient power available to use all downstream ports
[  378.296869][   T83] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  378.308869][   T83] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.236846][   T83] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5
[  379.270053][   T83] usb 2-1: USB disconnect, device number 24
[  379.292122][ T5816] hub 4-1:4.0: hub_hub_status failed (err = -71)
[  379.299409][ T5816] hub 4-1:4.0: config failed, can't get hub status (err -71)
[  379.315085][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  379.381902][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  379.396631][ T5816] usb 4-1: USB disconnect, device number 18
[  379.426918][    T9] usb 5-1: USB disconnect, device number 19
[  380.063573][ T5816] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  380.574644][ T5816] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  380.604701][ T5816] usb 3-1: config 0 has no interface number 0
[  380.635223][ T5816] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  380.660534][ T5816] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.684179][ T5816] usb 3-1: Product: syz
[  380.688378][ T5816] usb 3-1: Manufacturer: syz
[  381.742210][ T5816] usb 3-1: SerialNumber: syz
[  381.796864][ T5816] usb 3-1: config 0 descriptor??
[  382.013530][   T83] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  382.362144][   T83] usb 4-1: Using ep0 maxpacket: 16
[  382.524350][   T83] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  382.560206][   T83] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  382.591080][   T83] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  382.613549][   T83] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.621669][   T83] usb 4-1: Product: syz
[  382.626640][   T83] usb 4-1: Manufacturer: syz
[  382.631752][   T83] usb 4-1: SerialNumber: syz
[  383.115511][ T5816] usb 3-1: Firmware version (0.0) predates our first public release.
[  383.136945][ T5816] usb 3-1: Please update to version 0.2 or newer
[  383.192715][ T9411] netlink: 'syz.1.1004': attribute type 10 has an invalid length.
[  383.205495][ T5816] usb 3-1: USB disconnect, device number 21
[  383.503999][ T9394] netlink: 32 bytes leftover after parsing attributes in process `syz.3.999'.
[  383.536049][   T93] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  383.703330][   T83] usb 4-1: 0:2 : does not exist
[  383.759288][   T83] usb 4-1: USB disconnect, device number 19
[  383.780179][   T93] usb 2-1: config 16 has an invalid interface number: 168 but max is 0
[  383.817807][   T93] usb 2-1: config 16 has no interface number 0
[  383.837203][   T93] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  383.873413][   T93] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.887782][ T9422] overlayfs: conflicting lowerdir path
[  383.903436][   T93] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  383.912516][   T93] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.937320][ T9423] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  383.987867][   T93] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5
[  385.173394][ T5862] usb 2-1: USB disconnect, device number 25
[  386.082408][ T5862] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  386.246432][ T5862] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  386.266940][ T5862] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  386.325555][ T5862] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  386.544740][   T93] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  386.568755][ T5862] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  386.653348][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.739629][   T93] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  386.766464][   T93] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  386.778993][   T93] usb 2-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  386.779038][   T93] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  386.779059][   T93] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.900795][ T5862] ath6kl: Failed to submit usb control message: -71
[  386.919193][ T5862] ath6kl: unable to send the bmi data to the device: -71
[  386.926704][ T5862] ath6kl: Unable to send get target info: -71
[  386.944010][ T5862] ath6kl: Failed to init ath6kl core: -71
[  386.951262][ T5862] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71
[  386.973355][   T83] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  386.996507][ T5862] usb 4-1: USB disconnect, device number 20
[  387.006670][   T93] ath6kl: Failed to submit usb control message: -71
[  387.020874][   T93] ath6kl: unable to send the bmi data to the device: -71
[  387.049832][   T93] ath6kl: Unable to send get target info: -71
[  387.076434][   T93] ath6kl: Failed to init ath6kl core: -71
[  387.121544][   T93] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71
[  387.152292][   T83] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  387.386617][   T83] usb 3-1: config 0 has no interface number 0
[  387.404028][   T93] usb 2-1: USB disconnect, device number 26
[  387.620988][   T83] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  387.721969][   T83] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.850789][   T83] usb 3-1: Product: syz
[  387.900579][   T83] usb 3-1: Manufacturer: syz
[  387.956481][   T83] usb 3-1: SerialNumber: syz
[  387.981780][   T83] usb 3-1: config 0 descriptor??
[  388.208580][ T9479] netlink: 'syz.1.1025': attribute type 10 has an invalid length.
[  388.263408][   T93] usb 4-1: new full-speed USB device number 21 using dummy_hcd
[  388.346715][    T9] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  388.413610][   T93] usb 4-1: device descriptor read/64, error -71
[  388.573771][    T9] usb 5-1: Using ep0 maxpacket: 16
[  388.628960][    T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  388.639429][    T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  388.666917][    T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  388.683255][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.691340][    T9] usb 5-1: Product: syz
[  388.703363][   T93] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  388.703374][    T9] usb 5-1: Manufacturer: syz
[  388.703391][    T9] usb 5-1: SerialNumber: syz
[  388.724663][ T5862] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  388.740523][   T83] usb 3-1: Firmware version (0.0) predates our first public release.
[  388.767610][   T83] usb 3-1: Please update to version 0.2 or newer
[  388.818194][   T83] usb 3-1: USB disconnect, device number 22
[  388.903789][   T93] usb 4-1: device descriptor read/64, error -71
[  388.932044][ T5862] usb 2-1: config 16 has an invalid interface number: 168 but max is 0
[  388.941283][ T5862] usb 2-1: config 16 has no interface number 0
[  388.947547][ T5862] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  388.959445][ T5862] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.969564][ T5862] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  388.978853][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.996288][ T5862] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5
[  389.013821][   T93] usb usb4-port1: attempt power cycle
[  389.363275][   T93] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  390.435361][ T5858] usb 2-1: USB disconnect, device number 27
[  390.444043][   T93] usb 4-1: device descriptor read/8, error -71
[  390.452776][ T9477] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1024'.
[  390.492429][    T9] usb 5-1: 0:2 : does not exist
[  390.522367][    T9] usb 5-1: USB disconnect, device number 20
[  390.703432][   T93] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  390.883994][   T93] usb 4-1: device descriptor read/8, error -71
[  391.094266][   T93] usb usb4-port1: unable to enumerate USB device
[  391.891901][ T9523] overlayfs: conflicting lowerdir path
[  391.942880][ T9526] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  391.973318][   T93] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  392.155309][   T93] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  392.166531][   T93] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.176313][   T93] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  392.185568][   T93] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.195269][   T93] usb 2-1: config 0 descriptor??
[  392.403460][   T83] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  392.431568][   T93] usbhid 2-1:0.0: can't add hid device: -71
[  392.438880][   T93] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  392.450215][   T93] usb 2-1: USB disconnect, device number 28
[  392.566433][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  392.577537][   T83] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  392.590283][   T83] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  392.599560][   T83] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  392.610426][   T83] usb 4-1: config 0 descriptor??
[  393.155946][   T83] usbhid 4-1:0.0: can't add hid device: -71
[  393.176891][   T83] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  393.221327][   T83] usb 4-1: USB disconnect, device number 25
[  393.243602][ T9540] netlink: 'syz.1.1045': attribute type 10 has an invalid length.
[  393.484002][ T9538] netlink: 'syz.2.1044': attribute type 1 has an invalid length.
[  393.923536][   T93] usb 2-1: new full-speed USB device number 29 using dummy_hcd
[  393.941098][ T9538] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1044'.
[  394.106941][   T93] usb 2-1: config 16 has an invalid interface number: 168 but max is 0
[  394.164085][   T93] usb 2-1: config 16 has no interface number 0
[  394.229843][   T93] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  394.268959][   T93] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  394.279125][   T93] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  394.289966][   T93] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  394.315231][   T93] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5
[  394.514905][ T5858] usb 2-1: USB disconnect, device number 29
[  394.622203][   T93] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  394.623129][   T30] audit: type=1400 audit(1746194433.440:365): avc:  denied  { setopt } for  pid=9562 comm="syz.3.1052" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  394.651373][   T30] audit: type=1400 audit(1746194433.480:366): avc:  denied  { read } for  pid=9562 comm="syz.3.1052" path="socket:[23651]" dev="sockfs" ino=23651 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  395.030233][   T93] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  395.065040][ T9568] overlayfs: conflicting lowerdir path
[  395.358252][   T93] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.389478][   T93] usb 5-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  395.410565][   T93] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.425928][   T93] usb 5-1: config 0 descriptor??
[  395.722587][   T93] usbhid 5-1:0.0: can't add hid device: -71
[  395.734356][   T93] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  395.751345][   T93] usb 5-1: USB disconnect, device number 21
[  396.253521][    T9] usb 4-1: new full-speed USB device number 26 using dummy_hcd
[  396.273684][   T30] audit: type=1400 audit(1746194435.090:367): avc:  denied  { create } for  pid=9587 comm="syz.0.1059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  396.305579][   T30] audit: type=1400 audit(1746194435.130:368): avc:  denied  { ioctl } for  pid=9587 comm="syz.0.1059" path="socket:[23461]" dev="sockfs" ino=23461 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  396.330631][    C0] vkms_vblank_simulate: vblank timer overrun
[  396.444773][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  396.463145][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  396.479994][    T9] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  396.489952][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.531032][    T9] usb 4-1: config 0 descriptor??
[  396.999949][ T9578] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  397.028270][ T9578] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  397.067599][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  397.074763][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  397.551423][    T9] usb 4-1: USB disconnect, device number 26
[  398.121032][ T9617] netlink: 'syz.1.1068': attribute type 10 has an invalid length.
[  398.193326][ T5858] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  398.373356][   T93] usb 2-1: new full-speed USB device number 30 using dummy_hcd
[  398.548378][ T5858] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  398.563423][   T83] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  398.590849][ T5858] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  398.622315][ T5858] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  398.625051][   T93] usb 2-1: config 16 has an invalid interface number: 168 but max is 0
[  398.648638][ T5858] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  398.657953][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.666532][   T93] usb 2-1: config 16 has no interface number 0
[  398.686848][   T93] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  398.700236][   T93] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  398.710482][   T93] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  398.744001][   T93] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.783044][   T93] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5
[  398.793313][   T83] usb 5-1: Using ep0 maxpacket: 16
[  398.799916][   T83] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  398.812107][   T83] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  398.826164][   T83] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  398.835431][   T83] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  398.843497][   T83] usb 5-1: Product: syz
[  398.847762][   T83] usb 5-1: Manufacturer: syz
[  398.852387][   T83] usb 5-1: SerialNumber: syz
[  398.926740][ T9637] FAULT_INJECTION: forcing a failure.
[  398.926740][ T9637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.941711][ T5858] ath6kl: Failed to submit usb control message: -71
[  398.943162][ T9637] CPU: 1 UID: 0 PID: 9637 Comm: syz.0.1076 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  398.943183][ T9637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  398.943195][ T9637] Call Trace:
[  398.943200][ T9637]  <TASK>
[  398.943206][ T9637]  dump_stack_lvl+0x16c/0x1f0
[  398.943231][ T9637]  should_fail_ex+0x512/0x640
[  398.943254][ T9637]  _copy_from_iter+0x2a4/0x15b0
[  398.943280][ T9637]  ? __pfx__copy_from_iter+0x10/0x10
[  398.943297][ T9637]  ? avc_has_perm_noaudit+0x149/0x3b0
[  398.943315][ T9637]  ? sock_has_perm+0x259/0x2f0
[  398.943330][ T9637]  ? __pfx_sock_has_perm+0x10/0x10
[  398.943348][ T9637]  hci_sock_sendmsg+0x46d/0x25e0
[  398.943374][ T9637]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  398.943400][ T9637]  sock_write_iter+0x4fc/0x5b0
[  398.943420][ T9637]  ? __pfx_sock_write_iter+0x10/0x10
[  398.943445][ T9637]  ? bpf_lsm_file_permission+0x9/0x10
[  398.943464][ T9637]  ? security_file_permission+0x71/0x210
[  398.943486][ T9637]  ? rw_verify_area+0xcf/0x680
[  398.943507][ T9637]  vfs_write+0x5ba/0x1180
[  398.943528][ T9637]  ? __pfx_sock_write_iter+0x10/0x10
[  398.943547][ T9637]  ? __pfx_vfs_write+0x10/0x10
[  398.943566][ T9637]  ? find_held_lock+0x2b/0x80
[  398.943596][ T9637]  ksys_write+0x205/0x240
[  398.943616][ T9637]  ? __pfx_ksys_write+0x10/0x10
[  398.943634][ T9637]  ? rcu_is_watching+0x12/0xc0
[  398.943657][ T9637]  do_syscall_64+0xcd/0x260
[  398.943677][ T9637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.943691][ T9637] RIP: 0033:0x7fa9bab8e969
[  398.943704][ T9637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.943718][ T9637] RSP: 002b:00007fa9bb94a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  398.943733][ T9637] RAX: ffffffffffffffda RBX: 00007fa9badb5fa0 RCX: 00007fa9bab8e969
[  398.943742][ T9637] RDX: 0000000000000006 RSI: 0000000000000000 RDI: 0000000000000004
[  398.943750][ T9637] RBP: 00007fa9bb94a090 R08: 0000000000000000 R09: 0000000000000000
[  398.943759][ T9637] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.943768][ T9637] R13: 0000000000000000 R14: 00007fa9badb5fa0 R15: 00007ffc6801d278
[  398.943788][ T9637]  </TASK>
[  398.989224][ T5862] usb 2-1: USB disconnect, device number 30
[  399.550101][ T9623] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1071'.
[  399.575609][   T30] audit: type=1400 audit(1746194438.390:369): avc:  denied  { ioctl } for  pid=9641 comm="syz.3.1078" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  399.577624][ T9642] adf_ctl_ioctl: 16 callbacks suppressed
[  399.577654][ T9642] QAT: Invalid ioctl 1075883590
[  399.606358][ T5858] ath6kl: unable to send the bmi data to the device: -71
[  399.672690][ T9642] QAT: Invalid ioctl 1075883590
[  399.682500][ T9642] QAT: Invalid ioctl 1075883590
[  399.687883][ T9642] QAT: Invalid ioctl 1075883590
[  399.695012][ T5858] ath6kl: Unable to send get target info: -71
[  399.701576][ T9642] QAT: Invalid ioctl 1075883590
[  399.712135][ T9642] QAT: Invalid ioctl 1075883590
[  399.726928][   T83] usb 5-1: 0:2 : does not exist
[  399.730461][   T30] audit: type=1400 audit(1746194438.390:370): avc:  denied  { set_context_mgr } for  pid=9641 comm="syz.3.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  399.858828][   T83] usb 5-1: USB disconnect, device number 22
[  399.862596][ T5858] ath6kl: Failed to init ath6kl core: -71
[  399.876842][ T9642] QAT: Invalid ioctl 1075883590
[  399.900061][ T9642] QAT: Invalid ioctl 1075883590
[  399.912835][ T9642] QAT: Invalid ioctl 1075883590
[  399.939147][ T9642] QAT: Invalid ioctl 1075883590
[  399.943331][ T5858] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  399.948519][ T8193] udevd[8193]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  400.564078][ T5858] usb 3-1: USB disconnect, device number 23
[  401.630134][ T9674] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  401.639122][ T9674] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  402.993303][ T5862] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  403.093521][ T9683] netlink: 'syz.4.1091': attribute type 10 has an invalid length.
[  403.164951][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  403.186037][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  403.198342][ T5862] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  403.226472][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.353366][   T93] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  403.499636][ T5862] usb 2-1: config 0 descriptor??
[  403.518068][   T93] usb 5-1: config 16 has an invalid interface number: 168 but max is 0
[  403.551325][   T93] usb 5-1: config 16 has no interface number 0
[  403.616553][   T93] usb 5-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  403.750143][   T93] usb 5-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  403.834730][   T93] usb 5-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  403.902735][ T9675] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  403.906207][   T93] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.962973][   T93] HFC-S_USB 5-1:16.168: probe with driver HFC-S_USB failed with error -5
[  403.975379][ T9675] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  404.067679][ T5862] usbhid 2-1:0.0: can't add hid device: -71
[  404.101420][ T5862] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  404.143691][ T5862] usb 2-1: USB disconnect, device number 31
[  404.176865][ T5816] usb 5-1: USB disconnect, device number 23
[  405.503389][ T5862] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  405.513712][ T9720] netlink: 'syz.0.1102': attribute type 1 has an invalid length.
[  405.658009][ T9727] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  405.667008][ T9727] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  406.420018][ T9720] netlink: 228 bytes leftover after parsing attributes in process `syz.0.1102'.
[  406.832909][ T5862] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  406.854927][ T5862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.862964][ T5862] usb 3-1: Product: syz
[  406.868648][ T5862] usb 3-1: Manufacturer: syz
[  406.874632][ T5862] usb 3-1: SerialNumber: syz
[  406.886748][ T5862] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  406.905597][   T93] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  407.320193][   T30] audit: type=1400 audit(1746194446.080:371): avc:  denied  { map } for  pid=9736 comm="syz.1.1107" path="/proc/675/ns" dev="proc" ino=24785 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  407.342220][    C0] vkms_vblank_simulate: vblank timer overrun
[  407.407165][ T9744] netlink: 'syz.3.1111': attribute type 10 has an invalid length.
[  407.665548][   T30] audit: type=1400 audit(1746194446.390:372): avc:  denied  { ioctl } for  pid=9733 comm="syz.4.1108" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0xe500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  407.870630][ T5862] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  407.884863][ T9755] overlay: ./bus is not a directory
[  408.025801][ T5862] usb 4-1: config 16 has an invalid interface number: 168 but max is 0
[  408.087786][ T5862] usb 4-1: config 16 has no interface number 0
[  408.108000][ T5862] usb 4-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  408.165639][ T5862] usb 4-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  408.220395][ T5862] usb 4-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  408.259533][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.267927][   T93] usb 3-1: Service connection timeout for: 256
[  408.284523][   T93] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  408.317023][ T5862] HFC-S_USB 4-1:16.168: probe with driver HFC-S_USB failed with error -5
[  408.356105][   T93] ath9k_htc: Failed to initialize the device
[  408.368848][   T93] usb 3-1: ath9k_htc: USB layer deinitialized
[  408.512787][ T5860] usb 4-1: USB disconnect, device number 27
[  409.303609][ T5860] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  409.333411][   T24] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  409.459924][ T5860] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  409.469737][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.479660][ T5860] usb 5-1: Product: syz
[  409.484663][ T5860] usb 5-1: Manufacturer: syz
[  409.489371][ T5860] usb 5-1: SerialNumber: syz
[  409.496958][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  409.507286][ T5862] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  409.525071][   T24] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  409.525937][ T5860] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  409.611352][ T5858] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  409.642367][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.658216][   T24] usb 2-1: config 0 descriptor??
[  409.667539][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  409.685363][ T5862] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  409.697295][ T5862] usb 1-1: config 1 has no interfaces?
[  409.720138][ T5862] usb 1-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  409.743594][ T5862] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.752020][ T5862] usb 1-1: Product: syz
[  409.761053][ T5862] usb 1-1: Manufacturer: syz
[  409.770685][ T5862] usb 1-1: SerialNumber: syz
[  409.979273][ T5860] usb 3-1: USB disconnect, device number 24
[  409.985472][ T5862] usb 1-1: USB disconnect, device number 20
[  410.323441][   T24] pwc: recv_control_msg error -71 req 02 val 2700
[  410.330515][   T24] pwc: recv_control_msg error -71 req 02 val 2c00
[  410.337495][   T24] pwc: recv_control_msg error -71 req 04 val 1000
[  410.355531][   T24] pwc: recv_control_msg error -71 req 04 val 1300
[  410.362859][   T24] pwc: recv_control_msg error -71 req 04 val 1400
[  410.370361][   T24] pwc: recv_control_msg error -71 req 02 val 2000
[  410.377451][   T24] pwc: recv_control_msg error -71 req 02 val 2100
[  410.385334][   T24] pwc: recv_control_msg error -71 req 04 val 1500
[  410.393697][   T24] pwc: recv_control_msg error -71 req 02 val 2500
[  410.400579][   T24] pwc: recv_control_msg error -71 req 02 val 2400
[  410.413770][   T24] pwc: recv_control_msg error -71 req 02 val 2600
[  410.426190][   T24] pwc: recv_control_msg error -71 req 02 val 2900
[  410.433099][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[  410.440313][ T9781] overlay: ./bus is not a directory
[  410.446120][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[  410.454038][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  410.465815][   T24] pwc: Registered as video103.
[  410.489459][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input6
[  410.535127][   T24] usb 2-1: USB disconnect, device number 32
[  411.031282][ T5858] usb 5-1: Service connection timeout for: 256
[  411.767924][ T5858] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  411.798857][ T5858] ath9k_htc: Failed to initialize the device
[  411.817353][ T5858] usb 5-1: ath9k_htc: USB layer deinitialized
[  412.238841][    T9] usb 5-1: USB disconnect, device number 24
[  412.256520][ T9798] adf_ctl_ioctl: 16 callbacks suppressed
[  412.256577][ T9798] QAT: Invalid ioctl 1075883590
[  412.402955][ T9798] QAT: Invalid ioctl 1075883590
[  412.509108][ T9798] QAT: Invalid ioctl 1075883590
[  412.543420][ T9798] QAT: Invalid ioctl 1075883590
[  412.560177][ T9803] QAT: Invalid ioctl 35123
[  412.589073][ T9798] QAT: Invalid ioctl 1075883590
[  412.608164][ T9798] QAT: Invalid ioctl 1075883590
[  412.613850][ T9798] QAT: Invalid ioctl 1075883590
[  412.618831][ T9798] QAT: Invalid ioctl 1075883590
[  412.624483][ T9798] QAT: Invalid ioctl 1075883590
[  412.644453][ T9805] netlink: 'syz.4.1128': attribute type 10 has an invalid length.
[  412.729659][ T9802] netlink: 'syz.1.1127': attribute type 1 has an invalid length.
[  412.747805][ T9802] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1127'.
[  412.983496][   T24] usb 5-1: new full-speed USB device number 25 using dummy_hcd
[  413.826440][   T24] usb 5-1: config 16 has an invalid interface number: 168 but max is 0
[  413.975161][   T24] usb 5-1: config 16 has no interface number 0
[  413.981406][   T24] usb 5-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  414.005060][ T9830] overlayfs: failed to resolve './file0': -2
[  414.894467][   T24] usb 5-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.926017][   T24] usb 5-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  415.028269][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.057697][   T24] HFC-S_USB 5-1:16.168: probe with driver HFC-S_USB failed with error -5
[  415.203367][ T5860] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  415.284393][   T24] usb 5-1: USB disconnect, device number 25
[  415.357297][ T5860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  415.369066][ T5860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.399333][ T5860] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  415.418945][ T5860] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.440396][ T5860] usb 4-1: config 0 descriptor??
[  415.892347][ T9835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  416.023864][ T9835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  416.063928][ T5860] usbhid 4-1:0.0: can't add hid device: -71
[  416.072466][ T5860] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  416.424463][ T5860] usb 4-1: USB disconnect, device number 28
[  416.581698][ T9861] FAULT_INJECTION: forcing a failure.
[  416.581698][ T9861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  416.599521][ T9861] CPU: 0 UID: 0 PID: 9861 Comm: syz.1.1145 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  416.599548][ T9861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  416.599558][ T9861] Call Trace:
[  416.599564][ T9861]  <TASK>
[  416.599571][ T9861]  dump_stack_lvl+0x16c/0x1f0
[  416.599597][ T9861]  should_fail_ex+0x512/0x640
[  416.599617][ T9861]  _copy_from_user+0x2e/0xd0
[  416.599632][ T9861]  copy_msghdr_from_user+0x98/0x160
[  416.599643][ T9861]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  416.599660][ T9861]  ___sys_sendmsg+0xfe/0x1d0
[  416.599670][ T9861]  ? __pfx____sys_sendmsg+0x10/0x10
[  416.599695][ T9861]  __sys_sendmsg+0x16d/0x220
[  416.599705][ T9861]  ? __pfx___sys_sendmsg+0x10/0x10
[  416.599719][ T9861]  ? rcu_is_watching+0x12/0xc0
[  416.599735][ T9861]  do_syscall_64+0xcd/0x260
[  416.599755][ T9861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.599766][ T9861] RIP: 0033:0x7f021c58e969
[  416.599775][ T9861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.599785][ T9861] RSP: 002b:00007f021d387038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  416.599795][ T9861] RAX: ffffffffffffffda RBX: 00007f021c7b5fa0 RCX: 00007f021c58e969
[  416.599802][ T9861] RDX: 0000000020048848 RSI: 0000200000000040 RDI: 0000000000000003
[  416.599808][ T9861] RBP: 00007f021d387090 R08: 0000000000000000 R09: 0000000000000000
[  416.599814][ T9861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.599820][ T9861] R13: 0000000000000000 R14: 00007f021c7b5fa0 R15: 00007ffd62461988
[  416.599833][ T9861]  </TASK>
[  417.040625][ T9872] FAULT_INJECTION: forcing a failure.
[  417.040625][ T9872] name failslab, interval 1, probability 0, space 0, times 0
[  417.054650][ T9872] CPU: 0 UID: 0 PID: 9872 Comm: syz.2.1150 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  417.054676][ T9872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  417.054685][ T9872] Call Trace:
[  417.054699][ T9872]  <TASK>
[  417.054705][ T9872]  dump_stack_lvl+0x16c/0x1f0
[  417.054732][ T9872]  should_fail_ex+0x512/0x640
[  417.054752][ T9872]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  417.054780][ T9872]  should_failslab+0xc2/0x120
[  417.054797][ T9872]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  417.054821][ T9872]  ? alloc_empty_file+0x55/0x1e0
[  417.054843][ T9872]  alloc_empty_file+0x55/0x1e0
[  417.054861][ T9872]  path_openat+0xe0/0x2d40
[  417.054883][ T9872]  ? __x64_sys_openat+0x174/0x210
[  417.054901][ T9872]  ? do_syscall_64+0xcd/0x260
[  417.054920][ T9872]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.054945][ T9872]  ? __pfx_path_openat+0x10/0x10
[  417.054975][ T9872]  do_filp_open+0x20b/0x470
[  417.055001][ T9872]  ? __pfx_do_filp_open+0x10/0x10
[  417.055040][ T9872]  ? alloc_fd+0x471/0x7d0
[  417.055071][ T9872]  do_sys_openat2+0x11b/0x1d0
[  417.055090][ T9872]  ? __pfx_do_sys_openat2+0x10/0x10
[  417.055111][ T9872]  ? __fget_files+0x20e/0x3c0
[  417.055139][ T9872]  __x64_sys_openat+0x174/0x210
[  417.055158][ T9872]  ? __pfx___x64_sys_openat+0x10/0x10
[  417.055176][ T9872]  ? ksys_write+0x1b9/0x240
[  417.055199][ T9872]  ? rcu_is_watching+0x12/0xc0
[  417.055225][ T9872]  do_syscall_64+0xcd/0x260
[  417.055247][ T9872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  417.055263][ T9872] RIP: 0033:0x7f70a298e969
[  417.055278][ T9872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  417.055293][ T9872] RSP: 002b:00007f70a375e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  417.055309][ T9872] RAX: ffffffffffffffda RBX: 00007f70a2bb5fa0 RCX: 00007f70a298e969
[  417.055320][ T9872] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  417.055330][ T9872] RBP: 00007f70a375e090 R08: 0000000000000000 R09: 0000000000000000
[  417.055339][ T9872] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[  417.055349][ T9872] R13: 0000000000000000 R14: 00007f70a2bb5fa0 R15: 00007fff6ea8bcd8
[  417.055372][ T9872]  </TASK>
[  417.323824][ T9865] netlink: 'syz.4.1147': attribute type 1 has an invalid length.
[  417.331608][ T9865] netlink: 228 bytes leftover after parsing attributes in process `syz.4.1147'.
[  417.429049][ T5862] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  417.537131][ T9881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1151'.
[  417.560508][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1151'.
[  417.584407][ T9880] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  417.598323][ T9885] netlink: 'syz.0.1153': attribute type 10 has an invalid length.
[  417.616259][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  417.664273][ T5862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  417.692286][ T5862] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  417.701821][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.722037][ T5862] usb 2-1: config 0 descriptor??
[  417.778992][ T9894] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1156'.
[  417.948097][   T83] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  418.073425][    T9] usb 4-1: new full-speed USB device number 29 using dummy_hcd
[  418.127389][ T5862] usbhid 2-1:0.0: can't add hid device: -71
[  418.134059][ T5862] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  418.163073][ T5862] usb 2-1: USB disconnect, device number 33
[  418.692414][   T83] usb 1-1: config 16 has an invalid interface number: 168 but max is 0
[  418.762564][   T83] usb 1-1: config 16 has no interface number 0
[  418.793402][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  418.804925][   T83] usb 1-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  418.808542][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.978357][   T83] usb 1-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  418.981488][    T9] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  419.072964][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.077086][   T83] usb 1-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  419.102078][   T83] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  419.105929][    T9] usb 4-1: config 0 descriptor??
[  419.127314][   T83] HFC-S_USB 1-1:16.168: probe with driver HFC-S_USB failed with error -5
[  419.135765][   T30] audit: type=1400 audit(1746194457.950:373): avc:  denied  { write } for  pid=9907 comm="syz.2.1160" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  419.162200][ T9908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1160'.
[  419.323453][ T5860] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  419.360382][   T83] usb 1-1: USB disconnect, device number 21
[  419.398660][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  419.870467][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  419.883000][    T9] usb 4-1: USB disconnect, device number 29
[  419.944284][ T5860] usb 5-1: Using ep0 maxpacket: 16
[  419.954930][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  419.979600][   T30] audit: type=1400 audit(1746194458.800:374): avc:  denied  { name_connect } for  pid=9914 comm="syz.1.1162" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  420.002622][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  420.013987][ T5860] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  420.027165][ T5860] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  420.036583][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.074015][ T5860] usb 5-1: config 0 descriptor??
[  420.112839][ T9918] overlayfs: conflicting lowerdir path
[  420.121967][ T9918] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  420.207645][ T9920] capability: warning: `syz.2.1164' uses deprecated v2 capabilities in a way that may be insecure
[  420.226832][ T9920] loop9: detected capacity change from 0 to 7
[  420.239578][ T9920] Dev loop9: unable to read RDB block 7
[  420.245437][ T9920]  loop9: unable to read partition table
[  420.251227][ T9920] loop9: partition table beyond EOD, truncated
[  420.262936][ T9920] loop_reread_partitions: partition scan of loop9 (�被x������ ) failed (rc=-5)
[  420.278727][ T9920] capability: warning: `syz.2.1164' uses 32-bit capabilities (legacy support in use)
[  420.917966][ T9906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  421.029624][ T9906] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  421.095847][ T5860] microsoft 0003:045E:07DA.0002: ignoring exceeding usage max
[  421.249649][ T9906] x_tables: ip_tables: osf match: only valid for protocol 6
[  422.173025][ T5860] microsoft 0003:045E:07DA.0002: usage index exceeded
[  422.179952][ T5860] microsoft 0003:045E:07DA.0002: item 0 4 2 0 parsing failed
[  422.187948][ T5860] microsoft 0003:045E:07DA.0002: parse failed
[  422.194218][ T5860] microsoft 0003:045E:07DA.0002: probe with driver microsoft failed with error -22
[  422.217084][ T5860] usb 5-1: USB disconnect, device number 26
[  423.236520][ T9950] netlink: 'syz.4.1175': attribute type 10 has an invalid length.
[  423.643296][ T5862] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  423.643426][ T5860] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  423.793259][ T9966] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1174'.
[  423.802572][ T9966] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1174'.
[  423.836876][ T5860] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  423.852902][ T5860] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.862053][ T5862] usb 5-1: config 16 has an invalid interface number: 168 but max is 0
[  423.863630][ T5860] usb 2-1: Product: syz
[  423.876937][ T5860] usb 2-1: Manufacturer: syz
[  423.876958][ T5862] usb 5-1: config 16 has no interface number 0
[  423.881656][ T5860] usb 2-1: SerialNumber: syz
[  423.893347][ T5862] usb 5-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  423.906242][ T5862] usb 5-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.907102][ T5860] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  423.935191][ T5862] usb 5-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  423.935853][    T9] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  423.953685][ T5858] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  423.963111][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.044620][   T83] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  424.111458][ T5862] HFC-S_USB 5-1:16.168: probe with driver HFC-S_USB failed with error -5
[  424.127292][ T5858] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  424.148905][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.172539][ T5858] usb 1-1: Product: syz
[  424.203547][   T83] usb 3-1: Using ep0 maxpacket: 16
[  424.214640][   T83] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  424.215724][ T5858] usb 1-1: Manufacturer: syz
[  424.225524][   T83] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  424.470120][ T5860] usb 5-1: USB disconnect, device number 27
[  424.472585][   T83] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  424.478629][ T5858] usb 1-1: SerialNumber: syz
[  424.517709][   T83] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.568682][   T83] usb 3-1: Product: syz
[  424.572898][   T83] usb 3-1: Manufacturer: syz
[  424.573893][ T5858] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  424.588215][   T83] usb 3-1: SerialNumber: syz
[  424.609241][   T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  425.221353][ T9965] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1179'.
[  425.277728][   T83] usb 3-1: 0:2 : does not exist
[  425.301746][   T30] audit: type=1400 audit(1746194464.120:375): avc:  denied  { getattr } for  pid=9954 comm="syz.1.1176" name="/" dev="9p" ino=4412287765254868893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  425.328323][ T9955] overlayfs: statfs failed on './file0'
[  425.354696][   T83] usb 3-1: USB disconnect, device number 25
[  425.623370][    T9] usb 2-1: Service connection timeout for: 256
[  425.917352][    T9] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  425.966236][ T9986] overlay: ./bus is not a directory
[  426.101246][   T10] usb 1-1: Service connection timeout for: 256
[  426.110380][    T9] ath9k_htc: Failed to initialize the device
[  426.151530][   T10] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  426.318324][   T10] ath9k_htc: Failed to initialize the device
[  426.324584][    T9] usb 2-1: ath9k_htc: USB layer deinitialized
[  426.517844][ T5858] usb 2-1: USB disconnect, device number 34
[  426.602696][   T10] usb 1-1: ath9k_htc: USB layer deinitialized
[  428.213541][ T5858] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  428.238016][   T83] usb 1-1: USB disconnect, device number 22
[  428.384926][ T5858] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  428.420594][ T5858] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  428.428424][   T30] audit: type=1400 audit(1746194467.240:376): avc:  denied  { create } for  pid=10009 comm="syz.0.1191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  428.434872][ T5858] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  428.468680][ T5858] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  428.477744][T10009] delete_channel: no stack
[  428.479015][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.485766][T10009] delete_channel: no stack
[  428.508203][T10012] netlink: 'syz.4.1192': attribute type 10 has an invalid length.
[  428.510876][   T30] audit: type=1400 audit(1746194467.290:377): avc:  denied  { write } for  pid=10009 comm="syz.0.1191" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  428.903554][ T5858] ath6kl: Failed to submit usb control message: -71
[  428.933530][   T83] usb 5-1: new full-speed USB device number 28 using dummy_hcd
[  428.933542][ T5858] ath6kl: unable to send the bmi data to the device: -71
[  428.951754][ T5858] ath6kl: Unable to send get target info: -71
[  428.993366][ T5858] ath6kl: Failed to init ath6kl core: -71
[  429.010205][ T5858] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71
[  429.085257][   T83] usb 5-1: config 16 has an invalid interface number: 168 but max is 0
[  429.108865][   T83] usb 5-1: config 16 has no interface number 0
[  429.115504][ T5858] usb 4-1: USB disconnect, device number 30
[  429.123730][   T83] usb 5-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  429.138943][   T83] usb 5-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.155814][   T83] usb 5-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  429.169987][   T83] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.249438][   T83] HFC-S_USB 5-1:16.168: probe with driver HFC-S_USB failed with error -5
[  429.566529][   T83] usb 5-1: USB disconnect, device number 28
[  430.103567][ T5858] usb 3-1: new low-speed USB device number 26 using dummy_hcd
[  430.276644][ T5858] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  430.313043][ T5858] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  430.328820][ T5858] usb 3-1: config 0 has no interface number 0
[  430.335101][ T5858] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  430.347931][ T5858] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  430.359382][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.370701][ T5858] usb 3-1: config 0 descriptor??
[  430.620592][T10024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.640203][T10024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.671520][ T5858] usb 3-1: USB disconnect, device number 26
[  430.753481][   T93] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  430.992731][   T93] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  431.103275][   T93] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.111430][   T93] usb 5-1: Product: syz
[  431.116039][   T93] usb 5-1: Manufacturer: syz
[  431.123426][   T93] usb 5-1: SerialNumber: syz
[  431.180604][   T93] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  431.208480][   T24] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  431.363690][   T83] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  432.004359][   T83] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  433.115005][   T30] audit: type=1400 audit(1746194471.940:378): avc:  denied  { connect } for  pid=10056 comm="syz.0.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  433.115049][   T24] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  433.134734][    C0] vkms_vblank_simulate: vblank timer overrun
[  433.193447][   T83] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  433.205159][   T83] usb 4-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  433.213362][   T30] audit: type=1400 audit(1746194471.980:379): avc:  denied  { create } for  pid=10056 comm="syz.0.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  433.219293][   T83] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  433.257132][   T24] ath9k_htc: Failed to initialize the device
[  433.266499][   T83] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.283517][   T30] audit: type=1400 audit(1746194471.990:380): avc:  denied  { ioctl } for  pid=10056 comm="syz.0.1208" path="socket:[25453]" dev="sockfs" ino=25453 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  433.337728][   T24] usb 5-1: ath9k_htc: USB layer deinitialized
[  433.482813][T10072] netlink: 'syz.2.1212': attribute type 10 has an invalid length.
[  433.523348][   T83] ath6kl: Failed to submit usb control message: -71
[  433.530027][   T83] ath6kl: unable to send the bmi data to the device: -71
[  433.551096][   T83] ath6kl: Unable to send get target info: -71
[  433.574039][   T83] ath6kl: Failed to init ath6kl core: -71
[  433.580413][   T83] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71
[  433.589083][T10075] blkio.reset_stats is deprecated
[  433.620357][   T83] usb 4-1: USB disconnect, device number 31
[  433.763529][ T5816] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  433.828053][   T10] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  433.973022][ T5816] usb 3-1: config 16 has an invalid interface number: 168 but max is 0
[  433.982647][ T5816] usb 3-1: config 16 has no interface number 0
[  433.989671][ T5816] usb 3-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  434.012077][ T5816] usb 3-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  434.024793][ T5816] usb 3-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  434.135874][ T5816] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.153362][   T10] usb 1-1: Using ep0 maxpacket: 8
[  434.162648][ T5816] HFC-S_USB 3-1:16.168: probe with driver HFC-S_USB failed with error -5
[  434.170127][   T10] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  434.210926][T10085] overlay: ./bus is not a directory
[  434.216543][   T10] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  434.337831][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.365546][ T5858] usb 3-1: USB disconnect, device number 27
[  434.686880][T10075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.708337][T10075] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  434.745635][   T10] usb 1-1: string descriptor 0 read error: -71
[  434.771147][   T10] hub 1-1:32.0: USB hub found
[  434.786370][   T10] hub 1-1:32.0: config failed, can't read hub descriptor (err -22)
[  434.874477][   T10] usb 1-1: USB disconnect, device number 23
[  435.119398][   T30] audit: type=1400 audit(1746194473.940:381): avc:  denied  { read write } for  pid=10093 comm="syz.2.1219" name="file0" dev="fuse" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  435.193911][   T30] audit: type=1400 audit(1746194473.940:382): avc:  denied  { open } for  pid=10093 comm="syz.2.1219" path="/269/file0/file0" dev="fuse" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  435.216894][    C0] vkms_vblank_simulate: vblank timer overrun
[  435.274954][   T30] audit: type=1400 audit(1746194473.950:383): avc:  denied  { ioctl } for  pid=10093 comm="syz.2.1219" path="/269/file0/file0" dev="fuse" ino=5 ioctlcmd=0x540a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  435.299625][    C0] vkms_vblank_simulate: vblank timer overrun
[  436.424569][   T10] usb 5-1: USB disconnect, device number 29
[  437.074897][   T10] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  437.294826][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  437.324185][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.356206][   T10] usb 3-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  437.386560][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.425097][   T10] usb 3-1: config 0 descriptor??
[  437.564649][T10132] FAULT_INJECTION: forcing a failure.
[  437.564649][T10132] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  437.583894][T10132] CPU: 1 UID: 0 PID: 10132 Comm: syz.4.1232 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  437.583918][T10132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  437.583926][T10132] Call Trace:
[  437.583931][T10132]  <TASK>
[  437.583937][T10132]  dump_stack_lvl+0x16c/0x1f0
[  437.583961][T10132]  should_fail_ex+0x512/0x640
[  437.583982][T10132]  strncpy_from_user+0x3b/0x2e0
[  437.584003][T10132]  getname_flags.part.0+0x8f/0x550
[  437.584022][T10132]  getname_flags+0x93/0xf0
[  437.584041][T10132]  do_sys_openat2+0xb8/0x1d0
[  437.584058][T10132]  ? __pfx_do_sys_openat2+0x10/0x10
[  437.584081][T10132]  __x64_sys_openat+0x174/0x210
[  437.584100][T10132]  ? __pfx___x64_sys_openat+0x10/0x10
[  437.584119][T10132]  ? do_user_addr_fault+0x843/0x1370
[  437.584143][T10132]  do_syscall_64+0xcd/0x260
[  437.584165][T10132]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.584181][T10132] RIP: 0033:0x7fb2bad8d2d0
[  437.584195][T10132] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44
[  437.584209][T10132] RSP: 002b:00007fb2bbbe0ef0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  437.584225][T10132] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fb2bad8d2d0
[  437.584236][T10132] RDX: 0000000000000002 RSI: 00007fb2bae1078c RDI: 00000000ffffff9c
[  437.584246][T10132] RBP: 00007fb2bae1078c R08: 0000000000000000 R09: 0000000000000000
[  437.584255][T10132] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  437.584264][T10132] R13: 0000000000000036 R14: 0000200000000040 R15: 00007ffe80da09c8
[  437.584283][T10132]  </TASK>
[  437.669808][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  437.743308][   T24] usb 1-1: new full-speed USB device number 24 using dummy_hcd
[  437.747224][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  437.789873][   T10] usb 3-1: USB disconnect, device number 28
[  437.813509][    T9] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  437.918586][   T24] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  437.928553][   T24] usb 1-1: config 0 has no interface number 0
[  437.943170][   T24] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  437.953818][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.961904][   T24] usb 1-1: Product: syz
[  437.966545][   T24] usb 1-1: Manufacturer: syz
[  437.971213][   T24] usb 1-1: SerialNumber: syz
[  438.001800][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  438.046351][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  438.048453][   T24] usb 1-1: config 0 descriptor??
[  438.063294][    T9] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  438.075211][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  438.309405][    T9] usb 4-1: config 0 descriptor??
[  438.660707][   T30] audit: type=1400 audit(1746194477.480:384): avc:  denied  { execmod } for  pid=10139 comm="syz.4.1234" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=25997 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  438.687030][    C0] vkms_vblank_simulate: vblank timer overrun
[  438.713409][   T30] audit: type=1400 audit(1746194477.520:385): avc:  denied  { execute } for  pid=10139 comm="syz.4.1234" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=25997 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  438.756766][   T30] audit: type=1400 audit(1746194477.520:386): avc:  denied  { setopt } for  pid=10139 comm="syz.4.1234" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  438.830134][   T24] usb 1-1: Firmware version (0.0) predates our first public release.
[  438.851333][   T24] usb 1-1: Please update to version 0.2 or newer
[  438.865567][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  438.873408][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  438.906529][    T9] usb 4-1: USB disconnect, device number 32
[  438.953515][   T93] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  439.173439][   T93] usb 2-1: Using ep0 maxpacket: 16
[  439.247408][   T24] usb 1-1: USB disconnect, device number 24
[  439.277543][   T93] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  439.318729][   T93] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.327707][   T93] usb 2-1: Product: syz
[  439.332035][   T93] usb 2-1: Manufacturer: syz
[  439.336738][   T93] usb 2-1: SerialNumber: syz
[  439.602342][   T93] usb 2-1: config 0 descriptor??
[  439.627834][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  439.634311][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  439.645297][   T93] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected
[  439.671561][   T93] usb 2-1: Detected FT-X
[  439.840822][T10167] futex_wake_op: syz.4.1245 tries to shift op by 36; fix this program
[  439.885926][   T93] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  439.895980][   T93] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  439.908878][   T93] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71
[  439.928169][   T93] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  439.969994][   T93] usb 2-1: USB disconnect, device number 35
[  440.039069][   T93] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  440.093987][    T9] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  440.340342][   T93] ftdi_sio 2-1:0.0: device disconnected
[  440.456672][    T9] usb 3-1: Using ep0 maxpacket: 16
[  440.492096][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  440.626141][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  440.899102][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  440.911144][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.920895][    T9] usb 3-1: Product: syz
[  441.004601][    T9] usb 3-1: Manufacturer: syz
[  441.027848][    T9] usb 3-1: SerialNumber: syz
[  441.133660][   T93] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  441.490477][   T93] usb 5-1: Using ep0 maxpacket: 8
[  441.509730][   T93] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  441.545338][   T93] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  441.563010][   T93] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.629363][T10165] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1244'.
[  441.678006][    T9] usb 3-1: 0:2 : does not exist
[  441.724126][    T9] usb 3-1: USB disconnect, device number 29
[  441.773588][ T9777] udevd[9777]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  441.879447][   T93] usb 5-1: string descriptor 0 read error: -71
[  441.893659][   T93] hub 5-1:32.0: USB hub found
[  441.913111][   T93] hub 5-1:32.0: config failed, can't read hub descriptor (err -22)
[  441.975581][   T93] usb 5-1: USB disconnect, device number 30
[  442.426138][ T5858] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  442.436083][ T9777] udevd[9777]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  442.678587][ T5858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  442.743379][ T5858] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.771683][ T5858] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  442.785845][ T5858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.811155][ T5858] usb 2-1: config 0 descriptor??
[  443.357026][ T5858] usbhid 2-1:0.0: can't add hid device: -71
[  443.363082][ T5858] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  443.791601][ T5858] usb 2-1: USB disconnect, device number 36
[  444.317429][   T30] audit: type=1400 audit(1746194483.140:387): avc:  denied  { ioctl } for  pid=10233 comm="syz.3.1264" path="socket:[26151]" dev="sockfs" ino=26151 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  444.343423][T10236] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1264'.
[  444.598647][T10248] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1270'.
[  444.922739][T10248] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1270'.
[  445.143184][T10248] netlink: 'syz.2.1270': attribute type 20 has an invalid length.
[  445.173294][   T30] audit: type=1400 audit(1746194483.860:388): avc:  denied  { ioctl } for  pid=10247 comm="syz.2.1270" path="socket:[26859]" dev="sockfs" ino=26859 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  445.423109][   T30] audit: type=1400 audit(1746194484.030:389): avc:  denied  { create } for  pid=10254 comm="syz.4.1271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  445.533272][   T24] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  445.693574][   T24] usb 2-1: Using ep0 maxpacket: 16
[  445.724862][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  445.770744][ T5858] usb 1-1: new full-speed USB device number 25 using dummy_hcd
[  445.784453][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  445.832171][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  445.875612][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.936576][   T24] usb 2-1: Product: syz
[  445.967377][   T24] usb 2-1: Manufacturer: syz
[  445.972368][   T24] usb 2-1: SerialNumber: syz
[  446.202152][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  446.479962][T10250] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1269'.
[  446.493315][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  446.503112][ T5858] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  446.532263][   T24] usb 2-1: 0:2 : does not exist
[  446.546795][   T24] usb 2-1: USB disconnect, device number 37
[  446.617243][ T9777] udevd[9777]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  446.642259][T10274] FAULT_INJECTION: forcing a failure.
[  446.642259][T10274] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  446.666159][ T5858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  446.681626][ T5858] usb 1-1: config 0 descriptor??
[  446.710190][T10274] CPU: 0 UID: 0 PID: 10274 Comm: syz.4.1277 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  446.710215][T10274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  446.710224][T10274] Call Trace:
[  446.710230][T10274]  <TASK>
[  446.710237][T10274]  dump_stack_lvl+0x16c/0x1f0
[  446.710266][T10274]  should_fail_ex+0x512/0x640
[  446.710291][T10274]  _copy_from_user+0x2e/0xd0
[  446.710314][T10274]  copy_msghdr_from_user+0x98/0x160
[  446.710331][T10274]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  446.710359][T10274]  ___sys_sendmsg+0xfe/0x1d0
[  446.710376][T10274]  ? __pfx____sys_sendmsg+0x10/0x10
[  446.710420][T10274]  __sys_sendmsg+0x16d/0x220
[  446.710436][T10274]  ? __pfx___sys_sendmsg+0x10/0x10
[  446.710459][T10274]  ? rcu_is_watching+0x12/0xc0
[  446.710484][T10274]  do_syscall_64+0xcd/0x260
[  446.710507][T10274]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.710523][T10274] RIP: 0033:0x7fb2bad8e969
[  446.710537][T10274] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.710552][T10274] RSP: 002b:00007fb2bbbe3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  446.710568][T10274] RAX: ffffffffffffffda RBX: 00007fb2bafb5fa0 RCX: 00007fb2bad8e969
[  446.710578][T10274] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000004
[  446.710588][T10274] RBP: 00007fb2bbbe3090 R08: 0000000000000000 R09: 0000000000000000
[  446.710597][T10274] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  446.710606][T10274] R13: 0000000000000000 R14: 00007fb2bafb5fa0 R15: 00007ffe80da09c8
[  446.710634][T10274]  </TASK>
[  446.928538][T10260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  446.937345][T10260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  446.952631][ T5858] usbhid 1-1:0.0: can't add hid device: -71
[  446.959533][ T5858] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  446.969640][ T5858] usb 1-1: USB disconnect, device number 25
[  447.213304][   T30] audit: type=1400 audit(1746194486.030:390): avc:  denied  { getopt } for  pid=10283 comm="syz.4.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  447.553397][ T5860] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  447.594010][ T5858] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  447.814637][ T5860] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  448.014308][ T5858] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  448.023586][ T5860] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30
[  448.034558][    T9] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  448.067303][ T5858] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.075741][ T5860] usb 3-1: config 4 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 101
[  448.089110][ T5858] usb 2-1: Product: syz
[  448.093742][ T5858] usb 2-1: Manufacturer: syz
[  448.098839][ T5858] usb 2-1: SerialNumber: syz
[  448.105649][ T5860] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  448.116433][ T5860] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.128535][ T5858] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  448.152362][ T5892] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  448.246061][    T9] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  448.265395][    T9] usb 4-1: config 0 has no interface number 0
[  448.288240][    T9] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  448.299391][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.308451][    T9] usb 4-1: Product: syz
[  448.318283][    T9] usb 4-1: Manufacturer: syz
[  448.324596][    T9] usb 4-1: SerialNumber: syz
[  448.392599][ T5860] ath6kl: Failed to submit usb control message: -71
[  448.431262][ T5860] ath6kl: unable to send the bmi data to the device: -71
[  448.469989][    T9] usb 4-1: config 0 descriptor??
[  448.577121][ T5860] ath6kl: Unable to send get target info: -71
[  448.700269][ T5860] ath6kl: Failed to init ath6kl core: -71
[  448.710361][ T5860] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71
[  448.723665][ T5860] usb 3-1: USB disconnect, device number 30
[  448.783450][   T10] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  449.281458][   T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  449.308758][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.333307][   T10] usb 5-1: Product: syz
[  449.353491][   T10] usb 5-1: Manufacturer: syz
[  449.371374][   T10] usb 5-1: SerialNumber: syz
[  449.418842][   T10] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  449.450826][ T5860] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  449.522666][T10323] overlay: ./bus is not a directory
[  449.727118][    T9] usb 4-1: Firmware version (0.0) predates our first public release.
[  449.754343][    T9] usb 4-1: Please update to version 0.2 or newer
[  450.093748][ T5892] usb 2-1: Service connection timeout for: 256
[  450.201876][ T5892] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services
[  450.249271][    T9] usb 4-1: USB disconnect, device number 33
[  450.286823][ T5892] ath9k_htc: Failed to initialize the device
[  450.345549][ T5892] usb 2-1: ath9k_htc: USB layer deinitialized
[  450.536403][T10343] overlay: ./bus is not a directory
[  450.784525][ T5860] usb 5-1: Service connection timeout for: 256
[  450.803636][ T5816] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  451.050165][ T5860] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services
[  451.081503][ T5860] ath9k_htc: Failed to initialize the device
[  451.094989][ T5860] usb 5-1: ath9k_htc: USB layer deinitialized
[  451.305024][ T5816] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  451.419283][ T5816] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  451.610155][ T5816] usb 1-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  451.623223][   T24] usb 2-1: USB disconnect, device number 38
[  451.651498][ T5816] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  451.683355][ T5816] usb 1-1: config 0 descriptor??
[  451.752920][T10356] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1301'.
[  451.764844][T10356] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10356 comm=syz.2.1301
[  451.766065][T10358] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1300'.
[  451.797415][T10358] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10358 comm=syz.1.1300
[  451.957995][T10338] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  451.974786][T10338] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  451.995704][ T5816] usbhid 1-1:0.0: can't add hid device: -71
[  452.001808][ T5816] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  452.035564][ T5816] usb 1-1: USB disconnect, device number 26
[  452.113358][    T9] usb 3-1: new full-speed USB device number 31 using dummy_hcd
[  452.209079][T10308] usb 5-1: USB disconnect, device number 31
[  452.273479][    T9] usb 3-1: device descriptor read/64, error -71
[  452.329323][ T5892] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  452.518562][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  452.558830][ T5892] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  452.578673][ T5892] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  452.591824][    T9] usb 3-1: new full-speed USB device number 32 using dummy_hcd
[  452.682193][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.813829][    T9] usb 3-1: device descriptor read/64, error -71
[  452.848481][ T5892] usb 2-1: config 0 descriptor??
[  452.999373][    T9] usb usb3-port1: attempt power cycle
[  453.161164][T10366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  453.171706][T10366] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  453.194086][ T5892] usbhid 2-1:0.0: can't add hid device: -71
[  453.200100][ T5892] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  453.232556][ T5892] usb 2-1: USB disconnect, device number 39
[  453.864425][    T9] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  453.943593][   T30] audit: type=1400 audit(1746194492.340:391): avc:  denied  { mounton } for  pid=10374 comm="syz.0.1308" path="/proc/824/cgroup" dev="proc" ino=27231 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  454.006686][    T9] usb 3-1: device descriptor read/8, error -71
[  454.041013][ T5860] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  454.257898][ T5860] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[  454.274757][ T5860] usb 5-1: config 0 has no interface number 0
[  454.304031][ T5860] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  454.313099][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.361039][ T5860] usb 5-1: Product: syz
[  454.365618][    T9] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  454.385022][ T5860] usb 5-1: Manufacturer: syz
[  454.400469][ T5860] usb 5-1: SerialNumber: syz
[  454.421608][    T9] usb 3-1: device descriptor read/8, error -71
[  454.430616][ T5860] usb 5-1: config 0 descriptor??
[  454.545057][    T9] usb usb3-port1: unable to enumerate USB device
[  454.633574][T10308] usb 4-1: new full-speed USB device number 34 using dummy_hcd
[  454.727959][T10393] FAULT_INJECTION: forcing a failure.
[  454.727959][T10393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  454.742505][T10393] CPU: 0 UID: 0 PID: 10393 Comm: syz.4.1310 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  454.742530][T10393] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  454.742539][T10393] Call Trace:
[  454.742548][T10393]  <TASK>
[  454.742556][T10393]  dump_stack_lvl+0x16c/0x1f0
[  454.742582][T10393]  should_fail_ex+0x512/0x640
[  454.742607][T10393]  _copy_from_user+0x2e/0xd0
[  454.742640][T10393]  snd_seq_oss_write+0x397/0x7d0
[  454.742664][T10393]  ? __pfx___might_resched+0x10/0x10
[  454.742690][T10393]  ? __pfx_snd_seq_oss_write+0x10/0x10
[  454.742712][T10393]  ? inode_security+0x101/0x130
[  454.742735][T10393]  ? avc_policy_seqno+0x9/0x20
[  454.742750][T10393]  ? selinux_file_permission+0x11f/0x580
[  454.742777][T10393]  ? bpf_lsm_file_permission+0x9/0x10
[  454.742804][T10393]  odev_write+0x51/0xa0
[  454.742823][T10393]  vfs_write+0x25c/0x1180
[  454.742846][T10393]  ? __pfx_odev_write+0x10/0x10
[  454.742870][T10393]  ? __pfx_vfs_write+0x10/0x10
[  454.742892][T10393]  ? find_held_lock+0x2b/0x80
[  454.742913][T10393]  ? __fget_files+0x204/0x3c0
[  454.742941][T10393]  ? __fget_files+0x20e/0x3c0
[  454.742964][T10393]  ? sysvec_kvm_asyncpf_interrupt+0x60/0xc0
[  454.742991][T10393]  ksys_write+0x12a/0x240
[  454.743015][T10393]  ? __pfx_ksys_write+0x10/0x10
[  454.743046][T10393]  do_syscall_64+0xcd/0x260
[  454.743069][T10393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.743087][T10393] RIP: 0033:0x7fb2bad8e969
[  454.743100][T10393] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.743116][T10393] RSP: 002b:00007fb2bbbc2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  454.743133][T10393] RAX: ffffffffffffffda RBX: 00007fb2bafb6080 RCX: 00007fb2bad8e969
[  454.743144][T10393] RDX: 000000000000fd85 RSI: 00002000000007c0 RDI: 0000000000000007
[  454.743155][T10393] RBP: 00007fb2bbbc2090 R08: 0000000000000000 R09: 0000000000000000
[  454.743164][T10393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  454.743174][T10393] R13: 0000000000000000 R14: 00007fb2bafb6080 R15: 00007ffe80da09c8
[  454.743196][T10393]  </TASK>
[  455.596689][T10308] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  455.615511][T10308] usb 4-1: config 0 has no interface number 0
[  455.636629][T10308] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  455.653037][ T5860] usb 5-1: Firmware version (0.0) predates our first public release.
[  455.665617][ T5860] usb 5-1: Please update to version 0.2 or newer
[  455.691700][T10308] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.778031][T10308] usb 4-1: Product: syz
[  455.820193][T10308] usb 4-1: Manufacturer: syz
[  455.847629][T10308] usb 4-1: SerialNumber: syz
[  455.893304][ T5816] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  455.944545][T10308] usb 4-1: config 0 descriptor??
[  456.011704][ T5860] usb 5-1: USB disconnect, device number 32
[  456.134266][ T5892] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  456.353402][ T5892] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  456.708392][ T5892] usb 3-1: config 0 has no interface number 0
[  456.858694][ T5892] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  456.930758][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.040800][ T5816] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  457.050989][ T5816] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.061095][ T5816] usb 1-1: Product: syz
[  457.066779][ T5816] usb 1-1: Manufacturer: syz
[  457.071683][ T5816] usb 1-1: SerialNumber: syz
[  457.084577][ T5892] usb 3-1: Product: syz
[  457.088815][ T5892] usb 3-1: Manufacturer: syz
[  457.093523][ T5892] usb 3-1: SerialNumber: syz
[  457.093856][ T5816] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  457.116251][ T5892] usb 3-1: config 0 descriptor??
[  457.214009][   T93] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  457.441024][T10308] usb 4-1: Firmware version (0.0) predates our first public release.
[  457.449377][T10308] usb 4-1: Please update to version 0.2 or newer
[  457.658889][T10308] usb 4-1: USB disconnect, device number 34
[  457.843381][ T5862] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  458.013534][ T5862] usb 2-1: Using ep0 maxpacket: 32
[  458.021049][ T5862] usb 2-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 16
[  458.034562][ T5862] usb 2-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  458.048391][ T5862] usb 2-1: config 1 interface 0 has no altsetting 0
[  458.057394][ T5862] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  458.066791][ T5862] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.104849][ T5862] usb 2-1: Product: ࡠ
[  458.109139][ T5862] usb 2-1: Manufacturer: 㶕얖뜋⮸궐ṗዱ韄唳絫迖㕌홉鈺鑻嘯㉆踅䥹覷ﬔ相堝␙䥭૦⿇邚媫정ၟ哩뛎ﱔ믈돎䔁鰚ꞿ슆ⅿ휖ᣃ㈭ྦ᪢⁼렡ⓢ顤北ꁯ䇳췻套䶫耋뤓㸧DZ鷾銑ᣥ犞榒䂜梗౐뻇럁ꩼゎ⻇漐ꈥ
[  458.144321][ T5862] usb 2-1: SerialNumber: syz
[  458.155392][T10408] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  458.166137][T10408] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  458.197665][ T5892] usb 3-1: Firmware version (0.0) predates our first public release.
[  458.208981][   T24] usb 1-1: USB disconnect, device number 27
[  458.230070][ T5892] usb 3-1: Please update to version 0.2 or newer
[  458.266267][ T5892] usb 3-1: USB disconnect, device number 35
[  458.273603][ T5860] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  458.397039][ T5862] usb 2-1: USB disconnect, device number 40
[  458.423657][ T5860] usb 5-1: Using ep0 maxpacket: 32
[  458.441026][ T5860] usb 5-1: config 1 interface 0 altsetting 9 bulk endpoint 0x1 has invalid maxpacket 16
[  458.457677][ T5860] usb 5-1: config 1 interface 0 altsetting 9 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  458.470959][ T5860] usb 5-1: config 1 interface 0 has no altsetting 0
[  458.480715][ T5860] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  458.492705][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.501761][ T5860] usb 5-1: Product: ࡠ
[  458.506276][ T5860] usb 5-1: Manufacturer: 㶕얖뜋⮸궐ṗዱ韄唳絫迖㕌홉鈺鑻嘯㉆踅䥹覷ﬔ相堝␙䥭૦⿇邚媫정ၟ哩뛎ﱔ믈돎䔁鰚ꞿ슆ⅿ휖ᣃ㈭ྦ᪢⁼렡ⓢ顤北ꁯ䇳췻套䶫耋뤓㸧DZ鷾銑ᣥ犞榒䂜梗౐뻇럁ꩼゎ⻇漐ꈥ
[  458.513544][   T93] usb 1-1: Service connection timeout for: 256
[  458.532009][ T5860] usb 5-1: SerialNumber: syz
[  458.551645][T10417] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  458.553935][   T93] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  458.563402][T10417] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  458.567711][   T93] ath9k_htc: Failed to initialize the device
[  458.581074][   T24] usb 1-1: ath9k_htc: USB layer deinitialized
[  458.839397][ T5860] usb 5-1: USB disconnect, device number 33
[  459.048344][ T5892] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[  459.313477][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  459.434327][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.522660][ T5892] usb 4-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  459.609355][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.773622][ T5892] usb 4-1: config 0 descriptor??
[  459.779445][T10440] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1324'.
[  459.819442][T10440] openvswitch: netlink: Unknown nsh attribute 0
[  459.861220][T10440] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  459.974409][T10445] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.1329'.
[  459.985199][T10445] netlink: zone id is out of range
[  459.990435][T10445] netlink: zone id is out of range
[  459.995776][T10445] netlink: zone id is out of range
[  460.000898][T10445] netlink: zone id is out of range
[  460.038810][T10448] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  460.044147][T10445] netlink: zone id is out of range
[  460.049113][T10425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  460.055270][T10445] netlink: zone id is out of range
[  460.071669][T10448] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  460.081953][T10425] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  460.108195][ T5892] usbhid 4-1:0.0: can't add hid device: -71
[  460.115723][ T5892] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  460.151807][ T5892] usb 4-1: USB disconnect, device number 35
[  460.692062][T10466] sd 0:0:1:0: device reset
[  460.879830][T10478] overlayfs: conflicting lowerdir path
[  460.949168][T10479] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  460.963759][   T24] usb 2-1: new full-speed USB device number 41 using dummy_hcd
[  461.278486][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  461.442074][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  461.472423][   T24] usb 2-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  461.605136][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.816065][   T24] usb 2-1: config 0 descriptor??
[  462.165773][T10463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.203669][T10463] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.245693][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  462.254849][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  462.307527][   T24] usb 2-1: USB disconnect, device number 41
[  462.571662][ T5892] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  462.736751][ T5892] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  462.751271][ T5892] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.766618][ T5892] usb 1-1: Product: syz
[  462.771011][ T5892] usb 1-1: Manufacturer: syz
[  462.776355][ T5892] usb 1-1: SerialNumber: syz
[  462.801139][ T5892] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  462.822350][ T5860] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  463.316289][   T24] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  463.494809][   T24] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  463.514375][   T24] usb 3-1: config 0 has no interface number 0
[  463.523425][   T24] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  463.534855][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.543038][   T24] usb 3-1: Product: syz
[  463.549586][   T24] usb 3-1: Manufacturer: syz
[  463.564137][   T24] usb 3-1: SerialNumber: syz
[  463.640546][   T24] usb 3-1: config 0 descriptor??
[  463.673484][   T93] usb 2-1: new full-speed USB device number 42 using dummy_hcd
[  464.437841][ T5860] usb 1-1: Service connection timeout for: 256
[  464.916312][   T24] usb 3-1: Firmware version (0.0) predates our first public release.
[  465.221954][ T5860] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  465.230175][   T93] usb 2-1: device descriptor read/64, error -71
[  465.289435][   T24] usb 3-1: Please update to version 0.2 or newer
[  465.405926][ T5860] ath9k_htc: Failed to initialize the device
[  465.414693][ T5860] usb 1-1: ath9k_htc: USB layer deinitialized
[  465.579077][ T5892] usb 1-1: USB disconnect, device number 28
[  465.617161][   T24] usb 3-1: Firmware: build 
[  465.843476][   T93] usb 2-1: new full-speed USB device number 43 using dummy_hcd
[  466.066014][   T24] usb 3-1: USB disconnect, device number 36
[  466.193786][   T93] usb 2-1: device descriptor read/64, error -71
[  466.345465][   T93] usb usb2-port1: attempt power cycle
[  466.914680][   T30] audit: type=1400 audit(1746194505.740:392): avc:  denied  { create } for  pid=10561 comm="syz.0.1365" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  467.013557][   T24] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  467.118990][   T30] audit: type=1400 audit(1746194505.740:393): avc:  denied  { write } for  pid=10561 comm="syz.0.1365" name="file0" dev="tmpfs" ino=1657 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  467.141502][    C1] vkms_vblank_simulate: vblank timer overrun
[  467.643272][   T24] usb 3-1: Using ep0 maxpacket: 8
[  467.656030][   T24] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  467.833313][   T30] audit: type=1400 audit(1746194505.740:394): avc:  denied  { open } for  pid=10561 comm="syz.0.1365" path="/270/file0" dev="tmpfs" ino=1657 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  467.856102][    C1] vkms_vblank_simulate: vblank timer overrun
[  467.862299][   T24] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  467.906581][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.914726][   T30] audit: type=1400 audit(1746194505.740:395): avc:  denied  { ioctl } for  pid=10561 comm="syz.0.1365" path="/270/file0" dev="tmpfs" ino=1657 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  467.963605][ T5860] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  468.113263][ T5860] usb 4-1: Using ep0 maxpacket: 16
[  468.120086][ T5860] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  468.130985][ T5860] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  468.142409][ T5860] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 1.40
[  468.143739][   T93] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[  468.164980][T10560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  468.183444][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.192819][ T5860] usb 4-1: Product: syz
[  468.198269][T10560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  468.206296][ T5860] usb 4-1: Manufacturer: syz
[  468.211142][ T5860] usb 4-1: SerialNumber: syz
[  468.217988][   T24] usb 3-1: string descriptor 0 read error: -71
[  468.227276][   T24] hub 3-1:32.0: USB hub found
[  468.238176][   T24] hub 3-1:32.0: config failed, can't read hub descriptor (err -22)
[  468.354687][   T93] usb 2-1: config 0 has an invalid interface number: 128 but max is 0
[  468.363088][   T93] usb 2-1: config 0 has no interface number 0
[  468.371764][   T93] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  468.381213][   T93] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.389473][   T93] usb 2-1: Product: syz
[  468.395367][   T93] usb 2-1: Manufacturer: syz
[  468.401387][   T93] usb 2-1: SerialNumber: syz
[  468.408845][   T93] usb 2-1: config 0 descriptor??
[  468.632287][   T30] audit: type=1400 audit(1746194507.450:396): avc:  denied  { unlink } for  pid=5810 comm="syz-executor" name="file0" dev="tmpfs" ino=1657 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  468.896656][T10571] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1368'.
[  469.021379][ T5860] usb 4-1: 0:2 : does not exist
[  469.058283][ T5860] usb 4-1: USB disconnect, device number 36
[  469.096150][ T9777] udevd[9777]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  469.482413][   T24] usb 3-1: USB disconnect, device number 37
[  469.593651][ T8204] udevd[8204]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  469.927157][   T93] usb 2-1: Firmware version (0.0) predates our first public release.
[  469.935997][ T5860] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  469.960777][   T93] usb 2-1: Please update to version 0.2 or newer
[  470.075407][   T93] usb 2-1: USB disconnect, device number 45
[  470.131683][ T5860] usb 5-1: config 0 has an invalid interface number: 128 but max is 0
[  470.373708][ T5860] usb 5-1: config 0 has no interface number 0
[  470.382763][ T5860] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  470.422172][ T5860] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.431355][ T5860] usb 5-1: Product: syz
[  470.470455][ T5860] usb 5-1: Manufacturer: syz
[  470.484970][ T5860] usb 5-1: SerialNumber: syz
[  470.496908][ T5860] usb 5-1: config 0 descriptor??
[  471.183329][T10308] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  471.523562][T10308] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  471.548652][T10308] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.561704][T10308] usb 3-1: Product: syz
[  471.567444][T10308] usb 3-1: Manufacturer: syz
[  471.582089][T10308] usb 3-1: SerialNumber: syz
[  471.609535][T10308] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  471.626534][ T5892] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  471.731687][T10632] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.1390'.
[  471.742639][T10632] net_ratelimit: 10 callbacks suppressed
[  471.742651][T10632] netlink: zone id is out of range
[  471.763401][T10632] netlink: get zone limit has 8 unknown bytes
[  471.769758][ T5860] usb 5-1: Firmware version (0.0) predates our first public release.
[  471.782600][ T5860] usb 5-1: Please update to version 0.2 or newer
[  471.812406][T10626] netlink: 'syz.1.1388': attribute type 1 has an invalid length.
[  471.833347][T10626] netlink: 228 bytes leftover after parsing attributes in process `syz.1.1388'.
[  471.855950][ T5860] usb 5-1: USB disconnect, device number 34
[  472.527249][T10656] overlay: ./bus is not a directory
[  472.535241][T10655] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1397'.
[  473.246909][ T5892] usb 3-1: Service connection timeout for: 256
[  473.262891][ T5892] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services
[  473.304711][T10655] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10655 comm=syz.1.1397
[  473.494670][ T5892] ath9k_htc: Failed to initialize the device
[  473.650830][ T5892] usb 3-1: ath9k_htc: USB layer deinitialized
[  473.804337][ T5860] usb 3-1: USB disconnect, device number 38
[  474.153748][   T24] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  474.400369][   T24] usb 1-1: config 16 has an invalid interface number: 168 but max is 0
[  474.480155][   T24] usb 1-1: config 16 has no interface number 0
[  474.521648][   T24] usb 1-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  474.598720][   T24] usb 1-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  474.613282][   T24] usb 1-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a
[  474.652444][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.689942][   T24] HFC-S_USB 1-1:16.168: probe with driver HFC-S_USB failed with error -5
[  474.774883][ T5860] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  474.799434][T10682] netlink: 'syz.3.1408': attribute type 1 has an invalid length.
[  474.813580][T10682] netlink: 228 bytes leftover after parsing attributes in process `syz.3.1408'.
[  474.843713][ T5892] usb 3-1: new full-speed USB device number 39 using dummy_hcd
[  475.154672][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  475.219833][ T5860] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  475.237702][ T5892] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  475.362909][ T5892] usb 3-1: config 0 has no interface number 0
[  475.369555][ T5860] usb 5-1: New USB device found, idVendor=0404, idProduct=0755, bcdDevice= 0.00
[  475.381692][ T5860] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.391598][ T5892] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  475.402484][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.413452][ T5860] usb 5-1: config 0 descriptor??
[  475.418921][ T5892] usb 3-1: Product: syz
[  475.426372][ T5892] usb 3-1: Manufacturer: syz
[  475.432176][ T5892] usb 3-1: SerialNumber: syz
[  475.439663][ T5892] usb 3-1: config 0 descriptor??
[  475.454235][T10695] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1412'.
[  475.465571][T10695] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10695 comm=syz.1.1412
[  475.636381][ T5860] usbhid 5-1:0.0: can't add hid device: -71
[  475.644616][ T5860] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  475.891800][ T5860] usb 5-1: USB disconnect, device number 35
[  476.347735][ T5892] usb 3-1: Firmware version (0.0) predates our first public release.
[  476.398541][ T5892] usb 3-1: Please update to version 0.2 or newer
[  476.528387][ T5892] usb 3-1: USB disconnect, device number 39
[  476.597141][T10717] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  476.679013][T10714] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1419'.
[  476.688265][ T5860] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  476.719460][   T30] audit: type=1400 audit(1746194515.540:397): avc:  denied  { setattr } for  pid=10713 comm="syz.4.1419" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  476.728680][T10714] netfs: Couldn't get user pages (rc=-14)
[  476.748430][   T30] audit: type=1400 audit(1746194515.540:398): avc:  denied  { write } for  pid=10713 comm="syz.4.1419" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  476.788808][   T30] audit: type=1400 audit(1746194515.540:399): avc:  denied  { open } for  pid=10713 comm="syz.4.1419" path="/276/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  476.825624][T10717] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1419'.
[  476.832922][   T30] audit: type=1400 audit(1746194515.550:400): avc:  denied  { map } for  pid=10713 comm="syz.4.1419" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  476.861659][ T5860] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  476.862203][   T30] audit: type=1400 audit(1746194515.550:401): avc:  denied  { execute } for  pid=10713 comm="syz.4.1419" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  476.895727][   T30] audit: type=1400 audit(1746194515.550:402): avc:  denied  { ioctl } for  pid=10713 comm="syz.4.1419" path="/276/file0" dev="9p" ino=2 ioctlcmd=0x2100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  476.905930][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.972738][   T24] usb 1-1: USB disconnect, device number 29
[  477.099636][ T5860] usb 4-1: Product: syz
[  477.106373][ T5860] usb 4-1: Manufacturer: syz
[  477.111057][ T5860] usb 4-1: SerialNumber: syz
[  477.141476][T10723] IPVS: length: 172 != 8
[  477.208554][   T30] audit: type=1400 audit(1746194516.030:403): avc:  denied  { ioctl } for  pid=10718 comm="syz.1.1420" path="socket:[28067]" dev="sockfs" ino=28067 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  477.238542][ T5860] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  477.787957][ T5892] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  477.979075][ T1109] ==================================================================
[  477.987260][ T1109] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0
[  477.994907][ T1109] Read of size 4 at addr ffff88802994b538 by task kworker/u8:7/1109
[  478.002874][ T1109] 
[  478.005186][ T1109] CPU: 1 UID: 0 PID: 1109 Comm: kworker/u8:7 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  478.005206][ T1109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  478.005217][ T1109] Workqueue: events_unbound netfs_write_collection_worker
[  478.005241][ T1109] Call Trace:
[  478.005247][ T1109]  <TASK>
[  478.005253][ T1109]  dump_stack_lvl+0x116/0x1f0
[  478.005274][ T1109]  print_report+0xc3/0x670
[  478.005288][ T1109]  ? __virt_addr_valid+0x5e/0x590
[  478.005304][ T1109]  ? __phys_addr+0xc6/0x150
[  478.005319][ T1109]  ? iov_iter_revert+0x443/0x5a0
[  478.005333][ T1109]  kasan_report+0xe0/0x110
[  478.005343][ T1109]  ? iov_iter_revert+0x443/0x5a0
[  478.005360][ T1109]  iov_iter_revert+0x443/0x5a0
[  478.005382][ T1109]  netfs_retry_writes+0x166d/0x1a50
[  478.005405][ T1109]  ? __lock_acquire+0xaa4/0x1ba0
[  478.005429][ T1109]  ? __pfx_netfs_retry_writes+0x10/0x10
[  478.005448][ T1109]  ? register_lock_class+0x41/0x4c0
[  478.005466][ T1109]  ? do_raw_spin_lock+0x12c/0x2b0
[  478.005477][ T1109]  netfs_write_collection_worker+0x23fd/0x3830
[  478.005495][ T1109]  process_one_work+0x9cc/0x1b70
[  478.005508][ T1109]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  478.005521][ T1109]  ? __pfx_process_one_work+0x10/0x10
[  478.005540][ T1109]  ? assign_work+0x1a0/0x250
[  478.005556][ T1109]  worker_thread+0x6c8/0xf10
[  478.005577][ T1109]  ? __pfx_worker_thread+0x10/0x10
[  478.005592][ T1109]  kthread+0x3c2/0x780
[  478.005605][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005617][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005627][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005636][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005644][ T1109]  ? rcu_is_watching+0x12/0xc0
[  478.005656][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005665][ T1109]  ret_from_fork+0x45/0x80
[  478.005675][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.005684][ T1109]  ret_from_fork_asm+0x1a/0x30
[  478.005711][ T1109]  </TASK>
[  478.005717][ T1109] 
[  478.192056][ T1109] Allocated by task 5807:
[  478.196368][ T1109]  kasan_save_stack+0x33/0x60
[  478.201045][ T1109]  kasan_save_track+0x14/0x30
[  478.205716][ T1109]  __kasan_kmalloc+0xaa/0xb0
[  478.210292][ T1109]  ref_tracker_alloc+0x18e/0x5b0
[  478.215248][ T1109]  dst_init+0xda/0x580
[  478.219333][ T1109]  dst_alloc+0xbb/0x1a0
[  478.223498][ T1109]  rt_dst_alloc+0x35/0x3a0
[  478.227917][ T1109]  ip_route_input_slow+0x1671/0x3df0
[  478.233189][ T1109]  ip_route_input_noref+0x120/0x2e0
[  478.238377][ T1109]  ip_rcv_finish_core+0x46f/0x2290
[  478.243505][ T1109]  ip_list_rcv_finish+0x1b8/0x720
[  478.248519][ T1109]  ip_list_rcv+0x335/0x450
[  478.252923][ T1109]  __netif_receive_skb_list_core+0x752/0x950
[  478.258890][ T1109]  netif_receive_skb_list_internal+0x752/0xdb0
[  478.265028][ T1109]  napi_complete_done+0x23f/0x970
[  478.270042][ T1109]  virtnet_poll+0x1cfd/0x3c00
[  478.274703][ T1109]  __napi_poll.constprop.0+0xb7/0x550
[  478.280139][ T1109]  net_rx_action+0xa97/0x1010
[  478.284828][ T1109]  handle_softirqs+0x216/0x8e0
[  478.289584][ T1109]  __irq_exit_rcu+0x109/0x170
[  478.294251][ T1109]  irq_exit_rcu+0x9/0x30
[  478.298567][ T1109]  common_interrupt+0xbf/0xe0
[  478.303230][ T1109]  asm_common_interrupt+0x26/0x40
[  478.308239][ T1109] 
[  478.310549][ T1109] The buggy address belongs to the object at ffff88802994b500
[  478.310549][ T1109]  which belongs to the cache kmalloc-32 of size 32
[  478.324498][ T1109] The buggy address is located 24 bytes to the right of
[  478.324498][ T1109]  allocated 32-byte region [ffff88802994b500, ffff88802994b520)
[  478.338970][ T1109] 
[  478.341278][ T1109] The buggy address belongs to the physical page:
[  478.347667][ T1109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2994b
[  478.356408][ T1109] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  478.363931][ T1109] page_type: f5(slab)
[  478.367894][ T1109] raw: 00fff00000000000 ffff88801b441780 0000000000000000 dead000000000001
[  478.376460][ T1109] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[  478.385020][ T1109] page dumped because: kasan: bad access detected
[  478.391409][ T1109] page_owner tracks the page as allocated
[  478.397197][ T1109] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1, tgid 1 (swapper/0), ts 8659185960, free_ts 0
[  478.414719][ T1109]  post_alloc_hook+0x181/0x1b0
[  478.419488][ T1109]  get_page_from_freelist+0x135c/0x3920
[  478.425025][ T1109]  __alloc_frozen_pages_noprof+0x263/0x23a0
[  478.430923][ T1109]  alloc_pages_mpol+0x1fb/0x550
[  478.435857][ T1109]  new_slab+0x244/0x340
[  478.440004][ T1109]  ___slab_alloc+0xd9c/0x1940
[  478.444668][ T1109]  __slab_alloc.constprop.0+0x56/0xb0
[  478.450032][ T1109]  __kmalloc_noprof+0x2f2/0x510
[  478.454873][ T1109]  usb_hcd_submit_urb+0x5cf/0x1c60
[  478.459977][ T1109]  usb_submit_urb+0x87c/0x1730
[  478.464735][ T1109]  usb_start_wait_urb+0x104/0x4b0
[  478.469762][ T1109]  usb_control_msg+0x326/0x4a0
[  478.474507][ T1109]  usb_get_descriptor+0xbb/0x1b0
[  478.479426][ T1109]  usb_get_configuration+0x3ba/0x6510
[  478.484790][ T1109]  usb_new_device+0x11ac/0x1a20
[  478.489624][ T1109]  register_root_hub+0x299/0x730
[  478.494553][ T1109] page_owner free stack trace missing
[  478.499898][ T1109] 
[  478.502202][ T1109] Memory state around the buggy address:
[  478.507814][ T1109]  ffff88802994b400: 00 00 00 00 fc fc fc fc fa fb fb fb fc fc fc fc
[  478.515860][ T1109]  ffff88802994b480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[  478.523989][ T1109] >ffff88802994b500: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[  478.532029][ T1109]                                         ^
[  478.537901][ T1109]  ffff88802994b580: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[  478.545947][ T1109]  ffff88802994b600: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[  478.553992][ T1109] ==================================================================
[  478.633606][ T1109] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  478.640809][ T1109] CPU: 0 UID: 0 PID: 1109 Comm: kworker/u8:7 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  478.652944][ T1109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  478.663007][ T1109] Workqueue: events_unbound netfs_write_collection_worker
[  478.670130][ T1109] Call Trace:
[  478.673400][ T1109]  <TASK>
[  478.676309][ T1109]  dump_stack_lvl+0x3d/0x1f0
[  478.680880][ T1109]  panic+0x71c/0x800
[  478.684756][ T1109]  ? __pfx_panic+0x10/0x10
[  478.689153][ T1109]  ? mark_held_locks+0x49/0x80
[  478.693897][ T1109]  ? preempt_schedule_thunk+0x16/0x30
[  478.699252][ T1109]  ? iov_iter_revert+0x443/0x5a0
[  478.704199][ T1109]  ? preempt_schedule_common+0x44/0xc0
[  478.709661][ T1109]  ? check_panic_on_warn+0x1f/0xb0
[  478.714854][ T1109]  ? iov_iter_revert+0x443/0x5a0
[  478.719785][ T1109]  check_panic_on_warn+0xab/0xb0
[  478.724710][ T1109]  end_report+0x107/0x170
[  478.729016][ T1109]  kasan_report+0xee/0x110
[  478.733409][ T1109]  ? iov_iter_revert+0x443/0x5a0
[  478.738329][ T1109]  iov_iter_revert+0x443/0x5a0
[  478.743070][ T1109]  netfs_retry_writes+0x166d/0x1a50
[  478.748257][ T1109]  ? __lock_acquire+0xaa4/0x1ba0
[  478.753181][ T1109]  ? __pfx_netfs_retry_writes+0x10/0x10
[  478.758715][ T1109]  ? register_lock_class+0x41/0x4c0
[  478.763897][ T1109]  ? do_raw_spin_lock+0x12c/0x2b0
[  478.768905][ T1109]  netfs_write_collection_worker+0x23fd/0x3830
[  478.775060][ T1109]  process_one_work+0x9cc/0x1b70
[  478.779986][ T1109]  ? __pfx_netfs_write_collection_worker+0x10/0x10
[  478.786468][ T1109]  ? __pfx_process_one_work+0x10/0x10
[  478.791845][ T1109]  ? assign_work+0x1a0/0x250
[  478.796504][ T1109]  worker_thread+0x6c8/0xf10
[  478.801101][ T1109]  ? __pfx_worker_thread+0x10/0x10
[  478.806195][ T1109]  kthread+0x3c2/0x780
[  478.810245][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.814820][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.819394][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.823964][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.828537][ T1109]  ? rcu_is_watching+0x12/0xc0
[  478.833285][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.837856][ T1109]  ret_from_fork+0x45/0x80
[  478.842255][ T1109]  ? __pfx_kthread+0x10/0x10
[  478.846827][ T1109]  ret_from_fork_asm+0x1a/0x30
[  478.851583][ T1109]  </TASK>
[  478.854834][ T1109] Kernel Offset: disabled
[  478.859132][ T1109] Rebooting in 86400 seconds..