last executing test programs:

4m7.888260053s ago: executing program 2 (id=3):
io_setup(0x2, &(0x7f0000000180)=<r0=>0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
io_submit(r0, 0x4, &(0x7f0000000480)=[&(0x7f0000000000)={0x0, 0x300, 0x0, 0x5, 0x0, r2, 0x0}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x4, r1, &(0x7f0000000200)="78ae6630ca127828415dfe35e33e7e912c59be819f90f339f01969762bcd9a78fa7cb8b4053d5afa72b8b7db7fe3b412cf0562ba10f067ee0572090bed1a79eb5410347fb7d70e6b442f0432a2e94bb91485569767ee448380395ae807e10dddda045449cf09dd6560b1c8a0eac7ea4df7a562d07179959c540372fcc1724944608b4c02e9dffa92d2f4dfe73b15f31a4733b2cc4f7ca3f759e5a77ca0b59f159d23a66aab4f772d739013fefbbb9fc7c28c3c6e7bc09c6c5249233ffe1290e7cc156f24f481917d040a3128aecc05ed399c8fedcaf636a34b623ee076", 0xdd, 0x3, 0x0, 0x6}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x1, r2, &(0x7f0000000300)="6679a041aa8ae3180af31120e43d1751f9b51c7b7ba3d47b7b9ba4d4b20deea02c0402919a18bee954e7b8db6115cf6b747cceffb6c7534b41975882b7514e923ef96fc870036d0c22f1207ad489c585fe5f2161155ebf981f58a1b5094cce881d49647ad94f6266904feb1246928193815f33596ad999c024094dbe1eeb241f16b74b238f69c0a02aae883f8b8fbda53ce8f961764278eb6d33e5f6d40e04653439d40bef76b944bee350f78508", 0xae, 0x9, 0x0, 0x0, r2}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0x9, r1, &(0x7f00000003c0)="ef6a131a816ddee8fc41e583f158cbc185b4142d9adf5f23a1f4a41f1d5c40bde84c3acc0ee705860e09b9783b56d7faf49c5a3c57f791b57032ce42cf42750a1eccd3ad74146cf5c418b004b582b6d6173df837c0de76c431769263594f869e46f6807562e34a6e185a734e77455df463d34667b570d606814ff466043cf821e413bbe65ae9a9f07f163b477ae1e6bb8921eb8c4cb206e2fd9505a094efebf1ded94046fc85bf", 0xa7, 0x6, 0x0, 0x2, r2}])

4m7.524555871s ago: executing program 2 (id=6):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000906010200001000000000000200ffff0500e4ff06000000921149167de661eee7f305198080326bdd28ba42411203f2df320a4f3506f2be1413836d"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4000080)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

4m7.424311502s ago: executing program 2 (id=7):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000640)={0x81, 0x2, 'client0\x00', 0x0, "1e1dc136d6f4bdda", "a973ee4846d9504bc69a10238bcd150b0e95547bd679f139106e78e15913759d", 0x0, 0xfffffff9})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) (async)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "fe1d0e0014000000000000000000008000"}})
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) (async)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
syz_open_dev$evdev(&(0x7f00000000c0), 0x3f, 0x822f01)
openat$vimc1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000080), 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, 0x0)
r5 = syz_io_uring_setup(0x2ddd, 0x0, &(0x7f0000000100), &(0x7f0000000140))
syz_io_uring_setup(0x5e2, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000180), &(0x7f0000000380)) (async)
syz_io_uring_setup(0x5e2, &(0x7f0000000000)={0x0, 0x2}, &(0x7f0000000180), &(0x7f0000000380))
io_uring_enter(r5, 0x381b, 0x0, 0x0, 0x0, 0x0) (async)
io_uring_enter(r5, 0x381b, 0x0, 0x0, 0x0, 0x0)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000400)={0x129042, 0x2fe1c396d5455eea, 0x2}, 0x18) (async)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000400)={0x129042, 0x2fe1c396d5455eea, 0x2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1400000004000000080000002200000000000000", @ANYRES32, @ANYBLOB="0000000000000000000100000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1400000004000000080000002200000000000000", @ANYRES32, @ANYBLOB="0000000000000000000100000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, &(0x7f0000000040)=0xe5, 0x4)
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
keyctl$read(0xb, 0x0, &(0x7f0000000080)=""/156, 0x9c)

4m6.020660558s ago: executing program 2 (id=11):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000001080)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x17, &(0x7f0000001a00)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@btf_id={0x18, 0x5, 0x3, 0x0, 0x2}, @jmp={0x5, 0x0, 0x6, 0xa, 0xa, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @generic={0xf, 0x0, 0xe, 0x6, 0x6}, @jmp={0x5, 0x1, 0x7, 0x6, 0x5, 0x1, 0xffffffffffffffff}, @ldst={0x1, 0x1, 0x2, 0xb, 0x4, 0xfffffffffffffffc, 0x10}, @alu={0x4, 0x1, 0xa, 0x1f, 0x9, 0x6, 0xffffffffffffffff}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
socket$inet6(0xa, 0x3, 0x8000000003c)
r7 = syz_open_procfs(0x0, &(0x7f00000021c0)='maps\x00')
read$char_usb(r7, &(0x7f0000000040)=""/4122, 0x101a)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x4000000, 0x4, 0xff, 0x0, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000001ac0)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001980)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="b2de8da3364a18ebfebb9153c3dbad272db7b4c5e9da0168d9f3deea9c4a2894ff02d4023c"], 0x1c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x10)
write$UHID_INPUT(r1, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={0x1}, 0x4)

4m4.867005113s ago: executing program 2 (id=15):
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000040)={0x0, 0x47524247, 0x2, @discrete={0x7, 0x6}})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$unix(0x1, 0x5, 0x0)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r3=>0x0})
connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=r1, @ANYBLOB="3bf81bb9f9"], 0x20000600}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[], 0x4640}, 0x2}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x20, 0x3)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0)
semget$private(0x0, 0x1, 0x0)
madvise(&(0x7f000042f000/0x800000)=nil, 0x800002, 0x14)

4m2.316359211s ago: executing program 2 (id=24):
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSTATFS(r0, &(0x7f0000000080)={0x43, 0x9, 0x2, {0x5, 0xe52, 0x2, 0x3562, 0x3, 0x4, 0x2, 0x21, 0x480969bf}}, 0x43)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x129002)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELOBJ={0x1c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}]}], {0x14}}, 0x44}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=<r5=>0x0)
fanotify_init(0x40, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000340)={'#! ', '.', [], 0xa, "d119735271fb55355e645f70cb98c9623446937aa8250b32bc0e123ee3da605e2dc77c15022dd2bc83ee6482f8884664d17029fc9000faf7791a70f62cc4eb8763ef49d4c6cfe751f0c0856e2012"}, 0x1f55d5484f485e4a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
connect$phonet_pipe(r2, &(0x7f0000000200)={0x23, 0xc8, 0x3, 0x81}, 0x61)
connect$nfc_llcp(r2, &(0x7f0000000140)={0x27, r5, 0x1, 0x5, 0x0, 0x6, "1598d0875227d7ce055fe9a41686977fdc815e65a87fb3cad8f4f4553da4b1038173ebb07550aa59271691d2cf59b23f9c5807a0273c8adcf9ee06aa0267f8", 0x2a}, 0x60)
fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1)

3m46.903696706s ago: executing program 32 (id=24):
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RSTATFS(r0, &(0x7f0000000080)={0x43, 0x9, 0x2, {0x5, 0xe52, 0x2, 0x3562, 0x3, 0x4, 0x2, 0x21, 0x480969bf}}, 0x43)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc0004}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x129002)
r2 = dup(r1)
r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_DELOBJ={0x1c, 0x14, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x6}]}], {0x14}}, 0x44}}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000100)=<r5=>0x0)
fanotify_init(0x40, 0x1)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000340)={'#! ', '.', [], 0xa, "d119735271fb55355e645f70cb98c9623446937aa8250b32bc0e123ee3da605e2dc77c15022dd2bc83ee6482f8884664d17029fc9000faf7791a70f62cc4eb8763ef49d4c6cfe751f0c0856e2012"}, 0x1f55d5484f485e4a)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0)
preadv(r6, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
connect$phonet_pipe(r2, &(0x7f0000000200)={0x23, 0xc8, 0x3, 0x81}, 0x61)
connect$nfc_llcp(r2, &(0x7f0000000140)={0x27, r5, 0x1, 0x5, 0x0, 0x6, "1598d0875227d7ce055fe9a41686977fdc815e65a87fb3cad8f4f4553da4b1038173ebb07550aa59271691d2cf59b23f9c5807a0273c8adcf9ee06aa0267f8", 0x2a}, 0x60)
fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1)

9.841356125s ago: executing program 5 (id=914):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r0, 0x101, 0x1, &(0x7f0000000040)=0x2, 0x4)

9.776851845s ago: executing program 5 (id=915):
openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
syz_emit_ethernet(0xa6, &(0x7f0000000300)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaabb86dd6012000800703afffe8000000000000000000000000000bbff0200000000000000000000000000018600907800000000425b6a7d3c4017ab000aa78ce54006598080a8030037004023493b87aa2ee4c212ebf514faffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af18020001ffff6b8a87445aa3a9b60000338e574e2dfa751c3f078a996f08ab8c5334354af8608cf24a5641c5f2bdafdad3bdd592e4a8f7b40bd5b2949621f1523eb2b92b6f5a774baddfdb45a3f570a9140fbc979609924551ca70f05b5827516292a1abe80f95d30cb2bb984ff0d63b395ce4b898beee9390de5fefccdcec686912c377057ad87e5dd5d63ee20f82e1f9d1f66745d5a8a0103b7f62309548a2f7ea7715761053e790999a794a11fe64033f0322a17eb051ced6f805"], 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6012000c00103afffe8000000000000000000000000000bbff02000000000000000000000000000186007b7800fd02000000000000000000"], 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a30000000120a090000000000000000002d00000008000440080000000900010073797a30000000000800034000000003140000001100010000000000000000000500000af47b3acf50fa25f4fe82ae63aacae0601ab23364a666ed03bfad1d4a32cae5232815fde172ed5de21b3e678b953abdac35dcde348da84f6020a40cf71e92690c1788d82caa9458347e51cc33980d17e5a53aeb927b0e4e00dfb1a0bc2ba07c3bd2abc809af176849aac4aa24a22a6047f864b9137049fef69253d5cfe417323955c9eca3c0e2b393947d496c002e7d41d1eae5b9be9f73cf0649ce98e96a0e12f22958645be0b18a2052fe43ff2650465da0b790c4cc9057760cbb7b6e3505b1cdf695801c"], 0x58}}, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x5, 0xc3011, r0, 0x86044000)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4004)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}}, 0x0)
ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000600)=<r4=>0x0)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace$poke(0x420e, r5, &(0x7f0000000080), 0x0)
r6 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
r7 = socket$isdn(0x22, 0x3, 0x24)
kcmp$KCMP_EPOLL_TFD(r4, r5, 0x7, r1, &(0x7f0000000680)={r6, r7, 0x715})
sendmsg$NFT_MSG_GETOBJ(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0xa, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x24040808)
syz_usb_control_io(r2, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f00000008c0))
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f00000007c0)="000043fe043dafab12828b574fb87de8c2ea3ae6536ae88a7eab66e41b3c7fa581", 0x21)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x4008af21, &(0x7f00000000c0))

8.840730418s ago: executing program 4 (id=919):
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000900))
r0 = socket$packet(0x11, 0x2, 0x300)
sendmmsg$sock(r0, &(0x7f0000000380)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3, 0x3, 0x0, 0x1}}, 0x80, 0x0}}], 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x588d}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

7.864433347s ago: executing program 4 (id=923):
syz_emit_ethernet(0x52, &(0x7f0000000340)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd608a27f2001c2c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa000000f6"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f0000000300)={{0x6e63}, 0xc}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'lo\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@bridge_delneigh={0x1c, 0x1d, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r3, 0x8, 0x67}}, 0x1c}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11004001"], 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
r7 = socket(0x11, 0x800000003, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x0)
r8 = semget(0x0, 0x0, 0x90)
semtimedop(r8, &(0x7f0000000280)=[{0x4, 0x5}, {0x0, 0xfffe, 0x1000}, {0x0, 0x9}, {0x4, 0x4}, {0x0, 0x100, 0x1000}], 0x5, &(0x7f00000002c0))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r9 = epoll_create1(0x0)
r10 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r10, 0xc0045516, &(0x7f0000000000)=0xfff)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r10, &(0x7f00000001c0))
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r10, 0xc1105517, &(0x7f0000000080)={{0x21008, 0x3, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000600)={'team0\x00', <r11=>0x0})
ioctl$BTRFS_IOC_FS_INFO(r7, 0x8400941f, &(0x7f00000008c0))
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r12, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@newqdisc={0xb0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r11, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x80, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x81}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xb}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xf122}]}]}]}}]}, 0xb0}}, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000200)="ba2000b0fc6ebaf80c66b8b9b5db8766ef66b9800000c00f326635001000000f3066b890bfcf8566efbafc0cedec0f01c966b9000200000f3266b9800000c00f326635002000000f30360f01c4ad120f00d1f39ef80db8f4ce1b8066efba0cb80000ef0f01c5", 0x66}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)

7.460152823s ago: executing program 4 (id=928):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xffe00000}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001600010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="14000200fe800000000000ce3d1c2100000000aa"], 0x2c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000ac4f2de95fcb71762e51e91800000018000000020000000000000000000084ffffffff000000"], 0x0, 0x32, 0x0, 0x0, 0x1000, 0x0, @void, @value}, 0x28)
ioctl$SIOCAX25CTLCON(r2, 0x89e9, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x3a)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x7, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x2f}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xb}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x9, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x4}, {0x6, 0x0, 0x5, 0x7}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, &(0x7f0000000080))
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)

6.335624542s ago: executing program 1 (id=931):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = io_uring_setup(0x1baa, &(0x7f0000000340)={0x0, 0x53e8, 0x40, 0x1, 0x310})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
bind$netlink(r2, &(0x7f0000000280)={0x10, 0x0, 0x25dfdbfb, 0x4140045e}, 0xc)
bind$netlink(r1, &(0x7f0000000000)={0x10, 0x0, 0x25dfdbfb, 0x22ffffffff}, 0xc)
close_range(r0, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r7 = dup(r6)
write$UHID_INPUT(r7, &(0x7f0000001040)={0xf, {"a2e3ad21ed0d09f91b33090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f3b006d090890e0878f0e1ac6e7049b336d959b6c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r8 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_procs(r8, &(0x7f0000000480)='cgroup.procs\x00', 0x2, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r10 = openat$cgroup_procs(r9, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r10, r10, 0x0, 0x2)

5.897426757s ago: executing program 5 (id=932):
socket$inet6(0xa, 0x3, 0xff)
r0 = syz_io_uring_setup(0x16c2, &(0x7f0000000480)={0x0, 0xbd12, 0x10100, 0x0, 0x32a}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x3})
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='.'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d3e, 0xf5ff, 0x0, 0x0, 0x0)

5.466121263s ago: executing program 5 (id=933):
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000900))
r0 = socket$packet(0x11, 0x2, 0x300)
sendmmsg$sock(r0, &(0x7f0000000380)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x3, 0x3, 0x0, 0x1}}, 0x80, 0x0}}], 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x588d}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

4.66344048s ago: executing program 4 (id=934):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x6f, &(0x7f00000002c0)=ANY=[@ANYRES32=r2, @ANYRES8=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYBLOB="18accb2d9e2f5ac9ac1a12c6a90ce791c8a0bb36ea67c822b8013ee63e6f", @ANYBLOB="0000000000000000b702000000000000c50000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xcf, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000340)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000004c0)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000)
r6 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000100)=0xd)
sendmsg$unix(r3, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_aout(r7, &(0x7f0000000d80)={{0x108, 0x0, 0x3, 0x102, 0x20a, 0x9, 0x23f, 0x1}, "6fd95374f8a455a7ad7f6c16e2c7900d21ae21d535c3337dc5108dd0f62e5a0c33268cdbe666f713f87d2751a303176c3b50ee8f675bf3a297337d254e6fde27a164baaae6785bc5d4abcbc065b7aa0918a68a25214322c070de6dadea3b8a0e25524591322163f343c776465fd623523a1b14b643037df533da8bfbacc87245639d7dc9b15e825ee50a5ec211f445e1f0416d0508fcad09bcc1e5a00c1fc7cf0ae789fd056ef3836d6928052128bea54c88cb8c509c3c3c2d6e95c7316268ce9854df2624c25a46", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7e8)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r0)
sendmsg$IEEE802154_ASSOCIATE_REQ(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x34, r8, 0x1, 0x40000, 0x0, {}, [@IEEE802154_ATTR_CAPABILITY={0x5}, @IEEE802154_ATTR_COORD_PAN_ID={0x6}, @IEEE802154_ATTR_COORD_SHORT_ADDR={0x6, 0x8, 0xfffe}, @IEEE802154_ATTR_CHANNEL={0x5}]}, 0x34}}, 0x0)
r9 = socket$netlink(0x10, 0x3, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000000203010200000000000000000000000000c037b16a7c0000"], 0x1c}}, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x8000000004)
socket$nl_generic(0x10, 0x3, 0x10)

4.600529131s ago: executing program 1 (id=936):
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r0, 0x114, 0xa, 0x0, 0x0)

4.517471677s ago: executing program 0 (id=937):
r0 = socket$inet(0x2, 0x6, 0x0)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x20, @private=0xa010101}, 0x10)

4.167875978s ago: executing program 0 (id=938):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b3", 0xa3}], 0x1)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCSIFBR(r3, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2})
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="02011400010018000e3580009f0001140000002f0604ac14141de0000003808a8972bd0b72e41082b9a3d206"], 0xdd12}], 0x1}, 0x20040851)
socket(0x11, 0x3, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00'}) (async)
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) (async)
writev(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000480)="57c761f654db5f3098ae64ce385ffcfed0ef110d93cbe7fa1f4f2327602a291192f5fe9863d527e303153f68b04c18db5a48756a583789e9895746c12b9d4e1224c9e17563edff39dd0b7d73fbb4b5a64e7b6db65b84b82f6c938205b2d8560f0da2f775e85175f74ed70033681e96d30fe8a7c2866c59e8f2e2d253ee55115be95aef4a8688989faa6f27db0ea71914ea8150aa35afc828c97af0ec5cc718ca2a58b3", 0xa3}], 0x1) (async)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4) (async)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
ioctl$sock_SIOCSIFBR(r3, 0x890c, &(0x7f0000000000)=@generic={0x0, 0x2}) (async)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f00000004c0)=ANY=[@ANYBLOB="02011400010018000e3580009f0001140000002f0604ac14141de0000003808a8972bd0b72e41082b9a3d206"], 0xdd12}], 0x1}, 0x20040851) (async)

4.166864069s ago: executing program 5 (id=939):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r0, 0xc0105500, &(0x7f0000000040)={0x80, 0x6, 0x303, 0x0, 0x0, 0x0, 0x0})
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'dh\x00', 0x1, 0x7, 0x49}, 0x2c)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
r4 = gettid()
sched_setscheduler(r4, 0x1, &(0x7f0000000200)=0x7)
syz_open_procfs(r3, &(0x7f00000000c0)='net/udplite\x00')
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket(0x40000000015, 0x5, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, 0x0}, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x4, 0x0}, 0x4e21, 0x3, 'lc\x00', 0x2, 0x81, 0x19}, {@local, 0x4e20, 0x4, 0xc3, 0x12d5c, 0x12d5c}}, 0x44)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000002200)='/proc/bus/input/handlers\x00', 0x0, 0x0)
lseek(r8, 0xfffffffffffffff5, 0x1)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0xa0}, @call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="b9ff03316844268cb89e14f00800", 0x0, 0x9, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e21, 0x3, 'wrr\x00', 0x4, 0x81, 0x5}, {@rand_addr=0xac1414aa, 0x4e23, 0x3, 0x1cb, 0x12d5c, 0x12d5c}}, 0x44)

4.150371425s ago: executing program 1 (id=940):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.227645828s ago: executing program 4 (id=942):
syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000b24c8d20dc0501000100010203010902240103ff0010000904100002ee899800090502020002020000090582020002000000"], 0x0)
iopl(0x3)
r0 = gettid()
pipe(&(0x7f0000000000)={<r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x80, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))

3.063752012s ago: executing program 3 (id=943):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
syz_open_procfs(0x0, &(0x7f0000004440)='net/ptype\x00')
setuid(0x0)
mount$afs(&(0x7f00000002c0)=@cell={0x25, '', 'syz0', '.backup'}, &(0x7f0000000580)='./file0\x00', &(0x7f00000005c0), 0x108000, &(0x7f0000000600)={[{@flock_strict}, {}, {}, {}, {@flock_local}], [{@func={'func', 0x3d, 'MODULE_CHECK'}}, {@euid_lt}]})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x101042, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
epoll_create1(0x80000)
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}}}, 0x9)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x3b00, 0x0, 0x0)
socket$inet6(0xa, 0x1, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x30, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)
r3 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000340), r0)
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f0000000500)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x28, r3, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x0, 0x81]}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xf64}]}, 0x28}}, 0x8008)
sendmsg$NL80211_CMD_GET_MPP(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}]}, 0x28}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r6=>0x0})
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000680)={0x4, 0x1, 0xb, 0x400}, 0x10)
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000b80)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x4, {0x0, 0x0, 0x0, r6, {0x0, 0x10}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x14f6}]}, 0x3c}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=@newlink={0xf0, 0x10, 0x401, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, 0x71104, 0x816}, [@IFLA_WEIGHT={0x8, 0xf, 0xffff}, @IFLA_PROTO_DOWN={0x5, 0x27, 0x9}, @IFLA_AF_SPEC={0xc0, 0x1a, 0x0, 0x1, [@AF_BRIDGE={0x4}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8, 0x6, 0x0, 0x0, 0x4}, {0x8, 0x0, 0x0, 0x0, 0x9}, {0x8, 0x1c, 0x0, 0x0, 0x200}, {0x8, 0x17, 0x0, 0x0, 0x7}]}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x0, 0x2}, {0x8, 0xe, 0x0, 0x0, 0x40}, {0x8, 0x1b, 0x0, 0x0, 0x8}, {0x8, 0x3, 0x0, 0x0, 0x472}, {0x8, 0x21, 0x0, 0x0, 0x3}]}}, @AF_MPLS={0x4}, @AF_INET6={0x3c, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @broadcast}}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x3}]}, @AF_MPLS={0x4}, @AF_BRIDGE={0x4}]}]}, 0xf0}, 0x1, 0x0, 0x0, 0x800}, 0x110d0)
r7 = socket$inet_icmp(0x2, 0x2, 0x1)
setsockopt$inet_int(r7, 0x0, 0xb, &(0x7f00000006c0)=0x81, 0x4)

2.982498151s ago: executing program 0 (id=944):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000340)={0xa, 0x4e24, 0x9, @ipv4={'\x00', '\xff\xff', @private=0xa010100}, 0xffe00000}, 0x1c)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001600010000000000000000000a000000", @ANYRES32=0x0, @ANYBLOB="14000200fe800000000000ce3d1c2100000000aa"], 0x2c}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb01001800000000000000ac4f2de95fcb71762e51e91800000018000000020000000000000000000084ffffffff000000"], 0x0, 0x32, 0x0, 0x0, 0x1000, 0x0, @void, @value}, 0x28)
ioctl$SIOCAX25CTLCON(r2, 0x89e9, 0x0)
syz_init_net_socket$ax25(0x3, 0x2, 0x3a)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x7, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x2f}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x0, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9, 0x0, 0xb}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {}, {}, {0x4, 0x0, 0x7}, {0x18, 0x9, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8, 0x4}, {0x6, 0x0, 0x5, 0x7}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, 0x0, &(0x7f0000000080))
pipe2$9p(&(0x7f0000001900)={0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)

2.980462193s ago: executing program 1 (id=945):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = dup(r1)
ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, &(0x7f0000000400))
r3 = syz_open_dev$video4linux(&(0x7f0000000000), 0x9241, 0x0)
syz_usb_connect(0x1, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r4, &(0x7f0000000100)=[{&(0x7f0000000180)="4a146186", 0x4}], 0x1)
r5 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x7c0, 0x1125, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r5, 0x0, 0x0)
syz_usb_control_io$hid(r5, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="104e"], 0x0}, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r3, 0xc038563b, &(0x7f0000000140)={0x3, 0x2})

2.568430843s ago: executing program 3 (id=946):
r0 = socket(0x2b, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000180)={@private0, 0x8000000, 0x0, 0xff, 0x1}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0x8000000, 0x0, 0xff}, 0x20)
getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, &(0x7f0000001300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x8}]}, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0xe, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5, @void, @value}, 0x94)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
close(0x3)
r3 = socket(0x80000000000000a, 0x4, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r4, 0x401c5504, &(0x7f00000002c0)={0x3f})
ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x3)
write$uinput_user_dev(r4, &(0x7f0000001740)={'syz1\x00', {}, 0x2, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6]}, 0x45c)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r5, 0x80045400, &(0x7f0000000340))
ioctl$UI_DEV_CREATE(r4, 0x5501)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r8=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="200000001100010080f5823c3a99af0cde000000", @ANYRES32=r8], 0x20}}, 0x20008040)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, 0x0, 0x8050)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r10=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@delchain={0x34, 0x5f, 0xf31, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xd, 0x2}, {0x1, 0x1}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000600)={'sit0\x00', &(0x7f0000000500)={'syztnl1\x00', 0x0, 0x8000, 0x7, 0x4, 0xffff, {{0x18, 0x4, 0x1, 0x4, 0x60, 0x64, 0x0, 0x81, 0x2f, 0x0, @multicast1, @remote, {[@timestamp={0x44, 0xc, 0x73, 0x0, 0x9, [0x8, 0x8]}, @generic={0x94, 0x9, "2921cd05fb2ba3"}, @end, @timestamp_prespec={0x44, 0x24, 0x50, 0x3, 0xf, [{@private=0xa010100}, {@rand_addr=0x64010102, 0xb117}, {@empty, 0x1}, {@loopback}]}, @cipso={0x86, 0x12, 0x0, [{0x5, 0x3, 'f'}, {0x2, 0x9, "a52419bed05cde"}]}]}}}}})
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000740)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000700)={&(0x7f0000000640)={0x14, r9, 0x300, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4800)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0xa4ffffff, @rand_addr=' \x01\x00'}}}, 0x15a)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})

2.430082258s ago: executing program 0 (id=947):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000040)=[0x0], 0x0, 0x0, &(0x7f0000000180)=[<r1=>0x0], 0x1, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f00000002c0)={r1})

2.32191666s ago: executing program 0 (id=948):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x80000000000001, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r2 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000))
r3 = shmget$private(0x0, 0x9000, 0x0, &(0x7f0000ff7000/0x9000)=nil)
shmat(r3, &(0x7f0000ffa000/0x3000)=nil, 0x6000)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x9)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f0000010300)=[{&(0x7f0000010380)=""/47, 0x2f}], 0x1)
socket$netlink(0x10, 0x3, 0x8)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x7bfe, &(0x7f0000000300)={0x0, 0x559e, 0x80, 0x1, 0x27c, 0x0, r2}, &(0x7f0000000040), &(0x7f00000000c0))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r7 = socket$phonet(0x23, 0x2, 0x1)
ioctl$SIOCPNDELRESOURCE(r7, 0x89ef, &(0x7f0000004880)=0x1)

2.21225388s ago: executing program 3 (id=949):
r0 = socket$inet6(0xa, 0x6, 0xfffffffc)
prlimit64(0x0, 0xe7887a82ccd72193, &(0x7f0000000140)={0x0, 0x2b6}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x402)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
pipe(&(0x7f0000000000))
r3 = open(0x0, 0x141b42, 0xfa)
socket$nl_route(0x10, 0x3, 0x0)
epoll_create1(0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0xfffffffffffffffd, &(0x7f0000000600)={<r7=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r6, &(0x7f0000000040)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x0, 0x0, @private2}, r7}}, 0x30)
write$RDMA_USER_CM_CMD_LISTEN(r6, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r7}}, 0x10)
write$RDMA_USER_CM_CMD_DESTROY_ID(r6, &(0x7f0000000080)={0x1, 0x10, 0xfa00, {0x0, r7}}, 0x75)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x200000000000026f, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r8}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
listen(r3, 0xb2)

1.950354843s ago: executing program 0 (id=950):
syz_open_procfs(0x0, &(0x7f0000000500)='attr/current\x00')
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x400041)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000004c0), 0x208e24b)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000240)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, &(0x7f0000000180)=[<r2=>0x0], 0x8, 0x0, 0x0, 0x1})
r3 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r4, &(0x7f0000000280)=""/239, 0xef)
ioctl$HIDIOCGREPORT(0xffffffffffffffff, 0x400c4807, 0x0)
write$char_usb(r4, 0x0, 0x0)
read$char_usb(r4, 0x0, 0x0)
syz_usb_disconnect(r3)
syz_usb_connect$uac1(0x0, 0x0, 0x0, 0x0)
r5 = syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="1201640200000000000109022d00010000004900000000000000000009210000f80122070009058103000004000009050203ff030108060000000000000000"], 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_TX_POWER(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, r7, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x28}, 0x1, 0x0, 0x0, 0x4044}, 0x8800)
syz_open_dev$hiddev(0x0, 0x0, 0x10900)
syz_usb_control_io(r5, 0x0, 0x0)
syz_usb_control_io(r5, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0)
r8 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r8, 0xc018480b, 0x0)
r9 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x802)
writev(r9, &(0x7f0000000780)=[{&(0x7f0000000400)="24005afeddcdb55a812726b3efad3faf7c787270da64446053c0fa8e30a456dcf510135a8ac7ce90bb8d5c73a552043fbbd37e160e", 0x35}], 0x1)
ioctl$HIDIOCGPHYS(r8, 0x80404812, 0x0)
ioctl$DRM_IOCTL_MODE_GETENCODER(r0, 0xc01464a6, &(0x7f00000002c0)={r2})

1.817364594s ago: executing program 5 (id=951):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000280)='./file0\x00', 0xa2502, 0x89)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write(r3, &(0x7f00000003c0)="28eac7", 0x3)
write$uinput_user_dev(r3, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x8, 0xfffa}, 0x1d, [0x86, 0xc95a, 0x3, 0x3, 0x80, 0x2, 0x1, 0x7f, 0x5, 0x4d, 0x4253b114, 0x2, 0xa, 0x3, 0xffff2d35, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x3, 0x24, 0xffffffff, 0x1, 0x52, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x3, 0x5, 0x3c, 0x8f, 0x5, 0x6, 0x3, 0x5, 0x8, 0x3, 0x0, 0x81, 0x0, 0x5, 0xfffffff7, 0x8, 0x4, 0x1, 0x40], [0x40, 0xffff, 0x12f, 0x8000, 0x10, 0x7f, 0x129432e6, 0xce, 0xf6, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x0, 0x7, 0x9, 0x10001, 0x9, 0x101, 0x78, 0xea4, 0xa, 0x4, 0x4, 0x8000, 0x800009, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0xffff, 0x9, 0x5f31, 0x0, 0x8, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x3, 0x4, 0x1, 0x7, 0x6, 0xa, 0x48c93690, 0x2, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d3, 0x9, 0x6, 0x7fff, 0x100, 0x6, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1f0, 0x5, 0x8, 0x86, 0x8, 0x10000009, 0x3e7, 0x2, 0x2, 0x202, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x25, 0x3b, 0x9, 0x200, 0x80, 0x3, 0x6, 0x2950bfaf, 0x7, 0xa2, 0x7, 0x2, 0x5, 0x6, 0x54fe12d2, 0xbf, 0xb, 0x1, 0x400000, 0xfeffffe9, 0x1, 0x1, 0x5, 0x1, 0x5, 0x0, 0x120000, 0x3, 0x6, 0x9, 0x5, 0x3], [0x9, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0x7, 0x5, 0xce7, 0x1ff, 0x6, 0x0, 0x5, 0x2, 0x101, 0x10000, 0x6, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x7, 0x60a7, 0x6, 0x6, 0xffffffff, 0x80000000, 0x805, 0x8, 0xc8, 0xca2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x6, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x80000009, 0x1, 0x6c1b, 0x0, 0x4, 0x8, 0xb1c, 0x1, 0x200, 0xfbff3441, 0xfff]}, 0x45c)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r2, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1f, 0x1}}, 0x3c)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f00000000c0)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(r4, 0x1, &(0x7f0000000180)=0x3)
prctl$PR_SET_MM(0x23, 0xb, &(0x7f000068c000/0x3000)=nil)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='\r\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010026bd7000fedbdf254c0000003700a800d1fa2e17c25af07819a90b3207ce5d487ceec3aed64b6c5e3518f65d3ec10627317661f292e65593b2e4967dba4271edb6bb00000e0001006e657464657673696d0000000f0002006e657464657673696d300000"], 0x6c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r9}, 0x10)
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/diskstats\x00', 0x0, 0x0)
r11 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0)
sendfile(r11, r10, 0x0, 0x67f)

1.191713947s ago: executing program 1 (id=952):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x2, 0xc, 0x1008, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r2=>0x0})
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = getpid()
syz_pidfd_open(r3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r5 = dup(r4)
write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
pselect6(0x40, &(0x7f0000000600), 0x0, &(0x7f0000000680)={0x7ff}, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$KDSIGACCEPT(0xffffffffffffffff, 0x4b4e, 0xe)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
r8 = socket$packet(0x11, 0x2, 0x300)
setsockopt$sock_int(r8, 0x1, 0x28, &(0x7f0000000080)=0xffff, 0x4)
sendmsg$nl_xfrm(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@allocspi={0x120, 0x16, 0x1, 0x0, 0x0, {{{@in=@broadcast, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@private0, 0x0, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x0, 0xd1}, [@address_filter={0x28, 0x1a, {@in=@rand_addr=0x64010102, @in=@dev={0xac, 0x14, 0x14, 0x16}, 0x2, 0x6, 0x7}}]}, 0x120}}, 0x0)
r9 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r9, 0x800c5012, &(0x7f0000000080))
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {}, {}, {0xc, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x20044010)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r10=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r10, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40})
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000e00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r11}, 0x10)

1.074150213s ago: executing program 3 (id=953):
r0 = open(&(0x7f0000000040)='./file0\x00', 0x101040, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x0, &(0x7f0000000100)=0x400000bd0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10)
sendto(r2, 0x0, 0x0, 0x840, 0x0, 0x0)
fcntl$setsig(r0, 0xa, 0x21)
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f00000000c0))
fcntl$setlease(r0, 0x400, 0x1)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000600)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffdf5, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10000000, @void, @value}, 0x94)
openat(0xffffffffffffffff, &(0x7f00000003c0)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r4, 0xc08c5332, &(0x7f0000000500))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000080), 0xc, 0x109042)
syz_open_dev$amidi(&(0x7f0000000040), 0x3, 0x2c4e03)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
clock_gettime(0x4, &(0x7f0000000180))
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r6, 0x0, 0x0)

227.736831ms ago: executing program 1 (id=954):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, &(0x7f0000000080)={0x14, &(0x7f00000001c0)=ANY=[], 0x0}, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)

120.072114ms ago: executing program 4 (id=955):
r0 = socket(0x10, 0x400000000080803, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000480)=@ethtool_ringparam={0x4, 0x0, 0x5, 0x0, 0x8fc3, 0x1, 0x20000, 0x0, 0xf}})
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000340)={<r1=>0x0, 0x9a, "b6933ababf6baa692621b9df9828088878ac7fee62c128ff4c67b7865ee71bbb6d35614f8cc15212066cdf5a15d7aad28748152efd6445313e63321f409f44573aa320badfcc418381123d740f3a5c155388fe0b5c6ac3c727c2b47acf30fa59f6be7eb76aa80bee5111eab3976ef7741fb75c51f5bbf6c22da5f5a8c15173f26ca34ffe83909fb6fda1c161f32b0ed43825bac2f72a3637c40f"}, &(0x7f0000000000)=0xa2)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x7, 0x9, 0x1, 0x3, 0x6, 0x2, 0x66, 0x4, r1}, &(0x7f00000000c0)=0x20)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockname$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @empty}, &(0x7f0000000400)=0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x87}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

90.638034ms ago: executing program 3 (id=956):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)

0s ago: executing program 3 (id=957):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_REG_PROTO_MIN={0x8, 0x1, 0x1, 0x0, 0xa}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0) (fail_nth: 1)

kernel console output (not intermixed with test programs):

cdDevice= 0.00
[  191.859867][  T900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.871665][  T900] usb 4-1: config 0 descriptor??
[  191.878614][ T7875] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  191.946052][ T7899] netlink: 'syz.1.496': attribute type 2 has an invalid length.
[  191.958074][ T7899] netlink: 28 bytes leftover after parsing attributes in process `syz.1.496'.
[  192.521088][ T5872] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  192.599229][  T900] usbhid 4-1:0.0: can't add hid device: -71
[  192.606646][  T900] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  192.662473][ T5872] usb 1-1: device descriptor read/64, error -71
[  192.677622][  T900] usb 4-1: USB disconnect, device number 26
[  192.921439][ T5872] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  192.966772][ T5875] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  193.111214][ T5872] usb 1-1: device descriptor read/64, error -71
[  193.151391][ T5875] usb 2-1: Using ep0 maxpacket: 16
[  193.164841][ T5875] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  193.179903][ T5875] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  193.237515][ T5872] usb usb1-port1: attempt power cycle
[  194.337858][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  194.346055][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  194.358840][ T5875] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  194.371006][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  194.379017][ T5875] usb 2-1: Product: syz
[  194.391336][ T5872] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  194.409192][ T5875] usb 2-1: Manufacturer: syz
[  194.479059][ T5875] usb 2-1: SerialNumber: syz
[  194.485942][ T5872] usb 1-1: device descriptor read/8, error -71
[  195.476287][   T29] audit: type=1400 audit(1733150931.576:854): avc:  denied  { getopt } for  pid=7951 comm="syz.0.508" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  196.623200][ T5875] usb 2-1: 0:2 : does not exist
[  196.630797][ T5875] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  196.658323][ T5875] usb 2-1: 5:0: cannot get min/max values for control 4 (id 5)
[  196.760047][ T5875] usb 2-1: USB disconnect, device number 17
[  196.987434][ T7975] netlink: 'syz.5.512': attribute type 10 has an invalid length.
[  197.006127][ T7975] bond0: (slave wlan1): Opening slave failed
[  197.411763][ T7977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.511'.
[  198.463043][ T8008] =======================================================
[  198.463043][ T8008] WARNING: The mand mount option has been deprecated and
[  198.463043][ T8008]          and is ignored by this kernel. Remove the mand
[  198.463043][ T8008]          option from the mount to silence this warning.
[  198.463043][ T8008] =======================================================
[  198.544168][ T8008] overlayfs: overlapping lowerdir path
[  198.909300][   T29] audit: type=1400 audit(1733150935.116:855): avc:  denied  { recv } for  pid=8007 comm="syz.5.518" saddr=10.128.0.169 src=30006 daddr=10.128.0.187 dest=40698 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  199.971328][   T29] audit: type=1400 audit(1733150936.166:856): avc:  denied  { create } for  pid=8028 comm="syz.0.522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  200.153368][ T8039] netlink: 16 bytes leftover after parsing attributes in process `syz.0.522'.
[  201.283659][   T29] audit: type=1400 audit(1733150937.486:857): avc:  denied  { setattr } for  pid=8051 comm="syz.5.527" name="tty30" dev="devtmpfs" ino=49 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  202.972536][ T5872] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  203.999926][ T8092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.534'.
[  204.177733][   T29] audit: type=1400 audit(1733150940.386:858): avc:  denied  { egress } for  pid=8079 comm="syz.1.534" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:netif_t tclass=netif permissive=1
[  204.321181][   T29] audit: type=1400 audit(1733150940.386:859): avc:  denied  { sendto } for  pid=8079 comm="syz.1.534" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  204.344613][ T5872] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  204.361446][ T5872] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  204.372402][ T5872] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  204.388626][ T5872] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  204.397935][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.471854][ T8105] netlink: 4 bytes leftover after parsing attributes in process `syz.4.536'.
[  204.491145][   T29] audit: type=1400 audit(1733150940.636:860): avc:  denied  { write } for  pid=8100 comm="syz.1.538" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  204.512877][ T5872] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  204.531761][ T5872] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -2
[  204.549384][ T8105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  204.599367][ T8105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  204.609919][   T29] audit: type=1400 audit(1733150940.636:861): avc:  denied  { open } for  pid=8100 comm="syz.1.538" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  204.626599][ T6084] udevd[6084]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  204.687214][ T8105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.704595][ T8105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.756613][ T8114] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  204.955752][ T8101] kvm: pic: non byte read
[  204.970044][ T8101] kvm: pic: level sensitive irq not supported
[  204.970600][ T8101] kvm: pic: non byte read
[  205.073675][ T5905] usb 4-1: USB disconnect, device number 27
[  205.139872][ T8095] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  205.146413][ T8095] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  205.261208][  T900] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  205.471640][  T900] usb 2-1: Using ep0 maxpacket: 32
[  205.625875][  T900] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  206.371143][  T900] usb 2-1: config 0 has no interface number 0
[  206.420699][  T900] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  206.436305][  T900] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.446289][  T900] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  206.455539][  T900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.480197][  T900] usb 2-1: config 0 descriptor??
[  207.171666][    C1] hrtimer: interrupt took 819632 ns
[  207.956937][ T8152] kernel profiling enabled (shift: 8)
[  210.544815][   T29] audit: type=1400 audit(1733150946.186:862): avc:  denied  { setopt } for  pid=8157 comm="syz.4.546" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  210.565567][ T8166] netlink: 8 bytes leftover after parsing attributes in process `syz.5.549'.
[  210.602640][ T8159] mkiss: ax0: crc mode is auto.
[  210.729247][  T900] usbhid 2-1:0.1: can't add hid device: -71
[  210.735857][  T900] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[  210.796418][  T900] usb 2-1: USB disconnect, device number 18
[  211.011082][ T5905] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  211.164362][ T5905] usb 5-1: Using ep0 maxpacket: 8
[  211.184679][ T5905] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  211.319329][ T5905] usb 5-1: can't read configurations, error -22
[  211.397667][ T8186] netlink: 'syz.0.550': attribute type 2 has an invalid length.
[  211.410110][ T8186] netlink: 40 bytes leftover after parsing attributes in process `syz.0.550'.
[  211.909674][   T29] audit: type=1400 audit(1733150948.116:863): avc:  denied  { map } for  pid=8178 comm="syz.1.551" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  211.983162][   T29] audit: type=1400 audit(1733150948.116:864): avc:  denied  { execute } for  pid=8178 comm="syz.1.551" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  212.295837][ T8194] netlink: 20 bytes leftover after parsing attributes in process `syz.0.553'.
[  212.321202][ T5905] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  212.728245][ T8214] tap0: tun_chr_ioctl cmd 1074025672
[  212.749129][ T8214] tap0: ignored: set checksum enabled
[  212.768296][ T8219] FAULT_INJECTION: forcing a failure.
[  212.768296][ T8219] name failslab, interval 1, probability 0, space 0, times 0
[  212.791798][   T29] audit: type=1400 audit(1733150948.996:865): avc:  denied  { read } for  pid=8209 comm="syz.0.557" name="btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  212.796023][ T8219] CPU: 0 UID: 0 PID: 8219 Comm: syz.5.559 Not tainted 6.13.0-rc1-syzkaller #0
[  212.824168][ T8219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  212.834203][ T8219] Call Trace:
[  212.837465][ T8219]  <TASK>
[  212.840387][ T8219]  dump_stack_lvl+0x16c/0x1f0
[  212.845065][ T8219]  should_fail_ex+0x497/0x5b0
[  212.849733][ T8219]  ? fs_reclaim_acquire+0xae/0x150
[  212.854827][ T8219]  should_failslab+0xc2/0x120
[  212.859503][ T8219]  __kmalloc_cache_noprof+0x68/0x410
[  212.864778][ T8219]  ip_set_create+0x33f/0x14d0
[  212.869456][ T8219]  ? __pfx_ip_set_create+0x10/0x10
[  212.874552][ T8219]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  212.879569][ T8219]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  212.885014][ T8219]  ? __pfx___lock_acquire+0x10/0x10
[  212.890224][ T8219]  ? lock_acquire+0x2f/0xb0
[  212.894706][ T8219]  ? avc_has_perm_noaudit+0x61/0x3a0
[  212.899984][ T8219]  netlink_rcv_skb+0x16b/0x440
[  212.904746][ T8219]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  212.910204][ T8219]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  212.915499][ T8219]  ? bpf_lsm_capable+0x9/0x10
[  212.920163][ T8219]  ? security_capable+0x7e/0x260
[  212.925077][ T8219]  ? ns_capable+0xd7/0x110
[  212.929487][ T8219]  nfnetlink_rcv+0x1b4/0x430
[  212.934060][ T8219]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  212.939157][ T8219]  ? netlink_deliver_tap+0x1ae/0xd30
[  212.944435][ T8219]  netlink_unicast+0x53c/0x7f0
[  212.949177][ T8219]  ? __pfx_netlink_unicast+0x10/0x10
[  212.954452][ T8219]  netlink_sendmsg+0x8b8/0xd70
[  212.959216][ T8219]  ? __pfx_netlink_sendmsg+0x10/0x10
[  212.964504][ T8219]  ____sys_sendmsg+0xaaf/0xc90
[  212.969261][ T8219]  ? copy_msghdr_from_user+0x10b/0x160
[  212.974693][ T8219]  ? __pfx_____sys_sendmsg+0x10/0x10
[  212.979966][ T8219]  ___sys_sendmsg+0x135/0x1e0
[  212.984628][ T8219]  ? __pfx____sys_sendmsg+0x10/0x10
[  212.989828][ T8219]  ? __pfx_lock_release+0x10/0x10
[  212.994838][ T8219]  ? trace_lock_acquire+0x14e/0x1f0
[  213.000042][ T8219]  ? __fget_files+0x206/0x3a0
[  213.005224][ T8219]  __sys_sendmsg+0x16e/0x220
[  213.009795][ T8219]  ? __pfx___sys_sendmsg+0x10/0x10
[  213.015041][ T8219]  do_syscall_64+0xcd/0x250
[  213.019570][ T8219]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  213.025464][ T8219] RIP: 0033:0x7ff7b6980849
[  213.029875][ T8219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  213.049499][ T8219] RSP: 002b:00007ff7b7847058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  213.057922][ T8219] RAX: ffffffffffffffda RBX: 00007ff7b6b45fa0 RCX: 00007ff7b6980849
[  213.065990][ T8219] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  213.073959][ T8219] RBP: 00007ff7b78470a0 R08: 0000000000000000 R09: 0000000000000000
[  213.081929][ T8219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  213.089896][ T8219] R13: 0000000000000000 R14: 00007ff7b6b45fa0 R15: 00007ffd030fc9c8
[  213.097866][ T8219]  </TASK>
[  213.283429][   T29] audit: type=1400 audit(1733150948.996:866): avc:  denied  { open } for  pid=8209 comm="syz.0.557" path="/dev/btrfs-control" dev="devtmpfs" ino=1309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  213.625162][ T8236] netlink: 'syz.0.564': attribute type 2 has an invalid length.
[  213.636757][ T8236] netlink: 40 bytes leftover after parsing attributes in process `syz.0.564'.
[  214.771804][ T8244] netlink: 8 bytes leftover after parsing attributes in process `syz.3.560'.
[  215.866573][ T8262] netlink: 56 bytes leftover after parsing attributes in process `syz.3.568'.
[  215.928471][   T29] audit: type=1400 audit(1733150952.136:867): avc:  denied  { append } for  pid=8264 comm="syz.1.570" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  215.953397][ T8266] random: crng reseeded on system resumption
[  216.351925][   T51] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  217.266943][   T51] usb 6-1: Using ep0 maxpacket: 8
[  217.297536][ T8300] dvmrp0: entered allmulticast mode
[  217.310350][   T29] audit: type=1400 audit(1733150953.496:868): avc:  denied  { map } for  pid=8298 comm="syz.3.575" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  217.328721][   T51] usb 6-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab
[  217.352144][   T51] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  217.362148][   T51] usb 6-1: Product: syz
[  217.379675][   T51] usb 6-1: Manufacturer: syz
[  217.405241][   T51] usb 6-1: SerialNumber: syz
[  217.417302][   T51] usb 6-1: config 0 descriptor??
[  217.441126][  T900] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  217.580448][  T900] usb 2-1: device descriptor read/64, error -71
[  217.644721][ T8260] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  217.660228][ T8260] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  217.729630][   T25] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  217.789507][   T51] usb 6-1: USB disconnect, device number 11
[  217.838291][  T900] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  217.860016][ T6084] udevd[6084]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  217.912564][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.925477][   T25] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.935361][ T5824] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  217.951896][   T25] usb 1-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  217.971060][   T25] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.981101][  T900] usb 2-1: device descriptor read/64, error -71
[  217.997732][   T25] usb 1-1: config 0 descriptor??
[  218.092383][  T900] usb usb2-port1: attempt power cycle
[  218.111094][ T5824] usb 4-1: Using ep0 maxpacket: 32
[  218.117743][ T5824] usb 4-1: config 0 has an invalid interface number: 190 but max is 0
[  218.131043][ T5824] usb 4-1: config 0 has no interface number 0
[  218.149070][ T5824] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=b0.11
[  218.161854][ T5824] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.190270][ T5824] usb 4-1: Product: syz
[  218.200400][ T5824] usb 4-1: Manufacturer: syz
[  218.210499][ T5824] usb 4-1: SerialNumber: syz
[  218.222461][ T5824] usb 4-1: config 0 descriptor??
[  218.243314][ T5824] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  218.275176][ T5824] dvb-usb: bulk message failed: -22 (2/0)
[  218.291052][ T5824] dvb-usb: will use the device's hardware PID filter (table count: 15).
[  218.311512][ T5824] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (based on ZL353))
[  218.349029][ T5824] usb 4-1: media controller created
[  218.355844][ T5824] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  218.384075][ T5824] usb 4-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)...
[  218.415998][ T5824] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[  218.431239][  T900] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  218.478631][ T8322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.494318][   T25] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  218.502476][   T25] cm6533_jd 0003:0D8C:0022.000C: unknown main item tag 0x0
[  218.511604][   T25] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0D8C:0022.000C/input/input9
[  218.530723][ T8322] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.546500][   T29] audit: type=1400 audit(1733150954.756:869): avc:  denied  { read } for  pid=8352 comm="syz.5.581" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  218.588709][  T900] usb 2-1: device descriptor read/8, error -71
[  218.601397][   T25] cm6533_jd 0003:0D8C:0022.000C: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.0-1/input0
[  218.616682][   T29] audit: type=1400 audit(1733150954.786:870): avc:  denied  { lock } for  pid=8352 comm="syz.5.581" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  218.700079][ T5871] usb 1-1: USB disconnect, device number 22
[  218.708094][ T5824] rc_core: IR keymap rc-dtt200u not found
[  218.715303][ T5824] Registered IR keymap rc-empty
[  218.773186][ T5824] rc rc0: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  218.822284][ T5824] input: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input10
[  218.840657][ T5824] dvb-usb: schedule remote query interval to 300 msecs.
[  218.850681][ T5824] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) successfully initialized and connected.
[  218.873763][ T5824] usb 4-1: USB disconnect, device number 28
[  218.892363][ T5824] dvb-usb: WideView WT-220U PenType Receiver (base successfully deinitialized and disconnected.
[  218.921853][  T900] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  218.951745][  T900] usb 2-1: device descriptor read/8, error -71
[  219.076579][  T900] usb usb2-port1: unable to enumerate USB device
[  221.247057][ T8403] FAULT_INJECTION: forcing a failure.
[  221.247057][ T8403] name failslab, interval 1, probability 0, space 0, times 0
[  221.259875][   T29] audit: type=1400 audit(1733150957.456:871): avc:  denied  { read } for  pid=8402 comm="syz.3.595" path="socket:[20625]" dev="sockfs" ino=20625 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  221.282891][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.311431][ T8403] CPU: 0 UID: 0 PID: 8403 Comm: syz.3.595 Not tainted 6.13.0-rc1-syzkaller #0
[  221.320320][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  221.330388][ T8403] Call Trace:
[  221.333673][ T8403]  <TASK>
[  221.336610][ T8403]  dump_stack_lvl+0x16c/0x1f0
[  221.341300][ T8403]  should_fail_ex+0x497/0x5b0
[  221.345989][ T8403]  ? fs_reclaim_acquire+0xae/0x150
[  221.351118][ T8403]  should_failslab+0xc2/0x120
[  221.355808][ T8403]  __kmalloc_cache_noprof+0x68/0x410
[  221.361102][ T8403]  ? kasan_save_track+0x14/0x30
[  221.365962][ T8403]  sctp_add_bind_addr+0x9a/0x3d0
[  221.370917][ T8403]  sctp_copy_one_addr.part.0+0xd6/0x120
[  221.376479][ T8403]  sctp_bind_addr_copy+0x1b4/0x530
[  221.381611][ T8403]  sctp_connect_new_asoc+0x1d8/0x790
[  221.386921][ T8403]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  221.392742][ T8403]  ? selinux_sctp_bind_connect+0x112/0x2c0
[  221.398555][ T8403]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  221.404093][ T8403]  sctp_sendmsg+0x1610/0x1eb0
[  221.408756][ T8403]  ? avc_has_perm+0x11b/0x1c0
[  221.413428][ T8403]  ? __pfx_sctp_sendmsg+0x10/0x10
[  221.418441][ T8403]  ? __pfx_sock_has_perm+0x10/0x10
[  221.423538][ T8403]  ? import_ubuf+0x1b6/0x220
[  221.428118][ T8403]  ? __pfx_sctp_sendmsg+0x10/0x10
[  221.433128][ T8403]  inet_sendmsg+0x119/0x140
[  221.437619][ T8403]  ____sys_sendmsg+0x98c/0xc90
[  221.442376][ T8403]  ? copy_msghdr_from_user+0x10b/0x160
[  221.447835][ T8403]  ? __pfx_____sys_sendmsg+0x10/0x10
[  221.453119][ T8403]  ? __lock_acquire+0xcc5/0x3c40
[  221.458064][ T8403]  ___sys_sendmsg+0x135/0x1e0
[  221.462736][ T8403]  ? __pfx____sys_sendmsg+0x10/0x10
[  221.467930][ T8403]  ? trace_lock_acquire+0x14e/0x1f0
[  221.473137][ T8403]  __sys_sendmmsg+0x201/0x420
[  221.477803][ T8403]  ? __pfx___sys_sendmmsg+0x10/0x10
[  221.482993][ T8403]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  221.488968][ T8403]  ? fput+0x67/0x440
[  221.492854][ T8403]  ? ksys_write+0x1ba/0x250
[  221.497339][ T8403]  ? __pfx_ksys_write+0x10/0x10
[  221.502176][ T8403]  __x64_sys_sendmmsg+0x9c/0x100
[  221.507105][ T8403]  ? lockdep_hardirqs_on+0x7c/0x110
[  221.512293][ T8403]  do_syscall_64+0xcd/0x250
[  221.516783][ T8403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.522663][ T8403] RIP: 0033:0x7ff1cc580849
[  221.527058][ T8403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.546650][ T8403] RSP: 002b:00007ff1cd3cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  221.555046][ T8403] RAX: ffffffffffffffda RBX: 00007ff1cc745fa0 RCX: 00007ff1cc580849
[  221.563000][ T8403] RDX: 0000000000000001 RSI: 0000000020003c40 RDI: 0000000000000003
[  221.570952][ T8403] RBP: 00007ff1cd3cc0a0 R08: 0000000000000000 R09: 0000000000000000
[  221.578912][ T8403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  221.586877][ T8403] R13: 0000000000000000 R14: 00007ff1cc745fa0 R15: 00007ffee9fcc568
[  221.594854][ T8403]  </TASK>
[  221.597906][    C0] vkms_vblank_simulate: vblank timer overrun
[  221.818461][ T5872] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  221.926202][ T8427] netlink: 'syz.3.596': attribute type 2 has an invalid length.
[  221.938828][ T8427] netlink: 40 bytes leftover after parsing attributes in process `syz.3.596'.
[  222.530196][ T5872] usb 6-1: device descriptor read/64, error -71
[  223.131107][ T5872] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  223.541858][ T5872] usb 6-1: device descriptor read/64, error -71
[  223.960789][ T5872] usb usb6-port1: attempt power cycle
[  224.832351][ T8472] nvme_fabrics: missing parameter 'transport=%s'
[  224.838745][ T8472] nvme_fabrics: missing parameter 'nqn=%s'
[  224.852407][ T8464] netlink: 4 bytes leftover after parsing attributes in process `syz.0.606'.
[  225.150271][ T8485] netlink: 'syz.4.608': attribute type 2 has an invalid length.
[  225.163966][ T8485] netlink: 40 bytes leftover after parsing attributes in process `syz.4.608'.
[  225.722535][ T8490] netlink: 4 bytes leftover after parsing attributes in process `syz.3.609'.
[  225.731876][ T8490] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  225.739366][ T8490] batman_adv: batadv0: Removing interface: batadv_slave_0
[  225.952300][ T8490] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  225.967032][ T8490] batman_adv: batadv0: Removing interface: batadv_slave_1
[  226.853634][ T8516] netlink: 4 bytes leftover after parsing attributes in process `syz.5.616'.
[  227.071210][  T900] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  227.241964][   T29] audit: type=1326 audit(1733150963.446:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8515 comm="syz.5.616" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x0
[  227.352196][  T900] usb 2-1: Using ep0 maxpacket: 8
[  227.362121][  T900] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  227.370326][  T900] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  227.380116][  T900] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  227.391110][  T900] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  227.405518][  T900] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  227.440150][  T900] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  227.456536][  T900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.114307][  T900] usb 2-1: usb_control_msg returned -32
[  228.118612][ T8545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.620'.
[  228.119961][  T900] usbtmc 2-1:16.0: can't read capabilities
[  229.305624][  T900] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  229.460716][ T8554] usbtmc 2-1:16.0: usb_control_msg returned -32
[  229.658128][ T8563] FAULT_INJECTION: forcing a failure.
[  229.658128][ T8563] name failslab, interval 1, probability 0, space 0, times 0
[  229.658151][  T900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.658199][  T900] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  229.671160][ T8563] CPU: 0 UID: 0 PID: 8563 Comm: syz.0.624 Not tainted 6.13.0-rc1-syzkaller #0
[  229.671203][ T8563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  229.671213][ T8563] Call Trace:
[  229.671220][ T8563]  <TASK>
[  229.671227][ T8563]  dump_stack_lvl+0x16c/0x1f0
[  229.671253][ T8563]  should_fail_ex+0x497/0x5b0
[  229.671283][ T8563]  should_failslab+0xc2/0x120
[  229.671307][ T8563]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  229.671329][ T8563]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[  229.692475][  T900] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  229.700669][ T8563]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[  229.700706][ T8563]  idr_get_free+0x528/0xa40
[  229.721603][ T8558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.623'.
[  229.726258][ T8563]  idr_alloc_u32+0x191/0x2f0
[  229.775722][ T8563]  ? __pfx_idr_alloc_u32+0x10/0x10
[  229.780825][ T8563]  ? do_raw_spin_lock+0x12d/0x2c0
[  229.785840][ T8563]  ? lock_acquire+0x2f/0xb0
[  229.790325][ T8563]  ? l2tp_tunnel_register+0xdd/0xbe0
[  229.795600][ T8563]  l2tp_tunnel_register+0xfd/0xbe0
[  229.800697][ T8563]  ? __pfx___debug_object_init+0x10/0x10
[  229.806315][ T8563]  ? sprintf+0xcd/0x110
[  229.810455][ T8563]  ? __pfx_l2tp_tunnel_register+0x10/0x10
[  229.816163][ T8563]  ? lockdep_init_map_type+0x16d/0x7d0
[  229.821607][ T8563]  ? lockdep_init_map_type+0x16d/0x7d0
[  229.827055][ T8563]  ? l2tp_tunnel_create+0x2c8/0x460
[  229.832240][ T8563]  ? l2tp_tunnel_create+0x37d/0x460
[  229.837423][ T8563]  pppol2tp_tunnel_get.constprop.0+0x3f2/0x540
[  229.843565][ T8563]  ? __pfx_pppol2tp_tunnel_get.constprop.0+0x10/0x10
[  229.850227][ T8563]  ? lockdep_hardirqs_on+0x7c/0x110
[  229.855419][ T8563]  pppol2tp_connect+0xb1d/0x1ca0
[  229.860347][ T8563]  ? selinux_netlbl_socket_connect+0x30/0x40
[  229.866313][ T8563]  ? __pfx_lock_release+0x10/0x10
[  229.871319][ T8563]  ? __pfx_pppol2tp_connect+0x10/0x10
[  229.876678][ T8563]  ? lock_acquire.part.0+0x360/0x380
[  229.881947][ T8563]  ? __local_bh_enable_ip+0xa4/0x120
[  229.887217][ T8563]  ? selinux_netlbl_socket_connect+0x30/0x40
[  229.893182][ T8563]  ? selinux_socket_connect+0x6b/0x80
[  229.898542][ T8563]  ? __pfx_pppol2tp_connect+0x10/0x10
[  229.903899][ T8563]  __sys_connect_file+0x13e/0x1a0
[  229.908912][ T8563]  __sys_connect+0x14f/0x170
[  229.913490][ T8563]  ? __pfx___sys_connect+0x10/0x10
[  229.918607][ T8563]  ? __pfx_ksys_write+0x10/0x10
[  229.923445][ T8563]  __x64_sys_connect+0x72/0xb0
[  229.928197][ T8563]  ? lockdep_hardirqs_on+0x7c/0x110
[  229.933379][ T8563]  do_syscall_64+0xcd/0x250
[  229.937868][ T8563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  229.943745][ T8563] RIP: 0033:0x7f70db780849
[  229.948143][ T8563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  229.967731][ T8563] RSP: 002b:00007f70dc58e058 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  229.976125][ T8563] RAX: ffffffffffffffda RBX: 00007f70db946080 RCX: 00007f70db780849
[  229.984077][ T8563] RDX: 000000000000002e RSI: 0000000020000100 RDI: 0000000000000008
[  229.992032][ T8563] RBP: 00007f70dc58e0a0 R08: 0000000000000000 R09: 0000000000000000
[  229.999984][ T8563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  230.007935][ T8563] R13: 0000000000000000 R14: 00007f70db946080 R15: 00007ffc3fd48838
[  230.015895][ T8563]  </TASK>
[  230.023019][  T900] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.044319][  T900] usb 4-1: config 0 descriptor??
[  230.518304][ T5824] usb 2-1: USB disconnect, device number 23
[  230.661380][ T5872] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  230.662783][  T900] isku 0003:1E7D:319C.000D: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0
[  230.871222][ T5872] usb 1-1: device descriptor read/64, error -71
[  231.719306][  T900] isku 0003:1E7D:319C.000D: couldn't init struct isku_device
[  231.759654][  T900] isku 0003:1E7D:319C.000D: couldn't install keyboard
[  231.779143][ T5872] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  231.899676][  T900] isku 0003:1E7D:319C.000D: probe with driver isku failed with error -32
[  231.942707][ T5872] usb 1-1: device descriptor read/64, error -71
[  232.169445][ T5872] usb usb1-port1: attempt power cycle
[  232.286816][ T8592] netlink: 'syz.5.633': attribute type 10 has an invalid length.
[  232.301287][ T8592] bond0: (slave wlan1): Opening slave failed
[  233.136667][ T5872] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  233.205520][ T5872] usb 1-1: device descriptor read/8, error -71
[  233.404521][ T8604] netlink: 4 bytes leftover after parsing attributes in process `syz.4.637'.
[  233.461295][ T5872] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  233.518779][   T29] audit: type=1326 audit(1733150969.726:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8603 comm="syz.4.637" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5321f80849 code=0x0
[  233.546925][ T8549] syz.3.621 (8549): drop_caches: 2
[  233.640398][ T5875] usb 4-1: USB disconnect, device number 29
[  233.651208][   T51] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  233.695756][ T5872] usb 1-1: device not accepting address 26, error -71
[  233.810195][ T5872] usb usb1-port1: unable to enumerate USB device
[  233.844917][   T51] usb 6-1: Using ep0 maxpacket: 32
[  233.892645][   T51] usb 6-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  233.968047][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  233.983612][   T51] usb 6-1: config 0 descriptor??
[  234.014151][   T51] as10x_usb: device has been detected
[  234.025778][   T51] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  234.149313][   T51] usb 6-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  234.169038][   T51] as10x_usb: error during firmware upload part1
[  234.176430][   T51] Registered device nBox DVB-T Dongle
[  234.822173][ T5872] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  235.020242][ T8624] netlink: 'syz.3.643': attribute type 15 has an invalid length.
[  235.061675][ T5872] usb 1-1: Using ep0 maxpacket: 8
[  235.069840][ T5872] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  235.078307][ T5872] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  235.090222][ T5872] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  235.141141][ T8628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  235.149012][ T5872] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  235.160073][ T5872] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  235.251485][ T8630] netlink: 8 bytes leftover after parsing attributes in process `syz.1.644'.
[  235.261057][ T5872] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  235.598859][ T5872] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.951080][ T5872] usb 1-1: usb_control_msg returned -32
[  235.957545][ T5872] usbtmc 1-1:16.0: can't read capabilities
[  236.081613][ T8640] netdevsim netdevsim3: Direct firmware load for ./file0 failed with error -2
[  236.092853][ T8640] netdevsim netdevsim3: Falling back to sysfs fallback for: ./file0
[  236.131112][   T29] audit: type=1400 audit(1733150972.336:874): avc:  denied  { lock } for  pid=8639 comm="syz.3.647" path="socket:[20066]" dev="sockfs" ino=20066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  236.133607][ T8641] smc: net device wg0 applied user defined pnetid SYZ0
[  237.827082][  T900] usb 6-1: USB disconnect, device number 15
[  237.845149][  T900] Unregistered device nBox DVB-T Dongle
[  237.846632][  T900] as10x_usb: device has been disconnected
[  238.038758][ T5872] usb 1-1: USB disconnect, device number 27
[  238.110707][ T8660] netlink: 'syz.1.651': attribute type 2 has an invalid length.
[  238.123374][ T8660] netlink: 40 bytes leftover after parsing attributes in process `syz.1.651'.
[  238.785271][ T8666] bond1: entered promiscuous mode
[  238.956443][ T8670] FAULT_INJECTION: forcing a failure.
[  238.956443][ T8670] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  239.053646][ T8670] CPU: 1 UID: 0 PID: 8670 Comm: syz.1.655 Not tainted 6.13.0-rc1-syzkaller #0
[  239.062521][ T8670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  239.072555][ T8670] Call Trace:
[  239.075812][ T8670]  <TASK>
[  239.078719][ T8670]  dump_stack_lvl+0x16c/0x1f0
[  239.083385][ T8670]  should_fail_ex+0x497/0x5b0
[  239.088048][ T8670]  _copy_from_iter+0x2a1/0x1560
[  239.092873][ T8670]  ? trace_lock_acquire+0x14e/0x1f0
[  239.098051][ T8670]  ? __pfx__copy_from_iter+0x10/0x10
[  239.103308][ T8670]  ? __virt_addr_valid+0x1a4/0x590
[  239.108409][ T8670]  ? __virt_addr_valid+0x5e/0x590
[  239.113426][ T8670]  ? __phys_addr_symbol+0x30/0x80
[  239.118466][ T8670]  ? __check_object_size+0x488/0x710
[  239.123764][ T8670]  rawv6_sendmsg+0x1fca/0x4440
[  239.128532][ T8670]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  239.133628][ T8670]  ? avc_has_perm+0x11b/0x1c0
[  239.138285][ T8670]  ? __pfx_avc_has_perm+0x10/0x10
[  239.143289][ T8670]  ? lockdep_hardirqs_on+0x7c/0x110
[  239.148487][ T8670]  ? __pfx___schedule+0x10/0x10
[  239.153310][ T8670]  ? inode_has_perm+0x16f/0x1d0
[  239.158135][ T8670]  ? __pfx_rawv6_sendmsg+0x10/0x10
[  239.163233][ T8670]  ? inet_sendmsg+0x119/0x140
[  239.167892][ T8670]  inet_sendmsg+0x119/0x140
[  239.172377][ T8670]  sock_write_iter+0x4ac/0x5b0
[  239.177117][ T8670]  ? __pfx_sock_write_iter+0x10/0x10
[  239.182393][ T8670]  ? vfs_write+0x1e4/0x1150
[  239.186881][ T8670]  vfs_write+0x5ae/0x1150
[  239.191184][ T8670]  ? __pfx_sock_write_iter+0x10/0x10
[  239.196456][ T8670]  ? __pfx_vfs_write+0x10/0x10
[  239.201192][ T8670]  ? __fget_files+0x40/0x3a0
[  239.205762][ T8670]  ksys_write+0x207/0x250
[  239.210065][ T8670]  ? __pfx_ksys_write+0x10/0x10
[  239.212385][ T5872] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  239.214913][ T8670]  do_syscall_64+0xcd/0x250
[  239.214942][ T8670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  239.232815][ T8670] RIP: 0033:0x7f89b2f80849
[  239.237222][ T8670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  239.256808][ T8670] RSP: 002b:00007f89b3d47058 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  239.265197][ T8670] RAX: ffffffffffffffda RBX: 00007f89b3145fa0 RCX: 00007f89b2f80849
[  239.273150][ T8670] RDX: 0000000000000046 RSI: 0000000000000000 RDI: 0000000000000006
[  239.281094][ T8670] RBP: 00007f89b3d470a0 R08: 0000000000000000 R09: 0000000000000000
[  239.289039][ T8670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  239.296988][ T8670] R13: 0000000000000000 R14: 00007f89b3145fa0 R15: 00007ffd33a090f8
[  239.304943][ T8670]  </TASK>
[  239.628345][ T8679] netlink: 'syz.3.656': attribute type 2 has an invalid length.
[  239.647866][ T8679] netlink: 40 bytes leftover after parsing attributes in process `syz.3.656'.
[  240.158297][ T8686] netlink: 4 bytes leftover after parsing attributes in process `syz.1.660'.
[  240.168441][ T5872] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  240.188730][ T5872] usb 6-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  240.212320][ T5872] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  240.227319][   T29] audit: type=1326 audit(1733150976.436:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8684 comm="syz.1.660" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x0
[  240.250185][ T5872] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.409018][ T5872] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  241.292722][ T5872] usb 6-1: invalid MIDI out EP 0
[  241.410792][ T8683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.659'.
[  241.589439][ T5872] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -22
[  241.792541][ T7167] udevd[7167]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  241.964175][  T900] usb 6-1: USB disconnect, device number 16
[  242.022015][ T5872] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  242.081031][ T5905] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  242.174217][ T5872] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  242.185518][ T5872] usb 4-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  242.196401][ T5872] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  242.205483][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.217502][ T5872] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  242.224763][ T5872] usb 4-1: invalid MIDI out EP 0
[  242.231338][ T5905] usb 1-1: Using ep0 maxpacket: 8
[  242.238406][ T5905] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  242.248112][ T5905] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  242.253235][ T5872] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22
[  242.273247][ T5905] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  242.289543][ T5905] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  242.295490][ T7167] udevd[7167]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  242.302882][ T5905] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  242.328583][ T5905] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  242.337826][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.533380][ T5824] usb 4-1: USB disconnect, device number 30
[  242.567922][ T5905] usb 1-1: usb_control_msg returned -32
[  242.579932][ T5905] usbtmc 1-1:16.0: can't read capabilities
[  243.158343][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  243.190220][ T8719] capability: warning: `syz.3.667' uses deprecated v2 capabilities in a way that may be insecure
[  243.409237][ T8721] usbtmc 1-1:16.0: usb_control_msg returned -32
[  244.715882][ T8748] FAULT_INJECTION: forcing a failure.
[  244.715882][ T8748] name failslab, interval 1, probability 0, space 0, times 0
[  245.374605][ T5824] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  245.427589][ T8748] CPU: 0 UID: 0 PID: 8748 Comm: syz.5.676 Not tainted 6.13.0-rc1-syzkaller #0
[  245.436458][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  245.446526][ T8748] Call Trace:
[  245.449809][ T8748]  <TASK>
[  245.452733][ T8748]  dump_stack_lvl+0x16c/0x1f0
[  245.457407][ T8748]  should_fail_ex+0x497/0x5b0
[  245.462081][ T8748]  should_failslab+0xc2/0x120
[  245.466745][ T8748]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  245.472101][ T8748]  ? skb_clone+0x190/0x3f0
[  245.476501][ T8748]  skb_clone+0x190/0x3f0
[  245.480726][ T8748]  netlink_deliver_tap+0xabd/0xd30
[  245.485828][ T8748]  netlink_unicast+0x6b4/0x7f0
[  245.490581][ T8748]  ? __pfx_netlink_unicast+0x10/0x10
[  245.495853][ T8748]  ? genl_rcv_msg+0x4bd/0x800
[  245.500518][ T8748]  netlink_ack+0x6ac/0xb80
[  245.504926][ T8748]  netlink_rcv_skb+0x348/0x440
[  245.509679][ T8748]  ? __pfx_genl_rcv_msg+0x10/0x10
[  245.514693][ T8748]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  245.519974][ T8748]  ? down_read+0xc9/0x330
[  245.524293][ T8748]  ? __pfx_down_read+0x10/0x10
[  245.529045][ T8748]  ? rcu_is_watching+0x12/0xc0
[  245.533798][ T8748]  genl_rcv+0x28/0x40
[  245.537770][ T8748]  netlink_unicast+0x53c/0x7f0
[  245.542524][ T8748]  ? __pfx_netlink_unicast+0x10/0x10
[  245.547826][ T8748]  netlink_sendmsg+0x8b8/0xd70
[  245.552597][ T8748]  ? __pfx_netlink_sendmsg+0x10/0x10
[  245.557889][ T8748]  ____sys_sendmsg+0xaaf/0xc90
[  245.562666][ T8748]  ? copy_msghdr_from_user+0x10b/0x160
[  245.568111][ T8748]  ? __pfx_____sys_sendmsg+0x10/0x10
[  245.573394][ T8748]  ___sys_sendmsg+0x135/0x1e0
[  245.578056][ T8748]  ? __pfx____sys_sendmsg+0x10/0x10
[  245.583244][ T8748]  ? __pfx_lock_release+0x10/0x10
[  245.588253][ T8748]  ? trace_lock_acquire+0x14e/0x1f0
[  245.593446][ T8748]  ? __fget_files+0x206/0x3a0
[  245.598112][ T8748]  __sys_sendmsg+0x16e/0x220
[  245.602685][ T8748]  ? __pfx___sys_sendmsg+0x10/0x10
[  245.607790][ T8748]  do_syscall_64+0xcd/0x250
[  245.612284][ T8748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.618163][ T8748] RIP: 0033:0x7ff7b6980849
[  245.622561][ T8748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.642166][ T8748] RSP: 002b:00007ff7b7847058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  245.650568][ T8748] RAX: ffffffffffffffda RBX: 00007ff7b6b45fa0 RCX: 00007ff7b6980849
[  245.658525][ T8748] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  245.666485][ T8748] RBP: 00007ff7b78470a0 R08: 0000000000000000 R09: 0000000000000000
[  245.674442][ T8748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  245.682394][ T8748] R13: 0000000000000000 R14: 00007ff7b6b45fa0 R15: 00007ffd030fc9c8
[  245.690356][ T8748]  </TASK>
[  245.788871][ T5871] usb 1-1: USB disconnect, device number 28
[  245.863794][   T29] audit: type=1326 audit(1733150982.066:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  245.887358][   T29] audit: type=1326 audit(1733150982.066:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  245.912211][   T29] audit: type=1326 audit(1733150982.066:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  245.948394][   T29] audit: type=1326 audit(1733150982.066:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  245.972143][   T29] audit: type=1326 audit(1733150982.066:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  245.996302][   T29] audit: type=1326 audit(1733150982.066:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  246.020582][   T29] audit: type=1326 audit(1733150982.066:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  246.055870][   T29] audit: type=1326 audit(1733150982.066:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  246.081146][ T5824] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  246.089242][ T5824] usb 2-1: config 0 has no interface number 0
[  246.108013][ T5824] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  246.118923][   T29] audit: type=1326 audit(1733150982.066:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  246.142231][ T5824] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  246.155547][ T5824] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  246.168255][   T29] audit: type=1326 audit(1733150982.066:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8752 comm="syz.5.678" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x7ffc0000
[  246.191760][ T5824] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  246.202866][ T5824] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  246.216467][ T5824] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  246.226895][ T8758] netlink: 4 bytes leftover after parsing attributes in process `syz.4.681'.
[  246.227350][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.506011][ T5871] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  246.506619][ T5824] usb 2-1: config 0 descriptor??
[  246.519352][ T8740] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  246.552268][ T5824] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  246.693730][ T5871] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  246.703118][ T5871] usb 1-1: config 0 has no interface number 0
[  246.709361][ T5871] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  246.720480][ T5871] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  246.733595][ T5871] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  246.745059][ T5871] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 64
[  246.756640][ T5871] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  246.769931][ T5871] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  246.782399][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  246.796146][ T5871] usb 1-1: config 0 descriptor??
[  246.814393][    T9] usb 2-1: USB disconnect, device number 24
[  246.814420][    C0] ldusb 2-1:0.55: usb_submit_urb failed (-19)
[  246.829104][    T9] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  246.857089][ T8754] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  246.869390][ T5871] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  247.012319][ T8740] syz.1.674 (8740): attempted to duplicate a private mapping with mremap.  This is not supported.
[  247.052952][ T8740] ldusb: No device or device unplugged -19
[  247.105380][    T9] usb 1-1: USB disconnect, device number 29
[  247.113936][    T9] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  247.381054][ T5871] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  247.423752][ T8777] netlink: 4 bytes leftover after parsing attributes in process `syz.5.685'.
[  247.432770][ T8777] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  247.440475][ T8777] batman_adv: batadv0: Removing interface: batadv_slave_0
[  247.453224][ T8777] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  247.460819][ T8777] batman_adv: batadv0: Removing interface: batadv_slave_1
[  247.533857][ T5871] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  247.545286][ T5871] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.558331][ T5871] usb 4-1: Product: syz
[  247.563692][ T5871] usb 4-1: Manufacturer: syz
[  247.568461][ T5871] usb 4-1: SerialNumber: syz
[  247.592049][ T5871] usb 4-1: config 0 descriptor??
[  247.651926][ T8781] FAULT_INJECTION: forcing a failure.
[  247.651926][ T8781] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  247.697772][ T8781] CPU: 0 UID: 0 PID: 8781 Comm: syz.1.686 Not tainted 6.13.0-rc1-syzkaller #0
[  247.706658][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  247.716715][ T8781] Call Trace:
[  247.719979][ T8781]  <TASK>
[  247.722903][ T8781]  dump_stack_lvl+0x16c/0x1f0
[  247.727583][ T8781]  should_fail_ex+0x497/0x5b0
[  247.732244][ T8781]  _copy_to_user+0x32/0xd0
[  247.736636][ T8781]  packet_getsockopt+0x57f/0xaf0
[  247.741549][ T8781]  ? __pfx_packet_getsockopt+0x10/0x10
[  247.746983][ T8781]  ? lock_acquire+0x2f/0xb0
[  247.751464][ T8781]  ? __might_fault+0xe3/0x190
[  247.756124][ T8781]  ? __might_fault+0xe3/0x190
[  247.760776][ T8781]  ? __pfx_packet_getsockopt+0x10/0x10
[  247.766210][ T8781]  do_sock_getsockopt+0x3fe/0x800
[  247.771232][ T8781]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  247.776784][ T8781]  ? lock_acquire+0x2f/0xb0
[  247.781265][ T8781]  ? __fget_files+0x40/0x3a0
[  247.785835][ T8781]  ? __fget_files+0x206/0x3a0
[  247.790489][ T8781]  __sys_getsockopt+0x12f/0x260
[  247.795315][ T8781]  __x64_sys_getsockopt+0xbd/0x160
[  247.800397][ T8781]  ? syscall_trace_enter+0xf0/0x260
[  247.805573][ T8781]  do_syscall_64+0xcd/0x250
[  247.810068][ T8781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  247.815964][ T8781] RIP: 0033:0x7f89b2f80849
[  247.820365][ T8781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.839950][ T8781] RSP: 002b:00007f89b3d47058 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  247.848334][ T8781] RAX: ffffffffffffffda RBX: 00007f89b3145fa0 RCX: 00007f89b2f80849
[  247.856300][ T8781] RDX: 0000000000000018 RSI: 0000000000000107 RDI: 0000000000000003
[  247.864271][ T8781] RBP: 00007f89b3d470a0 R08: 0000000020000040 R09: 0000000000000000
[  247.872219][ T8781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.880165][ T8781] R13: 0000000000000000 R14: 00007f89b3145fa0 R15: 00007ffd33a090f8
[  247.888117][ T8781]  </TASK>
[  247.937115][ T8771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.952710][ T8771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.969561][ T8771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  247.978426][ T8771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  247.993879][ T8771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  248.003370][ T8771] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  248.018779][   T51] usb 4-1: USB disconnect, device number 31
[  248.201557][ T5905] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  248.321073][    T9] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  248.372235][ T5905] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  248.383349][ T5905] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  248.394777][ T5905] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  248.403887][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.415138][ T5905] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  248.422649][ T5905] usb 2-1: invalid MIDI out EP 0
[  248.440619][ T5905] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  248.471179][    T9] usb 1-1: Using ep0 maxpacket: 8
[  248.477504][ T7167] udevd[7167]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  248.495097][    T9] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  248.501513][   T51] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  248.503570][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  248.521630][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  248.532395][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  248.542518][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  248.555704][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  248.565353][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.803191][    T9] usb 1-1: usb_control_msg returned -32
[  248.810370][    T9] usbtmc 1-1:16.0: can't read capabilities
[  248.952292][   T51] usb 6-1: Using ep0 maxpacket: 8
[  248.959799][   T51] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  248.967821][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  248.984789][   T51] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  248.996545][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  249.007670][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  249.021652][   T51] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  249.029095][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  249.040746][   T51] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  249.052621][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  249.064815][ T5905] usb 2-1: USB disconnect, device number 25
[  249.072302][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  249.085512][   T51] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[  249.093022][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  249.104486][   T51] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  249.116561][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  249.127818][   T51] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  249.141187][   T51] usb 6-1: string descriptor 0 read error: -22
[  249.147358][   T51] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  249.156447][   T51] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.170543][   T51] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux1
[  249.497363][ T8806] usbtmc 1-1:16.0: usb_control_msg returned -32
[  249.882138][ T8792] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90
[  249.891703][ T8808] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90
[  249.919088][ T8792] usbtmc 1-1:16.0: send_request_dev_dep_msg_in returned -90
[  249.942646][ T5905] usb 6-1: USB disconnect, device number 17
[  249.965957][ T8810] netlink: 'syz.3.694': attribute type 15 has an invalid length.
[  251.182573][ T8824] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  251.189009][ T8824] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  251.404676][ T5905] usb 1-1: USB disconnect, device number 30
[  252.285373][ T8845] netlink: 4 bytes leftover after parsing attributes in process `syz.1.700'.
[  252.508624][ T8853] nfs: Unknown parameter '&'
[  253.763160][ T8878] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  253.769572][ T8878] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  254.240249][ T8887] FAULT_INJECTION: forcing a failure.
[  254.240249][ T8887] name failslab, interval 1, probability 0, space 0, times 0
[  254.253180][ T8887] CPU: 0 UID: 0 PID: 8887 Comm: syz.5.718 Not tainted 6.13.0-rc1-syzkaller #0
[  254.262045][ T8887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  254.272110][ T8887] Call Trace:
[  254.275393][ T8887]  <TASK>
[  254.278323][ T8887]  dump_stack_lvl+0x16c/0x1f0
[  254.283014][ T8887]  should_fail_ex+0x497/0x5b0
[  254.287706][ T8887]  ? fs_reclaim_acquire+0xae/0x150
[  254.292833][ T8887]  should_failslab+0xc2/0x120
[  254.297528][ T8887]  __kmalloc_cache_noprof+0x68/0x410
[  254.297749][ T8891] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  254.302805][ T8887]  ? lockdep_init_map_type+0x16d/0x7d0
[  254.302836][ T8887]  ovl_init_fs_context+0x52/0x5d0
[  254.302860][ T8887]  ? __pfx_ovl_init_fs_context+0x10/0x10
[  254.302880][ T8887]  alloc_fs_context+0x54a/0x9c0
[  254.332603][ T8887]  path_mount+0xb08/0x1f20
[  254.337030][ T8887]  ? kmem_cache_free+0x152/0x4c0
[  254.341969][ T8887]  ? __pfx_path_mount+0x10/0x10
[  254.346832][ T8887]  ? putname+0x13c/0x180
[  254.351096][ T8887]  __x64_sys_mount+0x294/0x320
[  254.355865][ T8887]  ? __pfx___x64_sys_mount+0x10/0x10
[  254.361142][ T8887]  do_syscall_64+0xcd/0x250
[  254.365636][ T8887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  254.371518][ T8887] RIP: 0033:0x7ff7b6980849
[  254.375912][ T8887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  254.395500][ T8887] RSP: 002b:00007ff7b7847058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  254.403895][ T8887] RAX: ffffffffffffffda RBX: 00007ff7b6b45fa0 RCX: 00007ff7b6980849
[  254.411846][ T8887] RDX: 0000000020000340 RSI: 00000000200000c0 RDI: 0000000000000000
[  254.419804][ T8887] RBP: 00007ff7b78470a0 R08: 0000000020000500 R09: 0000000000000000
[  254.427754][ T8887] R10: 0000000000000010 R11: 0000000000000246 R12: 0000000000000002
[  254.435705][ T8887] R13: 0000000000000000 R14: 00007ff7b6b45fa0 R15: 00007ffd030fc9c8
[  254.443667][ T8887]  </TASK>
[  254.537086][ T5871] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  254.560635][   T29] kauditd_printk_skb: 39 callbacks suppressed
[  254.560651][   T29] audit: type=1326 audit(1733150990.766:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.607070][   T29] audit: type=1326 audit(1733150990.806:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.632371][   T29] audit: type=1326 audit(1733150990.806:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.687030][   T29] audit: type=1326 audit(1733150990.806:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.701138][ T5871] usb 2-1: Using ep0 maxpacket: 8
[  254.715849][   T29] audit: type=1326 audit(1733150990.806:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.733766][ T5871] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  254.755930][ T5871] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  254.854840][   T29] audit: type=1326 audit(1733150990.806:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.882187][   T29] audit: type=1326 audit(1733150990.806:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.906857][   T29] audit: type=1326 audit(1733150990.806:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  254.931200][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  254.961368][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  254.971593][ T5871] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.421548][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  255.430140][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  255.444916][ T5871] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  255.465143][ T8915] netlink: 4 bytes leftover after parsing attributes in process `syz.5.721'.
[  255.478213][   T29] audit: type=1326 audit(1733150990.826:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  255.516516][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.659252][ T8910] bridge0: port 2(bridge_slave_1) entered disabled state
[  255.681966][   T29] audit: type=1326 audit(1733150990.836:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8900 comm="syz.3.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ff1cc580849 code=0x7ffc0000
[  255.861523][ T5871] usb 2-1: usb_control_msg returned -32
[  255.870657][ T5871] usbtmc 2-1:16.0: can't read capabilities
[  256.131347][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.143892][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.153185][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.162625][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.173143][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.183216][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.197063][ T8922] netlink: 4 bytes leftover after parsing attributes in process `syz.3.726'.
[  256.439335][ T8925] usbtmc 2-1:16.0: usb_control_msg returned -32
[  257.100622][ T8939] FAULT_INJECTION: forcing a failure.
[  257.100622][ T8939] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.114090][ T8939] CPU: 0 UID: 0 PID: 8939 Comm: syz.5.731 Not tainted 6.13.0-rc1-syzkaller #0
[  257.122938][ T8939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  257.132983][ T8939] Call Trace:
[  257.136242][ T8939]  <TASK>
[  257.139150][ T8939]  dump_stack_lvl+0x16c/0x1f0
[  257.143809][ T8939]  should_fail_ex+0x497/0x5b0
[  257.148471][ T8939]  _copy_to_user+0x32/0xd0
[  257.152864][ T8939]  simple_read_from_buffer+0xd0/0x160
[  257.158216][ T8939]  proc_fail_nth_read+0x198/0x270
[  257.163228][ T8939]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.168770][ T8939]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.171293][ T5824] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  257.174464][ T8939]  vfs_read+0x1df/0xbe0
[  257.174506][ T8939]  ? __fget_files+0x1fc/0x3a0
[  257.190807][ T8939]  ? __pfx___mutex_lock+0x10/0x10
[  257.195825][ T8939]  ? __pfx_vfs_read+0x10/0x10
[  257.200496][ T8939]  ? __fget_files+0x206/0x3a0
[  257.205161][ T8939]  ksys_read+0x12b/0x250
[  257.209385][ T8939]  ? __pfx_ksys_read+0x10/0x10
[  257.214135][ T8939]  do_syscall_64+0xcd/0x250
[  257.218625][ T8939]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.224593][ T8939] RIP: 0033:0x7ff7b697f25c
[  257.228990][ T8939] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 8e 02 00 48
[  257.248582][ T8939] RSP: 002b:00007ff7b7847050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.256976][ T8939] RAX: ffffffffffffffda RBX: 00007ff7b6b45fa0 RCX: 00007ff7b697f25c
[  257.264927][ T8939] RDX: 000000000000000f RSI: 00007ff7b78470b0 RDI: 0000000000000005
[  257.272878][ T8939] RBP: 00007ff7b78470a0 R08: 0000000000000000 R09: 0000000000000000
[  257.280827][ T8939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.288780][ T8939] R13: 0000000000000000 R14: 00007ff7b6b45fa0 R15: 00007ffd030fc9c8
[  257.296740][ T8939]  </TASK>
[  257.300783][ T5872] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  257.451124][ T5872] usb 4-1: Using ep0 maxpacket: 8
[  257.457962][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  257.465858][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  257.477724][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  257.491043][ T5824] usb 5-1: Using ep0 maxpacket: 32
[  257.491347][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  257.497791][ T5824] usb 5-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  257.507491][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  257.526967][ T5824] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.537108][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  257.537757][ T5824] usb 5-1: config 0 descriptor??
[  257.546184][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  257.561178][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  257.561298][ T5824] as10x_usb: device has been detected
[  257.573666][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  257.589827][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  257.602588][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  257.610234][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  257.622478][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  257.641898][ T8945] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  257.648302][ T8945] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  257.661122][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  257.672934][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  257.687545][ T5872] usb 4-1: string descriptor 0 read error: -22
[  257.694188][ T5872] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  257.703710][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.826560][ T5824] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  257.832524][ T8949] netlink: 16 bytes leftover after parsing attributes in process `syz.0.735'.
[  257.861427][ T5824] usb 5-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  257.875482][ T5872] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux2
[  257.882138][ T5824] as10x_usb: error during firmware upload part1
[  257.889438][ T5824] Registered device nBox DVB-T Dongle
[  257.923744][ T5872] usb 5-1: USB disconnect, device number 24
[  257.931171][ T5824] usb 2-1: USB disconnect, device number 26
[  258.000724][ T5872] Unregistered device nBox DVB-T Dongle
[  258.002050][ T5872] as10x_usb: device has been disconnected
[  258.115486][    T9] usb 4-1: USB disconnect, device number 32
[  258.742717][ T8961] netlink: 'syz.4.739': attribute type 10 has an invalid length.
[  258.762166][ T5872] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  258.833217][ T8966] netlink: 4 bytes leftover after parsing attributes in process `syz.0.740'.
[  258.867135][ T8969] netlink: 'syz.5.742': attribute type 2 has an invalid length.
[  258.921151][ T5872] usb 4-1: Using ep0 maxpacket: 8
[  258.928037][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  258.935692][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  258.946973][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  258.985520][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  259.031482][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  259.050221][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  259.058506][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  259.080450][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  259.109988][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  259.121760][ T5871] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  259.147857][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  259.183367][ T5872] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  259.190792][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  259.206285][ T5872] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  259.237464][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  259.248843][ T5872] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  259.263614][ T5872] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  259.272844][ T5875] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  259.282210][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.290367][ T5872] usb 4-1: Product: syz
[  259.312526][ T5871] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  259.324149][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  259.333203][ T5872] usb 4-1: Manufacturer: syz
[  259.338072][ T5872] usb 4-1: SerialNumber: syz
[  259.345211][ T5871] usb 1-1: Product: syz
[  259.354383][ T5871] usb 1-1: Manufacturer: syz
[  259.361360][ T5871] usb 1-1: SerialNumber: syz
[  259.367522][ T5871] usb 1-1: config 0 descriptor??
[  259.453796][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.465141][ T5875] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.498676][ T5875] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  259.509314][ T5875] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.524974][ T5875] usb 2-1: config 0 descriptor??
[  259.756952][ T5824] usb 1-1: USB disconnect, device number 32
[  259.778450][ T8931] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  259.811084][ T5871] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  259.821289][ T8931] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  259.865894][ T5872] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  259.891036][ T5872] usb 4-1: USB disconnect, device number 33
[  259.945839][ T5875] usbhid 2-1:0.0: can't add hid device: -71
[  259.952576][ T5875] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  259.967383][ T5875] usb 2-1: USB disconnect, device number 27
[  259.974550][ T5871] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  259.985594][ T5871] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  259.996891][ T5871] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  260.006905][ T5871] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  260.016125][ T5871] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.028142][ T5871] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  260.050451][ T5871] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12
[  260.077899][ T7167] udevd[7167]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  260.131070][ T5905] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  260.283546][ T5905] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  260.296831][ T5875] usb 5-1: USB disconnect, device number 25
[  260.311030][ T5905] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  260.324005][ T5905] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  260.334756][ T5905] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  260.343951][ T5905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.364037][ T5905] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  260.429215][ T5905] snd-usb-audio 6-1:27.0: probe with driver snd-usb-audio failed with error -12
[  260.495337][ T8983] netlink: 'syz.3.749': attribute type 15 has an invalid length.
[  260.507613][ T5828] udevd[5828]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  262.114504][ T5875] usb 6-1: USB disconnect, device number 18
[  262.202845][ T9007] netlink: 'syz.3.753': attribute type 2 has an invalid length.
[  262.215118][ T9007] netlink: 24 bytes leftover after parsing attributes in process `syz.3.753'.
[  263.689999][ T9022] FAULT_INJECTION: forcing a failure.
[  263.689999][ T9022] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.703272][ T9022] CPU: 0 UID: 0 PID: 9022 Comm: syz.0.757 Not tainted 6.13.0-rc1-syzkaller #0
[  263.712119][ T9022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  263.722170][ T9022] Call Trace:
[  263.725442][ T9022]  <TASK>
[  263.728365][ T9022]  dump_stack_lvl+0x16c/0x1f0
[  263.733049][ T9022]  should_fail_ex+0x497/0x5b0
[  263.737737][ T9022]  _copy_to_user+0x32/0xd0
[  263.742160][ T9022]  bpf_test_finish.isra.0+0x55f/0x680
[  263.747540][ T9022]  ? __pfx_bpf_test_finish.isra.0+0x10/0x10
[  263.753437][ T9022]  ? __might_fault+0xe3/0x190
[  263.758122][ T9022]  ? _copy_from_user+0x59/0xd0
[  263.762886][ T9022]  bpf_prog_test_run_xdp+0xa13/0x1580
[  263.768268][ T9022]  ? lock_acquire+0x2f/0xb0
[  263.772770][ T9022]  ? __fget_files+0x40/0x3a0
[  263.777361][ T9022]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  263.783170][ T9022]  ? __fget_files+0x206/0x3a0
[  263.787858][ T9022]  ? fput+0x67/0x440
[  263.791755][ T9022]  ? __bpf_prog_get+0xa0/0x290
[  263.796523][ T9022]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  263.802331][ T9022]  __sys_bpf+0xfc6/0x49c0
[  263.806664][ T9022]  ? __pfx_lock_release+0x10/0x10
[  263.811687][ T9022]  ? __pfx___sys_bpf+0x10/0x10
[  263.816453][ T9022]  ? vfs_write+0x306/0x1150
[  263.820960][ T9022]  ? __mutex_unlock_slowpath+0x164/0x690
[  263.826609][ T9022]  ? fput+0x67/0x440
[  263.830504][ T9022]  ? ksys_write+0x1ba/0x250
[  263.835003][ T9022]  ? __pfx_ksys_write+0x10/0x10
[  263.839857][ T9022]  __x64_sys_bpf+0x78/0xc0
[  263.844280][ T9022]  ? lockdep_hardirqs_on+0x7c/0x110
[  263.849478][ T9022]  do_syscall_64+0xcd/0x250
[  263.853987][ T9022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  263.859882][ T9022] RIP: 0033:0x7f70db780849
[  263.864291][ T9022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  263.883901][ T9022] RSP: 002b:00007f70dc56d058 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  263.892315][ T9022] RAX: ffffffffffffffda RBX: 00007f70db946160 RCX: 00007f70db780849
[  263.900279][ T9022] RDX: 0000000000000050 RSI: 0000000020000340 RDI: 000000000000000a
[  263.908242][ T9022] RBP: 00007f70dc56d0a0 R08: 0000000000000000 R09: 0000000000000000
[  263.916196][ T9022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  263.924148][ T9022] R13: 0000000000000000 R14: 00007f70db946160 R15: 00007ffc3fd48838
[  263.932110][ T9022]  </TASK>
[  264.050648][ T9026] netlink: 'syz.5.761': attribute type 15 has an invalid length.
[  266.281906][ T9043] netlink: 4 bytes leftover after parsing attributes in process `syz.4.766'.
[  266.601773][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  266.601789][   T29] audit: type=1326 audit(1733151002.816:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9042 comm="syz.4.766" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5321f80849 code=0x0
[  267.149171][ T5875] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  267.525327][ T9060] netlink: 16 bytes leftover after parsing attributes in process `syz.1.770'.
[  267.666653][ T5875] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  267.668171][ T9068] netlink: 'syz.0.772': attribute type 15 has an invalid length.
[  267.677970][ T5875] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  267.695749][ T5875] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  267.705702][ T5875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.722337][ T9041] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  267.734469][ T5875] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  267.821393][  T900] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  267.980405][  T900] usb 2-1: Using ep0 maxpacket: 32
[  267.986907][  T900] usb 2-1: config 7 has an invalid interface number: 182 but max is 0
[  267.996019][  T900] usb 2-1: config 7 has no interface number 0
[  268.002871][  T900] usb 2-1: config 7 interface 182 has no altsetting 0
[  268.013842][  T900] usb 2-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=84.27
[  268.023475][  T900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  268.032537][  T900] usb 2-1: Product: syz
[  268.037069][  T900] usb 2-1: Manufacturer: syz
[  268.042030][  T900] usb 2-1: SerialNumber: syz
[  268.082088][ T5824] usb 4-1: USB disconnect, device number 34
[  268.267059][ T9078] netlink: 8 bytes leftover after parsing attributes in process `syz.0.775'.
[  268.545991][ T9079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  268.551947][   T29] audit: type=1400 audit(1733151004.756:943): avc:  denied  { mount } for  pid=9065 comm="syz.1.771" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  268.587373][ T9079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  268.634180][  T900] snd-usb-audio 2-1:7.182: probe with driver snd-usb-audio failed with error -71
[  268.693852][  T900] usb 2-1: USB disconnect, device number 28
[  268.899343][ T9087] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  268.905758][ T9087] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  269.975549][ T9108] netlink: 'syz.0.782': attribute type 2 has an invalid length.
[  269.988581][ T9108] netlink: 24 bytes leftover after parsing attributes in process `syz.0.782'.
[  271.211625][  T900] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  271.321091][ T5824] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  271.381103][  T900] usb 1-1: Using ep0 maxpacket: 8
[  271.424627][  T900] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  271.433337][  T900] usb 1-1: config 179 has no interface number 0
[  271.439620][  T900] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  271.450772][  T900] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  271.463384][  T900] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  271.478142][  T900] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  271.493438][  T900] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  271.502560][  T900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.512964][ T9116] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  271.533695][ T5824] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  271.544829][ T5824] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  271.573016][ T5824] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  271.582302][ T5824] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.606191][ T9118] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  271.621923][ T5824] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  271.757919][ T9116] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  271.771264][ T9116] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  271.781756][ T5824] usb 1-1: USB disconnect, device number 33
[  271.964102][ T5824] usb 2-1: USB disconnect, device number 29
[  272.071220][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.080285][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.089639][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.098931][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.108009][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.209086][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.218155][ T9135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.794'.
[  272.326446][ T9139] SELinux:  policydb version 2094917270 does not match my version range 15-33
[  272.335526][ T9139] SELinux: failed to load policy
[  273.104867][ T9147] netlink: 'syz.0.796': attribute type 2 has an invalid length.
[  273.117323][ T9147] netlink: 24 bytes leftover after parsing attributes in process `syz.0.796'.
[  274.972012][ T9186] netlink: 'syz.4.808': attribute type 2 has an invalid length.
[  275.005358][ T9186] : entered promiscuous mode
[  275.671597][  T900] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  275.821059][  T900] usb 1-1: Using ep0 maxpacket: 8
[  275.916301][  T900] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  275.932379][  T900] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  275.960752][  T900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  276.033069][  T900] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  276.105978][  T900] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  276.141048][    T9] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  276.162677][  T900] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  276.177054][  T900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.255799][ T9204] bond2: entered promiscuous mode
[  276.327177][ T9208] netlink: 16 bytes leftover after parsing attributes in process `syz.1.814'.
[  276.337713][    T9] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  276.349571][    T9] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  276.361651][    T9] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  276.382252][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.401567][  T900] usb 1-1: usb_control_msg returned -32
[  276.407449][  T900] usbtmc 1-1:16.0: can't read capabilities
[  276.430025][ T9198] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  276.443851][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  276.767473][    T9] usb 6-1: USB disconnect, device number 19
[  277.394199][ T9218] usbtmc 1-1:16.0: usb_control_msg returned -32
[  277.470494][ T9220] 9pnet_fd: Insufficient options for proto=fd
[  277.971265][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  277.980418][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  277.996229][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  278.005371][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  278.015480][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  278.024453][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  278.033370][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.4.820'.
[  278.774938][    T9] usb 1-1: USB disconnect, device number 34
[  278.856783][ T9239] FAULT_INJECTION: forcing a failure.
[  278.856783][ T9239] name failslab, interval 1, probability 0, space 0, times 0
[  278.870604][ T9239] CPU: 0 UID: 0 PID: 9239 Comm: syz.3.825 Not tainted 6.13.0-rc1-syzkaller #0
[  278.879472][ T9239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  278.889537][ T9239] Call Trace:
[  278.892818][ T9239]  <TASK>
[  278.895746][ T9239]  dump_stack_lvl+0x16c/0x1f0
[  278.900437][ T9239]  should_fail_ex+0x497/0x5b0
[  278.905131][ T9239]  ? fs_reclaim_acquire+0xae/0x150
[  278.910254][ T9239]  should_failslab+0xc2/0x120
[  278.914934][ T9239]  __kmalloc_noprof+0xcb/0x510
[  278.919719][ T9239]  ? d_absolute_path+0x137/0x1b0
[  278.924671][ T9239]  ? rcu_is_watching+0x12/0xc0
[  278.929442][ T9239]  tomoyo_encode2+0x100/0x3e0
[  278.934118][ T9239]  tomoyo_encode+0x29/0x50
[  278.938523][ T9239]  tomoyo_realpath_from_path+0x19d/0x720
[  278.944147][ T9239]  tomoyo_path_number_perm+0x248/0x590
[  278.949587][ T9239]  ? tomoyo_path_number_perm+0x235/0x590
[  278.955203][ T9239]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  278.961188][ T9239]  ? __pfx_lock_release+0x10/0x10
[  278.966195][ T9239]  ? trace_lock_acquire+0x14e/0x1f0
[  278.971394][ T9239]  ? lock_acquire+0x2f/0xb0
[  278.975896][ T9239]  ? __fget_files+0x40/0x3a0
[  278.980472][ T9239]  ? __fget_files+0x206/0x3a0
[  278.985133][ T9239]  security_file_ioctl+0x9b/0x240
[  278.990171][ T9239]  __x64_sys_ioctl+0xb7/0x200
[  278.994852][ T9239]  do_syscall_64+0xcd/0x250
[  278.999366][ T9239]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.005281][ T9239] RIP: 0033:0x7ff1cc580849
[  279.009687][ T9239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.029303][ T9239] RSP: 002b:00007ff1cd3cc058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.037707][ T9239] RAX: ffffffffffffffda RBX: 00007ff1cc745fa0 RCX: 00007ff1cc580849
[  279.045662][ T9239] RDX: 0000000020000040 RSI: 0000000040046109 RDI: 0000000000000003
[  279.053616][ T9239] RBP: 00007ff1cd3cc0a0 R08: 0000000000000000 R09: 0000000000000000
[  279.061567][ T9239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.069517][ T9239] R13: 0000000000000000 R14: 00007ff1cc745fa0 R15: 00007ffee9fcc568
[  279.077477][ T9239]  </TASK>
[  279.132040][ T9239] ERROR: Out of memory at tomoyo_realpath_from_path.
[  279.251208][  T900] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  280.253579][ T9288] ieee802154 phy0 wpan0: encryption failed: -22
[  280.821202][ T5905] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  280.884351][  T900] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  280.902181][  T900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.941158][  T900] usb 6-1: Product: syz
[  280.945533][  T900] usb 6-1: Manufacturer: syz
[  280.950137][  T900] usb 6-1: SerialNumber: syz
[  281.001750][  T900] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  281.044578][ T9320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.834'.
[  281.136525][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.147709][ T5905] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  281.149953][ T9320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.834'.
[  281.157653][ T5905] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  281.175774][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.176554][ T9320] netlink: 4 bytes leftover after parsing attributes in process `syz.4.834'.
[  281.188122][   T51] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  281.221148][ T5905] usb 4-1: config 0 descriptor??
[  281.376132][ T9325] fuse: Bad value for 'fd'
[  281.526484][ T9237] netlink: 'syz.5.824': attribute type 4 has an invalid length.
[  281.536323][ T9237] netlink: 'syz.5.824': attribute type 4 has an invalid length.
[  281.990414][   T29] audit: type=1400 audit(1733151018.196:944): avc:  denied  { setopt } for  pid=9333 comm="syz.1.837" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  282.017633][ T9335] netlink: 'syz.1.837': attribute type 10 has an invalid length.
[  282.018123][ T5905] usbhid 4-1:0.0: can't add hid device: -71
[  282.028475][    T9] usb 6-1: USB disconnect, device number 20
[  282.056072][ T5905] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  282.076241][ T5905] usb 4-1: USB disconnect, device number 35
[  282.085110][ T9335] 8021q: adding VLAN 0 to HW filter on device bond0
[  282.104457][ T9335] team0: Port device bond0 added
[  282.296781][   T29] audit: type=1400 audit(1733151018.506:945): avc:  denied  { create } for  pid=9349 comm="syz.1.844" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  282.341069][    T8] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  282.451354][   T29] audit: type=1400 audit(1733151018.666:946): avc:  denied  { write } for  pid=9349 comm="syz.1.844" name="file0" dev="tmpfs" ino=855 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  282.504105][   T29] audit: type=1400 audit(1733151018.666:947): avc:  denied  { open } for  pid=9349 comm="syz.1.844" path="/157/file0" dev="tmpfs" ino=855 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  282.535200][    T8] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  282.536545][ T9237] syz.5.824 (9237) used greatest stack depth: 20448 bytes left
[  282.551014][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.610237][    T8] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  282.633880][    T8] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  282.650098][    T8] usb 5-1: Manufacturer: syz
[  282.681734][    T8] usb 5-1: config 0 descriptor??
[  282.691558][   T29] audit: type=1400 audit(1733151018.906:948): avc:  denied  { read } for  pid=9353 comm="syz.5.845" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  282.725099][ T9356] xt_hashlimit: invalid interval
[  282.750234][   T29] audit: type=1400 audit(1733151018.906:949): avc:  denied  { open } for  pid=9353 comm="syz.5.845" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  282.821440][    T8] rc_core: IR keymap rc-hauppauge not found
[  282.826675][   T29] audit: type=1400 audit(1733151018.906:950): avc:  denied  { ioctl } for  pid=9353 comm="syz.5.845" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x9376 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  282.835821][    T8] Registered IR keymap rc-empty
[  282.904256][    T8] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  282.905876][   T51] usb 6-1: Service connection timeout for: 256
[  282.922264][   T29] audit: type=1400 audit(1733151018.936:951): avc:  denied  { setopt } for  pid=9353 comm="syz.5.845" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  282.946458][   T51] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  282.957548][   T51] ath9k_htc: Failed to initialize the device
[  283.111915][    T9] usb 6-1: ath9k_htc: USB layer deinitialized
[  283.123251][    T8] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input11
[  283.167848][ T9363] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  283.174292][ T9363] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  283.191047][   T29] audit: type=1400 audit(1733151019.216:952): avc:  denied  { map } for  pid=9339 comm="syz.4.840" path="socket:[24632]" dev="sockfs" ino=24632 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  283.416350][   T29] audit: type=1400 audit(1733151019.216:953): avc:  denied  { read } for  pid=9339 comm="syz.4.840" path="socket:[24632]" dev="sockfs" ino=24632 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  283.545335][ T9374] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  284.988715][    T9] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  285.271277][ T9328] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  285.351407][ T5871] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  285.439125][ T9394] block device autoloading is deprecated and will be removed.
[  285.449066][    T9] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  285.461559][ T5904] usb 5-1: USB disconnect, device number 26
[  285.471096][    T9] usb 6-1: config 0 has no interface number 0
[  285.473711][ T9328] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  285.477196][    T9] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  285.507085][ T9328] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  285.515293][    T9] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  285.545801][ T9328] usb 1-1: Product: syz
[  285.551257][    T9] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  285.560497][ T9328] usb 1-1: Manufacturer: syz
[  285.567537][ T9328] usb 1-1: SerialNumber: syz
[  285.570985][    T9] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  285.587134][ T9328] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  285.601362][    T9] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  285.613694][ T5905] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  285.624500][ T5871] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[  285.647074][ T5871] usb 2-1: config 0 has no interface number 0
[  285.665879][ T5871] usb 2-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  285.678511][    T9] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  285.691759][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.700000][ T5871] usb 2-1: New USB device found, idVendor=06cd, idProduct=0152, bcdDevice=a8.a4
[  285.711003][    T9] usb 6-1: config 0 descriptor??
[  285.733884][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  285.896752][ T5871] usb 2-1: config 0 descriptor??
[  285.912537][    T9] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  285.947534][ T9397] netlink: 'syz.0.856': attribute type 4 has an invalid length.
[  286.078149][ T9405] netlink: 'syz.0.856': attribute type 4 has an invalid length.
[  286.438925][ T9369] atomic_op ffff888057e8b998 conn xmit_atomic 0000000000000000
[  286.458346][    T9] usb 6-1: USB disconnect, device number 21
[  286.466341][    T9] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  286.761216][    T9] usb 1-1: USB disconnect, device number 35
[  287.088507][ T9414] __nla_validate_parse: 4 callbacks suppressed
[  287.088546][ T9414] netlink: 8 bytes leftover after parsing attributes in process `syz.3.861'.
[  287.320804][ T5875] usb 2-1: USB disconnect, device number 30
[  287.638273][ T5905] usb 1-1: Service connection timeout for: 256
[  287.644580][ T5905] ath9k_htc 1-1:1.0: ath9k_htc: Unable to initialize HTC services
[  287.655021][ T5905] ath9k_htc: Failed to initialize the device
[  287.669396][    T9] usb 1-1: ath9k_htc: USB layer deinitialized
[  287.791041][   T51] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  287.951560][   T51] usb 6-1: Using ep0 maxpacket: 8
[  287.969185][   T51] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  288.021529][   T51] usb 6-1: config 0 has no interface number 0
[  288.036917][   T51] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  288.050111][   T51] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  288.064385][   T51] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  288.077759][   T51] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  288.110733][   T51] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  288.165282][   T51] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.243785][   T51] usb 6-1: config 0 descriptor??
[  288.293630][   T51] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  288.438843][ T9433] ieee802154 phy0 wpan0: encryption failed: -90
[  288.457546][ T9433] ieee802154 phy0 wpan0: encryption failed: -22
[  288.490440][ T9418] xt_hashlimit: max too large, truncated to 1048576
[  288.501151][    T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  288.668510][    T9] usb 2-1: Using ep0 maxpacket: 16
[  288.685594][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  288.713506][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  288.727715][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  288.743592][   T51] usb 6-1: USB disconnect, device number 22
[  288.750626][   T51] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  288.789745][    T9] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  288.931086][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.939107][    T9] usb 2-1: Product: syz
[  288.954687][    T9] usb 2-1: Manufacturer: syz
[  288.959325][    T9] usb 2-1: SerialNumber: syz
[  288.983857][    T9] usb 2-1: config 0 descriptor??
[  289.003596][ T9431] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  289.011880][    T9] hub 2-1:0.0: bad descriptor, ignoring hub
[  289.017813][    T9] hub 2-1:0.0: probe with driver hub failed with error -5
[  289.027016][    T9] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input12
[  289.045657][ T9446] netlink: 'syz.4.870': attribute type 10 has an invalid length.
[  289.801510][   T51] usb 2-1: USB disconnect, device number 31
[  289.807481][    C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  289.882853][ T9455] netlink: 'syz.3.874': attribute type 15 has an invalid length.
[  289.896703][ T9456] netlink: 8 bytes leftover after parsing attributes in process `syz.0.873'.
[  289.901454][ T9458] FAULT_INJECTION: forcing a failure.
[  289.901454][ T9458] name failslab, interval 1, probability 0, space 0, times 0
[  289.948611][ T9458] CPU: 1 UID: 0 PID: 9458 Comm: syz.5.875 Not tainted 6.13.0-rc1-syzkaller #0
[  289.957508][ T9458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  289.967577][ T9458] Call Trace:
[  289.970854][ T9458]  <TASK>
[  289.973780][ T9458]  dump_stack_lvl+0x16c/0x1f0
[  289.978466][ T9458]  should_fail_ex+0x497/0x5b0
[  289.983156][ T9458]  ? fs_reclaim_acquire+0xae/0x150
[  289.988292][ T9458]  should_failslab+0xc2/0x120
[  289.992981][ T9458]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  289.998389][ T9458]  ? security_file_alloc+0x34/0x2b0
[  290.003614][ T9458]  security_file_alloc+0x34/0x2b0
[  290.008650][ T9458]  init_file+0x93/0x480
[  290.012816][ T9458]  alloc_empty_file+0x91/0x1e0
[  290.017593][ T9458]  path_openat+0xe1/0x2d60
[  290.022010][ T9458]  ? hlock_class+0x4e/0x130
[  290.026524][ T9458]  ? __lock_acquire+0x15a9/0x3c40
[  290.031559][ T9458]  ? __pfx_path_openat+0x10/0x10
[  290.036500][ T9458]  ? __pfx___lock_acquire+0x10/0x10
[  290.041704][ T9458]  ? lock_acquire.part.0+0x11b/0x380
[  290.046993][ T9458]  ? find_held_lock+0x2d/0x110
[  290.051775][ T9458]  do_filp_open+0x20c/0x470
[  290.056296][ T9458]  ? __pfx_do_filp_open+0x10/0x10
[  290.061339][ T9458]  ? find_held_lock+0x2d/0x110
[  290.066139][ T9458]  ? alloc_fd+0x41f/0x760
[  290.070465][ T9458]  do_sys_openat2+0x17a/0x1e0
[  290.075131][ T9458]  ? __pfx_do_sys_openat2+0x10/0x10
[  290.080318][ T9458]  ? __fget_files+0x206/0x3a0
[  290.084981][ T9458]  __x64_sys_openat+0x175/0x210
[  290.089815][ T9458]  ? __pfx___x64_sys_openat+0x10/0x10
[  290.095173][ T9458]  ? ksys_write+0x1ba/0x250
[  290.099662][ T9458]  do_syscall_64+0xcd/0x250
[  290.104154][ T9458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.110032][ T9458] RIP: 0033:0x7ff7b697f1b0
[  290.114444][ T9458] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 8f 02 00 8b 44
[  290.134034][ T9458] RSP: 002b:00007ff7b7846f30 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  290.142435][ T9458] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007ff7b697f1b0
[  290.150386][ T9458] RDX: 0000000000000002 RSI: 00007ff7b7846fc0 RDI: 00000000ffffff9c
[  290.158336][ T9458] RBP: 00007ff7b7846fc0 R08: 0000000000000000 R09: 0000000000000000
[  290.166287][ T9458] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  290.174238][ T9458] R13: 0000000000000000 R14: 00007ff7b6b45fa0 R15: 00007ffd030fc9c8
[  290.182197][ T9458]  </TASK>
[  290.211774][ T5904] kernel write not supported for file /snd/seq (pid: 5904 comm: kworker/1:4)
[  290.866207][ T9466] 9pnet_fd: Insufficient options for proto=fd
[  290.879958][   T29] kauditd_printk_skb: 2 callbacks suppressed
[  290.879973][   T29] audit: type=1326 audit(1733151027.086:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  290.909597][   T29] audit: type=1326 audit(1733151027.086:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  290.933045][   T29] audit: type=1326 audit(1733151027.086:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f89b2f7f1b0 code=0x7ffc0000
[  290.956396][   T29] audit: type=1326 audit(1733151027.086:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  290.979874][   T29] audit: type=1326 audit(1733151027.106:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.003276][   T29] audit: type=1326 audit(1733151027.106:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.026502][   T29] audit: type=1326 audit(1733151027.106:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.050239][   T29] audit: type=1326 audit(1733151027.106:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.074259][   T29] audit: type=1326 audit(1733151027.106:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.103037][   T29] audit: type=1326 audit(1733151027.106:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9469 comm="syz.1.879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f89b2f80849 code=0x7ffc0000
[  291.152114][ T9468] netlink: 4 bytes leftover after parsing attributes in process `syz.5.878'.
[  291.647120][ T9465] Process accounting resumed
[  292.529975][ T9501] netlink: 'syz.1.887': attribute type 15 has an invalid length.
[  292.648488][ T9503] netlink: 16 bytes leftover after parsing attributes in process `syz.3.888'.
[  293.167670][ T9517] binder: 9516:9517 ioctl c0306201 0 returned -14
[  293.221026][ T5904] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  293.377857][ T5904] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  293.389572][ T5904] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  293.398740][ T5904] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.430772][ T5904] usb 4-1: config 0 descriptor??
[  293.454399][ T9521] netlink: 8 bytes leftover after parsing attributes in process `syz.4.894'.
[  293.471287][ T5905] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  293.636485][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  293.646414][ T5905] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  293.669906][ T5905] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  293.681297][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.725746][ T5905] usb 1-1: config 0 descriptor??
[  293.780498][ T5905] gspca_main: spca561-2.14.0 probing abcd:cdee
[  293.899735][ T9525] sp0: Synchronizing with TNC
[  293.905587][ T9525] sp0: Found TNC
[  294.023945][ T9528] netlink: 'syz.4.896': attribute type 4 has an invalid length.
[  294.083339][ T9529] FAULT_INJECTION: forcing a failure.
[  294.083339][ T9529] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  294.096615][ T9529] CPU: 1 UID: 0 PID: 9529 Comm: syz.5.895 Not tainted 6.13.0-rc1-syzkaller #0
[  294.105520][ T9529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  294.115628][ T9529] Call Trace:
[  294.118915][ T9529]  <TASK>
[  294.121853][ T9529]  dump_stack_lvl+0x16c/0x1f0
[  294.126582][ T9529]  should_fail_ex+0x497/0x5b0
[  294.131282][ T9529]  _copy_to_user+0x32/0xd0
[  294.135700][ T9529]  drm_ioctl+0x5fe/0xc00
[  294.139940][ T9529]  ? __pfx_drm_syncobj_transfer_ioctl+0x10/0x10
[  294.146260][ T9529]  ? __pfx_drm_ioctl+0x10/0x10
[  294.151048][ T9529]  ? __x64_sys_ioctl+0xc3/0x200
[  294.155921][ T9529]  ? __pfx_drm_ioctl+0x10/0x10
[  294.160688][ T9529]  __x64_sys_ioctl+0x190/0x200
[  294.165459][ T9529]  do_syscall_64+0xcd/0x250
[  294.169952][ T9529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.175836][ T9529] RIP: 0033:0x7ff7b6980849
[  294.180236][ T9529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.199828][ T9529] RSP: 002b:00007ff7b7826058 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.208240][ T9529] RAX: ffffffffffffffda RBX: 00007ff7b6b46080 RCX: 00007ff7b6980849
[  294.216200][ T9529] RDX: 0000000020000080 RSI: 00000000c02064cc RDI: 0000000000000003
[  294.224243][ T9529] RBP: 00007ff7b78260a0 R08: 0000000000000000 R09: 0000000000000000
[  294.232198][ T9529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.240167][ T9529] R13: 0000000000000000 R14: 00007ff7b6b46080 R15: 00007ffd030fc9c8
[  294.248132][ T9529]  </TASK>
[  294.262593][ T9526] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.367639][ T5904] usbhid 4-1:0.0: can't add hid device: -71
[  294.378154][ T5904] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  294.460419][ T5904] usb 4-1: USB disconnect, device number 36
[  294.483936][ T9524] [U] è`
[  294.486547][ T5905] spca561 1-1:0.0: probe with driver spca561 failed with error -22
[  294.500750][ T5905] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  294.507840][ T5905] usb 1-1: MIDIStreaming interface descriptor not found
[  294.758749][ T9544] netlink: 16 bytes leftover after parsing attributes in process `syz.4.900'.
[  294.871231][ T9328] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  295.774106][ T9328] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  295.783561][ T9328] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.792352][ T9328] usb 6-1: Product: syz
[  295.796924][ T9328] usb 6-1: Manufacturer: syz
[  295.824825][ T9328] usb 6-1: SerialNumber: syz
[  295.907630][ T9328] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  295.927631][ T5905] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  296.194234][ T9537] netlink: 'syz.5.898': attribute type 4 has an invalid length.
[  296.207660][ T9537] netlink: 'syz.5.898': attribute type 4 has an invalid length.
[  297.078790][    T9] usb 6-1: USB disconnect, device number 23
[  297.092230][ T5904] usb 1-1: USB disconnect, device number 36
[  297.691027][ T5905] usb 6-1: Service connection timeout for: 256
[  297.697319][ T5905] ath9k_htc 6-1:1.0: ath9k_htc: Unable to initialize HTC services
[  297.736144][ T5904] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  297.764839][ T5905] ath9k_htc: Failed to initialize the device
[  297.861126][    T9] usb 6-1: ath9k_htc: USB layer deinitialized
[  297.891098][ T5904] usb 2-1: Using ep0 maxpacket: 32
[  298.044089][ T5904] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  298.157274][ T5904] usb 2-1: New USB device found, idVendor=0483, idProduct=3747, bcdDevice=20.43
[  298.168597][ T5904] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.181414][ T5904] usb 2-1: Product: syz
[  298.186048][ T5904] usb 2-1: Manufacturer: syz
[  298.190769][ T5904] usb 2-1: SerialNumber: syz
[  298.197267][ T5904] usb 2-1: config 0 descriptor??
[  298.300374][ T9592] netlink: 4 bytes leftover after parsing attributes in process `syz.5.915'.
[  298.382850][   T29] kauditd_printk_skb: 28 callbacks suppressed
[  298.382865][   T29] audit: type=1326 audit(1733151034.596:994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9591 comm="syz.5.915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff7b6980849 code=0x0
[  298.434598][   T29] audit: type=1400 audit(1733151034.616:995): avc:  denied  { getopt } for  pid=9581 comm="syz.1.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  298.477980][ T9599] netlink: 'syz.1.912': attribute type 4 has an invalid length.
[  298.548201][   T29] audit: type=1400 audit(1733151034.756:996): avc:  denied  { getopt } for  pid=9581 comm="syz.1.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  299.119553][ T9609] netlink: 8 bytes leftover after parsing attributes in process `syz.4.918'.
[  299.306209][ T9613] netlink: 'syz.3.920': attribute type 15 has an invalid length.
[  299.337724][ T9616] FAULT_INJECTION: forcing a failure.
[  299.337724][ T9616] name failslab, interval 1, probability 0, space 0, times 0
[  299.869283][ T9616] CPU: 1 UID: 0 PID: 9616 Comm: syz.3.921 Not tainted 6.13.0-rc1-syzkaller #0
[  299.878191][ T9616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  299.888267][ T9616] Call Trace:
[  299.891550][ T9616]  <TASK>
[  299.894479][ T9616]  dump_stack_lvl+0x16c/0x1f0
[  299.899135][ T9616]  should_fail_ex+0x497/0x5b0
[  299.903792][ T9616]  ? fs_reclaim_acquire+0xae/0x150
[  299.908882][ T9616]  should_failslab+0xc2/0x120
[  299.913545][ T9616]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  299.919330][ T9616]  ? __alloc_skb+0x2b1/0x380
[  299.923917][ T9616]  __alloc_skb+0x2b1/0x380
[  299.928332][ T9616]  ? __pfx___alloc_skb+0x10/0x10
[  299.933258][ T9616]  ? selinux_socket_getpeersec_dgram+0x1a5/0x370
[  299.939574][ T9616]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  299.946246][ T9616]  netlink_alloc_large_skb+0x69/0x130
[  299.951602][ T9616]  netlink_sendmsg+0x689/0xd70
[  299.956364][ T9616]  ? __pfx_netlink_sendmsg+0x10/0x10
[  299.961654][ T9616]  ____sys_sendmsg+0xaaf/0xc90
[  299.966407][ T9616]  ? copy_msghdr_from_user+0x10b/0x160
[  299.971861][ T9616]  ? __pfx_____sys_sendmsg+0x10/0x10
[  299.977137][ T9616]  ___sys_sendmsg+0x135/0x1e0
[  299.981805][ T9616]  ? __pfx____sys_sendmsg+0x10/0x10
[  299.987004][ T9616]  ? __pfx_lock_release+0x10/0x10
[  299.992009][ T9616]  ? trace_lock_acquire+0x14e/0x1f0
[  299.997201][ T9616]  ? __fget_files+0x206/0x3a0
[  300.001868][ T9616]  __sys_sendmsg+0x16e/0x220
[  300.006447][ T9616]  ? __pfx___sys_sendmsg+0x10/0x10
[  300.011562][ T9616]  do_syscall_64+0xcd/0x250
[  300.016065][ T9616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.021942][ T9616] RIP: 0033:0x7ff1cc580849
[  300.026336][ T9616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.045924][ T9616] RSP: 002b:00007ff1cd3cc058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  300.054315][ T9616] RAX: ffffffffffffffda RBX: 00007ff1cc745fa0 RCX: 00007ff1cc580849
[  300.062273][ T9616] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003
[  300.070223][ T9616] RBP: 00007ff1cd3cc0a0 R08: 0000000000000000 R09: 0000000000000000
[  300.078185][ T9616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.086148][ T9616] R13: 0000000000000000 R14: 00007ff1cc745fa0 R15: 00007ffee9fcc568
[  300.094110][ T9616]  </TASK>
[  300.241078][ T9622] netlink: 16 bytes leftover after parsing attributes in process `syz.3.924'.
[  301.152945][   T29] audit: type=1400 audit(1733151036.836:997): avc:  denied  { getopt } for  pid=9629 comm="syz.3.926" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  301.420642][ T5875] usb 2-1: USB disconnect, device number 32
[  302.084786][ T9645] tty tty3: ldisc open failed (-12), clearing slot 2
[  302.558163][   T29] audit: type=1400 audit(1733151038.526:998): avc:  denied  { cmd } for  pid=9653 comm="syz.5.932" path="socket:[25881]" dev="sockfs" ino=25881 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  303.517776][ T9662] netlink: 8 bytes leftover after parsing attributes in process `syz.4.934'.
[  304.465846][ T5905] IPVS: starting estimator thread 0...
[  304.561169][ T9679] IPVS: using max 27 ests per chain, 64800 per kthread
[  305.061688][ T5871] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  305.332062][ T5871] usb 5-1: Using ep0 maxpacket: 32
[  305.436851][ T5871] usb 5-1: config index 0 descriptor too short (expected 292, got 36)
[  305.452438][ T5871] usb 5-1: config 255 has an invalid interface number: 16 but max is 2
[  305.467409][ T5871] usb 5-1: config 255 has 1 interface, different from the descriptor's value: 3
[  305.501512][ T5871] usb 5-1: config 255 has no interface number 0
[  305.507826][   T29] audit: type=1400 audit(1733151041.716:999): avc:  denied  { getopt } for  pid=9699 comm="syz.3.946" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  305.532712][ T5871] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01
[  305.555090][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.563049][ T9703] input: syz1 as /devices/virtual/input/input13
[  305.571201][ T5905] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  305.592104][ T5871] usb 5-1: Product: syz
[  305.601028][ T5871] usb 5-1: Manufacturer: syz
[  305.611119][ T5871] usb 5-1: SerialNumber: syz
[  305.619860][ T5871] ums-jumpshot 5-1:255.16: USB Mass Storage device detected
[  305.656454][ T5871] ums-jumpshot 5-1:255.16: Quirks match for vid 05dc pid 0001: 2
[  305.681076][ T5871] scsi host1: usb-storage 5-1:255.16
[  305.745962][ T5905] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  305.754942][ T5905] usb 2-1: config 0 has no interface number 0
[  305.764178][ T5905] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  305.782400][ T5905] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  305.793803][ T5905] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  305.803178][ T5905] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.814171][ T5905] usb 2-1: config 0 descriptor??
[  305.831914][ T9697] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  305.843992][ T5905] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  305.943216][   T29] audit: type=1400 audit(1733151042.156:1000): avc:  denied  { create } for  pid=9709 comm="syz.0.948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  306.082814][ T9695] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  306.115796][ T9695] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  306.141708][ T5871] usb 2-1: USB disconnect, device number 33
[  306.491103][ T5875] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  306.661010][ T5875] usb 1-1: Using ep0 maxpacket: 8
[  306.676431][ T5875] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  306.692422][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  306.711678][ T5875] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  306.743294][ T2956] scsi 1:0:0:0: Direct-Access     Lexar    Jumpshot USB CF  0001 PQ: 0 ANSI: 0 CCS
[  306.754968][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  306.769805][ T2956] scsi 1:0:0:1: Direct-Access     Lexar    Jumpshot USB CF  0001 PQ: 0 ANSI: 0 CCS
[  306.776372][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  306.809914][ T5875] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  306.830625][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  306.839308][ T2956] scsi 1:0:0:0: Attached scsi generic sg1 type 0
[  306.855380][ T5875] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  306.872345][ T2956] sd 1:0:0:1: Attached scsi generic sg2 type 0
[  306.882831][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  306.904722][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  306.929467][ T5875] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  306.937752][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  306.971359][ T5875] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  306.983204][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  306.994303][ T5875] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  307.033664][ T5875] usb 1-1: string descriptor 0 read error: -22
[  307.039961][ T5875] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  307.050593][ T5875] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.189977][ T5875] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  307.227625][ T9731] netlink: 4 bytes leftover after parsing attributes in process `syz.1.952'.
[  307.511946][ T5871] usb 1-1: USB disconnect, device number 37
[  307.863432][    T9] usb 5-1: USB disconnect, device number 27
[  307.915159][ T6330] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
[  307.927536][   T11] sd 1:0:0:1: [sdc] Test Unit Ready failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[  307.946070][   T11] sd 1:0:0:1: [sdc] Read Capacity(10) failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[  307.951369][ T6330] sd 1:0:0:0: [sdb] Sense not available.
[  307.958132][   T11] sd 1:0:0:1: [sdc] Sense not available.
[  307.969088][   T11] sd 1:0:0:1: [sdc] 0 512-byte logical blocks: (0 B/0 B)
[  307.971459][ T6330] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  307.976633][   T11] sd 1:0:0:1: [sdc] 0-byte physical blocks
[  307.989498][   T11] sd 1:0:0:1: [sdc] Test WP failed, assume Write Enabled
[  308.005033][ T9742] bridge0: port 3(erspan0) entered blocking state
[  308.011855][   T11] sd 1:0:0:1: [sdc] Asking for cache data failed
[  308.018060][ T6330] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  308.018647][   T11] sd 1:0:0:1: [sdc] Assuming drive cache: write through
[  308.031034][ T5904] usb 1-1: new low-speed USB device number 38 using dummy_hcd
[  308.039451][ T9742] bridge0: port 3(erspan0) entered disabled state
[  308.046625][ T9742] erspan0: entered allmulticast mode
[  308.051090][ T6330] sd 1:0:0:0: [sdb] Write Protect is off
[  308.053640][   T11] 
[  308.057555][ T6330] sd 1:0:0:0: [sdb] Mode Sense: 00 00 00 00
[  308.059844][   T11] ======================================================
[  308.059850][   T11] WARNING: possible circular locking dependency detected
[  308.059857][   T11] 6.13.0-rc1-syzkaller #0 Not tainted
[  308.059865][   T11] ------------------------------------------------------
[  308.059870][   T11] kworker/u8:0/11 is trying to acquire lock:
[  308.098012][   T11] ffff888028cd5758 (&q->debugfs_mutex){+.+.}-{4:4}, at: blk_mq_init_sched+0x42b/0x640
[  308.107573][   T11] 
[  308.107573][   T11] but task is already holding lock:
[  308.114913][   T11] ffff888028cd4f20 (&q->q_usage_counter(queue)#55){++++}-{0:0}, at: add_disk_fwnode+0x113/0x1300
[  308.125423][   T11] 
[  308.125423][   T11] which lock already depends on the new lock.
[  308.125423][   T11] 
[  308.135803][   T11] 
[  308.135803][   T11] the existing dependency chain (in reverse order) is:
[  308.144793][   T11] 
[  308.144793][   T11] -> #5 (&q->q_usage_counter(queue)#55){++++}-{0:0}:
[  308.153631][   T11]        blk_queue_enter+0x50f/0x640
[  308.158895][   T11]        blk_mq_alloc_request+0x59b/0x950
[  308.164598][   T11]        scsi_execute_cmd+0x1eb/0xf40
[  308.169950][   T11]        read_capacity_10+0x1d4/0x6d0
[  308.175301][   T11]        sd_revalidate_disk.isra.0+0x3145/0xa8d0
[  308.181607][   T11]        sd_probe+0x904/0x1000
[  308.186348][   T11]        really_probe+0x23e/0xa90
[  308.191354][   T11]        __driver_probe_device+0x1de/0x440
[  308.197140][   T11]        driver_probe_device+0x4c/0x1b0
[  308.202669][   T11]        __device_attach_driver+0x1df/0x310
[  308.208542][   T11]        bus_for_each_drv+0x157/0x1e0
[  308.213889][   T11]        __device_attach_async_helper+0x1d3/0x290
[  308.220283][   T11]        async_run_entry_fn+0x9c/0x530
[  308.225723][   T11]        process_one_work+0x9c5/0x1ba0
[  308.231159][   T11]        worker_thread+0x6c8/0xf00
[  308.236254][   T11]        kthread+0x2c1/0x3a0
[  308.240826][   T11]        ret_from_fork+0x45/0x80
[  308.245744][   T11]        ret_from_fork_asm+0x1a/0x30
[  308.251012][   T11] 
[  308.251012][   T11] -> #4 (&q->limits_lock){+.+.}-{4:4}:
[  308.258632][   T11]        __mutex_lock+0x19b/0xa60
[  308.263640][   T11]        __nbd_set_size+0x2c0/0x730
[  308.268815][   T11]        nbd_start_device+0x8fd/0xd70
[  308.274184][   T11]        nbd_ioctl+0x21a/0xfd0
[  308.278926][   T11]        blkdev_ioctl+0x276/0x6d0
[  308.283924][   T11]        __x64_sys_ioctl+0x190/0x200
[  308.289205][   T11]        do_syscall_64+0xcd/0x250
[  308.294209][   T11]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.300606][   T11] 
[  308.300606][   T11] -> #3 (&q->q_usage_counter(io)#53){++++}-{0:0}:
[  308.309187][   T11]        blk_mq_submit_bio+0x1fb6/0x24c0
[  308.314797][   T11]        __submit_bio+0x384/0x540
[  308.319800][   T11]        submit_bio_noacct_nocheck+0x698/0xd70
[  308.325928][   T11]        submit_bio_noacct+0x93a/0x1e20
[  308.331452][   T11]        block_read_full_folio+0x812/0xa50
[  308.337234][   T11]        filemap_read_folio+0xc6/0x2a0
[  308.342672][   T11]        filemap_get_pages+0x155f/0x1be0
[  308.348282][   T11]        filemap_read+0x3ca/0xd70
[  308.353284][   T11]        blkdev_read_iter+0x187/0x480
[  308.358633][   T11]        vfs_read+0x87f/0xbe0
[  308.363286][   T11]        ksys_read+0x12b/0x250
[  308.368025][   T11]        do_syscall_64+0xcd/0x250
[  308.373030][   T11]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.379426][   T11] 
[  308.379426][   T11] -> #2 (mapping.invalidate_lock#2){.+.+}-{4:4}:
[  308.387916][   T11]        down_read+0x9a/0x330
[  308.392574][   T11]        page_cache_ra_unbounded+0x173/0x750
[  308.398536][   T11]        page_cache_ra_order+0x7d9/0xc90
[  308.404150][   T11]        filemap_fault+0x14a5/0x2820
[  308.409414][   T11]        __do_fault+0x10a/0x490
[  308.414245][   T11]        do_pte_missing+0xec2/0x3e70
[  308.419507][   T11]        __handle_mm_fault+0x103c/0x2a40
[  308.425119][   T11]        handle_mm_fault+0x3fa/0xaa0
[  308.430382][   T11]        __get_user_pages+0x8d9/0x3b50
[  308.435817][   T11]        get_user_pages_unlocked+0x1c2/0x780
[  308.441772][   T11]        hva_to_pfn+0x8be/0xc20
[  308.446600][   T11]        kvm_follow_pfn+0x29f/0x3f0
[  308.451776][   T11]        __kvm_faultin_pfn+0x11c/0x1a0
[  308.457211][   T11]        kvm_mmu_faultin_pfn+0x469/0x1f30
[  308.462909][   T11]        kvm_tdp_page_fault+0x182/0x3d0
[  308.468433][   T11]        kvm_mmu_do_page_fault+0x58d/0x690
[  308.474219][   T11]        kvm_mmu_page_fault+0x20f/0x1bb0
[  308.479831][   T11]        handle_ept_violation+0x25a/0x640
[  308.485532][   T11]        vmx_handle_exit+0x733/0x1f70
[  308.490883][   T11]        vcpu_run+0x3047/0x4f50
[  308.495714][   T11]        kvm_arch_vcpu_ioctl_run+0x44a/0x1740
[  308.501762][   T11]        kvm_vcpu_ioctl+0x6ce/0x1520
[  308.507021][   T11]        __x64_sys_ioctl+0x190/0x200
[  308.512290][   T11]        do_syscall_64+0xcd/0x250
[  308.517293][   T11]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.523687][   T11] 
[  308.523687][   T11] -> #1 (&mm->mmap_lock){++++}-{4:4}:
[  308.531219][   T11]        __might_fault+0x11b/0x190
[  308.536310][   T11]        _copy_from_user+0x29/0xd0
[  308.541397][   T11]        __blk_trace_setup+0xa8/0x180
[  308.546771][   T11]        blk_trace_ioctl+0x163/0x290
[  308.552045][   T11]        blkdev_ioctl+0x109/0x6d0
[  308.557052][   T11]        __x64_sys_ioctl+0x190/0x200
[  308.562322][   T11]        do_syscall_64+0xcd/0x250
[  308.567327][   T11]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.573723][   T11] 
[  308.573723][   T11] -> #0 (&q->debugfs_mutex){+.+.}-{4:4}:
[  308.581517][   T11]        __lock_acquire+0x249e/0x3c40
[  308.586868][   T11]        lock_acquire.part.0+0x11b/0x380
[  308.592478][   T11]        __mutex_lock+0x19b/0xa60
[  308.597484][   T11]        blk_mq_init_sched+0x42b/0x640
[  308.602927][   T11]        elevator_init_mq+0x2cd/0x420
[  308.608277][   T11]        add_disk_fwnode+0x113/0x1300
[  308.613625][   T11]        sd_probe+0xa86/0x1000
[  308.618365][   T11]        really_probe+0x23e/0xa90
[  308.623371][   T11]        __driver_probe_device+0x1de/0x440
[  308.629155][   T11]        driver_probe_device+0x4c/0x1b0
[  308.634683][   T11]        __device_attach_driver+0x1df/0x310
[  308.640556][   T11]        bus_for_each_drv+0x157/0x1e0
[  308.645906][   T11]        __device_attach_async_helper+0x1d3/0x290
[  308.652314][   T11]        async_run_entry_fn+0x9c/0x530
[  308.657764][   T11]        process_one_work+0x9c5/0x1ba0
[  308.663206][   T11]        worker_thread+0x6c8/0xf00
[  308.668297][   T11]        kthread+0x2c1/0x3a0
[  308.672869][   T11]        ret_from_fork+0x45/0x80
[  308.677798][   T11]        ret_from_fork_asm+0x1a/0x30
[  308.683090][   T11] 
[  308.683090][   T11] other info that might help us debug this:
[  308.683090][   T11] 
[  308.693306][   T11] Chain exists of:
[  308.693306][   T11]   &q->debugfs_mutex --> &q->limits_lock --> &q->q_usage_counter(queue)#55
[  308.693306][   T11] 
[  308.707710][   T11]  Possible unsafe locking scenario:
[  308.707710][   T11] 
[  308.715134][   T11]        CPU0                    CPU1
[  308.720478][   T11]        ----                    ----
[  308.725817][   T11]   lock(&q->q_usage_counter(queue)#55);
[  308.731432][   T11]                                lock(&q->limits_lock);
[  308.738344][   T11]                                lock(&q->q_usage_counter(queue)#55);
[  308.746483][   T11]   lock(&q->debugfs_mutex);
[  308.751049][   T11] 
[  308.751049][   T11]  *** DEADLOCK ***
[  308.751049][   T11] 
[  308.759168][   T11] 4 locks held by kworker/u8:0/11:
[  308.764253][   T11]  #0: ffff88801beee948 ((wq_completion)async){+.+.}-{0:0}, at: process_one_work+0x1293/0x1ba0
[  308.774583][   T11]  #1: ffffc90000107d80 ((work_completion)(&entry->work)){+.+.}-{0:0}, at: process_one_work+0x921/0x1ba0
[  308.785776][   T11]  #2: ffff88802696a378 (&dev->mutex){....}-{4:4}, at: __device_attach_async_helper+0x84/0x290
[  308.796105][   T11]  #3: ffff888028cd4f20 (&q->q_usage_counter(queue)#55){++++}-{0:0}, at: add_disk_fwnode+0x113/0x1300
[  308.807043][   T11] 
[  308.807043][   T11] stack backtrace:
[  308.812906][   T11] CPU: 0 UID: 0 PID: 11 Comm: kworker/u8:0 Not tainted 6.13.0-rc1-syzkaller #0
[  308.821817][   T11] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  308.831849][   T11] Workqueue: async async_run_entry_fn
[  308.837205][   T11] Call Trace:
[  308.840467][   T11]  <TASK>
[  308.843379][   T11]  dump_stack_lvl+0x116/0x1f0
[  308.848041][   T11]  print_circular_bug+0x419/0x5d0
[  308.853045][   T11]  check_noncircular+0x31a/0x400
[  308.857959][   T11]  ? __pfx_check_noncircular+0x10/0x10
[  308.863398][   T11]  ? lockdep_lock+0xc6/0x200
[  308.867992][   T11]  ? __pfx_lockdep_lock+0x10/0x10
[  308.873017][   T11]  __lock_acquire+0x249e/0x3c40
[  308.877860][   T11]  ? __pfx___lock_acquire+0x10/0x10
[  308.883046][   T11]  lock_acquire.part.0+0x11b/0x380
[  308.888144][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.893244][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  308.898859][   T11]  ? rcu_is_watching+0x12/0xc0
[  308.903606][   T11]  ? trace_lock_acquire+0x14e/0x1f0
[  308.908787][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.913882][   T11]  ? lock_acquire+0x2f/0xb0
[  308.918365][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.923460][   T11]  __mutex_lock+0x19b/0xa60
[  308.927947][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.933045][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.938139][   T11]  ? __pfx___mutex_lock+0x10/0x10
[  308.943147][   T11]  ? blk_queue_flag_set+0x29/0x40
[  308.948155][   T11]  ? blk_mq_init_sched+0x42b/0x640
[  308.953251][   T11]  blk_mq_init_sched+0x42b/0x640
[  308.958173][   T11]  ? __pfx_blk_mq_init_sched+0x10/0x10
[  308.963615][   T11]  ? __pfx_blk_mq_cancel_work_sync+0x10/0x10
[  308.969575][   T11]  ? lock_acquire+0x2f/0xb0
[  308.974056][   T11]  ? add_disk_fwnode+0x113/0x1300
[  308.979061][   T11]  elevator_init_mq+0x2cd/0x420
[  308.983889][   T11]  ? add_disk_fwnode+0x113/0x1300
[  308.988893][   T11]  add_disk_fwnode+0x113/0x1300
[  308.993725][   T11]  ? _raw_spin_unlock_irq+0x23/0x50
[  308.998905][   T11]  sd_probe+0xa86/0x1000
[  309.003126][   T11]  ? __pfx_sd_probe+0x10/0x10
[  309.007780][   T11]  really_probe+0x23e/0xa90
[  309.012265][   T11]  __driver_probe_device+0x1de/0x440
[  309.017531][   T11]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  309.023317][   T11]  driver_probe_device+0x4c/0x1b0
[  309.028324][   T11]  __device_attach_driver+0x1df/0x310
[  309.033676][   T11]  ? __pfx___device_attach_driver+0x10/0x10
[  309.039548][   T11]  bus_for_each_drv+0x157/0x1e0
[  309.044377][   T11]  ? __pfx_bus_for_each_drv+0x10/0x10
[  309.049727][   T11]  ? lockdep_hardirqs_on+0x7c/0x110
[  309.054904][   T11]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  309.060690][   T11]  ? __pfx___device_attach_async_helper+0x10/0x10
[  309.067084][   T11]  __device_attach_async_helper+0x1d3/0x290
[  309.072959][   T11]  ? __pfx___device_attach_async_helper+0x10/0x10
[  309.079353][   T11]  ? ktime_get+0x206/0x300
[  309.083746][   T11]  ? read_tsc+0x9/0x20
[  309.087801][   T11]  ? ktime_get+0x1ac/0x300
[  309.092194][   T11]  async_run_entry_fn+0x9c/0x530
[  309.097112][   T11]  process_one_work+0x9c5/0x1ba0
[  309.102031][   T11]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  309.107641][   T11]  ? __pfx_process_one_work+0x10/0x10
[  309.112992][   T11]  ? rcu_is_watching+0x12/0xc0
[  309.117742][   T11]  ? assign_work+0x1a0/0x250
[  309.122310][   T11]  worker_thread+0x6c8/0xf00
[  309.126881][   T11]  ? __pfx_worker_thread+0x10/0x10
[  309.131972][   T11]  kthread+0x2c1/0x3a0
[  309.136022][   T11]  ? _raw_spin_unlock_irq+0x23/0x50
[  309.141199][   T11]  ? __pfx_kthread+0x10/0x10
[  309.145774][   T11]  ret_from_fork+0x45/0x80
[  309.150188][   T11]  ? __pfx_kthread+0x10/0x10
[  309.154760][   T11]  ret_from_fork_asm+0x1a/0x30
[  309.159510][   T11]  </TASK>
[  309.163985][ T9742] erspan0: entered promiscuous mode
[  309.164407][ T6330] sd 1:0:0:0: [sdb] Asking for cache data failed
[  309.169409][ T9742] bridge0: port 3(erspan0) entered blocking state
[  309.175569][ T6330] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  309.181999][ T9742] bridge0: port 3(erspan0) entered forwarding state
[  309.193010][ T6330] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  309.199297][ T5871] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  309.209618][   T11] sd 1:0:0:1: [sdc] Attached SCSI removable disk
[  309.219622][ T9745] FAULT_INJECTION: forcing a failure.
[  309.219622][ T9745] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  309.236596][ T9745] CPU: 1 UID: 0 PID: 9745 Comm: syz.3.957 Not tainted 6.13.0-rc1-syzkaller #0
[  309.245141][ T6813] sd 1:0:0:1: [sdc] Test Unit Ready failed: Result: hostbyte=DID_NO_CONNECT driverbyte=DRIVER_OK
[  309.245451][ T9745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  309.265959][ T9745] Call Trace:
[  309.269211][ T9745]  <TASK>
[  309.272120][ T9745]  dump_stack_lvl+0x16c/0x1f0
[  309.276785][ T9745]  should_fail_ex+0x497/0x5b0
[  309.281470][ T9745]  _copy_from_user+0x2e/0xd0
[  309.286062][ T9745]  copy_msghdr_from_user+0x99/0x160
[  309.291264][ T9745]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  309.297081][ T9745]  ? rcu_is_watching+0x12/0xc0
[  309.301847][ T9745]  ? lock_release+0x4e2/0x6f0
[  309.306524][ T9745]  ? get_pid_task+0xfc/0x250
[  309.311118][ T9745]  ___sys_sendmsg+0xff/0x1e0
[  309.315713][ T9745]  ? get_pid_task+0x35/0x250
[  309.320302][ T9745]  ? __pfx____sys_sendmsg+0x10/0x10
[  309.325502][ T9745]  ? lock_release+0x4e2/0x6f0
[  309.330181][ T9745]  ? __pfx_lock_release+0x10/0x10
[  309.335208][ T9745]  ? trace_lock_acquire+0x14e/0x1f0
[  309.340421][ T9745]  ? __fget_files+0x206/0x3a0
[  309.345102][ T9745]  __sys_sendmsg+0x16e/0x220
[  309.349678][ T9745]  ? __pfx___sys_sendmsg+0x10/0x10
[  309.354770][ T9745]  ? rcu_is_watching+0x12/0xc0
[  309.359519][ T9745]  ? rcu_is_watching+0x12/0xc0
[  309.364268][ T9745]  do_syscall_64+0xcd/0x250
[  309.368758][ T9745]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.374634][ T9745] RIP: 0033:0x7ff1cc580849
[  309.379027][ T9745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.398613][ T9745] RSP: 002b:00007ff1cd3cc058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  309.407003][ T9745] RAX: ffffffffffffffda RBX: 00007ff1cc745fa0 RCX: 00007ff1cc580849
[  309.414951][ T9745] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  309.422899][ T9745] RBP: 00007ff1cd3cc0a0 R08: 0000000000000000 R09: 0000000000000000
[  309.430845][ T9745] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  309.438792][ T9745] R13: 0000000000000000 R14: 00007ff1cc745fa0 R15: 00007ffee9fcc568
[  309.446761][ T9745]  </TASK>
[  309.449828][    C1] vkms_vblank_simulate: vblank timer overrun
[  309.461244][ T5871] usb 2-1: Using ep0 maxpacket: 8
[  309.485450][ T5871] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  309.495435][ T5904] usb 1-1: device descriptor read/all, error -71
[  309.501696][ T5871] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  309.521380][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  309.539332][ T5871] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  309.549537][ T5871] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  309.563118][ T5871] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  309.587988][ T5871] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.804176][ T5871] usb 2-1: usb_control_msg returned -32
[  309.810625][ T6813] udevd[6813]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[  309.818066][ T5871] usbtmc 2-1:16.0: can't read capabilities
[  309.822088][ T5840] udevd[5840]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  309.878078][ T6630] udevd[6630]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  309.886755][ T6737] udevd[6737]: inotify_add_watch(7, /dev/sdc, 10) failed: No such file or directory
[  310.561330][ T9751] usbtmc 2-1:16.0: usb_control_msg returned -32
[  310.712594][ T5904] usb 2-1: USB disconnect, device number 34
[  316.813810][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  316.820096][ T1291] ieee802154 phy1 wpan1: encryption failed: -22