last executing test programs:

7.847726004s ago: executing program 0 (id=2567):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe9f}}]}}, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100002439da20cd061201a2d20102030109021b0001000000000904000001717ffe000905a1"], 0x0)
syz_usb_connect(0x0, 0xdd, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xc4, 0xb8, 0x68, 0x8, 0x2357, 0x109, 0xbdda, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0xff, 0xff, 0xff}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x1, &(0x7f00000000c0)="cc")
syz_usb_disconnect(r0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000180)={0x0, 0x8, 0x1, "b6"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)

6.936423403s ago: executing program 2 (id=2572):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000020006600000008000300", @ANYRES32=r2, @ANYBLOB="080026006c09000008009f00010000000800b700"], 0x34}}, 0x0) (fail_nth: 1)

6.892400825s ago: executing program 1 (id=2573):
syz_usb_connect(0x5, 0x41, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000d22a6640da0320283c520000000109022f0001000000000904000000ef0401"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usb_connect(0x7, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x3)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r1, 0x10, &(0x7f0000000000)={0xfffffffff8000000})

4.689712055s ago: executing program 3 (id=2574):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2000000001080500000000000000000007000000090001"], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x20000014)

4.673924575s ago: executing program 2 (id=2575):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=r0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff) (async)
r2 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0) (async)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f00000000c0)={0x6, 0x7fff, 0x8, 0xfffa, 0xb, 0x30})
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
prctl$PR_SET_IO_FLUSHER(0x39, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000440)={0x5, 0x20000008b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 32)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async)
unshare(0x2c020400) (async)
r7 = syz_io_uring_setup(0x7e5a, &(0x7f0000000240)={0x0, 0x5884, 0x100, 0x0, 0x361}, &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000000)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r4, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r7, 0x351e, 0x483, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0) (async)
r10 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r10, &(0x7f0000001d80)='.\x00', 0x8000, &(0x7f0000001dc0)={0x1, 0x70, 0x20000}, 0x20)

4.62813968s ago: executing program 4 (id=2576):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="200000003e00010326bd700200dcde2503"], 0x20}}, 0x8004)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000680)={0x1d8, r2, 0x20, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x5c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0xfffffffffffffd02, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}]}]}, @TIPC_NLA_BEARER={0x8c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'eth', 0x3a, 'geneve0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x1, @mcast2, 0x8}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x3, @empty, 0xf8d}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1e}}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast1}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x10001}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA={0xb8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xed0}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ad}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x4005}, 0x24000000)

4.610882314s ago: executing program 3 (id=2577):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xa, 0x4, 0xdd, 0xa}, 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x39, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)

4.549627201s ago: executing program 4 (id=2578):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = dup(r0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000000206030000000000fffff000000000000900020073797a32000000000500040000000000050005000200000012000300686173683a6e65742c706f727400000005000100070000000c00078008001240"], 0x58}}, 0x0)

4.526283866s ago: executing program 3 (id=2579):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x40, r2, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x25}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000) (fail_nth: 1)

4.453214853s ago: executing program 4 (id=2580):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)={0x40, r2, 0x1, 0x70bd2c, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x2, 0x25}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x980}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xd}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x4040000)

4.252330626s ago: executing program 3 (id=2581):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120141014813442024040075ee69e30103010902240001000010000904b8070296d1ca000905060200020d0006090582020002"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000280)={0x0, 0xf, 0x6, "54f710401d2c"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000ac0)={0x44, &(0x7f00000007c0)={0x0, 0x15, 0x53, "b34c553c79244740b017fb09336968312094657e9f90f1d7110e4e3b3da391da2433715cd0a17998f01ec2dc8dc9b4cbedf5053991160008a53ef9f4573592d5e2906a5185ada38bfbb10215d58e7564576799"}, &(0x7f0000000700)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x8a}, &(0x7f00000008c0)={0x20, 0x81, 0x3, "ce94a0"}, &(0x7f00000009c0)={0x20, 0x82, 0x2, "e949"}, &(0x7f0000000a00)={0x20, 0x83, 0x3, "e49238"}, &(0x7f0000000b40)=ANY=[@ANYBLOB="2084025a330df0e500000035f3"], &(0x7f0000000a80)={0x20, 0x85, 0x3, "c99b1b"}})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)={0x40, 0xd, 0x4, "389676b6"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

4.206432525s ago: executing program 4 (id=2582):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe9f}}]}}, 0x0)
syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100002439da20cd061201a2d20102030109021b0001000000000904000001717ffe000905"], 0x0)
syz_usb_connect(0x0, 0xdd, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xc4, 0xb8, 0x68, 0x8, 0x2357, 0x109, 0xbdda, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0xff, 0xff, 0xff}}]}}]}}, 0x0)
syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[], 0x0)

4.066385328s ago: executing program 0 (id=2583):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffff58, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xc, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xaa9a}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}]}, &(0x7f0000000840)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.232440673s ago: executing program 2 (id=2584):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007000000095"], &(0x7f0000000500)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x40810)
recvmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x61, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x10100)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x28, 0x0, &(0x7f00000007c0)="c1188e99b95d02ff4284860188a8", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50) (fail_nth: 1)

3.120584841s ago: executing program 0 (id=2585):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000110b0008850000007000000095"], &(0x7f0000000500)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x40810)
recvmsg$kcm(r1, &(0x7f0000000380)={0x0, 0x61, &(0x7f00000027c0)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1}, 0x10100)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x28, 0x0, &(0x7f00000007c0)="c1188e99b95d02ff4284860188a8", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

3.040921501s ago: executing program 2 (id=2586):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r0, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x0, 0xb, 0x88, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"}}, 0xfce)

2.842890234s ago: executing program 0 (id=2587):
io_setup(0x7, &(0x7f0000000000))
io_setup(0x8, &(0x7f0000000280)) (async)
io_setup(0xa161, &(0x7f0000000400))
io_setup(0x9, &(0x7f0000000540))
write(0xffffffffffffffff, &(0x7f0000000f80)="34399252dca8d9cfb0133721900eeac8cd57ace6623f7b0407f7af1174fe7698ae9e0000abfc2ff4abc16d938eb02c2a7634b8565133becd79cc088fdd78fa1c7041ce01cd66222f3cbdd573692d8cdd6132a7edf45ddbea274cb4095c3e620b0dfdc5913e748bdd511d5d98036a51fc81b63d5eb976b2d94adc2f48500b5431cea5d6e98d29019d7bdad885f5444ad30600495ce5f8f479560dd60ca9ac2cf256f1c2a2c1a7b1055a41618e68d0ba38d9d1a2259e12461b93746de34ea00755bdf640935042b574b322dc6788c8be015ae0d4265af9b3c326e1050b31381a4e99eedabf9f88cbf481c9b23ad0ef3291ef4473f5e91a0e9f554bafc2fd08d5fee4ac6d9d99aa4b01671f4a7abb9bed99b13f238908dd52fe6f70694709aae53ec0ae7bfd66fd60ead35975039badada774d5996168dfabb46946ea54f4b8299d9df8e0e57d8b532aa8b9a3c45a913144ac431e7b9268d244ff82b6390871e9bdc2d76868b66c7d59ad762dbbda19115ed58c13823471cd0a243ed673ea2ca839fcb7732fd4912d9a31be7148ab0a080acee25e4c25e59ba292f42986894792c02f5ab468811224ca62511e195b90ff0549cf8d2f099d44259645dd8d710da41076b8a0c8e62d2b738441dbc70b4761dbff87dc5fc603cfd58df5f27544447c111addba923a013e3acffe1a9149f390009043f93532f54cfd7d7089ce77f7cabcd7d144308e77792962329cc908afce6130292983ca9db11957f65cc4b29fa9e7c10583d3a7de7acc80c0fcf6de50ab52ade2bba253dbcc4ef860fac28b27c803ba379287cfc64400f44a03d854f2f60a71d17a4119f11f7dbcfa59a75ad682657d3e96fb246c37825737a44747f33ab7146ebecaa7327184505d88a1b951b1bffcd68dbe7e636678cb91d1642316561f6db50ec462935fa667394e4fc0a527794b9ce42cb24715d85f686792b41525f3f2d748a8c65cfd4b16175a7a58bd9b0c020f60cca3957a9643f4dee0f8c30a26c6b4165a3e9907754fb3892bd35f783081d5706989c8a14baf657be7ba8f1883126339a08b2e7b9447a60ac43e75e6e6f153e6bbdde3fba63edffef19e322fa38d79f7e242d4930d9dd016ea690f058c5871bc79c67f12653b345de58d71a104c8962bdecd5ba1a0ad85cb2d2ef99e454187a15a2b1ecf4e17aa9bcab1beb9b7482e2d7ca2de659a4ba40c01e029f0dab7df6f13eb64f2869d07741543486f33a5a0c79ed9776aa7f3c07eadf12c31fa66906c25c8081c45ddc660234e66f825959537f59d2a18d0beb6e6c51d4db4f3174e9a8b4fb6bd07600bfea9e1f2e9d4bc6a177695848b155a16a16f049dd2e7cb5b3ffe1543b6aac243d23493691b71991591953d70a09fd41967c80ca1fc07dd39e4ebeb6c333834c1fc3535dc6a4712df21964f246a343fd8ec042f4d4f47dec6ccbbb2aff8dee566bf65543d7b30b67f82f058210892ec1c6d70ff4342a65c2e41dd106d47174e79982131cbea041335d0837c9654a05a2da9a22a0983bbe1822865e00b95719fc8171521bff92f883bbdd350771c4dbea17812c17b7a90898c5ebbf41c07c8cce86d14b0ae8b2104e06339b19c7d497df9cb27b4ec2f313929736f7c5343eb68efb65dfe9d7fdedd2132c000945714a5d788ec4b166ab35d281d07bce22a0d1ac28e3ab7145725c5928fb47c6f337a01b9b258806457671252653ce3cc07e24dff5de8633e55e7568a26e73086c706084be58c854429174726d410f8a4e96b30a57d8bdf63c06abcebfd467e4a129a728211bcdb5d55b6e3f60bd3dd65fcca9ca66ba0195440421f266e9218b0fb0ff640e01823f0497e3f174b2585d3b84b87cafd6533096a085b7388807717e397cbd8a46b81aafc6bd9849e5a4b1ee10305d5156431428d951f1a22b4945ca0dd18aa8d558b07a6eb826ff69ab74b1d5a2cbd921745f11f0809816ea18f8729a598e2d2d724b63be392c15929b9c301b97edbdf589856f0f7c7650741ca1ef4f171341ce5569de2c0667f7b5ddfd0e36ebf40a23aaa04ceb2e18aa5c0e5227c76b127c36e64a8ef0e0435a57a186ef5d08176cff5a0ef98fd07daf03eb34e74faa3ccac4f159539bb77c2afeeef4dcba4cd696e34f37e6abfad7e1c713a1175a821176b9bd89356d8b857774cfc3c5273a6702bf2aec5311121fb6da158697a57e03d166f3eeb3c0c9d5e2584d5ce5bbe53c97574813e61e293d1ac899625728c65ee920906301148413f5e74ecaa4f1759c80dd947ecf10e4bfb1aed7eb65220dcf2d945b1818a6b5becd5d5648c3a8643d810e19306385c6a045f4ebcc0de09779a2d925b88987c374b5f7f0ed79f781f310404a20fbb4e186244d6bf0d635ce7287d09621b11d17af0cbe84d609093ba88493da44fcc6bfb2352ccd4fb1ea110375363b62595583e3f4699dcedea495e1e3c741defc9f3ef676e571796b873ca4c9d83e1d021d1267b4a6d92f739dde95a29aaec947416dcaa82b0834662717c5556b94b5d32c7e7cb85d853651e906ab05223af30b81c6a480bf4bc30b6532c58c9ab56062c44638637506d5f4cc7563e267aae93d39296c345560b9cd563093855fbb8ab56a80967e2a52e8091a232e27a716dc79acd343f86ddbfff45c19a6a84e9379ca3d50557cef8527b80efc74792f399f2c3a992ca7eee855f9c31c723f033d1dc847773b62ae521750c65d374ff619bc590f3efbfcbd696f26e6b50c39c85af9e7a94d2b7bc90f4a1116931fc8caf4cefb031ec9da55f44ed3da83d47ded4454a3b4edaf2be0a18f2564b5ea24f9955d62e9fd9ade1d5200693832c31f5602b58d35bb44891281b1950374ea9a535d9d2c8e9372ebc158c86e8ab11053f7f48cf55da955807618166b521b11f8f01be1a1013528c8b6afbd0dbcfb72e1fb6cb9e3fbd510fc32462b10137c9fb4e6a9bee04331f54c5eb9fe259ef93038d3b0fe84f4a5446b235a4d741a2cc786d487a236a042625d91db6a328b3ba9d7e5204c39f5325ab8b83191172eb32c55d33ae68aec4d072f82661cdd3602cdeb7d0dfd6fe6108b84f54bce01eeffa3c97727233bf18492040c10a94017154667e0691ad0dd2334d34b780e609c8335e9de472a1adc690eda53b4647c1ed5b0b413d30d65b0c1dc27209ec7f7480804e2871db7da7a6533a407bcaf6fbcde58c34aa21ed5265ea382cefacc07eb2b43036986fe6a7ebbef91e51357f75375fccb30751eba442da031709751c19a2335a43e4cf143a51fde825dc5d9f07c5590583462653724f5398266857e6193aedf4a23ca594922e25c067dabb1b24cb84677f303abdc02aae69c257e2d8bf434abdae7ad083ff2cf4d7f7357c0648bef72231b8a6aceb52d0acfe2d82d43393630cc02e83bde0099b309f48b3d0659f44fb71b33adaad124b08c36686ae95299f52586664b26895244e0f5af0914427284f37501dc9dbc9802cc56e419c373354ced8ebcd2b7b4111b92bf3b6c6a8a332b847d4811576b21d5ee5f8b7c7368935eefedb2ff480edd69bb0f86889b03ba47181fa4e5ff51a5c7e1f62f0d75bcf42e5edd06fb2e14124b50ec3e11b2bcf7551b6e636ea7b79a37b8a13f247e8a734ec7bfff7021d91df7f625bf7b2c457e9122f882e0a631543bbf33dceb3eb6668a89ed81c54f34cfd346e476eeb69456be354ce9579ef4676b7e882f30b527375299d590202a6f8596a7e4eddcb83d049893cf649255d9585fc39799b3128fadd8724f0d2b7bf3ddf5b16f9fd5ea3ebc182c38bccc27b31195e5402f9b4082f9b92650da23e0dcc6610f36249e09d292d2d8e674eb4fdbcdcd783b3313233119f9598b17388cd02ee59497c126a4ff1d1d221dcaf6c7fa0ed9d3d440528b2db698febf53d2fd94725168547c58a286367ecbfdeb12e5588a626f06dd98678ab783be3f42d0e773e3b9d3f2af7f248b035c0eb7e7d7d85158f596c8faaebe35e2d12362887e3b10b6748b6d15ab43444b2752aacd6520e3a5452884fdb6b3245a512830a05d5b0b6508437be33ca80d0f29d53c0c66eb9dd842a241b07ec9d1e76a27bc4b43c65ad4094081e016942b23f2931ee45a74580fb7073f36af76eb72b8c6d0c0a84775b7daad89619a3f781ff60cd4a44450613d605c46edf179891df64bf691f5ff0a1f280390f1e1e808c961bc2a0ca6369bb362968d63b0823e7e6dba85eeb4de0f294d30c00b979f12b34d14d3f5e5fdb9daeec87cc5046fdb3fe9101a59a8f761ad18de5f1156ac7f6d6db4326d0ea42244fe97c0cf55bb3c7b6bf52239019c37ad7b580e1fe1daea0fab08c01bd09d7f86a010b81c72e259d7f0dacb9aaf9bf97cfba4c2355528f161675e6b73dfe96ce694c416d98913d6a33b15159a15640e5d6054af0d88ca7d6b6270dd16afbf00d3470e727958f99c3b6df6dc372a8afde9293ed063733bc126f2c88b2af2fb60828caa7fb65ea10769fbb2828f0623824ff5ecc6ba62f4e58c95a159c166e9aba1770e7a74a040a602a9e39e99f37910348454d335a495c0475343255e20fa56758da032d1b7191f6b63374c5a2715cc226b47746a1bfd96c7123d2f18448e265eecd4da832e274cfb258c220f61e9cbaf9c5e6842af431be36c11dce6716c18f79258fdfa51d9963893ce8e665ddb7a835424cc5ec9384e1f54427a1d88ed6a0515b68b213322f4e35936200898b0bc551b47d1eec171ff670a0ea5b262999ad340cff524b072df9a6026b24e71645bbe5ef9306f8c0f5a557f28f0388f6dee60bc672247751371f129a1b3bdfe1392caa749ade19de40cf83a15eeb40f7bd3f38ff2397f11b92ea25a5541096603a1d51df9b02af9a2fc3ecc967fe7bff9d8c7788aea8d6d975f46b4d651b72c724ea3e4e2f1b71cbd5fdfd7d5eff585915162e6c60551ff767d2a6f1f8e69247bde6fc61f804965d23d01fe821ba6ce7f257339aa8e23d107704f8df2fdd76fba46010c764664b2a63743080a30765fd3173c0be34c69cc2861022f62a3d2d58b7b30fb235adfe26a92f7e4cdcb34ace99edd29e1887ce0f7b6bbc9da213eeb8806b745e5b222c055d632083d3c05f6529bab2d880ce64e9ca1d88714585eb9c446a3a1afd14bc13fe04d4ea293b0e293b94a561fb8862ab88ab65a916201d4c71b59c8ca7714126f132cf9f9bd844b7d9a42db6f6620c3f7bbfdd305b08e4008e8cf9852278ea8031a85f0b5d910e2c2fa46a924d3394ed0462743e230855bce57391c17887347eaf2c1b781fcf1663d5595a2676c4ab0a8e8bdd6b41d0a80838a8a91b739888dc0ad7ff2ea3a815484fe5b0a35c5eefa6d4c38b4811121ca50cf1b500054f118c68415f0e7b464b10b5bbd1f76eae6a568a8e12696a433ef6017ab80df18e0ff8c6fb45554b0c4cd3c00f8d13df501e8f1d6062f2117f24a691c0a249e4ba47a77bec8f8f8f275bd11e6f38c1068d04a0d410bbe2a3cadefc20237f995daac295a801dfa53fad9bac2bbd90cafaa33155768741bdd18e19c6d271d7f127e71be68d7def8c4beeaef4ecc211043ebba3717427c6319f2563507d2b58aad4e2792c36eb60c88c81327eadc398f8d76e80187ad8abcb3044a854e81493fd9945f489925b540441abff33a2f13a04e6f0d86c9dc2c636b4ffb14f8f7fcef5048fa2ebda122d3b5782c8654770a7ccb364b31ac62f7d533f39095066a0c54ca60cf81e69c08df3478c12ba32837964a8dc288781d38ec429ed0e70fbf4090013e0794053870c7169c29c540d2f", 0x1000) (async)
r0 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0)
fallocate(r0, 0x0, 0x0, 0x1001f0) (async)
fallocate(r0, 0x3, 0x4, 0x101000) (async)
io_setup(0x1, &(0x7f0000000f40))

2.791660532s ago: executing program 1 (id=2588):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x440241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x1, &(0x7f0000000340)=ANY=[@ANYRES64=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYRES32=r0, @ANYRESDEC=r1], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r2, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
r3 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
r4 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700), 0x1c1140, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r4, 0xc0040d0f, &(0x7f0000000040)=0x3f)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000380)={'syzkaller1\x00', 0xc201})
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x100)
mkdir(&(0x7f0000000600)='./file0\x00', 0x18)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x18640ca, &(0x7f0000000500)={[{@xino_off}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
rmdir(&(0x7f0000000180)='./file1\x00')
chdir(&(0x7f00000001c0)='./bus\x00')
lsetxattr$trusted_overlay_redirect(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, 0x0, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000fbff000000000000001d85"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000000440)=[@text16={0x10, &(0x7f0000000480)="0f01585c360f01c50f01ca0f080f01cf0f009200800f01c9f0834abc0b66b9ac0b000066b899b570c866ba01094262440f20c0663507000000440f22c00f01c4", 0x40}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000002c0)=[@text32={0x20, &(0x7f0000000580)="660f388086008000000fa9c4c1a4551666baf80cb8d4d3d8880f3566b8bd008ed0b800000000eff7f80f0fa700000000a4c4e27d59c00f01c38fc8288760c500360f01cb", 0x44}], 0x1, 0x10, 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000740)={{r6}, "63fc0c4f93dd2f367d23a756bf0a3eff7784ef6c501b892a1ea3cd4eb63a491122f91b13d39e12165adf54aab4e2d9dc62f5c918619c832a9dd21627b9d58c7b6bc6aca111efa45edc34c3c1145bf3b5a50b52b722fa5fa05a68d3d37528dbe342f709f66efe6e73fb1d870246d45848a12f93a0f8484780d4e2b762aab306b6f9c09b15da898459e3f523cde33434f39f5c78058affb701cfdf9ef16229a7c7766397b0acefa029d6acb30ead4027bea1f8082599eac46de655f09774d99f4740b868905efa7d2ab3470d3cbd378b9aaf9752a85e692938eb3ca2c01a62052c9a0e90de5de63c056729e4df35398416477697222455e2097f3f0342f3b5fe0d076351d497a5c2266ed64be633967dd5b6d3a7aae08f3a951f19f92ab272f2f1f9fde2ddf9faa84b68c9820c6ce759ae043ec5c0c7919e04cfe52bf30e02b3d507c03cd12214bf5c3021555b3ab93b7abeea6e634d6696dc7688105dcc8a335ba34fd59c8c524c63a9d631d184164e62c823aeb0350a4a234b15504c70d89592991c9637b84d45d61f41c730ff3e77f144ca883823ee4329fd50c07011917970a46fa87b84ad8c270c8c897360649056c8ca9062472bfc9dd42948fcf5d06e9f0d6a6ce64e545b10dbafbac56a99cffe3521cdeb5ea1fee40341a1e487ef66d42b3cf35637d1631016a99ca38fb73e5ccf2c09d279ec0342441543d5f37b9add858979558277c5be4e88e82595b7a01167d21b5235171117e7f9c71cb7b7374268f91f7e6370658dc97240796171edc7df1e5f427e280f52d35908f0c4ed58f04ceb5f2d2b8beb3465db0d2e818491801f80c65860020a106abf55c38ffd779f77cb3902407d9c14001edfd0680a89aae092bb26b8157d6b077724e80cce28705ce437814e4820a503a0c0052e4ab4f7886334f7d33c78e3a8356981068bbae3b8f16b9928c74c205ec012d5cb04471f7cf726ca75e34de790e05fff9b3b48d24ed2c1ff60b59ef7bb5b2b8fd14d180fcea00a642f96d52ff293116478714fc8bfd037a874e2fae2da270f8519bbe20631a4417d55eed333f0b49bffcd367fb4bf66dcb5c21915daeff723f0151b393cd68eae124046e4ac143e205cfe34ffe1c9cf637a4cb241c45ef43584544251e7dabba17ee78ca950c96b335bdb679d87d670fcbd28bb2e767bb7383e294803a066e40e84820d946a73691d00e47f9298e370545dfe222978e7b5a6885a0dd22d721e7519917a13bc2df94891425afc82a7c270b5206061e634898490cf657c2cae21a4fe12ed4df08b2f94ce07e220bcb8c534570c9299a805fe91a33a420678cd2654b900bfa4c2a86e1ede60fe60ea6e5193b31dc247f7bdc2b1e416ea9e10f6fc82f709abd9ea0d0ba89b6766e0b22c64d7c3b2756cf471bac411a3f063949347095a96b80cf7329a972016922c8775d91fc62be216dfbf7a27fb645d8c477f50c923e0bfb7e90338f418c184ba46a64375fd679b57c05bce038bf6ce33340397bac11b4b97450600d9bd73bb177c23cd12d84f4b9dbff9660fc21219c36db4e04375aa2cfe728cbf8d2cb9c4258929df3991fb48cce3f35c8eb3b78591f96bffc389740f391172aed25d4091503b27919cd98af607dc2e6e73aa022f22dca10705efdd30b334403d79487e2855c9180e4fcf8afe22b3cb985e155398623f3c7e1d955a16a303675ac221a0b2e17d43072895379dd3a4e1873e86e9e9a9417d2a774cc89a2e4e6fe2aabeb23e5bfaf52e7ed03f2a50dd8acd10d6e61c5e6915615babff2a58152ada3bcb9c5dd31b85fee13122e2d86ab8457063255eb2a87e9ca495a979c9a7c01f79c337ac30da1a415029d97fb672452fc8c566da9488e6b0a8a4933dcb49546d337cfc4696f2053a402fa4162d716c1585f27856c14921654b68c7227e8d749566dcf892ce83d49095058fbf07ee6aafb0a348f300fc17d7f27ad7e0f4e02113b98ce7b6675bc8ce7a0f3cb6d49805a83326a091782bf6c91084653447d14861c94f11a0b7f84c9dc52eaa0ca72fec787ca39082c8bcad2692d2dd1f68961ce9994394e53146b091dc1bb7848f8ab90ee31c2f73df539cb921ba0f4a59019e291981e1e56c5103eedf98ad2a8163d7f3737a242e6b0a1c992c90be8d1adb0c1f9c18b806d9162e4ab9683d99d35d13bb7d750da3d6a142dab8e1f0c6a581d9d724d062854921fa124fc157f070866972038fadd5bd27d69c385ad4b369c47eedcb302b478cc1edbe745a1900313c03187ed66c60da293a0e95d6e7b00d600b04359c85a5dd3723402c764ade023d079b90ca3a84da4ed49db476c447a90b265ec871270239a73f8cd55a162fa150af259fb05a1beb6af28290955bd3fcda98df65a7e1b80e9cf909a15fcf03f441385723dc69d50e6bd88f136f5aa87e33ee79a53668b60bf19be7b78e1aa9025cf3aa9d51c926df9c45731b512bf09502398b6b23ad7faf07e53992acb11727886f12d31cb103c20d5909ddbdc9605fc1a0513cf1a379f884186b68b78fe040e6736b34efb11b4615954cdf137ee19c3ab8d5dc1e27ee211aa96a6ff07ec36b8609175d0db90cc7c64c725e185c863ee0681430b6ce08d0b255556d78842590f4918fc4b14c8ab0a2224969748572165c163fe31b34407b60281b40b7b9bf1bc6a67c685bfa374d5bd3c7d6d5ef1485c25d815ec7776a5ff48f24c78ef57bb9ee3aef232e4bbc8b2058e7316997e179f5bee2a29cf6f10df0a533b134ac894568ef1dd1defda3012f02457169824d9168d69e341c6e3759e2fc6e94a22e6296e8e39e1ced2968b223c98e618f6e0f8a2470ac3784073081a76bbf835807ff889baa6cb10cb526aba6d0f5bef8e0f8e970ea3961e5bc68fc0eab1e3788c9708f4b3a1df4cc736b36a5abab3e46d7f8775dd00daec9d5e261f6a7726897970e6c55499cf20c920742bed3ca257f3bd8c409b022993ef3265dcbb52b0a0b43dde916d4db8e54e53a13ec4c82e62b059f009c132da77cb825a0dfeddbb1a70d58d02a1894b4f1bf0ae1bd3ae1fd317e5f40f49dca4ccae14359486e23892ec6609aee3560110c9d34923590c77f9c415f3f38dc061f4f76d87d78dfcc424a6ac91e7c0e3db80efcd11b48ff3b0a99e5bae9516d25ba5783dada24702ebcbb48848b980367696fa049862d7fb1e459ead86dbd46ab1044f0630ff2af9fe877bf0f5f394a0f5c92a0f39b732afb55df2c03d9217a101393c4c4c3a5af72558dfbd53a22c80e15cabacbd4d59dbe8d923148a47dc5df535c827f5dd18d633958f0d9546a076d5e78efb47fa76ac2c393872d11a5e1b4c09f8c410f27f76677d6966261341b843e4a42b534b6d493e9d46ca29e896710cd32ceddbe2b58b53a750c46867408481d5898fe3b362ccdef3089a9938900f5b2dce0e0248a28aad17cf5e9e64a0cfbd706d6a80aa5bacc3ce5b4054103026616e0156de7e78bfd3f03c1d153d0c7a0b76bd9277ba0c14940c7bc802535bcf259ed4f7731446440f3c35800808fcdd580b48fd136aeec4604abcfcd47e81a622ee0daff3d1552463fdad4a4c7a7ac6ada5b007b8468d9e0087f5938041e1becac5383ade441a7dc2f0168716cc83f4cef1037c5f4c6ea20dcd8db8c3d10c1fc2a840213add1433261bcf4c731871ce2cd7dc535a22760eff2a7687afec5163ff265a8705ceb67ee1bca9210c8bc1293c176c637e7df1db55e58cf80d34b6d7d69fbb23ec3dfd50b1bb345fbeed9a75cdd409e04836ad796fb116d83a35681b611f33bfaf5e3a89464873ff5ffdc25f20145e4229ef8554d290c54baf3966ca53acb2c3473c0d1c5d87fc39d1b16de91bafb1a285a3369712945a3c26e67fe6f1d6f917906687c73f14d1f8dab3dc971e318f730356c256171712399f41d5919a061f8e81aa4d27574ca0c6abc7d492c6fcb156c35cdddd1e2803a13dca3adcbb950347ef363341b2b734977b5135bd4faa8249ff6e37cb17515bc52c2d9edf9a373eb11ea64f5a6db245c672541782a6ccbcd88412d82288c4b94618578322c27bde0d52752c64966b2b7c7b348d473d1925944e487e6bdcd47ce6c3242cd2526853a8adc965173435a2d09a29b5a834724c68713619e639e4cfce979b4b9fab95fc0fbd610cd10efebebc1edabc4df2e01a8bba260a66b28ecb4509be191e6928d86f34a965ecc24c06fb5ef0f1babef7c8060eb4753bb99442262278327acc389d9d954b3e9a3e6368c2a3676af1cc8b56ecdb033366ba37af7b216ab327c4dc3f91cbb5d16f7dd675b09e30019311f760a028ed4710e5b29cf4e6dbfe3600c8539fd53c1cb1dd5a4518ee4a34365379277af1eb5ac74e3e8f46eac7105b4c14a2055e35a246f75cd153ce28faf6ead324522c0d7abf952abf2a44f40a4a60b46cb0b9d9374c10360ef5b0931e20d882839643d0133cfc8c0eabce5cf3481c655403d858c6316bf36b83a34718fbc365d4b2e51c7b72e4b1ee66a1a64988508493773585694ff1f92142d70969786777f95622237ffc0b85766e98604ebb645d77205a60a4ec136bbfd7c0cad74525c58c46dd3684cbc24f34042015c8c84a6a2ba4440c0536f6edf40103bcee004ec618e5c442b4ae4b553b92f81b82dc10f03b063b059c89af3e270f78e3b9d33c132e6981410ab400431214fa050a653fc4cab7dc25f99498e1fc6eb644c509e5c27ad9331bd32f5627966c0f5e31360d5c80c7e179a289dc202759fac76e2e8ccb97a55c209bb96e198670a5a3ba84fcfa51b5fc6924d20c45f15ae22986c137220b201d97b6557413d74cbffb7fd9b5dbca62cc8711c5e4212379fcf41a42f29eaf43621023dd82b7b887a14226b3230226f3593466d9252a8850cab928e0450d6d178a1da7f204bb4f49aa5a3c2be445754bcb4e9806672701f1a325b78bc499f1b578c8cc71c0804272fbfd9d39bd796e3a10425db8f1751fde3de5be0d3a86c29cda6de23f1bc6bc8bac5f4c89964ad5d656d113c39d0a015a7db45975cc3b8be52c356c4f087a7320bd820212fc14725302e72ddcf0073e7105ebbfb95cf7dad96c5161a338eb082ed6e8bf81428350102471a61182beea39c36a5ffdb164396bcb14d06cb18b9b48b4bdff230acc5d536b3d90099fd3da24b0a736dc8c6d9a8a93338a1a84993ad836e05f97898ac1d06c2a4983bfb93cb596f421d342dd56bc5e175e600473780e410d4f566794940d7904572b2a641b86a0ac49018657544300d3f40c03e454dd54c4f39994a1ce16f0c159b82813b10fdcb87b04ae77dbc92bde7b849265c2c05ea66dc3f1189dca1e3efa38752c03f5ca14e950af822c53469bb5327aefdbc174776e0e91de0e082243ade4384d19839505c7b4018f90f809c6cd1f591378a9cacc6fcdd3335bd655c1217fbac84243eb94c727d8885b5f8987a2f02c341b6e86deb40a13889c1ee5718868912cfc1bdbc4e90e576b691452e91ff166ce51e245564670fdec7a7461679e8f9ae88b043c7e813b463925de9465e1904cb1e8d429bb0c66a1572576b09cd8230c8107e11cfbea455a046404ec3f499fbb46153c13c82a3f2fd3a5382600a12a802bcd72d5af3bdc21ff49e03e14cdb534b0e4b12a6b31360be80d40bc35a60041f54f36f6eb863abbafc1dbbea726cddbff6060fb4c9230e068daa8504da46fb5b5efcfb468e96062906bffea320c8cf02da3b547f0c81c62d6858597bd74ea5cf330968aad67b31bfee59815ca45b29f8786b3edd12"})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
write$tun(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="001c86dd2000100000004000000060ec97000fc83c00fe8000000000000000000000000000aaff02000000000000000000000000000188"], 0xffe)
write$tun(r5, &(0x7f0000001840)=ANY=[@ANYBLOB="0800080006000700000014000000480a100c00660000ff88907864010102e000000186113daade3e1d301e65f21bcba4b3be00442481110a0101010000000c64010100000000020000000000000101e0000002000000fa89179fac1414bb0a010100e000000100000000e00000013297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4bfdb1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"], 0x101a)

2.726281078s ago: executing program 2 (id=2589):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))
r1 = syz_open_procfs(0x0, &(0x7f0000001a80)='net/unix\x00')
preadv(r1, &(0x7f0000003c00)=[{&(0x7f0000001ac0)=""/4096, 0x1000}], 0x1, 0x2, 0x77f83464)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000440)={&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f0000000380), 0x0, &(0x7f0000000400)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0xfc}}], 0x18}, 0x840)
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xc, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x8, 0x800)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000900)={0x1d, r5, 0x1}, 0x18)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSF2(r6, 0x402c542d, &(0x7f00000000c0)={0xa458, 0x1, 0x3, 0x6, 0xcb, "0982aa400000000000e6ffffab5affffe500", 0x5, 0x80000001})
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000000)=0xff)
sendmmsg$unix(r4, &(0x7f0000004a80)=[{{&(0x7f00000003c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000440)="bd", 0x1}], 0x1, 0x0, 0x0, 0x40000}}, {{&(0x7f0000000940)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x533509e98f3a73c}}], 0x2, 0x1d3)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x4f, &(0x7f0000000140)={0x0, 0x28}}, 0x0)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r7, 0xffffffffffffffff, 0x0)

2.645443942s ago: executing program 0 (id=2590):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$qrtr(0x2a, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = dup(r5)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000000206030000000000fffff000000000000900020073797a32000000000500040000000000050005000200000012000300686173683a6e65742c706f727400000005000100070000000c00078008001240"], 0x58}}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000000020000004c000480240001800b000100736f636b657400001400028008000240000000030800014000000002240001800b0001007470726f7879000014000280080001400000000208000340000000100900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x40880)
setsockopt$inet6_IPV6_DSTOPTS(r4, 0x29, 0x3b, &(0x7f00000000c0)={0x2b}, 0x8)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, &(0x7f00000003c0), 0x4)

1.571596706s ago: executing program 0 (id=2591):
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000140)={0x6, 0x87}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x200, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
io_submit(0x0, 0x0, 0x0)
fsopen(&(0x7f0000000000)='nfs4\x00', 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvmmsg(r5, &(0x7f0000001e00)=[{{0x0, 0x0, 0x0}, 0x760b}], 0x1, 0x40000000, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

1.563307527s ago: executing program 2 (id=2592):
syz_usb_connect(0x5, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010002e8bec8404f49697e78517bae1e0109021b00"], 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, 0x0, 0x10000, 0x0)
r3 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x5, 0xbfdffffc, 0x0, r2}, &(0x7f0000000000)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r3, 0x0, &(0x7f0000000040)='./file0\x00', 0x50, 0x183000, 0x12345})
io_uring_enter(r3, 0x47f6, 0x40, 0x2, 0x0, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x3, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="260a00000000000061116100000000001800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.384486669s ago: executing program 1 (id=2593):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="1808000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7060000000000008500000005000000bf0900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b5090000000000007baaf0ff00000000ae8900000000000007080000f8ffffffbf8400000000000007040000f0ffffffc70200000800000018260000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7050000080000004608f0ff76000000bf980000000000005608f8ffffff00008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)

1.34368918s ago: executing program 1 (id=2594):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_G_PARM(r2, 0xc0cc5615, &(0x7f0000000080)={0x7, @capture={0x0, 0x1, {0x5, 0x100}, 0xe, 0x6}})
sendmsg$ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x8c}}, 0x20000051)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000005840)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x30, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x4}}]}, 0x30}}, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {0xe, 0xffff}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x6004}, @TCA_FLOWER_KEY_TCP_SRC={0x6}, @TCA_FLOWER_KEY_VLAN_PRIO={0x5, 0x18, 0x3}, @TCA_FLOWER_KEY_IPV6_SRC_MASK={0x14, 0xf, [0xffffffff, 0xff000000, 0xffffff00, 0xff]}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @mcast1}, @TCA_FLOWER_KEY_CT_MARK={0x8, 0x5f, 0x40}]}}]}, 0x7c}}, 0x4000)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000000300)={0x6, 0x88, 0x6, 0x9e9e, 0xcb, "0900e8ff00", 0x80000009, 0x1})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01080000000000000000070000000900010073797a300000000054000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005"], 0xdc}}, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0xff)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f0000000080)={0xc0, 0x0, 0x8000})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r8, 0xc040aed5, &(0x7f0000000240)={0x0, 0x107000})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1c, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000400)='locks_get_lock_context\x00', r9}, 0x18)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000600)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
fcntl$lock(r10, 0x26, &(0x7f0000000000))
socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000))

1.191018955s ago: executing program 3 (id=2595):
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d7", 0x6, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000340), &(0x7f0000000440), &(0x7f0000000480)="c5925de6d376ec19f9f26d444c45dc26ba1831be0bbe298890aa83d4c9525992d2b68597076e5f5f9df947e1a7977b65e8ece2e411e83273b7e7dd2548c27fff4954c14a1dab5760157dea1c2cd9b390dd4a005d978ac5772b0d2c672b70c61b21ceb645c3b3888b607c7508e4583a5d2de0877d8a983a659515c371a584cb8ddf6f16f4d414f083c0d9a24b6addc3d68e1c71b025089314616705a4f77b5dfe0a9d1c5d33ad37fdd5433622f4fbfdd58e1f5436d495a79f8d3c1c8e1121928abacb9d41733b38e75172ceea91249f6486be23c7cc9dd931", 0xd8, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x0)
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x300, 0x0, 0x0, 0x6c, 0x0, @private}, {{}, {}, {}, {}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4}}}}}}}}, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
prlimit64(r5, 0x7, &(0x7f0000000180)={0x6, 0x4}, &(0x7f0000000240))
r7 = dup2(r6, r3)
fallocate(r7, 0x40, 0x8000000008, 0x10000)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r9 = dup(r8)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r11 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r11, 0x40a85321, &(0x7f0000000280)={{0x80, 0x79}, 'port0\x00', 0xb, 0x42, 0x8, 0x4, 0x1ff, 0x2, 0x800, 0x0, 0x9})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r8, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

948.316437ms ago: executing program 1 (id=2596):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000340)="8a226ff432407a7f5fd09590d734f795e12e57ce9fed3f0300eb6368ed559a85603b0080", 0x24}], 0x2)
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x800007, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000340)={0x2, 0x0, 0x0, 0x6}, 0x10}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b36, &(0x7f0000000000)={'wlan0\x00'}) (fail_nth: 1)

519.956481ms ago: executing program 4 (id=2597):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x18, 0x20, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x4, 0x5, 0x0, 0x0, @binary}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000044) (fail_nth: 1)

191.994396ms ago: executing program 1 (id=2598):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = epoll_create1(0x80000)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a})
read$char_usb(r2, &(0x7f0000001980)=""/179, 0xb3)
r3 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000d40)={0x44, &(0x7f0000000a80)={0x40, 0x6, 0x6, "8ff64c7b54db"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$printer(r3, 0x0, &(0x7f0000000080)={0x34, &(0x7f0000000180)={0x40, 0x1a, 0x61, "e5ed7bf9f13a1c8d13f2e9ee5c1f8a4bd7f92d89c033b935a7ead66156fd4a002039420cf0d34cfa4bb606d34f74d478c67ec3e9b5923fe639d08f2deda8a1084d2e675a75d4591e1752cce401bac2879e18790915708c60a1f07a775c7e8f770a"}, 0x0, 0x0, 0x0, 0x0, 0x0})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000000))
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="180000002000099b930000fbfedbe0250200000004000500"], 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000044)

317.607µs ago: executing program 3 (id=2599):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x18, 0x20, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x4, 0x5, 0x0, 0x0, @binary}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000044)

0s ago: executing program 4 (id=2600):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x14, 0xa, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x40001}, 0x20000000)
close(0x3) (fail_nth: 1)

kernel console output (not intermixed with test programs):

/0x1f0
[  644.771129][T13820]  should_fail_ex+0x512/0x640
[  644.771160][T13820]  _copy_from_user+0x2e/0xd0
[  644.771180][T13820]  __sys_bpf+0x21d/0x4ea0
[  644.771209][T13820]  ? __pfx___sys_bpf+0x10/0x10
[  644.771235][T13820]  ? ksys_write+0x190/0x250
[  644.771267][T13820]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  644.771300][T13820]  ? fput+0x70/0xf0
[  644.771319][T13820]  ? ksys_write+0x1ac/0x250
[  644.771345][T13820]  ? __pfx_ksys_write+0x10/0x10
[  644.771375][T13820]  __x64_sys_bpf+0x78/0xc0
[  644.771400][T13820]  ? lockdep_hardirqs_on+0x7c/0x110
[  644.771429][T13820]  do_syscall_64+0xcd/0x4c0
[  644.771449][T13820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.771467][T13820] RIP: 0033:0x7fae8d78e9a9
[  644.771484][T13820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.771501][T13820] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  644.771520][T13820] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  644.771532][T13820] RDX: 0000000000000020 RSI: 0000200000000380 RDI: 0000000000000003
[  644.771544][T13820] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  644.771560][T13820] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  644.771570][T13820] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  644.771594][T13820]  </TASK>
[  645.695817][ T5907] playstation 0003:054C:05C4.0041: Registered DualShock4 controller hw_version=0x00000000 fw_version=0x00000000
[  645.795486][   T30] audit: type=1400 audit(1753007497.218:718): avc:  denied  { unlink } for  pid=5832 comm="syz-executor" name="file0" dev="tmpfs" ino=2388 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  645.806242][ T5978] ath9k_htc: Failed to initialize the device
[  645.829333][   T10] usb 3-1: ath9k_htc: USB layer deinitialized
[  645.916729][T13825] FAULT_INJECTION: forcing a failure.
[  645.916729][T13825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  645.930120][T13825] CPU: 1 UID: 0 PID: 13825 Comm: syz.0.2350 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  645.930144][T13825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  645.930155][T13825] Call Trace:
[  645.930161][T13825]  <TASK>
[  645.930168][T13825]  dump_stack_lvl+0x16c/0x1f0
[  645.930202][T13825]  should_fail_ex+0x512/0x640
[  645.930232][T13825]  _copy_from_user+0x2e/0xd0
[  645.930251][T13825]  do_fcntl+0x2f8/0x15a0
[  645.930273][T13825]  ? __pfx_do_fcntl+0x10/0x10
[  645.930298][T13825]  ? selinux_file_fcntl+0x93/0x170
[  645.930326][T13825]  __x64_sys_fcntl+0x163/0x200
[  645.930349][T13825]  do_syscall_64+0xcd/0x4c0
[  645.930368][T13825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  645.930387][T13825] RIP: 0033:0x7fbbf858e9a9
[  645.930401][T13825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  645.930417][T13825] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[  645.930434][T13825] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  645.930447][T13825] RDX: 0000200000000000 RSI: 000000000000040c RDI: 0000000000000003
[  645.930458][T13825] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  645.930468][T13825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  645.930478][T13825] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  645.930501][T13825]  </TASK>
[  646.090558][ T5907] usb 5-1: USB disconnect, device number 15
[  646.302282][T13832] FAULT_INJECTION: forcing a failure.
[  646.302282][T13832] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.337293][T13834] FAULT_INJECTION: forcing a failure.
[  646.337293][T13834] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  646.344178][T13832] CPU: 1 UID: 0 PID: 13832 Comm: syz.4.2354 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  646.344200][T13832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.344210][T13832] Call Trace:
[  646.344216][T13832]  <TASK>
[  646.344222][T13832]  dump_stack_lvl+0x16c/0x1f0
[  646.344252][T13832]  should_fail_ex+0x512/0x640
[  646.344279][T13832]  _copy_from_user+0x2e/0xd0
[  646.344296][T13832]  __sys_bpf+0x21d/0x4ea0
[  646.344321][T13832]  ? __pfx___sys_bpf+0x10/0x10
[  646.344343][T13832]  ? ksys_write+0x190/0x250
[  646.344369][T13832]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  646.344398][T13832]  ? fput+0x70/0xf0
[  646.344415][T13832]  ? ksys_write+0x1ac/0x250
[  646.344436][T13832]  ? __pfx_ksys_write+0x10/0x10
[  646.344462][T13832]  __x64_sys_bpf+0x78/0xc0
[  646.344483][T13832]  ? lockdep_hardirqs_on+0x7c/0x110
[  646.344507][T13832]  do_syscall_64+0xcd/0x4c0
[  646.344523][T13832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.344539][T13832] RIP: 0033:0x7fae8d78e9a9
[  646.344552][T13832] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.344567][T13832] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  646.344583][T13832] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  646.344593][T13832] RDX: 0000000000000048 RSI: 0000200000000340 RDI: 000000000000000a
[  646.344603][T13832] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  646.344612][T13832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  646.344622][T13832] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  646.344643][T13832]  </TASK>
[  646.477341][T13838] loop3: detected capacity change from 0 to 1
[  646.482523][T13834] CPU: 0 UID: 0 PID: 13834 Comm: syz.2.2353 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  646.482546][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  646.482555][T13834] Call Trace:
[  646.482561][T13834]  <TASK>
[  646.482567][T13834]  dump_stack_lvl+0x16c/0x1f0
[  646.482597][T13834]  should_fail_ex+0x512/0x640
[  646.482625][T13834]  _copy_from_user+0x2e/0xd0
[  646.482642][T13834]  copy_from_sockptr_offset+0x15c/0x1b0
[  646.482666][T13834]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  646.482689][T13834]  ? bpf_lsm_capable+0x9/0x10
[  646.482708][T13834]  ? security_capable+0x7e/0x260
[  646.482732][T13834]  do_ipt_set_ctl+0x479/0xae0
[  646.482754][T13834]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  646.482778][T13834]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  646.482799][T13834]  ? lockdep_hardirqs_on+0x7c/0x110
[  646.482823][T13834]  ? sockopt_release_sock+0x52/0x60
[  646.482839][T13834]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  646.482855][T13834]  ? sockopt_release_sock+0x52/0x60
[  646.482880][T13834]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  646.482901][T13834]  nf_setsockopt+0x8d/0xf0
[  646.482921][T13834]  ip_setsockopt+0xcb/0xf0
[  646.482945][T13834]  udp_setsockopt+0x7d/0xd0
[  646.482964][T13834]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  646.482988][T13834]  do_sock_setsockopt+0xf0/0x1d0
[  646.483009][T13834]  __sys_setsockopt+0x1a0/0x230
[  646.483036][T13834]  __x64_sys_setsockopt+0xbd/0x160
[  646.483058][T13834]  ? do_syscall_64+0x91/0x4c0
[  646.483073][T13834]  ? lockdep_hardirqs_on+0x7c/0x110
[  646.483095][T13834]  do_syscall_64+0xcd/0x4c0
[  646.483112][T13834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  646.483128][T13834] RIP: 0033:0x7f445bf8e9a9
[  646.483142][T13834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  646.483157][T13834] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  646.483172][T13834] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  646.483183][T13834] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  646.483193][T13834] RBP: 00007f4459df6090 R08: 00000000000004b0 R09: 0000000000000000
[  646.483202][T13834] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  646.483212][T13834] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  646.483233][T13834]  </TASK>
[  646.778581][T13838]  loop3: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10
[  646.793654][   T30] audit: type=1326 audit(1753007498.158:719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13843 comm="syz.4.2358" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fae8d78e9a9 code=0x0
[  646.830127][T13838] loop3: p1 start 791543808 is beyond EOD, truncated
[  646.844050][ T5978] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  646.853012][T13838] loop3: p2 start 1633771873 is beyond EOD, truncated
[  646.865414][T13838] loop3: p3 start 1633771873 is beyond EOD, truncated
[  647.143419][T13848] cgroup: Need name or subsystem set
[  647.318141][T13838] loop3: p4 start 1633771873 is beyond EOD, 
[  647.318260][ T5978] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  647.338744][T13838] truncated
[  647.353834][T13838] loop3: p5 start 1633771873 is beyond EOD, truncated
[  647.365370][T13838] loop3: p6 start 1633771776 is beyond EOD, truncated
[  647.372002][ T5978] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  647.384699][T13838] loop3: p7 start 1633771873 is beyond EOD, truncated
[  647.414745][T13838] loop3: p8 start 1886744434 is beyond EOD, truncated
[  647.427200][ T5978] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  647.453448][T13838] loop3: p9 start 1633771873 is beyond EOD, truncated
[  647.456566][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  647.504919][T13838] loop3: p10 start 1633771873 is beyond EOD, truncated
[  647.509708][T13835] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  647.527481][ T5978] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  647.928757][T13835] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.281632][T13835] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  648.330719][T13858] FAULT_INJECTION: forcing a failure.
[  648.330719][T13858] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  648.377355][T13862] netlink: 64535 bytes leftover after parsing attributes in process `syz.4.2363'.
[  648.381139][T13858] CPU: 0 UID: 0 PID: 13858 Comm: syz.3.2361 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  648.381162][T13858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.381172][T13858] Call Trace:
[  648.381178][T13858]  <TASK>
[  648.381185][T13858]  dump_stack_lvl+0x16c/0x1f0
[  648.381214][T13858]  should_fail_ex+0x512/0x640
[  648.381242][T13858]  _copy_from_user+0x2e/0xd0
[  648.381258][T13858]  do_sock_getsockopt+0x3ca/0x440
[  648.381279][T13858]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  648.381296][T13858]  ? __fget_files+0x204/0x3c0
[  648.381322][T13858]  __sys_getsockopt+0x12f/0x260
[  648.381350][T13858]  __x64_sys_getsockopt+0xbd/0x160
[  648.381373][T13858]  ? do_syscall_64+0x91/0x4c0
[  648.381387][T13858]  ? lockdep_hardirqs_on+0x7c/0x110
[  648.381410][T13858]  do_syscall_64+0xcd/0x4c0
[  648.381426][T13858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.381443][T13858] RIP: 0033:0x7f5afc38e9a9
[  648.381455][T13858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.381470][T13858] RSP: 002b:00007f5afd2be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  648.381486][T13858] RAX: ffffffffffffffda RBX: 00007f5afc5b5fa0 RCX: 00007f5afc38e9a9
[  648.381496][T13858] RDX: 0000000000000001 RSI: 000000000000011c RDI: 0000000000000003
[  648.381506][T13858] RBP: 00007f5afd2be090 R08: ffffffffffffffff R09: 0000000000000000
[  648.381515][T13858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.381525][T13858] R13: 0000000000000000 R14: 00007f5afc5b5fa0 R15: 00007fff8434c5d8
[  648.381545][T13858]  </TASK>
[  648.841883][   T30] audit: type=1804 audit(1753007500.208:720): pid=13870 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.2352" name="/newroot/497/file0" dev="tmpfs" ino=2550 res=1 errno=0
[  649.778465][ T6899] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  649.945247][ T6899] usb 1-1: Using ep0 maxpacket: 16
[  649.955387][ T6899] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  649.990039][ T6899] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  650.028429][ T5978] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  650.031591][ T5954] usb 2-1: USB disconnect, device number 3
[  650.084086][ T6899] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  650.103274][T13890] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2369'.
[  650.124644][T13890] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2369'.
[  650.158928][ T6899] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.174770][ T6899] usb 1-1: config 0 descriptor??
[  650.216843][ T5978] usb 4-1: Using ep0 maxpacket: 16
[  650.227779][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  650.251571][   T30] audit: type=1400 audit(1753007501.678:721): avc:  denied  { getopt } for  pid=13886 comm="syz.4.2369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  650.275066][ T5978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  650.294569][ T5978] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00
[  650.304877][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.322351][ T5978] usb 4-1: config 0 descriptor??
[  650.565161][T11427] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  650.619058][ T6899] playstation 0003:054C:05C4.0042: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.0-1/input0
[  650.718269][T11427] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  650.728856][T11427] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  650.741934][T11427] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  650.760419][T11427] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  650.767046][ T5978] playstation 0003:054C:05C4.0043: hidraw1: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.3-1/input0
[  650.783254][T11427] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  650.784584][T11427] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  650.806460][T11427] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  650.853213][T11427] usb 3-1: Product: syz
[  650.867978][ T5954] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  650.889871][T11427] usb 3-1: Manufacturer: syz
[  650.918097][T11427] cdc_wdm 3-1:1.0: skipping garbage
[  650.923359][T11427] cdc_wdm 3-1:1.0: skipping garbage
[  650.944999][T11427] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  650.950993][T11427] cdc_wdm 3-1:1.0: Unknown control protocol
[  651.008708][ T6899] playstation 0003:054C:05C4.0042: Failed to retrieve feature with reportID 163: -32
[  651.018388][ T6899] playstation 0003:054C:05C4.0042: Failed to retrieve DualShock4 firmware info: -32
[  651.028634][ T6899] playstation 0003:054C:05C4.0042: Failed to get firmware info from DualShock4
[  651.036605][ T5954] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  651.038510][ T6899] playstation 0003:054C:05C4.0042: HW/FW version data in sysfs will be invalid.
[  651.056641][ T6899] playstation 0003:054C:05C4.0042: Invalid accelerometer calibration data for axis (2), disabling calibration.
[  651.057527][ T5954] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  651.070962][ T6899] input: HID 054c:05c4 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:05C4.0042/input/input238
[  651.082848][ T5954] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  651.102903][ T5954] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  651.111873][ T6899] input: HID 054c:05c4 Motion Sensors as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:05C4.0042/input/input239
[  651.133040][   T30] audit: type=1400 audit(1753007502.558:722): avc:  denied  { read write } for  pid=13897 comm="syz.2.2371" name="cdc-wdm0" dev="devtmpfs" ino=5659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  651.162964][ T5978] playstation 0003:054C:05C4.0043: Failed to retrieve feature with reportID 163: -32
[  651.165320][ T5954] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  651.184759][ T5978] playstation 0003:054C:05C4.0043: Failed to retrieve DualShock4 firmware info: -32
[  651.195353][ T6906] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  651.210392][ T5954] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  651.212312][ T6899] input: HID 054c:05c4 Touchpad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:054C:05C4.0042/input/input240
[  651.240130][   T30] audit: type=1400 audit(1753007502.558:723): avc:  denied  { open } for  pid=13897 comm="syz.2.2371" path="/dev/cdc-wdm0" dev="devtmpfs" ino=5659 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  651.251061][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  651.267382][ T5978] playstation 0003:054C:05C4.0043: Failed to get firmware info from DualShock4
[  651.277605][ T5954] usb 2-1: Product: syz
[  651.286363][ T5978] playstation 0003:054C:05C4.0043: HW/FW version data in sysfs will be invalid.
[  651.290258][ T5954] usb 2-1: Manufacturer: syz
[  651.303664][ T5978] playstation 0003:054C:05C4.0043: Duplicate device found for MAC address a7:84:d5:83:20:29.
[  651.323737][ T5978] playstation 0003:054C:05C4.0043: Failed to create dualshock4.
[  651.341394][ T5978] playstation 0003:054C:05C4.0043: probe with driver playstation failed with error -17
[  651.344636][ T5954] cdc_wdm 2-1:1.0: skipping garbage
[  651.357392][ T5954] cdc_wdm 2-1:1.0: skipping garbage
[  651.364165][ T5954] cdc_wdm 2-1:1.0: cdc-wdm1: USB WDM device
[  651.370325][ T5954] cdc_wdm 2-1:1.0: Unknown control protocol
[  651.390542][ T6906] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  651.401923][ T6899] playstation 0003:054C:05C4.0042: Registered DualShock4 controller hw_version=0x00000000 fw_version=0x00000000
[  651.419483][ T6906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.438499][ T6906] usb 5-1: Product: syz
[  651.442965][ T6906] usb 5-1: Manufacturer: syz
[  651.453789][ T6899] usb 1-1: USB disconnect, device number 27
[  651.460384][ T6906] usb 5-1: SerialNumber: syz
[  651.468041][ T6906] usb 5-1: config 0 descriptor??
[  651.544506][T13900] FAULT_INJECTION: forcing a failure.
[  651.544506][T13900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  651.572274][T13900] CPU: 0 UID: 0 PID: 13900 Comm: syz.1.2372 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  651.572302][T13900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  651.572312][T13900] Call Trace:
[  651.572319][T13900]  <TASK>
[  651.572326][T13900]  dump_stack_lvl+0x16c/0x1f0
[  651.572362][T13900]  should_fail_ex+0x512/0x640
[  651.572394][T13900]  _copy_from_user+0x2e/0xd0
[  651.572411][T13900]  do_sys_poll+0x1d5/0xdf0
[  651.572436][T13900]  ? kernel_text_address+0x8d/0x100
[  651.572459][T13900]  ? arch_stack_walk+0xa6/0x100
[  651.572477][T13900]  ? __pfx_do_sys_poll+0x10/0x10
[  651.572523][T13900]  ? __lock_acquire+0x622/0x1c90
[  651.572581][T13900]  ? __pfx_timespec64_add_safe+0x10/0x10
[  651.572602][T13900]  ? ktime_get_ts64+0x2d2/0x400
[  651.572628][T13900]  ? read_tsc+0x9/0x20
[  651.572646][T13900]  ? ktime_get_ts64+0x256/0x400
[  651.572682][T13900]  __x64_sys_poll+0x1a6/0x450
[  651.572708][T13900]  ? __pfx___x64_sys_poll+0x10/0x10
[  651.572741][T13900]  do_syscall_64+0xcd/0x4c0
[  651.572762][T13900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.572779][T13900] RIP: 0033:0x7f086918e9a9
[  651.572794][T13900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  651.572810][T13900] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000007
[  651.572829][T13900] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  651.572841][T13900] RDX: 00000000000002a7 RSI: 0000000000000001 RDI: 0000200000000140
[  651.572852][T13900] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  651.572862][T13900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  651.572872][T13900] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  651.572895][T13900]  </TASK>
[  651.574660][ T5954] usb 2-1: USB disconnect, device number 4
[  651.702666][   T30] audit: type=1400 audit(1753007503.118:724): avc:  denied  { connect } for  pid=13905 comm="syz.4.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  651.707114][    C0] vkms_vblank_simulate: vblank timer overrun
[  651.711729][T13906] 9pnet_fd: Insufficient options for proto=fd
[  651.771372][T13907] net_ratelimit: 11 callbacks suppressed
[  651.771388][T13907] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  651.821787][T11427] usb 3-1: USB disconnect, device number 5
[  651.858972][ T6899] usb 5-1: USB disconnect, device number 16
[  651.983349][   T30] audit: type=1400 audit(1753007503.408:725): avc:  denied  { setattr } for  pid=13908 comm="syz.0.2375" name="NETLINK" dev="sockfs" ino=38489 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  652.691145][T13921] SELinux:  policydb magic number 0x3eec5ae3 does not match expected magic number 0xf97cff8c
[  652.702350][T13921] SELinux: failed to load policy
[  653.022277][T11427] usb 4-1: USB disconnect, device number 10
[  653.171068][   T30] audit: type=1400 audit(1753007504.598:726): avc:  denied  { append } for  pid=13924 comm="syz.0.2379" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  653.326859][T13934] binder: 13933:13934 ioctl c0306201 200000000c40 returned -22
[  653.395183][ T6906] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  653.511981][   T30] audit: type=1400 audit(1753007504.938:727): avc:  denied  { watch } for  pid=13935 comm="syz.2.2383" path="/460/file1" dev="tmpfs" ino=2359 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  653.535375][   T30] audit: type=1400 audit(1753007504.938:728): avc:  denied  { watch_sb watch_reads } for  pid=13935 comm="syz.2.2383" path="/460/file1" dev="tmpfs" ino=2359 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  653.559700][ T6906] usb 5-1: device descriptor read/64, error -71
[  653.565367][T11427] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  653.735133][T11427] usb 2-1: Using ep0 maxpacket: 8
[  653.744947][T11427] usb 2-1: config 5 has an invalid interface number: 35 but max is 1
[  653.755202][T11427] usb 2-1: config 5 has an invalid interface number: 4 but max is 1
[  653.780110][T11427] usb 2-1: config 5 has an invalid interface number: 4 but max is 1
[  653.805363][ T6906] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  653.813275][T11427] usb 2-1: config 5 has no interface number 0
[  653.825647][T11427] usb 2-1: config 5 has no interface number 1
[  654.030070][T11427] usb 2-1: config 5 interface 35 altsetting 10 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  654.054724][T11427] usb 2-1: config 5 interface 4 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  654.076310][T11427] usb 2-1: config 5 interface 35 has no altsetting 0
[  654.083946][T11427] usb 2-1: config 5 interface 4 has no altsetting 0
[  654.098731][T11427] usb 2-1: config 5 interface 4 has no altsetting 1
[  654.113251][T11427] usb 2-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=d4.1b
[  654.130882][T11427] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.141893][T11427] usb 2-1: Product: syz
[  654.219141][T11427] usb 2-1: Manufacturer: syz
[  654.223848][T11427] usb 2-1: SerialNumber: syz
[  654.415046][T13945] FAULT_INJECTION: forcing a failure.
[  654.415046][T13945] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  654.436040][T13945] CPU: 0 UID: 0 PID: 13945 Comm: syz.3.2386 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  654.436068][T13945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  654.436079][T13945] Call Trace:
[  654.436088][T13945]  <TASK>
[  654.436096][T13945]  dump_stack_lvl+0x16c/0x1f0
[  654.436130][T13945]  should_fail_ex+0x512/0x640
[  654.436161][T13945]  _copy_to_user+0x32/0xd0
[  654.436182][T13945]  simple_read_from_buffer+0xcb/0x170
[  654.436211][T13945]  proc_fail_nth_read+0x197/0x270
[  654.436238][T13945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  654.436266][T13945]  ? rw_verify_area+0xcf/0x680
[  654.436289][T13945]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  654.436314][T13945]  vfs_read+0x1e1/0xc60
[  654.436344][T13945]  ? __pfx___mutex_lock+0x10/0x10
[  654.436361][T13945]  ? __pfx_vfs_read+0x10/0x10
[  654.436393][T13945]  ? __fget_files+0x20e/0x3c0
[  654.436417][T13945]  ksys_read+0x12a/0x250
[  654.436442][T13945]  ? __pfx_ksys_read+0x10/0x10
[  654.436467][T13945]  ? fdget+0x187/0x210
[  654.436488][T13945]  do_syscall_64+0xcd/0x4c0
[  654.436507][T13945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.436525][T13945] RIP: 0033:0x7f5afc38d3bc
[  654.436540][T13945] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  654.436557][T13945] RSP: 002b:00007f5afd2be030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  654.436575][T13945] RAX: ffffffffffffffda RBX: 00007f5afc5b5fa0 RCX: 00007f5afc38d3bc
[  654.436587][T13945] RDX: 000000000000000f RSI: 00007f5afd2be0a0 RDI: 0000000000000003
[  654.436598][T13945] RBP: 00007f5afd2be090 R08: 0000000000000000 R09: 0000000000000000
[  654.436608][T13945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  654.436619][T13945] R13: 0000000000000000 R14: 00007f5afc5b5fa0 R15: 00007fff8434c5d8
[  654.436649][T13945]  </TASK>
[  654.805825][T11427] ttusbir 2-1:5.35: cannot find expected altsetting
[  654.815353][T11427] ttusbir 2-1:5.4: cannot find expected altsetting
[  654.866747][T11427] usb 2-1: USB disconnect, device number 5
[  654.885418][ T6906] usb 5-1: device descriptor read/64, error -71
[  655.026497][ T6906] usb usb5-port1: attempt power cycle
[  655.385732][ T6906] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  655.419654][   T48] Bluetooth: hci5: Frame reassembly failed (-84)
[  655.438960][ T6906] usb 5-1: device descriptor read/8, error -71
[  655.668056][T13960] serio: Serial port ptm1
[  655.685175][ T6906] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  655.705598][ T6906] usb 5-1: device descriptor read/8, error -71
[  655.735179][ T6899] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  655.825058][ T6906] usb usb5-port1: unable to enumerate USB device
[  655.852455][T13967] FAULT_INJECTION: forcing a failure.
[  655.852455][T13967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  655.870831][T13967] CPU: 1 UID: 0 PID: 13967 Comm: syz.2.2393 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  655.870847][T13967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  655.870854][T13967] Call Trace:
[  655.870858][T13967]  <TASK>
[  655.870862][T13967]  dump_stack_lvl+0x16c/0x1f0
[  655.870884][T13967]  should_fail_ex+0x512/0x640
[  655.870904][T13967]  _copy_from_user+0x2e/0xd0
[  655.870915][T13967]  copy_msghdr_from_user+0x98/0x160
[  655.870934][T13967]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  655.870958][T13967]  ___sys_sendmsg+0xfe/0x1d0
[  655.870969][T13967]  ? __pfx____sys_sendmsg+0x10/0x10
[  655.870978][T13967]  ? __lock_acquire+0x622/0x1c90
[  655.871004][T13967]  __sys_sendmsg+0x16d/0x220
[  655.871015][T13967]  ? __pfx___sys_sendmsg+0x10/0x10
[  655.871033][T13967]  do_syscall_64+0xcd/0x4c0
[  655.871045][T13967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.871057][T13967] RIP: 0033:0x7f445bf8e9a9
[  655.871066][T13967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.871078][T13967] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  655.871089][T13967] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  655.871096][T13967] RDX: 0000000004008094 RSI: 0000200000000100 RDI: 0000000000000003
[  655.871103][T13967] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  655.871109][T13967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  655.871115][T13967] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  655.871129][T13967]  </TASK>
[  656.056481][ T6899] usb 2-1: config index 0 descriptor too short (expected 65183, got 72)
[  656.074887][ T6899] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  656.084023][ T6899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.094118][ T6899] usb 2-1: Product: syz
[  656.098624][ T6899] usb 2-1: Manufacturer: syz
[  656.103273][ T6899] usb 2-1: SerialNumber: syz
[  656.154642][ T6899] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  656.193597][ T5978] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  656.242536][   T30] audit: type=1400 audit(1753007507.668:729): avc:  denied  { name_bind } for  pid=13968 comm="syz.2.2394" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  656.372145][T13969] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  656.420359][T13958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.443075][T13958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.469722][T13958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.506684][T13958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.549725][T13958] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  656.575687][T13958] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  656.599373][T11427] usb 2-1: USB disconnect, device number 6
[  656.629610][T13977] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2397'.
[  656.644027][T13977] FAULT_INJECTION: forcing a failure.
[  656.644027][T13977] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  656.668440][T13977] CPU: 1 UID: 0 PID: 13977 Comm: syz.0.2397 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  656.668468][T13977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  656.668477][T13977] Call Trace:
[  656.668483][T13977]  <TASK>
[  656.668490][T13977]  dump_stack_lvl+0x16c/0x1f0
[  656.668512][T13977]  should_fail_ex+0x512/0x640
[  656.668532][T13977]  _copy_from_user+0x2e/0xd0
[  656.668545][T13977]  copy_msghdr_from_user+0x98/0x160
[  656.668564][T13977]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  656.668587][T13977]  ___sys_sendmsg+0xfe/0x1d0
[  656.668603][T13977]  ? __pfx____sys_sendmsg+0x10/0x10
[  656.668612][T13977]  ? __lock_acquire+0x622/0x1c90
[  656.668640][T13977]  __sys_sendmsg+0x16d/0x220
[  656.668650][T13977]  ? __pfx___sys_sendmsg+0x10/0x10
[  656.668669][T13977]  do_syscall_64+0xcd/0x4c0
[  656.668681][T13977]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  656.668693][T13977] RIP: 0033:0x7fbbf858e9a9
[  656.668703][T13977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  656.668714][T13977] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  656.668725][T13977] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  656.668733][T13977] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000006
[  656.668739][T13977] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  656.668746][T13977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  656.668752][T13977] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  656.668765][T13977]  </TASK>
[  656.892502][T13978] overlayfs: failed to resolve './file0': -2
[  657.162715][T13982] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2398'.
[  657.233387][ T5978] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  657.277775][ T5978] ath9k_htc: Failed to initialize the device
[  657.297902][T11427] usb 2-1: ath9k_htc: USB layer deinitialized
[  657.465193][ T5845] Bluetooth: hci5: command 0x1003 tx timeout
[  657.471402][ T5839] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  657.719893][T11427] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  657.885214][T11427] usb 2-1: Using ep0 maxpacket: 32
[  658.295439][T11427] usb 2-1: config index 0 descriptor too short (expected 241, got 72)
[  658.318244][T11427] usb 2-1: config 0 interface 0 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[  658.360774][T11427] usb 2-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da
[  658.382622][T11427] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.456716][T11427] usb 2-1: config 0 descriptor??
[  658.505533][T13998] FAULT_INJECTION: forcing a failure.
[  658.505533][T13998] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  658.522034][T13998] CPU: 1 UID: 0 PID: 13998 Comm: syz.2.2404 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  658.522063][T13998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  658.522075][T13998] Call Trace:
[  658.522082][T13998]  <TASK>
[  658.522090][T13998]  dump_stack_lvl+0x16c/0x1f0
[  658.522126][T13998]  should_fail_ex+0x512/0x640
[  658.522159][T13998]  _copy_to_user+0x32/0xd0
[  658.522181][T13998]  simple_read_from_buffer+0xcb/0x170
[  658.522211][T13998]  proc_fail_nth_read+0x197/0x270
[  658.522238][T13998]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  658.522265][T13998]  ? rw_verify_area+0xcf/0x680
[  658.522289][T13998]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  658.522313][T13998]  vfs_read+0x1e1/0xc60
[  658.522343][T13998]  ? __pfx___mutex_lock+0x10/0x10
[  658.522361][T13998]  ? __pfx_vfs_read+0x10/0x10
[  658.522399][T13998]  ? __fget_files+0x20e/0x3c0
[  658.522424][T13998]  ksys_read+0x12a/0x250
[  658.522448][T13998]  ? __pfx_ksys_read+0x10/0x10
[  658.522481][T13998]  do_syscall_64+0xcd/0x4c0
[  658.522502][T13998]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  658.522521][T13998] RIP: 0033:0x7f445bf8d3bc
[  658.522537][T13998] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  658.522555][T13998] RSP: 002b:00007f4459df6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  658.522573][T13998] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8d3bc
[  658.522585][T13998] RDX: 000000000000000f RSI: 00007f4459df60a0 RDI: 0000000000000004
[  658.522596][T13998] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  658.522606][T13998] R10: 00000000000000c2 R11: 0000000000000246 R12: 0000000000000001
[  658.522617][T13998] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  658.522641][T13998]  </TASK>
[  658.705984][    C1] vkms_vblank_simulate: vblank timer overrun
[  658.715743][T11427] mos7840 2-1:0.0: missing endpoints
[  658.855207][T11427] usb 2-1: USB disconnect, device number 7
[  658.911556][   T30] audit: type=1400 audit(1753007510.308:730): avc:  denied  { create } for  pid=14003 comm="syz.1.2407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  658.971354][   T30] audit: type=1400 audit(1753007510.398:731): avc:  denied  { connect } for  pid=14008 comm="syz.3.2409" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  659.134432][   T30] audit: type=1400 audit(1753007510.458:732): avc:  denied  { setopt } for  pid=14005 comm="syz.0.2406" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  659.155409][   T30] audit: type=1400 audit(1753007510.478:733): avc:  denied  { ioctl } for  pid=14003 comm="syz.1.2407" path="socket:[39431]" dev="sockfs" ino=39431 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  659.181623][   T30] audit: type=1326 audit(1753007510.488:734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f445bf8e9a9 code=0x7ffc0000
[  659.206591][T14018] overlayfs: failed to resolve './file0': -2
[  659.229219][   T30] audit: type=1326 audit(1753007510.488:735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f445bf8e9a9 code=0x7ffc0000
[  659.259177][   T30] audit: type=1326 audit(1753007510.488:736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f445bf8e9a9 code=0x7ffc0000
[  659.292858][ T5954] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  659.312434][   T30] audit: type=1326 audit(1753007510.488:737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f445bf8e9a9 code=0x7ffc0000
[  659.336611][   T30] audit: type=1326 audit(1753007510.488:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14010 comm="syz.2.2408" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f445bf8e9a9 code=0x7ffc0000
[  659.486049][ T5954] usb 5-1: Using ep0 maxpacket: 8
[  659.504400][ T5954] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  659.523523][ T5954] usb 5-1: config 179 has no interface number 0
[  659.538574][ T5954] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  659.551174][ T5954] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  659.562902][ T5954] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  659.574282][ T5954] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  659.584913][ T5954] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  659.598549][ T5954] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  659.607741][ T5954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.651369][T14002] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  659.668604][ T5954] xpad 5-1:179.65: probe with driver xpad failed with error -5
[  659.861919][T14025] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  660.319349][T14002] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2405'.
[  660.328774][T14002] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2405'.
[  660.351816][ T5978] usb 5-1: USB disconnect, device number 21
[  660.433121][T14031] FAULT_INJECTION: forcing a failure.
[  660.433121][T14031] name failslab, interval 1, probability 0, space 0, times 0
[  660.481106][T14031] CPU: 1 UID: 0 PID: 14031 Comm: syz.1.2414 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  660.481133][T14031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  660.481144][T14031] Call Trace:
[  660.481152][T14031]  <TASK>
[  660.481159][T14031]  dump_stack_lvl+0x16c/0x1f0
[  660.481193][T14031]  should_fail_ex+0x512/0x640
[  660.481219][T14031]  ? fs_reclaim_acquire+0xae/0x150
[  660.481244][T14031]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  660.481262][T14031]  should_failslab+0xc2/0x120
[  660.481280][T14031]  __kmalloc_noprof+0xd2/0x510
[  660.481312][T14031]  tomoyo_realpath_from_path+0xc2/0x6e0
[  660.481331][T14031]  ? tomoyo_profile+0x47/0x60
[  660.481355][T14031]  tomoyo_path_number_perm+0x245/0x580
[  660.481379][T14031]  ? tomoyo_path_number_perm+0x237/0x580
[  660.481407][T14031]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  660.481433][T14031]  ? find_held_lock+0x2b/0x80
[  660.481479][T14031]  ? find_held_lock+0x2b/0x80
[  660.481501][T14031]  ? hook_file_ioctl_common+0x145/0x410
[  660.481528][T14031]  ? __fget_files+0x20e/0x3c0
[  660.481548][T14031]  security_file_ioctl+0x9b/0x240
[  660.481576][T14031]  __x64_sys_ioctl+0xb7/0x210
[  660.481602][T14031]  do_syscall_64+0xcd/0x4c0
[  660.481621][T14031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  660.481639][T14031] RIP: 0033:0x7f086918e9a9
[  660.481654][T14031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  660.481671][T14031] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  660.481689][T14031] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  660.481701][T14031] RDX: 00002000000002c0 RSI: 00000000c0306201 RDI: 0000000000000005
[  660.481712][T14031] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  660.481723][T14031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  660.481734][T14031] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  660.481758][T14031]  </TASK>
[  660.481766][T14031] ERROR: Out of memory at tomoyo_realpath_from_path.
[  660.531175][T14033] mkiss: ax0: crc mode is auto.
[  660.615249][ T6899] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  660.713724][T14044] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  660.846720][T14036] vlan2: entered promiscuous mode
[  660.852100][T14036] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  660.861401][T14036] vlan2: entered allmulticast mode
[  660.866686][T14036] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  661.187072][ T6899] usb 1-1: Using ep0 maxpacket: 32
[  661.194893][ T6899] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  661.205944][ T6899] usb 1-1: config 0 has no interface number 0
[  661.217355][ T6899] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  661.230823][ T6899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.251328][ T6899] usb 1-1: Product: syz
[  661.264687][ T6899] usb 1-1: Manufacturer: syz
[  661.284887][ T6899] usb 1-1: SerialNumber: syz
[  661.289658][ T5978] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  661.329246][ T6899] usb 1-1: config 0 descriptor??
[  661.356024][ T6899] smsc95xx v2.0.0
[  661.367823][T14052] FAULT_INJECTION: forcing a failure.
[  661.367823][T14052] name failslab, interval 1, probability 0, space 0, times 0
[  661.416612][T14052] CPU: 1 UID: 0 PID: 14052 Comm: syz.4.2419 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  661.416637][T14052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  661.416648][T14052] Call Trace:
[  661.416655][T14052]  <TASK>
[  661.416662][T14052]  dump_stack_lvl+0x16c/0x1f0
[  661.416693][T14052]  should_fail_ex+0x512/0x640
[  661.416720][T14052]  ? fs_reclaim_acquire+0xae/0x150
[  661.416744][T14052]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  661.416762][T14052]  should_failslab+0xc2/0x120
[  661.416780][T14052]  __kmalloc_noprof+0xd2/0x510
[  661.416816][T14052]  tomoyo_realpath_from_path+0xc2/0x6e0
[  661.416837][T14052]  ? tomoyo_profile+0x47/0x60
[  661.416860][T14052]  tomoyo_path_number_perm+0x245/0x580
[  661.416885][T14052]  ? tomoyo_path_number_perm+0x237/0x580
[  661.416912][T14052]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  661.416939][T14052]  ? find_held_lock+0x2b/0x80
[  661.416987][T14052]  ? find_held_lock+0x2b/0x80
[  661.417008][T14052]  ? hook_file_ioctl_common+0x145/0x410
[  661.417035][T14052]  ? __fget_files+0x20e/0x3c0
[  661.417057][T14052]  security_file_ioctl+0x9b/0x240
[  661.417075][T14052]  __x64_sys_ioctl+0xb7/0x210
[  661.417101][T14052]  do_syscall_64+0xcd/0x4c0
[  661.417121][T14052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.417139][T14052] RIP: 0033:0x7fae8d78e9a9
[  661.417154][T14052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.417171][T14052] RSP: 002b:00007fae8b5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  661.417189][T14052] RAX: ffffffffffffffda RBX: 00007fae8d9b6160 RCX: 00007fae8d78e9a9
[  661.417201][T14052] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000006
[  661.417213][T14052] RBP: 00007fae8b5d5090 R08: 0000000000000000 R09: 0000000000000000
[  661.417224][T14052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.417235][T14052] R13: 0000000000000000 R14: 00007fae8d9b6160 R15: 00007fff1d1e32c8
[  661.417260][T14052]  </TASK>
[  661.417288][T14052] ERROR: Out of memory at tomoyo_realpath_from_path.
[  661.676360][T14052] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  661.708916][ T5978] usb 2-1: config index 0 descriptor too short (expected 65183, got 72)
[  661.719403][ T5978] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  661.729871][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  661.741042][ T5978] usb 2-1: Product: syz
[  661.745536][ T5978] usb 2-1: Manufacturer: syz
[  661.750266][ T5978] usb 2-1: SerialNumber: syz
[  661.775571][ T5978] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  661.789743][ T6906] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  661.836272][ T6899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  661.847739][ T6899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  662.006112][T14046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.014864][T14046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.026007][T14046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.035036][T14046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.046722][T14046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.058056][T14046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.086105][   T10] usb 2-1: USB disconnect, device number 8
[  662.825166][ T6906] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  662.832249][ T6906] ath9k_htc: Failed to initialize the device
[  662.838792][   T10] usb 2-1: ath9k_htc: USB layer deinitialized
[  663.137370][   T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  663.295185][   T10] usb 2-1: Using ep0 maxpacket: 32
[  663.301830][   T10] usb 2-1: config index 0 descriptor too short (expected 241, got 72)
[  663.310559][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  663.322310][   T10] usb 2-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da
[  663.331444][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.341276][   T10] usb 2-1: config 0 descriptor??
[  663.349277][   T10] mos7840 2-1:0.0: Moschip 7840/7820 USB Serial Driver converter detected
[  663.470018][ T6899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000038: -61
[  663.481126][ T6899] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -61
[  663.750277][   T10] mos7840 ttyUSB0: probe with driver mos7840 failed with error -32
[  663.759691][   T10] mos7840 ttyUSB1: probe with driver mos7840 failed with error -32
[  664.577719][   T30] kauditd_printk_skb: 93 callbacks suppressed
[  664.577735][   T30] audit: type=1400 audit(1753007516.008:832): avc:  denied  { read } for  pid=5185 comm="acpid" name="event6" dev="devtmpfs" ino=5712 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  664.700092][   T30] audit: type=1400 audit(1753007516.008:833): avc:  denied  { open } for  pid=5185 comm="acpid" path="/dev/input/event6" dev="devtmpfs" ino=5712 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  664.730222][T14069] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2425'.
[  664.753539][ T6906] usb 1-1: USB disconnect, device number 28
[  664.785131][   T30] audit: type=1400 audit(1753007516.008:834): avc:  denied  { ioctl } for  pid=5185 comm="acpid" path="/dev/input/event6" dev="devtmpfs" ino=5712 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  664.827181][ T5954] usb 2-1: USB disconnect, device number 9
[  664.871098][ T5954] mos7840 2-1:0.0: device disconnected
[  664.874026][T14071] FAULT_INJECTION: forcing a failure.
[  664.874026][T14071] name failslab, interval 1, probability 0, space 0, times 0
[  664.885289][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  664.933858][T14073] ISOFS: Unable to identify CD-ROM format.
[  664.965468][T14071] CPU: 0 UID: 0 PID: 14071 Comm: syz.0.2426 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  664.965494][T14071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  664.965505][T14071] Call Trace:
[  664.965511][T14071]  <TASK>
[  664.965518][T14071]  dump_stack_lvl+0x16c/0x1f0
[  664.965551][T14071]  should_fail_ex+0x512/0x640
[  664.965578][T14071]  ? fs_reclaim_acquire+0xae/0x150
[  664.965602][T14071]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  664.965620][T14071]  should_failslab+0xc2/0x120
[  664.965638][T14071]  __kmalloc_noprof+0xd2/0x510
[  664.965670][T14071]  tomoyo_realpath_from_path+0xc2/0x6e0
[  664.965690][T14071]  ? tomoyo_profile+0x47/0x60
[  664.965713][T14071]  tomoyo_path_number_perm+0x245/0x580
[  664.965737][T14071]  ? tomoyo_path_number_perm+0x237/0x580
[  664.965765][T14071]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  664.965792][T14071]  ? find_held_lock+0x2b/0x80
[  664.965837][T14071]  ? find_held_lock+0x2b/0x80
[  664.965858][T14071]  ? hook_file_ioctl_common+0x145/0x410
[  664.965885][T14071]  ? __fget_files+0x20e/0x3c0
[  664.965907][T14071]  security_file_ioctl+0x9b/0x240
[  664.965925][T14071]  __x64_sys_ioctl+0xb7/0x210
[  664.965951][T14071]  do_syscall_64+0xcd/0x4c0
[  664.965971][T14071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.965989][T14071] RIP: 0033:0x7fbbf858e9a9
[  664.966003][T14071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.966020][T14071] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  664.966038][T14071] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  664.966050][T14071] RDX: 0000200000000800 RSI: 000000000000890b RDI: 0000000000000003
[  664.966061][T14071] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  664.966071][T14071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.966081][T14071] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  664.966105][T14071]  </TASK>
[  664.966112][T14071] ERROR: Out of memory at tomoyo_realpath_from_path.
[  665.125167][   T30] audit: type=1400 audit(1753007516.488:835): avc:  denied  { connect } for  pid=14074 comm="syz.3.2428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  665.303803][   T10] usb 3-1: config index 0 descriptor too short (expected 65183, got 72)
[  665.485918][   T10] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  665.531508][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.539793][   T10] usb 3-1: Product: syz
[  665.545261][   T10] usb 3-1: Manufacturer: syz
[  665.557794][   T10] usb 3-1: SerialNumber: syz
[  665.582873][   T10] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  665.601298][ T5954] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  665.663348][T14083] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  665.673559][T14083] syzkaller0: entered promiscuous mode
[  665.682955][T14083] syzkaller0: entered allmulticast mode
[  665.704525][T14083] tipc: Resetting bearer <eth:syzkaller0>
[  665.727470][T14082] tipc: Resetting bearer <eth:syzkaller0>
[  665.768728][T14088] x_tables: duplicate underflow at hook 2
[  665.796294][T14082] tipc: Disabling bearer <eth:syzkaller0>
[  666.177281][T14067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.186863][T14067] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.195971][ T6906] usb 3-1: USB disconnect, device number 6
[  666.279348][T14092] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2432'.
[  666.312722][T14097] FAULT_INJECTION: forcing a failure.
[  666.312722][T14097] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  666.333923][T14097] CPU: 0 UID: 0 PID: 14097 Comm: syz.1.2434 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  666.333949][T14097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  666.333960][T14097] Call Trace:
[  666.333966][T14097]  <TASK>
[  666.333973][T14097]  dump_stack_lvl+0x16c/0x1f0
[  666.334007][T14097]  should_fail_ex+0x512/0x640
[  666.334038][T14097]  _copy_from_user+0x2e/0xd0
[  666.334058][T14097]  copy_msghdr_from_user+0x98/0x160
[  666.334086][T14097]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  666.334127][T14097]  ___sys_sendmsg+0xfe/0x1d0
[  666.334145][T14097]  ? __pfx____sys_sendmsg+0x10/0x10
[  666.334159][T14097]  ? __lock_acquire+0x622/0x1c90
[  666.334204][T14097]  __sys_sendmsg+0x16d/0x220
[  666.334221][T14097]  ? __pfx___sys_sendmsg+0x10/0x10
[  666.334253][T14097]  do_syscall_64+0xcd/0x4c0
[  666.334272][T14097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.334291][T14097] RIP: 0033:0x7f086918e9a9
[  666.334305][T14097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  666.334321][T14097] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  666.334338][T14097] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  666.334350][T14097] RDX: 0000000000004814 RSI: 0000200000001080 RDI: 0000000000000003
[  666.334361][T14097] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  666.334372][T14097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  666.334383][T14097] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  666.334407][T14097]  </TASK>
[  666.451250][T14101] netlink: 'syz.3.2435': attribute type 2 has an invalid length.
[  666.538287][T14101] netlink: 137592 bytes leftover after parsing attributes in process `syz.3.2435'.
[  666.641624][   T30] audit: type=1400 audit(1753007518.067:836): avc:  denied  { read } for  pid=14102 comm="syz.1.2436" name="usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  666.670846][   T30] audit: type=1400 audit(1753007518.097:837): avc:  denied  { open } for  pid=14102 comm="syz.1.2436" path="/dev/usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  666.710409][   T30] audit: type=1400 audit(1753007518.137:838): avc:  denied  { append } for  pid=14102 comm="syz.1.2436" name="001" dev="devtmpfs" ino=739 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  666.823069][ T5839] Bluetooth: hci2: unexpected event for opcode 0x0803
[  666.830321][ T5954] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  667.301382][ T5954] ath9k_htc: Failed to initialize the device
[  667.314870][   T30] audit: type=1400 audit(1753007518.357:839): avc:  denied  { create } for  pid=14102 comm="syz.1.2436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  667.368943][   T30] audit: type=1400 audit(1753007518.367:840): avc:  denied  { bind } for  pid=14102 comm="syz.1.2436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  667.705869][ T6906] usb 3-1: ath9k_htc: USB layer deinitialized
[  667.741244][T14118] FAULT_INJECTION: forcing a failure.
[  667.741244][T14118] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  667.793287][T14118] CPU: 0 UID: 0 PID: 14118 Comm: syz.1.2439 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  667.793312][T14118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  667.793322][T14118] Call Trace:
[  667.793328][T14118]  <TASK>
[  667.793335][T14118]  dump_stack_lvl+0x16c/0x1f0
[  667.793367][T14118]  should_fail_ex+0x512/0x640
[  667.793398][T14118]  _copy_from_user+0x2e/0xd0
[  667.793417][T14118]  __sys_bpf+0x21d/0x4ea0
[  667.793453][T14118]  ? __pfx___sys_bpf+0x10/0x10
[  667.793477][T14118]  ? ksys_write+0x190/0x250
[  667.793507][T14118]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  667.793540][T14118]  ? fput+0x70/0xf0
[  667.793558][T14118]  ? ksys_write+0x1ac/0x250
[  667.793582][T14118]  ? __pfx_ksys_write+0x10/0x10
[  667.793611][T14118]  __x64_sys_bpf+0x78/0xc0
[  667.793635][T14118]  ? lockdep_hardirqs_on+0x7c/0x110
[  667.793662][T14118]  do_syscall_64+0xcd/0x4c0
[  667.793681][T14118]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.793699][T14118] RIP: 0033:0x7f086918e9a9
[  667.793713][T14118] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  667.793730][T14118] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  667.793747][T14118] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  667.793759][T14118] RDX: 0000000000000048 RSI: 000020000000e000 RDI: 0000000000000005
[  667.793770][T14118] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  667.793781][T14118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.793792][T14118] R13: 0000000000000001 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  667.793814][T14118]  </TASK>
[  668.121364][T14125] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  668.131196][T14128] FAULT_INJECTION: forcing a failure.
[  668.131196][T14128] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  668.155377][T14125] syzkaller0: entered promiscuous mode
[  668.161307][T14128] CPU: 1 UID: 0 PID: 14128 Comm: syz.0.2442 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  668.161332][T14128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  668.161344][T14128] Call Trace:
[  668.161350][T14128]  <TASK>
[  668.161357][T14128]  dump_stack_lvl+0x16c/0x1f0
[  668.161390][T14128]  should_fail_ex+0x512/0x640
[  668.161420][T14128]  _copy_from_user+0x2e/0xd0
[  668.161440][T14128]  copy_msghdr_from_user+0x98/0x160
[  668.161470][T14128]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  668.161510][T14128]  ___sys_sendmsg+0xfe/0x1d0
[  668.161529][T14128]  ? __pfx____sys_sendmsg+0x10/0x10
[  668.161544][T14128]  ? __lock_acquire+0x622/0x1c90
[  668.161590][T14128]  __sys_sendmsg+0x16d/0x220
[  668.161609][T14128]  ? __pfx___sys_sendmsg+0x10/0x10
[  668.161641][T14128]  do_syscall_64+0xcd/0x4c0
[  668.161662][T14128]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.161681][T14128] RIP: 0033:0x7fbbf858e9a9
[  668.161696][T14128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.161711][T14128] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  668.161728][T14128] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  668.161739][T14128] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  668.161749][T14128] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  668.161761][T14128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  668.161771][T14128] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  668.161797][T14128]  </TASK>
[  668.330000][T14125] syzkaller0: entered allmulticast mode
[  668.441876][T14125] tipc: Resetting bearer <eth:syzkaller0>
[  668.475391][T14124] tipc: Resetting bearer <eth:syzkaller0>
[  668.585041][T14124] tipc: Disabling bearer <eth:syzkaller0>
[  668.877288][T14138] FAULT_INJECTION: forcing a failure.
[  668.877288][T14138] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  668.927364][T14138] CPU: 1 UID: 0 PID: 14138 Comm: syz.0.2446 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  668.927391][T14138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  668.927402][T14138] Call Trace:
[  668.927408][T14138]  <TASK>
[  668.927415][T14138]  dump_stack_lvl+0x16c/0x1f0
[  668.927447][T14138]  should_fail_ex+0x512/0x640
[  668.927479][T14138]  _copy_from_user+0x2e/0xd0
[  668.927499][T14138]  copy_msghdr_from_user+0x98/0x160
[  668.927528][T14138]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  668.927569][T14138]  ___sys_sendmsg+0xfe/0x1d0
[  668.927587][T14138]  ? __pfx____sys_sendmsg+0x10/0x10
[  668.927602][T14138]  ? __lock_acquire+0x622/0x1c90
[  668.927649][T14138]  __sys_sendmsg+0x16d/0x220
[  668.927667][T14138]  ? __pfx___sys_sendmsg+0x10/0x10
[  668.927699][T14138]  do_syscall_64+0xcd/0x4c0
[  668.927718][T14138]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  668.927736][T14138] RIP: 0033:0x7fbbf858e9a9
[  668.927751][T14138] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  668.927768][T14138] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  668.927785][T14138] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  668.927800][T14138] RDX: 000000000000c040 RSI: 0000200000000700 RDI: 0000000000000004
[  668.927811][T14138] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  668.927821][T14138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  668.927832][T14138] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  668.927856][T14138]  </TASK>
[  669.412515][T14136] xt_TCPMSS: Only works on TCP SYN packets
[  669.513238][T14156] netlink: 'syz.3.2450': attribute type 21 has an invalid length.
[  669.675150][ T5954] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  669.875184][ T5954] usb 3-1: Using ep0 maxpacket: 32
[  669.882093][ T5954] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  669.913805][ T5954] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  669.926471][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  669.934663][ T5954] usb 3-1: Product: syz
[  669.962942][ T5954] usb 3-1: Manufacturer: syz
[  669.980776][ T5954] usb 3-1: SerialNumber: syz
[  670.002484][T14171] XFS (nullb0): Invalid superblock magic number
[  670.011554][ T5954] usb 3-1: config 0 descriptor??
[  670.028772][T14150] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  670.108576][T14171] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2449'.
[  671.132650][   T30] audit: type=1400 audit(1753007522.557:841): avc:  denied  { name_connect } for  pid=14145 comm="syz.2.2447" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  671.177326][   T10] usb 3-1: USB disconnect, device number 7
[  671.186467][T14192] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2458'.
[  672.518819][T14212] FAULT_INJECTION: forcing a failure.
[  672.518819][T14212] name failslab, interval 1, probability 0, space 0, times 0
[  672.533252][T14212] CPU: 1 UID: 0 PID: 14212 Comm: syz.1.2462 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  672.533277][T14212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  672.533288][T14212] Call Trace:
[  672.533295][T14212]  <TASK>
[  672.533302][T14212]  dump_stack_lvl+0x16c/0x1f0
[  672.533335][T14212]  should_fail_ex+0x512/0x640
[  672.533367][T14212]  ? __kmalloc_noprof+0xbf/0x510
[  672.533397][T14212]  ? sock_kmalloc+0x111/0x170
[  672.533417][T14212]  should_failslab+0xc2/0x120
[  672.533436][T14212]  __kmalloc_noprof+0xd2/0x510
[  672.533471][T14212]  sock_kmalloc+0x111/0x170
[  672.533494][T14212]  alg_setsockopt+0x390/0xdd0
[  672.533516][T14212]  ? __pfx_alg_setsockopt+0x10/0x10
[  672.533535][T14212]  ? selinux_socket_setsockopt+0x6a/0x80
[  672.533562][T14212]  ? __pfx_alg_setsockopt+0x10/0x10
[  672.533582][T14212]  do_sock_setsockopt+0xf0/0x1d0
[  672.533606][T14212]  __sys_setsockopt+0x1a0/0x230
[  672.533640][T14212]  __x64_sys_setsockopt+0xbd/0x160
[  672.533665][T14212]  ? do_syscall_64+0x91/0x4c0
[  672.533682][T14212]  ? lockdep_hardirqs_on+0x7c/0x110
[  672.533709][T14212]  do_syscall_64+0xcd/0x4c0
[  672.533729][T14212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  672.533748][T14212] RIP: 0033:0x7f086918e9a9
[  672.533762][T14212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  672.533780][T14212] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  672.533801][T14212] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  672.533813][T14212] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[  672.533823][T14212] RBP: 00007f0869f28090 R08: 0000000000000010 R09: 0000000000000000
[  672.533834][T14212] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001
[  672.533845][T14212] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  672.533869][T14212]  </TASK>
[  672.852690][   T30] audit: type=1400 audit(1753007524.277:842): avc:  denied  { setopt } for  pid=14215 comm="syz.2.2465" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  672.903155][   T30] audit: type=1400 audit(1753007524.307:843): avc:  denied  { map } for  pid=14217 comm="syz.1.2466" path="socket:[39927]" dev="sockfs" ino=39927 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  672.931077][   T30] audit: type=1400 audit(1753007524.307:844): avc:  denied  { read } for  pid=14217 comm="syz.1.2466" path="socket:[39927]" dev="sockfs" ino=39927 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  673.075297][   T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  673.106067][T14222] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2467'.
[  673.122693][T14226] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2469'.
[  673.138891][T14226] netlink: 'syz.4.2469': attribute type 1 has an invalid length.
[  673.151661][T14226] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2469'.
[  673.171457][   T30] audit: type=1400 audit(1753007524.597:845): avc:  denied  { nlmsg_read } for  pid=14224 comm="syz.4.2469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  673.228612][   T30] audit: type=1400 audit(1753007524.617:846): avc:  denied  { write } for  pid=14225 comm="syz.2.2468" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  673.283824][   T10] usb 4-1: config 0 has no interfaces?
[  673.313152][   T10] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  673.325257][   T10] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  673.342550][   T10] usb 4-1: Product: syz
[  673.350653][   T10] usb 4-1: Manufacturer: syz
[  673.363055][   T10] usb 4-1: SerialNumber: syz
[  673.410933][   T10] usb 4-1: config 0 descriptor??
[  673.991947][   T30] audit: type=1326 audit(1753007525.387:847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14207 comm="syz.3.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5afc38e9a9 code=0x7ffc0000
[  674.019786][   T30] audit: type=1326 audit(1753007525.387:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14207 comm="syz.3.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5afc38e9a9 code=0x7ffc0000
[  674.043863][   T30] audit: type=1326 audit(1753007525.387:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14207 comm="syz.3.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f5afc38e9a9 code=0x7ffc0000
[  674.082864][   T30] audit: type=1326 audit(1753007525.387:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14207 comm="syz.3.2463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5afc38e9a9 code=0x7ffc0000
[  674.421514][T14243] befs: (nullb0): invalid magic header
[  674.781896][T14254] ptrace attach of "./syz-executor exec"[5824] was attempted by "./syz-executor exec"[14254]
[  675.480081][T14261] FAULT_INJECTION: forcing a failure.
[  675.480081][T14261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.513443][T14261] CPU: 0 UID: 0 PID: 14261 Comm: syz.2.2479 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  675.513470][T14261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  675.513479][T14261] Call Trace:
[  675.513483][T14261]  <TASK>
[  675.513488][T14261]  dump_stack_lvl+0x16c/0x1f0
[  675.513522][T14261]  should_fail_ex+0x512/0x640
[  675.513554][T14261]  _copy_from_user+0x2e/0xd0
[  675.513573][T14261]  copy_msghdr_from_user+0x98/0x160
[  675.513592][T14261]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  675.513616][T14261]  ___sys_sendmsg+0xfe/0x1d0
[  675.513627][T14261]  ? __pfx____sys_sendmsg+0x10/0x10
[  675.513636][T14261]  ? __lock_acquire+0x622/0x1c90
[  675.513664][T14261]  __sys_sendmsg+0x16d/0x220
[  675.513674][T14261]  ? __pfx___sys_sendmsg+0x10/0x10
[  675.513693][T14261]  do_syscall_64+0xcd/0x4c0
[  675.513705][T14261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  675.513718][T14261] RIP: 0033:0x7f445bf8e9a9
[  675.513727][T14261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  675.513739][T14261] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  675.513750][T14261] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  675.513757][T14261] RDX: 0000000008000802 RSI: 0000200000000000 RDI: 0000000000000003
[  675.513764][T14261] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  675.513771][T14261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  675.513777][T14261] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  675.513790][T14261]  </TASK>
[  676.090266][T14271] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2483'.
[  676.189201][T14272] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2482'.
[  676.690503][   T10] usb 4-1: USB disconnect, device number 11
[  676.894585][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  676.894602][   T30] audit: type=1400 audit(1753007528.317:878): avc:  denied  { create } for  pid=14282 comm="syz.1.2488" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  676.936813][   T30] audit: type=1400 audit(1753007528.357:879): avc:  denied  { mounton } for  pid=14282 comm="syz.1.2488" path="/522/file0" dev="tmpfs" ino=2678 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  677.238849][T14294] FAULT_INJECTION: forcing a failure.
[  677.238849][T14294] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  677.273532][T14294] CPU: 0 UID: 0 PID: 14294 Comm: syz.1.2489 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  677.273556][T14294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  677.273566][T14294] Call Trace:
[  677.273572][T14294]  <TASK>
[  677.273579][T14294]  dump_stack_lvl+0x16c/0x1f0
[  677.273610][T14294]  should_fail_ex+0x512/0x640
[  677.273641][T14294]  _copy_to_user+0x32/0xd0
[  677.273660][T14294]  simple_read_from_buffer+0xcb/0x170
[  677.273689][T14294]  proc_fail_nth_read+0x197/0x270
[  677.273716][T14294]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.273743][T14294]  ? rw_verify_area+0xcf/0x680
[  677.273765][T14294]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  677.273789][T14294]  vfs_read+0x1e1/0xc60
[  677.273818][T14294]  ? __pfx___mutex_lock+0x10/0x10
[  677.273836][T14294]  ? __pfx_vfs_read+0x10/0x10
[  677.273867][T14294]  ? __fget_files+0x20e/0x3c0
[  677.273892][T14294]  ksys_read+0x12a/0x250
[  677.273916][T14294]  ? __pfx_ksys_read+0x10/0x10
[  677.273946][T14294]  do_syscall_64+0xcd/0x4c0
[  677.273965][T14294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  677.273984][T14294] RIP: 0033:0x7f086918d3bc
[  677.273998][T14294] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  677.274015][T14294] RSP: 002b:00007f0869f28030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  677.274031][T14294] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918d3bc
[  677.274043][T14294] RDX: 000000000000000f RSI: 00007f0869f280a0 RDI: 0000000000000005
[  677.274052][T14294] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  677.274063][T14294] R10: 0000000000002103 R11: 0000000000000246 R12: 0000000000000001
[  677.274073][T14294] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  677.274100][T14294]  </TASK>
[  677.922081][T14307] openvswitch: netlink: Flow key attr not present in new flow.
[  677.948182][T14307] __vm_enough_memory: pid: 14307, comm: syz.4.2492, bytes: 21200624795648 not enough memory for the allocation
[  678.265209][ T5954] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  678.363966][   T30] audit: type=1400 audit(1753007529.787:880): avc:  denied  { append } for  pid=14309 comm="syz.3.2493" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  678.436205][ T5954] usb 5-1: Using ep0 maxpacket: 8
[  678.535587][   T30] audit: type=1400 audit(1753007529.787:881): avc:  denied  { write } for  pid=14308 comm="syz.1.2494" lport=57599 faddr=::ffff:100.1.1.0 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  678.560213][   T30] audit: type=1400 audit(1753007529.787:882): avc:  denied  { setopt } for  pid=14308 comm="syz.1.2494" lport=57599 faddr=::ffff:100.1.1.0 fport=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  678.584914][ T5954] usb 5-1: config 0 interface 0 has no altsetting 0
[  678.606592][ T5954] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76
[  678.725147][T14321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2495'.
[  678.981137][T14321] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2495'.
[  678.990254][T14321] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2495'.
[  679.069255][ T5954] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.077441][ T5954] usb 5-1: Product: syz
[  679.081613][ T5954] usb 5-1: Manufacturer: syz
[  679.086241][ T5954] usb 5-1: SerialNumber: syz
[  679.124445][ T5954] usb 5-1: config 0 descriptor??
[  679.159534][T14325] FAULT_INJECTION: forcing a failure.
[  679.159534][T14325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.173482][T14324] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2498'.
[  679.174815][ T5954] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found
[  679.214349][T14321] syz.0.2495 (14321) used greatest stack depth: 19016 bytes left
[  679.234082][T14325] CPU: 1 UID: 0 PID: 14325 Comm: syz.3.2497 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  679.234113][T14325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  679.234123][T14325] Call Trace:
[  679.234130][T14325]  <TASK>
[  679.234138][T14325]  dump_stack_lvl+0x16c/0x1f0
[  679.234173][T14325]  should_fail_ex+0x512/0x640
[  679.234204][T14325]  _copy_from_user+0x2e/0xd0
[  679.234224][T14325]  __sys_bpf+0x21d/0x4ea0
[  679.234253][T14325]  ? __pfx___sys_bpf+0x10/0x10
[  679.234278][T14325]  ? ksys_write+0x190/0x250
[  679.234307][T14325]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  679.234341][T14325]  ? fput+0x70/0xf0
[  679.234359][T14325]  ? ksys_write+0x1ac/0x250
[  679.234384][T14325]  ? __pfx_ksys_write+0x10/0x10
[  679.234415][T14325]  __x64_sys_bpf+0x78/0xc0
[  679.234440][T14325]  ? lockdep_hardirqs_on+0x7c/0x110
[  679.234467][T14325]  do_syscall_64+0xcd/0x4c0
[  679.234486][T14325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.234505][T14325] RIP: 0033:0x7f5afc38e9a9
[  679.234520][T14325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.234537][T14325] RSP: 002b:00007f5afd2be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  679.234555][T14325] RAX: ffffffffffffffda RBX: 00007f5afc5b5fa0 RCX: 00007f5afc38e9a9
[  679.234567][T14325] RDX: 0000000000000094 RSI: 00002000000018c0 RDI: 0000000000000005
[  679.234578][T14325] RBP: 00007f5afd2be090 R08: 0000000000000000 R09: 0000000000000000
[  679.234589][T14325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.234599][T14325] R13: 0000000000000000 R14: 00007f5afc5b5fa0 R15: 00007fff8434c5d8
[  679.234623][T14325]  </TASK>
[  679.589592][ T5954] snd_usb_toneport 5-1:0.0: cannot get proper max packet size
[  679.643367][T14339] FAULT_INJECTION: forcing a failure.
[  679.643367][T14339] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  679.656798][ T5954] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected
[  679.658366][ T5954] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  679.689041][T14339] CPU: 1 UID: 0 PID: 14339 Comm: syz.2.2502 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  679.689068][T14339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  679.689078][T14339] Call Trace:
[  679.689085][T14339]  <TASK>
[  679.689092][T14339]  dump_stack_lvl+0x16c/0x1f0
[  679.689131][T14339]  should_fail_ex+0x512/0x640
[  679.689161][T14339]  _copy_from_user+0x2e/0xd0
[  679.689181][T14339]  copy_msghdr_from_user+0x98/0x160
[  679.689208][T14339]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  679.689240][T14339]  ? __lock_acquire+0x622/0x1c90
[  679.689260][T14339]  ___sys_recvmsg+0xdb/0x1a0
[  679.689277][T14339]  ? __pfx____sys_recvmsg+0x10/0x10
[  679.689314][T14339]  __sys_recvmsg+0x16a/0x220
[  679.689332][T14339]  ? __pfx___sys_recvmsg+0x10/0x10
[  679.689364][T14339]  do_syscall_64+0xcd/0x4c0
[  679.689384][T14339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  679.689402][T14339] RIP: 0033:0x7f445bf8e9a9
[  679.689416][T14339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  679.689433][T14339] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  679.689451][T14339] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  679.689463][T14339] RDX: 0000000000000080 RSI: 00002000000000c0 RDI: 0000000000000003
[  679.689474][T14339] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  679.689484][T14339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  679.689494][T14339] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  679.689517][T14339]  </TASK>
[  679.951675][   T30] audit: type=1400 audit(1753007531.367:883): avc:  denied  { write } for  pid=14342 comm="syz.0.2505" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  679.971426][   T30] audit: type=1400 audit(1753007531.367:884): avc:  denied  { ioctl } for  pid=14342 comm="syz.0.2505" path="socket:[40448]" dev="sockfs" ino=40448 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  680.265373][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  680.317240][ T5978] usb 5-1: USB disconnect, device number 22
[  680.351078][T14353] xt_hashlimit: max too large, truncated to 1048576
[  680.362476][T14353] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  680.404934][T14355] FAULT_INJECTION: forcing a failure.
[  680.404934][T14355] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  680.418106][T14355] CPU: 0 UID: 0 PID: 14355 Comm: syz.0.2509 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  680.418130][T14355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  680.418141][T14355] Call Trace:
[  680.418147][T14355]  <TASK>
[  680.418154][T14355]  dump_stack_lvl+0x16c/0x1f0
[  680.418186][T14355]  should_fail_ex+0x512/0x640
[  680.418214][T14355]  _copy_from_user+0x2e/0xd0
[  680.418230][T14355]  __sys_bpf+0x21d/0x4ea0
[  680.418252][T14355]  ? __pfx___sys_bpf+0x10/0x10
[  680.418268][T14355]  ? ksys_write+0x190/0x250
[  680.418287][T14355]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  680.418306][T14355]  ? fput+0x70/0xf0
[  680.418318][T14355]  ? ksys_write+0x1ac/0x250
[  680.418333][T14355]  ? __pfx_ksys_write+0x10/0x10
[  680.418352][T14355]  __x64_sys_bpf+0x78/0xc0
[  680.418367][T14355]  ? lockdep_hardirqs_on+0x7c/0x110
[  680.418385][T14355]  do_syscall_64+0xcd/0x4c0
[  680.418396][T14355]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  680.418408][T14355] RIP: 0033:0x7fbbf858e9a9
[  680.418417][T14355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  680.418428][T14355] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  680.418439][T14355] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  680.418446][T14355] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  680.418453][T14355] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  680.418459][T14355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  680.418466][T14355] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  680.418479][T14355]  </TASK>
[  680.613923][   T10] usb 4-1: config index 0 descriptor too short (expected 65183, got 72)
[  680.624112][   T10] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  680.633225][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  680.641459][   T10] usb 4-1: Product: syz
[  680.645676][   T10] usb 4-1: Manufacturer: syz
[  680.650033][   T30] audit: type=1400 audit(1753007532.077:885): avc:  denied  { write } for  pid=14356 comm="syz.1.2510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  680.650260][   T10] usb 4-1: SerialNumber: syz
[  680.673854][T14357] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2510'.
[  680.676091][T11427] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  680.695845][   T10] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  680.716284][ T5954] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  680.837859][   T30] audit: type=1400 audit(1753007532.267:886): avc:  denied  { getopt } for  pid=14356 comm="syz.1.2510" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  680.888941][T11427] usb 3-1: config index 0 descriptor too short (expected 65183, got 72)
[  681.521723][T14361] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2511'.
[  681.677816][T11427] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  681.764414][T11427] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.831233][T11427] usb 3-1: Product: syz
[  681.850209][T11427] usb 3-1: Manufacturer: syz
[  681.874688][T11427] usb 3-1: SerialNumber: syz
[  681.910898][ T5954] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive
[  681.929623][T11427] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  681.968494][ T5954] ath9k_htc: Failed to initialize the device
[  682.025024][ T5907] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  682.157876][ T5954] usb 4-1: ath9k_htc: USB layer deinitialized
[  682.215368][T14348] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.241431][T14371] fuse: Bad value for 'user_id'
[  682.252617][T14351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.261401][T14351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.281139][T14348] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.295842][T14371] fuse: Bad value for 'user_id'
[  682.302194][ T5978] usb 3-1: USB disconnect, device number 8
[  682.350754][ T6906] usb 4-1: USB disconnect, device number 12
[  682.783815][T14387] FAULT_INJECTION: forcing a failure.
[  682.783815][T14387] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.398864][T14387] CPU: 0 UID: 0 PID: 14387 Comm: syz.0.2519 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  683.398891][T14387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  683.398903][T14387] Call Trace:
[  683.398909][T14387]  <TASK>
[  683.398916][T14387]  dump_stack_lvl+0x16c/0x1f0
[  683.398949][T14387]  should_fail_ex+0x512/0x640
[  683.398980][T14387]  _copy_from_user+0x2e/0xd0
[  683.398999][T14387]  __sys_bpf+0x21d/0x4ea0
[  683.399026][T14387]  ? __pfx___sys_bpf+0x10/0x10
[  683.399050][T14387]  ? ksys_write+0x190/0x250
[  683.399081][T14387]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  683.399114][T14387]  ? fput+0x70/0xf0
[  683.399133][T14387]  ? ksys_write+0x1ac/0x250
[  683.399158][T14387]  ? __pfx_ksys_write+0x10/0x10
[  683.399188][T14387]  __x64_sys_bpf+0x78/0xc0
[  683.399214][T14387]  ? lockdep_hardirqs_on+0x7c/0x110
[  683.399245][T14387]  do_syscall_64+0xcd/0x4c0
[  683.399264][T14387]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.399288][T14387] RIP: 0033:0x7fbbf858e9a9
[  683.399303][T14387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.399320][T14387] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  683.399337][T14387] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  683.399349][T14387] RDX: 0000000000000094 RSI: 0000200000001540 RDI: 0000000000000005
[  683.399360][T14387] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  683.399371][T14387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.399382][T14387] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  683.399406][T14387]  </TASK>
[  683.574906][ T5907] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  683.581948][ T5907] ath9k_htc: Failed to initialize the device
[  683.598069][ T5978] usb 3-1: ath9k_htc: USB layer deinitialized
[  683.695615][T14391] FAULT_INJECTION: forcing a failure.
[  683.695615][T14391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.708771][T14391] CPU: 0 UID: 0 PID: 14391 Comm: syz.1.2521 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  683.708789][T14391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  683.708800][T14391] Call Trace:
[  683.708806][T14391]  <TASK>
[  683.708813][T14391]  dump_stack_lvl+0x16c/0x1f0
[  683.708844][T14391]  should_fail_ex+0x512/0x640
[  683.708865][T14391]  _copy_from_user+0x2e/0xd0
[  683.708877][T14391]  copy_msghdr_from_user+0x98/0x160
[  683.708896][T14391]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  683.708920][T14391]  ___sys_sendmsg+0xfe/0x1d0
[  683.708931][T14391]  ? __pfx____sys_sendmsg+0x10/0x10
[  683.708940][T14391]  ? __lock_acquire+0x622/0x1c90
[  683.708971][T14391]  __sys_sendmsg+0x16d/0x220
[  683.708981][T14391]  ? __pfx___sys_sendmsg+0x10/0x10
[  683.709000][T14391]  do_syscall_64+0xcd/0x4c0
[  683.709012][T14391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.709023][T14391] RIP: 0033:0x7f086918e9a9
[  683.709032][T14391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.709043][T14391] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  683.709054][T14391] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  683.709061][T14391] RDX: 000000002004c0c1 RSI: 0000200000000000 RDI: 0000000000000003
[  683.709068][T14391] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  683.709074][T14391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.709080][T14391] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  683.709094][T14391]  </TASK>
[  683.903734][T14395] FAULT_INJECTION: forcing a failure.
[  683.903734][T14395] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  683.918540][T14395] CPU: 0 UID: 0 PID: 14395 Comm: syz.0.2522 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  683.918556][T14395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  683.918563][T14395] Call Trace:
[  683.918567][T14395]  <TASK>
[  683.918572][T14395]  dump_stack_lvl+0x16c/0x1f0
[  683.918595][T14395]  should_fail_ex+0x512/0x640
[  683.918614][T14395]  _copy_from_user+0x2e/0xd0
[  683.918626][T14395]  __sys_bpf+0x21d/0x4ea0
[  683.918644][T14395]  ? __pfx___sys_bpf+0x10/0x10
[  683.918660][T14395]  ? ksys_write+0x190/0x250
[  683.918679][T14395]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  683.918699][T14395]  ? fput+0x70/0xf0
[  683.918711][T14395]  ? ksys_write+0x1ac/0x250
[  683.918726][T14395]  ? __pfx_ksys_write+0x10/0x10
[  683.918744][T14395]  __x64_sys_bpf+0x78/0xc0
[  683.918760][T14395]  ? lockdep_hardirqs_on+0x7c/0x110
[  683.918778][T14395]  do_syscall_64+0xcd/0x4c0
[  683.918791][T14395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  683.918808][T14395] RIP: 0033:0x7fbbf858e9a9
[  683.918824][T14395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  683.918838][T14395] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  683.918849][T14395] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  683.918857][T14395] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a
[  683.918863][T14395] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  683.918870][T14395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  683.918876][T14395] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  683.918890][T14395]  </TASK>
[  684.242847][T14398] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2525'.
[  684.322384][T14403] FAULT_INJECTION: forcing a failure.
[  684.322384][T14403] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  684.368322][T14403] CPU: 0 UID: 0 PID: 14403 Comm: syz.2.2526 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  684.368353][T14403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  684.368364][T14403] Call Trace:
[  684.368371][T14403]  <TASK>
[  684.368379][T14403]  dump_stack_lvl+0x16c/0x1f0
[  684.368413][T14403]  should_fail_ex+0x512/0x640
[  684.368445][T14403]  _copy_from_user+0x2e/0xd0
[  684.368465][T14403]  move_addr_to_kernel+0x65/0x170
[  684.368491][T14403]  __sys_bind+0x11b/0x260
[  684.368516][T14403]  ? __pfx___sys_bind+0x10/0x10
[  684.368537][T14403]  ? __fget_files+0x20e/0x3c0
[  684.368563][T14403]  ? __pfx_ksys_write+0x10/0x10
[  684.368595][T14403]  __x64_sys_bind+0x72/0xb0
[  684.368617][T14403]  ? lockdep_hardirqs_on+0x7c/0x110
[  684.368644][T14403]  do_syscall_64+0xcd/0x4c0
[  684.368664][T14403]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.368683][T14403] RIP: 0033:0x7f445bf8e9a9
[  684.368698][T14403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.368716][T14403] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  684.368734][T14403] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  684.368746][T14403] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000003
[  684.368757][T14403] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  684.368768][T14403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  684.368778][T14403] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  684.368802][T14403]  </TASK>
[  684.554352][T14405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2527'.
[  684.745722][T14416] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  684.760168][T14416] syzkaller0: entered promiscuous mode
[  684.775356][T14416] syzkaller0: entered allmulticast mode
[  684.804425][T14416] tipc: Resetting bearer <eth:syzkaller0>
[  684.818356][T14415] tipc: Resetting bearer <eth:syzkaller0>
[  684.848753][T14415] tipc: Disabling bearer <eth:syzkaller0>
[  684.890891][T14421] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  684.912556][T14421] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  684.920109][ T5978] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  685.057276][T14428] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2537'.
[  685.094296][ T5978] usb 5-1: Using ep0 maxpacket: 16
[  685.107336][ T5978] usb 5-1: config 0 descriptor has 1 excess byte, ignoring
[  685.115174][T11427] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  685.124650][ T5978] usb 5-1: config 0 has no interfaces?
[  685.141470][ T5978] usb 5-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2
[  685.183295][ T5978] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.256429][ T5978] usb 5-1: Product: syz
[  685.275306][T11427] usb 4-1: Using ep0 maxpacket: 16
[  685.291541][T11427] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  685.300314][ T5978] usb 5-1: Manufacturer: syz
[  685.300452][T11427] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  685.304945][ T5978] usb 5-1: SerialNumber: syz
[  685.315886][T11427] usb 4-1: config 1 has no interface number 1
[  685.315924][T11427] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  685.316707][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  685.316753][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  685.377524][T11427] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  685.388850][T14436] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  685.826583][ T5978] usb 5-1: config 0 descriptor??
[  686.286500][   T30] audit: type=1400 audit(1753007537.607:887): avc:  denied  { setopt } for  pid=14437 comm="syz.1.2541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  686.353017][T11427] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  686.361198][T11427] usb 4-1: Product: syz
[  686.368998][T11427] usb 4-1: Manufacturer: syz
[  686.373689][T11427] usb 4-1: SerialNumber: syz
[  686.412278][T14442] FAULT_INJECTION: forcing a failure.
[  686.412278][T14442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.431515][T14442] CPU: 0 UID: 0 PID: 14442 Comm: syz.1.2542 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  686.431541][T14442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  686.431552][T14442] Call Trace:
[  686.431558][T14442]  <TASK>
[  686.431565][T14442]  dump_stack_lvl+0x16c/0x1f0
[  686.431597][T14442]  should_fail_ex+0x512/0x640
[  686.431631][T14442]  _copy_from_user+0x2e/0xd0
[  686.431651][T14442]  move_addr_to_kernel+0x65/0x170
[  686.431676][T14442]  __sys_bind+0x11b/0x260
[  686.431700][T14442]  ? __pfx___sys_bind+0x10/0x10
[  686.431721][T14442]  ? __fget_files+0x20e/0x3c0
[  686.431746][T14442]  ? __pfx_ksys_write+0x10/0x10
[  686.431777][T14442]  __x64_sys_bind+0x72/0xb0
[  686.431798][T14442]  ? lockdep_hardirqs_on+0x7c/0x110
[  686.431825][T14442]  do_syscall_64+0xcd/0x4c0
[  686.431844][T14442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.431862][T14442] RIP: 0033:0x7f086918e9a9
[  686.431878][T14442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.431896][T14442] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  686.431913][T14442] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  686.431925][T14442] RDX: 0000000000000010 RSI: 0000200000000040 RDI: 0000000000000004
[  686.431936][T14442] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  686.431946][T14442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  686.431957][T14442] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  686.431980][T14442]  </TASK>
[  686.449600][  T117] usb 5-1: USB disconnect, device number 23
[  686.672467][T14447] FAULT_INJECTION: forcing a failure.
[  686.672467][T14447] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  686.687016][T14447] CPU: 1 UID: 0 PID: 14447 Comm: syz.1.2543 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  686.687041][T14447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  686.687051][T14447] Call Trace:
[  686.687057][T14447]  <TASK>
[  686.687064][T14447]  dump_stack_lvl+0x16c/0x1f0
[  686.687097][T14447]  should_fail_ex+0x512/0x640
[  686.687128][T14447]  _copy_from_user+0x2e/0xd0
[  686.687147][T14447]  __sys_bpf+0x21d/0x4ea0
[  686.687175][T14447]  ? __pfx___sys_bpf+0x10/0x10
[  686.687200][T14447]  ? ksys_write+0x190/0x250
[  686.687230][T14447]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  686.687263][T14447]  ? fput+0x70/0xf0
[  686.687282][T14447]  ? ksys_write+0x1ac/0x250
[  686.687305][T14447]  ? __pfx_ksys_write+0x10/0x10
[  686.687334][T14447]  __x64_sys_bpf+0x78/0xc0
[  686.687359][T14447]  ? lockdep_hardirqs_on+0x7c/0x110
[  686.687386][T14447]  do_syscall_64+0xcd/0x4c0
[  686.687405][T14447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  686.687423][T14447] RIP: 0033:0x7f086918e9a9
[  686.687437][T14447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  686.687454][T14447] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  686.687472][T14447] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  686.687484][T14447] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  686.687495][T14447] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  686.687505][T14447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  686.687516][T14447] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  686.687541][T14447]  </TASK>
[  686.997245][T14449] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2544'.
[  687.017848][T11427] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  687.025847][T11427] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  687.032067][T11427] usb 4-1: 2:1 : invalid channels 0
[  687.069163][T11427] usb 4-1: USB disconnect, device number 13
[  687.351061][T14455] xt_CT: No such helper "pptp"
[  687.364459][   T30] audit: type=1400 audit(1753007538.787:888): avc:  denied  { ioctl } for  pid=14454 comm="syz.0.2546" path="socket:[41581]" dev="sockfs" ino=41581 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  687.471261][T14462] FAULT_INJECTION: forcing a failure.
[  687.471261][T14462] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.501003][T14462] CPU: 0 UID: 0 PID: 14462 Comm: syz.4.2548 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  687.501032][T14462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  687.501043][T14462] Call Trace:
[  687.501049][T14462]  <TASK>
[  687.501056][T14462]  dump_stack_lvl+0x16c/0x1f0
[  687.501089][T14462]  should_fail_ex+0x512/0x640
[  687.501120][T14462]  _copy_from_user+0x2e/0xd0
[  687.501139][T14462]  __sys_bpf+0x21d/0x4ea0
[  687.501166][T14462]  ? __pfx___sys_bpf+0x10/0x10
[  687.501191][T14462]  ? ksys_write+0x190/0x250
[  687.501221][T14462]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  687.501253][T14462]  ? fput+0x70/0xf0
[  687.501272][T14462]  ? ksys_write+0x1ac/0x250
[  687.501297][T14462]  ? __pfx_ksys_write+0x10/0x10
[  687.501327][T14462]  __x64_sys_bpf+0x78/0xc0
[  687.501351][T14462]  ? lockdep_hardirqs_on+0x7c/0x110
[  687.501378][T14462]  do_syscall_64+0xcd/0x4c0
[  687.501397][T14462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  687.501415][T14462] RIP: 0033:0x7fae8d78e9a9
[  687.501430][T14462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  687.501447][T14462] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  687.501465][T14462] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  687.501477][T14462] RDX: 0000000000000010 RSI: 0000200000000200 RDI: 0000000000000011
[  687.501488][T14462] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  687.501499][T14462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.501509][T14462] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  687.501533][T14462]  </TASK>
[  687.501712][T14458] capability: warning: `syz.1.2547' uses deprecated v2 capabilities in a way that may be insecure
[  687.623764][T14468] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2550'.
[  687.698140][   T30] audit: type=1400 audit(1753007539.097:889): avc:  denied  { create } for  pid=14457 comm="syz.1.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  687.780407][   T30] audit: type=1400 audit(1753007539.097:890): avc:  denied  { setopt } for  pid=14457 comm="syz.1.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  689.799056][T14506] FAULT_INJECTION: forcing a failure.
[  689.799056][T14506] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  689.976535][T14506] CPU: 0 UID: 0 PID: 14506 Comm: syz.0.2563 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  689.976565][T14506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  689.976577][T14506] Call Trace:
[  689.976583][T14506]  <TASK>
[  689.976591][T14506]  dump_stack_lvl+0x16c/0x1f0
[  689.976624][T14506]  should_fail_ex+0x512/0x640
[  689.976656][T14506]  _copy_from_user+0x2e/0xd0
[  689.976675][T14506]  copy_msghdr_from_user+0x98/0x160
[  689.976704][T14506]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  689.976737][T14506]  ? __schedule+0x1181/0x5de0
[  689.976768][T14506]  ___sys_sendmsg+0xfe/0x1d0
[  689.976787][T14506]  ? __pfx____sys_sendmsg+0x10/0x10
[  689.976816][T14506]  ? find_held_lock+0x2b/0x80
[  689.976856][T14506]  __sys_sendmmsg+0x200/0x420
[  689.976877][T14506]  ? __pfx___sys_sendmmsg+0x10/0x10
[  689.976909][T14506]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  689.976938][T14506]  ? fput+0x70/0xf0
[  689.976959][T14506]  ? xfd_validate_state+0x61/0x180
[  689.976983][T14506]  ? __pfx_ksys_write+0x10/0x10
[  689.977013][T14506]  __x64_sys_sendmmsg+0x9c/0x100
[  689.977030][T14506]  ? lockdep_hardirqs_on+0x7c/0x110
[  689.977057][T14506]  do_syscall_64+0xcd/0x4c0
[  689.977076][T14506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  689.977094][T14506] RIP: 0033:0x7fbbf858e9a9
[  689.977110][T14506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  689.977127][T14506] RSP: 002b:00007fbbf947e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  689.977145][T14506] RAX: ffffffffffffffda RBX: 00007fbbf87b5fa0 RCX: 00007fbbf858e9a9
[  689.977157][T14506] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000004
[  689.977168][T14506] RBP: 00007fbbf947e090 R08: 0000000000000000 R09: 0000000000000000
[  689.977179][T14506] R10: 0000000000040800 R11: 0000000000000246 R12: 0000000000000001
[  689.977189][T14506] R13: 0000000000000000 R14: 00007fbbf87b5fa0 R15: 00007ffdb3955398
[  689.977214][T14506]  </TASK>
[  690.227618][   T30] audit: type=1400 audit(1753007541.627:891): avc:  denied  { read } for  pid=14508 comm="syz.2.2564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  690.643817][   T30] audit: type=1400 audit(1753007542.067:892): avc:  denied  { mount } for  pid=14518 comm="syz.3.2565" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  690.845201][ T5907] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  690.997531][ T5907] usb 1-1: config index 0 descriptor too short (expected 65183, got 72)
[  691.016312][ T5907] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  691.037856][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.061561][ T5907] usb 1-1: Product: syz
[  691.084735][ T5907] usb 1-1: Manufacturer: syz
[  691.095124][ T5907] usb 1-1: SerialNumber: syz
[  691.115008][ T5907] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  691.137820][   T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  691.238671][T14533] FAULT_INJECTION: forcing a failure.
[  691.238671][T14533] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  691.259392][T14533] CPU: 0 UID: 0 PID: 14533 Comm: syz.2.2572 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  691.259417][T14533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  691.259426][T14533] Call Trace:
[  691.259432][T14533]  <TASK>
[  691.259439][T14533]  dump_stack_lvl+0x16c/0x1f0
[  691.259476][T14533]  should_fail_ex+0x512/0x640
[  691.259504][T14533]  _copy_from_user+0x2e/0xd0
[  691.259523][T14533]  copy_msghdr_from_user+0x98/0x160
[  691.259552][T14533]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  691.259591][T14533]  ___sys_sendmsg+0xfe/0x1d0
[  691.259608][T14533]  ? __pfx____sys_sendmsg+0x10/0x10
[  691.259623][T14533]  ? __lock_acquire+0x622/0x1c90
[  691.259668][T14533]  __sys_sendmsg+0x16d/0x220
[  691.259686][T14533]  ? __pfx___sys_sendmsg+0x10/0x10
[  691.259732][T14533]  do_syscall_64+0xcd/0x4c0
[  691.259752][T14533]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.259770][T14533] RIP: 0033:0x7f445bf8e9a9
[  691.259785][T14533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  691.259801][T14533] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  691.259819][T14533] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  691.259831][T14533] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003
[  691.259841][T14533] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  691.259851][T14533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  691.259862][T14533] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  691.259885][T14533]  </TASK>
[  691.438388][T14520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.447006][T14520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.455984][T14520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.464533][T14520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  691.473650][T14520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  691.482203][T14520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  693.336504][T11427] usb 1-1: USB disconnect, device number 29
[  693.351394][   T10] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  693.361377][   T10] ath9k_htc: Failed to initialize the device
[  693.388563][T11427] usb 1-1: ath9k_htc: USB layer deinitialized
[  693.515418][ T5907] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  693.593682][T14547] FAULT_INJECTION: forcing a failure.
[  693.593682][T14547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  693.607882][T14547] CPU: 1 UID: 0 PID: 14547 Comm: syz.3.2579 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  693.607907][T14547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  693.607917][T14547] Call Trace:
[  693.607925][T14547]  <TASK>
[  693.607931][T14547]  dump_stack_lvl+0x16c/0x1f0
[  693.607965][T14547]  should_fail_ex+0x512/0x640
[  693.607994][T14547]  _copy_from_user+0x2e/0xd0
[  693.608013][T14547]  copy_msghdr_from_user+0x98/0x160
[  693.608040][T14547]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  693.608077][T14547]  ___sys_sendmsg+0xfe/0x1d0
[  693.608100][T14547]  ? __pfx____sys_sendmsg+0x10/0x10
[  693.608114][T14547]  ? __lock_acquire+0x622/0x1c90
[  693.608159][T14547]  __sys_sendmsg+0x16d/0x220
[  693.608176][T14547]  ? __pfx___sys_sendmsg+0x10/0x10
[  693.608207][T14547]  do_syscall_64+0xcd/0x4c0
[  693.608226][T14547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.608242][T14547] RIP: 0033:0x7f5afc38e9a9
[  693.608257][T14547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  693.608274][T14547] RSP: 002b:00007f5afd2be038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  693.608290][T14547] RAX: ffffffffffffffda RBX: 00007f5afc5b5fa0 RCX: 00007f5afc38e9a9
[  693.608302][T14547] RDX: 0000000004040000 RSI: 0000200000000040 RDI: 0000000000000003
[  693.608312][T14547] RBP: 00007f5afd2be090 R08: 0000000000000000 R09: 0000000000000000
[  693.608322][T14547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.608332][T14547] R13: 0000000000000000 R14: 00007f5afc5b5fa0 R15: 00007fff8434c5d8
[  693.608355][T14547]  </TASK>
[  693.806451][ T5907] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  693.816980][ T5907] usb 2-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c
[  693.839226][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.862751][ T5907] usb 2-1: config 0 descriptor??
[  693.879451][ T5907] usb 2-1: bad CDC descriptors
[  693.945389][ T5978] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  694.138192][  T117] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  694.145173][ T5907] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  694.175150][ T5978] usb 3-1: Using ep0 maxpacket: 16
[  694.181528][ T5978] usb 3-1: config 0 has an invalid interface number: 8 but max is 0
[  694.189623][ T5978] usb 3-1: config 0 has no interface number 0
[  694.195810][ T5978] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  694.206772][ T5978] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  694.295228][  T117] usb 4-1: Using ep0 maxpacket: 32
[  694.307008][ T5978] usb 3-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  694.334454][  T117] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[  694.363690][ T5978] usb 3-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  694.380506][  T117] usb 4-1: config 0 has no interface number 0
[  694.398377][ T5978] usb 3-1: Product: syz
[  694.402913][  T117] usb 4-1: config 0 interface 184 has no altsetting 0
[  694.419388][ T5978] usb 3-1: SerialNumber: syz
[  694.476447][  T117] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  694.513133][ T5978] usb 3-1: config 0 descriptor??
[  694.547660][  T117] usb 4-1: New USB device strings: Mfr=227, Product=1, SerialNumber=3
[  694.581136][ T5978] cm109 3-1:0.8: invalid payload size 0, expected 4
[  694.588593][  T117] usb 4-1: Product: syz
[  694.593883][ T5978] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.8/input/input244
[  694.604286][  T117] usb 4-1: Manufacturer: syz
[  694.610839][  T117] usb 4-1: SerialNumber: syz
[  694.619322][  T117] usb 4-1: config 0 descriptor??
[  694.628323][  T117] smsc75xx v1.0.0
[  694.653971][ T5907] usb 5-1: config index 0 descriptor too short (expected 65183, got 72)
[  694.667058][ T5907] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  694.676991][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  694.685005][ T5907] usb 5-1: Product: syz
[  694.690988][ T5907] usb 5-1: Manufacturer: syz
[  694.696574][ T5907] usb 5-1: SerialNumber: syz
[  694.706136][ T5907] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  694.724949][   T10] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  694.779220][    C1] cm109 3-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[  694.812801][ T5907] usb 3-1: USB disconnect, device number 9
[  694.843326][ T5907] cm109 3-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  694.976774][T14566] FAULT_INJECTION: forcing a failure.
[  694.976774][T14566] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  694.986482][T14557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.993580][T14566] CPU: 0 UID: 0 PID: 14566 Comm: syz.2.2584 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  694.993609][T14566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  694.993619][T14566] Call Trace:
[  694.993624][T14566]  <TASK>
[  694.993630][T14566]  dump_stack_lvl+0x16c/0x1f0
[  694.993660][T14566]  should_fail_ex+0x512/0x640
[  694.993688][T14566]  _copy_from_user+0x2e/0xd0
[  694.993705][T14566]  __sys_bpf+0x21d/0x4ea0
[  694.993730][T14566]  ? __pfx___sys_bpf+0x10/0x10
[  694.993751][T14566]  ? ksys_write+0x190/0x250
[  694.993778][T14566]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  694.993850][T14566]  ? fput+0x70/0xf0
[  694.993867][T14566]  ? ksys_write+0x1ac/0x250
[  694.993888][T14566]  ? __pfx_ksys_write+0x10/0x10
[  694.993915][T14566]  __x64_sys_bpf+0x78/0xc0
[  694.993936][T14566]  ? lockdep_hardirqs_on+0x7c/0x110
[  694.993959][T14566]  do_syscall_64+0xcd/0x4c0
[  694.993976][T14566]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.993992][T14566] RIP: 0033:0x7f445bf8e9a9
[  694.994006][T14566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.994021][T14566] RSP: 002b:00007f4459df6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  694.994037][T14566] RAX: ffffffffffffffda RBX: 00007f445c1b5fa0 RCX: 00007f445bf8e9a9
[  694.994105][T14566] RDX: 0000000000000050 RSI: 00002000000003c0 RDI: 000000000000000a
[  694.994115][T14566] RBP: 00007f4459df6090 R08: 0000000000000000 R09: 0000000000000000
[  694.994124][T14566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  694.994134][T14566] R13: 0000000000000000 R14: 00007f445c1b5fa0 R15: 00007ffd120f54d8
[  694.994157][T14566]  </TASK>
[  695.196006][T14570] syzkaller1: entered promiscuous mode
[  695.201547][T14570] syzkaller1: entered allmulticast mode
[  695.207559][T14557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.228948][ T5907] usb 2-1: USB disconnect, device number 10
[  695.322581][  T117] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  695.339448][T14557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.355440][  T117] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  695.373318][T14557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.418203][T14557] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  695.477762][T14557] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.527556][T14575] syzkaller1: entered promiscuous mode
[  695.540070][ T5907] usb 5-1: USB disconnect, device number 24
[  695.554883][T14575] syzkaller1: entered allmulticast mode
[  695.819278][   T10] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  696.255461][   T10] ath9k_htc: Failed to initialize the device
[  696.264569][ T5907] usb 5-1: ath9k_htc: USB layer deinitialized
[  696.290920][  T117] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[  696.413507][  T117] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[  696.446636][  T117] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  696.457603][  T117] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -71
[  696.570724][  T117] usb 4-1: USB disconnect, device number 14
[  696.800688][T14594] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2594'.
[  696.819485][ T5907] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  696.879189][ T5966] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  696.995798][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  697.004282][ T5907] usb 5-1: config index 0 descriptor too short (expected 241, got 72)
[  697.015054][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has 6 endpoint descriptors, different from the interface descriptor's value: 5
[  697.045838][ T5907] usb 5-1: New USB device found, idVendor=110a, idProduct=2210, bcdDevice=bd.da
[  697.067698][ T5966] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  697.095800][ T5907] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.108739][ T5966] usb 3-1: config 0 has no interfaces?
[  697.166921][ T5907] usb 5-1: config 0 descriptor??
[  697.181440][ T5966] usb 3-1: New USB device found, idVendor=494f, idProduct=7e69, bcdDevice=51.78
[  697.201607][ T5966] usb 3-1: New USB device strings: Mfr=123, Product=174, SerialNumber=30
[  697.224335][T14604] FAULT_INJECTION: forcing a failure.
[  697.224335][T14604] name failslab, interval 1, probability 0, space 0, times 0
[  697.225330][ T5907] mos7840 5-1:0.0: missing endpoints
[  697.240383][T14604] CPU: 1 UID: 0 PID: 14604 Comm: syz.1.2596 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  697.240405][T14604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.240415][T14604] Call Trace:
[  697.240421][T14604]  <TASK>
[  697.240427][T14604]  dump_stack_lvl+0x16c/0x1f0
[  697.240457][T14604]  should_fail_ex+0x512/0x640
[  697.240481][T14604]  ? fs_reclaim_acquire+0xae/0x150
[  697.240501][T14604]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  697.240519][T14604]  should_failslab+0xc2/0x120
[  697.240535][T14604]  __kmalloc_noprof+0xd2/0x510
[  697.240563][T14604]  tomoyo_realpath_from_path+0xc2/0x6e0
[  697.240582][T14604]  ? tomoyo_profile+0x47/0x60
[  697.240602][T14604]  tomoyo_path_number_perm+0x245/0x580
[  697.240623][T14604]  ? tomoyo_path_number_perm+0x237/0x580
[  697.240645][T14604]  ? finish_task_switch.isra.0+0x1d4/0xc10
[  697.240668][T14604]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  697.240689][T14604]  ? rcu_is_watching+0x12/0xc0
[  697.240709][T14604]  ? lockdep_hardirqs_on+0x7c/0x110
[  697.240754][T14604]  ? find_held_lock+0x2b/0x80
[  697.240773][T14604]  ? hook_file_ioctl_common+0x145/0x410
[  697.240799][T14604]  ? __fget_files+0x20e/0x3c0
[  697.240818][T14604]  security_file_ioctl+0x9b/0x240
[  697.240836][T14604]  __x64_sys_ioctl+0xb7/0x210
[  697.240858][T14604]  do_syscall_64+0xcd/0x4c0
[  697.240876][T14604]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.240892][T14604] RIP: 0033:0x7f086918e9a9
[  697.240905][T14604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.240921][T14604] RSP: 002b:00007f0869f28038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  697.240936][T14604] RAX: ffffffffffffffda RBX: 00007f08693b5fa0 RCX: 00007f086918e9a9
[  697.240947][T14604] RDX: 0000200000000000 RSI: 0000000000008b36 RDI: 0000000000000006
[  697.240956][T14604] RBP: 00007f0869f28090 R08: 0000000000000000 R09: 0000000000000000
[  697.240966][T14604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.240975][T14604] R13: 0000000000000000 R14: 00007f08693b5fa0 R15: 00007ffdc1d396c8
[  697.240996][T14604]  </TASK>
[  697.241019][T14604] ERROR: Out of memory at tomoyo_realpath_from_path.
[  697.243850][ T5966] usb 3-1: Product: syz
[  697.402643][    C0] vkms_vblank_simulate: vblank timer overrun
[  697.518060][   T30] audit: type=1400 audit(1753007548.927:893): avc:  denied  { ioctl } for  pid=14603 comm="syz.1.2596" path="socket:[43009]" dev="sockfs" ino=43009 ioctlcmd=0x8b36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  697.525712][ T5966] usb 3-1: Manufacturer: syz
[  697.551764][ T5966] usb 3-1: SerialNumber: syz
[  697.559733][  T117] usb 5-1: USB disconnect, device number 25
[  697.572311][ T5966] usb 3-1: config 0 descriptor??
[  697.639658][T14606] FAULT_INJECTION: forcing a failure.
[  697.639658][T14606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.672551][T14606] CPU: 1 UID: 0 PID: 14606 Comm: syz.4.2597 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  697.672571][T14606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.672578][T14606] Call Trace:
[  697.672582][T14606]  <TASK>
[  697.672586][T14606]  dump_stack_lvl+0x16c/0x1f0
[  697.672607][T14606]  should_fail_ex+0x512/0x640
[  697.672627][T14606]  _copy_from_user+0x2e/0xd0
[  697.672639][T14606]  copy_msghdr_from_user+0x98/0x160
[  697.672658][T14606]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  697.672681][T14606]  ___sys_sendmsg+0xfe/0x1d0
[  697.672692][T14606]  ? __pfx____sys_sendmsg+0x10/0x10
[  697.672701][T14606]  ? __lock_acquire+0x622/0x1c90
[  697.672727][T14606]  __sys_sendmsg+0x16d/0x220
[  697.672738][T14606]  ? __pfx___sys_sendmsg+0x10/0x10
[  697.672762][T14606]  do_syscall_64+0xcd/0x4c0
[  697.672774][T14606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.672788][T14606] RIP: 0033:0x7fae8d78e9a9
[  697.672797][T14606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.672808][T14606] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  697.672820][T14606] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  697.672827][T14606] RDX: 0000000020000044 RSI: 0000200000000100 RDI: 0000000000000003
[  697.672833][T14606] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  697.672840][T14606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.672846][T14606] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  697.672860][T14606]  </TASK>
[  698.167921][T14613] FAULT_INJECTION: forcing a failure.
[  698.167921][T14613] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  698.169412][T14613] 
[  698.169418][T14613] ======================================================
[  698.169422][T14613] WARNING: possible circular locking dependency detected
[  698.169427][T14613] 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 Not tainted
[  698.169433][T14613] ------------------------------------------------------
[  698.169437][T14613] syz.4.2600/14613 is trying to acquire lock:
[  698.169443][T14613] ffffffff8e4d2380 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  698.169471][T14613] 
[  698.169471][T14613] but task is already holding lock:
[  698.169474][T14613] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  698.169499][T14613] 
[  698.169499][T14613] which lock already depends on the new lock.
[  698.169499][T14613] 
[  698.169503][T14613] 
[  698.169503][T14613] the existing dependency chain (in reverse order) is:
[  698.169506][T14613] 
[  698.169506][T14613] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  698.169519][T14613]        _raw_spin_lock_nested+0x31/0x40
[  698.169534][T14613]        raw_spin_rq_lock_nested+0x29/0x130
[  698.169547][T14613]        task_rq_lock+0xcf/0x490
[  698.169559][T14613]        cgroup_move_task+0x81/0x2a0
[  698.169574][T14613]        css_set_move_task+0x288/0x5f0
[  698.169583][T14613]        cgroup_post_fork+0x201/0x9e0
[  698.169596][T14613]        copy_process+0x5c82/0x7650
[  698.169609][T14613]        kernel_clone+0xfc/0x960
[  698.169622][T14613]        user_mode_thread+0xc7/0x110
[  698.169635][T14613]        rest_init+0x23/0x2b0
[  698.169647][T14613]        start_kernel+0x3ee/0x4d0
[  698.169663][T14613]        x86_64_start_reservations+0x18/0x30
[  698.169680][T14613]        x86_64_start_kernel+0x130/0x190
[  698.169688][T14613]        common_startup_64+0x13e/0x148
[  698.169699][T14613] 
[  698.169699][T14613] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  698.169712][T14613]        _raw_spin_lock_irqsave+0x3a/0x60
[  698.169726][T14613]        try_to_wake_up+0xb2/0x1680
[  698.169744][T14613]        __wake_up_common+0x135/0x1f0
[  698.169754][T14613]        __wake_up+0x31/0x60
[  698.169767][T14613]        tty_port_default_wakeup+0x2a/0x40
[  698.169779][T14613]        serial8250_tx_chars+0x68e/0x860
[  698.169790][T14613]        serial8250_handle_irq+0x761/0xcb0
[  698.169802][T14613]        serial8250_default_handle_irq+0x9a/0x210
[  698.169814][T14613]        serial8250_interrupt+0x103/0x210
[  698.169827][T14613]        __handle_irq_event_percpu+0x229/0x7d0
[  698.169841][T14613]        handle_irq_event+0xab/0x1e0
[  698.169853][T14613]        handle_edge_irq+0x28e/0xab0
[  698.169865][T14613]        __common_interrupt+0xe2/0x250
[  698.169878][T14613]        common_interrupt+0x61/0xe0
[  698.169890][T14613]        asm_common_interrupt+0x26/0x40
[  698.169901][T14613]        _raw_spin_unlock_irq+0x29/0x50
[  698.169915][T14613]        run_timer_base+0x11c/0x190
[  698.169930][T14613]        run_timer_softirq+0x24/0x40
[  698.169945][T14613]        handle_softirqs+0x219/0x8e0
[  698.169957][T14613]        __irq_exit_rcu+0x109/0x170
[  698.169969][T14613]        irq_exit_rcu+0x9/0x30
[  698.169980][T14613]        sysvec_apic_timer_interrupt+0xa4/0xc0
[  698.169996][T14613]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  698.170006][T14613]        console_flush_all+0x9a2/0xc60
[  698.170018][T14613]        console_unlock+0xd8/0x210
[  698.170030][T14613]        vprintk_emit+0x418/0x6d0
[  698.170043][T14613]        _printk+0xc7/0x100
[  698.170051][T14613]        kauditd_hold_skb+0x205/0x250
[  698.170067][T14613]        kauditd_send_queue+0x239/0x290
[  698.170081][T14613]        kauditd_thread+0x623/0xa70
[  698.170096][T14613]        kthread+0x3c5/0x780
[  698.170105][T14613]        ret_from_fork+0x5d4/0x6f0
[  698.170120][T14613]        ret_from_fork_asm+0x1a/0x30
[  698.170132][T14613] 
[  698.170132][T14613] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  698.170145][T14613]        _raw_spin_lock_irqsave+0x3a/0x60
[  698.170159][T14613]        __wake_up+0x1c/0x60
[  698.170172][T14613]        tty_port_default_wakeup+0x2a/0x40
[  698.170183][T14613]        serial8250_tx_chars+0x68e/0x860
[  698.170194][T14613]        serial8250_handle_irq+0x761/0xcb0
[  698.170205][T14613]        serial8250_default_handle_irq+0x9a/0x210
[  698.170218][T14613]        serial8250_interrupt+0x103/0x210
[  698.170231][T14613]        __handle_irq_event_percpu+0x229/0x7d0
[  698.170243][T14613]        handle_irq_event+0xab/0x1e0
[  698.170255][T14613]        handle_edge_irq+0x28e/0xab0
[  698.170266][T14613]        __common_interrupt+0xe2/0x250
[  698.170278][T14613]        common_interrupt+0xba/0xe0
[  698.170290][T14613]        asm_common_interrupt+0x26/0x40
[  698.170299][T14613]        _raw_spin_unlock_irqrestore+0x31/0x80
[  698.170314][T14613]        uart_write+0x2a4/0xb30
[  698.170323][T14613]        n_tty_write+0x412/0x1160
[  698.170335][T14613]        file_tty_write.constprop.0+0x501/0x9b0
[  698.170345][T14613]        redirected_tty_write+0xd4/0x150
[  698.170354][T14613]        vfs_write+0x6c4/0x1150
[  698.170369][T14613]        ksys_write+0x12a/0x250
[  698.170383][T14613]        do_syscall_64+0xcd/0x4c0
[  698.170392][T14613]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.170402][T14613] 
[  698.170402][T14613] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  698.170415][T14613]        _raw_spin_lock_irqsave+0x3a/0x60
[  698.170429][T14613]        serial8250_console_write+0x181/0x1890
[  698.170442][T14613]        console_flush_all+0x801/0xc60
[  698.170454][T14613]        console_unlock+0xd8/0x210
[  698.170465][T14613]        vprintk_emit+0x418/0x6d0
[  698.170477][T14613]        _printk+0xc7/0x100
[  698.170485][T14613]        register_console+0xc2d/0x11b0
[  698.170498][T14613]        univ8250_console_init+0x5f/0x90
[  698.170508][T14613]        console_init+0x14f/0x680
[  698.170516][T14613]        start_kernel+0x29f/0x4d0
[  698.170531][T14613]        x86_64_start_reservations+0x18/0x30
[  698.170547][T14613]        x86_64_start_kernel+0x130/0x190
[  698.170556][T14613]        common_startup_64+0x13e/0x148
[  698.170565][T14613] 
[  698.170565][T14613] -> #0 (console_owner){-.-.}-{0:0}:
[  698.170577][T14613]        __lock_acquire+0x126f/0x1c90
[  698.170586][T14613]        lock_acquire+0x179/0x350
[  698.170594][T14613]        console_lock_spinning_enable+0xb0/0xd0
[  698.170606][T14613]        console_flush_all+0x7aa/0xc60
[  698.170618][T14613]        console_unlock+0xd8/0x210
[  698.170629][T14613]        vprintk_emit+0x418/0x6d0
[  698.170641][T14613]        _printk+0xc7/0x100
[  698.170650][T14613]        should_fail_ex+0x4e7/0x640
[  698.170665][T14613]        strncpy_from_user+0x3b/0x2e0
[  698.170679][T14613]        strncpy_from_user_nofault+0x7f/0x180
[  698.170689][T14613]        bpf_probe_read_user_str+0x26/0x70
[  698.170704][T14613]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  698.170712][T14613]        bpf_trace_run4+0x249/0x5a0
[  698.170722][T14613]        __bpf_trace_sched_switch+0x145/0x190
[  698.170735][T14613]        __traceiter_sched_switch+0x6c/0xc0
[  698.170752][T14613]        __schedule+0x1bee/0x5de0
[  698.170766][T14613]        schedule+0xe7/0x3a0
[  698.170780][T14613]        synchronize_rcu_expedited+0x390/0x460
[  698.170790][T14613]        nft_rcv_nl_event+0x494/0x6c0
[  698.170801][T14613]        notifier_call_chain+0xbc/0x410
[  698.170815][T14613]        blocking_notifier_call_chain+0x69/0xa0
[  698.170830][T14613]        netlink_release+0x186b/0x2020
[  698.170841][T14613]        __sock_release+0xb0/0x270
[  698.170852][T14613]        sock_close+0x1c/0x30
[  698.170861][T14613]        __fput+0x3ff/0xb70
[  698.170870][T14613]        fput_close_sync+0x118/0x260
[  698.170882][T14613]        __x64_sys_close+0x8b/0x120
[  698.170894][T14613]        do_syscall_64+0xcd/0x4c0
[  698.170903][T14613]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.170912][T14613] 
[  698.170912][T14613] other info that might help us debug this:
[  698.170912][T14613] 
[  698.170916][T14613] Chain exists of:
[  698.170916][T14613]   console_owner --> &p->pi_lock --> &rq->__lock
[  698.170916][T14613] 
[  698.170930][T14613]  Possible unsafe locking scenario:
[  698.170930][T14613] 
[  698.170933][T14613]        CPU0                    CPU1
[  698.170936][T14613]        ----                    ----
[  698.170939][T14613]   lock(&rq->__lock);
[  698.170945][T14613]                                lock(&p->pi_lock);
[  698.170952][T14613]                                lock(&rq->__lock);
[  698.170959][T14613]   lock(console_owner);
[  698.170966][T14613] 
[  698.170966][T14613]  *** DEADLOCK ***
[  698.170966][T14613] 
[  698.170968][T14613] 8 locks held by syz.4.2600/14613:
[  698.170974][T14613]  #0: ffff8880556d2608 (&sb->s_type->i_mutex_key#11){+.+.}-{4:4}, at: __sock_release+0x86/0x270
[  698.171000][T14613]  #1: ffffffff904010d0 ((netlink_chain).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain+0x53/0xa0
[  698.171028][T14613]  #2: ffff888078bb18d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nft_rcv_nl_event+0x187/0x6c0
[  698.171052][T14613]  #3: ffffffff8e5d03f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  698.171081][T14613]  #4: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  698.171107][T14613]  #5: ffffffff8e5c4e00 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0
[  698.171129][T14613]  #6: ffffffff8e5b27c0 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  698.171151][T14613]  #7: ffffffff8e5b2830 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  698.171176][T14613] 
[  698.171176][T14613] stack backtrace:
[  698.171181][T14613] CPU: 1 UID: 0 PID: 14613 Comm: syz.4.2600 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  698.171194][T14613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  698.171201][T14613] Call Trace:
[  698.171205][T14613]  <TASK>
[  698.171209][T14613]  dump_stack_lvl+0x116/0x1f0
[  698.171227][T14613]  print_circular_bug+0x275/0x350
[  698.171244][T14613]  check_noncircular+0x14c/0x170
[  698.171262][T14613]  __lock_acquire+0x126f/0x1c90
[  698.171274][T14613]  lock_acquire+0x179/0x350
[  698.171283][T14613]  ? console_lock_spinning_enable+0x9f/0xd0
[  698.171296][T14613]  ? console_lock_spinning_enable+0x88/0xd0
[  698.171310][T14613]  console_lock_spinning_enable+0xb0/0xd0
[  698.171323][T14613]  ? console_lock_spinning_enable+0x9f/0xd0
[  698.171335][T14613]  console_flush_all+0x7aa/0xc60
[  698.171349][T14613]  ? __pfx_console_flush_all+0x10/0x10
[  698.171364][T14613]  ? is_printk_cpu_sync_owner+0x32/0x40
[  698.171380][T14613]  console_unlock+0xd8/0x210
[  698.171393][T14613]  ? __pfx_console_unlock+0x10/0x10
[  698.171405][T14613]  ? do_raw_spin_unlock+0xb0/0x230
[  698.171417][T14613]  ? _printk+0xc7/0x100
[  698.171427][T14613]  ? __down_trylock_console_sem+0xb0/0x140
[  698.171438][T14613]  vprintk_emit+0x418/0x6d0
[  698.171452][T14613]  ? __pfx_vprintk_emit+0x10/0x10
[  698.171465][T14613]  ? __kernel_text_address+0xd/0x40
[  698.171477][T14613]  ? unwind_get_return_address+0x59/0xa0
[  698.171488][T14613]  ? arch_stack_walk+0xa6/0x100
[  698.171499][T14613]  _printk+0xc7/0x100
[  698.171508][T14613]  ? __pfx__printk+0x10/0x10
[  698.171519][T14613]  ? __pfx____ratelimit+0x10/0x10
[  698.171534][T14613]  ? __lock_acquire+0x622/0x1c90
[  698.171544][T14613]  should_fail_ex+0x4e7/0x640
[  698.171561][T14613]  strncpy_from_user+0x3b/0x2e0
[  698.171576][T14613]  ? lock_acquire+0x179/0x350
[  698.171586][T14613]  strncpy_from_user_nofault+0x7f/0x180
[  698.171597][T14613]  bpf_probe_read_user_str+0x26/0x70
[  698.171612][T14613]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  698.171621][T14613]  bpf_trace_run4+0x249/0x5a0
[  698.171631][T14613]  ? __pfx_bpf_trace_run4+0x10/0x10
[  698.171643][T14613]  ? sched_clock_cpu+0x6c/0x530
[  698.171659][T14613]  ? lock_acquire+0x179/0x350
[  698.171669][T14613]  __bpf_trace_sched_switch+0x145/0x190
[  698.171682][T14613]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  698.171697][T14613]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  698.171711][T14613]  __traceiter_sched_switch+0x6c/0xc0
[  698.171724][T14613]  __schedule+0x1bee/0x5de0
[  698.171738][T14613]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  698.171755][T14613]  ? __lock_acquire+0x622/0x1c90
[  698.171766][T14613]  ? __pfx___schedule+0x10/0x10
[  698.171782][T14613]  ? find_held_lock+0x2b/0x80
[  698.171795][T14613]  ? schedule+0x2d7/0x3a0
[  698.171810][T14613]  schedule+0xe7/0x3a0
[  698.171825][T14613]  synchronize_rcu_expedited+0x390/0x460
[  698.171839][T14613]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  698.171855][T14613]  ? __pfx_autoremove_wake_function+0x10/0x10
[  698.171874][T14613]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  698.171887][T14613]  nft_rcv_nl_event+0x494/0x6c0
[  698.171899][T14613]  ? __pfx_nft_rcv_nl_event+0x10/0x10
[  698.171911][T14613]  ? nfulnl_rcv_nl_event+0x64/0x270
[  698.171923][T14613]  notifier_call_chain+0xbc/0x410
[  698.171937][T14613]  ? __pfx_nft_rcv_nl_event+0x10/0x10
[  698.171949][T14613]  blocking_notifier_call_chain+0x69/0xa0
[  698.171966][T14613]  netlink_release+0x186b/0x2020
[  698.171978][T14613]  ? netlink_release+0x1de/0x2020
[  698.171990][T14613]  ? __pfx_netlink_release+0x10/0x10
[  698.172003][T14613]  ? __pfx_locks_remove_file+0x10/0x10
[  698.172019][T14613]  __sock_release+0xb0/0x270
[  698.172030][T14613]  ? __pfx_sock_close+0x10/0x10
[  698.172039][T14613]  sock_close+0x1c/0x30
[  698.172049][T14613]  __fput+0x3ff/0xb70
[  698.172061][T14613]  fput_close_sync+0x118/0x260
[  698.172073][T14613]  ? __pfx_fput_close_sync+0x10/0x10
[  698.172085][T14613]  ? dnotify_flush+0x79/0x4c0
[  698.172098][T14613]  __x64_sys_close+0x8b/0x120
[  698.172111][T14613]  do_syscall_64+0xcd/0x4c0
[  698.172121][T14613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  698.172131][T14613] RIP: 0033:0x7fae8d78e9a9
[  698.172140][T14613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  698.172150][T14613] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  698.172160][T14613] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  698.172167][T14613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  698.172173][T14613] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  698.172179][T14613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  698.172186][T14613] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  698.172195][T14613]  </TASK>
[  699.523864][T14613] CPU: 1 UID: 0 PID: 14613 Comm: syz.4.2600 Not tainted 6.16.0-rc6-syzkaller-00279-gbf61759db409 #0 PREEMPT(full) 
[  699.523881][T14613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  699.523888][T14613] Call Trace:
[  699.523894][T14613]  <TASK>
[  699.523901][T14613]  dump_stack_lvl+0x116/0x1f0
[  699.523922][T14613]  should_fail_ex+0x512/0x640
[  699.523941][T14613]  strncpy_from_user+0x3b/0x2e0
[  699.523956][T14613]  ? lock_acquire+0x179/0x350
[  699.523968][T14613]  strncpy_from_user_nofault+0x7f/0x180
[  699.523980][T14613]  bpf_probe_read_user_str+0x26/0x70
[  699.523998][T14613]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  699.524007][T14613]  bpf_trace_run4+0x249/0x5a0
[  699.524018][T14613]  ? __pfx_bpf_trace_run4+0x10/0x10
[  699.524030][T14613]  ? sched_clock_cpu+0x6c/0x530
[  699.524046][T14613]  ? lock_acquire+0x179/0x350
[  699.524056][T14613]  __bpf_trace_sched_switch+0x145/0x190
[  699.524071][T14613]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  699.524086][T14613]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  699.524101][T14613]  __traceiter_sched_switch+0x6c/0xc0
[  699.524114][T14613]  __schedule+0x1bee/0x5de0
[  699.524129][T14613]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  699.524143][T14613]  ? __lock_acquire+0x622/0x1c90
[  699.524153][T14613]  ? __pfx___schedule+0x10/0x10
[  699.524170][T14613]  ? find_held_lock+0x2b/0x80
[  699.524183][T14613]  ? schedule+0x2d7/0x3a0
[  699.524198][T14613]  schedule+0xe7/0x3a0
[  699.524214][T14613]  synchronize_rcu_expedited+0x390/0x460
[  699.524226][T14613]  ? __pfx_synchronize_rcu_expedited+0x10/0x10
[  699.524238][T14613]  ? __pfx_autoremove_wake_function+0x10/0x10
[  699.524254][T14613]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  699.524267][T14613]  nft_rcv_nl_event+0x494/0x6c0
[  699.524281][T14613]  ? __pfx_nft_rcv_nl_event+0x10/0x10
[  699.524293][T14613]  ? nfulnl_rcv_nl_event+0x64/0x270
[  699.524306][T14613]  notifier_call_chain+0xbc/0x410
[  699.524321][T14613]  ? __pfx_nft_rcv_nl_event+0x10/0x10
[  699.524334][T14613]  blocking_notifier_call_chain+0x69/0xa0
[  699.524354][T14613]  netlink_release+0x186b/0x2020
[  699.524368][T14613]  ? netlink_release+0x1de/0x2020
[  699.524380][T14613]  ? __pfx_netlink_release+0x10/0x10
[  699.524393][T14613]  ? __pfx_locks_remove_file+0x10/0x10
[  699.524409][T14613]  __sock_release+0xb0/0x270
[  699.524421][T14613]  ? __pfx_sock_close+0x10/0x10
[  699.524431][T14613]  sock_close+0x1c/0x30
[  699.524441][T14613]  __fput+0x3ff/0xb70
[  699.524454][T14613]  fput_close_sync+0x118/0x260
[  699.524467][T14613]  ? __pfx_fput_close_sync+0x10/0x10
[  699.524480][T14613]  ? dnotify_flush+0x79/0x4c0
[  699.524492][T14613]  __x64_sys_close+0x8b/0x120
[  699.524506][T14613]  do_syscall_64+0xcd/0x4c0
[  699.524517][T14613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  699.524528][T14613] RIP: 0033:0x7fae8d78e9a9
[  699.524538][T14613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  699.524549][T14613] RSP: 002b:00007fae8e526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  699.524560][T14613] RAX: ffffffffffffffda RBX: 00007fae8d9b5fa0 RCX: 00007fae8d78e9a9
[  699.524567][T14613] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  699.524574][T14613] RBP: 00007fae8e526090 R08: 0000000000000000 R09: 0000000000000000
[  699.524580][T14613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.524586][T14613] R13: 0000000000000000 R14: 00007fae8d9b5fa0 R15: 00007fff1d1e32c8
[  699.524596][T14613]  </TASK>
[  699.524745][    C0] vkms_vblank_simulate: vblank timer overrun
[  699.867326][    C0] vkms_vblank_simulate: vblank timer overrun
[  700.035188][  T117] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  700.266103][  T117] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  700.279894][  T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  700.289757][  T117] usb 2-1: config 0 descriptor??
[  700.296785][  T117] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  700.497031][  T117] gp8psk: usb in 128 operation failed.
[  700.703503][  T117] gp8psk: usb in 146 operation failed.
[  700.709100][  T117] gp8psk: failed to get FW version
[  700.714633][  T117] gp8psk: usb in 149 operation failed.
[  700.720361][  T117] gp8psk: failed to get FPGA version
[  700.929747][  T117] gp8psk: usb out operation failed.
[  700.935139][  T117] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  700.946941][  T117] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  700.957342][  T117] usb 2-1: USB disconnect, device number 11
[  701.305696][  T117] usb 3-1: USB disconnect, device number 10