last executing test programs:

2m59.931797925s ago: executing program 2 (id=1310):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x4a, &(0x7f0000000000)=0x8, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_io_uring_setup(0x952, &(0x7f00000005c0)={0x0, 0x537, 0x2, 0x1, 0x3d5}, &(0x7f0000000040), &(0x7f0000000240))
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x700)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
unshare(0x64000600)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB], 0x2c}}, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000000640)=ANY=[@ANYBLOB="4943e0630f126ddf6d186e4f34260180c2000000ffffffffffff08004500002000000000002f9078000000001c760c9b30ba4f2014f205eeffff194d18d34576d6f1592dab45625d6549612b8ebaf4cc5c997e325b07c70a54b10cb52a85d8b2b992889d2aa6253159548a592dae82bc5ca07540aa42dc1d6e2e1e07aaee1104d3d7"], 0x0)
io_uring_enter(0xffffffffffffffff, 0x75fa, 0xe475, 0x0, 0x0, 0x0)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r4, 0x0)
connect$pppoe(0xffffffffffffffff, &(0x7f0000000180)={0x18, 0x0, {0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 'veth0_macvtap\x00'}}, 0x1e)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000380)={<r6=>0x0, 0xfffffc85}, &(0x7f00000003c0)=0x8)
ioctl$sock_TIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000100))
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000500)={r6, @in={{0x2, 0x4, @loopback}}}, &(0x7f0000000400)=0x84)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, 0x0, 0x0, 0x0, 0x8000000})

2m56.450999804s ago: executing program 2 (id=1319):
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r1, 0x8922, &(0x7f0000000340)={'syz_tun\x00', 0x101})
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181000b00000000010000000000000e000a000f000000028002002d1f", 0x2e}], 0x1}, 0x0)
close(r0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0xc8, 0x0, 0x0)
sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="18000000d3f6cdae00004bdf8b69e89107dd0e5ea38b", @ANYBLOB="01002cbd7000fbdbdf"], 0x18}, 0x1, 0x0, 0x0, 0x48805}, 0x40)

2m55.094572955s ago: executing program 2 (id=1325):
r0 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
ioctl$SNDCTL_SYNTH_INFO(r0, 0xc08c5102, 0x0)

2m54.673534467s ago: executing program 2 (id=1329):
r0 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x606, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x1, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0xb3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ad, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2ff0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]})
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c000000040000000400000000000475000000", @ANYRES32], 0x48)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b29, &(0x7f0000000040)={'wlan1\x00'})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f0000000180)={0x20, r4, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r2, 0x3b82, &(0x7f0000000640)={0x18, r4, 0x0, 0x0, 0x0})
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x10001400200bd2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r5 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x4000084)
socket$inet6(0xa, 0x80002, 0x0)
quotactl$Q_GETINFO(0xffffffff80000500, &(0x7f0000000100)=@sg0, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="280000001900010000000000000000008020000000110005000000000c00090008000000", @ANYRES32=0x0, @ANYBLOB="39c0403d84f3d1a56ea39adfd4c61565a531f8aed38a01ee976214020f8e874c0b8ca9aa55f72881d997940587f397e6d6ec4f643ed9fb1619"], 0x28}}, 0x0)
unshare(0x22020400)
r6 = io_uring_setup(0x1467, &(0x7f0000000540)={0x0, 0x287b, 0x2, 0x3, 0x2c0})
io_uring_enter(r6, 0x11a8, 0xac59, 0x24, &(0x7f0000000000)={[0x9]}, 0x8)

2m52.471942216s ago: executing program 2 (id=1334):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
mkdir(&(0x7f0000000200)='./file1\x00', 0x161)
mount$fuse(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), 0xffffffffffffffff)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x7, 0x0, 0xffffffffffffffff, 0x5, '\x00', 0x0, r3, 0x3, 0x1}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000000000000000000000800000000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7020000000100008500000086000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000300)={{0x1, 0x1, 0x18, <r6=>r1, {0x7}}, './file0\x00'})
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000240)={0xffffffffffffffff, 0xc948, 0x8}, 0xc)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000004c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1, 0x2}, 0x50)
r9 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/rt_cache\x00')
preadv(r9, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/128, 0x80}], 0x1, 0x111, 0x0)
r10 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0b00000005000000010000007f00000001"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000680), 0xca, r11}, 0x38)
r12 = fanotify_init(0x8, 0x800)
r13 = socket$nl_generic(0x10, 0x3, 0x10)
r14 = dup(r13)
fanotify_mark(r12, 0x201, 0x8000000, r14, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x14, &(0x7f0000000680)=@raw=[@kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7}, @map_fd={0x18, 0x5, 0x1, 0x0, r4}, @func={0x85, 0x0, 0x1, 0x0, 0x3}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8f9}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r7}}, @call={0x85, 0x0, 0x0, 0xa8}], &(0x7f0000000280)='syzkaller\x00', 0x9, 0xbb, &(0x7f0000000400)=""/187, 0x41100, 0x40, '\x00', 0x0, 0x25, r6, 0x8, &(0x7f0000000180)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000200)={0x0, 0x4, 0x0, 0xb}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000540)=[r7, r8, r9, 0x1, r10, r11, 0x1, r14], &(0x7f0000000580)=[{0x2, 0x1, 0x4, 0x8}, {0x3, 0x4, 0xc, 0x9}, {0x1, 0x3, 0x0, 0x7}, {0x400004, 0x2, 0x10, 0x3}], 0x10, 0x8}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000003040))
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)

2m50.47001996s ago: executing program 2 (id=1335):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r3)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r4, 0x0, 0x0)
write$FUSE_INIT(r4, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50)
write$FUSE_GETXATTR(r4, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}]}})

2m35.404279836s ago: executing program 32 (id=1335):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, &(0x7f0000000000))
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r3)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r4, 0x0, 0x0)
write$FUSE_INIT(r4, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x0, 0x8004000, 0x7, 0x8, 0x8000, 0x4, 0x0, 0x0, 0x10, 0x5}}, 0x50)
write$FUSE_GETXATTR(r4, 0x0, 0x0)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000005c0)=ANY=[@ANYBLOB="b9"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000700)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@cache_fscache}]}})

20.090074295s ago: executing program 5 (id=1769):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ee1000/0x4000)=nil, 0x4000, 0x15)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000003c0)={0x1, @sliced={0x3, [0x7ffd, 0x8, 0x0, 0x3ff, 0x3, 0x0, 0x6, 0x4, 0x5, 0x2, 0x2, 0x0, 0xa, 0x8, 0x3, 0xc70, 0x10, 0x9, 0x8001, 0x3, 0x1ff, 0x4, 0x7fd, 0x9, 0x1ff, 0x9, 0xfc, 0xfff9, 0x3, 0x4a62, 0x800, 0x87fa, 0x31, 0xfff, 0x9, 0x5ca, 0x1, 0xc, 0x2, 0x1000, 0xc2b3, 0x1, 0x8, 0x200, 0x8, 0x7655, 0xd32b, 0x8], 0x7}})
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSNLIST(r1, 0x8010640b, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r2 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0xfffffffb})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

17.743147912s ago: executing program 5 (id=1777):
r0 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f020004000000000000000058000b4824ca945f64009400ff0325010ebc000b00000000008000f0fffeffe809005300fff5dd000000100001d80cf42098da03870000000000", 0x58}], 0x1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0) (fail_nth: 7)

16.365884747s ago: executing program 5 (id=1780):
timer_create(0x3, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f00000001c0)='wlan1\x00', 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0), 0x103a02, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x1, 0x21c603)
open(&(0x7f0000000040)='./file0\x00', 0x800c0, 0xa)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
r5 = socket(0x10, 0x80002, 0x0)
ioctl$sock_SIOCGIFBR(r5, 0x8940, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x2, 0x12)
sendmsg$NFT_MSG_GETTABLE(r3, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008c}, 0x4004000)
accept4(r1, 0x0, 0x0, 0x80800)
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @HCI_EV_INQUIRY_COMPLETE={{0x1, 0x1}, 0xcc}}, 0x4)
ioctl$RTC_UIE_ON(r0, 0x7003)
ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0)
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
syz_usb_connect(0x2, 0x24, &(0x7f0000001cc0)={{0x12, 0x1, 0x0, 0xf7, 0xa6, 0xad, 0x8, 0xb48, 0x3006, 0xfc3c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x1, 0x80, 0x20, 0x2a, [{{0x9, 0x4, 0x3a, 0x9, 0x0, 0x54, 0x81, 0x7b, 0xd1}}]}}]}}, 0x0)

16.215197602s ago: executing program 1 (id=1782):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000ee1000/0x4000)=nil, 0x4000, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000300), 0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280), 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
ioctl$COMEDI_INSNLIST(r1, 0x8010640b, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r2 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0xfffffffb})
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

14.317051468s ago: executing program 1 (id=1787):
r0 = syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0x1c0d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x9, 0x9, 0x9}}]}}}]}}]}}, 0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r1, 0x1, 0x25, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_ep_write(r0, 0x81, 0x0, 0x0)
syz_usb_ep_read(r0, 0x2, 0x0, 0x0)
r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000440), 0x80, 0x0)
ioctl$LOOP_CTL_ADD(r2, 0x4c80, 0xa)
syz_usb_disconnect(r0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
syz_emit_vhci(&(0x7f0000003a80)=@HCI_ACLDATA_PKT={0x2, {0xc8, 0x0, 0x0, 0x16}, @l2cap_cid_signaling={{0x12}, [@l2cap_conn_rsp={{0x3, 0x6, 0x8}, {0x40, 0x7, 0x7, 0x81}}, @l2cap_cmd_rej_unk={{0x1, 0x99, 0x2}, {0x6}}]}}, 0x1b)
ioctl$TCSETAF(r3, 0x5408, &(0x7f0000000040)={0x3, 0xe, 0x1, 0x6, 0xf, "0ef899dc0cabc91d"})

13.288351171s ago: executing program 5 (id=1796):
syz_usb_connect(0x0, 0x5a, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000060f94d100d0502002723010203010902"], 0x0)
mount$overlay(0x0, 0x0, &(0x7f0000000080), 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$MISDN_TIME_STAMP(0xffffffffffffffff, 0x0, 0x1, &(0x7f00000000c0), 0x4)
r0 = socket(0x840000000002, 0x3, 0xff)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x8002}, 0x14)
socket$kcm(0x10, 0x2, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000100), 0x40a40, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x2)
getsockopt$inet6_int(r3, 0x29, 0x24, 0x0, 0xfffffffffffffffe)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, 0x0)
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x3c, r7, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x9}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0xff]}]}, 0x3c}}, 0x0)
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="043ef50d", @ANYBLOB="33223e4debd39ab1c1753f5143fdb401", @ANYRES64=0x0], 0xf8)

11.285833863s ago: executing program 5 (id=1800):
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
syz_io_uring_setup(0x40, &(0x7f00000006c0)={0x0, 0x5dda, 0x10100, 0x0, 0x268, 0x0, r1}, &(0x7f0000000140), &(0x7f00000000c0))
syz_io_uring_setup(0x80c, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x40000000, 0x54}, &(0x7f0000000180), &(0x7f0000000000))
read$FUSE(r0, &(0x7f0000000740)={0x2020}, 0x2020)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r2 = open(&(0x7f0000000000)='.\x00', 0x800000, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r2, 0x40049366, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x3, @win={{0x4, 0x6, 0x800, 0x5}, 0x6, 0x0, &(0x7f00000005c0)={{0x10, 0x4, 0x10, 0x9}}, 0x573, 0x0, 0x91}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socket$kcm(0x10, 0x2, 0x4)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r4, 0x114, 0x8, 0x0, 0x0)
bind$inet(r4, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$NL80211_CMD_JOIN_MESH(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0xc010}, 0x40)
set_mempolicy(0x2, &(0x7f0000000080)=0x51e1, 0x3ff)
write$FUSE_NOTIFY_INVAL_INODE(0xffffffffffffffff, &(0x7f00000000c0)={0x28, 0x2, 0x0, {0x1, 0x5, 0x9}}, 0x28)

10.604898708s ago: executing program 1 (id=1801):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = creat(&(0x7f0000000200)='./file0\x00', 0x0)
close(r2)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x402, 0x0)
write$qrtrtun(r2, &(0x7f0000000240)="79e6cba6145fa256d6dfd47b0d3b5de5f50237b3a366b7046f57ce6b41f4a575065403fbe8a2170f825ff63541968204ed6ce70444b6c5f8c0b192e9961dd6a7aeef73916738c8a25609a399353819a3771e1f388c37a6946ae83efc0dd1e8e9ea3f0048bf5e2cd28ed60041257e1ddc1f2622314835e52d3822b1eb376147dc258d3e45861e998f7aa3a7e15eba8c03667b0e448f3963620eace312b7946fa25e8f51d1df0ae6eab15bcc1d19862daa6892e702a7dfc6f18cb9b5d44372210eac9a5f7a792fd6b1031d35926c582e6b375ff63aac6fd56e99270e97450c10222340060481cb83affe07ac11f5b07a06c051d9d38a248a9f23e726918cf814396c5ede6fca37ae0bd84cba95cbec46b0efd341c65d107410009599cde0581565abd8c2dea72863ecc3de0d84d6f6def2c9ccce590dd7f770ac6e7c9c3d5fa6fc9af237a54357faecd39cbf29ce846cbeca08972b3b2458b34cd274116f4ca3f5b0365840ad673573f8ebb06878abfe6fb5a47b687005e656bdc0fc2094e3f76e8869d763c02a4ebf7ea6767ba6a554c24dfb0017e377e6880f1e7c96cfd8f6006164071b60f6cd032c66347b1908d2f16b2473fa6212344c722876bc7ba045560838fea42856ef113ef9fd5b749c08016e41ac1ca8f17cc229762d3efc5c457b2b5cc0a3ccf91120a5c769cd1f479982db37152e4ba20473e702dffb015363c6de2986f80a077f40ed525d5fb1bac4b6be3d004d6c763dcae92572cf55864e4accd1def7b60ac19976c040c7e3bf0f79751b73e36cc2fd692860eb907d068eb1234967864e232c678d6d7a78703c62ce6bdb4b974de887899646348fc451efe6a595afab8add7a2e93204d824dcc3199f8e8eafba6646ca5cbc657f25d1d2005c4b8a0630a871469b6b4f63eb616e8e4db706e1b1a85220f7011900c987d4c02b2c18c6850ab1a3c92b3b7b1cfe87c6e1f819c9353068a38ec6a62414c02f1bc306b6d33598ee5c222736a9c3a987c657c2b6a46da0d832734f0e534bcbb792e8fad87333b4181f665d1578cf9895fabf73aa150dd2f5c1fcd89d920628ee9f7122d08f539318db5ceb420f9822efecc59c52b2ed8d1f80cfaa327a0d2d3c970511eb8797c422740e81eb7df2884f286aac30b8a668b795bc1855785d4f3e133b97b1ff4aeef71fb71d472e140f70d4f03fc1cf1abd8c3504fb4ff06718476cf2c4a4b15cefbf35fd550db007b0a01deb9e65c0cbcffee7bc32dee2edb6231dd72bac691240a502f83d84b2ee83b10ead29212ae3b02f8c1d73351339d5c1283d71216b2731572f6ab303a5e90053c170a49ecc88da85f660f07c527fd72de2da478c24afb887a83249dd3daed4b72a661acd3dd3940e4a2831f93fe80310705ce548e2a7128cd01ceaa6b8cda107ec62990c46aaa21ca9115e2672764ef8ac110ff560146ab3388860204f328347f541c86286a086d7effde45709b99c8850605576a5484c7e23605f7fe9b3ddbd438b2fd3b616bf80451b7155db43b6eff1ee36a67d88477ac1e232a5276cc6d76bd6acfaa6a97b36259fe51cf7334a4bdeb788af526f92a19b0a3ac13b0c0353b350d2d97b78c0bc6dc8448203187ca55ceb098de12177d98653b03f4d1edeadca7f8e59e3253217479906e69c83577ed3334391961d16769852f51abc16f002b7e5e22aa639afa9e083ce0c0feaf7fece1adb9f477a607d6f3865c8912f32f0cd6158e7368af672d45497c8f30f80e50365f0210de654ea99b56795e49146916e2753c70a9b094373e125eb6040a27133088b5f81416c45e5d45cd943610e15eaa42ad93a907d1e420f2e84350f51af1b0c089b982f8ee30a07348e2aa34152d02326f9e446108ef1726eb2cba57b70964e5393176a3edef6a220fa2563d9b1af75984bb4508e09779a7fc4bb505b66588eb72c5e49c2469310d1e4a51a2327016b1a4b8cdf7f1361353cb4de6848aa58c53c5a713fab44caefb3b2748b57950ff92bb23459d90d959ea9388c9c4cf1e962218da4d22c51ce64e024fa9bf43c6f030502bc43994b7b83a2f581c46e6cf58c8a938785e8d5a745918e03b09b15ea5c809c6b17694829920758b6575250c7e91db2097730097b11d95aa786b09f923c872b04be05d1080cea7acfba627ecedf58beee4be238ae36f4dbd4709463e1e7a747e85bd762a6d640bf492a9ee0e032204f78e32815409bdc6c3319c68c1525c9367f3c2dd90b3c0064762dc3b1afb56c19a106d2f0abec1927706cbd67e32f4a9a4db986e7f054d8a360646c85c2af6af8602f03b691d7cacef73e9840b820e14ddcd511a2448777eb9e3192739756e1bf83c94da283c0b52678ac158c2588a8f26120cfe0504c358f063b6b598346af994a7bc4aaffc833d0a55373b8d8866cd827100851f1a371d76844d7d2f3f7b257624ee53455b654de01952811bdc855f60c484246adebd794967065e800e3ea61cde2f0ff9bd9c1546795051cc04632f0e74b8e7792720865de0ef593d2d5ce1d482b24ae33fd27a691cfcd1a54a0f9fee88df5d2bc7c42f4c6dc6f628ecd86eec248d9369b1caee1de7c1b5c52491966da6f65fc79e854cf6bc40ed9e20556c71cd416b79e72c1e4f5bccf21e9038c76a4ba4a56d1c1d7896812edf0706e8edbebb9ff6cbc4d2e1c146e8a4729fd78a598ed3d55c5c06c0fde58edb34cb0bc896d6bb81bb97905929edf947296be40c605a4484f14f27370cbe41cbbda792bb06ca00fc69281366af2efed0acf1b8253e9c8854c457f9cef20f0b9cc478fb2bb11f956ab72d38816f18b6bd93e0e333f36d1625669926b23464a3f70d6fa22c735b78d1d2661ae5c1fee1575d12ca61ebb96f0868e35125de0b486ee7ef1c3e7c313ad5cdc72a70301d23b64a6e7d87a50d176a031d6e2b97af02cc296ef448184d1639d285dfa46b551e259bf0f59f2063b90f2c8a265553930dce335600b22de0a68e11e43330c462c63910679305b7522a51ec488fd81af583b8df131b26ab296e2f88dd6adabf9fc86cfd817b66737b31ca632fcfc6736a35f7a794a3ce188b1027de1922caf1994d4f2e905e73bb59b44c347c9dd7bc05291442802c7f1cce894e43b2e19f3ed895bffeb15036969e387f01b6b34a6cf5f65afaa3a03f272fd8f1714003e942dc93171ed38dd8f8033abab22eabf2658940f03301fcdb7087483f6172eb8d3df6bd655097fec93f805a7ed596be0a4878b37a8bc70c5f08a8031f04ec215b7a1547d5f64ebd9faf7db659ef04e5a0f47e9a52f5c594f4ac94615cc5686b4e44e9301da9afcd550c9c7181178ffe290c71b39f34d997127d4f72b2cdc9a06dcea3e4d9d297860f26e6c81fb5316b9010b4bb03676c4867886a9c0e91bfc2f9f417c72903efb209af8a869af64d0cb6488695f059d5f0678b000e9b7b2d1dedae3520fa1b392a11750fead7c6636518863186ec7083fdd040fdc52d34609aed3388f847a47b4796cac173f76b602a77216cb79cc6e69e0ff236940344d4987490559968f9d22dfacdfa05344d780001cfd1b7c7e22a9c23afb484f6514287d5e05ed0695b180e5d36b50c398e89aaf84c7fc17a0ce25204933f7cc3a7e9fc6d384648606b44ec4bfb91fdc777febb136a86b20b4ef1796fbf45e76d86288655b8ab3c2e33d9f98761c2b9c8f6ec1aa0b2e8e13e8c4cdb41b0856e44e73175c028eec810b1fe3b82cbed57da961eef7e781711ccc9efd5024061bc96e7dfa19cad336a0671e4f4ee759fd59f2c00ea5aa9f7e3f097f737ca56c6c3591fd6f2770b66ab31e04f7410ca45103b26a2827180bb0354511ceb58f21b9dfbbbf9932a7a4c6b96530489b4236b4fb275c439b5e2b741d85ac0a2f2bf39f0fcd4d63bea17e9d9b41e414d118a2400f833139a0cdec64c41fd9da14685dd22e34d7042f19a1c21e558419d577d6300b972ee1a44db097313ea87972b2bbf044fec7029e9d1e13ec02b5d19e9a3cbbe7e7a5a3369632ea143040c83147bd4826f087be7feeffe9dd1dedbca7272f9ff999c321aebdff89b6f302fb5690eaa011b3ae17957966f4d31d58b151ac10a0443dba63cbd38dc6853d8be5e432bcf0c5cc6b77a6a94bfed081a868f8580f7baab9bcc7f961a488660cb05d8a183d6fc9b08974f2f43da148d9f654d4467c847dbe91efffee8be06e00b7861f25f3cf7de05c60f51146595d6ecd72b123fbb3b532d278aa4de3650d2039c6b111fc079e07138bd2eccaae044c80dc9517d46d3e649e08c8370add9328a0fa8d91199c07c2551014941ffc0687a27af165670b4e847b388c923200991685512de554290341a0ddb4eccd350188e311e62ec9eb670b017e74a55887e05a6c96c0b1f38cf025212cec3bffd979a163106500f8008d0e7087cb6cfa6c580fb7aff7926f7f050dc2308fb49b062f7873e8ceb1e1be390a5e4dac5d658ea5a142890a85a3dceab2cd8147504813cd497c50959d52897835a82cbe4f046cb3bfa94f54fca676541d4212238425776b939c48c3a643d9ef287223702172418a1d97ba6fdcad60d2e0d5ede28ecb1cfb8df47fb2ddfb7178efdf444886826325fc6c1da6c73fb512232cfc438d7493cc1b7f88ae1b1f460a5e15c926625b09a773cffd8201840a0f3bd3b5898ea1cdfba82ff1f731e22d5e61fa8c28105445311846680a131f36c70e2dbde02158eb75c95f10a3549a4f406f853c2be050dacaad83024de9bdc9b8b46eb01ff332f3d9d46f4dbf73020300316ed1ead890b3e9438b7788c2e316356402af916d3f08c1ec199d27cdd26b0633ff668e304bdc34c7f1f69b7aa236ad000cecdaba7151815b72e12337418bc48055f4277a4a6c441e01bd9842d58979ffe4180bae28e17aa17c5066849ca010174ef0c0131ddc6a6e8ee2e9be46658d9d4017ace726556ee2cef966707ce19e8d5491c17045505a8763d8a26fcec14de46775ed948552e4de556475a632ea7edefb265de805ea908c78f990eb8ad8f683d308bd5403a3d3adc89443fe85f1c8911bd3a4157f0fceb32e3f17fb01600daac2ff9d7e79a1b3fe8af79bf5d6c4699986c7fbc396560baf8010329f5c384653eb6828e69e55274b7a182a1256fc3e56cd26f71ad0d62c8acefceed91f09d5554173760ac4a73b9bce7cdcefce21aab09c9f31d37dc82f474d37827be6d5bca701b4534b654d5527e9d81555661931ae7e8182334261abfdf243a326b441b0f5bd42301743b41db73e76be80436287fa87af85061a80e1325173f2d5f391bdd257cea56b194d54ee575d94db6c8f6fdbeaec751265cbf6a17bd98f0a5d57a46c1e9bf219841299c6d8096604f946f6e60115c4f1f139129e1dba512c2c9707c0e11eba736f717e2cc53cafd4b57a0178b7532a2fa59dc17b683870e16f58e29e8f0e527f226a8db322d10d137c7a5fecff1b861fd19f9e101c21bedbbae8f79685ca55705752717b283e3b41d556965c1d11ca83f035d8f7490c29ae2c5628020c46b598d8cc7e4c7cc62ed0f66d6bdfd16993ca4005cf8203d89fec26853fc86e7cc09abee3818e67e09c1ccb374541e33da4a4262ffad83a27c1d32f1edda06e8e84c5371c361b4ba1b6a539b4732fc7982ad0db3d07992eb73991a688c69a9a191cb40edc6d0adf7931c530f9c5ad48d5fee1475e0546e4e2c84702198f7cc8c5a6e663f71769829f10c09621e80a6036163c75d8209b74605c4b8e7346eb0e0cc3ede37bda8eee843eedcc4cae56b1b131c85fd9d00d1fb", 0x1000)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}})
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r2, 0xc0305616, &(0x7f0000000000)={0x0, {0x4, 0x53a4d9bb}})
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080), 0xf110f122ff09fbfa, 0x0)
read$char_usb(r1, &(0x7f00000000c0)=""/61, 0x3d)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x0, 0x0)

10.288849093s ago: executing program 3 (id=1803):
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000180)={0x0, 0x7, 0x8})

10.266017718s ago: executing program 4 (id=1804):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xff1ed000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0xbc)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x3, r8, 0x1, 0xfffd, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r6, 0xc02464bb, &(0x7f0000000080)={0x3, r8, 0x1fc, 0x0, 0x4, 0x800008, 0x0, 0x4, 0x4000})

10.205882588s ago: executing program 5 (id=1805):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x58)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
close(r3)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x0, &(0x7f0000000380)})
name_to_handle_at(r3, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000180), 0x600)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r4, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x9, 0x0, 0x0, 0x0})
r5 = socket(0x1d, 0x6, 0x10000000)
recvmmsg(r5, 0x0, 0x0, 0x0, 0x0)
shutdown(r5, 0x2)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000140)=0x200000000)
write$vhost_msg_v2(r6, &(0x7f0000002080)={0x2, 0x0, {&(0x7f0000001f80)=""/152, 0x98, 0x0, 0x0, 0x2}}, 0x48)
write$vhost_msg_v2(r6, &(0x7f0000000340)={0x2, 0x0, {&(0x7f0000000640)=""/201, 0xc9, 0x0, 0x2, 0x2}}, 0x48)

10.182204604s ago: executing program 3 (id=1806):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000700)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x144, 0x6, 0xa, 0x201, 0x0, 0x0, {0x7, 0x0, 0x7}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x1}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x29, 0x7, 0x1, 0x0, "493b0bac73d84f1ef72efa2cc83f86f451be1f08c62caf1da017f3560dea8a56230e2eecc0"}, @NFTA_RULE_EXPRESSIONS={0xc4, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}, {0x10, 0x1, 0x0, 0x1, @meta={{0x9}, @void}}, {0x14, 0x1, 0x0, 0x1, @immediate={{0xe}, @void}}, {0x24, 0x1, 0x0, 0x1, @xfrm={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_XFRM_DIR={0x5, 0x3, 0x1}, @NFTA_XFRM_KEY={0x8}]}}}, {0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_PROTO_MIN={0x8}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x4}]}}}, {0x34, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0xf4}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_SREG={0x8, 0x5, 0x1, 0x0, 0x10}, @NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x16c}, 0x1, 0x0, 0x0, 0x4000850}, 0x4040)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r7=>0x0})
r8 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', r7, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff9}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r8, r7, 0x25, 0x2, @void}, 0x10)
sendto$inet6(r0, &(0x7f0000000180)="9000000018001f2fb9409b52ffff65580200be04020c060560020b0243000f00ffffff9e00c8388827a685a168d0bf47d32345653602648dcaaf6c26c291214549f100000000000000ec0cff3959547f500f58ba86c902000f1d012e02000280160012000a000000000000000000000000080000000eceb6b362bb944cf2e70100aba4183b003e5fa424ac4d31c4f7a1", 0x90, 0x0, 0x0, 0x0)

9.024521423s ago: executing program 3 (id=1807):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xff1ed000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0xbc)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x3, r8, 0x1, 0xfffd, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r6, 0xc02464bb, &(0x7f0000000080)={0x3, r8, 0x1fc, 0x0, 0x4, 0x800008, 0x0, 0x4, 0x4000})

8.754004179s ago: executing program 4 (id=1808):
socket$nl_route(0x10, 0x3, 0x0)
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x300})
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r1, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000340)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008004500005800000000002f9078000000e0e000c800b48065580000000010000800000086dd080088be000000001000000088f7ffff00000000080022eb0000000020000000b68b2518b07955ab52af0b350000000000000000"], 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000400)={<r2=>0x0, @in={{0x2, 0x4e20, @broadcast}}}, &(0x7f0000000080)=0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e23, 0xffffffff, @private2={0xfc, 0x2, '\x00', 0x3}, 0xf07}}, 0x9, 0x6, 0xfffff630, 0x8, 0x32, 0xb, 0x9}, 0x9c)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sendmsg$nl_crypto(0xffffffffffffffff, 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x980, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r5 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0)
ioctl$VIDIOC_G_STD(r5, 0x80085617, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r8)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x34, r9, 0x15, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4)

7.550652828s ago: executing program 3 (id=1809):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8002, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000380)=0xa0000)
epoll_create(0x3ff)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418})
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x44dc, 0x3180, 0x7ffb, 0x840024c}, &(0x7f0000000200), &(0x7f00000001c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000340)}, 0x20)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af25, &(0x7f0000000400))
socket$kcm(0x29, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r3, &(0x7f0000000140)=[{&(0x7f0000000000)=""/151, 0x97}], 0x1, 0xd, 0x0)

7.495216378s ago: executing program 0 (id=1810):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x0, 0x8}, 0x8)
socket$kcm(0x2, 0x5, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x28ed0000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_io_uring_setup(0x70ca, &(0x7f0000001380)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r6=>0x0, &(0x7f00000007c0)=<r7=>0x0)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x0, 0x2000, @fd=r8, 0x0, 0x0})
io_uring_enter(r5, 0x4d10, 0x2, 0x2, 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x8, 0xa000)

5.735665618s ago: executing program 0 (id=1811):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x1c, 0x26, 0x1, 0x0, 0x0, {0x1}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x10001}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x1, 0xfe, 0x2000, @vifc_lcl_ifindex, @dev}, 0x10)
socket$igmp(0x2, 0x3, 0x2)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='rxrpc_call\x00', r3}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0xfc00)
close_range(r2, 0xffffffffffffffff, 0x0)

5.348348157s ago: executing program 4 (id=1812):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000ac0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan0\x00'})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000040)=@hopopts={0x62}, 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x5}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xbc, &(0x7f00000003c0)=""/188, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r3, 0x8983, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26})
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$sock_bt_hci(r5, 0x400448c9, 0x0)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
write$cgroup_devices(0xffffffffffffffff, &(0x7f00000000c0)={'a', ' *:* ', 'r\x00'}, 0x8)

5.300786627s ago: executing program 1 (id=1813):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r1, 0x701, 0x70bd2b, 0xfffff000, {0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x20004074}, 0x0) (fail_nth: 7)

5.260122143s ago: executing program 3 (id=1814):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x8002, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000380)=0xa0000)
epoll_create(0x3ff)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, &(0x7f0000000280)={&(0x7f0000000780)={{@my=0x0}, {@my=0x0, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418})
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x44dc, 0x3180, 0x7ffb, 0x840024c}, &(0x7f0000000200), &(0x7f00000001c0))
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r2)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{}, 0x0, &(0x7f0000000340)}, 0x20)
ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af25, &(0x7f0000000400))
socket$kcm(0x29, 0x2, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r3, &(0x7f0000000140)=[{&(0x7f0000000000)=""/151, 0x97}], 0x1, 0xd, 0x0)

4.09279451s ago: executing program 4 (id=1815):
openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r0 = syz_io_uring_setup(0x1110, &(0x7f0000000240)={0x0, 0xdb9c, 0x800, 0x10000000, 0x4}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRESDEC=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = epoll_create1(0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000000))
mmap$dsp(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9, 0x11, r6, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000140))
ioctl$SNDCTL_DSP_GETIPTR(r6, 0x800c5011, &(0x7f0000000040))
mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000100)={0x20000014})
read$FUSE(0xffffffffffffffff, &(0x7f00000015c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0)
semget$private(0x0, 0x1, 0x2a8)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
readv(r7, &(0x7f0000000080), 0x0)

4.090478966s ago: executing program 0 (id=1816):
r0 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000180)={0x0, 0x7, 0x8})

3.849794124s ago: executing program 1 (id=1817):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = userfaultfd(0x801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000140))
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xff1ed000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0xbc)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r8=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r6, 0xc01c64a3, &(0x7f0000000280)={0x3, r8, 0x1, 0xfffd, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r6, 0xc02464bb, &(0x7f0000000080)={0x3, r8, 0x1fc, 0x0, 0x4, 0x800008, 0x0, 0x4, 0x4000})

2.907405625s ago: executing program 4 (id=1818):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r1, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100280000000000000002000000200001800d0001007564703a73797a32"], 0x34}}, 0x0)

2.742181484s ago: executing program 0 (id=1819):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

1.734452048s ago: executing program 3 (id=1820):
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x19, &(0x7f0000000300), 0x4)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000003c0)={0x1, @sliced={0x3, [0x7ffd, 0x8, 0x0, 0x3ff, 0x3, 0x0, 0x6, 0x4, 0x5, 0x2, 0x2, 0x0, 0xa, 0x8, 0x3, 0xc70, 0x10, 0x9, 0x8001, 0x3, 0x1ff, 0x4, 0x7fd, 0x9, 0x1ff, 0x9, 0xfc, 0xfff9, 0x3, 0x4a62, 0x800, 0x87fa, 0x31, 0xfff, 0x9, 0x5ca, 0x1, 0xc, 0x2, 0x1000, 0xc2b3, 0x1, 0x8, 0x200, 0x8, 0x7655, 0xd32b, 0x8], 0x7}})
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000280), 0x0)
mbind(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, &(0x7f0000000100)=0x3ff, 0x80b, 0x6)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x6, &(0x7f0000000040)=0x5, 0x6, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000940)=@o_path={&(0x7f00000002c0)='./file0\x00', r2}, 0x18)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x181001, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
r3 = io_uring_setup(0x3450, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2, 0xfffffffb})
io_uring_register$IORING_REGISTER_BUFFERS(r3, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)

1.521747419s ago: executing program 1 (id=1821):
openat$sndseq(0xffffffffffffff9c, 0x0, 0x202)
sendmmsg(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x1}], 0x1}}], 0x1, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x2d, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0xc, 0x4}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x20, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x100}, @TCA_U32_INDEV={0x14, 0x8, 'veth0_to_hsr\x00'}, @TCA_U32_CLASSID={0x0, 0x1, {0xfff1, 0xb}}]}}]}, 0x4c}}, 0x20040054)
ioctl$SIOCX25SDTEFACILITIES(r1, 0x89eb, &(0x7f0000000080)={0x2, 0x469, 0x3, 0x60, 0xb7, 0x18, 0x1e, "05c2c820fe4d3225d3144f4aaa733988b9cec61e", "b8da76a23659b9fddd37c9dec23afcc9d25f15e1"})
setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000000)=0x1, 0x4)
timer_create(0x3, 0x0, &(0x7f0000044000))
r3 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='percpu_create_chunk\x00'}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x10)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
recvmmsg(r0, &(0x7f00000002c0), 0x220, 0x100, 0x0)

1.44722553s ago: executing program 4 (id=1822):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000380)="5800000014000300000000000000679abeff3d", 0x13}], 0x1)
r1 = fsopen(&(0x7f00000003c0)='hpfs\x00', 0x1)
fchdir(0xffffffffffffffff)
syz_emit_vhci(&(0x7f0000000500)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x1, 0x411}}}, 0x7)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(0xffffffffffffffff, 0x0, 0x8000)
syz_genetlink_get_family_id$nfc(&(0x7f0000000600), 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000300)='uid\xb9\x94A$>\xedR\x1e\xff?\xe9Q\xf3o\b\xbf\xfaH)\x8c\x9f\xb6\x19Z\x9dh6\v\xd0\x97G^\x8c\'V\xb4\xc8b\xe4M\x13\x8d@\x8c\x1a\xd8\x81P\xb7\x15\xe4qj\x1fE8\x82\xfb\x00\x01\x94rF\x01+\xc6\xde\xac\x7f\xd1\xbe\x04\x17\x87T\x91j\xa7\b\x03\xf8\xe8\xd3\xd1\xd9+-T\x88\xba\x8f\xa5\tN', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x03\x00\x00\x00$\xf6_\xbdD\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\bb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xd7\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x15\xab\v7\xbc\xfd\x85H;\x1b\xbe^VI\xe7(\xd8~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a', 0x0)
prlimit64(0x0, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x1, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/oops_count', 0x420001, 0x40)
read$usbfs(r3, &(0x7f00000001c0)=""/90, 0x5a)
syz_clone3(&(0x7f0000000580)={0x20000, &(0x7f0000000040), &(0x7f0000000240), 0x0, {0xa}, &(0x7f0000000a00)=""/4096, 0x1000, &(0x7f0000000400)=""/253, 0x0, 0x0, {r3}}, 0x58)
ptrace$ARCH_GET_CPUID(0x1e, 0x0, 0x0, 0x1011)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r3, 0x5760, 0x17)
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
mount(&(0x7f0000000000)=@filename='./cgroup\x00', 0x0, &(0x7f0000000200)='jfs\x00', 0x1a0c000, 0x0)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f0000000080)=[{0x40, 0x6, 0x90, 0x7ff}, {0x6, 0x7, 0x2, 0x2}]}, 0x10)
sendmsg$nl_route(r4, 0x0, 0x8000)

1.418110724s ago: executing program 0 (id=1823):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="811003180000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

0s ago: executing program 0 (id=1824):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$inet(0x2, 0x3, 0x9)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000000)=0x7b, 0x4)
shutdown(r2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_WOL_GET(r2, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="c40100a3", @ANYRES16=0x0, @ANYBLOB="08062dbd7000fbdbdf2509000000140001800800030001000000080003000300000054000180080003000300000008000300000000001400020064766d727030000000000000000000000800030001000000080003000300000008000100", @ANYRES32=0x0, @ANYBLOB="140002006272696467655f736c6176655f31000014000180080003000100000008000300030000003400018008000100", @ANYRES32=r3, @ANYBLOB="140002006272696467655f736c6176655f300000140002007465616d5f736c6176655f3000000000"], 0xc4}, 0x1, 0x0, 0x0, 0x4004011}, 0x20010040)
recvmmsg(r2, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0xa8202, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4040040)
close_range(r4, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bond0\x00'})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_ro(r6, 0x0, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x200, 0x802)
r7 = syz_io_uring_setup(0xbdc, &(0x7f0000001400)={0x0, 0xec25, 0x400, 0x1, 0xd4}, &(0x7f00000006c0)=<r8=>0x0, &(0x7f00000001c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0)

kernel console output (not intermixed with test programs):

_simulate: vblank timer overrun
[  531.174051][T11508] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  531.180118][T11508] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  531.193493][T11508] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  531.199744][T11508] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  531.210409][T11508] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  531.425803][T11521] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  531.437670][T11521] FAULT_INJECTION: forcing a failure.
[  531.437670][T11521] name failslab, interval 1, probability 0, space 0, times 0
[  531.450329][T11521] CPU: 1 UID: 0 PID: 11521 Comm: syz.1.1345 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  531.450345][T11521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  531.450351][T11521] Call Trace:
[  531.450355][T11521]  <TASK>
[  531.450359][T11521]  dump_stack_lvl+0x16c/0x1f0
[  531.450384][T11521]  should_fail_ex+0x512/0x640
[  531.450401][T11521]  ? fs_reclaim_acquire+0xae/0x150
[  531.450416][T11521]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  531.450428][T11521]  should_failslab+0xc2/0x120
[  531.450439][T11521]  __kmalloc_noprof+0xd2/0x510
[  531.450454][T11521]  ? map_id_range_up+0x2ce/0x3b0
[  531.450472][T11521]  tomoyo_realpath_from_path+0xc2/0x6e0
[  531.450484][T11521]  ? tomoyo_profile+0x47/0x60
[  531.450498][T11521]  tomoyo_path_perm+0x274/0x460
[  531.450512][T11521]  ? tomoyo_path_perm+0x260/0x460
[  531.450529][T11521]  ? __pfx_tomoyo_path_perm+0x10/0x10
[  531.450543][T11521]  ? find_held_lock+0x2b/0x80
[  531.450573][T11521]  ? cap_capable+0xb3/0x250
[  531.450589][T11521]  ? bpf_lsm_capable+0x9/0x10
[  531.450606][T11521]  security_path_chroot+0x1b9/0x1e0
[  531.450623][T11521]  __x64_sys_chroot+0x24c/0x340
[  531.450634][T11521]  ? ksys_write+0x1ac/0x250
[  531.450650][T11521]  ? __pfx___x64_sys_chroot+0x10/0x10
[  531.450666][T11521]  do_syscall_64+0xcd/0x4c0
[  531.450678][T11521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.450689][T11521] RIP: 0033:0x7f6198d8e9a9
[  531.450699][T11521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.450710][T11521] RSP: 002b:00007f6199b99038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[  531.450720][T11521] RAX: ffffffffffffffda RBX: 00007f6198fb6160 RCX: 00007f6198d8e9a9
[  531.450728][T11521] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  531.450734][T11521] RBP: 00007f6199b99090 R08: 0000000000000000 R09: 0000000000000000
[  531.450741][T11521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.450747][T11521] R13: 0000000000000000 R14: 00007f6198fb6160 R15: 00007fff63876228
[  531.450761][T11521]  </TASK>
[  531.450775][T11521] ERROR: Out of memory at tomoyo_realpath_from_path.
[  531.954601][T11527] xt_CT: You must specify a L4 protocol and not use inversions on it
[  532.523880][ T5907] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  532.733921][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  532.751496][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  532.902238][ T5907] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  532.951284][ T5907] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  533.006965][ T5907] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  533.032449][ T5907] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  533.042207][T11543] xt_CT: You must specify a L4 protocol and not use inversions on it
[  533.042542][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.059595][ T5907] usb 5-1: Product: syz
[  533.363489][ T5844] Bluetooth: hci1: command 0x0405 tx timeout
[  533.369550][ T5844] Bluetooth: hci2: command 0x0406 tx timeout
[  533.375606][ T5844] Bluetooth: hci4: command 0x0406 tx timeout
[  533.376491][ T5907] usb 5-1: Manufacturer: syz
[  533.381670][ T5844] Bluetooth: hci3: command 0x0406 tx timeout
[  533.394969][ T5907] usb 5-1: SerialNumber: syz
[  533.454328][ T5907] cdc_ncm 5-1:1.0: skipping garbage
[  533.459607][ T5907] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  533.576886][ T5907] cdc_ncm 5-1:1.0: bind() failure
[  534.562726][T11560] lo speed is unknown, defaulting to 1000
[  534.749831][ T5880] usb 5-1: USB disconnect, device number 33
[  537.565336][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  537.565349][   T30] audit: type=1400 audit(1752953940.004:887): avc:  denied  { map } for  pid=11564 comm="syz.4.1359" path="socket:[33160]" dev="sockfs" ino=33160 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  538.223088][   T30] audit: type=1400 audit(1752953940.264:888): avc:  denied  { write } for  pid=11564 comm="syz.4.1359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  538.413970][T11574] xt_CT: You must specify a L4 protocol and not use inversions on it
[  538.801099][   T30] audit: type=1400 audit(1752953941.234:889): avc:  denied  { create } for  pid=11576 comm="syz.4.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  538.856825][   T30] audit: type=1400 audit(1752953941.284:890): avc:  denied  { bind } for  pid=11576 comm="syz.4.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  538.885566][   T30] audit: type=1400 audit(1752953941.324:891): avc:  denied  { ioctl } for  pid=11576 comm="syz.4.1363" path="socket:[33835]" dev="sockfs" ino=33835 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  538.914907][   T30] audit: type=1400 audit(1752953941.324:892): avc:  denied  { write } for  pid=11576 comm="syz.4.1363" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  538.935091][T11577] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1363'.
[  538.949218][   T30] audit: type=1400 audit(1752953941.324:893): avc:  denied  { ioctl } for  pid=11576 comm="syz.4.1363" path="socket:[33196]" dev="sockfs" ino=33196 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  538.983034][   T30] audit: type=1400 audit(1752953941.324:894): avc:  denied  { ioctl } for  pid=11576 comm="syz.4.1363" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  539.011612][   T30] audit: type=1400 audit(1752953941.324:895): avc:  denied  { setopt } for  pid=11580 comm="syz.1.1365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  539.040052][   T30] audit: type=1400 audit(1752953941.324:896): avc:  denied  { shutdown } for  pid=11580 comm="syz.1.1365" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  540.025358][ T5942] usb 4-1: new low-speed USB device number 34 using dummy_hcd
[  540.292958][ T5942] usb 4-1: too many configurations: 24, using maximum allowed: 8
[  540.357236][ T5942] usb 4-1: unable to read config index 0 descriptor/start: -61
[  540.382591][T11594] dvmrp0: entered allmulticast mode
[  540.391471][ T5942] usb 4-1: can't read configurations, error -61
[  540.561508][ T5942] usb 4-1: new low-speed USB device number 35 using dummy_hcd
[  540.766918][T11603] syz_tun: entered allmulticast mode
[  540.773783][T11603] dvmrp0: left allmulticast mode
[  540.779252][T11603] syz_tun: left allmulticast mode
[  541.278519][ T5942] usb 4-1: too many configurations: 24, using maximum allowed: 8
[  541.307169][ T5942] usb 4-1: unable to read config index 0 descriptor/start: -61
[  541.328531][ T5942] usb 4-1: can't read configurations, error -61
[  541.341880][ T5942] usb usb4-port1: attempt power cycle
[  541.393888][T11614] xt_CT: You must specify a L4 protocol and not use inversions on it
[  541.981357][ T5942] usb 4-1: new low-speed USB device number 36 using dummy_hcd
[  542.125091][ T5942] usb 4-1: device descriptor read/8, error -71
[  542.621325][   T43] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  542.788831][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  542.791328][   T43] usb 1-1: Using ep0 maxpacket: 16
[  542.803882][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  542.803895][   T30] audit: type=1400 audit(1752953945.224:902): avc:  denied  { ioctl } for  pid=11638 comm="syz-executor" path="socket:[34041]" dev="sockfs" ino=34041 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  542.843342][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  542.864681][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  542.886194][   T43] usb 1-1: config 13 has an invalid interface number: 120 but max is 0
[  542.894771][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  542.900961][   T43] usb 1-1: config 13 has no interface number 0
[  542.908522][   T43] usb 1-1: config 13 interface 120 has no altsetting 0
[  542.908549][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  542.923331][   T43] usb 1-1: New USB device found, idVendor=07c4, idProduct=a000, bcdDevice= 0.07
[  542.940180][ T5839] bond0: (slave syz_tun): Releasing backup interface
[  542.948348][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  542.966598][   T30] audit: type=1400 audit(1752953945.404:903): avc:  denied  { mounton } for  pid=11638 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  542.966714][   T43] usb 1-1: Product: syz
[  543.042679][T11638] lo speed is unknown, defaulting to 1000
[  543.048501][   T43] usb 1-1: Manufacturer: syz
[  543.074849][   T43] usb 1-1: SerialNumber: syz
[  543.163187][ T3553] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.325560][T11625] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1378'.
[  543.338315][   T30] audit: type=1400 audit(1752953945.764:904): avc:  denied  { bind } for  pid=11624 comm="syz.0.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  543.390974][T11625] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  543.398839][T11646] binder: 11624:11646 ioctl c00c620f 2000000003c0 returned -22
[  543.402545][   T30] audit: type=1400 audit(1752953945.764:905): avc:  denied  { write } for  pid=11624 comm="syz.0.1378" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  543.428742][    C0] vkms_vblank_simulate: vblank timer overrun
[  543.437157][T11625] SELinux:  Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped).
[  543.516521][ T3553] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  543.529303][   T30] audit: type=1400 audit(1752953945.934:906): avc:  denied  { relabelto } for  pid=11624 comm="syz.0.1378" name="file0" dev="tmpfs" ino=1465 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  543.560737][   T30] audit: type=1400 audit(1752953945.944:907): avc:  denied  { associate } for  pid=11624 comm="syz.0.1378" name="file0" dev="tmpfs" ino=1465 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:fsadm_exec_t:s0"
[  543.593271][   T43] ums-datafab 1-1:13.120: USB Mass Storage device detected
[  544.209317][ T3553] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.228018][   T43] usb 1-1: USB disconnect, device number 40
[  544.341061][ T3553] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  544.616742][   T30] audit: type=1400 audit(1752953947.044:908): avc:  denied  { module_request } for  pid=11638 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  545.001293][ T5844] Bluetooth: hci5: command tx timeout
[  545.644558][   T30] audit: type=1400 audit(1752953947.104:909): avc:  denied  { read } for  pid=5498 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  545.665493][    C0] vkms_vblank_simulate: vblank timer overrun
[  545.672592][   T30] audit: type=1400 audit(1752953947.134:910): avc:  denied  { set_context_mgr } for  pid=11666 comm="syz.3.1388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  545.695076][   T30] audit: type=1400 audit(1752953948.114:911): avc:  denied  { unlink } for  pid=5826 comm="syz-executor" name="file0" dev="tmpfs" ino=1465 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:fsadm_exec_t:s0"
[  545.851021][T11638] chnl_net:caif_netlink_parms(): no params data found
[  545.980715][ T3553] bridge_slave_1: left allmulticast mode
[  546.061004][ T3553] bridge_slave_1: left promiscuous mode
[  546.070910][ T3553] bridge0: port 2(bridge_slave_1) entered disabled state
[  546.137694][ T3553] bridge_slave_0: left allmulticast mode
[  546.159159][ T3553] bridge_slave_0: left promiscuous mode
[  546.191407][ T5880] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  546.461520][ T5880] usb 4-1: Using ep0 maxpacket: 16
[  546.472129][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.610351][ T3553] bridge0: port 1(bridge_slave_0) entered disabled state
[  546.661242][   T43] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  547.071889][ T5844] Bluetooth: hci5: command tx timeout
[  547.159248][   T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  547.227675][ T5880] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  547.237690][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  547.251083][ T5880] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  547.260303][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.264064][   T43] usb 1-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  547.270543][ T5880] usb 4-1: config 0 descriptor??
[  547.321883][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.373256][   T43] usb 1-1: Product: syz
[  547.377463][   T43] usb 1-1: Manufacturer: syz
[  547.409138][   T43] usb 1-1: SerialNumber: syz
[  547.437435][   T43] usb 1-1: config 0 descriptor??
[  547.837683][ T5880] input: HID 045e:07da as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:045E:07DA.000A/input/input42
[  547.897243][T11675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'.
[  547.910586][T11675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'.
[  547.939918][ T5880] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  547.953644][T11675] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'.
[  548.010908][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'.
[  548.119436][T11707] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1391'.
[  548.341666][ T5880] usb 4-1: USB disconnect, device number 38
[  548.396272][ T3553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  548.412759][ T3553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  548.425716][ T3553] bond0 (unregistering): Released all slaves
[  548.607282][T11689] lo speed is unknown, defaulting to 1000
[  548.637997][T11671] lo speed is unknown, defaulting to 1000
[  548.638080][T11638] bridge0: port 1(bridge_slave_0) entered blocking state
[  548.652413][T11638] bridge0: port 1(bridge_slave_0) entered disabled state
[  548.659628][T11638] bridge_slave_0: entered allmulticast mode
[  548.666660][T11638] bridge_slave_0: entered promiscuous mode
[  548.698161][T11638] bridge0: port 2(bridge_slave_1) entered blocking state
[  548.705745][T11638] bridge0: port 2(bridge_slave_1) entered disabled state
[  548.715794][T11638] bridge_slave_1: entered allmulticast mode
[  548.722720][T11638] bridge_slave_1: entered promiscuous mode
[  548.792180][T11638] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  548.805504][ T3553] hsr_slave_0: left promiscuous mode
[  548.814150][ T3553] hsr_slave_1: left promiscuous mode
[  548.819771][ T3553] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  548.827703][ T3553] batman_adv: batadv0: Removing interface: batadv_slave_0
[  548.835395][ T3553] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  548.841592][ T5880] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  548.843364][ T3553] batman_adv: batadv0: Removing interface: batadv_slave_1
[  548.867093][ T3553] veth1_macvtap: left promiscuous mode
[  548.874408][ T3553] veth0_macvtap: left promiscuous mode
[  548.880186][ T3553] veth1_vlan: left promiscuous mode
[  548.885832][ T3553] veth0_vlan: left promiscuous mode
[  548.971259][ T5880] usb 5-1: device descriptor read/64, error -71
[  549.151818][ T5844] Bluetooth: hci5: command tx timeout
[  549.174495][   T30] kauditd_printk_skb: 20 callbacks suppressed
[  549.174511][   T30] audit: type=1400 audit(1752953951.614:932): avc:  denied  { read write } for  pid=11718 comm="syz.3.1399" name="rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  549.213168][   T30] audit: type=1400 audit(1752953951.614:933): avc:  denied  { open } for  pid=11718 comm="syz.3.1399" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1271 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  549.238830][ T5880] usb 5-1: new full-speed USB device number 35 using dummy_hcd
[  549.381257][ T5880] usb 5-1: device descriptor read/64, error -71
[  549.424549][ T3553] team0 (unregistering): Port device team_slave_1 removed
[  549.460356][ T3553] team0 (unregistering): Port device team_slave_0 removed
[  549.493569][ T5880] usb usb5-port1: attempt power cycle
[  549.757344][T11638] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  549.790288][T11723] bridge_slave_0: left allmulticast mode
[  549.796323][T11723] bridge_slave_0: left promiscuous mode
[  549.807844][T11723] bridge0: port 1(bridge_slave_0) entered disabled state
[  549.820272][T11723] bridge_slave_1: left allmulticast mode
[  549.828859][T11723] bridge_slave_1: left promiscuous mode
[  549.837343][T11723] bridge0: port 2(bridge_slave_1) entered disabled state
[  549.845835][ T5880] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  549.876513][T11723] bond0: (slave bond_slave_0): Releasing backup interface
[  549.884201][ T5880] usb 5-1: device descriptor read/8, error -71
[  549.908982][T11723] bond0: (slave bond_slave_1): Releasing backup interface
[  549.964498][T11723] team0: Port device team_slave_0 removed
[  550.001379][T11723] team0: Port device team_slave_1 removed
[  550.015235][T11723] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  550.025169][T11723] batman_adv: batadv0: Removing interface: batadv_slave_0
[  550.037464][T11723] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  550.048441][T11723] batman_adv: batadv0: Removing interface: batadv_slave_1
[  550.085927][T11724] team0: Mode changed to "loadbalance"
[  550.131873][ T5880] usb 5-1: new full-speed USB device number 37 using dummy_hcd
[  550.153142][ T5880] usb 5-1: device descriptor read/8, error -71
[  550.273577][ T5880] usb usb5-port1: unable to enumerate USB device
[  550.309531][T11638] team0: Port device team_slave_0 added
[  550.347066][T11638] team0: Port device team_slave_1 added
[  550.490210][T11638] batman_adv: batadv0: Adding interface: batadv_slave_0
[  550.502037][T11638] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  550.543931][T11638] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  550.572136][T11638] batman_adv: batadv0: Adding interface: batadv_slave_1
[  550.579222][T11638] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  550.606806][T11638] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  550.728560][ T5880] usb 1-1: USB disconnect, device number 41
[  550.747678][T11638] hsr_slave_0: entered promiscuous mode
[  550.782005][T11638] hsr_slave_1: entered promiscuous mode
[  550.801892][T11638] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  550.839849][T11638] Cannot create hsr debugfs directory
[  550.966075][   T30] audit: type=1400 audit(1752953953.404:934): avc:  denied  { create } for  pid=11753 comm="syz.1.1403" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  551.392461][ T5844] Bluetooth: hci5: command tx timeout
[  551.662273][   T30] audit: type=1400 audit(1752953953.464:935): avc:  denied  { name_bind } for  pid=11749 comm="syz.3.1402" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  551.684112][   T30] audit: type=1400 audit(1752953953.774:936): avc:  denied  { name_bind } for  pid=11756 comm="syz.0.1404" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  551.706426][   T30] audit: type=1400 audit(1752953953.774:937): avc:  denied  { node_bind } for  pid=11756 comm="syz.0.1404" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  551.753920][   T30] audit: type=1400 audit(1752953953.954:938): avc:  denied  { mount } for  pid=11756 comm="syz.0.1404" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  551.976484][T11758] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1402'.
[  552.008833][   T30] audit: type=1400 audit(1752953954.224:939): avc:  denied  { node_bind } for  pid=11749 comm="syz.3.1402" saddr=172.20.20.170 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  553.184554][T11638] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  553.198723][T11638] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  553.253989][T11638] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  553.264413][   T30] audit: type=1400 audit(1752953955.704:940): avc:  denied  { ioctl } for  pid=11789 comm="syz.1.1410" path="/dev/ptyq7" dev="devtmpfs" ino=126 ioctlcmd=0x5431 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  553.342222][T11638] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  554.295616][T11638] 8021q: adding VLAN 0 to HW filter on device bond0
[  555.016897][   T30] audit: type=1400 audit(1752953956.744:941): avc:  denied  { map } for  pid=11811 comm="syz.1.1413" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  555.218329][T11638] 8021q: adding VLAN 0 to HW filter on device team0
[  555.257997][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  555.265097][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  556.217002][ T3490] bridge0: port 2(bridge_slave_1) entered blocking state
[  556.224180][ T3490] bridge0: port 2(bridge_slave_1) entered forwarding state
[  556.284335][   T30] audit: type=1400 audit(1752953958.714:942): avc:  denied  { connect } for  pid=11818 comm="syz.1.1414" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  556.687553][T11638] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  556.709392][T11825] xt_CT: You must specify a L4 protocol and not use inversions on it
[  556.900886][T11826] 9pnet_fd: Insufficient options for proto=fd
[  557.021131][T11638] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  557.674400][T11840] xt_CT: You must specify a L4 protocol and not use inversions on it
[  558.149270][T11638] 8021q: adding VLAN 0 to HW filter on device batadv0
[  561.181012][   T30] audit: type=1400 audit(1752953963.614:943): avc:  denied  { create } for  pid=11879 comm="syz.4.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  561.261398][   T30] audit: type=1400 audit(1752953963.654:944): avc:  denied  { getopt } for  pid=11879 comm="syz.4.1426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  561.357815][   T30] audit: type=1400 audit(1752953963.664:945): avc:  denied  { ioctl } for  pid=11879 comm="syz.4.1426" path="socket:[34757]" dev="sockfs" ino=34757 ioctlcmd=0x894b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  562.062916][T11893] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  562.070595][T11893] audit: out of memory in audit_log_start
[  562.086900][   T30] audit: type=1400 audit(1752953964.504:946): avc:  denied  { read write } for  pid=11892 comm="syz.4.1430" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.110620][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.142340][T11638] veth0_vlan: entered promiscuous mode
[  562.187125][   T30] audit: type=1400 audit(1752953964.504:947): avc:  denied  { open } for  pid=11892 comm="syz.4.1430" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  562.188759][T11638] veth1_vlan: entered promiscuous mode
[  562.210675][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.225025][T11894] rtc_cmos 00:00: Alarms can be up to one day in the future
[  562.334550][   T30] audit: type=1400 audit(1752953964.574:948): avc:  denied  { create } for  pid=11885 comm="syz.0.1428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  562.408696][   T30] audit: type=1400 audit(1752953964.574:949): avc:  denied  { write } for  pid=11885 comm="syz.0.1428" path="socket:[34788]" dev="sockfs" ino=34788 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  562.443369][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  562.456268][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  562.471693][   T30] audit: type=1400 audit(1752953964.664:950): avc:  denied  { read } for  pid=11885 comm="syz.0.1428" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  562.494642][    C1] vkms_vblank_simulate: vblank timer overrun
[  562.495854][T11638] veth0_macvtap: entered promiscuous mode
[  562.576938][T11638] veth1_macvtap: entered promiscuous mode
[  562.674570][T11638] batman_adv: batadv0: Interface activated: batadv_slave_0
[  562.694909][T11905] FAULT_INJECTION: forcing a failure.
[  562.694909][T11905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  562.708743][T11905] CPU: 1 UID: 0 PID: 11905 Comm: syz.1.1434 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  562.708767][T11905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  562.708778][T11905] Call Trace:
[  562.708783][T11905]  <TASK>
[  562.708789][T11905]  dump_stack_lvl+0x16c/0x1f0
[  562.708822][T11905]  should_fail_ex+0x512/0x640
[  562.708854][T11905]  _copy_from_user+0x2e/0xd0
[  562.708873][T11905]  get_user_ifreq+0xf1/0x250
[  562.708893][T11905]  sock_do_ioctl+0x16b/0x280
[  562.708915][T11905]  ? __pfx_sock_do_ioctl+0x10/0x10
[  562.708941][T11905]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  562.708970][T11905]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  562.709000][T11905]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  562.709050][T11905]  sock_ioctl+0x227/0x6b0
[  562.709072][T11905]  ? __pfx_sock_ioctl+0x10/0x10
[  562.709092][T11905]  ? hook_file_ioctl_common+0x145/0x410
[  562.709120][T11905]  ? selinux_file_ioctl+0x180/0x270
[  562.709146][T11905]  ? selinux_file_ioctl+0xb4/0x270
[  562.709174][T11905]  ? __pfx_sock_ioctl+0x10/0x10
[  562.709197][T11905]  __x64_sys_ioctl+0x18e/0x210
[  562.709223][T11905]  do_syscall_64+0xcd/0x4c0
[  562.709242][T11905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  562.709259][T11905] RIP: 0033:0x7f6198d8e9a9
[  562.709274][T11905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  562.709290][T11905] RSP: 002b:00007f6199be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  562.709307][T11905] RAX: ffffffffffffffda RBX: 00007f6198fb5fa0 RCX: 00007f6198d8e9a9
[  562.709318][T11905] RDX: 0000200000000000 RSI: 0000000000008914 RDI: 0000000000000005
[  562.709329][T11905] RBP: 00007f6199be8090 R08: 0000000000000000 R09: 0000000000000000
[  562.709340][T11905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  562.709350][T11905] R13: 0000000000000000 R14: 00007f6198fb5fa0 R15: 00007fff63876228
[  562.709375][T11905]  </TASK>
[  562.728251][T11638] batman_adv: batadv0: Interface activated: batadv_slave_1
[  562.734045][ T5942] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  562.762278][T11638] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  562.994943][T11638] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  563.084395][T11638] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  563.101668][T11638] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  563.251624][ T5942] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  563.259787][ T5942] usb 4-1: config 0 has no interface number 0
[  563.274355][ T5942] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  563.501629][ T5942] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  563.541230][ T5942] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  563.550327][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.592223][ T5942] usb 4-1: Product: syz
[  563.596473][ T5942] usb 4-1: Manufacturer: syz
[  563.601075][ T5942] usb 4-1: SerialNumber: syz
[  563.607716][ T5942] usb 4-1: config 0 descriptor??
[  563.622490][T11896] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  563.631807][ T5942] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  563.666693][ T5942] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  563.720836][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.737741][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  563.946056][ T3490] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  563.965564][T11896] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.991363][ T3490] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  564.031823][T11896] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  565.947849][ T5969] usb 4-1: USB disconnect, device number 39
[  565.956162][ T5969] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  565.967529][ T5969] cyberjack 4-1:0.69: device disconnected
[  566.074429][T11947] lo speed is unknown, defaulting to 1000
[  566.227721][T11952] netlink: 'syz.5.1381': attribute type 29 has an invalid length.
[  566.236639][T11952] netlink: 'syz.5.1381': attribute type 29 has an invalid length.
[  567.979598][ T5849] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  567.996874][T11979] netlink: 5 bytes leftover after parsing attributes in process `syz.1.1448'.
[  568.036244][T11979] 0��{X��: renamed from gretap0 (while UP)
[  568.397123][T11979] 0��{X��: entered allmulticast mode
[  568.406432][T11979] A link change request failed with some changes committed already. Interface 
30��{X�� may have been left with an inconsistent configuration, please check.
[  568.549602][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  568.549618][   T30] audit: type=1400 audit(1752953970.974:978): avc:  denied  { map } for  pid=11987 comm="syz.5.1449" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  568.721275][   T43] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  568.856964][   T30] audit: type=1400 audit(1752953970.974:979): avc:  denied  { execute } for  pid=11987 comm="syz.5.1449" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  568.953366][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  568.953410][   T43] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  568.953432][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.963469][   T43] usb 1-1: config 0 descriptor??
[  569.170199][   T30] audit: type=1400 audit(1752953971.584:980): avc:  denied  { block_suspend } for  pid=12000 comm="syz.5.1452" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  569.223121][T12004] lo speed is unknown, defaulting to 1000
[  569.361462][   T30] audit: type=1800 audit(1752953971.744:981): pid=12009 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1452" name="bus" dev="overlay" ino=38 res=0 errno=0
[  569.378207][   T43] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor
[  569.428002][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.000B/input/input45
[  569.626594][T11983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.694778][T11983] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  570.055419][T12016] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1454'.
[  570.219633][   T30] audit: type=1400 audit(1752953972.654:982): avc:  denied  { read } for  pid=5188 comm="acpid" name="event4" dev="devtmpfs" ino=3276 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  570.229320][   T43] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  570.384093][   T43] usb 1-1: USB disconnect, device number 42
[  570.384093][   T30] audit: type=1400 audit(1752953972.654:983): avc:  denied  { open } for  pid=5188 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3276 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  570.384133][   T30] audit: type=1400 audit(1752953972.654:984): avc:  denied  { ioctl } for  pid=5188 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=3276 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  570.480358][T12018] fido_id[12018]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  570.566414][   T30] audit: type=1400 audit(1752953973.004:985): avc:  denied  { create } for  pid=12022 comm="syz.4.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  570.764547][   T30] audit: type=1400 audit(1752953973.004:986): avc:  denied  { write } for  pid=12022 comm="syz.4.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  570.830562][   T30] audit: type=1400 audit(1752953973.054:987): avc:  denied  { bind } for  pid=12022 comm="syz.4.1455" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  571.266982][ T5834] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  571.367418][T12031] ptrace attach of "./syz-executor exec"[12034] was attempted by "./syz-executor exec"[12031]
[  571.818845][T12043] dvmrp0: entered allmulticast mode
[  572.062508][T12050] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1463'.
[  572.131025][T12051] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  572.187359][T12050] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1463'.
[  573.017550][ T5834] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  573.508753][T12096] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  573.579878][T12099] dvmrp0: entered allmulticast mode
[  573.625853][T12102] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1476'.
[  574.788544][T12121] dvmrp0: entered allmulticast mode
[  575.051246][   T43] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  575.105166][ T5849] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  575.315055][   T43] usb 4-1: Using ep0 maxpacket: 32
[  575.323728][   T43] usb 4-1: config 7 has an invalid interface number: 138 but max is 0
[  575.347794][   T43] usb 4-1: config 7 has an invalid interface number: 1 but max is 0
[  575.403131][   T43] usb 4-1: config 7 has an invalid descriptor of length 100, skipping remainder of the config
[  575.560146][   T43] usb 4-1: config 7 has 2 interfaces, different from the descriptor's value: 1
[  575.617594][   T43] usb 4-1: config 7 has no interface number 0
[  575.696856][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0xB has invalid wMaxPacketSize 0
[  575.720346][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  575.736500][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  575.755058][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x7 has invalid maxpacket 1023, setting to 64
[  575.799805][   T43] usb 4-1: config 7 interface 138 altsetting 5 has an endpoint descriptor with address 0x44, changing to 0x4
[  575.848429][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x4 has an invalid bInterval 74, changing to 7
[  575.932958][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x4 has invalid maxpacket 34728, setting to 1024
[  575.961128][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  575.998825][   T43] usb 4-1: config 7 interface 138 altsetting 5 has an invalid descriptor for endpoint zero, skipping
[  576.030902][   T43] usb 4-1: config 7 interface 138 altsetting 5 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  576.106820][   T43] usb 4-1: config 7 interface 138 altsetting 5 has 11 endpoint descriptors, different from the interface descriptor's value: 14
[  576.140997][   T43] usb 4-1: too many endpoints for config 7 interface 1 altsetting 7: 37, using maximum allowed: 30
[  576.178027][   T43] usb 4-1: config 7 interface 1 altsetting 7 has a duplicate endpoint with address 0xB, skipping
[  576.221302][   T43] usb 4-1: config 7 interface 1 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 37
[  576.258715][   T43] usb 4-1: config 7 interface 138 has no altsetting 0
[  576.308148][   T43] usb 4-1: config 7 interface 1 has no altsetting 0
[  576.327167][   T43] usb 4-1: New USB device found, idVendor=04dd, idProduct=8004, bcdDevice=70.f0
[  576.376442][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  576.401343][   T43] usb 4-1: Product: 构劚즶쁣ͭ㘀਍싛ꈮ껊锿鮍瞇퀅绯鵆는ƣᭉ੣흾ു⸧蜤䲸ᔆ唈Ỉد刪頝鹾鬣ꑆ䔿꽰叒௓将꣊傍埑繽짓ꬓ뤶஠晈剁ᎁ׻舁Ậ즕칭柬⊳⑸옅睜蘸ꄿ蝬䮫ꄇᢙ흦㪘塾ჴ乵鮁장㉑苶镲刞푉޲鉖祟冃䙏縊ဪ䲩㚝刅㪛㒗觧疏ꢸ櫱꫟惂㤲殢줸麐㥧锱⛡쉾嶐፞】쟢蹿筒妿
[  576.449523][   T43] usb 4-1: Manufacturer: 䰧ᮗ儚씣ᝫ흪妗瓢껳炁澁ꦇそ瑀➁刺냾댾昪鼠滁쵼懳ựས첫▨溰붘㸓ƽ뭆麏ಌ䶄잚黐묠鐜虢䉱킰躿碜≴ᓒ๠ゼ⦥衁阕ⵀ牷톕㨦蟇簹♓夁ᙼ폘쏅쿴贺禽ꕊ䕨죙辬䚲
[  576.477610][   T43] usb 4-1: SerialNumber: 㐁
[  576.516659][ T5880] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  576.789743][T12122] veth1_to_team: entered promiscuous mode
[  576.796866][T12122] bond_slave_0: entered promiscuous mode
[  577.558118][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  577.558176][   T30] audit: type=1400 audit(1752953979.274:995): avc:  denied  { write } for  pid=12162 comm="syz.4.1490" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  577.585429][T12122] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  577.617923][ T5880] usb 2-1: config 0 has an invalid interface number: 23 but max is 0
[  577.723149][T12122] Cannot create hsr debugfs directory
[  577.728656][ T5880] usb 2-1: config 0 has no interface number 0
[  577.736606][T12122] hsr1: Slave A (veth1_to_team) is not up; please bring it up to get a fully working HSR network
[  577.751233][ T5969] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  577.752577][T12122] hsr1: Slave B (bond_slave_0) is not up; please bring it up to get a fully working HSR network
[  577.759004][ T5880] usb 2-1: config 0 interface 23 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  577.772665][T12122] hsr1: entered promiscuous mode
[  577.787970][ T5880] usb 2-1: config 0 interface 23 altsetting 0 endpoint 0x82 has invalid maxpacket 6911, setting to 1024
[  577.802991][ T5880] usb 2-1: config 0 interface 23 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  577.820033][ T5880] usb 2-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01
[  577.829442][T12173] syzkaller0: entered promiscuous mode
[  577.835001][T12173] syzkaller0: entered allmulticast mode
[  577.843977][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  577.850468][   T43] usb 4-1: bad CDC descriptors
[  577.856179][ T5880] usb 2-1: Product: syz
[  577.862610][ T5880] usb 2-1: Manufacturer: syz
[  577.881053][ T5880] usb 2-1: SerialNumber: syz
[  577.902504][ T5880] usb 2-1: config 0 descriptor??
[  577.914262][   T43] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  577.941254][   T43] usb 4-1: MIDIStreaming interface descriptor not found
[  577.984202][   T43] usb 4-1: USB disconnect, device number 40
[  578.016606][ T5969] usb 5-1: Using ep0 maxpacket: 32
[  578.037422][ T5969] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  578.098324][T12156] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  578.131235][ T5969] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  578.142364][ T5834] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  578.142427][ T6151] udevd[6151]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:7.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  578.166921][T12156] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  578.176484][ T5969] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  578.200734][ T5880] ums-usbat 2-1:0.23: USB Mass Storage device detected
[  578.222346][ T5969] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  578.237494][ T5969] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  578.247075][ T5969] usb 5-1: Product: syz
[  578.278110][ T5969] usb 5-1: Manufacturer: syz
[  578.312281][ T5969] usb 5-1: SerialNumber: syz
[  578.338504][ T5969] cdc_ncm 5-1:1.0: skipping garbage
[  578.348269][ T5969] cdc_ncm 5-1:1.0: CDC Union missing and no IAD found
[  578.371479][ T5969] cdc_ncm 5-1:1.0: bind() failure
[  578.444066][ T5880] ums-usbat 2-1:0.23: probe with driver ums-usbat failed with error -5
[  578.473460][ T5880] usb 2-1: USB disconnect, device number 46
[  578.533273][   T43] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  578.552139][ T5893] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  578.671377][   T43] usb 4-1: device descriptor read/64, error -71
[  578.677812][T12209] binder: 12195:12209 ioctl 4018620d 0 returned -22
[  578.712795][ T5893] usb 6-1: config 83 has too many interfaces: 242, using maximum allowed: 32
[  578.731440][ T5893] usb 6-1: config 83 has 1 interface, different from the descriptor's value: 242
[  578.740637][ T5893] usb 6-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  578.788009][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.803943][T12196] binder: 12195:12196 ioctl c018620c 0 returned -14
[  578.815215][   T30] audit: type=1400 audit(1752953981.254:996): avc:  denied  { write } for  pid=12195 comm="syz.0.1498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  578.912877][   T43] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  579.061691][   T43] usb 4-1: device descriptor read/64, error -71
[  579.216516][   T43] usb usb4-port1: attempt power cycle
[  579.338420][ T5893] gspca_main: spca508-2.14.0 probing 8086:0110
[  579.347941][ T5893] gspca_spca508: reg_read err -71
[  579.354448][ T5893] gspca_spca508: reg_read err -71
[  579.387024][ T5893] gspca_spca508: reg_read err -71
[  579.398219][ T5893] gspca_spca508: reg_read err -71
[  579.413297][ T5893] gspca_spca508: reg_read err -71
[  579.422348][ T5893] gspca_spca508: reg write: error -71
[  579.428309][ T5893] spca508 6-1:83.0: probe with driver spca508 failed with error -71
[  579.467517][ T5893] usb 6-1: USB disconnect, device number 2
[  579.589888][   T30] audit: type=1400 audit(1752953982.014:997): avc:  denied  { create } for  pid=12221 comm="syz.0.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  579.770379][ T5942] usb 5-1: USB disconnect, device number 38
[  579.802121][   T30] audit: type=1400 audit(1752953982.024:998): avc:  denied  { getopt } for  pid=12221 comm="syz.0.1501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  579.845127][   T43] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  579.871092][   T30] audit: type=1400 audit(1752953982.084:999): avc:  denied  { name_connect } for  pid=12221 comm="syz.0.1501" dest=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  579.911734][   T43] usb 4-1: device descriptor read/8, error -71
[  580.098836][   T30] audit: type=1400 audit(1752953982.534:1000): avc:  denied  { map } for  pid=12235 comm="syz.5.1506" path="/dev/comedi3" dev="devtmpfs" ino=1279 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  580.166408][   T43] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  580.349754][ T5893] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  580.403751][T12237] lo speed is unknown, defaulting to 1000
[  580.410135][   T43] usb 4-1: device descriptor read/8, error -71
[  580.450125][   T30] audit: type=1400 audit(1752953982.594:1001): avc:  denied  { create } for  pid=12235 comm="syz.5.1506" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  580.512717][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  580.531608][   T43] usb usb4-port1: unable to enumerate USB device
[  580.531915][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  580.578815][   T30] audit: type=1400 audit(1752953982.614:1002): avc:  denied  { sys_admin } for  pid=12235 comm="syz.5.1506" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  580.659733][ T5893] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  580.678841][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.709595][ T5893] usb 2-1: config 0 descriptor??
[  580.942724][ T5893] playstation 0003:054C:0DF2.000C: unknown main item tag 0x0
[  580.971709][ T5893] playstation 0003:054C:0DF2.000C: unknown main item tag 0x0
[  580.988802][ T5849] Buffer I/O error on dev loop6, logical block 32767999, async page read
[  581.001255][ T5893] playstation 0003:054C:0DF2.000C: unknown main item tag 0x0
[  581.034085][ T5893] playstation 0003:054C:0DF2.000C: unknown main item tag 0x0
[  581.071274][ T5893] playstation 0003:054C:0DF2.000C: unknown main item tag 0x0
[  581.078983][   T30] audit: type=1400 audit(1752953983.514:1003): avc:  denied  { create } for  pid=12251 comm="syz.3.1509" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  581.128535][ T5893] playstation 0003:054C:0DF2.000C: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  581.281791][T12254] FAULT_INJECTION: forcing a failure.
[  581.281791][T12254] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.294920][T12254] CPU: 0 UID: 0 PID: 12254 Comm: syz.3.1509 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  581.294944][T12254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  581.294955][T12254] Call Trace:
[  581.294962][T12254]  <TASK>
[  581.294969][T12254]  dump_stack_lvl+0x16c/0x1f0
[  581.295002][T12254]  should_fail_ex+0x512/0x640
[  581.295033][T12254]  _copy_to_user+0x32/0xd0
[  581.295054][T12254]  simple_read_from_buffer+0xcb/0x170
[  581.295084][T12254]  proc_fail_nth_read+0x197/0x270
[  581.295112][T12254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  581.295141][T12254]  ? rw_verify_area+0xcf/0x680
[  581.295164][T12254]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  581.295190][T12254]  vfs_read+0x1e1/0xc60
[  581.295221][T12254]  ? __pfx___mutex_lock+0x10/0x10
[  581.295239][T12254]  ? __pfx_vfs_read+0x10/0x10
[  581.295273][T12254]  ? __fget_files+0x20e/0x3c0
[  581.295299][T12254]  ksys_read+0x12a/0x250
[  581.295325][T12254]  ? __pfx_ksys_read+0x10/0x10
[  581.295359][T12254]  do_syscall_64+0xcd/0x4c0
[  581.295379][T12254]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.295398][T12254] RIP: 0033:0x7f6a5f78d3bc
[  581.295412][T12254] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  581.295428][T12254] RSP: 002b:00007f6a60612030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  581.295444][T12254] RAX: ffffffffffffffda RBX: 00007f6a5f9b6080 RCX: 00007f6a5f78d3bc
[  581.295455][T12254] RDX: 000000000000000f RSI: 00007f6a606120a0 RDI: 000000000000000a
[  581.295464][T12254] RBP: 00007f6a60612090 R08: 0000000000000000 R09: 0000000000000000
[  581.295474][T12254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  581.295482][T12254] R13: 0000000000000000 R14: 00007f6a5f9b6080 R15: 00007ffcf1343698
[  581.295500][T12254]  </TASK>
[  581.498380][ T5893] playstation 0003:054C:0DF2.000C: Invalid reportID received, expected 32 got 39
[  581.507549][ T5893] playstation 0003:054C:0DF2.000C: Failed to retrieve DualSense firmware info: -22
[  581.516872][ T5893] playstation 0003:054C:0DF2.000C: Failed to get firmware info from DualSense
[  581.525723][ T5893] playstation 0003:054C:0DF2.000C: Failed to create dualsense.
[  581.559138][ T5893] playstation 0003:054C:0DF2.000C: probe with driver playstation failed with error -22
[  581.698793][ T5942] usb 2-1: USB disconnect, device number 47
[  581.903113][   T30] audit: type=1400 audit(1752953984.344:1004): avc:  denied  { execute } for  pid=12270 comm="syz.5.1515" path="/proc/schedstat" dev="proc" ino=4026531998 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=file permissive=1
[  582.173396][ T5880] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  582.191549][ T5942] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  582.241842][T12279] binder: 12253:12279 ioctl 4018620d 0 returned -22
[  582.411497][ T5880] usb 5-1: Using ep0 maxpacket: 8
[  582.422016][T12260] binder: 12253:12260 ioctl c018620c 0 returned -14
[  582.439844][ T5880] usb 5-1: config index 0 descriptor too short (expected 74, got 45)
[  582.474810][ T5880] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  582.501254][T12283] Device name cannot be null; rc = [-22]
[  582.891721][ T5942] usb 6-1: Using ep0 maxpacket: 32
[  582.905702][ T5942] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  582.907825][ T5880] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  582.937967][ T5880] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  582.963392][ T5880] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  582.981747][ T5942] usb 6-1: config 0 has no interface number 0
[  582.988600][ T5942] usb 6-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping
[  583.015473][ T5942] usb 6-1: config 0 interface 1 has no altsetting 0
[  583.031026][ T5880] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  583.046208][ T5880] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  583.058629][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.099232][ T5942] usb 6-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a
[  583.118541][ T5942] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  583.131591][T12011] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  583.214143][ T5942] usb 6-1: Product: syz
[  583.248867][ T5942] usb 6-1: Manufacturer: syz
[  583.256760][ T5942] usb 6-1: SerialNumber: syz
[  583.260601][T12293] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6
[  583.283462][ T5942] usb 6-1: config 0 descriptor??
[  583.304219][ T5880] usb 5-1: GET_CAPABILITIES returned 0
[  583.331263][ T5880] usbtmc 5-1:16.0: can't read capabilities
[  583.351389][T12011] usb 4-1: device descriptor read/64, error -71
[  583.481914][   T30] audit: type=1400 audit(1752953985.914:1005): avc:  denied  { bind } for  pid=12294 comm="syz.1.1523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  583.732286][ T5942] cx231xx 6-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces
[  583.735400][    C0] usbtmc 5-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  583.756408][ T5942] cx231xx 6-1:0.1: Not found matching IAD interface
[  583.763251][   T30] audit: type=1400 audit(1752953985.914:1006): avc:  denied  { name_bind } for  pid=12294 comm="syz.1.1523" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  583.785291][T12274] usbtmc 5-1:16.0: Unable to send data, error -71
[  583.797029][T12011] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  583.815958][ T5942] usb 6-1: USB disconnect, device number 3
[  583.875228][   T30] audit: type=1400 audit(1752953985.914:1007): avc:  denied  { node_bind } for  pid=12294 comm="syz.1.1523" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  584.029826][T12011] usb 4-1: device descriptor read/64, error -71
[  584.584455][T12011] usb usb4-port1: attempt power cycle
[  585.021240][ T1205] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  585.484919][   T30] audit: type=1400 audit(1752953985.924:1008): avc:  denied  { accept } for  pid=12294 comm="syz.1.1523" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  585.511470][ T5880] usb 5-1: USB disconnect, device number 39
[  585.542239][T12011] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  585.617653][T12314] xt_CT: You must specify a L4 protocol and not use inversions on it
[  585.684240][    C1] raw-gadget.2 gadget.3: ignoring, device is not running
[  585.728311][T12011] usb 4-1: device descriptor read/8, error -32
[  585.774498][ T1205] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  585.796489][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  586.030262][ T1205] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  586.046578][ T1205] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.075713][   T30] audit: type=1400 audit(1752953988.514:1009): avc:  denied  { ioctl } for  pid=12319 comm="syz.3.1529" path="socket:[36909]" dev="sockfs" ino=36909 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  586.075813][ T5844] Bluetooth: hci3: SCO packet for unknown connection handle 0
[  586.123948][ T1205] usb 2-1: config 0 descriptor??
[  586.419610][T12331] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1531'.
[  586.600817][T12330] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc.
[  586.690194][T12323] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  587.496496][ T1205] ath6kl: Failed to submit usb control message: -71
[  588.024902][ T1205] ath6kl: unable to send the bmi data to the device: -71
[  588.033444][ T1205] ath6kl: Unable to send get target info: -71
[  588.111335][ T1205] ath6kl: Failed to init ath6kl core: -71
[  588.118041][ T1205] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  588.280248][ T1205] usb 2-1: USB disconnect, device number 48
[  588.291621][T12340] veth0_to_team: entered promiscuous mode
[  588.297348][T12340] veth0_to_team: entered allmulticast mode
[  588.340893][T12340] misc userio: The device must be registered before sending interrupts
[  588.591392][ T5893] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  588.987478][ T5893] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  589.065786][ T5893] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  589.079987][ T5893] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  589.089164][ T5893] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  589.102067][ T5893] usb 6-1: config 0 descriptor??
[  589.160155][T12348] dvmrp0: entered allmulticast mode
[  589.312819][T12340] misc userio: The device must be registered before sending interrupts
[  589.577856][T12362] lo speed is unknown, defaulting to 1000
[  590.201159][ T5893] ath6kl: Failed to submit usb control message: -110
[  590.399479][ T5893] ath6kl: unable to send the bmi data to the device: -110
[  590.534417][ T5893] ath6kl: Unable to send get target info: -110
[  590.570585][   T30] audit: type=1400 audit(1752953993.004:1010): avc:  denied  { getopt } for  pid=12368 comm="syz.0.1538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  590.575183][ T5893] ath6kl: Failed to init ath6kl core: -110
[  590.698327][ T5893] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -110
[  590.769157][ T5893] usb 6-1: USB disconnect, device number 4
[  590.949421][T12378] syz.5.1539: attempt to access beyond end of device
[  590.949421][T12378] nbd5: rw=0, sector=2, nr_sectors = 2 limit=0
[  591.060814][T12378] MINIX-fs: unable to read superblock
[  592.873633][T12406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1546'.
[  592.884797][   T30] audit: type=1400 audit(1752953995.164:1011): avc:  denied  { ioctl } for  pid=12407 comm="syz.5.1545" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=38044 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  592.910897][    C0] vkms_vblank_simulate: vblank timer overrun
[  593.028450][T12411] overlayfs: failed to resolve './file0': -2
[  593.700159][T12419] lo speed is unknown, defaulting to 1000
[  594.791907][T12430] xt_CT: You must specify a L4 protocol and not use inversions on it
[  595.531985][T12437] binder: 12428:12437 ioctl c0306201 0 returned -14
[  595.848374][   T30] audit: type=1400 audit(1752953998.044:1012): avc:  denied  { write } for  pid=12431 comm="syz.4.1552" path="socket:[37066]" dev="sockfs" ino=37066 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  595.871667][    C1] vkms_vblank_simulate: vblank timer overrun
[  596.224799][T12455] lo speed is unknown, defaulting to 1000
[  598.330313][T12476] dvmrp0: left allmulticast mode
[  598.445560][   T30] audit: type=1400 audit(1752954000.884:1013): avc:  denied  { bind } for  pid=12479 comm="syz.3.1559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  598.701764][   T30] audit: type=1400 audit(1752954000.884:1014): avc:  denied  { setopt } for  pid=12479 comm="syz.3.1559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  598.721519][   T30] audit: type=1400 audit(1752954000.934:1015): avc:  denied  { read } for  pid=12479 comm="syz.3.1559" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  599.245781][T12011] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  599.402324][T12011] usb 5-1: Using ep0 maxpacket: 32
[  599.448982][T12011] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  599.471249][T12011] usb 5-1: config 0 has no interface number 0
[  599.481243][ T5880] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  599.490910][T12011] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  599.521346][T12011] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  599.529364][T12011] usb 5-1: Product: syz
[  599.565082][T12011] usb 5-1: Manufacturer: syz
[  599.569706][T12011] usb 5-1: SerialNumber: syz
[  599.596862][T12011] usb 5-1: config 0 descriptor??
[  599.618864][T12011] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  599.651906][ T5880] usb 2-1: Using ep0 maxpacket: 32
[  599.689446][ T5880] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  599.714460][ T5880] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  599.821748][ T5880] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  599.869425][   T30] audit: type=1400 audit(1752954002.234:1016): avc:  denied  { ioctl } for  pid=12508 comm="syz.5.1565" path="socket:[38178]" dev="sockfs" ino=38178 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  600.034657][ T5880] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  600.122341][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  600.206974][   T30] audit: type=1400 audit(1752954002.234:1017): avc:  denied  { connect } for  pid=12508 comm="syz.5.1565" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  600.237635][ T5880] usb 2-1: Product: syz
[  600.404933][T12011] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  600.521536][T12011] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  600.548289][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  600.556414][T12011] usb 5-1: USB disconnect, device number 40
[  600.566524][T12011] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  600.580293][T12011] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  600.592227][T12011] quatech2 5-1:0.51: device disconnected
[  600.639595][ T5880] usb 2-1: Manufacturer: syz
[  600.661194][ T5880] usb 2-1: SerialNumber: syz
[  600.784765][T12524] random: crng reseeded on system resumption
[  601.096409][   T30] audit: type=1400 audit(1752954003.224:1018): avc:  denied  { write } for  pid=12515 comm="syz.3.1566" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  601.243613][T12525] lo speed is unknown, defaulting to 1000
[  601.553158][ T5880] cdc_ncm 2-1:1.0: skipping garbage
[  601.594169][ T5880] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  601.769684][T12535] binder: 12528:12535 ioctl c0306201 0 returned -14
[  601.771512][ T5880] cdc_ncm 2-1:1.0: bind() failure
[  603.056096][ T5880] usb 2-1: USB disconnect, device number 49
[  603.132934][T12543] lo speed is unknown, defaulting to 1000
[  604.331405][T12011] usb 4-1: new full-speed USB device number 49 using dummy_hcd
[  605.541380][T12011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  605.552872][   T30] audit: type=1400 audit(1752954007.954:1019): avc:  denied  { mounton } for  pid=12577 comm="syz.4.1581" path="/syzcgroup/unified/syz4" dev="cgroup2" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  605.602375][T12011] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  605.734441][T12011] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  605.792226][   T30] audit: type=1400 audit(1752954008.104:1020): avc:  denied  { read append } for  pid=12580 comm="syz.0.1579" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  605.816942][    C1] vkms_vblank_simulate: vblank timer overrun
[  605.821184][T12197] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  605.969292][T12011] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  606.076373][T12011] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.155544][   T30] audit: type=1400 audit(1752954008.104:1021): avc:  denied  { open } for  pid=12580 comm="syz.0.1579" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  606.197349][T12011] usb 4-1: Product: syz
[  606.209657][T12589] dvmrp0: entered allmulticast mode
[  606.246761][T12011] usb 4-1: Manufacturer: syz
[  606.287097][T12011] usb 4-1: SerialNumber: syz
[  606.430098][T12011] usb 4-1: config 0 descriptor??
[  606.490111][T12570] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  606.531569][T12570] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  606.540151][T12589] dvmrp0: left allmulticast mode
[  606.555735][T12011] usb 4-1: ucan: probing device on interface #0
[  606.746288][T12197] usb 2-1: Using ep0 maxpacket: 8
[  606.764413][T12197] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  606.779229][T12197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.788597][T12197] usb 2-1: Product: syz
[  606.792921][T12197] usb 2-1: Manufacturer: syz
[  606.797519][T12197] usb 2-1: SerialNumber: syz
[  606.805854][T12197] usb 2-1: config 0 descriptor??
[  607.313153][T12197] gspca_main: se401-2.14.0 probing 047d:5003
[  607.601341][   T30] audit: type=1400 audit(1752954009.944:1022): avc:  denied  { ioctl } for  pid=12569 comm="syz.3.1577" path="socket:[38329]" dev="sockfs" ino=38329 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  607.630186][T12197] gspca_se401: Wrong descriptor type
[  607.737050][T12610] tipc: Started in network mode
[  607.756936][T12610] tipc: Node identity ac14140c, cluster identity 4711
[  607.829690][T12610] tipc: New replicast peer: 255.255.255.255
[  607.856649][T12610] tipc: Enabled bearer <udp:syz2>, priority 10
[  608.011682][T12619] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1584'.
[  608.021250][   T30] audit: type=1400 audit(1752954010.454:1023): avc:  denied  { write } for  pid=12602 comm="syz.0.1584" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  608.021560][T12612] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1584'.
[  608.248600][T12011] usb 4-1: ucan: failed to retrieve device info
[  608.285059][T12011] usb 4-1: ucan: probe failed; try to update the device firmware
[  608.315242][T12612] tipc: Disabling bearer <udp:syz2>
[  608.355836][   T30] audit: type=1326 audit(1752954010.794:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12586 comm="syz.1.1582" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6198d8e9a9 code=0xffff0000
[  608.481243][ T5907] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  608.645987][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  608.700402][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  608.718481][ T5907] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  608.728666][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.753108][ T5907] usb 5-1: config 0 descriptor??
[  608.771880][T12638] lo speed is unknown, defaulting to 1000
[  608.969405][T12644] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1588'.
[  609.135701][ T5893] usb 4-1: USB disconnect, device number 49
[  609.264344][   T30] audit: type=1400 audit(1752954011.704:1025): avc:  denied  { ioctl } for  pid=12643 comm="syz.0.1588" path="socket:[37432]" dev="sockfs" ino=37432 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  609.496885][T12658] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1588'.
[  609.505939][   T30] audit: type=1400 audit(1752954011.804:1026): avc:  denied  { bind } for  pid=12643 comm="syz.0.1588" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  610.072665][ T5907] ath6kl: Failed to submit usb control message: -110
[  610.154806][ T5907] ath6kl: unable to send the bmi data to the device: -110
[  610.178772][ T5907] ath6kl: Unable to send get target info: -110
[  610.210128][ T5907] ath6kl: Failed to init ath6kl core: -110
[  610.243707][ T5907] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[  610.291600][   T30] audit: type=1400 audit(1752954012.724:1027): avc:  denied  { listen } for  pid=12666 comm="syz.3.1591" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  610.379401][   T30] audit: type=1400 audit(1752954012.754:1028): avc:  denied  { read } for  pid=12666 comm="syz.3.1591" lport=48049 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  610.450671][T12011] usb 2-1: USB disconnect, device number 50
[  610.561217][ T5907] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  610.619722][   T30] audit: type=1400 audit(1752954013.054:1029): avc:  denied  { connect } for  pid=12674 comm="syz.0.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  610.735898][ T5907] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  610.785827][ T5907] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  610.925098][T12011] usb 5-1: USB disconnect, device number 41
[  610.936772][ T5907] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  610.958271][   T30] audit: type=1400 audit(1752954013.064:1030): avc:  denied  { setopt } for  pid=12674 comm="syz.0.1593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  610.981030][ T5907] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  611.020325][ T5907] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  611.051886][ T5907] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  611.068764][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  611.091389][ T5907] usb 4-1: Product: syz
[  611.100002][ T5907] usb 4-1: Manufacturer: syz
[  611.128623][ T5907] cdc_wdm 4-1:1.0: skipping garbage
[  611.142456][ T5907] cdc_wdm 4-1:1.0: skipping garbage
[  612.409330][ T5907] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  612.415590][ T5907] cdc_wdm 4-1:1.0: Unknown control protocol
[  612.429045][ T5907] usb 4-1: USB disconnect, device number 50
[  612.981232][ T5907] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  613.011233][ T1205] usb 2-1: new full-speed USB device number 51 using dummy_hcd
[  613.115523][   T30] audit: type=1400 audit(1752954015.554:1031): avc:  denied  { append } for  pid=12710 comm="syz.3.1602" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  613.162628][ T5880] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  613.171311][ T5907] usb 6-1: Using ep0 maxpacket: 8
[  613.177736][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  613.190636][ T1205] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  613.203275][ T5907] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  613.213040][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.221647][ T1205] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  613.252300][ T1205] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  613.263408][ T5907] pvrusb2: Hardware description: Terratec Grabster AV400
[  613.270612][ T1205] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  613.279297][ T5907] pvrusb2: **********
[  613.283618][ T5907] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  613.294155][ T1205] usb 2-1: Product: syz
[  613.299232][ T1205] usb 2-1: Manufacturer: syz
[  613.304716][ T5907] pvrusb2: Important functionality might not be entirely working.
[  613.315096][ T1205] usb 2-1: SerialNumber: syz
[  613.326677][ T5907] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  613.338312][ T5907] pvrusb2: **********
[  613.350239][ T1205] usb 2-1: config 0 descriptor??
[  613.357109][T12706] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  613.365511][T12706] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  613.371348][ T5880] usb 5-1: Using ep0 maxpacket: 8
[  613.374092][ T1205] usb 2-1: ucan: probing device on interface #0
[  613.387295][ T5880] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  613.399532][ T5880] usb 5-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[  613.410562][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.424395][ T5880] usb 5-1: config 0 descriptor??
[  613.461074][ T2334] pvrusb2: Invalid write control endpoint
[  613.536956][ T2334] pvrusb2: Invalid write control endpoint
[  613.546318][ T2334] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  613.556922][ T2334] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  613.564878][ T2334] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  613.576407][ T2334] pvrusb2: Device being rendered inoperable
[  613.585728][ T2334] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  613.593464][ T2334] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  613.609871][ T2334] pvrusb2: Attached sub-driver cx25840
[  613.617408][ T2334] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  613.627910][ T2334] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  614.612863][ T1205] usb 2-1: ucan: failed to retrieve device info
[  614.748202][ T1205] usb 2-1: ucan: probe failed; try to update the device firmware
[  614.819916][T12197] usb 6-1: USB disconnect, device number 5
[  614.861011][ T1205] usb 2-1: USB disconnect, device number 51
[  615.248075][   T30] audit: type=1400 audit(1752954017.684:1032): avc:  denied  { ioctl } for  pid=12720 comm="syz.0.1603" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  615.970307][ T1205] usb 5-1: USB disconnect, device number 42
[  616.023896][T12732] xt_CT: You must specify a L4 protocol and not use inversions on it
[  616.382987][   T30] audit: type=1400 audit(1752954018.794:1033): avc:  denied  { write } for  pid=12731 comm="syz.4.1606" dev="9p" ino=4611686018427387906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  616.477878][   T30] audit: type=1400 audit(1752954018.794:1034): avc:  denied  { open } for  pid=12731 comm="syz.4.1606" path="/302/file0" dev="9p" ino=4611686018427387906 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  617.232060][T12744] fuse: Unknown parameter 'uid'
[  617.269638][   T30] audit: type=1400 audit(1752954019.704:1035): avc:  denied  { append } for  pid=12746 comm="syz.5.1612" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  617.348728][T12751] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1611'.
[  617.348803][   T30] audit: type=1400 audit(1752954019.734:1036): avc:  denied  { setopt } for  pid=12746 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  617.883389][T12756] netlink: 'syz.3.1614': attribute type 12 has an invalid length.
[  617.891497][T12756] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.1614'.
[  617.969346][T12767] xt_CT: You must specify a L4 protocol and not use inversions on it
[  618.271551][T12197] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  618.315449][T12756] team0: Unable to change to the same mode the team is in
[  618.327446][T12756] netlink: 'syz.3.1614': attribute type 10 has an invalid length.
[  618.372836][T12756] 8021q: adding VLAN 0 to HW filter on device bond0
[  618.378249][T12765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1614'.
[  618.432301][T12756] team0: Port device bond0 added
[  618.491257][T12197] usb 1-1: Using ep0 maxpacket: 8
[  618.499173][T12197] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  618.509049][T12197] usb 1-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67
[  618.564856][T12197] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  618.616784][T12197] usb 1-1: config 0 descriptor??
[  618.761376][T12765] team0 (unregistering): Port device bond0 removed
[  618.797883][T12784] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1623'.
[  620.974568][T12197] usb 1-1: USB disconnect, device number 43
[  621.185311][T12804] xt_CT: You must specify a L4 protocol and not use inversions on it
[  621.421221][T12197] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  621.704078][T12812] lo speed is unknown, defaulting to 1000
[  621.721072][T12197] usb 2-1: Using ep0 maxpacket: 32
[  622.502970][T12197] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  622.511099][T12197] usb 2-1: config 0 has no interface number 0
[  622.728276][T12197] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  622.774245][T12197] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.823117][T12197] usb 2-1: Product: syz
[  622.936514][T12197] usb 2-1: Manufacturer: syz
[  623.559481][T12197] usb 2-1: SerialNumber: syz
[  623.576095][T12197] usb 2-1: config 0 descriptor??
[  623.592748][T12197] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  623.802570][T12197] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  623.885648][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  623.892111][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  623.919854][T12833] xt_CT: You must specify a L4 protocol and not use inversions on it
[  623.965952][T12197] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  624.400298][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  624.424194][   T30] audit: type=1400 audit(1752954026.834:1037): avc:  denied  { read } for  pid=12802 comm="syz.1.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  624.592238][T12197] usb 2-1: USB disconnect, device number 52
[  624.672643][T12197] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  624.704710][T12197] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  624.727316][T12197] quatech2 2-1:0.51: device disconnected
[  625.871818][T12850] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1638'.
[  626.618837][ T1205] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  626.774996][   T30] audit: type=1400 audit(1752954029.174:1038): avc:  denied  { create } for  pid=12851 comm="syz.0.1640" name="#19" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  626.791193][ T1205] usb 2-1: Using ep0 maxpacket: 32
[  626.799626][   T30] audit: type=1400 audit(1752954029.174:1039): avc:  denied  { link } for  pid=12851 comm="syz.0.1640" name="#19" dev="tmpfs" ino=1773 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  626.835627][ T1205] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  626.848304][ T1205] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  626.868130][ T1205] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  626.909774][ T1205] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  626.917349][   T30] audit: type=1400 audit(1752954029.174:1040): avc:  denied  { rename } for  pid=12851 comm="syz.0.1640" name="#1a" dev="tmpfs" ino=1773 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  626.965553][ T1205] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.552090][T12876] fuse: Bad value for 'fd'
[  627.565516][ T1205] usb 2-1: Product: syz
[  627.591364][ T1205] usb 2-1: Manufacturer: syz
[  627.610362][ T1205] usb 2-1: SerialNumber: syz
[  627.851339][   T30] audit: type=1400 audit(1752954029.184:1041): avc:  denied  { remount } for  pid=12851 comm="syz.0.1640" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  627.888991][ T1205] cdc_ncm 2-1:1.0: skipping garbage
[  627.932362][ T1205] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  627.939186][ T1205] cdc_ncm 2-1:1.0: bind() failure
[  627.967545][T12878] xt_CT: You must specify a L4 protocol and not use inversions on it
[  628.502289][T12883] dvmrp0: left allmulticast mode
[  628.595151][ T1205] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  628.637647][T12888] fuse: Bad value for 'user_id'
[  628.649038][T12889] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1649'.
[  628.659170][T12888] fuse: Bad value for 'user_id'
[  628.685192][T12889] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1649'.
[  628.754443][ T1205] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  628.768771][ T1205] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  628.777258][T12894] netlink: 'syz.0.1650': attribute type 33 has an invalid length.
[  628.786861][T12894] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1650'.
[  628.789235][   T30] audit: type=1400 audit(1752954031.204:1042): avc:  denied  { mount } for  pid=12890 comm="syz.0.1650" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  628.838711][ T1205] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  628.876137][ T1205] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  628.889820][   T30] audit: type=1400 audit(1752954031.274:1043): avc:  denied  { search } for  pid=12890 comm="syz.0.1650" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[  628.913782][ T1205] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  628.930015][   T30] audit: type=1400 audit(1752954031.274:1044): avc:  denied  { append } for  pid=12890 comm="syz.0.1650" name="event3" dev="devtmpfs" ino=1001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  628.984453][ T5942] usb 2-1: USB disconnect, device number 53
[  629.032984][ T1205] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  629.081028][ T1205] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  629.114061][ T1205] usb 5-1: Product: syz
[  629.121293][ T5880] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  629.138027][ T1205] usb 5-1: Manufacturer: syz
[  629.168883][ T1205] cdc_wdm 5-1:1.0: skipping garbage
[  629.189981][ T1205] cdc_wdm 5-1:1.0: skipping garbage
[  629.302566][T12906] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1653'.
[  629.303650][ T1205] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  629.320929][ T1205] cdc_wdm 5-1:1.0: Unknown control protocol
[  629.683822][ T5880] usb 6-1: Using ep0 maxpacket: 16
[  629.722161][ T5880] usb 6-1: config 0 has no interfaces?
[  629.733352][ T5880] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  629.746610][ T1205] usb 5-1: USB disconnect, device number 43
[  629.764503][ T5880] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.799729][ T5880] usb 6-1: Product: syz
[  629.847752][ T5880] usb 6-1: Manufacturer: syz
[  629.867590][ T5880] usb 6-1: SerialNumber: syz
[  629.877726][ T5880] usb 6-1: config 0 descriptor??
[  630.318017][ T5844] Bluetooth: hci5: Malformed LE Event: 0x0d
[  630.681202][ T5942] usb 6-1: USB disconnect, device number 6
[  631.570355][   T30] audit: type=1400 audit(1752954033.524:1045): avc:  denied  { bind } for  pid=12913 comm="syz.1.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  632.072654][T12929] lo speed is unknown, defaulting to 1000
[  633.382562][T12943] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1662'.
[  633.702653][T12946] tipc: New replicast peer: 255.255.255.255
[  633.737606][T12946] tipc: Enabled bearer <udp:syz2>, priority 10
[  633.758934][T12945] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1663'.
[  633.774947][T12948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1661'.
[  633.788070][T12948] tipc: Disabling bearer <udp:syz2>
[  633.850582][T12952] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1664'.
[  638.518997][T12977] lo speed is unknown, defaulting to 1000
[  638.521199][T12011] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  639.621216][T12011] usb 1-1: device not accepting address 44, error -71
[  640.616776][   T30] audit: type=1400 audit(1752954043.054:1046): avc:  denied  { ioctl } for  pid=12985 comm="syz.0.1675" path="socket:[40256]" dev="sockfs" ino=40256 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  640.661899][T12991] xt_CT: You must specify a L4 protocol and not use inversions on it
[  641.458725][T12992] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1675'.
[  642.078832][T13004] tipc: New replicast peer: 255.255.255.255
[  642.090188][T13004] tipc: Enabled bearer <udp:syz2>, priority 10
[  642.111525][T13004] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1670'.
[  642.120649][T13004] tipc: Disabling bearer <udp:syz2>
[  643.765359][T13013] lo speed is unknown, defaulting to 1000
[  644.935865][T13031] lo speed is unknown, defaulting to 1000
[  645.015887][T12197] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  645.220927][T12197] usb 6-1: Using ep0 maxpacket: 32
[  646.317360][   T30] audit: type=1400 audit(1752954048.754:1047): avc:  denied  { append } for  pid=13035 comm="syz.4.1684" name="card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  646.415577][T13040] program syz.4.1684 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  646.432443][T13040] program syz.4.1684 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  646.442081][T13040] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  646.584364][T12197] usb 6-1: config 1 has an invalid interface number: 201 but max is 0
[  646.811143][T12197] usb 6-1: config 1 has no interface number 0
[  646.841262][T12197] usb 6-1: config 1 interface 201 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  648.293391][ T5880] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  649.731195][ T5880] usb 4-1: Using ep0 maxpacket: 8
[  649.745049][ T5880] usb 4-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 32
[  649.760682][ T5880] usb 4-1: config 1 interface 0 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 64
[  649.787657][ T5880] usb 4-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  650.131191][ T5880] usb 4-1: config 1 interface 0 has no altsetting 0
[  650.140093][ T5880] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  650.149739][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  650.158416][ T5880] usb 4-1: Product: Ї
[  650.163121][ T5880] usb 4-1: Manufacturer: 쉩곇﷥ꁱ㸪̽덡钠㿀ಞҒ὚竮᧛罔㟎㸒솉ਁ叐ퟋ祊ꑑ軓眛殴詺䅤鷈蠭鶫蘆점줖촗鏴⮟ꀯ䙟䓋폗諸颟㎍톗㙻骕즄䃮位촵ᑝ둏젊ᴖﳱ份客㙜汮
[  650.269833][ T5880] usb 4-1: SerialNumber: ꣉砭톼޸祐왺緅籅ݻ鬒䔌กᕷ⋌⾍文Ổኲᏸ頀ᑴꆚ嬱뽌鵥暢躭ᬩ鱶쟬Ⓛ豚䳇潈좓♉좂䫀巤㎡㪲것䠎᢫ᡏᑷ븸怢ﲡ⓵妴퀌
[  650.374146][T13045] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  650.391404][T13045] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  650.541211][ T5969] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  650.611788][T13045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1686'.
[  650.613881][   T30] audit: type=1400 audit(1752954053.054:1048): avc:  denied  { ioctl } for  pid=13044 comm="syz.3.1686" path="socket:[40439]" dev="sockfs" ino=40439 ioctlcmd=0x891b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  650.631194][ T5893] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  650.682028][ T5880] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  650.721259][ T5880] usb 4-1: USB disconnect, device number 51
[  650.731203][ T5969] usb 2-1: Using ep0 maxpacket: 8
[  650.738732][ T5969] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  650.748059][ T5969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.816845][ T5969] pvrusb2: Hardware description: Terratec Grabster AV400
[  650.825833][ T5969] pvrusb2: **********
[  650.829855][ T5969] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  650.838428][   T30] audit: type=1400 audit(1752954053.254:1049): avc:  denied  { setopt } for  pid=13060 comm="syz.0.1692" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  650.841204][ T5893] usb 5-1: Using ep0 maxpacket: 16
[  650.866775][ T5969] pvrusb2: Important functionality might not be entirely working.
[  650.875070][ T5969] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  650.897085][ T5969] pvrusb2: **********
[  650.903178][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.951361][ T5893] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  651.062180][ T2334] pvrusb2: Invalid write control endpoint
[  651.224633][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.238818][ T5893] usb 5-1: config 0 descriptor??
[  651.765660][ T5969] usb 2-1: USB disconnect, device number 54
[  651.847114][ T2334] pvrusb2: Invalid write control endpoint
[  651.883060][ T2334] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  651.908614][ T5893] mcp2221 0003:04D8:00DD.000D: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  651.915747][ T2334] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  651.929494][T13072] FAULT_INJECTION: forcing a failure.
[  651.929494][T13072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.943303][ T2334] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  651.954222][ T2334] pvrusb2: Device being rendered inoperable
[  651.960293][T13072] CPU: 1 UID: 0 PID: 13072 Comm: syz.0.1695 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  651.960318][T13072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.960329][T13072] Call Trace:
[  651.960336][T13072]  <TASK>
[  651.960342][T13072]  dump_stack_lvl+0x16c/0x1f0
[  651.960374][T13072]  should_fail_ex+0x512/0x640
[  651.960405][T13072]  _copy_from_user+0x2e/0xd0
[  651.960423][T13072]  kstrtouint_from_user+0xd6/0x1d0
[  651.960446][T13072]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  651.960468][T13072]  ? __lock_acquire+0xb8a/0x1c90
[  651.960488][T13072]  ? __bpf_trace_contention_begin+0xc9/0x110
[  651.960513][T13072]  proc_fail_nth_write+0x83/0x250
[  651.960540][T13072]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  651.960571][T13072]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  651.960595][T13072]  vfs_write+0x2a0/0x1150
[  651.960625][T13072]  ? __pfx___mutex_lock+0x10/0x10
[  651.960642][T13072]  ? __pfx_vfs_write+0x10/0x10
[  651.960676][T13072]  ? __fget_files+0x20e/0x3c0
[  651.960700][T13072]  ksys_write+0x12a/0x250
[  651.960725][T13072]  ? __pfx_ksys_write+0x10/0x10
[  651.960751][T13072]  ? fdget+0x187/0x210
[  651.960771][T13072]  do_syscall_64+0xcd/0x4c0
[  651.960789][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.960811][T13072] RIP: 0033:0x7fbd8358d45f
[  651.960825][T13072] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  651.960842][T13072] RSP: 002b:00007fbd833f7030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  651.960859][T13072] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbd8358d45f
[  651.960871][T13072] RDX: 0000000000000001 RSI: 00007fbd833f70a0 RDI: 0000000000000003
[  651.960881][T13072] RBP: 00007fbd833f7090 R08: 0000000000000000 R09: 0000000000000000
[  651.960892][T13072] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  651.960901][T13072] R13: 0000000000000000 R14: 00007fbd837b5fa0 R15: 00007ffecf4b2ee8
[  651.960927][T13072]  </TASK>
[  651.968403][T13070] dvmrp0: entered allmulticast mode
[  651.973724][ T2334] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  652.189662][T12197] usb 6-1: string descriptor 0 read error: -32
[  652.197520][ T2334] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  652.208774][ T2334] pvrusb2: Attached sub-driver cx25840
[  652.217828][ T2334] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  652.228275][ T2334] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  652.260528][T12197] usb 6-1: New USB device found, idVendor=0b39, idProduct=0109, bcdDevice=25.5b
[  652.314170][T12197] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.394469][T12197] usb 6-1: can't set config #1, error -32
[  652.443598][T13070] dvmrp0: left allmulticast mode
[  652.600454][T13058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  652.632130][T13058] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  652.710928][T13078] overlayfs: failed to resolve './file0': -2
[  653.632363][T12011] usb 5-1: USB disconnect, device number 44
[  654.801342][T13083] lo speed is unknown, defaulting to 1000
[  654.812504][   T30] audit: type=1400 audit(1752954057.234:1050): avc:  denied  { ioctl } for  pid=13085 comm="syz.0.1699" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  654.851579][T13087] fuse: Bad value for 'user_id'
[  654.928960][T13087] fuse: Bad value for 'user_id'
[  654.987886][T13087] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1699'.
[  655.760610][ T5969] usb 6-1: USB disconnect, device number 7
[  656.057011][T13112] xt_CT: You must specify a L4 protocol and not use inversions on it
[  656.201153][T13114] overlayfs: failed to resolve './file0': -2
[  657.498295][T13118] dvmrp0: left allmulticast mode
[  657.843576][T13128] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1708'.
[  657.853144][T13128] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1708'.
[  658.328968][T13130] FAULT_INJECTION: forcing a failure.
[  658.328968][T13130] name failslab, interval 1, probability 0, space 0, times 0
[  658.341295][ T5907] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  658.365396][T13130] CPU: 0 UID: 0 PID: 13130 Comm: syz.1.1710 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  658.365424][T13130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  658.365437][T13130] Call Trace:
[  658.365443][T13130]  <TASK>
[  658.365449][T13130]  dump_stack_lvl+0x16c/0x1f0
[  658.365482][T13130]  should_fail_ex+0x512/0x640
[  658.365508][T13130]  ? fs_reclaim_acquire+0xae/0x150
[  658.365532][T13130]  ? tomoyo_encode2+0x100/0x3e0
[  658.365548][T13130]  should_failslab+0xc2/0x120
[  658.365565][T13130]  __kmalloc_noprof+0xd2/0x510
[  658.365590][T13130]  ? d_absolute_path+0x136/0x1a0
[  658.365617][T13130]  tomoyo_encode2+0x100/0x3e0
[  658.365636][T13130]  tomoyo_encode+0x29/0x50
[  658.365651][T13130]  tomoyo_realpath_from_path+0x18f/0x6e0
[  658.365676][T13130]  tomoyo_path_number_perm+0x245/0x580
[  658.365699][T13130]  ? tomoyo_path_number_perm+0x237/0x580
[  658.365726][T13130]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  658.365752][T13130]  ? find_held_lock+0x2b/0x80
[  658.365805][T13130]  ? find_held_lock+0x2b/0x80
[  658.365826][T13130]  ? hook_file_ioctl_common+0x145/0x410
[  658.365852][T13130]  ? __fget_files+0x20e/0x3c0
[  658.365873][T13130]  security_file_ioctl+0x9b/0x240
[  658.365908][T13130]  __x64_sys_ioctl+0xb7/0x210
[  658.365934][T13130]  do_syscall_64+0xcd/0x4c0
[  658.365952][T13130]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.365970][T13130] RIP: 0033:0x7f6198d8e9a9
[  658.365984][T13130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.366001][T13130] RSP: 002b:00007f6199be8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  658.366018][T13130] RAX: ffffffffffffffda RBX: 00007f6198fb5fa0 RCX: 00007f6198d8e9a9
[  658.366029][T13130] RDX: 00002000000000c0 RSI: 00000000c02c564a RDI: 0000000000000003
[  658.366039][T13130] RBP: 00007f6199be8090 R08: 0000000000000000 R09: 0000000000000000
[  658.366050][T13130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.366060][T13130] R13: 0000000000000000 R14: 00007f6198fb5fa0 R15: 00007fff63876228
[  658.366086][T13130]  </TASK>
[  658.367386][T13130] ERROR: Out of memory at tomoyo_realpath_from_path.
[  658.674386][ T5907] usb 4-1: Using ep0 maxpacket: 8
[  658.675724][T13134] FAULT_INJECTION: forcing a failure.
[  658.675724][T13134] name failslab, interval 1, probability 0, space 0, times 0
[  658.692468][T13134] CPU: 0 UID: 0 PID: 13134 Comm: syz.0.1712 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  658.692491][T13134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  658.692501][T13134] Call Trace:
[  658.692507][T13134]  <TASK>
[  658.692513][T13134]  dump_stack_lvl+0x16c/0x1f0
[  658.692544][T13134]  should_fail_ex+0x512/0x640
[  658.692570][T13134]  ? fs_reclaim_acquire+0xae/0x150
[  658.692593][T13134]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  658.692609][T13134]  should_failslab+0xc2/0x120
[  658.692627][T13134]  __kmalloc_noprof+0xd2/0x510
[  658.692659][T13134]  tomoyo_realpath_from_path+0xc2/0x6e0
[  658.692677][T13134]  ? tomoyo_profile+0x47/0x60
[  658.692699][T13134]  tomoyo_path_number_perm+0x245/0x580
[  658.692722][T13134]  ? tomoyo_path_number_perm+0x237/0x580
[  658.692748][T13134]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  658.692773][T13134]  ? find_held_lock+0x2b/0x80
[  658.692819][T13134]  ? find_held_lock+0x2b/0x80
[  658.692840][T13134]  ? hook_file_ioctl_common+0x145/0x410
[  658.692866][T13134]  ? __fget_files+0x20e/0x3c0
[  658.692886][T13134]  security_file_ioctl+0x9b/0x240
[  658.692914][T13134]  __x64_sys_ioctl+0xb7/0x210
[  658.692938][T13134]  do_syscall_64+0xcd/0x4c0
[  658.692956][T13134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.692973][T13134] RIP: 0033:0x7fbd8358e9a9
[  658.692987][T13134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  658.693003][T13134] RSP: 002b:00007fbd833f7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  658.693019][T13134] RAX: ffffffffffffffda RBX: 00007fbd837b5fa0 RCX: 00007fbd8358e9a9
[  658.693030][T13134] RDX: 0000200000000240 RSI: 00000000c1086201 RDI: 0000000000000003
[  658.693041][T13134] RBP: 00007fbd833f7090 R08: 0000000000000000 R09: 0000000000000000
[  658.693050][T13134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  658.693060][T13134] R13: 0000000000000000 R14: 00007fbd837b5fa0 R15: 00007ffecf4b2ee8
[  658.693084][T13134]  </TASK>
[  658.693090][T13134] ERROR: Out of memory at tomoyo_realpath_from_path.
[  658.727071][ T5907] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  658.915044][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.988293][ T5907] pvrusb2: Hardware description: Terratec Grabster AV400
[  659.008329][ T5907] pvrusb2: **********
[  659.034176][ T5907] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  659.052972][ T5907] pvrusb2: Important functionality might not be entirely working.
[  659.064559][ T5907] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  659.077268][T13146] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1717'.
[  659.092688][ T5907] pvrusb2: **********
[  659.156527][ T2334] pvrusb2: Invalid write control endpoint
[  659.297414][ T2334] pvrusb2: Invalid write control endpoint
[  660.273647][T12197] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  660.311589][ T2334] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  660.336060][ T2334] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  660.431251][T12197] usb 6-1: Using ep0 maxpacket: 8
[  660.442005][T12197] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  660.570709][T12197] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.634559][ T2334] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  660.694440][ T2334] pvrusb2: Device being rendered inoperable
[  660.744075][ T2334] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  660.751650][T12197] pvrusb2: Hardware description: Terratec Grabster AV400
[  660.779048][ T2334] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  660.781117][T12197] pvrusb2: **********
[  660.843493][ T2334] pvrusb2: Attached sub-driver cx25840
[  660.863070][T12197] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  660.867982][ T2334] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  660.886766][ T2334] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  661.042139][T12197] pvrusb2: Important functionality might not be entirely working.
[  661.130217][T12197] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  662.032348][T12197] pvrusb2: **********
[  662.051216][ T2334] pvrusb2: Invalid write control endpoint
[  662.124283][T12197] usb 4-1: USB disconnect, device number 52
[  662.163815][ T2334] pvrusb2: Invalid write control endpoint
[  662.178505][T13163] lo speed is unknown, defaulting to 1000
[  662.263092][ T2334] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  662.293383][ T5969] usb 6-1: USB disconnect, device number 8
[  662.314388][ T2334] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  662.371564][ T2334] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  662.406199][ T2334] pvrusb2: Device being rendered inoperable
[  662.415167][ T2334] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  663.377702][ T2334] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  663.386245][ T2334] pvrusb2: Attached sub-driver cx25840
[  663.391852][ T2334] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  663.401995][ T2334] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  663.511356][T13178] veth0_vlan: entered allmulticast mode
[  664.510826][T13197] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1728'.
[  665.184174][T13194] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1726'.
[  665.235321][T13202] dvmrp0: entered allmulticast mode
[  665.355280][T13202] dvmrp0: left allmulticast mode
[  665.435596][T13206] can: request_module (can-proto-0) failed.
[  665.456672][T13211] IPVS: length: 144 != 24
[  665.594737][T13211] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1732'.
[  665.603837][T13211] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1732'.
[  665.639934][T13211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1732'.
[  665.673120][   T30] audit: type=1400 audit(1752954068.114:1051): avc:  denied  { connect } for  pid=13215 comm="syz.3.1734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  667.557503][ T5846] Bluetooth: hci5: command 0x0406 tx timeout
[  667.717212][T13231] netlink: del zone limit has 4 unknown bytes
[  667.802924][T13234] xt_CT: You must specify a L4 protocol and not use inversions on it
[  668.408295][T13241] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1741'.
[  668.574838][   T30] audit: type=1400 audit(1752954071.014:1052): avc:  denied  { read write } for  pid=13242 comm="syz.4.1742" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  669.010084][   T30] audit: type=1400 audit(1752954071.044:1053): avc:  denied  { open } for  pid=13242 comm="syz.4.1742" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  669.033560][    C0] vkms_vblank_simulate: vblank timer overrun
[  669.084945][T13243] trusted_key: encrypted_key: hex blob is missing
[  669.242202][T13250] dvmrp0: entered allmulticast mode
[  670.407657][   T30] audit: type=1400 audit(1752954072.834:1054): avc:  denied  { append } for  pid=13257 comm="syz.0.1748" name="001" dev="devtmpfs" ino=742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  670.543907][T13250] dvmrp0: left allmulticast mode
[  670.745867][   T30] audit: type=1400 audit(1752954072.954:1055): avc:  denied  { getopt } for  pid=13257 comm="syz.0.1748" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  671.258930][T13262] pim6reg: entered allmulticast mode
[  671.317789][T13267] pim6reg: left allmulticast mode
[  671.808174][   T30] audit: type=1400 audit(1752954074.244:1056): avc:  denied  { read } for  pid=13271 comm="syz.0.1752" path="socket:[40890]" dev="sockfs" ino=40890 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  672.002575][T13260] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1747'.
[  673.006307][T13283] netlink: 240 bytes leftover after parsing attributes in process `syz.0.1752'.
[  673.064867][ T5907] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  673.611666][ T5893] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  673.744847][ T5907] usb 6-1: device descriptor read/64, error -71
[  673.804921][ T5893] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  673.831635][ T5893] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  673.851189][ T5893] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  673.861234][ T5893] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  673.884901][ T5893] usb 5-1: config 0 descriptor??
[  673.951646][T12197] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  674.012102][ T5907] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  674.130892][T13292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1757'.
[  674.166026][T12197] usb 1-1: config 0 has no interfaces?
[  674.171454][ T5907] usb 6-1: device descriptor read/64, error -71
[  674.172995][T12197] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  674.231389][T12197] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  674.257019][T12197] usb 1-1: config 0 descriptor??
[  674.291637][ T5907] usb usb6-port1: attempt power cycle
[  674.368458][T13297] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1759'.
[  674.450672][T13299] binder: 13289:13299 ioctl 4018620d 0 returned -22
[  674.631551][ T5907] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  674.661948][ T5907] usb 6-1: device descriptor read/8, error -71
[  674.827184][T13305] dvmrp0: entered allmulticast mode
[  674.843874][T13305] dvmrp0: left allmulticast mode
[  674.901269][ T5907] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  674.915631][T13308] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1762'.
[  674.953804][ T5907] usb 6-1: device descriptor read/8, error -71
[  675.002601][ T5893] ath6kl: Failed to submit usb control message: -110
[  675.023676][ T5893] ath6kl: unable to send the bmi data to the device: -110
[  675.034888][ T5893] ath6kl: Unable to send get target info: -110
[  675.049618][ T5893] ath6kl: Failed to init ath6kl core: -110
[  675.067299][ T5893] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110
[  675.081609][ T5907] usb usb6-port1: unable to enumerate USB device
[  676.111328][ T5942] usb 5-1: USB disconnect, device number 45
[  676.271893][ T1205] usb 1-1: USB disconnect, device number 46
[  676.631192][ T5907] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  677.281454][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  677.291270][ T5907] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  677.304547][ T5907] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  677.336353][ T5907] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  677.360412][ T5907] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  677.413894][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.525247][ T5907] usb 2-1: Product: syz
[  677.529751][ T5907] usb 2-1: Manufacturer: syz
[  677.606822][ T5907] usb 2-1: SerialNumber: syz
[  677.678402][ T5907] cdc_ncm 2-1:1.0: skipping garbage
[  677.688332][T13324] openvswitch: netlink: Flow key attr not present in new flow.
[  677.705202][ T5907] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  677.720267][ T5907] cdc_ncm 2-1:1.0: bind() failure
[  677.789536][T13332] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1768'.
[  678.976058][ T1205] usb 2-1: USB disconnect, device number 55
[  679.133377][T13354] netlink: 1 bytes leftover after parsing attributes in process `syz.3.1776'.
[  679.431255][ T5893] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  680.086457][ T5893] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA4, changing to 0x84
[  680.155336][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  680.217164][ T5893] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  680.480155][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.563537][T13361] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=13361 comm=syz.5.1777
[  680.587596][ T5893] usb 1-1: config 0 descriptor??
[  680.595069][T13361] FAULT_INJECTION: forcing a failure.
[  680.595069][T13361] name failslab, interval 1, probability 0, space 0, times 0
[  680.620290][T13361] CPU: 1 UID: 0 PID: 13361 Comm: syz.5.1777 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  680.620316][T13361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.620325][T13361] Call Trace:
[  680.620331][T13361]  <TASK>
[  680.620337][T13361]  dump_stack_lvl+0x16c/0x1f0
[  680.620368][T13361]  should_fail_ex+0x512/0x640
[  680.620393][T13361]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  680.620421][T13361]  should_failslab+0xc2/0x120
[  680.620439][T13361]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  680.620463][T13361]  ? __dev_queue_xmit+0x8b7/0x43e0
[  680.620486][T13361]  ? __alloc_skb+0x2b2/0x380
[  680.620516][T13361]  __alloc_skb+0x2b2/0x380
[  680.620541][T13361]  ? __pfx___alloc_skb+0x10/0x10
[  680.620566][T13361]  ? __pfx___dev_queue_xmit+0x10/0x10
[  680.620597][T13361]  netlink_ack+0x15d/0xb80
[  680.620616][T13361]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  680.620644][T13361]  netlink_rcv_skb+0x332/0x420
[  680.620664][T13361]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  680.620691][T13361]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  680.620721][T13361]  ? netlink_deliver_tap+0x1ae/0xd30
[  680.620751][T13361]  netlink_unicast+0x58d/0x850
[  680.620778][T13361]  ? __pfx_netlink_unicast+0x10/0x10
[  680.620805][T13361]  netlink_sendmsg+0x8d1/0xdd0
[  680.620827][T13361]  ? __pfx_netlink_sendmsg+0x10/0x10
[  680.620856][T13361]  __sys_sendto+0x4a3/0x520
[  680.620880][T13361]  ? __pfx___sys_sendto+0x10/0x10
[  680.620913][T13361]  ? find_held_lock+0x2b/0x80
[  680.620949][T13361]  __x64_sys_sendto+0xe0/0x1c0
[  680.620973][T13361]  ? do_syscall_64+0x91/0x4c0
[  680.620989][T13361]  ? lockdep_hardirqs_on+0x7c/0x110
[  680.621014][T13361]  do_syscall_64+0xcd/0x4c0
[  680.621032][T13361]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.621051][T13361] RIP: 0033:0x7f048059083c
[  680.621065][T13361] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  680.621082][T13361] RSP: 002b:00007f0481468ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  680.621098][T13361] RAX: ffffffffffffffda RBX: 00007f0481468fc0 RCX: 00007f048059083c
[  680.621110][T13361] RDX: 0000000000000020 RSI: 00007f0481469010 RDI: 0000000000000003
[  680.621120][T13361] RBP: 0000000000000000 R08: 00007f0481468f14 R09: 000000000000000c
[  680.621130][T13361] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003
[  680.621139][T13361] R13: 00007f0481468f68 R14: 00007f0481469010 R15: 0000000000000000
[  680.621162][T13361]  </TASK>
[  680.864523][    C1] vkms_vblank_simulate: vblank timer overrun
[  681.385896][T13365] binder: 13346:13365 ioctl 4018620d 0 returned -22
[  681.515646][   T30] audit: type=1400 audit(1752954083.954:1057): avc:  denied  { write } for  pid=13371 comm="syz.5.1780" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  681.630393][T13369] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11)
[  681.637006][T13369] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  681.645013][T13369] vhci_hcd vhci_hcd.0: Device attached
[  681.657208][ T5893] ath6kl: Failed to submit usb control message: -110
[  681.666209][ T5893] ath6kl: unable to send the bmi data to the device: -110
[  681.673885][T13375] vhci_hcd: connection closed
[  681.674513][ T5893] ath6kl: Unable to send get target info: -110
[  681.688708][ T3445] vhci_hcd: stop threads
[  681.693299][ T3445] vhci_hcd: release socket
[  681.698773][ T3445] vhci_hcd: disconnect device
[  681.711494][ T5893] ath6kl: Failed to init ath6kl core: -110
[  681.718007][ T5893] ath6kl_usb 1-1:0.0: probe with driver ath6kl_usb failed with error -110
[  681.831406][ T5969] usb 6-1: new full-speed USB device number 13 using dummy_hcd
[  682.002928][T12197] usb 1-1: USB disconnect, device number 47
[  682.104721][ T5969] usb 6-1: config 1 has an invalid interface number: 58 but max is 0
[  682.192940][ T5969] usb 6-1: config 1 has no interface number 0
[  682.256789][ T5969] usb 6-1: config 1 interface 58 has no altsetting 0
[  682.289344][ T5969] usb 6-1: New USB device found, idVendor=0b48, idProduct=3006, bcdDevice=fc.3c
[  682.300043][ T5969] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.324528][ T5969] usb 6-1: Product: syz
[  682.457629][ T5969] usb 6-1: Manufacturer: syz
[  683.521781][ T5969] usb 6-1: SerialNumber: syz
[  683.975996][ T5969] dvb-usb: found a 'Technotrend TT-connect S-2400' in warm state.
[  683.984780][ T5969] dvb-usb: bulk message failed: -22 (4/0)
[  683.990937][ T5969] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  684.003421][ T5969] dvb-usb: bulk message failed: -22 (5/0)
[  684.009166][ T5969] ttusb2: there might have been an error during control message transfer. (rlen = 0, was 0)
[  684.089266][ T5969] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  684.164011][ T5969] dvb-usb: Technotrend TT-connect S-2400 error while loading driver (-19)
[  684.179977][T13402] dvmrp0: entered allmulticast mode
[  684.187228][ T5969] usb 6-1: USB disconnect, device number 13
[  684.193348][T13059] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  684.269745][   T30] audit: type=1400 audit(1752954086.704:1058): avc:  denied  { write } for  pid=13403 comm="syz.4.1791" path="socket:[42101]" dev="sockfs" ino=42101 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  684.421199][T13059] usb 2-1: Using ep0 maxpacket: 32
[  684.430216][T13059] usb 2-1: config 0 interface 0 has no altsetting 0
[  684.441729][T13059] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00
[  684.450788][T13059] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  684.467412][T13059] usb 2-1: config 0 descriptor??
[  684.751804][ T5969] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  685.006890][ T1205] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  685.022598][ T5969] usb 4-1: Using ep0 maxpacket: 8
[  685.066883][ T5969] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  685.095135][ T5969] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  685.104554][ T5969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.125264][ T5969] usb 4-1: config 0 descriptor??
[  685.171234][ T1205] usb 6-1: Using ep0 maxpacket: 16
[  685.179088][ T1205] usb 6-1: config 0 has no interfaces?
[  685.188029][ T1205] usb 6-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  685.197530][ T1205] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.205686][ T1205] usb 6-1: Product: syz
[  685.209953][ T1205] usb 6-1: Manufacturer: syz
[  685.216549][ T1205] usb 6-1: SerialNumber: syz
[  685.296047][ T1205] usb 6-1: config 0 descriptor??
[  685.297358][T13059] corsair-psu 0003:1B1C:1C0D.000E: unknown main item tag 0x0
[  685.324038][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  685.330606][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.374595][T13059] corsair-psu 0003:1B1C:1C0D.000E: unknown main item tag 0x0
[  685.385683][T13059] corsair-psu 0003:1B1C:1C0D.000E: unknown main item tag 0x0
[  685.400337][T13059] corsair-psu 0003:1B1C:1C0D.000E: unknown main item tag 0x0
[  685.409390][ T5969] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  685.423725][T13059] corsair-psu 0003:1B1C:1C0D.000E: unknown main item tag 0x0
[  685.453662][T13059] corsair-psu 0003:1B1C:1C0D.000E: hidraw0: USB HID v0.05 Device [HID 1b1c:1c0d] on usb-dummy_hcd.1-1/input0
[  685.614347][ T5844] Bluetooth: hci5: Malformed LE Event: 0x0d
[  685.700039][   T30] audit: type=1400 audit(1752954088.124:1059): avc:  denied  { read } for  pid=13393 comm="syz.1.1787" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  685.918059][   T30] audit: type=1400 audit(1752954088.124:1060): avc:  denied  { open } for  pid=13393 comm="syz.1.1787" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  685.954077][T13059] corsair-psu 0003:1B1C:1C0D.000E: unable to initialize device (-110)
[  685.963692][ T5844] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  686.018270][ T5969] usb 6-1: USB disconnect, device number 14
[  686.025887][T13059] corsair-psu 0003:1B1C:1C0D.000E: probe with driver corsair-psu failed with error -110
[  686.048636][   T30] audit: type=1400 audit(1752954088.124:1061): avc:  denied  { ioctl } for  pid=13393 comm="syz.1.1787" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  686.102754][T13059] usb 2-1: USB disconnect, device number 56
[  686.819038][   T30] audit: type=1400 audit(1752954089.254:1062): avc:  denied  { setopt } for  pid=13434 comm="syz.5.1800" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  687.501173][ T1205] usb 4-1: USB disconnect, device number 53
[  687.551464][T13059] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  687.801338][T13059] usb 2-1: Using ep0 maxpacket: 8
[  687.808724][T13059] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  687.822394][T13059] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  687.954914][T13452] overlayfs: failed to resolve './file0': -2
[  688.005635][T13451] netlink: 'syz.3.1806': attribute type 15 has an invalid length.
[  688.013746][T13451] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1806'.
[  688.783576][T13059] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  688.801689][T13059] usb 2-1: config 0 descriptor??
[  689.072046][T13059] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  689.248578][T13460] syz_tun: entered allmulticast mode
[  689.353501][T13462] overlayfs: failed to resolve './file0': -2
[  690.261895][ T7592] Bluetooth: hci4: Frame reassembly failed (-84)
[  692.271239][ T5846] Bluetooth: hci4: command 0x1003 tx timeout
[  692.435074][ T5844] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  692.459633][T13458] syz_tun: left allmulticast mode
[  692.556568][T13479] dvmrp0: entered allmulticast mode
[  692.659227][ T1205] usb 2-1: USB disconnect, device number 57
[  695.187170][T13496] overlayfs: failed to resolve './file0': -2
[  696.379581][T13503] netlink: 1 bytes leftover after parsing attributes in process `syz.1.1821'.
[  703.181070][    C1] sched: DL replenish lagged too much
[  747.472064][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  747.611967][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  808.302692][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  808.314862][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  834.940973][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  834.947951][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P1205/1:b..l
[  834.956352][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=50893, q=1370 ncpus=2)
[  834.964153][    C1] task:kworker/1:2     state:R  running task     stack:23336 pid:1205  tgid:1205  ppid:2      task_flags:0x4288060 flags:0x00004000
[  834.978830][    C1] Workqueue: events pcpu_balance_workfn
[  834.984419][    C1] Call Trace:
[  834.987712][    C1]  <TASK>
[  834.990645][    C1]  __schedule+0x116a/0x5de0
[  834.995154][    C1]  ? preempt_schedule_irq+0x51/0x90
[  835.000330][    C1]  ? irqentry_exit+0x36/0x90
[  835.004903][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  835.011074][    C1]  ? __pfx___schedule+0x10/0x10
[  835.015931][    C1]  ? __lock_acquire+0x622/0x1c90
[  835.020875][    C1]  ? mark_held_locks+0x49/0x80
[  835.025639][    C1]  preempt_schedule_irq+0x51/0x90
[  835.030671][    C1]  irqentry_exit+0x36/0x90
[  835.035085][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  835.041065][    C1] RIP: 0010:unwind_next_frame+0xc53/0x20a0
[  835.046864][    C1] Code: 00 00 00 fc ff df 48 c1 e8 03 0f b6 34 10 49 8d 40 01 48 89 c7 48 c1 ef 03 0f b6 14 17 4c 89 c7 83 e7 07 40 38 fe 40 0f 9e c7 <40> 84 f6 40 0f 95 c6 40 84 f7 0f 85 e3 10 00 00 83 e0 07 38 c2 40
[  835.066466][    C1] RSP: 0018:ffffc900041ef720 EFLAGS: 00000297
[  835.072539][    C1] RAX: ffffffff914b6daf RBX: 0000000000000001 RCX: ffffffff914b6daa
[  835.080514][    C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001
[  835.088481][    C1] RBP: ffffc900041ef7d8 R08: ffffffff914b6dae R09: 0000000000000000
[  835.096530][    C1] R10: 0000000000000000 R11: 00000000000110b0 R12: ffffc900041ef7e0
[  835.104483][    C1] R13: ffffc900041ef790 R14: ffffc900041efb28 R15: ffffc900041ef7c4
[  835.112472][    C1]  ? vfree+0x1fd/0xb50
[  835.116556][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  835.122720][    C1]  arch_stack_walk+0x94/0x100
[  835.127406][    C1]  ? pcpu_balance_free+0x5fb/0xaf0
[  835.132527][    C1]  stack_trace_save+0x8e/0xc0
[  835.137206][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  835.142602][    C1]  ? __lock_acquire+0x622/0x1c90
[  835.147544][    C1]  save_stack+0x160/0x1f0
[  835.151866][    C1]  ? __pfx_save_stack+0x10/0x10
[  835.156725][    C1]  ? __free_frozen_pages+0x7fe/0x1180
[  835.162109][    C1]  ? vfree+0x1fd/0xb50
[  835.166188][    C1]  ? page_ext_put+0x3e/0xd0
[  835.170706][    C1]  __reset_page_owner+0x84/0x1a0
[  835.175658][    C1]  __free_frozen_pages+0x7fe/0x1180
[  835.180869][    C1]  vfree+0x1fd/0xb50
[  835.184770][    C1]  ? kfree+0x2b4/0x4d0
[  835.188839][    C1]  ? pcpu_balance_free+0x5c6/0xaf0
[  835.193949][    C1]  pcpu_balance_free+0x5fb/0xaf0
[  835.198875][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  835.203899][    C1]  ? __pfx_pcpu_balance_free+0x10/0x10
[  835.209357][    C1]  ? __pcpu_chunk_move+0x142/0x440
[  835.214482][    C1]  pcpu_balance_workfn+0x9c2/0xe00
[  835.219614][    C1]  process_one_work+0x9cf/0x1b70
[  835.224564][    C1]  ? __pfx_process_one_work+0x10/0x10
[  835.229949][    C1]  ? assign_work+0x1a0/0x250
[  835.234546][    C1]  worker_thread+0x6c8/0xf10
[  835.239154][    C1]  ? __pfx_worker_thread+0x10/0x10
[  835.244266][    C1]  kthread+0x3c5/0x780
[  835.248325][    C1]  ? __pfx_kthread+0x10/0x10
[  835.252903][    C1]  ? rcu_is_watching+0x12/0xc0
[  835.257671][    C1]  ? __pfx_kthread+0x10/0x10
[  835.262259][    C1]  ret_from_fork+0x5d4/0x6f0
[  835.266856][    C1]  ? __pfx_kthread+0x10/0x10
[  835.271442][    C1]  ret_from_fork_asm+0x1a/0x30
[  835.276221][    C1]  </TASK>
[  835.279235][    C1] rcu: rcu_preempt kthread starved for 7648 jiffies! g50893 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  835.290337][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  835.300319][    C1] rcu: RCU grace-period kthread stack dump:
[  835.306196][    C1] task:rcu_preempt     state:R  running task     stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  835.319709][    C1] Call Trace:
[  835.322985][    C1]  <TASK>
[  835.325920][    C1]  __schedule+0x116a/0x5de0
[  835.330449][    C1]  ? __pfx___schedule+0x10/0x10
[  835.335316][    C1]  ? find_held_lock+0x2b/0x80
[  835.339997][    C1]  ? schedule+0x2d7/0x3a0
[  835.344331][    C1]  schedule+0xe7/0x3a0
[  835.348383][    C1]  schedule_timeout+0x123/0x290
[  835.353221][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  835.358612][    C1]  ? __pfx_process_timeout+0x10/0x10
[  835.363888][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  835.369698][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  835.375862][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  835.380626][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  835.385908][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  835.391114][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  835.396040][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  835.400862][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  835.406656][    C1]  rcu_gp_kthread+0x270/0x380
[  835.411337][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  835.416531][    C1]  ? rcu_is_watching+0x12/0xc0
[  835.421301][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  835.426508][    C1]  ? __kthread_parkme+0x19e/0x250
[  835.431535][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  835.436731][    C1]  kthread+0x3c5/0x780
[  835.440797][    C1]  ? __pfx_kthread+0x10/0x10
[  835.445376][    C1]  ? rcu_is_watching+0x12/0xc0
[  835.450113][    C1]  ? __pfx_kthread+0x10/0x10
[  835.454698][    C1]  ret_from_fork+0x5d4/0x6f0
[  835.459293][    C1]  ? __pfx_kthread+0x10/0x10
[  835.463879][    C1]  ret_from_fork_asm+0x1a/0x30
[  835.468656][    C1]  </TASK>
[  835.471668][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  835.477987][    C1] Sending NMI from CPU 1 to CPUs 0:
[  835.483186][    C0] NMI backtrace for cpu 0
[  835.483197][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc6-syzkaller-00253-g4871b7cb27f4 #0 PREEMPT(full) 
[  835.483214][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  835.483222][    C0] RIP: 0010:__local_bh_disable_ip+0x1c/0xd0
[  835.483241][    C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 55 53 89 f3 65 8b 05 a1 0e 53 12 a9 00 00 0f 00 0f 85 9d 00 00 00 9c 5d <fa> 65 01 1d 8c 0e 53 12 65 8b 05 85 0e 53 12 31 d8 f6 c4 ff 74 27
[  835.483254][    C0] RSP: 0018:ffffc900000070e8 EFLAGS: 00000246
[  835.483266][    C0] RAX: 0000000080000101 RBX: 0000000000000200 RCX: ffffffff8a35fd89
[  835.483275][    C0] RDX: ffffffff8e297780 RSI: 0000000000000200 RDI: ffffffff8a35fda3
[  835.483284][    C0] RBP: 0000000000000246 R08: 0000000000000001 R09: 0000000000000000
[  835.483292][    C0] R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
[  835.483300][    C0] R13: 1ffff92000000e24 R14: 0000000000000080 R15: ffffc90000007180
[  835.483309][    C0] FS:  0000000000000000(0000) GS:ffff888124722000(0000) knlGS:0000000000000000
[  835.483324][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  835.483334][    C0] CR2: 000055556908d5c8 CR3: 00000000310fd000 CR4: 00000000003526f0
[  835.483343][    C0] Call Trace:
[  835.483348][    C0]  <IRQ>
[  835.483353][    C0]  ip6_pol_route+0x358/0x1230
[  835.483373][    C0]  ? __pfx_ip6_pol_route+0x10/0x10
[  835.483389][    C0]  ? kasan_save_stack+0x42/0x60
[  835.483408][    C0]  ? kasan_save_stack+0x33/0x60
[  835.483425][    C0]  ? __kasan_slab_alloc+0x89/0x90
[  835.483436][    C0]  ? kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  835.483456][    C0]  ? kmalloc_reserve+0x18b/0x2c0
[  835.483473][    C0]  ? nft_do_chain_inet+0x18a/0x340
[  835.483488][    C0]  ? nf_hook_slow+0xbe/0x200
[  835.483507][    C0]  ? nf_hook.constprop.0+0x422/0x750
[  835.483528][    C0]  ? ip6_input+0xe0/0x2f0
[  835.483544][    C0]  ? ipv6_rcv+0x265/0x680
[  835.483559][    C0]  ? __netif_receive_skb+0x1d/0x160
[  835.483578][    C0]  ? __pfx_ip6_pol_route_output+0x10/0x10
[  835.483592][    C0]  fib6_rule_lookup+0x24c/0x720
[  835.483609][    C0]  ? __pfx_fib6_rule_lookup+0x10/0x10
[  835.483623][    C0]  ? x86_64_start_reservations+0x18/0x30
[  835.483644][    C0]  ? x86_64_start_kernel+0x130/0x190
[  835.483661][    C0]  ? common_startup_64+0x13e/0x148
[  835.483677][    C0]  ? lock_acquire+0x179/0x350
[  835.483693][    C0]  ip6_route_output_flags+0x1d0/0x640
[  835.483709][    C0]  __nf_ip6_route+0x4c/0xe0
[  835.483723][    C0]  synproxy_send_tcp_ipv6+0x365/0x680
[  835.483738][    C0]  ? __pfx_cookie_hash.isra.0+0x10/0x10
[  835.483755][    C0]  ? __pfx_synproxy_send_tcp_ipv6+0x10/0x10
[  835.483773][    C0]  ? __cookie_v6_init_sequence+0x2d3/0x3c0
[  835.483791][    C0]  synproxy_send_client_synack_ipv6+0x635/0x7e0
[  835.483808][    C0]  ? __pfx_synproxy_send_client_synack_ipv6+0x10/0x10
[  835.483823][    C0]  ? nft_socket_eval+0x594/0xb20
[  835.483840][    C0]  nft_synproxy_do_eval+0x93b/0xd80
[  835.483859][    C0]  ? __pfx_nft_synproxy_do_eval+0x10/0x10
[  835.483879][    C0]  ? __pfx___cant_migrate+0x10/0x10
[  835.483898][    C0]  ? __pfx_nft_synproxy_eval+0x10/0x10
[  835.483916][    C0]  nft_do_chain+0x2e9/0x1920
[  835.483932][    C0]  ? ip6t_do_table+0xbf5/0x1c30
[  835.483948][    C0]  ? __local_bh_enable_ip+0xa4/0x120
[  835.483967][    C0]  ? __pfx_nft_do_chain+0x10/0x10
[  835.483991][    C0]  ? __pfx_nf_nat_ipv6_fn+0x10/0x10
[  835.484010][    C0]  nft_do_chain_inet+0x18a/0x340
[  835.484025][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  835.484039][    C0]  ? nf_nat_ipv6_local_in+0x3ad/0x6b0
[  835.484059][    C0]  ? lock_acquire+0x179/0x350
[  835.484072][    C0]  ? __pfx_nft_do_chain_inet+0x10/0x10
[  835.484086][    C0]  nf_hook_slow+0xbe/0x200
[  835.484106][    C0]  nf_hook.constprop.0+0x422/0x750
[  835.484122][    C0]  ? __pfx_ip6_input_finish+0x10/0x10
[  835.484139][    C0]  ? __pfx_nf_hook.constprop.0+0x10/0x10
[  835.484157][    C0]  ? __pfx_ip6_input_finish+0x10/0x10
[  835.484177][    C0]  ip6_input+0xe0/0x2f0
[  835.484193][    C0]  ? __pfx_ip6_input+0x10/0x10
[  835.484209][    C0]  ipv6_rcv+0x265/0x680
[  835.484226][    C0]  ? __pfx_ipv6_rcv+0x10/0x10
[  835.484242][    C0]  __netif_receive_skb_one_core+0x12d/0x1e0
[  835.484260][    C0]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[  835.484279][    C0]  ? lock_acquire+0x179/0x350
[  835.484293][    C0]  ? process_backlog+0x3f0/0x15e0
[  835.484310][    C0]  __netif_receive_skb+0x1d/0x160
[  835.484328][    C0]  process_backlog+0x442/0x15e0
[  835.484349][    C0]  __napi_poll.constprop.0+0xb7/0x550
[  835.484367][    C0]  ? rcu_is_watching+0x12/0xc0
[  835.484384][    C0]  net_rx_action+0xa9f/0xfe0
[  835.484406][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  835.484424][    C0]  ? sched_balance_domains+0x283/0xee0
[  835.484450][    C0]  handle_softirqs+0x219/0x8e0
[  835.484468][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  835.484486][    C0]  __irq_exit_rcu+0x109/0x170
[  835.484501][    C0]  irq_exit_rcu+0x9/0x30
[  835.484520][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  835.484539][    C0]  </IRQ>
[  835.484543][    C0]  <TASK>
[  835.484548][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  835.484564][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  835.484583][    C0] Code: 8b 6d 02 e9 83 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 a9 23 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  835.484596][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6
[  835.484606][    C0] RAX: 0000000004488495 RBX: 0000000000000000 RCX: ffffffff8b866c99
[  835.484615][    C0] RDX: 0000000000000000 RSI: ffffffff8de2fdb9 RDI: ffffffff8c1572e0
[  835.484623][    C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645
[  835.484632][    C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000
[  835.484640][    C0] R13: ffffffff8e297780 R14: ffffffff90a93e50 R15: 0000000000000000
[  835.484652][    C0]  ? ct_kernel_exit+0x139/0x190
[  835.484667][    C0]  default_idle+0x13/0x20
[  835.484680][    C0]  default_idle_call+0x6d/0xb0
[  835.484693][    C0]  do_idle+0x391/0x510
[  835.484711][    C0]  ? __pfx_do_idle+0x10/0x10
[  835.484728][    C0]  ? trace_sched_exit_tp+0x31/0x130
[  835.484748][    C0]  cpu_startup_entry+0x4f/0x60
[  835.484765][    C0]  rest_init+0x16b/0x2b0
[  835.484779][    C0]  ? acpi_subsystem_init+0x133/0x180
[  835.484796][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  835.484809][    C0]  start_kernel+0x3ee/0x4d0
[  835.484828][    C0]  x86_64_start_reservations+0x18/0x30
[  835.484847][    C0]  x86_64_start_kernel+0x130/0x190
[  835.484866][    C0]  common_startup_64+0x13e/0x148
[  835.484884][    C0]  </TASK>