last executing test programs:

12.158105356s ago: executing program 4 (id=324):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000001040168b800000000000000000004000500010001"], 0x1c}}, 0x0)
close(r4)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400edff0f00010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000100000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001400200000028000000000a05000000000000000000010000080900010073292b2cc4a87b797a310000000008000240000000011400000011000100000000000000"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000540)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x7})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000088000000060a010400000000000000000100000008000b400000000060000480280001800e000100636f6e6e6c696d69740000001400028008000140000006e508000240000000003400018008000100636d7000280002800800024000000001140003800400010009000100efbb17b799000000080001400000000e0900010073797a30"], 0xfc}}, 0x0)

12.134318975s ago: executing program 1 (id=325):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4000, @void, @value}, 0x94)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0xe0100, 0x0)
ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x24102}, 0x0, 0x18})
capset(0x0, 0x0)
r3 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x4, 0x3080, 0x8003, 0x4025f}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r3, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r3, 0x6e2, 0x600, 0x1, 0x0, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x80047458, &(0x7f00000000c0))

11.200546055s ago: executing program 1 (id=327):
write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000040000000800000008"], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x15c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r7, 0xb}, [@IFLA_AF_SPEC={0x13c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0x30, 0x2, 0x0, 0x1, {0x2c, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14, 0x1, 0x0, 0x1, [{0x8, 0xd}, {0x8, 0x0, 0x0, 0x0, 0x38}]}}, @AF_INET6={0x40, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}]}, @AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}, @AF_MPLS={0x4}, @AF_INET6={0x88, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x14, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x14, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x5}, @IFLA_INET6_ADDR_GEN_MODE={0x5}]}, @AF_MPLS={0x4}]}]}, 0x15c}}, 0x0)
creat(&(0x7f0000001c00)='./file0\x00', 0x51)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r8)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r10, @ANYBLOB="10007d8005"], 0x2c}}, 0x0)
mount$nfs4(&(0x7f0000001e00)='-\xdb)*\x00', &(0x7f0000001e40)='./file0\x00', &(0x7f0000001e80), 0x440, &(0x7f0000001f80)=ANY=[@ANYBLOB="0308"])

10.264122843s ago: executing program 1 (id=329):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="4400000010000000000000000400002e00000040", @ANYRES32=0x0, @ANYBLOB="00000000400000002400128009000100626f6e64000000001400028008000a000000000005001d"], 0x44}}, 0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000003c0), 0x202080, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x28, 0x8, 0x6, 0x5, 0x0, 0x0, {0x1}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4850}, 0x20044004)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r6, 0x4048ae9b, &(0x7f0000000200)={0x4376ea830d56d49d})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000500)={0x0, 0x1, 0x4000, 0x2000, &(0x7f0000000000/0x2000)=nil})
close_range(r2, 0xffffffffffffffff, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000040)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000001c0)={0x2, 0x4, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, [@sadb_sa={0x2, 0x1, 0x4d3, 0x0, 0x0, 0x0, 0x2, 0xbfffffff}, @sadb_address={0x3, 0x5, 0x3c, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x38}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r7, 0x0, 0x4ffe2, 0x0)

10.13170169s ago: executing program 4 (id=330):
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, 0x0, 0x8000})
socket$alg(0x26, 0x5, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x1b3, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x7, 0x7f, 0x6, 0xfffffff9, 0x3, 0x5f, 0xa, 0x3, 0xdfff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xffffffff, 0x1f461e2c, 0x2, 0xe65f, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x0, 0x3, 0x5, 0x4, 0x8, 0x0, 0x1, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x200003, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xe8cc, 0x6, 0x9, 0xa, 0x0, 0x9, 0x9, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x2, 0x3b, 0x71, 0x2, 0x80, 0x3, 0x10001, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0xd, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x41ff, 0x6, 0x5, 0x5, 0x3, 0x2, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x4, 0x61dc, 0xffff, 0x1, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xffb]}, 0x45c)
syz_emit_ethernet(0x3e, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfe4e, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffffffffffffffe)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x28, 0x1, 0x0)
syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r5, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x70)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000950074072c6c30660fe9c73c290fa2b72e00000100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

8.646593555s ago: executing program 1 (id=333):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000306b240c50f27128eda010203010902120001000000000904"], 0x0)
syz_usb_connect$cdc_ecm(0x2, 0xb6, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xa4, 0x1, 0x1, 0x8, 0xc0, 0x0, [{{0x9, 0x4, 0x0, 0x7, 0x3, 0x2, 0x6, 0x0, 0x8, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x222fc000, 0x2, 0x0, 0x3}, [@mbim={0xc, 0x24, 0x1b, 0x4, 0x4, 0x8, 0x2, 0x6, 0x2}, @dmm={0x7, 0x24, 0x14, 0xffff, 0xe33}, @mbim={0xc, 0x24, 0x1b, 0x80, 0x98b, 0xaf, 0x9, 0xe, 0x40}, @mdlm_detail={0x4a, 0x24, 0x13, 0xa, "49a2d7c4978e5079a22a8fdbdebf7b822e2137f39393dec0428e662ee83356f12e97f40d41904102f2bf3513e0cb96941cc284b7210d5f8875e3d6ca19501e281bce889da4b5"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x8, 0x7, 0x4c, 0xff}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x7, 0x5, 0xa}}}}}]}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x110, 0x98, 0x1, 0x8, 0xff, 0x4}, 0x0, 0x0, 0x7, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x42f}}, {0xd4, &(0x7f0000000200)=@string={0xd4, 0x3, "02672c25628639896ff89b2957125cc4084ded35c843d0da967e46a3d5e982ea4d43a877fc15e3546c0769d7c978c9fd99be0f4fdc2d383e113efcbeff86be0d744a8e24f4178d9d7a4b24aff72ed0703461e4a1184e28a77673797657d404b1cdf04655f2008ef7bf1088c1378f32fd3939c4b785c7741d2b31e2350fffaf0f6e702036ba7b6e982eeaa39549dd45e0c4228ce8db13f0156b92bac05175967c9fd8188cfc89f17c48be1db3854c843f22a6e4bd1117ee314217be2e0ee8f3f4d5cb4d3b27968f058eeb16f4d973613dc0f5"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x4c0a}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x441}}, {0x0, 0x0}, {0x0, 0x0}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x429}}]})
openat$ppp(0xffffffffffffff9c, &(0x7f0000000480), 0x1, 0x0)
syz_usb_connect(0x2, 0x889, &(0x7f0000000c40)=ANY=[@ANYBLOB="120110036420bc08520c212284870102030109027708030104e0060904ee050458a9d8050a2401fbff80020102092403010403f906020c240804090001e39ae12f910d24060102030a0006000400030c2402020002030f0a00e20407240503037b000c240806080002ddbfc9d71b0a24060001d9d59235e605240009000d240f01001000007f0004000206241a910b04072414c00000000424020208241c020005000409050b022000050310be232970c9397b672ec547aafd0c1ef4234c1cc451167fb1f3e263c4d21db555c04511d7a03a5df30d7acce7fe9a420b11aeb82138b23993d98a4748e2075d2269d89b85f1f5acd7403cc6f65651fda156b6c5f6ce634eaf80130dc25e986a24463d8478edb38b2c63133c7a3376b26f01c756cef1ec9c9bdf6e78291a5d17789e92b9b357db59e932108d88d73f28eda085c26715cf6dc3a4f6b378c145c220df93243eab59024d7bc9ba6881983a545f4b4db8ef74e50c151620503cf507250180380000090506040800020606090502004000d8030607250101040101110ad7ae105ec2fad7b3c7792b9a43272e09050f040800ffea09090444010b11578c07092103000601229d04090503000800f74009331dbd3b1dc2204a155655cb5863b15b9282267d779b51f2785a4b39e1814a599716d32455ec39d4dd601eeb09d1cefb2980087201ffdc9ad69fd046d958051cfb01b6d4b9749fb8e16847b95a1978b73e184f893b16d948dc3924fa81b1664bd9be6c9eb2cc46ce01c738a52d0a8257f264925d38b786d5e36cec61cd4e2ff08d9bc9ef794158868e62c746eb4bf967d7dd8bf8ea2aeadbbfce78856b602ae8ca1843cd1209050f021000bb0703df04914fc48728fe08f9642f36f7c937ee97e70eee16adbbf69ce5fc85fc98495bba6672e65178fc11209e4bc17bafc2a976ab72b9aa6aa49bbff6a79cffeefe1111b49622b5f9b55139d3ba161dab9a49504ef672f19ea692f9686a16ec04ec395da342c92661ad2d2b62c27ee6e1521ea13bbfcd76bb25f40a5d41bbc4603d87f4d9ed4c0f93c086b43655161f062d8e2dc7745cd07a69b4adce14ce069490be204e686e404851dab05d1e8dd0683fcdb94ff51046bcbd31f321d490545fcd29d35e375e1b2ac7ed0243cd37bf1875ee5b154885b99025d8db1f24af462609050c10080003000509050c022000070498e10c5e9bea7ea5d31308d5be7954c77a0622ed23fe379c55cff6c889b88d59631dfd16647d335b74db50ccfb8d9c81cbbc77293b03316ec8c0f239c058d7755d1bcb2cd39148c464da5ce505332e6b168c67da56c9a6d303b9f5cfe1314fd79626ac49c1f4afe1dad21cafb2e2b1775f1fab41e8be65f1b37baa872d56e0d1c98cabe2776adeeabf499ada4816bba725296007e716da18b7653c9396348baf8ebd3c79da3a0dc8e2cffdbd79815751cf52118f31faa4c9a3a510b62046c2efb91786ac5fd15656a2cfa29f314864f12aa960c6206e0afbe79da2398fdb12e14f260905835389012db6d009050610ff030806e90905040c40000402050905050008000509090725010300090009050b0400020691090725018006ffff09050f100004f504c2a00ef53205f9aff456df8e596355deeb8b698b6fffddf76086e1c049982cbb66e9af4031943e7636568d42590be6e027d28dddc15183b33acac7b3003bc49234ee811cb938bcfbc6ac0b394e6ea5810ea1228acbb285155169a1f66d1d671bf3dfb0d9cadb66a682e49739c5537bd5d7848ba2d1f3d01698b51f8ee57b3c3b21dd6e4a0ef2f8f2ae80e268fc43db28af82f5c2491a8a89acfe5b4edadb3cb3948f24de35a4607815f0cf6d649625599d716897da7b0ff0fc14f4edcf570c7de8c58620073d17406caf4626b079156c2e9bf4763750506dcf8f9af6141d5565127adab61ba45ff99b94e4ebd43eccff3133aaa2f86177e1fb5878c584f0b2aef8b8d8bd6766d9e732c48d1a5b6601970a31f745be9fe874201619192c3c56d19b93aaa31995e934e841011083a6cea709050103100003040307250100700000090403000cffdd488609050506400005097f320c57c562cd9132fb4fbf9cfc93f9daff08522b97e17ef3ec9da53a62844323380499e33b8c042bf0b471f03426242296480725010302050009050f10200008089109050b10ff03000f0393085f4ecca274f7949b9a189b601f780dd6b3c014a8688dc266106509000a3de8556ffa6ca971857840128ed8fbc3106a76cafc697b752302b8e90c520c1aacdc3f9e2d7d48812004c562e84697343876a66c76580290c560717750efb6a5a04d925052f5657f2fba12bd5923465e799e2bd6d1e44be2911552a78465f0b60a19fa14cedfb82cf673482576d034deffb5ff1909050100ff03090608090580010002024a06090580100002091075b1067944820ab546e5cd94cd6843a6ea395a20d509afb498832f62fa78c5008e10cb1810339ba5149100875d771c29100c8d537bc858618c011b9f2d0cafaa24dea3afcc89c1be66b187bc4a44d0d4511aeefbbd4823ec41e84f47e63dbf1f48ccb62bd291a6fbad39e7552a6133192d368ec4cf22dd06e971d477910267a0289d8a46beac74934a1b3e399b7402f5467824d341fb472e11a891b748ee88196f19d5e352a9386217ba46d01a4889769d8407250101040900090506011000000134072501019d01800905070c000297000507250101400300090507080800020d0809050601000200800a1b01e343edc1b576cc4bc0538085ed2b3b24e49688be2bfa9222d80725018110050009050210000410401a09050b010002080e0f1e0bca412193d90c4e26bfb5b71ea9886360cc116323373d7bf28195565680004802b7be06449277d1652187f55f9fa3e73c917362c0240c8b89493a24fe09e8a50ea859482dde15bca147d688de10535283d546757a8cd02e535f34a2c032cf328a1e024efac3b01bfca890947ee9e7b923125d1ccc68c21ad6852a56b552563933d7ed007eb8e5aab4d24e68ea5a840aad15ca88a27ca08d329189c7e6"], &(0x7f0000001600)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x201, 0x7, 0x5, 0x8, 0x20, 0x7}, 0x93, &(0x7f0000001740)={0x5, 0xf, 0x93, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x2, 0x0, 0x6}, @wireless={0xb, 0x10, 0x1, 0x4, 0x4a, 0xc9, 0x1, 0x100, 0x71}, @wireless={0xb, 0x10, 0x1, 0x2, 0x1, 0xa0, 0x7f, 0x7, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x6, 0x6, 0xc, 0x658a}, @generic={0x63, 0x10, 0x0, "20c5dda22100c200c17458c44332ed150153e28b6cf929fe5de10a79a43b81dcdd6b5d6ffd582ebc94f977b024ddc254371b65967ecdbffbaf4993f0e86c4eeabc1d82ed75978acf66dfa23a79a2ca3337c6d55757e98de947943d6805ead2c7"}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0x7, 0x7, 0x255a}]}, 0x4, [{0xc0, &(0x7f0000000740)=@string={0xc0, 0x3, "75543c5b4fcef1ec9c0c15f4e73bfa0850c1accab101da82b292320f2bd40cdfe4677a16762b2ab6af93197eca614229d5ab80204ed19c3bb85e79b0a909fbe079ae4853f0d2d5e80659cf52a73581b8b83173d3f5512a708d0ff0fc89a87eda84b9b1b01411b4ad6f6bd7d12d99989440ca142c822db28d6ff62f44240c3880d8130eddac44e8f596a15cacecb64eb1085bbcb49fac62b61416601c1ee9e759b872b4a407a74ebc9eb83b77645d462c5b7f5c3429cf2bcc642e8b35d39d"}}, {0x4, &(0x7f0000001500)=@lang_id={0x4, 0x3, 0x443}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x1a}}, {0x2f, &(0x7f00000015c0)=@string={0x2f, 0x3, "3bd6a732aa834c82fb603b5da1f57c540dc0148fdbd5bc1d27c1f1ac7ca566f49a729a5eb800317d4cc29ed4f9"}}]})
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0xff)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000300)=0x4f)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0x0, &(0x7f0000000100))
r2 = gettid()
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r3, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000000000)='\x00', 0x1)
write$rfkill(r3, &(0x7f0000000340)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r4, 0x400454d0, 0x15)
r5 = syz_open_dev$radio(&(0x7f0000000380), 0x2, 0x2)
clock_gettime(0x0, &(0x7f00000003c0)={<r6=>0x0, <r7=>0x0})
ioctl$VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000540)=@fd={0x6, 0xc, 0x4, 0x2, 0x5, {r6, r7/1000+60000}, {0x3, 0xc, 0x7f, 0x3, 0xf2, 0x3, "8d0e6897"}, 0x3, 0x4, {}, 0x400, 0x0, <r8=>0xffffffffffffffff})
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
dup2(r8, r1)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x430, &(0x7f0000000800)={[{0xa9, 0x4e00, "6dff62efa76115ba6b0871944f44f89468c9982a261b1907d4f726b1037fdc4abc7ca149c94e4e4c49ee54d5a9fa5346b855da30fe59a863d54f2de1ee03a600bd79c91f14ea753ef08ccec0e1cb066f6cf18f1322c2d43894c648142722a3cc1194455c969f9bec6d15e404e5679ec314e317421be7549d7dd73935ba5700e7375d05b9e9de563a3579306c3c783e497524a076d010ad256a2c25119090e1d01bb6eaf36c32fdc240"}, {0x15, 0x4e00, "0074569da11013cfdbdf1633afa91fda43ef418676"}, {0x6, 0x4e00, "0f1661169634"}, {0xc2, 0x4e00, "8f4d849b4baf7062911a4a04d5c491c3cc93b77c0b308ec8a0832c16436b62e73db1fa509e1b9c5886db313edf62de98ee3ad87b815daeb8bd8ffe6dfab6e577bc9cc2e535dc8e3eed85344359ed2c5dad977ab768d0a2938bac8fdb0efc02885ffe33a0edb5855bc6d590e85e53585e28063e821b8b586977c05b5e039f11a100addf5e3a81d089f6a78b52d6f472cbf9d27968b23379b1f6027acfc3ec5ce7235029bfac0422d96f08667fd2b9e7d2e6773b64dae2dcc1b1d96b489032b7e63487"}, {0xc, 0x4e00, "557ddc02384906e9cb3c7111"}, {0xc5, 0x4e00, "80a193262ef34c8747f6838123d93ac2aec45416af37f177919173db8e23756a333b647dd0b3e34ce7096880cbea95aa1bf3b4d797b50459ad9d7b290f0c1a549ad06f27e8f45dff2846a6d701129c1559585ba0fe9284c3b78db940e1401fabdf143f34f0b464f6282c8727faf757c081c7be352adc342cb737ee3e6af2ac60d598c5a379c119601bcaf81a10dc8062be9c4128ec6e50e5a3a0ea0680068d0d185ae87421c52df728f16081036c5623093b845dd71769da29d318a70eb8423ce33707a780"}, {0x99, 0x4e00, "08a10d42fde45f481771fc1bfd12dc1d1d93d697e3839827cf05096880c3223956b4cc1ca73ba890728eab9237b7f2b03313ac6581e5c7228b8b0d12f6a5214c337b27bcc940d11e9287100018be066e491b2e18486cee62e5519165abf59387162c7de0f072275bd2d2fe7860e8f6fe333ca7e65704204f011bdbeb349d6eee3703d7b0a23f7856ccd81ae44c886b2d10d56b100427232ca5"}, {0x86, 0x4e00, "f1f5b550f959f64194017db55048bf8f440d5cdc3147d53b4602073d5e3b39f295434d6b6801fa4030fb214736050adc6464f08e89dedc6f37decaccd0f18cf17cfce70b4ceebdb7875db67584cda8a05e3508533f1af2a72f9f8b99321695a66847238afd1eca550521181495e56eb8ade0628e3a9fab7bd9007f429fae89be6cf82c90d81f"}, {0x81, 0x4e00, "ccc7bdbb8ec34798b222b508247acf41e6128d1904fcaf784d0f36b3bd078292a781c50cdd9cec4dad9f0a709a87c3124b8644bb8ab20ec0803e0c088bff6bbc17219156b33f1afef907e9e665b3d7ea62bfacb4db3a12c16147c46e5fcc8c8c055c5798b7ee6de674d8034048c2df06f9f860ff48d79810b32494578eea3ee9d2"}]})
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0x541b, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f00000005c0)="041121f24aa51a8506974c6065405b12fdc72c37182289126cfc0604e79f4a6948732c8a1df5448829e3c50ce4a4eb94bffed0e654dae5b3f1fda14967f2d5a2a029c72ae890b7461c2e3b221cf0b00fc9609e1c9f213ce86f87217dfac3d3a6e6b360d74229306f3f865d5242e8e6a76efcf87edc404ff712da90f3f4e76f91402edc02a9e493c7e40f040884b86fbd4b5a53efb8acf4a284f455d21a9b5f0d8b0166753d27df7f7e60ac7671d0fe09913e2cd34df521a9ff85e5d0ee22459bf8d771f1a426e56724d80e2ac11365b4f3e2fbb368d7829c6dd83a", 0xdb)

8.459878249s ago: executing program 4 (id=334):
add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000580)=ANY=[@ANYBLOB="020000000000be2f7de0fa0000ff01400000000000000000000e00000084e8323990d564b70572e11d000000000000000000000000000000000000000040000000000000000000000000000000000000000200"/110])
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(&(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
lstat(&(0x7f0000000340)='./file0\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {0x0, <r2=>0x0}}, './file0\x00'})
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c2caa, &(0x7f0000000500)={'trans=unix,', {[{@dfltgid={'dfltgid', 0x3d, r2}}, {@debug={'debug', 0x3d, 0xcf}}, {@privport}, {@dfltgid}, {@noxattr}, {@cache_fscache}]}})
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x0, {{@in=@broadcast, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@multicast1, 0x0, 0x32}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd}, {0x0, 0x0, 0x0, 0x7fffffe}, {}, 0x70bd2a, 0x0, 0xa, 0x2, 0x1, 0x20}}, 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
r4 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r3, 0x4004af07, &(0x7f0000000240)=r4)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})

7.758588699s ago: executing program 2 (id=336):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000020027000000"], 0x6c}}, 0x0)

6.485717028s ago: executing program 2 (id=338):
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="300000003e000701feffffff00000000047c000008004280040008000c000180060010"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
clock_nanosleep(0xfffffff2, 0x225c17d03, &(0x7f0000000400), 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2def, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
write$binfmt_aout(0xffffffffffffffff, 0x0, 0xff2e)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000100)='mqueue\x00', 0x0)
ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=<r4=>0x0)
ptrace$getregset(0x4204, r4, 0x2, &(0x7f0000000540)={&(0x7f0000000480)=""/8, 0x8})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x8000, 0x8001, 0x7ff, 0x9, {{0x10, 0x4, 0x2, 0x13, 0x40, 0x65, 0x0, 0x0, 0x50, 0x0, @multicast1, @empty, {[@lsrr={0x83, 0x3, 0x3b}, @timestamp={0x44, 0x10, 0xe, 0x0, 0x9, [0x4, 0x3ff, 0x3ff]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x14, 0x65, 0x1, 0x0, [{@broadcast, 0x4}, {@multicast1, 0x60ece600}]}]}}}}})
getsockopt$inet6_mreq(r2, 0x29, 0x1c, &(0x7f0000000300)={@private1}, &(0x7f0000000340)=0x14)
r5 = socket(0x10, 0x803, 0x0)
sendto(r5, 0x0, 0x0, 0x0, 0x0, 0x0)
flock(r5, 0x2)

6.357220778s ago: executing program 0 (id=339):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'})

5.859315554s ago: executing program 0 (id=340):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x58000000, 0x0, 0x0, 0x40f00, 0x48, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4000, @void, @value}, 0x94)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, &(0x7f0000000180)=""/246)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f00000004c0)={0x24102}, 0x0, 0x18})
capset(0x0, 0x0)
r2 = syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x4, 0x3080, 0x8003, 0x4025f}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000004c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x68, 0x3, r2, 0x0, 0x0, 0x0, 0x1, 0x1, {0x2}})
io_uring_enter(r2, 0x6e2, 0x600, 0x1, 0x0, 0x0)
ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x80047458, &(0x7f00000000c0))

5.797934327s ago: executing program 3 (id=341):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x5, 0x4, 0x0, 0x7fff0000}]})
getpriority(0x2, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000180)=""/66, 0x42}], 0x1, 0x1000000, 0xd)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYRES32], 0xac}}, 0x24004c50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
add_key(0x0, 0x0, &(0x7f0000000100)="305c0605e1", 0x5, 0xfffffffffffffffe)
syz_emit_ethernet(0x52, 0x0, 0x0)
r3 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a98", 0x3, 0xfffffffffffffffe)
r4 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r3}, &(0x7f00000000c0)=""/83, 0xffffffffffffff02, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(r6, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[], 0xac}}, 0x48000)
r9 = syz_open_dev$sg(&(0x7f0000000300), 0x0, 0x20881)
ioctl$SG_GET_VERSION_NUM(r9, 0x2284, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)

5.086636875s ago: executing program 2 (id=342):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739, @void, @value}, 0x94)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) (fail_nth: 1)

4.481565339s ago: executing program 0 (id=343):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2, 0x0, 0x48}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan0\x00'}) (fail_nth: 1)

4.19159707s ago: executing program 2 (id=344):
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x0, 0x0, 0x8000})
socket$alg(0x26, 0x5, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x4, 0x1b3, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x7, 0x7f, 0x6, 0xfffffff9, 0x3, 0x5f, 0xa, 0x3, 0xdfff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xffffffff, 0x1f461e2c, 0x2, 0xe65f, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x3, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0x0, 0x3, 0x5, 0x4, 0x8, 0x0, 0x1, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x200003, 0x0, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0xe8cc, 0x6, 0x9, 0xa, 0x0, 0x9, 0x9, 0x9, 0x6, 0x2, 0x0, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x10003, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x2, 0x3b, 0x71, 0x2, 0x80, 0x3, 0x10001, 0x2, 0x0, 0xa2, 0x7, 0x53cf697b, 0xd, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x41ff, 0x6, 0x5, 0x5, 0x3, 0x2, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x10, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x4, 0x61dc, 0xffff, 0x1, 0x9, 0x100, 0x9602, 0xa, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x8, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xffb]}, 0x45c)
syz_emit_ethernet(0x3e, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfe4e, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffffffffffffffe)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket(0x28, 0x1, 0x0)
syz_io_uring_setup(0x112, &(0x7f0000000280)={0x0, 0x408c, 0x100, 0x8, 0x40}, &(0x7f0000000240)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000000c0)=@IORING_OP_RECVMSG={0xa, 0x0, 0x0, r2, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x2121, 0x0, {0x3}})
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8502, 0x0)
write$sndseq(r5, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x5}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @result}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}], 0x70)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000950074072c6c30660fe9c73c290fa2b72e00000100"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

4.184990732s ago: executing program 4 (id=345):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

4.085589961s ago: executing program 0 (id=346):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8=r0], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739, @void, @value}, 0x94)
r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000200006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090b0002"], 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0001000000000000140012800b0001006c6f7770616e0000040002800a0001"], 0x40}}, 0x0)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r4 = socket(0x10, 0x3, 0x0)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=@newqdisc={0x158, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x120, 0x2, [@TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0xa8, 0x2, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x80}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x4}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0xd}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x3b135973}]}, {0x1c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xce2}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x8}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x49}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x1}]}, {0x1c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0xe}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x80000001}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x7}]}, {0x2c, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x7}, @TCA_TAPRIO_SCHED_ENTRY_CMD={0x5, 0x2, 0x32}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x4}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x101}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x3}]}]}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0x9}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x3}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8, 0xb, 0x679}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x5, [0xf, 0xa, 0x8, 0x9, 0x0, 0x5, 0xe, 0x0, 0xbb, 0x10, 0x2, 0x1, 0x3, 0x4, 0x7, 0x7], 0x1, [0xfffd, 0x7b04, 0x9, 0x8, 0x1ff, 0xfff7, 0x700, 0x2, 0x0, 0x308a, 0x0, 0x5, 0x8ee2, 0x2, 0x2, 0x101], [0x100, 0x5, 0x1, 0x1, 0x400, 0x639, 0x7, 0x9f, 0x1, 0x2, 0x8, 0x400, 0xeb, 0x3, 0x3, 0xff]}}]}}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}]}, 0x158}}, 0x0)
r7 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="d8000000", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

3.971376387s ago: executing program 4 (id=347):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
timer_delete(0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00'}, 0x10)

3.910006936s ago: executing program 1 (id=348):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000000400000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000400)='syzkaller\x00', 0x8, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000540)={r3, r2, 0x25, 0x0, @val=@netkit={@void, @value=r3}}, 0x1c)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000280)={'gretap0\x00', &(0x7f0000000200)={'syztnl0\x00', <r4=>0x0, 0x20, 0x700, 0x8, 0x8, {{0x16, 0x4, 0x3, 0x5, 0x58, 0x65, 0x0, 0x7f, 0x4, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x31}, {[@ssrr={0x89, 0x13, 0xf2, [@multicast2, @broadcast, @local, @local]}, @end, @rr={0x7, 0x1f, 0xe4, [@private=0xa010100, @remote, @multicast1, @rand_addr=0x64010102, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2]}, @ssrr={0x89, 0xf, 0xd0, [@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1]}, @noop]}}}}})
getpeername$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000340)=0x14)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000640)={'ip6tnl0\x00', &(0x7f0000000400)={'syztnl0\x00', <r6=>0x0, 0x2f, 0xf9, 0x7, 0x2, 0x2, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x20, 0x8000, 0x3, 0x81}})
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@bridge_dellink={0x34, 0x11, 0x5, 0x0, 0xfffffffe, {0x7, 0x0, 0x0, r9, 0x3000}, [@IFLA_AF_SPEC={0x14, 0x1a, 0x0, 0x1, [@AF_INET={0x10, 0x4, 0x0, 0x1, {0xc, 0x8, 0x0, 0x1, [{0x8, 0x1b, 0x0, 0x0, 0xfffffffd}]}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x800c000}, 0x0)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000680)={&(0x7f00000007c0)={0xb8, 0x0, 0x400, 0x70bd25, 0x25dfdbff, {}, [@ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x10}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0xb}, @ETHTOOL_A_LINKINFO_PHYADDR={0x5, 0x3, 0x2}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x7}, @ETHTOOL_A_LINKINFO_PORT={0x5, 0x2, 0x80}, @ETHTOOL_A_LINKINFO_TP_MDIX_CTRL={0x5, 0x5, 0x25}, @ETHTOOL_A_LINKINFO_HEADER={0x6c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4000000}, 0x40001804)
bpf$MAP_CREATE_TAIL_CALL(0x9, &(0x7f0000000380)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
syz_usb_connect(0x3, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x11, 0x39, 0x5b, 0x40, 0x5d8, 0x810c, 0x185f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x1, 0xf0, 0x8, [{{0x9, 0x4, 0xc8, 0x8, 0x0, 0x7f, 0xf8, 0xae, 0x4c}}]}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r10 = accept4$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000100)=0x14, 0x800)
getsockname$packet(r10, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x3, 0x0, 0x0, 0x717e387b, 0x43, "1ae34e0626788a22b2fb12dab240794233a5bd", 0x4, 0x2})
r11 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000000)=0x15)
r12 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x20100, 0x0)
fallocate(r12, 0x4, 0xb, 0xe)
ioctl$TCSETS(r11, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCVHANGUP(r11, 0x5437, 0x0)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)

3.332367684s ago: executing program 3 (id=349):
r0 = socket$xdp(0x2c, 0x3, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
signalfd(r0, &(0x7f0000000080)={[0x10]}, 0x8)

3.300073995s ago: executing program 3 (id=350):
openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000380)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}]}, @NFT_MSG_NEWSETELEM={0x54, 0xc, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x38, 0x3, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPRESSIONS={0x2c, 0x6, 0x0, 0x1, [{0x14, 0x7, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}, {0x14, 0x1, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}]}]}]}], {0x14, 0x10}}, 0xd8}}, 0x0)

2.909096087s ago: executing program 3 (id=351):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000280))
ioctl$EVIOCGMASK(0xffffffffffffffff, 0x80104592, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r2, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000000c0)={[0x9, 0x5, 0x0, 0x5, 0x0, 0x0, 0x7a6e, 0x4, 0xfc, 0x0, 0x8, 0xc0, 0x2, 0x2], 0x8000000, 0x8340})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000017000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b0000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x88)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0xb635773f06ebbeec, 0x80010, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102400, 0x19000)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x2d}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(0xffffffffffffffff)
sendmmsg$sock(r6, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)

2.877989747s ago: executing program 2 (id=352):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpriority(0x2, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a009cb2fc74d319550e527c00003c0001802c00018014000300fe8000000000040000000000000000aa14000400ea0100000000000000000000000000010c00028005000100000000003c0002802c0001801400030000000000000000000000000000aa14000400fe8800000000000000000000000000010c00028005000100000000000800074000000000180006"], 0xac}}, 0x24004c50)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="ac0000000001010400000000000000000a0000003c0001802c000180140003000000000000000100000000000000000014000400ff0100000000000000000000000000010c00028005000100000000"], 0xac}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
r3 = syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
dup2(r4, r4) (fail_nth: 1)
preadv(r3, &(0x7f00000033c0)=[{&(0x7f00000031c0)=""/207, 0xcf}], 0x1, 0x6, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r5, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r5, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)={0x30, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x8, 0x142, 0x0, 0x1, [@typed={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x17}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmsg$inet(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)='`', 0x1}], 0x1}, 0x4010)
sendmsg$inet6(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x20044800)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)
ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000100)=0x3)

2.217981988s ago: executing program 2 (id=353):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000140)={0x1, 'ip6tnl0\x00', {}, 0x7ff})
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x0, '\x00', @p_u8=&(0x7f0000000180)}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r3 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000440)={0x1, @pix_mp={0x62, 0x1, 0x3031334d, 0x3, 0xa, [{0x3, 0x6}, {0x2, 0x2}, {0x3, 0x411}, {0x10001, 0x8}, {0x6, 0x8}, {0x4, 0xd}, {0x8, 0xfffffff8}, {0x5, 0x1}], 0xc, 0x2, 0x1, 0x0, 0x2}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}}, 0x0)
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00000001040168b800000000000000000004000500010001"], 0x1c}}, 0x0)
close(r4)
r5 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "e5e81571c97b166978ff61fcfd2409b2b73e0f936ed774de107de8a9041b5113"})
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0x8417f, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, 0x0, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000540)={0x0, 'veth0_to_hsr\x00', {0x3}, 0x7})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000088000000060a010400000000000000000100000008000b400000000060000480280001800e000100636f6e6e6c696d69740000001400028008000140000006e508000240000000003400018008000100636d7000280002800800024000000001140003800400010009000100efbb17b799000000080001400000000e0900010073797a30"], 0xfc}}, 0x0)

1.82986497s ago: executing program 3 (id=354):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @fib={{0x8}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x68}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000020027000000"], 0x6c}}, 0x0)

1.652327152s ago: executing program 3 (id=355):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000201b4510fc0428155d6d01020301090212000100000000090401"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000002d00000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='netlink_extack\x00', r1}, 0x10)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0000000100007000100000001000000fe880000000000000000000000000001e0000002000000000000000000000000a0000000000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="fe8000000000000000000000000000aa000000003c00000000000000000000000000ffffac1414bb00000000000000000000000000000000000000000000000000000000000000008804000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000700000000000000010000000000000000000000000000000000000000000000000000000a0004007400000000000000"], 0xf0}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0xfffffffffffffffc, 0x0)
unshare(0x26020280)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x5000, 0x0, 0xfffffffffffffd57, 0x0, 0x0, 0x0)
syz_clone(0x180, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
get_robust_list(0x0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x940a, 0x1000007})
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000140)={0x1d, r6, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r5, &(0x7f0000003e40), 0x3fffffffffffe3d, 0x0)

1.561789427s ago: executing program 4 (id=356):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r3=>0x0})
openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x80201, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000500)={'syztnl0\x00', <r4=>0x0, 0x80, 0x7800, 0x2, 0x2, {{0x20, 0x4, 0x1, 0x37, 0x80, 0x68, 0x0, 0x1, 0x2f, 0x0, @remote, @broadcast, {[@rr={0x7, 0xb, 0xf8, [@local, @rand_addr=0x64010100]}, @end, @timestamp={0x44, 0x1c, 0x9a, 0x0, 0x8, [0xfffff298, 0x6, 0x86, 0x0, 0xb000000, 0x7d]}, @rr={0x7, 0x23, 0x32, [@local, @multicast1, @dev={0xac, 0x14, 0x14, 0x43}, @private=0xa010101, @private=0xa010101, @broadcast, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x17}]}, @timestamp={0x44, 0x14, 0x7e, 0x0, 0x2, [0x4, 0x4, 0x6, 0xc]}, @lsrr={0x83, 0xb, 0x9a, [@multicast2, @private=0xa010100]}]}}}}})
getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000600)={@rand_addr, <r5=>0x0}, &(0x7f0000000640)=0x14)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0x9c, 0x0, 0x200, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x40041}, 0x800)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x400)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r6 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_int(r6, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4)
sendmmsg$inet6(r6, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r6, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r7 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r7, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x18)
pselect6(0x40, &(0x7f0000000000)={0x6, 0x2, 0x8000000000000000, 0x0, 0x2, 0x0, 0x100, 0x10001003}, 0x0, &(0x7f00000002c0)={0x3ff, 0x8, 0x1000000000, 0x689, 0x2, 0x3ffffffffd, 0x0, 0x7}, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002cbd7000fedbdf251600000008000300", @ANYRES32=r3, @ANYBLOB="0a000600ffffffffffff00000a001a000802110000010000b383642087bf802118362dd9d28c3d225b7c10b000353f800b89af8fead878943b351193d539af87d9268829831b4f89d4edb8050000000000000065dc7ec3f566740080a1085806927c0bc32d708ff4bf7c58a54873788e3e514939663693c41f973cdddf28bbfabb06000000000000001e04026dc2724e795f76780c02e34fea25339698438dc92431e245b534d591731a77f6c030a9bfd2309240240ca52610fba432b5ab101abab85c20e99fd50abcbe9275e334b17db24f55747e9c25e915f139b6dc9cafdd7c02f539950006c8e18500000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x24008841}, 0x40000)
r9 = socket$xdp(0x2c, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000240)='devlink_trap_report\x00', r8}, 0x18)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {<r10=>r9}}, './file0\x00'})
ioctl$KDGKBENT(r10, 0x4b46, &(0x7f0000000080)={0x80, 0x4, 0x8})
r11 = syz_usb_connect$cdc_ecm(0x1, 0x5b, &(0x7f0000000880)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49, 0x1, 0x1, 0x4, 0x20, 0x1, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x6, {{0xa, 0x24, 0x6, 0x0, 0x0, "f2a9f434d5"}, {0x5, 0x24, 0x0, 0x47a6}, {0xd, 0x24, 0xf, 0x1, 0x9, 0xa, 0x6, 0x80}}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0x4, 0x3, 0x10}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x1, 0x5, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x3, 0x7f, 0x3}}}}}]}}]}}, &(0x7f0000000d80)={0xa, &(0x7f0000000800)={0xa, 0x6, 0x200, 0x1e, 0xc0, 0x0, 0x40, 0x3}, 0x8d, &(0x7f0000001640)={0x5, 0xf, 0x8d, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x62, 0x81, 0xb, 0x8000, 0x4}, @ssp_cap={0x24, 0x10, 0xa, 0x4, 0x6, 0x9, 0xf00, 0x2b6, [0x3f00, 0x80fe0f, 0x3f, 0xff0000, 0x8540cb79f03cde0a, 0xff000f]}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "59070957621fa55ea899c4a07df63a39"}, @generic={0x3e, 0x10, 0x2, "a8dfa9b9a6f4167da95652ba98c8f6b51cb60ce5d8930a0c14dd3ef3400ef73d90a1a2fda3e54e89aeff1b04dcf403ef114620c0e5780377309927"}, @ext_cap={0x7, 0x10, 0x2, 0x0, 0x4, 0x3, 0x2}]}, 0x6, [{0x77, &(0x7f0000000a40)=@string={0x77, 0x3, "7832ecaa531a6b3863622c0462a78c79faacf494d6e42b1ede5d4b5a09936d0f29962fc5e6e3f7e0e56e10245c6eed585ad4ee7031c0f680070dd69dc3068bd8bbbcaa24574c1303a379fed9035ecac955144936cec2418ab752bc09e8a0f39d4244a242115ceab38667b07eac62df01d3a5e1f030"}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x429}}, {0x6b, &(0x7f0000000b00)=@string={0x6b, 0x3, "d8fb453393a39d758cba76111b86ec174ba9e12a2959967f4c69c9d0b8e8dc2814f7b97e7b959fb2a9df2e680655a237d8a125ce7aeee1fe66a412e9a2a681e606e619b6e8e7c276c38e628a0330db244ae6cdd11fb0dfba54012b193274c4f47298bde95d49d32c91"}}, {0xfffffffffffffcc0, &(0x7f0000000b80)=@string={0xfc, 0x3, "6a84feb54be3f7328c681674c9f715384b09d07bafbf58853cd5fa0565a018e05ee3268adfd6a5a4df9d0dade3ef1062861712d4826264c2b8482f91c1cc693226345c18c714b5d2328054887bf105274fc6bf4fbc01f5a856432d1391e67a69690a9ead36b71e66cd36e13327151ef6ca54ee2fc13c8cdfef003652a2a2223ae6819c6bd1e28564f8bf08bbaa6110596d1ae1eedb3428b021bfa3fee7698e96a0da21ce716e0c8964f404f5b91dd49e18566972b6edda3cef76aa44f5329de33b68ca368134d597e87ccd93abe6b3252e11389704c369d1a934f04b0e5a7ce441624b45f5ff5129ab9192e74c2c32167504c0697ce70645c346"}}, {0x4, &(0x7f0000000c80)=@lang_id={0x4, 0x3, 0x40a}}, {0x84, &(0x7f0000000cc0)=@string={0x84, 0x3, "08e90e1999d7cbe962774dba2cac96bd8191c742ed7fb35a6f7cd34f7758f0677914735fd57c770fa2e214d90e182ae4cf69888f4c99f51bb70335aaa92a7ccc2f8b8e473c55c354436f00bfa9401e71ecb96a1258b8810a038897f6e21c53b5d196dcc1db215abb5dadb81ba18b59980b182805d609074a9c15d2dbbebc242669a4"}}]})
syz_usb_control_io(r11, &(0x7f0000001080)={0x2c, &(0x7f0000000e00)={0x40, 0x9, 0x18, {0x18, 0x5, "2298e1e1b52306f4402b5aa665f98a2e1930e0b00707"}}, &(0x7f0000000e40)={0x0, 0x3, 0x3b, @string={0x3b, 0x3, "772132c8cb36100bb2b734fb48eea6ccdc5c6879c6d618a944678019129731d190f1396aa9a4590156628310d19b2093b13b478a2993f5c720"}}, &(0x7f0000000ec0)={0x0, 0xf, 0x119, {0x5, 0xf, 0x119, 0x6, [@ptm_cap={0x3}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "115fdc4392d363b6e7ae94688251c168"}, @ptm_cap={0x3}, @ssp_cap={0x24, 0x10, 0xa, 0x0, 0x6, 0x3ff00, 0xf00, 0x5, [0xff0000, 0x0, 0x30, 0x8130, 0xff6000, 0xc0cf]}, @generic={0xd3, 0x10, 0xb, "396a4663ca8e31e969e565ec209a3215b19f92b7c1493a45cc9f6532daa741c1fa752bc43a3d5978db0ff54609805daa36f8549cb1a994e666c2e42e1db629e70290a6e36f54ab251042045ad71e82d42868482d4aff2bced7b10012e1296c044bb37fcc6d9359c619a45449ed9f673bfbb47facb596b2f7e9cc15d66a31fc5f0f6bff075725e401d586888705019a23175f9f03859700712b061c20af43048121067b73221031eb64bfca2858ff4ab8584483ec4de5f407d829da87ca37828d0eaba6f1b1a2806b8595ed304ba8d4a8"}]}}, &(0x7f0000001000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x1, 0xfb, 0xf7, "9e1c521a", "4a152932"}}, &(0x7f0000001040)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x2, 0x2, 0x9, 0x6, 0x2, 0x1000, 0x6}}}, &(0x7f0000001540)={0x84, &(0x7f00000010c0)={0x0, 0x8, 0xcf, "d4ece0437333238c4c21d3a2f2c6d6a2edcad1895e14b046c2a0fc187ad3966ca2fe2421e868f31d7a0655714dce08dc7cb85fd88259e4f8d152a07661f93b96355bc69bc54e1715dc955c4b76aa8e9aa22c535e22e053edc77d902b3ba7cec85a3e2ecbc1e260ae0adbcfc793a8f1d4ae0987df9ed6309ec7d28e35efb38dba83d0f4a8670074c719ca5bafaab6938636324775d6121240e61dc66a3241c743daf9f41fde69938b0e15e0dabc28f57637e411f0851a5e16f198c2025cae186950e6325668110f19e942fdb4474cd1"}, &(0x7f00000011c0)={0x0, 0xa, 0x1, 0xe}, 0xffffffffffffffff, &(0x7f0000001200)={0x20, 0x0, 0x4, {0x2, 0x2}}, &(0x7f0000001240)={0x20, 0x0, 0x8, {0x40, 0x20, [0x0]}}, &(0x7f0000001280)={0x40, 0x7, 0x2}, &(0x7f00000012c0)={0x40, 0x9, 0x1, 0x3}, &(0x7f0000001300)={0x40, 0xb, 0x2, "032a"}, &(0x7f0000001340)={0x40, 0xf, 0x2, 0x6}, &(0x7f0000001380)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, &(0x7f00000013c0)={0x40, 0x17, 0x6, @remote}, &(0x7f0000001400)={0x40, 0x19, 0x2, "9b13"}, &(0x7f0000001440)={0x40, 0x1a, 0x2, 0xfff8}, &(0x7f0000001480)={0x40, 0x1c, 0x1, 0x8a}, &(0x7f00000014c0)={0x40, 0x1e, 0x1, 0x8}, &(0x7f0000001500)={0x40, 0x21, 0x1, 0x9}})

356.638561ms ago: executing program 0 (id=357):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async, rerun: 32)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0), 0x4) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x93cea4bee562f1e5, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0xc, 0xa9, &(0x7f00000002c0)=""/169, 0x41100, 0xa, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x1, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x0, 0x9, 0x9, 0x90000}, 0x10, 0x0, 0xffffffffffffffff, 0x7, &(0x7f00000003c0)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000400)=[{0x3, 0x2, 0x10, 0x6}, {0x4, 0x3, 0xd, 0x8}, {0x4, 0x1, 0xb, 0x4}, {0x4, 0x1, 0x3, 0x1}, {0x0, 0x4, 0xa, 0xc}, {0x5, 0x3, 0xa, 0x7}, {0x5, 0x4, 0xd, 0x7}], 0x10, 0x5, @void, @value}, 0x94) (async)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001940)='/sys/power/wakeup_count', 0x183401, 0x0) (async)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001980)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x5f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4, 0x0, @void, @value, @void, @value}, 0x50) (async)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000001a00)={{0x1, 0x1, 0x18, <r2=>0xffffffffffffffff, {0x90, 0xa20b}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x17, 0x6, &(0x7f0000000800)=@raw=[@exit, @map_idx_val={0x18, 0x3, 0x6, 0x0, 0xb, 0x0, 0x0, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x9}, @generic={0x7, 0x4, 0x5, 0xffff, 0x8}], &(0x7f0000000840)='syzkaller\x00', 0xd, 0x62, &(0x7f0000001140)=""/98, 0x41100, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, &(0x7f0000000880)={0x8, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, r0, 0x5, &(0x7f0000001a40)=[r1, r2], &(0x7f0000001a80)=[{0x4, 0x3, 0x7, 0x3}, {0x0, 0x1, 0xd, 0xa}, {0x5, 0x1, 0x5, 0x1}, {0x0, 0x5, 0xc, 0x5}, {0x1, 0x1, 0x0, 0xb}], 0x10, 0x10000, @void, @value}, 0x94) (async, rerun: 64)
sched_setscheduler(0x0, 0x5, &(0x7f0000000080)=0x8) (async, rerun: 64)
r3 = getpid()
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) (async)
fsync(0xffffffffffffffff) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 32)
pipe2$watch_queue(&(0x7f0000000480)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80) (rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000016c0)=[{{&(0x7f0000000580)=@ieee802154, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000600)=""/174, 0xae}], 0x1}, 0x4}, {{&(0x7f00000006c0)=@alg, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000740)=""/78, 0x4e}], 0x1, &(0x7f0000001880)=""/168, 0xa8}, 0x7}, {{&(0x7f00000008c0)=@phonet, 0x80, &(0x7f0000000a00)=[{&(0x7f0000000940)=""/103, 0x67}, {&(0x7f00000009c0)=""/55, 0x37}, {&(0x7f0000000ec0)=""/226, 0xe2}], 0x3}, 0xfc1}, {{0x0, 0x0, &(0x7f0000001280)=[{&(0x7f0000000fc0)=""/89, 0x59}, {&(0x7f0000001040)=""/247, 0xf7}, {&(0x7f0000001800)=""/92, 0x5c}, {&(0x7f00000011c0)=""/144, 0x90}], 0x4, &(0x7f00000012c0)=""/215, 0xd7}, 0x1}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000013c0)=""/241, 0xf1}, {&(0x7f00000014c0)=""/129, 0x81}, {&(0x7f0000001580)=""/235, 0xeb}], 0x3}, 0x401}], 0x5, 0x2, 0x0) (async)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_RW(r7, 0x118, 0x0, 0x0, 0x0) (async, rerun: 64)
bpf$MAP_CREATE(0x0, 0x0, 0x48) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18) (async, rerun: 64)
ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, &(0x7f0000000500)) (async, rerun: 64)
socket$inet_udplite(0x2, 0x2, 0x88)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000a40)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f8, 0x180, 0x0, 0xffffff6a, 0x0, 0x0, 0x328, 0x258, 0x258, 0x328, 0x258, 0x3, 0x0, {[{{@uncond, 0x0, 0x118, 0x180, 0x0, {}, [@common=@inet=@ipcomp={{0x30}, {[0x4d3, 0x4d2]}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0x0, 0xffffff00]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x2, 0x0, 0xfffffffa, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x180, 0x1a8, 0x0, {}, [@common=@srh1={{0x90}, {0x88, 0xf9, 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @empty, @private2, [0x8beee2ccb8d58425], [], [0x0, 0xff]}}, @common=@dst={{0x48}, {0x0, 0x1, 0x1, [0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc]}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x6, 0xd}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x458)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x16, 0x16, &(0x7f00000001c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000150400003d0301000000000095000f00000000006926000000000000bf67000000000000450700000fff07003506000002000000170600000ee50014bf250000000000005d670000000000006507000006000000070700004c0001000f75000000000000bf54000000000000070400000400f9ff2d440100000000009500000000000000050000000000000095000700000000000172dbabb733a0e757c7c45402000000a2d23da04d1ffc187f9955911aa1a2ba7ba030c7267c2de00435fd253cc0f0d9b2c3127c46b0f4f95345de3188f0d808398d09ee4dc258d726eae098804de25df627a64ab8efde50fd7f1d58d67e684c45e506598bae66ea1a7cd29032de94983dfab0e5043daf1b46bef5135c65377bdbe65d525743d88ef4b2ee62652b07e8a4b6e6355cecc13a5ddf4157f2bfab7201112a30274101fceee66eca91bd5fecb254ab358488c400330171128be291297947d474c570a385a44dd9ff4ae730ae9d0ae42d8814a8c96f101df7da839bcdd7b7c33c8cfe6fd599543ac604d8dd42fc66cdb79cd09ceeedce1e69f11967919f82b0276c90420d08897ee8514b43533f07132589a0a37110fd8571b1e69251bba35cd06c8bd430aafbecfd33757b7dc4803123e9107e5cceaec2a391f9b9b577295ac3864f6c1e30e6190a055953e18bedd1859acdd15af7209d15950f9195b401e74f8b5210e28d46dde2658b4695d9ac9ce7cbefc164a5454fc4da6104db281e18a8992b9f8c82b895da647e6ea4cb622314c5c48abfd620adf7757c23a31a619edcfb45a402c5fced05e5274e08a313d6c5fdd0a8d36b1a268056e6f7e9a6daa5632cda5ad2a9ebfac980c7db63137c226f712e522aad0f13b0e5b43d837d040f813d011538"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x253, 0x10, &(0x7f0000000000), 0x19f, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) (async)
setsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0x13, 0x0, 0x0)

177.123361ms ago: executing program 0 (id=358):
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r5}, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NLBL_MGMT_C_LISTALL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x14, r6, 0xb03, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20040880)
openat$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000240)='memory.pressure\x00', 0x2, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r3, 0x0, 0x0) (fail_nth: 1)
r8 = openat$cgroup_subtree(r7, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r8, &(0x7f0000000440)=ANY=[], 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x98f90d, 0x9, '\x00', @p_u8=&(0x7f0000000040)}})

0s ago: executing program 1 (id=359):
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_setup(0x83b, &(0x7f0000000240))
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='cifs\x00', 0x0)
syz_open_dev$vim2m(0x0, 0x20003, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x7, 0x8}, 0x0)
fanotify_init(0xa00, 0x0)
clock_gettime(0xfffffffffffffffc, &(0x7f0000003a40))
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil)
r3 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r3, &(0x7f0000000000)='2\x00', 0x2)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f00000001c0)='s|m\x99R\xa9F\xdb\x0e\xe2\xd6-QJsS\x05_.S\x85`\xb0wd\xda\xd4\xa5\xa3\x91urce\x91\x81\x126\xa8\xb8\xb6\xb7\x94\xcd`\xe4=:\xba\xc9\xdeg`<\xa3\x84@\x85\x9aTX\x1c!G~e\x1c\xa2\xf5n.\xbc-\x9e\xa5(\xe7\fL\xa4\xbc<\xea\x84\xf4\xf0\xe3,+\x9c\xe0\xa9\xa6\x19', &(0x7f0000000580)='\\/\xe9\x838\x9d<\f\x91\a\xd4$\xae$\x91&6n @\xf4M\xba\xf2<\xd6A\xdb\xd7\xbe\b\x00g\xcc\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa7\x15R.\xa3`fSc\x8b\x18rBl{\x82\\/A\x17\n\f\xcd=\'\x11\x1bZ\x8e\xb1\xc3j$v\xefw\x96\\\xff\xa2\xfc\xe3\xa9\xb7\vS\xae&\xe8\x02T\xd5M4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xaa\xdf\xbe\x8b\x89\x81|l\x93Il\x90\xc9\x98\'OY\x05\xa5M\xf4o\x8b\xf0\xa3\x81\xd6\xbf@\xee\x92\xc8Q\an\xec\x03V\x854\x91s\xbaM\xd6\xafd\xc5\x1a\xdb\xb4=\x14\xed\x18:\x1c\x13\xea\xd4j\x83\x87\tR}<{\x9b\x9b\xc7M\xdf\xbd\xcc\xbb\x9b\xf0\r\x14\xb6\xe06\xae\xcd\xfa\x1b\"\xe4+\xd7\xab\x83\x83\xc9\x9a\xbbN\xbe\xaa\xda\x12{0\x85\xd6\xb0\xd8\'\x04<Yy\xec\xcf\x91\xfbY6\x19\xa9i\xb1Z\x1bW\xad\x9d<\xc5_\x0egroK\xbd1\n\xa3\x98y\xca\xa8Fl\x8f\x98\x97\xf1\x96\x9f\xf5\x022\xb0\xdd\n\xd1\xa8@\x88\xafoqI~]\xb9\x9eC?\x1d\xac,\xd3\xf6\xbbuF0tk\x10\xaf\x88\x7f\x98\x12\xbf\x89\x1c\x10\x1e\x10#Y\x8f\x9d\xe0A\xdc%\xae\x1d\xaf\x9fl\x17\x81\xa6', 0x0)
preadv(r0, &(0x7f0000000740), 0x0, 0x401, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000008c0)=@newtaction={0x214, 0x30, 0x300, 0x71bd2a, 0x25dfdbff, {}, [{0x200, 0x1, [@m_gact={0x14c, 0x17, 0x0, 0x0, {{0x9}, {0x4}, {0x11d, 0x6, "0f617356f0a663079abe295a350af32575b7576a2846e5b3b3d9b048dc90bac2c3b40552dc14f7774371c98d6e2763d4fda783e36f45e224474cc6a0e6a530d841c87c70bbf3448d6187a58197fa3ffb0b318a51ba59415ac311a355fe1d08f8de9966d8ba89a56bfbc37c6af7d37dcdeb618f98f29bf3b05a23cefbbf51193614c08c162352d9eaad342b2f307dd8babd71ab8a1c4f80bbbbccc8ce4d369a33f9c6fc16198b2cfa20bc906e08c92c0642310e03f00a0ed12baa1df64f1bf0502f23ff4d6a5e05aa81fa19a9b88c32227231211d5d298a3c63d5549b1a72ad3a2c2dbf727e06036e6f15f608bea0e2a8ff93600a6133a9b45faa6924e7b9e8756e78750bdef4103fcd162842f48260e1dbb952cf91a4fdf9ca"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}, @m_sample={0x30, 0x1c, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x3}}}}, @m_bpf={0x34, 0xa, 0x0, 0x0, {{0x8}, {0x4}, {0x9, 0x6, "266510c489"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x3}}}}, @m_vlan={0x4c, 0x13, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x6, 0x4, 0x3, 0x7, 0x294cce70}, 0x3}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}, 0x214}, 0x1, 0x0, 0x0, 0x4000810}, 0x40)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x18, 0x1411, 0x1, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x11}]}, 0x18}}, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000540)='vegas\x00', 0x6)
r7 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f030000000000000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00150c00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x0)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0xa, 0xf, 0xd, 0x0, 0xb021, 0x0})

kernel console output (not intermixed with test programs):

3][ T6306]  ? __x64_sys_msgsnd+0xe5/0x130
[   92.569842][ T6306]  __x64_sys_msgsnd+0xe5/0x130
[   92.569853][ T6306]  do_syscall_64+0xcd/0x4c0
[   92.569868][ T6306]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.569879][ T6306] RIP: 0033:0x7f654d58e929
[   92.569887][ T6306] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   92.569896][ T6306] RSP: 002b:00007f654e37d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000045
[   92.569906][ T6306] RAX: ffffffffffffffda RBX: 00007f654d7b6160 RCX: 00007f654d58e929
[   92.569912][ T6306] RDX: 0000000000002000 RSI: 0000200000000440 RDI: 0000000000000000
[   92.569918][ T6306] RBP: 00007f654e37d090 R08: 0000000000000000 R09: 0000000000000000
[   92.569923][ T6306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.569928][ T6306] R13: 0000000000000001 R14: 00007f654d7b6160 R15: 00007ffea0c20618
[   92.569943][ T6306]  </TASK>
[   93.169718][ T5935] IPVS: starting estimator thread 0...
[   93.179834][   T30] kauditd_printk_skb: 11 callbacks suppressed
[   93.179847][   T30] audit: type=1400 audit(1750585224.831:262): avc:  denied  { write } for  pid=6312 comm="syz.0.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   93.190145][ T6308] warning: `syz.4.109' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   93.205362][    C0] vkms_vblank_simulate: vblank timer overrun
[   93.283545][ T6314] IPVS: using max 44 ests per chain, 105600 per kthread
[   93.577247][   T30] audit: type=1400 audit(1750585224.831:263): avc:  denied  { connect } for  pid=6312 comm="syz.0.111" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   93.613570][   T30] audit: type=1400 audit(1750585224.831:264): avc:  denied  { name_connect } for  pid=6312 comm="syz.0.111" dest=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[   93.663207][ T5935] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   93.713456][   T30] audit: type=1400 audit(1750585224.841:265): avc:  denied  { bind } for  pid=6307 comm="syz.4.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   93.843741][   T30] audit: type=1400 audit(1750585224.841:266): avc:  denied  { listen } for  pid=6307 comm="syz.4.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   93.883116][   T30] audit: type=1400 audit(1750585224.841:267): avc:  denied  { connect } for  pid=6307 comm="syz.4.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   93.898076][ T5935] usb 3-1: Using ep0 maxpacket: 16
[   93.905367][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   93.909757][ T5935] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[   93.916253][ T6325] FAULT_INJECTION: forcing a failure.
[   93.916253][ T6325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   93.976195][ T6326] netlink: 8 bytes leftover after parsing attributes in process `syz.0.113'.
[   93.985172][ T6326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.113'.
[   94.063232][ T6325] CPU: 1 UID: 0 PID: 6325 Comm: syz.1.114 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[   94.063259][ T6325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   94.063268][ T6325] Call Trace:
[   94.063274][ T6325]  <TASK>
[   94.063281][ T6325]  dump_stack_lvl+0x16c/0x1f0
[   94.063311][ T6325]  should_fail_ex+0x512/0x640
[   94.063336][ T6325]  _copy_from_user+0x2e/0xd0
[   94.063367][ T6325]  copy_msghdr_from_user+0x98/0x160
[   94.063392][ T6325]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   94.063431][ T6325]  ___sys_sendmsg+0xfe/0x1d0
[   94.063456][ T6325]  ? __pfx____sys_sendmsg+0x10/0x10
[   94.063477][ T6325]  ? __lock_acquire+0x622/0x1c90
[   94.063541][ T6325]  __sys_sendmsg+0x16d/0x220
[   94.063565][ T6325]  ? __pfx___sys_sendmsg+0x10/0x10
[   94.063607][ T6325]  do_syscall_64+0xcd/0x4c0
[   94.063635][ T6325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   94.063652][ T6325] RIP: 0033:0x7fbb6878e929
[   94.063666][ T6325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   94.063684][ T6325] RSP: 002b:00007fbb69589038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   94.063700][ T6325] RAX: ffffffffffffffda RBX: 00007fbb689b5fa0 RCX: 00007fbb6878e929
[   94.063711][ T6325] RDX: 0000000004040000 RSI: 0000200000000240 RDI: 0000000000000006
[   94.063720][ T6325] RBP: 00007fbb69589090 R08: 0000000000000000 R09: 0000000000000000
[   94.063730][ T6325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   94.063739][ T6325] R13: 0000000000000000 R14: 00007fbb689b5fa0 R15: 00007fff9f0adeb8
[   94.063765][ T6325]  </TASK>
[   94.197979][   T30] audit: type=1400 audit(1750585224.851:268): avc:  denied  { read } for  pid=6307 comm="syz.4.109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   94.255353][    C0] vkms_vblank_simulate: vblank timer overrun
[   94.298621][ T5935] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   94.308864][ T5935] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   94.323681][   T30] audit: type=1400 audit(1750585225.551:269): avc:  denied  { relabelfrom } for  pid=6323 comm="syz.1.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   94.347741][   T30] audit: type=1400 audit(1750585225.551:270): avc:  denied  { relabelto } for  pid=6323 comm="syz.1.114" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[   94.371337][ T5935] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   94.376574][    T9] usb 5-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[   94.380635][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.399956][ T5935] usb 3-1: Product: syz
[   94.400181][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   94.404173][ T5935] usb 3-1: Manufacturer: syz
[   94.418402][ T5935] usb 3-1: SerialNumber: syz
[   94.441229][    T9] usb 5-1: Product: syz
[   94.451230][    T9] usb 5-1: Manufacturer: syz
[   94.504767][    T9] usb 5-1: SerialNumber: syz
[   94.548377][    T9] usb 5-1: config 0 descriptor??
[   94.580032][   T30] audit: type=1400 audit(1750585226.241:271): avc:  denied  { read } for  pid=6328 comm="syz.1.116" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   94.870795][ T5935] usb 3-1: 0:2 : does not exist
[   94.944312][ T5866] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[   95.133094][ T5866] usb 1-1: Using ep0 maxpacket: 32
[   95.179151][ T5866] usb 1-1: config 0 has an invalid interface number: 83 but max is 0
[   95.191516][ T5866] usb 1-1: config 0 has no interface number 0
[   95.202225][ T5866] usb 1-1: config 0 interface 83 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   95.227773][ T5866] usb 1-1: config 0 interface 83 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[   95.264293][ T5866] usb 1-1: config 0 interface 83 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   95.281740][ T5866] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11
[   95.328418][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   95.345715][ T5866] usb 1-1: Product: syz
[   95.349929][ T5866] usb 1-1: Manufacturer: syz
[   95.369519][ T5866] usb 1-1: SerialNumber: syz
[   95.380679][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[   95.403570][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0080: ffffffb9
[   95.423689][ T5866] usb 1-1: config 0 descriptor??
[   95.449054][ T5866] redrat3 1-1:0.83: Couldn't find all endpoints
[   95.451520][    T9] asix 5-1:0.0: probe with driver asix failed with error -71
[   95.515957][    T9] usb 5-1: USB disconnect, device number 4
[   95.538827][ T6345] netlink: 20 bytes leftover after parsing attributes in process `syz.1.121'.
[   95.569181][ T6345] netlink: 8 bytes leftover after parsing attributes in process `syz.1.121'.
[   95.644522][ T5866] usb 1-1: USB disconnect, device number 6
[   95.753808][ T6348] syz.3.122 uses obsolete (PF_INET,SOCK_PACKET)
[   95.875506][ T6350] Malformed UNC in devname
[   95.875506][ T6350] 
[   95.882267][ T6350] CIFS: VFS: Malformed UNC in devname
[   96.912226][ T6357] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   96.937303][ T6360] mmap: syz.0.125 (6360) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   97.010879][ T6357] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.183275][ T5935] usb 3-1: USB disconnect, device number 4
[   97.651162][ T6376] FAULT_INJECTION: forcing a failure.
[   97.651162][ T6376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   97.672337][ T6376] CPU: 0 UID: 0 PID: 6376 Comm: syz.3.130 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[   97.672361][ T6376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   97.672370][ T6376] Call Trace:
[   97.672376][ T6376]  <TASK>
[   97.672382][ T6376]  dump_stack_lvl+0x16c/0x1f0
[   97.672410][ T6376]  should_fail_ex+0x512/0x640
[   97.672433][ T6376]  _copy_from_user+0x2e/0xd0
[   97.672456][ T6376]  copy_msghdr_from_user+0x98/0x160
[   97.672479][ T6376]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   97.672513][ T6376]  ___sys_sendmsg+0xfe/0x1d0
[   97.672535][ T6376]  ? __pfx____sys_sendmsg+0x10/0x10
[   97.672555][ T6376]  ? __lock_acquire+0x622/0x1c90
[   97.672617][ T6376]  __sys_sendmsg+0x16d/0x220
[   97.672641][ T6376]  ? __pfx___sys_sendmsg+0x10/0x10
[   97.672685][ T6376]  do_syscall_64+0xcd/0x4c0
[   97.672712][ T6376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.672729][ T6376] RIP: 0033:0x7f1c3ad8e929
[   97.672742][ T6376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   97.672758][ T6376] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.672774][ T6376] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[   97.672785][ T6376] RDX: 0000000000008800 RSI: 0000200000000180 RDI: 0000000000000003
[   97.672794][ T6376] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[   97.672804][ T6376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   97.672813][ T6376] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[   97.672837][ T6376]  </TASK>
[   97.986643][ T6384] FAULT_INJECTION: forcing a failure.
[   97.986643][ T6384] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   98.073125][ T6384] CPU: 0 UID: 0 PID: 6384 Comm: syz.4.132 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[   98.073150][ T6384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   98.073160][ T6384] Call Trace:
[   98.073165][ T6384]  <TASK>
[   98.073172][ T6384]  dump_stack_lvl+0x16c/0x1f0
[   98.073200][ T6384]  should_fail_ex+0x512/0x640
[   98.073225][ T6384]  _copy_from_iter+0x29f/0x16f0
[   98.073259][ T6384]  ? __pfx__copy_from_iter+0x10/0x10
[   98.073284][ T6384]  ? _kstrtoull+0x145/0x200
[   98.073301][ T6384]  ? __pfx__kstrtoull+0x10/0x10
[   98.073324][ T6384]  tun_get_user+0x240/0x3b80
[   98.073360][ T6384]  ? __pfx_tun_get_user+0x10/0x10
[   98.073382][ T6384]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   98.073415][ T6384]  ? find_held_lock+0x2b/0x80
[   98.073436][ T6384]  ? tun_get+0x191/0x370
[   98.073466][ T6384]  tun_chr_write_iter+0xdc/0x210
[   98.073492][ T6384]  vfs_write+0x6c7/0x1150
[   98.073515][ T6384]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   98.073541][ T6384]  ? __pfx_vfs_write+0x10/0x10
[   98.073559][ T6384]  ? find_held_lock+0x2b/0x80
[   98.073603][ T6384]  ksys_write+0x12a/0x250
[   98.073623][ T6384]  ? __pfx_ksys_write+0x10/0x10
[   98.073653][ T6384]  do_syscall_64+0xcd/0x4c0
[   98.073680][ T6384]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.073696][ T6384] RIP: 0033:0x7f989ab8e929
[   98.073710][ T6384] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.073724][ T6384] RSP: 002b:00007f989ba10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   98.073739][ T6384] RAX: ffffffffffffffda RBX: 00007f989adb5fa0 RCX: 00007f989ab8e929
[   98.073750][ T6384] RDX: 00000000000010da RSI: 00002000000000c0 RDI: 0000000000000003
[   98.073759][ T6384] RBP: 00007f989ba10090 R08: 0000000000000000 R09: 0000000000000000
[   98.073768][ T6384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.073777][ T6384] R13: 0000000000000000 R14: 00007f989adb5fa0 R15: 00007ffee49ac378
[   98.073802][ T6384]  </TASK>
[   98.387288][   T30] kauditd_printk_skb: 6 callbacks suppressed
[   98.387301][   T30] audit: type=1400 audit(1750585230.011:278): avc:  denied  { create } for  pid=6389 comm="syz.0.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   98.508071][   T30] audit: type=1400 audit(1750585230.011:279): avc:  denied  { connect } for  pid=6389 comm="syz.0.135" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   98.521800][ T6390] bridge_slave_0: left allmulticast mode
[   98.552712][ T6390] bridge_slave_0: left promiscuous mode
[   98.593656][ T6390] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.681323][   T30] audit: type=1400 audit(1750585230.341:280): avc:  denied  { listen } for  pid=6399 comm="syz.4.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   98.700669][    C1] vkms_vblank_simulate: vblank timer overrun
[   98.711005][ T6390] bridge_slave_1: left allmulticast mode
[   98.717286][ T6388] FAULT_INJECTION: forcing a failure.
[   98.717286][ T6388] name failslab, interval 1, probability 0, space 0, times 0
[   98.732418][ T6390] bridge_slave_1: left promiscuous mode
[   98.739356][ T6390] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.749464][ T6388] CPU: 1 UID: 0 PID: 6388 Comm: syz.3.134 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[   98.749487][ T6388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   98.749497][ T6388] Call Trace:
[   98.749502][ T6388]  <TASK>
[   98.749509][ T6388]  dump_stack_lvl+0x16c/0x1f0
[   98.749538][ T6388]  should_fail_ex+0x512/0x640
[   98.749559][ T6388]  ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0
[   98.749585][ T6388]  should_failslab+0xc2/0x120
[   98.749609][ T6388]  kmem_cache_alloc_lru_noprof+0x72/0x3b0
[   98.749635][ T6388]  ? alloc_inode+0xc3/0x240
[   98.749655][ T6388]  alloc_inode+0xc3/0x240
[   98.749671][ T6388]  alloc_anon_inode+0x28/0x3e0
[   98.749695][ T6388]  secretmem_file_create.constprop.0+0x4d/0x2c0
[   98.749723][ T6388]  __x64_sys_memfd_secret+0xc5/0x1a0
[   98.749747][ T6388]  do_syscall_64+0xcd/0x4c0
[   98.749772][ T6388]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.749787][ T6388] RIP: 0033:0x7f1c3ad8e929
[   98.749799][ T6388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.749814][ T6388] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001bf
[   98.749828][ T6388] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[   98.749843][ T6388] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000080000
[   98.749851][ T6388] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[   98.749860][ T6388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.749869][ T6388] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[   98.749892][ T6388]  </TASK>
[   98.750023][   T30] audit: type=1400 audit(1750585230.341:281): avc:  denied  { accept } for  pid=6399 comm="syz.4.137" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   98.866772][    C1] vkms_vblank_simulate: vblank timer overrun
[   99.033573][ T6390] bond0: (slave bond_slave_0): Releasing backup interface
[   99.048686][ T6390] bond0: (slave bond_slave_1): Releasing backup interface
[   99.084155][ T6390] team0: Port device team_slave_0 removed
[   99.118622][ T6390] team0: Port device team_slave_1 removed
[   99.136214][ T6390] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   99.144353][ T6390] batman_adv: batadv0: Removing interface: batadv_slave_0
[   99.196750][   T30] audit: type=1400 audit(1750585230.831:282): avc:  denied  { create } for  pid=6402 comm="syz.2.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   99.232492][ T6390] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   99.250079][   T30] audit: type=1400 audit(1750585230.831:283): avc:  denied  { read } for  pid=6402 comm="syz.2.139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   99.286839][ T6390] batman_adv: batadv0: Removing interface: batadv_slave_1
[   99.310728][   T30] audit: type=1400 audit(1750585230.951:284): avc:  denied  { name_connect } for  pid=6415 comm="syz.1.141" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  100.363100][   T30] audit: type=1400 audit(1750585232.021:285): avc:  denied  { create } for  pid=6430 comm="syz.3.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  100.383105][    C1] vkms_vblank_simulate: vblank timer overrun
[  100.430131][   T30] audit: type=1400 audit(1750585232.031:286): avc:  denied  { write } for  pid=6430 comm="syz.3.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  100.450056][    C1] vkms_vblank_simulate: vblank timer overrun
[  100.458297][ T5866] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  100.531753][   T30] audit: type=1400 audit(1750585232.051:287): avc:  denied  { bind } for  pid=6430 comm="syz.3.145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  100.551081][    C1] vkms_vblank_simulate: vblank timer overrun
[  100.621169][ T6443] FAULT_INJECTION: forcing a failure.
[  100.621169][ T6443] name failslab, interval 1, probability 0, space 0, times 0
[  100.653063][ T5866] usb 1-1: Using ep0 maxpacket: 8
[  100.658202][ T6443] CPU: 1 UID: 0 PID: 6443 Comm: syz.3.148 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  100.658224][ T6443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  100.658233][ T6443] Call Trace:
[  100.658238][ T6443]  <TASK>
[  100.658244][ T6443]  dump_stack_lvl+0x16c/0x1f0
[  100.658272][ T6443]  should_fail_ex+0x512/0x640
[  100.658286][ T6443]  ? fs_reclaim_acquire+0xae/0x150
[  100.658298][ T6443]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  100.658312][ T6443]  should_failslab+0xc2/0x120
[  100.658327][ T6443]  __kmalloc_noprof+0xd2/0x510
[  100.658347][ T6443]  tomoyo_realpath_from_path+0xc2/0x6e0
[  100.658363][ T6443]  ? tomoyo_profile+0x47/0x60
[  100.658379][ T6443]  tomoyo_path_number_perm+0x245/0x580
[  100.658390][ T6443]  ? tomoyo_path_number_perm+0x237/0x580
[  100.658403][ T6443]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  100.658415][ T6443]  ? find_held_lock+0x2b/0x80
[  100.658439][ T6443]  ? find_held_lock+0x2b/0x80
[  100.658451][ T6443]  ? hook_file_ioctl_common+0x145/0x410
[  100.658469][ T6443]  ? __fget_files+0x20e/0x3c0
[  100.658485][ T6443]  security_file_ioctl+0x9b/0x240
[  100.658499][ T6443]  __x64_sys_ioctl+0xb7/0x210
[  100.658512][ T6443]  do_syscall_64+0xcd/0x4c0
[  100.658527][ T6443]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.658537][ T6443] RIP: 0033:0x7f1c3ad8e929
[  100.658546][ T6443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  100.658555][ T6443] RSP: 002b:00007f1c38bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  100.658565][ T6443] RAX: ffffffffffffffda RBX: 00007f1c3afb6080 RCX: 00007f1c3ad8e929
[  100.658571][ T6443] RDX: 0000000000000000 RSI: 0000000000005001 RDI: 0000000000000005
[  100.658577][ T6443] RBP: 00007f1c38bd5090 R08: 0000000000000000 R09: 0000000000000000
[  100.658582][ T6443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.658589][ T6443] R13: 0000000000000000 R14: 00007f1c3afb6080 R15: 00007ffea47fbce8
[  100.658602][ T6443]  </TASK>
[  100.658642][ T6443] ERROR: Out of memory at tomoyo_realpath_from_path.
[  100.733061][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  100.804772][ T5866] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  100.887464][ T5866] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  101.190782][ T5866] usb 1-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f
[  101.213115][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.527079][ T5866] usb 1-1: Product: syz
[  101.563412][ T5866] usb 1-1: Manufacturer: syz
[  101.606024][ T5866] usb 1-1: SerialNumber: syz
[  101.644271][ T5866] usb 1-1: config 0 descriptor??
[  101.767031][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  101.778592][   T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  101.790997][   T10] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  101.800890][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.816202][   T10] usb 5-1: config 0 descriptor??
[  101.881710][ T6452] netlink: 8 bytes leftover after parsing attributes in process `syz.3.151'.
[  101.890773][ T6452] netlink: 4 bytes leftover after parsing attributes in process `syz.3.151'.
[  102.574422][ T6454] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  102.590926][ T1674] usb 1-1: USB disconnect, device number 7
[  102.638929][ T6457] syzkaller1: entered promiscuous mode
[  102.644757][ T6457] syzkaller1: entered allmulticast mode
[  102.983264][   T10] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  103.039209][   T10] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  103.059421][   T10] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  103.067514][   T10] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  103.090560][   T10] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0
[  103.107697][   T10] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0
[  103.135304][ T6457] syz.1.153 (6457) used greatest stack depth: 17752 bytes left
[  103.204250][   T10] playstation 0003:054C:0DF2.0002: Failed to retrieve feature with reportID 9: -32
[  103.258642][ T6463] input: syz1 as /devices/virtual/input/input7
[  103.314101][ T6463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  103.324571][ T6463] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  104.168579][   T10] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense pairing info: -32
[  104.304212][   T10] playstation 0003:054C:0DF2.0002: Failed to get MAC address from DualSense
[  104.424302][ T6458] delete_channel: no stack
[  104.438841][   T10] playstation 0003:054C:0DF2.0002: Failed to create dualsense.
[  104.492253][   T10] playstation 0003:054C:0DF2.0002: probe with driver playstation failed with error -32
[  104.540636][ T6466] input: syz1 as /devices/virtual/input/input8
[  104.565105][ T6468] input: syz1 as /devices/virtual/input/input9
[  104.585100][ T6468] FAULT_INJECTION: forcing a failure.
[  104.585100][ T6468] name failslab, interval 1, probability 0, space 0, times 0
[  104.678629][ T6468] CPU: 1 UID: 0 PID: 6468 Comm: syz.3.156 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  104.678656][ T6468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  104.678666][ T6468] Call Trace:
[  104.678672][ T6468]  <TASK>
[  104.678679][ T6468]  dump_stack_lvl+0x16c/0x1f0
[  104.678708][ T6468]  should_fail_ex+0x512/0x640
[  104.678729][ T6468]  ? fs_reclaim_acquire+0xae/0x150
[  104.678749][ T6468]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  104.678772][ T6468]  should_failslab+0xc2/0x120
[  104.678797][ T6468]  __kmalloc_noprof+0xd2/0x510
[  104.678824][ T6468]  tomoyo_realpath_from_path+0xc2/0x6e0
[  104.678850][ T6468]  ? tomoyo_profile+0x47/0x60
[  104.678878][ T6468]  tomoyo_path_number_perm+0x245/0x580
[  104.678896][ T6468]  ? tomoyo_path_number_perm+0x237/0x580
[  104.678918][ T6468]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  104.678938][ T6468]  ? find_held_lock+0x2b/0x80
[  104.678980][ T6468]  ? find_held_lock+0x2b/0x80
[  104.678999][ T6468]  ? hook_file_ioctl_common+0x145/0x410
[  104.679031][ T6468]  ? __fget_files+0x20e/0x3c0
[  104.679058][ T6468]  security_file_ioctl+0x9b/0x240
[  104.679082][ T6468]  __x64_sys_ioctl+0xb7/0x210
[  104.679103][ T6468]  do_syscall_64+0xcd/0x4c0
[  104.679130][ T6468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.679147][ T6468] RIP: 0033:0x7f1c3ad8e929
[  104.679160][ T6468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  104.679175][ T6468] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  104.679191][ T6468] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[  104.679202][ T6468] RDX: 0000200000000500 RSI: 0000000040304580 RDI: 0000000000000004
[  104.679211][ T6468] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[  104.679221][ T6468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  104.679230][ T6468] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[  104.679253][ T6468]  </TASK>
[  104.679282][ T6468] ERROR: Out of memory at tomoyo_realpath_from_path.
[  104.753416][ T1674] usb 5-1: reset high-speed USB device number 5 using dummy_hcd
[  105.551762][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  105.551777][   T30] audit: type=1400 audit(1750585237.211:298): avc:  denied  { block_suspend } for  pid=6474 comm="syz.0.158" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  105.710031][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.159'.
[  105.720022][   T30] audit: type=1400 audit(1750585237.211:299): avc:  denied  { map } for  pid=6474 comm="syz.0.158" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  105.733365][ T6477] netlink: 8 bytes leftover after parsing attributes in process `syz.1.159'.
[  105.792209][ T6484] netlink: 'syz.3.161': attribute type 2 has an invalid length.
[  105.805271][   T30] audit: type=1400 audit(1750585237.211:300): avc:  denied  { execute } for  pid=6474 comm="syz.0.158" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  105.805289][ T6484] netlink: 48 bytes leftover after parsing attributes in process `syz.3.161'.
[  105.874317][ T6489] FAULT_INJECTION: forcing a failure.
[  105.874317][ T6489] name failslab, interval 1, probability 0, space 0, times 0
[  105.911662][ T6489] CPU: 1 UID: 0 PID: 6489 Comm: syz.4.160 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  105.911687][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  105.911696][ T6489] Call Trace:
[  105.911702][ T6489]  <TASK>
[  105.911708][ T6489]  dump_stack_lvl+0x16c/0x1f0
[  105.911736][ T6489]  should_fail_ex+0x512/0x640
[  105.911756][ T6489]  ? fs_reclaim_acquire+0xae/0x150
[  105.911774][ T6489]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  105.911796][ T6489]  should_failslab+0xc2/0x120
[  105.911818][ T6489]  __kmalloc_noprof+0xd2/0x510
[  105.911844][ T6489]  tomoyo_realpath_from_path+0xc2/0x6e0
[  105.911868][ T6489]  ? tomoyo_profile+0x47/0x60
[  105.911894][ T6489]  tomoyo_path_number_perm+0x245/0x580
[  105.911912][ T6489]  ? tomoyo_path_number_perm+0x237/0x580
[  105.911932][ T6489]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  105.911951][ T6489]  ? find_held_lock+0x2b/0x80
[  105.911992][ T6489]  ? find_held_lock+0x2b/0x80
[  105.912009][ T6489]  ? hook_file_ioctl_common+0x145/0x410
[  105.912039][ T6489]  ? __fget_files+0x20e/0x3c0
[  105.912064][ T6489]  security_file_ioctl+0x9b/0x240
[  105.912087][ T6489]  __x64_sys_ioctl+0xb7/0x210
[  105.912106][ T6489]  do_syscall_64+0xcd/0x4c0
[  105.912131][ T6489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  105.912147][ T6489] RIP: 0033:0x7f989ab8e929
[  105.912160][ T6489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  105.912175][ T6489] RSP: 002b:00007f989b9ef038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  105.912190][ T6489] RAX: ffffffffffffffda RBX: 00007f989adb6080 RCX: 00007f989ab8e929
[  105.912200][ T6489] RDX: 00002000000002c0 RSI: 000000008010aa02 RDI: 0000000000000003
[  105.912209][ T6489] RBP: 00007f989b9ef090 R08: 0000000000000000 R09: 0000000000000000
[  105.912218][ T6489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  105.912226][ T6489] R13: 0000000000000001 R14: 00007f989adb6080 R15: 00007ffee49ac378
[  105.912248][ T6489]  </TASK>
[  105.912254][ T6489] ERROR: Out of memory at tomoyo_realpath_from_path.
[  106.026091][ T6493] FAULT_INJECTION: forcing a failure.
[  106.026091][ T6493] name failslab, interval 1, probability 0, space 0, times 0
[  106.029672][   T30] audit: type=1400 audit(1750585237.361:301): avc:  denied  { ioctl } for  pid=6474 comm="syz.0.158" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  106.040400][ T6493] CPU: 0 UID: 0 PID: 6493 Comm: syz.3.162 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  106.040420][ T6493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  106.040428][ T6493] Call Trace:
[  106.040433][ T6493]  <TASK>
[  106.040439][ T6493]  dump_stack_lvl+0x16c/0x1f0
[  106.040464][ T6493]  should_fail_ex+0x512/0x640
[  106.040482][ T6493]  ? fs_reclaim_acquire+0xae/0x150
[  106.040498][ T6493]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  106.040518][ T6493]  should_failslab+0xc2/0x120
[  106.040538][ T6493]  __kmalloc_noprof+0xd2/0x510
[  106.040562][ T6493]  tomoyo_realpath_from_path+0xc2/0x6e0
[  106.040583][ T6493]  ? tomoyo_profile+0x47/0x60
[  106.040606][ T6493]  tomoyo_path_number_perm+0x245/0x580
[  106.040622][ T6493]  ? tomoyo_path_number_perm+0x237/0x580
[  106.040641][ T6493]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  106.040662][ T6493]  ? find_held_lock+0x2b/0x80
[  106.040704][ T6493]  ? find_held_lock+0x2b/0x80
[  106.040720][ T6493]  ? hook_file_ioctl_common+0x145/0x410
[  106.040748][ T6493]  ? __fget_files+0x20e/0x3c0
[  106.040772][ T6493]  security_file_ioctl+0x9b/0x240
[  106.040793][ T6493]  __x64_sys_ioctl+0xb7/0x210
[  106.040811][ T6493]  do_syscall_64+0xcd/0x4c0
[  106.040834][ T6493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.040849][ T6493] RIP: 0033:0x7f1c3ad8e929
[  106.040861][ T6493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  106.040874][ T6493] RSP: 002b:00007f1c38bd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  106.040888][ T6493] RAX: ffffffffffffffda RBX: 00007f1c3afb6080 RCX: 00007f1c3ad8e929
[  106.040897][ T6493] RDX: 0000200000000300 RSI: 00000000c06c4124 RDI: 0000000000000005
[  106.040906][ T6493] RBP: 00007f1c38bd5090 R08: 0000000000000000 R09: 0000000000000000
[  106.040915][ T6493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.040923][ T6493] R13: 0000000000000000 R14: 00007f1c3afb6080 R15: 00007ffea47fbce8
[  106.040942][ T6493]  </TASK>
[  106.041005][ T6493] ERROR: Out of memory at tomoyo_realpath_from_path.
[  106.045795][   T30] audit: type=1400 audit(1750585237.431:302): avc:  denied  { setopt } for  pid=6474 comm="syz.0.158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  106.202307][ T6495] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  106.224167][   T30] audit: type=1400 audit(1750585237.631:303): avc:  denied  { sys_module } for  pid=6474 comm="syz.0.158" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  106.406581][   T10] usb 5-1: USB disconnect, device number 5
[  106.493353][ T5947] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  106.653804][ T5947] usb 2-1: Using ep0 maxpacket: 32
[  106.662516][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.696307][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.717272][ T5947] usb 2-1: New USB device found, idVendor=05ac, idProduct=0265, bcdDevice= 0.00
[  106.736654][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.755514][ T5947] usb 2-1: config 0 descriptor??
[  106.813702][   T30] audit: type=1400 audit(1750585238.471:304): avc:  denied  { create } for  pid=6502 comm="syz.4.167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  106.836475][   T30] audit: type=1400 audit(1750585238.491:305): avc:  denied  { ioctl } for  pid=6502 comm="syz.4.167" path="socket:[10314]" dev="sockfs" ino=10314 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  107.900508][   T30] audit: type=1400 audit(1750585239.561:306): avc:  denied  { write } for  pid=6515 comm="syz.3.170" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  107.990056][ T6516] FAULT_INJECTION: forcing a failure.
[  107.990056][ T6516] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.164823][ T6516] CPU: 0 UID: 0 PID: 6516 Comm: syz.3.170 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  108.164851][ T6516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  108.164861][ T6516] Call Trace:
[  108.164869][ T6516]  <TASK>
[  108.164876][ T6516]  dump_stack_lvl+0x16c/0x1f0
[  108.164904][ T6516]  should_fail_ex+0x512/0x640
[  108.164930][ T6516]  _copy_from_user+0x2e/0xd0
[  108.164955][ T6516]  copy_msghdr_from_user+0x98/0x160
[  108.164979][ T6516]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  108.165014][ T6516]  ___sys_sendmsg+0xfe/0x1d0
[  108.165039][ T6516]  ? __pfx____sys_sendmsg+0x10/0x10
[  108.165061][ T6516]  ? __lock_acquire+0x622/0x1c90
[  108.165116][ T6516]  __sys_sendmsg+0x16d/0x220
[  108.165141][ T6516]  ? __pfx___sys_sendmsg+0x10/0x10
[  108.165180][ T6516]  do_syscall_64+0xcd/0x4c0
[  108.165207][ T6516]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.165225][ T6516] RIP: 0033:0x7f1c3ad8e929
[  108.165239][ T6516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.165255][ T6516] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  108.165272][ T6516] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[  108.165283][ T6516] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  108.165293][ T6516] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[  108.165302][ T6516] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.165312][ T6516] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[  108.165334][ T6516]  </TASK>
[  108.722626][ T6526] FAULT_INJECTION: forcing a failure.
[  108.722626][ T6526] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  108.761876][ T6526] CPU: 0 UID: 0 PID: 6526 Comm: syz.3.173 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  108.761904][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  108.761914][ T6526] Call Trace:
[  108.761919][ T6526]  <TASK>
[  108.761926][ T6526]  dump_stack_lvl+0x16c/0x1f0
[  108.761959][ T6526]  should_fail_ex+0x512/0x640
[  108.761985][ T6526]  _copy_from_iter+0x29f/0x16f0
[  108.762016][ T6526]  ? __pfx__copy_from_iter+0x10/0x10
[  108.762043][ T6526]  ? _kstrtoull+0x145/0x200
[  108.762060][ T6526]  ? __pfx__kstrtoull+0x10/0x10
[  108.762083][ T6526]  tun_get_user+0x240/0x3b80
[  108.762122][ T6526]  ? __pfx_tun_get_user+0x10/0x10
[  108.762145][ T6526]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  108.762190][ T6526]  ? find_held_lock+0x2b/0x80
[  108.762213][ T6526]  ? tun_get+0x191/0x370
[  108.762243][ T6526]  tun_chr_write_iter+0xdc/0x210
[  108.762269][ T6526]  vfs_write+0x6c7/0x1150
[  108.762292][ T6526]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  108.762319][ T6526]  ? __pfx_vfs_write+0x10/0x10
[  108.762338][ T6526]  ? find_held_lock+0x2b/0x80
[  108.762378][ T6526]  ksys_write+0x12a/0x250
[  108.762398][ T6526]  ? __pfx_ksys_write+0x10/0x10
[  108.762425][ T6526]  do_syscall_64+0xcd/0x4c0
[  108.762452][ T6526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  108.762469][ T6526] RIP: 0033:0x7f1c3ad8e929
[  108.762483][ T6526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  108.762498][ T6526] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  108.762514][ T6526] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[  108.762524][ T6526] RDX: 0000000000000028 RSI: 0000200000000840 RDI: 0000000000000003
[  108.762534][ T6526] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[  108.762544][ T6526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  108.762553][ T6526] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[  108.762576][ T6526]  </TASK>
[  109.300485][ T5947] usbhid 2-1:0.0: can't add hid device: -71
[  109.391468][ T5947] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  109.423026][   T30] audit: type=1400 audit(1750585241.081:307): avc:  denied  { bind } for  pid=6532 comm="syz.1.177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  109.489692][ T5947] usb 2-1: USB disconnect, device number 10
[  109.723798][ T6547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=4 sclass=netlink_route_socket pid=6547 comm=syz.1.179
[  110.086279][ T6551] FAULT_INJECTION: forcing a failure.
[  110.086279][ T6551] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  110.117678][ T6551] CPU: 1 UID: 0 PID: 6551 Comm: syz.0.174 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  110.117697][ T6551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  110.117703][ T6551] Call Trace:
[  110.117707][ T6551]  <TASK>
[  110.117711][ T6551]  dump_stack_lvl+0x16c/0x1f0
[  110.117730][ T6551]  should_fail_ex+0x512/0x640
[  110.117745][ T6551]  _copy_from_user+0x2e/0xd0
[  110.117760][ T6551]  copy_msghdr_from_user+0x98/0x160
[  110.117776][ T6551]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  110.117796][ T6551]  ___sys_sendmsg+0xfe/0x1d0
[  110.117810][ T6551]  ? __pfx____sys_sendmsg+0x10/0x10
[  110.117822][ T6551]  ? __lock_acquire+0x622/0x1c90
[  110.117853][ T6551]  __sys_sendmsg+0x16d/0x220
[  110.117867][ T6551]  ? __pfx___sys_sendmsg+0x10/0x10
[  110.117889][ T6551]  do_syscall_64+0xcd/0x4c0
[  110.117905][ T6551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.117915][ T6551] RIP: 0033:0x7fbeab58e929
[  110.117924][ T6551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.117935][ T6551] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  110.117950][ T6551] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  110.117960][ T6551] RDX: 0000000000000840 RSI: 0000200000000140 RDI: 000000000000000d
[  110.117968][ T6551] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  110.117974][ T6551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.117979][ T6551] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  110.117992][ T6551]  </TASK>
[  110.285412][    C1] vkms_vblank_simulate: vblank timer overrun
[  110.698774][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  110.698785][   T30] audit: type=1400 audit(1750585242.351:310): avc:  denied  { mount } for  pid=6557 comm="syz.3.183" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  110.756187][   T30] audit: type=1400 audit(1750585242.421:311): avc:  denied  { setopt } for  pid=6561 comm="syz.0.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  110.985325][ T6567] netlink: 'syz.3.183': attribute type 9 has an invalid length.
[  111.002462][ T6567] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  111.033921][ T5866] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  111.663491][ T5866] usb 2-1: Using ep0 maxpacket: 8
[  111.693926][ T5866] usb 2-1: config 67 has an invalid descriptor of length 25, skipping remainder of the config
[  111.714270][ T6572] FAULT_INJECTION: forcing a failure.
[  111.714270][ T6572] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  111.737435][ T5866] usb 2-1: config 67 has 0 interfaces, different from the descriptor's value: 1
[  111.818268][   T30] audit: type=1400 audit(1750585243.401:312): avc:  denied  { setopt } for  pid=6573 comm="syz.3.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  111.878430][ T6572] CPU: 1 UID: 0 PID: 6572 Comm: syz.0.187 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  111.878457][ T6572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  111.878467][ T6572] Call Trace:
[  111.878474][ T6572]  <TASK>
[  111.878480][ T6572]  dump_stack_lvl+0x16c/0x1f0
[  111.878508][ T6572]  should_fail_ex+0x512/0x640
[  111.878532][ T6572]  _copy_from_user+0x2e/0xd0
[  111.878554][ T6572]  copy_msghdr_from_user+0x98/0x160
[  111.878578][ T6572]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  111.878613][ T6572]  ___sys_sendmsg+0xfe/0x1d0
[  111.878637][ T6572]  ? __pfx____sys_sendmsg+0x10/0x10
[  111.878658][ T6572]  ? __lock_acquire+0x622/0x1c90
[  111.878712][ T6572]  __sys_sendmsg+0x16d/0x220
[  111.878734][ T6572]  ? __pfx___sys_sendmsg+0x10/0x10
[  111.878773][ T6572]  do_syscall_64+0xcd/0x4c0
[  111.878800][ T6572]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.878816][ T6572] RIP: 0033:0x7fbeab58e929
[  111.878830][ T6572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.878845][ T6572] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  111.878861][ T6572] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  111.878871][ T6572] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  111.878880][ T6572] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  111.878890][ T6572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.878899][ T6572] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  111.878921][ T6572]  </TASK>
[  111.879345][ T5866] usb 2-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  112.074757][   T30] audit: type=1400 audit(1750585243.401:313): avc:  denied  { map } for  pid=6573 comm="syz.3.186" path="socket:[11500]" dev="sockfs" ino=11500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  112.082858][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.096142][ T5866] usb 2-1: Product: syz
[  113.111481][ T5866] usb 2-1: Manufacturer: syz
[  113.123031][ T5866] usb 2-1: SerialNumber: syz
[  113.135726][ T6586] FAULT_INJECTION: forcing a failure.
[  113.135726][ T6586] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  113.148509][   T30] audit: type=1400 audit(1750585243.401:314): avc:  denied  { read accept } for  pid=6573 comm="syz.3.186" path="socket:[11500]" dev="sockfs" ino=11500 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  113.174177][   T30] audit: type=1400 audit(1750585243.881:315): avc:  denied  { listen } for  pid=6578 comm="syz.2.188" lport=33303 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  113.203671][   T30] audit: type=1400 audit(1750585244.791:316): avc:  denied  { bind } for  pid=6580 comm="syz.0.191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  113.210322][ T6586] CPU: 0 UID: 0 PID: 6586 Comm: syz.0.191 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  113.210342][ T6586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  113.210351][ T6586] Call Trace:
[  113.210356][ T6586]  <TASK>
[  113.210361][ T6586]  dump_stack_lvl+0x16c/0x1f0
[  113.210387][ T6586]  should_fail_ex+0x512/0x640
[  113.210409][ T6586]  _copy_from_user+0x2e/0xd0
[  113.210430][ T6586]  copy_msghdr_from_user+0x98/0x160
[  113.210451][ T6586]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  113.210481][ T6586]  ___sys_sendmsg+0xfe/0x1d0
[  113.210502][ T6586]  ? __pfx____sys_sendmsg+0x10/0x10
[  113.210541][ T6586]  ? __pfx_vfs_write+0x10/0x10
[  113.210561][ T6586]  ? do_sys_openat2+0x157/0x1d0
[  113.210578][ T6586]  __sys_sendmsg+0x16d/0x220
[  113.210597][ T6586]  ? __pfx___sys_sendmsg+0x10/0x10
[  113.210631][ T6586]  do_syscall_64+0xcd/0x4c0
[  113.210654][ T6586]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.210668][ T6586] RIP: 0033:0x7fbeab58e929
[  113.210680][ T6586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.210693][ T6586] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  113.210707][ T6586] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  113.210717][ T6586] RDX: 0000000000004000 RSI: 0000200000000080 RDI: 0000000000000008
[  113.210725][ T6586] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  113.210734][ T6586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.210742][ T6586] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  113.210762][ T6586]  </TASK>
[  113.411482][ T5866] usb 2-1: USB disconnect, device number 11
[  113.499124][ T6581] sctp: failed to load transform for md5: -4
[  114.178027][ T6603] syz.1.195(6603): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  114.761236][ T6600] netlink: 64 bytes leftover after parsing attributes in process `syz.2.193'.
[  114.946095][ T5866] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  114.966549][ T6616] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[  114.969038][   T10] IPVS: starting estimator thread 0...
[  115.013411][ T5935] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  115.106279][ T5866] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  115.123140][ T5866] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  115.145368][ T5866] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  115.173305][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.184240][ T5935] usb 4-1: Using ep0 maxpacket: 16
[  115.194463][ T5866] usb 2-1: Product: syz
[  115.198703][ T5866] usb 2-1: Manufacturer: syz
[  115.213221][ T5866] usb 2-1: SerialNumber: syz
[  115.223438][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 33437, setting to 1024
[  115.234984][ T5935] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 1024
[  115.253963][ T5935] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 46490, setting to 1024
[  115.265585][ T6618] IPVS: using max 44 ests per chain, 105600 per kthread
[  115.270717][ T5866] usb 2-1: config 0 descriptor??
[  115.292530][ T6611] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  115.299776][ T6611] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  115.321500][ T5935] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  115.414205][ T5935] usb 4-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  115.424465][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.457715][ T5935] usb 4-1: Product: syz
[  115.461960][ T5935] usb 4-1: Manufacturer: syz
[  115.469964][ T5935] usb 4-1: SerialNumber: syz
[  115.475794][ T6623] FAULT_INJECTION: forcing a failure.
[  115.475794][ T6623] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  115.497235][ T5935] usb 4-1: config 0 descriptor??
[  115.535484][ T6605] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  115.542695][ T6605] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  115.560220][ T6606] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  115.569089][ T6606] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  115.623078][ T6623] CPU: 0 UID: 0 PID: 6623 Comm: syz.2.199 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  115.623102][ T6623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  115.623110][ T6623] Call Trace:
[  115.623115][ T6623]  <TASK>
[  115.623120][ T6623]  dump_stack_lvl+0x16c/0x1f0
[  115.623144][ T6623]  should_fail_ex+0x512/0x640
[  115.623164][ T6623]  _copy_from_user+0x2e/0xd0
[  115.623183][ T6623]  copy_msghdr_from_user+0x98/0x160
[  115.623203][ T6623]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  115.623231][ T6623]  ___sys_sendmsg+0xfe/0x1d0
[  115.623251][ T6623]  ? __pfx____sys_sendmsg+0x10/0x10
[  115.623271][ T6623]  ? __lock_acquire+0x622/0x1c90
[  115.623333][ T6623]  __sys_sendmsg+0x16d/0x220
[  115.623356][ T6623]  ? __pfx___sys_sendmsg+0x10/0x10
[  115.623391][ T6623]  do_syscall_64+0xcd/0x4c0
[  115.623412][ T6623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  115.623426][ T6623] RIP: 0033:0x7f654d58e929
[  115.623438][ T6623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  115.623451][ T6623] RSP: 002b:00007f654e3d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  115.623465][ T6623] RAX: ffffffffffffffda RBX: 00007f654d7b5fa0 RCX: 00007f654d58e929
[  115.623473][ T6623] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  115.623481][ T6623] RBP: 00007f654e3d8090 R08: 0000000000000000 R09: 0000000000000000
[  115.623489][ T6623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  115.623497][ T6623] R13: 0000000000000000 R14: 00007f654d7b5fa0 R15: 00007ffea0c20618
[  115.623518][ T6623]  </TASK>
[  115.624261][    C1] port100 4-1:0.0: NFC: Urb failure (status -71)
[  115.852097][ T6606] netlink: 64 bytes leftover after parsing attributes in process `syz.3.192'.
[  115.937919][    C1] port100 4-1:0.0: NFC: Urb failure (status -71)
[  115.945238][ T5935] port100 4-1:0.0: NFC: Could not get supported command types
[  115.997988][ T5866] Error reading MAC address
[  116.003774][   T30] audit: type=1400 audit(1750585247.531:317): avc:  denied  { write } for  pid=6625 comm="syz.2.200" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  116.758514][ T6633] netlink: 8 bytes leftover after parsing attributes in process `syz.4.202'.
[  116.909149][ T6637] netlink: 8 bytes leftover after parsing attributes in process `syz.2.204'.
[  117.103220][ T5935] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  117.107946][   T30] audit: type=1400 audit(1750585248.681:318): avc:  denied  { lock } for  pid=6636 comm="syz.2.204" path="socket:[11713]" dev="sockfs" ino=11713 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  117.442802][ T5866] usb 2-1: USB disconnect, device number 12
[  117.461642][   T30] audit: type=1400 audit(1750585249.121:319): avc:  denied  { read } for  pid=6639 comm="syz.0.205" name="mouse0" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  117.473329][ T5935] usb 5-1: unable to get BOS descriptor or descriptor too short
[  117.522218][   T10] usb 4-1: USB disconnect, device number 9
[  117.536571][ T6643] FAULT_INJECTION: forcing a failure.
[  117.536571][ T6643] name failslab, interval 1, probability 0, space 0, times 0
[  117.561645][ T5935] usb 5-1: not running at top speed; connect to a high speed hub
[  117.568873][ T6643] CPU: 0 UID: 0 PID: 6643 Comm: syz.0.205 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  117.568893][ T6643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  117.568902][ T6643] Call Trace:
[  117.568906][ T6643]  <TASK>
[  117.568912][ T6643]  dump_stack_lvl+0x16c/0x1f0
[  117.568941][ T6643]  should_fail_ex+0x512/0x640
[  117.568959][ T6643]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  117.568979][ T6643]  should_failslab+0xc2/0x120
[  117.569000][ T6643]  __kmalloc_cache_noprof+0x6a/0x3e0
[  117.569015][ T6643]  ? do_raw_spin_lock+0x12c/0x2b0
[  117.569031][ T6643]  ? create_io_worker+0xc9/0x5b0
[  117.569057][ T6643]  ? create_io_worker+0x1f/0x5b0
[  117.569077][ T6643]  create_io_worker+0xc9/0x5b0
[  117.569100][ T6643]  io_wq_enqueue+0x4cc/0x980
[  117.569124][ T6643]  ? __pfx_io_wq_enqueue+0x10/0x10
[  117.569145][ T6643]  ? __pfx_io_wq_work_match_item+0x10/0x10
[  117.569167][ T6643]  ? io_prep_async_work+0x654/0x770
[  117.569195][ T6643]  io_queue_iowq+0x246/0x530
[  117.569220][ T6643]  io_req_task_submit+0x142/0x1f0
[  117.569236][ T6643]  io_poll_task_func+0x942/0x1240
[  117.569257][ T6643]  ? __pfx_io_poll_task_func+0x10/0x10
[  117.569274][ T6643]  ? find_held_lock+0x2b/0x80
[  117.569292][ T6643]  ? io_handle_tw_list+0x112/0x500
[  117.569307][ T6643]  ? __pfx_io_poll_task_func+0x10/0x10
[  117.569324][ T6643]  io_handle_tw_list+0x155/0x500
[  117.569342][ T6643]  ? __pfx_io_handle_tw_list+0x10/0x10
[  117.569357][ T6643]  ? rcu_is_watching+0x12/0xc0
[  117.569379][ T6643]  tctx_task_work_run+0xac/0x380
[  117.569397][ T6643]  tctx_task_work+0x7a/0xd0
[  117.569413][ T6643]  ? __pfx_tctx_task_work+0x10/0x10
[  117.569428][ T6643]  ? rcu_is_watching+0x12/0xc0
[  117.569446][ T6643]  ? _raw_spin_unlock_irq+0x23/0x50
[  117.569467][ T6643]  ? lockdep_hardirqs_on+0x7c/0x110
[  117.569491][ T6643]  task_work_run+0x150/0x240
[  117.569510][ T6643]  ? __pfx_task_work_run+0x10/0x10
[  117.569541][ T6643]  get_signal+0x1d1/0x26d0
[  117.569561][ T6643]  ? __pfx_mousedev_read+0x10/0x10
[  117.569581][ T6643]  ? vfs_read+0x23b/0xc60
[  117.569607][ T6643]  ? __pfx_get_signal+0x10/0x10
[  117.569624][ T6643]  ? __pfx_vfs_read+0x10/0x10
[  117.569640][ T6643]  ? find_held_lock+0x2b/0x80
[  117.569657][ T6643]  ? __fget_files+0x204/0x3c0
[  117.569679][ T6643]  arch_do_signal_or_restart+0x8f/0x7d0
[  117.569696][ T6643]  ? __fget_files+0x20e/0x3c0
[  117.569715][ T6643]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  117.569738][ T6643]  ? ksys_read+0x1ac/0x250
[  117.569755][ T6643]  ? __pfx_ksys_read+0x10/0x10
[  117.569778][ T6643]  exit_to_user_mode_loop+0x84/0x110
[  117.569795][ T6643]  do_syscall_64+0x3f6/0x4c0
[  117.569818][ T6643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.569833][ T6643] RIP: 0033:0x7fbeab58e929
[  117.569845][ T6643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.569859][ T6643] RSP: 002b:00007fbeac3ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  117.569874][ T6643] RAX: fffffffffffffe00 RBX: 00007fbeab7b6080 RCX: 00007fbeab58e929
[  117.569884][ T6643] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  117.569893][ T6643] RBP: 00007fbeac3ec090 R08: 0000000000000000 R09: 0000000000000000
[  117.569901][ T6643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  117.569910][ T6643] R13: 0000000000000000 R14: 00007fbeab7b6080 R15: 00007ffed52dbf78
[  117.569932][ T6643]  </TASK>
[  117.623100][ T5947] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  117.625330][ T5935] usb 5-1: config 14 has an invalid interface number: 22 but max is 0
[  117.823072][ T5947] usb 3-1: Using ep0 maxpacket: 8
[  117.826436][ T5935] usb 5-1: config 14 has no interface number 0
[  117.886969][ T5947] usb 3-1: config 67 has an invalid descriptor of length 25, skipping remainder of the config
[  118.007128][ T5935] usb 5-1: config 14 interface 22 has no altsetting 0
[  118.098277][ T5935] usb 5-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=2e.65
[  118.107618][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.115693][ T5935] usb 5-1: Product: syz
[  118.121253][ T5935] usb 5-1: Manufacturer: syz
[  118.125964][ T5935] usb 5-1: SerialNumber: syz
[  118.410575][ T5947] usb 3-1: config 67 has 0 interfaces, different from the descriptor's value: 1
[  118.581977][ T5947] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  118.758585][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.776222][ T5947] usb 3-1: Product: syz
[  118.782077][ T5886] libceph: connect (1)[c::]:6789 error -101
[  118.788256][ T5947] usb 3-1: Manufacturer: syz
[  118.803081][ T5947] usb 3-1: SerialNumber: syz
[  118.803538][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  118.963135][   T30] audit: type=1400 audit(1750585250.621:320): avc:  denied  { getopt } for  pid=6656 comm="syz.3.210" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  119.054748][ T5947] usb 3-1: USB disconnect, device number 5
[  119.125844][ T5886] libceph: connect (1)[c::]:6789 error -101
[  119.152835][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  119.192318][   T30] audit: type=1400 audit(1750585250.851:321): avc:  denied  { getopt } for  pid=6666 comm="syz.0.211" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  119.299031][ T6667] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.308537][ T6667] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.317819][ T6667] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.338714][ T6667] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  119.539948][ T6670] FAULT_INJECTION: forcing a failure.
[  119.539948][ T6670] name failslab, interval 1, probability 0, space 0, times 0
[  119.625144][ T6670] CPU: 1 UID: 0 PID: 6670 Comm: syz.3.212 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  119.625161][ T6670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  119.625166][ T6670] Call Trace:
[  119.625171][ T6670]  <TASK>
[  119.625174][ T6670]  dump_stack_lvl+0x16c/0x1f0
[  119.625193][ T6670]  should_fail_ex+0x512/0x640
[  119.625209][ T6670]  ? fs_reclaim_acquire+0xae/0x150
[  119.625221][ T6670]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  119.625236][ T6670]  should_failslab+0xc2/0x120
[  119.625250][ T6670]  __kmalloc_noprof+0xd2/0x510
[  119.625267][ T6670]  tomoyo_realpath_from_path+0xc2/0x6e0
[  119.625282][ T6670]  ? tomoyo_profile+0x47/0x60
[  119.625307][ T6670]  tomoyo_path_number_perm+0x245/0x580
[  119.625318][ T6670]  ? tomoyo_path_number_perm+0x237/0x580
[  119.625331][ T6670]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  119.625344][ T6670]  ? find_held_lock+0x2b/0x80
[  119.625369][ T6670]  ? find_held_lock+0x2b/0x80
[  119.625380][ T6670]  ? hook_file_ioctl_common+0x145/0x410
[  119.625399][ T6670]  ? __fget_files+0x20e/0x3c0
[  119.625415][ T6670]  security_file_ioctl+0x9b/0x240
[  119.625430][ T6670]  __x64_sys_ioctl+0xb7/0x210
[  119.625444][ T6670]  do_syscall_64+0xcd/0x4c0
[  119.625459][ T6670]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.625470][ T6670] RIP: 0033:0x7f1c3ad8e929
[  119.625478][ T6670] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.625488][ T6670] RSP: 002b:00007f1c38bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  119.625498][ T6670] RAX: ffffffffffffffda RBX: 00007f1c3afb5fa0 RCX: 00007f1c3ad8e929
[  119.625504][ T6670] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  119.625510][ T6670] RBP: 00007f1c38bf6090 R08: 0000000000000000 R09: 0000000000000000
[  119.625516][ T6670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  119.625522][ T6670] R13: 0000000000000000 R14: 00007f1c3afb5fa0 R15: 00007ffea47fbce8
[  119.625535][ T6670]  </TASK>
[  119.625551][ T6670] ERROR: Out of memory at tomoyo_realpath_from_path.
[  119.933438][ T5886] libceph: connect (1)[c::]:6789 error -101
[  119.939587][ T5886] libceph: mon0 (1)[c::]:6789 connect error
[  119.988844][ T6635] ceph: No mds server is up or the cluster is laggy
[  120.085322][ T5935] legousbtower 5-1:14.22: interrupt endpoints not found
[  120.149896][ T5935] usb 5-1: USB disconnect, device number 6
[  120.262742][ T6683] FAULT_INJECTION: forcing a failure.
[  120.262742][ T6683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  120.277461][   T30] audit: type=1400 audit(1750585251.941:322): avc:  denied  { create } for  pid=6682 comm="syz.4.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  120.293892][ T6683] CPU: 1 UID: 0 PID: 6683 Comm: syz.1.217 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  120.293914][ T6683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  120.293923][ T6683] Call Trace:
[  120.293928][ T6683]  <TASK>
[  120.293933][ T6683]  dump_stack_lvl+0x16c/0x1f0
[  120.293959][ T6683]  should_fail_ex+0x512/0x640
[  120.293981][ T6683]  _copy_from_user+0x2e/0xd0
[  120.294001][ T6683]  copy_msghdr_from_user+0x98/0x160
[  120.294022][ T6683]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  120.294052][ T6683]  ___sys_sendmsg+0xfe/0x1d0
[  120.294073][ T6683]  ? __pfx____sys_sendmsg+0x10/0x10
[  120.294091][ T6683]  ? __lock_acquire+0x622/0x1c90
[  120.294141][ T6683]  __sys_sendmsg+0x16d/0x220
[  120.294160][ T6683]  ? __pfx___sys_sendmsg+0x10/0x10
[  120.294194][ T6683]  do_syscall_64+0xcd/0x4c0
[  120.294216][ T6683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  120.294231][ T6683] RIP: 0033:0x7fbb6878e929
[  120.294243][ T6683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  120.294257][ T6683] RSP: 002b:00007fbb69589038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  120.294272][ T6683] RAX: ffffffffffffffda RBX: 00007fbb689b5fa0 RCX: 00007fbb6878e929
[  120.294281][ T6683] RDX: 0000000000088010 RSI: 0000200000000540 RDI: 0000000000000006
[  120.294290][ T6683] RBP: 00007fbb69589090 R08: 0000000000000000 R09: 0000000000000000
[  120.294299][ T6683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  120.294307][ T6683] R13: 0000000000000000 R14: 00007fbb689b5fa0 R15: 00007fff9f0adeb8
[  120.294327][ T6683]  </TASK>
[  120.808608][ T5947] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  121.273081][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  121.284780][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  121.313434][ T5947] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  121.348010][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  121.405586][ T5947] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  121.498655][ T5947] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.527739][ T5947] usb 1-1: config 0 descriptor??
[  121.843107][   T30] audit: type=1400 audit(1750585253.501:323): avc:  denied  { connect } for  pid=6701 comm="syz.1.223" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  121.942390][ T5947] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max
[  121.961991][ T5947] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving
[  122.063895][ T5947] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  122.226543][ T6685] FAULT_INJECTION: forcing a failure.
[  122.226543][ T6685] name failslab, interval 1, probability 0, space 0, times 0
[  122.870197][ T6685] CPU: 0 UID: 0 PID: 6685 Comm: syz.0.219 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  122.870225][ T6685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  122.870235][ T6685] Call Trace:
[  122.870240][ T6685]  <TASK>
[  122.870247][ T6685]  dump_stack_lvl+0x16c/0x1f0
[  122.870276][ T6685]  should_fail_ex+0x512/0x640
[  122.870298][ T6685]  ? fs_reclaim_acquire+0xae/0x150
[  122.870317][ T6685]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  122.870340][ T6685]  should_failslab+0xc2/0x120
[  122.870365][ T6685]  __kmalloc_noprof+0xd2/0x510
[  122.870392][ T6685]  tomoyo_realpath_from_path+0xc2/0x6e0
[  122.870417][ T6685]  ? tomoyo_profile+0x47/0x60
[  122.870446][ T6685]  tomoyo_path_number_perm+0x245/0x580
[  122.870465][ T6685]  ? tomoyo_path_number_perm+0x237/0x580
[  122.870485][ T6685]  ? finish_task_switch.isra.0+0x174/0xc10
[  122.870508][ T6685]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  122.870533][ T6685]  ? rcu_is_watching+0x12/0xc0
[  122.870553][ T6685]  ? lockdep_hardirqs_on+0x7c/0x110
[  122.870607][ T6685]  ? find_held_lock+0x2b/0x80
[  122.870628][ T6685]  ? hook_file_ioctl_common+0x145/0x410
[  122.870662][ T6685]  ? __fget_files+0x20e/0x3c0
[  122.870691][ T6685]  security_file_ioctl+0x9b/0x240
[  122.870715][ T6685]  __x64_sys_ioctl+0xb7/0x210
[  122.870738][ T6685]  do_syscall_64+0xcd/0x4c0
[  122.870765][ T6685]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.870783][ T6685] RIP: 0033:0x7fbeab58e929
[  122.870797][ T6685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  122.870814][ T6685] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  122.870831][ T6685] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  122.870842][ T6685] RDX: 00002000000011c0 RSI: 00000000c018480d RDI: 0000000000000004
[  122.870852][ T6685] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  122.870861][ T6685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.870871][ T6685] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  122.870898][ T6685]  </TASK>
[  123.149838][ T6712] process 'syz.4.224' launched './file0' with NULL argv: empty string added
[  123.313353][ T6685] ERROR: Out of memory at tomoyo_realpath_from_path.
[  123.359719][   T30] audit: type=1400 audit(1750585254.811:324): avc:  denied  { execute } for  pid=6704 comm="syz.4.224" name="file0" dev="ramfs" ino=11885 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  123.474015][ T5947] usb 1-1: reset high-speed USB device number 8 using dummy_hcd
[  123.512088][   T30] audit: type=1400 audit(1750585254.821:325): avc:  denied  { nosuid_transition } for  pid=6704 comm="syz.4.224" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process2 permissive=1
[  124.287994][    T9] usb 1-1: USB disconnect, device number 8
[  124.481821][ T6720] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  124.722764][   T30] audit: type=1400 audit(1750585254.821:326): avc:  denied  { transition } for  pid=6704 comm="syz.4.224" path="/file0" dev="ramfs" ino=11885 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  124.746490][   T30] audit: type=1400 audit(1750585254.821:327): avc:  denied  { entrypoint } for  pid=6704 comm="syz.4.224" path="/file0" dev="ramfs" ino=11885 scontext=system_u:object_r:hugetlbfs_t tcontext=root:object_r:ramfs_t tclass=file permissive=1
[  124.770489][   T30] audit: type=1400 audit(1750585254.831:328): avc:  denied  { share } for  pid=6704 comm="syz.4.224" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  124.794191][   T30] audit: type=1400 audit(1750585254.831:329): avc:  denied  { noatsecure } for  pid=6704 comm="syz.4.224" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=process permissive=1
[  124.818029][   T30] audit: type=1400 audit(1750585255.981:330): avc:  denied  { watch } for  pid=6719 comm="syz.0.228" path="/44/bus" dev="tmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  124.840639][   T30] audit: type=1400 audit(1750585256.001:331): avc:  denied  { watch_sb watch_reads } for  pid=6719 comm="syz.0.228" path="/44/bus" dev="tmpfs" ino=245 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  124.990563][ T6726] FAULT_INJECTION: forcing a failure.
[  124.990563][ T6726] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  125.004389][ T6726] CPU: 0 UID: 0 PID: 6726 Comm: syz.0.230 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  125.004403][ T6726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  125.004410][ T6726] Call Trace:
[  125.004413][ T6726]  <TASK>
[  125.004417][ T6726]  dump_stack_lvl+0x16c/0x1f0
[  125.004435][ T6726]  should_fail_ex+0x512/0x640
[  125.004451][ T6726]  _copy_from_user+0x2e/0xd0
[  125.004465][ T6726]  copy_msghdr_from_user+0x98/0x160
[  125.004481][ T6726]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  125.004501][ T6726]  ___sys_sendmsg+0xfe/0x1d0
[  125.004521][ T6726]  ? __pfx____sys_sendmsg+0x10/0x10
[  125.004534][ T6726]  ? __lock_acquire+0x622/0x1c90
[  125.004565][ T6726]  __sys_sendmsg+0x16d/0x220
[  125.004579][ T6726]  ? __pfx___sys_sendmsg+0x10/0x10
[  125.004601][ T6726]  do_syscall_64+0xcd/0x4c0
[  125.004616][ T6726]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  125.004627][ T6726] RIP: 0033:0x7fbeab58e929
[  125.004635][ T6726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.004645][ T6726] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  125.004655][ T6726] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  125.004661][ T6726] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000015
[  125.004667][ T6726] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  125.004673][ T6726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  125.004679][ T6726] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  125.004691][ T6726]  </TASK>
[  125.241303][ T6729] mkiss: ax0: crc mode is auto.
[  125.560757][   T30] audit: type=1400 audit(1750585257.221:332): avc:  denied  { search } for  pid=5479 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  126.004420][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  126.234665][    T9] usb 1-1: device descriptor read/64, error -71
[  126.483079][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  126.628799][    T9] usb 1-1: device descriptor read/64, error -71
[  126.777035][    T9] usb usb1-port1: attempt power cycle
[  127.088113][ T6752] FAULT_INJECTION: forcing a failure.
[  127.088113][ T6752] name failslab, interval 1, probability 0, space 0, times 0
[  127.293047][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  127.315514][    T9] usb 1-1: device descriptor read/8, error -71
[  127.364041][ T6752] CPU: 0 UID: 0 PID: 6752 Comm: syz.1.236 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  127.364058][ T6752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  127.364064][ T6752] Call Trace:
[  127.364068][ T6752]  <TASK>
[  127.364072][ T6752]  dump_stack_lvl+0x16c/0x1f0
[  127.364090][ T6752]  should_fail_ex+0x512/0x640
[  127.364104][ T6752]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  127.364119][ T6752]  should_failslab+0xc2/0x120
[  127.364134][ T6752]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  127.364147][ T6752]  ? __alloc_skb+0x2b2/0x380
[  127.364162][ T6752]  __alloc_skb+0x2b2/0x380
[  127.364175][ T6752]  ? __pfx___alloc_skb+0x10/0x10
[  127.364187][ T6752]  ? find_held_lock+0x2b/0x80
[  127.364204][ T6752]  alloc_skb_with_frags+0xe0/0x860
[  127.364223][ T6752]  sock_alloc_send_pskb+0x7fb/0x990
[  127.364236][ T6752]  ? avc_has_perm+0x11a/0x1c0
[  127.364253][ T6752]  ? __pfx_avc_has_perm+0x10/0x10
[  127.364274][ T6752]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  127.364287][ T6752]  ? avc_has_perm_noaudit+0x149/0x3b0
[  127.364304][ T6752]  ? sock_has_perm+0x259/0x2f0
[  127.364315][ T6752]  ? __pfx_sock_has_perm+0x10/0x10
[  127.364328][ T6752]  hci_sock_sendmsg+0x1c7/0x25f0
[  127.364346][ T6752]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  127.364365][ T6752]  sock_write_iter+0x4fc/0x5b0
[  127.364376][ T6752]  ? __pfx_sock_write_iter+0x10/0x10
[  127.364391][ T6752]  ? bpf_lsm_file_permission+0x9/0x10
[  127.364406][ T6752]  ? security_file_permission+0x71/0x210
[  127.364421][ T6752]  ? rw_verify_area+0xcf/0x680
[  127.364434][ T6752]  vfs_write+0x6c7/0x1150
[  127.364446][ T6752]  ? __pfx_sock_write_iter+0x10/0x10
[  127.364458][ T6752]  ? __pfx_vfs_write+0x10/0x10
[  127.364469][ T6752]  ? find_held_lock+0x2b/0x80
[  127.364488][ T6752]  ksys_write+0x1f8/0x250
[  127.364501][ T6752]  ? __pfx_ksys_write+0x10/0x10
[  127.364517][ T6752]  do_syscall_64+0xcd/0x4c0
[  127.364532][ T6752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  127.364543][ T6752] RIP: 0033:0x7fbb6878e929
[  127.364551][ T6752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  127.364561][ T6752] RSP: 002b:00007fbb69547038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  127.364571][ T6752] RAX: ffffffffffffffda RBX: 00007fbb689b6160 RCX: 00007fbb6878e929
[  127.364577][ T6752] RDX: 000000000000000d RSI: 0000200000000000 RDI: 000000000000000a
[  127.364583][ T6752] RBP: 00007fbb69547090 R08: 0000000000000000 R09: 0000000000000000
[  127.364589][ T6752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  127.364594][ T6752] R13: 0000000000000000 R14: 00007fbb689b6160 R15: 00007fff9f0adeb8
[  127.364607][ T6752]  </TASK>
[  127.814591][    T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  127.984664][    T9] usb 1-1: device descriptor read/8, error -71
[  128.040423][ T6758] overlayfs: overlapping lowerdir path
[  128.093339][    T9] usb usb1-port1: unable to enumerate USB device
[  128.179209][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  128.179223][   T30] audit: type=1400 audit(1750585259.841:339): avc:  denied  { remount } for  pid=6754 comm="syz.1.237" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  128.307669][   T30] audit: type=1400 audit(1750585259.921:340): avc:  denied  { append } for  pid=6762 comm="syz.1.239" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  129.292767][   T30] audit: type=1400 audit(1750585259.931:341): avc:  denied  { setopt } for  pid=6762 comm="syz.1.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  129.317766][   T30] audit: type=1400 audit(1750585259.931:342): avc:  denied  { setopt } for  pid=6762 comm="syz.1.239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  129.340857][   T30] audit: type=1400 audit(1750585260.131:343): avc:  denied  { write } for  pid=6766 comm="syz.4.240" lport=44670 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  129.364562][   T30] audit: type=1400 audit(1750585260.131:344): avc:  denied  { setopt } for  pid=6766 comm="syz.4.240" lport=44670 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  129.482259][   T30] audit: type=1400 audit(1750585261.141:345): avc:  denied  { read } for  pid=6769 comm="syz.1.241" path="socket:[12064]" dev="sockfs" ino=12064 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  129.619846][   T30] audit: type=1400 audit(1750585261.171:346): avc:  denied  { write } for  pid=6769 comm="syz.1.241" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  129.798948][   T30] audit: type=1400 audit(1750585261.461:347): avc:  denied  { mount } for  pid=6774 comm="syz.0.244" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  129.823945][ T6777] netlink: 8 bytes leftover after parsing attributes in process `syz.0.244'.
[  129.898995][ T6781] FAULT_INJECTION: forcing a failure.
[  129.898995][ T6781] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  129.914129][ T6777] devpts: Bad value for 'uid'
[  129.918962][   T30] audit: type=1400 audit(1750585261.581:348): avc:  denied  { remount } for  pid=6774 comm="syz.0.244" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  129.939115][ T6781] CPU: 0 UID: 0 PID: 6781 Comm: syz.3.243 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  129.939137][ T6781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  129.939147][ T6781] Call Trace:
[  129.939153][ T6781]  <TASK>
[  129.939159][ T6781]  dump_stack_lvl+0x16c/0x1f0
[  129.939188][ T6781]  should_fail_ex+0x512/0x640
[  129.939214][ T6781]  _copy_from_user+0x2e/0xd0
[  129.939240][ T6781]  copy_msghdr_from_user+0x98/0x160
[  129.939264][ T6781]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  129.939293][ T6781]  ? __pfx__kstrtoull+0x10/0x10
[  129.939317][ T6781]  ___sys_sendmsg+0xfe/0x1d0
[  129.939342][ T6781]  ? __pfx____sys_sendmsg+0x10/0x10
[  129.939381][ T6781]  ? find_held_lock+0x2b/0x80
[  129.939422][ T6781]  __sys_sendmmsg+0x200/0x420
[  129.939448][ T6781]  ? __pfx___sys_sendmmsg+0x10/0x10
[  129.939479][ T6781]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  129.939526][ T6781]  ? fput+0x70/0xf0
[  129.939552][ T6781]  ? ksys_write+0x1ac/0x250
[  129.939572][ T6781]  ? __pfx_ksys_write+0x10/0x10
[  129.939599][ T6781]  __x64_sys_sendmmsg+0x9c/0x100
[  129.939621][ T6781]  ? lockdep_hardirqs_on+0x7c/0x110
[  129.939644][ T6781]  do_syscall_64+0xcd/0x4c0
[  129.939671][ T6781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.939688][ T6781] RIP: 0033:0x7f1c3ad8e929
[  129.939702][ T6781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.939717][ T6781] RSP: 002b:00007f1c38bb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  129.939732][ T6781] RAX: ffffffffffffffda RBX: 00007f1c3afb6160 RCX: 00007f1c3ad8e929
[  129.939743][ T6781] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 000000000000000b
[  129.939753][ T6781] RBP: 00007f1c38bb4090 R08: 0000000000000000 R09: 0000000000000000
[  129.939763][ T6781] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  129.939772][ T6781] R13: 0000000000000000 R14: 00007f1c3afb6160 R15: 00007ffea47fbce8
[  129.939794][ T6781]  </TASK>
[  130.223315][ T6777] devpts: Bad value for 'uid'
[  132.309964][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  132.317405][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  133.275501][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  133.533921][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  133.534165][   T30] audit: type=1400 audit(1750585265.181:351): avc:  denied  { sys_admin } for  pid=6844 comm="syz.0.250" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  133.764478][    T9] usb 4-1: config 0 has no interfaces?
[  133.813392][    T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  133.873082][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.885517][ T6859] FAULT_INJECTION: forcing a failure.
[  133.885517][ T6859] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  133.901469][ T6859] CPU: 1 UID: 0 PID: 6859 Comm: syz.4.254 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  133.901485][ T6859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  133.901492][ T6859] Call Trace:
[  133.901497][ T6859]  <TASK>
[  133.901500][ T6859]  dump_stack_lvl+0x16c/0x1f0
[  133.901519][ T6859]  should_fail_ex+0x512/0x640
[  133.901534][ T6859]  _copy_from_user+0x2e/0xd0
[  133.901548][ T6859]  copy_from_sockptr_offset+0x15c/0x1b0
[  133.901563][ T6859]  ? __pfx_copy_from_sockptr_offset+0x10/0x10
[  133.901578][ T6859]  do_tcp_setsockopt+0x13e/0x2640
[  133.901596][ T6859]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  133.901610][ T6859]  ? trace_contention_end+0xdd/0x130
[  133.901627][ T6859]  ? __mutex_lock+0x1ca/0xb90
[  133.901641][ T6859]  ? avc_has_perm+0x11a/0x1c0
[  133.901657][ T6859]  ? __pfx_avc_has_perm+0x10/0x10
[  133.901671][ T6859]  ? smc_setsockopt+0x100/0xa00
[  133.901684][ T6859]  ? __pfx___mutex_lock+0x10/0x10
[  133.901701][ T6859]  ? sock_has_perm+0x259/0x2f0
[  133.901713][ T6859]  tcp_setsockopt+0xe2/0x100
[  133.901729][ T6859]  smc_setsockopt+0x1b6/0xa00
[  133.901739][ T6859]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  133.901751][ T6859]  ? __pfx_smc_setsockopt+0x10/0x10
[  133.901764][ T6859]  ? selinux_socket_setsockopt+0x6a/0x80
[  133.901777][ T6859]  ? __pfx_smc_setsockopt+0x10/0x10
[  133.901788][ T6859]  do_sock_setsockopt+0x224/0x470
[  133.901798][ T6859]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  133.901815][ T6859]  __sys_setsockopt+0x1a0/0x230
[  133.901831][ T6859]  __x64_sys_setsockopt+0xbd/0x160
[  133.901843][ T6859]  ? do_syscall_64+0x91/0x4c0
[  133.901857][ T6859]  ? lockdep_hardirqs_on+0x7c/0x110
[  133.901871][ T6859]  do_syscall_64+0xcd/0x4c0
[  133.901886][ T6859]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  133.901897][ T6859] RIP: 0033:0x7f989ab8e929
[  133.901905][ T6859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  133.901915][ T6859] RSP: 002b:00007f989ba10038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  133.901925][ T6859] RAX: ffffffffffffffda RBX: 00007f989adb5fa0 RCX: 00007f989ab8e929
[  133.901935][ T6859] RDX: 0000000000000013 RSI: 0000000000000006 RDI: 0000000000000006
[  133.901945][ T6859] RBP: 00007f989ba10090 R08: 0000000000000004 R09: 0000000000000000
[  133.901954][ T6859] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[  133.901962][ T6859] R13: 0000000000000000 R14: 00007f989adb5fa0 R15: 00007ffee49ac378
[  133.901975][ T6859]  </TASK>
[  134.147359][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.471974][    T9] usb 4-1: Product: syz
[  134.513430][   T30] audit: type=1400 audit(1750585266.171:352): avc:  denied  { open } for  pid=6862 comm="syz.0.255" path="/dev/ptyq5" dev="devtmpfs" ino=124 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  134.515456][    T9] usb 4-1: Manufacturer: syz
[  134.572014][   T30] audit: type=1400 audit(1750585266.211:353): avc:  denied  { ioctl } for  pid=6862 comm="syz.0.255" path="/dev/ptyq5" dev="devtmpfs" ino=124 ioctlcmd=0x4b4e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  134.596832][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.660534][ T6869] FAULT_INJECTION: forcing a failure.
[  134.660534][ T6869] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.733267][   T30] audit: type=1400 audit(1750585266.211:354): avc:  denied  { ioctl } for  pid=6862 comm="syz.0.255" path="socket:[10886]" dev="sockfs" ino=10886 ioctlcmd=0xf509 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  134.757769][    C1] vkms_vblank_simulate: vblank timer overrun
[  134.768218][    T9] usb 4-1: SerialNumber: syz
[  134.768367][ T6869] CPU: 1 UID: 0 PID: 6869 Comm: syz.4.257 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  134.768387][ T6869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  134.768395][ T6869] Call Trace:
[  134.768400][ T6869]  <TASK>
[  134.768406][ T6869]  dump_stack_lvl+0x16c/0x1f0
[  134.768431][ T6869]  should_fail_ex+0x512/0x640
[  134.768453][ T6869]  _copy_to_user+0x32/0xd0
[  134.768475][ T6869]  simple_read_from_buffer+0xcb/0x170
[  134.768496][ T6869]  proc_fail_nth_read+0x197/0x270
[  134.768515][ T6869]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  134.768534][ T6869]  ? rw_verify_area+0xcf/0x680
[  134.768550][ T6869]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  134.768568][ T6869]  vfs_read+0x1e4/0xc60
[  134.768589][ T6869]  ? __pfx___mutex_lock+0x10/0x10
[  134.768610][ T6869]  ? __pfx_vfs_read+0x10/0x10
[  134.768633][ T6869]  ? __fget_files+0x20e/0x3c0
[  134.768660][ T6869]  ksys_read+0x12a/0x250
[  134.768708][ T6869]  ? __pfx_ksys_read+0x10/0x10
[  134.768732][ T6869]  do_syscall_64+0xcd/0x4c0
[  134.768755][ T6869]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.768770][ T6869] RIP: 0033:0x7f989ab8d33c
[  134.768782][ T6869] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  134.768795][ T6869] RSP: 002b:00007f989ba10030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  134.768809][ T6869] RAX: ffffffffffffffda RBX: 00007f989adb5fa0 RCX: 00007f989ab8d33c
[  134.768819][ T6869] RDX: 000000000000000f RSI: 00007f989ba100a0 RDI: 0000000000000003
[  134.768827][ T6869] RBP: 00007f989ba10090 R08: 0000000000000000 R09: 0000000000000000
[  134.768835][ T6869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.768843][ T6869] R13: 0000000000000000 R14: 00007f989adb5fa0 R15: 00007ffee49ac378
[  134.768863][ T6869]  </TASK>
[  134.934231][   T30] audit: type=1326 audit(1750585266.291:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6855 comm="syz.1.253" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb6878e929 code=0x7fc00000
[  136.170591][    T9] usb 4-1: config 0 descriptor??
[  137.033295][   T30] audit: type=1400 audit(1750585266.671:356): avc:  denied  { write } for  pid=6866 comm="syz.0.258" path="socket:[10903]" dev="sockfs" ino=10903 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  137.148121][ T6882] syzkaller1: entered promiscuous mode
[  137.153630][ T6882] syzkaller1: entered allmulticast mode
[  137.519085][    T9] usb 4-1: USB disconnect, device number 10
[  137.615061][   T30] audit: type=1400 audit(1750585267.741:357): avc:  denied  { accept } for  pid=6871 comm="syz.4.260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  137.619848][ T6891] FAULT_INJECTION: forcing a failure.
[  137.619848][ T6891] name failslab, interval 1, probability 0, space 0, times 0
[  137.710700][ T6893] netlink: 16 bytes leftover after parsing attributes in process `syz.3.264'.
[  137.915791][   T30] audit: type=1400 audit(1750585267.991:358): avc:  denied  { read } for  pid=6874 comm="syz.1.259" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  138.025026][   T30] audit: type=1400 audit(1750585267.991:359): avc:  denied  { open } for  pid=6874 comm="syz.1.259" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  138.143129][ T6891] CPU: 1 UID: 0 PID: 6891 Comm: syz.1.263 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  138.143154][ T6891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  138.143163][ T6891] Call Trace:
[  138.143169][ T6891]  <TASK>
[  138.143175][ T6891]  dump_stack_lvl+0x16c/0x1f0
[  138.143202][ T6891]  should_fail_ex+0x512/0x640
[  138.143221][ T6891]  ? fs_reclaim_acquire+0xae/0x150
[  138.143282][ T6891]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  138.143307][ T6891]  should_failslab+0xc2/0x120
[  138.143331][ T6891]  __kmalloc_noprof+0xd2/0x510
[  138.143356][ T6891]  tomoyo_realpath_from_path+0xc2/0x6e0
[  138.143379][ T6891]  ? tomoyo_profile+0x47/0x60
[  138.143405][ T6891]  tomoyo_path_number_perm+0x245/0x580
[  138.143422][ T6891]  ? tomoyo_path_number_perm+0x237/0x580
[  138.143443][ T6891]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  138.143463][ T6891]  ? find_held_lock+0x2b/0x80
[  138.143501][ T6891]  ? find_held_lock+0x2b/0x80
[  138.143520][ T6891]  ? hook_file_ioctl_common+0x145/0x410
[  138.143551][ T6891]  ? __fget_files+0x20e/0x3c0
[  138.143577][ T6891]  security_file_ioctl+0x9b/0x240
[  138.143601][ T6891]  __x64_sys_ioctl+0xb7/0x210
[  138.143619][ T6891]  do_syscall_64+0xcd/0x4c0
[  138.143646][ T6891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.143662][ T6891] RIP: 0033:0x7fbb6878e929
[  138.143677][ T6891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  138.143692][ T6891] RSP: 002b:00007fbb69589038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  138.143709][ T6891] RAX: ffffffffffffffda RBX: 00007fbb689b5fa0 RCX: 00007fbb6878e929
[  138.143720][ T6891] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  138.143728][ T6891] RBP: 00007fbb69589090 R08: 0000000000000000 R09: 0000000000000000
[  138.143736][ T6891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.143744][ T6891] R13: 0000000000000000 R14: 00007fbb689b5fa0 R15: 00007fff9f0adeb8
[  138.143764][ T6891]  </TASK>
[  138.143808][ T6891] ERROR: Out of memory at tomoyo_realpath_from_path.
[  138.198319][ T6894] netlink: 12 bytes leftover after parsing attributes in process `syz.3.264'.
[  138.388917][   T30] audit: type=1400 audit(1750585267.991:360): avc:  denied  { ioctl } for  pid=6874 comm="syz.1.259" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4601 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  138.459297][ T6810] Bluetooth: Error in BCSP hdr checksum
[  138.824250][ T6818] Bluetooth: Error in BCSP hdr checksum
[  139.517411][   T30] audit: type=1400 audit(1750585271.181:361): avc:  denied  { getopt } for  pid=6909 comm="syz.4.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  139.849560][ T6912] 9pnet_fd: Insufficient options for proto=fd
[  139.913194][ T5135] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  140.433063][   T30] audit: type=1400 audit(1750585271.491:362): avc:  denied  { connect } for  pid=6905 comm="syz.1.267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  140.452877][   T30] audit: type=1400 audit(1750585271.491:363): avc:  denied  { map } for  pid=6905 comm="syz.1.267" path="socket:[10951]" dev="sockfs" ino=10951 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  141.132232][ T6928] netlink: 'syz.1.275': attribute type 12 has an invalid length.
[  141.150849][ T6928] netlink: 'syz.1.275': attribute type 29 has an invalid length.
[  141.163046][ T6928] netlink: 148 bytes leftover after parsing attributes in process `syz.1.275'.
[  141.533443][  T973] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  141.613374][   T10] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  141.615072][ T5886] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  141.763127][   T10] usb 1-1: device descriptor read/64, error -71
[  141.793081][  T973] usb 2-1: device descriptor read/64, error -71
[  141.833209][ T5886] usb 5-1: Using ep0 maxpacket: 32
[  141.863428][ T5886] usb 5-1: config 0 has an invalid interface number: 85 but max is 0
[  141.871553][ T5886] usb 5-1: config 0 has no interface number 0
[  141.873132][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  141.916311][ T5886] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  141.962319][ T5886] usb 5-1: config 0 interface 85 has no altsetting 0
[  141.994814][ T5886] usb 5-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  142.005305][ T5886] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.020306][ T5886] usb 5-1: Product: syz
[  142.033052][  T973] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  142.033188][   T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  142.061889][ T5886] usb 5-1: Manufacturer: syz
[  142.065200][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  142.083181][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  142.096717][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  142.108072][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.122872][    T9] usb 4-1: config 0 descriptor??
[  142.172247][    T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  142.190796][ T5886] usb 5-1: SerialNumber: syz
[  142.223120][   T10] usb 1-1: device descriptor read/64, error -71
[  142.238173][ T5886] usb 5-1: config 0 descriptor??
[  142.244169][  T973] usb 2-1: device descriptor read/64, error -71
[  142.353314][   T10] usb usb1-port1: attempt power cycle
[  142.363359][  T973] usb usb2-port1: attempt power cycle
[  142.726008][   T10] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  142.741516][  T973] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  142.818997][ T6951] team0: Device gtp0 is of different type
[  142.823736][  T973] usb 2-1: device descriptor read/8, error -71
[  142.855653][   T10] usb 1-1: device descriptor read/8, error -71
[  143.132450][ T5886] appletouch 5-1:0.85: Failed to request geyser raw mode
[  143.148658][ T5886] appletouch 5-1:0.85: probe with driver appletouch failed with error -5
[  143.169695][ T5886] usb 5-1: USB disconnect, device number 7
[  143.170055][ T6955] FAULT_INJECTION: forcing a failure.
[  143.170055][ T6955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  143.175835][  T973] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  143.196751][ T6955] CPU: 0 UID: 0 PID: 6955 Comm: syz.2.280 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  143.196774][ T6955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  143.196783][ T6955] Call Trace:
[  143.196788][ T6955]  <TASK>
[  143.196795][ T6955]  dump_stack_lvl+0x16c/0x1f0
[  143.196821][ T6955]  should_fail_ex+0x512/0x640
[  143.196845][ T6955]  _copy_from_user+0x2e/0xd0
[  143.196867][ T6955]  copy_msghdr_from_user+0x98/0x160
[  143.196890][ T6955]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  143.196929][ T6955]  ___sys_sendmsg+0xfe/0x1d0
[  143.196954][ T6955]  ? __pfx____sys_sendmsg+0x10/0x10
[  143.196973][ T6955]  ? __lock_acquire+0x622/0x1c90
[  143.197032][ T6955]  __sys_sendmsg+0x16d/0x220
[  143.197054][ T6955]  ? __pfx___sys_sendmsg+0x10/0x10
[  143.197095][ T6955]  do_syscall_64+0xcd/0x4c0
[  143.197119][ T6955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.197136][ T6955] RIP: 0033:0x7f654d58e929
[  143.197149][ T6955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.197164][ T6955] RSP: 002b:00007f654e3d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  143.197178][ T6955] RAX: ffffffffffffffda RBX: 00007f654d7b5fa0 RCX: 00007f654d58e929
[  143.197188][ T6955] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[  143.197197][ T6955] RBP: 00007f654e3d8090 R08: 0000000000000000 R09: 0000000000000000
[  143.197206][ T6955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.197215][ T6955] R13: 0000000000000000 R14: 00007f654d7b5fa0 R15: 00007ffea0c20618
[  143.197243][ T6955]  </TASK>
[  143.233476][  T973] usb 2-1: device descriptor read/8, error -71
[  143.236471][   T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  143.393269][  T973] usb usb2-port1: unable to enumerate USB device
[  143.439250][   T30] audit: type=1400 audit(1750585275.101:364): avc:  denied  { write } for  pid=6956 comm="syz.2.281" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  143.465340][   T10] usb 1-1: device descriptor read/8, error -71
[  143.573319][   T10] usb usb1-port1: unable to enumerate USB device
[  144.698120][    T9] usb 4-1: USB disconnect, device number 11
[  144.707613][   T30] audit: type=1400 audit(1750585275.981:365): avc:  denied  { shutdown } for  pid=6967 comm="syz.1.285" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  146.060483][ T6983] FAULT_INJECTION: forcing a failure.
[  146.060483][ T6983] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.074533][ T6983] CPU: 1 UID: 0 PID: 6983 Comm: syz.0.286 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  146.074556][ T6983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.074567][ T6983] Call Trace:
[  146.074572][ T6983]  <TASK>
[  146.074579][ T6983]  dump_stack_lvl+0x16c/0x1f0
[  146.074608][ T6983]  should_fail_ex+0x512/0x640
[  146.074634][ T6983]  _copy_from_user+0x2e/0xd0
[  146.074658][ T6983]  do_sock_getsockopt+0x5f4/0x800
[  146.074678][ T6983]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  146.074693][ T6983]  ? __fget_files+0x204/0x3c0
[  146.074728][ T6983]  __sys_getsockopt+0x12f/0x260
[  146.074755][ T6983]  __x64_sys_getsockopt+0xbd/0x160
[  146.074776][ T6983]  ? do_syscall_64+0x91/0x4c0
[  146.074800][ T6983]  ? lockdep_hardirqs_on+0x7c/0x110
[  146.074823][ T6983]  do_syscall_64+0xcd/0x4c0
[  146.074849][ T6983]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.074866][ T6983] RIP: 0033:0x7fbeab58e929
[  146.074879][ T6983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.074895][ T6983] RSP: 002b:00007fbeac3cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  146.074912][ T6983] RAX: ffffffffffffffda RBX: 00007fbeab7b6160 RCX: 00007fbeab58e929
[  146.074923][ T6983] RDX: 000000000000007a RSI: 0000000000000084 RDI: 0000000000000006
[  146.074932][ T6983] RBP: 00007fbeac3cb090 R08: 0000200000000040 R09: 0000000000000000
[  146.074942][ T6983] R10: 0000200000000340 R11: 0000000000000246 R12: 0000000000000001
[  146.074952][ T6983] R13: 0000000000000000 R14: 00007fbeab7b6160 R15: 00007ffed52dbf78
[  146.074975][ T6983]  </TASK>
[  146.531506][   T30] audit: type=1400 audit(1750585278.151:366): avc:  denied  { create } for  pid=6986 comm="syz.1.289" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  147.058414][ T6987] netlink: 'syz.1.289': attribute type 23 has an invalid length.
[  147.073644][   T30] audit: type=1400 audit(1750585278.171:367): avc:  denied  { ioctl } for  pid=6986 comm="syz.1.289" path="socket:[12464]" dev="sockfs" ino=12464 ioctlcmd=0x7452 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  147.557995][ T6999] veth3: entered promiscuous mode
[  147.563608][ T6999] veth3: entered allmulticast mode
[  147.683042][ T7005] FAULT_INJECTION: forcing a failure.
[  147.683042][ T7005] name failslab, interval 1, probability 0, space 0, times 0
[  147.695809][ T7005] CPU: 0 UID: 0 PID: 7005 Comm: syz.1.294 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  147.695832][ T7005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  147.695842][ T7005] Call Trace:
[  147.695849][ T7005]  <TASK>
[  147.695855][ T7005]  dump_stack_lvl+0x16c/0x1f0
[  147.695884][ T7005]  should_fail_ex+0x512/0x640
[  147.695905][ T7005]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  147.695934][ T7005]  should_failslab+0xc2/0x120
[  147.695958][ T7005]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  147.695980][ T7005]  ? getname_flags.part.0+0x4c/0x550
[  147.696003][ T7005]  getname_flags.part.0+0x4c/0x550
[  147.696023][ T7005]  getname_flags+0x93/0xf0
[  147.696045][ T7005]  do_sys_openat2+0xb8/0x1d0
[  147.696061][ T7005]  ? __pfx_do_sys_openat2+0x10/0x10
[  147.696087][ T7005]  __x64_sys_openat+0x174/0x210
[  147.696103][ T7005]  ? __pfx___x64_sys_openat+0x10/0x10
[  147.696118][ T7005]  ? ksys_write+0x1ac/0x250
[  147.696148][ T7005]  do_syscall_64+0xcd/0x4c0
[  147.696175][ T7005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.696193][ T7005] RIP: 0033:0x7fbb6878e929
[  147.696206][ T7005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  147.696222][ T7005] RSP: 002b:00007fbb69547038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  147.696238][ T7005] RAX: ffffffffffffffda RBX: 00007fbb689b6160 RCX: 00007fbb6878e929
[  147.696250][ T7005] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  147.696261][ T7005] RBP: 00007fbb69547090 R08: 0000000000000000 R09: 0000000000000000
[  147.696270][ T7005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.696280][ T7005] R13: 0000000000000000 R14: 00007fbb689b6160 R15: 00007fff9f0adeb8
[  147.696302][ T7005]  </TASK>
[  147.876002][   T30] audit: type=1400 audit(1750585279.331:368): avc:  denied  { execute_no_trans } for  pid=7000 comm="syz.1.294" path="/70/file1" dev="tmpfs" ino=399 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  148.537620][ T7013] netlink: 'syz.2.295': attribute type 12 has an invalid length.
[  148.570682][ T7013] netlink: 'syz.2.295': attribute type 29 has an invalid length.
[  148.578845][ T7013] netlink: 148 bytes leftover after parsing attributes in process `syz.2.295'.
[  149.083111][ T1674] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  149.223030][ T1674] usb 3-1: device descriptor read/64, error -71
[  150.804152][ T1674] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  151.054281][ T1674] usb 3-1: device descriptor read/64, error -71
[  151.214750][ T1674] usb usb3-port1: attempt power cycle
[  151.344156][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  151.994072][    T9] usb 1-1: Using ep0 maxpacket: 8
[  152.017154][    T9] usb 1-1: config 67 has an invalid descriptor of length 25, skipping remainder of the config
[  152.027659][    T9] usb 1-1: config 67 has 0 interfaces, different from the descriptor's value: 1
[  152.064626][    T9] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  152.080868][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.125695][    T9] usb 1-1: Product: syz
[  152.143146][    T9] usb 1-1: Manufacturer: syz
[  152.151598][    T9] usb 1-1: SerialNumber: syz
[  152.379016][    T9] usb 1-1: USB disconnect, device number 17
[  152.482213][ T7051] syzkaller1: entered promiscuous mode
[  152.487763][ T7051] syzkaller1: entered allmulticast mode
[  153.352911][ T7058] syzkaller1: entered promiscuous mode
[  153.358629][ T7058] syzkaller1: entered allmulticast mode
[  153.768527][ T7065] netlink: 152 bytes leftover after parsing attributes in process `syz.1.311'.
[  153.948348][ T7066] netlink: 5980 bytes leftover after parsing attributes in process `syz.1.311'.
[  153.960019][ T7066] openvswitch: netlink: Flow key attr not present in new flow.
[  154.233725][ T7068] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  154.353217][   T30] audit: type=1400 audit(1750585285.961:369): avc:  denied  { bind } for  pid=7069 comm="syz.4.313" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  154.398092][ T7070] FAULT_INJECTION: forcing a failure.
[  154.398092][ T7070] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.411987][ T7070] CPU: 0 UID: 0 PID: 7070 Comm: syz.4.313 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  154.412003][ T7070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.412009][ T7070] Call Trace:
[  154.412013][ T7070]  <TASK>
[  154.412017][ T7070]  dump_stack_lvl+0x16c/0x1f0
[  154.412035][ T7070]  should_fail_ex+0x512/0x640
[  154.412050][ T7070]  _copy_from_user+0x2e/0xd0
[  154.412064][ T7070]  copy_msghdr_from_user+0x98/0x160
[  154.412079][ T7070]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  154.412099][ T7070]  ___sys_sendmsg+0xfe/0x1d0
[  154.412113][ T7070]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.412126][ T7070]  ? __lock_acquire+0x622/0x1c90
[  154.412152][ T7070]  ? populate_seccomp_data+0x180/0x540
[  154.412170][ T7070]  __sys_sendmsg+0x16d/0x220
[  154.412185][ T7070]  ? __pfx___sys_sendmsg+0x10/0x10
[  154.412203][ T7070]  ? __secure_computing+0x28e/0x3b0
[  154.412220][ T7070]  do_syscall_64+0xcd/0x4c0
[  154.412236][ T7070]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.412246][ T7070] RIP: 0033:0x7f989ab8e929
[  154.412254][ T7070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.412264][ T7070] RSP: 002b:00007f989ba10038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.412274][ T7070] RAX: ffffffffffffffda RBX: 00007f989adb5fa0 RCX: 00007f989ab8e929
[  154.412280][ T7070] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000009
[  154.412286][ T7070] RBP: 00007f989ba10090 R08: 0000000000000000 R09: 0000000000000000
[  154.412292][ T7070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.412298][ T7070] R13: 0000000000000000 R14: 00007f989adb5fa0 R15: 00007ffee49ac378
[  154.412310][ T7070]  </TASK>
[  154.586794][   T30] audit: type=1400 audit(1750585285.961:370): avc:  denied  { name_bind } for  pid=7069 comm="syz.4.313" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=sctp_socket permissive=1
[  154.611044][   T30] audit: type=1400 audit(1750585285.971:371): avc:  denied  { node_bind } for  pid=7069 comm="syz.4.313" saddr=::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=sctp_socket permissive=1
[  155.181803][ T5135] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  155.190698][ T5135] Bluetooth: hci1: Injecting HCI hardware error event
[  155.200324][ T5821] Bluetooth: hci1: hardware error 0x00
[  155.438504][ T7090] netlink: 'syz.2.316': attribute type 12 has an invalid length.
[  155.466793][ T7090] netlink: 'syz.2.316': attribute type 29 has an invalid length.
[  155.618705][ T7090] netlink: 148 bytes leftover after parsing attributes in process `syz.2.316'.
[  156.035629][   T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  156.093048][ T1674] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  156.183158][   T10] usb 3-1: device descriptor read/64, error -71
[  156.195714][ T7111] FAULT_INJECTION: forcing a failure.
[  156.195714][ T7111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  156.245393][ T1674] usb 4-1: device descriptor read/64, error -71
[  156.255355][ T7111] CPU: 0 UID: 0 PID: 7111 Comm: syz.0.322 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  156.255379][ T7111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.255389][ T7111] Call Trace:
[  156.255394][ T7111]  <TASK>
[  156.255399][ T7111]  dump_stack_lvl+0x16c/0x1f0
[  156.255421][ T7111]  should_fail_ex+0x512/0x640
[  156.255437][ T7111]  _copy_from_user+0x2e/0xd0
[  156.255451][ T7111]  get_timespec64+0x8b/0x240
[  156.255466][ T7111]  ? __pfx_get_timespec64+0x10/0x10
[  156.255488][ T7111]  __do_sys_io_uring_enter+0x109b/0x1630
[  156.255502][ T7111]  ? __fget_files+0x20e/0x3c0
[  156.255516][ T7111]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  156.255529][ T7111]  ? fput+0x70/0xf0
[  156.255549][ T7111]  do_syscall_64+0xcd/0x4c0
[  156.255565][ T7111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.255575][ T7111] RIP: 0033:0x7fbeab58e929
[  156.255585][ T7111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.255594][ T7111] RSP: 002b:00007fbeac3ec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  156.255604][ T7111] RAX: ffffffffffffffda RBX: 00007fbeab7b6080 RCX: 00007fbeab58e929
[  156.255611][ T7111] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000006
[  156.255616][ T7111] RBP: 00007fbeac3ec090 R08: 0000200000000000 R09: 0000000000000018
[  156.255622][ T7111] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001
[  156.255628][ T7111] R13: 0000000000000000 R14: 00007fbeab7b6080 R15: 00007ffed52dbf78
[  156.255640][ T7111]  </TASK>
[  156.643682][   T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  156.799623][ T1674] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  156.862454][ T7114] netlink: 28 bytes leftover after parsing attributes in process `syz.1.323'.
[  156.936069][ T7114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.323'.
[  156.951432][   T10] usb 3-1: device descriptor read/64, error -71
[  156.957833][ T1674] usb 4-1: device descriptor read/64, error -71
[  157.073706][ T1674] usb usb4-port1: attempt power cycle
[  157.079261][   T10] usb usb3-port1: attempt power cycle
[  157.956416][ T5821] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  158.133635][ T1674] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  158.253193][ T7130] nfs4: Unknown parameter ''
[  158.592416][   T10] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  158.731771][ T1674] usb 4-1: device descriptor read/8, error -71
[  159.863445][   T10] usb 3-1: device descriptor read/8, error -71
[  160.454089][ T7150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.331'.
[  160.496049][ T7150] netlink: 'syz.2.331': attribute type 5 has an invalid length.
[  160.561105][ T7150] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  160.569955][ T7150] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  160.578678][ T7150] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  160.587379][ T7150] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  160.597006][ T7150] vxlan0: entered promiscuous mode
[  160.673368][ T5947] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  160.803221][ T5886] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  160.923090][ T5947] usb 4-1: Using ep0 maxpacket: 32
[  160.935838][ T5947] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  161.414963][ T5947] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  161.426986][ T5947] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  161.440593][ T5947] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  161.450067][ T5947] usb 4-1: config 1 has no interface number 0
[  161.456506][ T5947] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  161.466359][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.466962][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.2.336'.
[  161.491100][ T5886] usb 2-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e
[  161.504499][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.507125][ T5947] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  161.518944][ T5886] usb 2-1: Product: syz
[  161.523409][ T5886] usb 2-1: Manufacturer: syz
[  161.528067][ T5886] usb 2-1: SerialNumber: syz
[  161.549351][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.2.336'.
[  161.555985][ T5886] usb 2-1: config 0 descriptor??
[  161.569658][ T5886] usbsevseg 2-1:0.0: USB 7 Segment device now attached
[  162.641363][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.650254][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.666111][ T5947] snd_usb_pod 4-1:1.1: set_interface failed
[  162.677237][ T5947] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  162.687818][ T7153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  162.701338][ T5947] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -71
[  162.711726][ T5947] usb 4-1: USB disconnect, device number 16
[  162.717877][ T7153] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  162.732432][ T7153] sp0: Synchronizing with TNC
[  162.779653][ T7174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.338'.
[  162.818714][   T30] audit: type=1400 audit(1750585294.351:372): avc:  denied  { write } for  pid=7152 comm="syz.1.333" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  163.187697][ T7153] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  163.213370][ T7153] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  163.362473][ T7153] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  163.435102][ T7153] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  164.345417][ T7153] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  164.382875][ T7153] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  164.386738][ T7192] FAULT_INJECTION: forcing a failure.
[  164.386738][ T7192] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  164.416442][ T7153] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  164.424945][ T7192] CPU: 1 UID: 0 PID: 7192 Comm: syz.2.342 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  164.424969][ T7192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.424979][ T7192] Call Trace:
[  164.424985][ T7192]  <TASK>
[  164.424991][ T7192]  dump_stack_lvl+0x16c/0x1f0
[  164.425019][ T7192]  should_fail_ex+0x512/0x640
[  164.425044][ T7192]  _copy_from_user+0x2e/0xd0
[  164.425068][ T7192]  copy_msghdr_from_user+0x98/0x160
[  164.425092][ T7192]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  164.425128][ T7192]  ___sys_sendmsg+0xfe/0x1d0
[  164.425152][ T7192]  ? __pfx____sys_sendmsg+0x10/0x10
[  164.425176][ T7192]  ? __lock_acquire+0x622/0x1c90
[  164.425234][ T7192]  __sys_sendmsg+0x16d/0x220
[  164.425256][ T7192]  ? __pfx___sys_sendmsg+0x10/0x10
[  164.425294][ T7192]  do_syscall_64+0xcd/0x4c0
[  164.425319][ T7192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.425335][ T7192] RIP: 0033:0x7f654d58e929
[  164.425347][ T7192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.425361][ T7192] RSP: 002b:00007f654e3b7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  164.425377][ T7192] RAX: ffffffffffffffda RBX: 00007f654d7b6080 RCX: 00007f654d58e929
[  164.425386][ T7192] RDX: 0000000000044004 RSI: 00002000000000c0 RDI: 0000000000000003
[  164.425396][ T7192] RBP: 00007f654e3b7090 R08: 0000000000000000 R09: 0000000000000000
[  164.425405][ T7192] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.425413][ T7192] R13: 0000000000000000 R14: 00007f654d7b6080 R15: 00007ffea0c20618
[  164.425437][ T7192]  </TASK>
[  164.443031][ T7153] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  164.722816][ T7196] FAULT_INJECTION: forcing a failure.
[  164.722816][ T7196] name failslab, interval 1, probability 0, space 0, times 0
[  164.735960][ T7196] CPU: 0 UID: 0 PID: 7196 Comm: syz.0.343 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  164.735976][ T7196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.735982][ T7196] Call Trace:
[  164.735986][ T7196]  <TASK>
[  164.735990][ T7196]  dump_stack_lvl+0x16c/0x1f0
[  164.736008][ T7196]  should_fail_ex+0x512/0x640
[  164.736021][ T7196]  ? fs_reclaim_acquire+0xae/0x150
[  164.736032][ T7196]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  164.736046][ T7196]  should_failslab+0xc2/0x120
[  164.736060][ T7196]  __kmalloc_noprof+0xd2/0x510
[  164.736077][ T7196]  tomoyo_realpath_from_path+0xc2/0x6e0
[  164.736092][ T7196]  ? tomoyo_profile+0x47/0x60
[  164.736108][ T7196]  tomoyo_path_number_perm+0x245/0x580
[  164.736119][ T7196]  ? tomoyo_path_number_perm+0x237/0x580
[  164.736131][ T7196]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  164.736144][ T7196]  ? find_held_lock+0x2b/0x80
[  164.736172][ T7196]  ? find_held_lock+0x2b/0x80
[  164.736183][ T7196]  ? hook_file_ioctl_common+0x145/0x410
[  164.736202][ T7196]  ? __fget_files+0x20e/0x3c0
[  164.736219][ T7196]  security_file_ioctl+0x9b/0x240
[  164.736234][ T7196]  __x64_sys_ioctl+0xb7/0x210
[  164.736246][ T7196]  do_syscall_64+0xcd/0x4c0
[  164.736262][ T7196]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  164.736272][ T7196] RIP: 0033:0x7fbeab58e929
[  164.736281][ T7196] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  164.736291][ T7196] RSP: 002b:00007fbeac40d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  164.736300][ T7196] RAX: ffffffffffffffda RBX: 00007fbeab7b5fa0 RCX: 00007fbeab58e929
[  164.736307][ T7196] RDX: 0000200000000000 RSI: 0000000000008b18 RDI: 0000000000000004
[  164.736313][ T7196] RBP: 00007fbeac40d090 R08: 0000000000000000 R09: 0000000000000000
[  164.736318][ T7196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  164.736324][ T7196] R13: 0000000000000000 R14: 00007fbeab7b5fa0 R15: 00007ffed52dbf78
[  164.736336][ T7196]  </TASK>
[  164.736340][ T7196] ERROR: Out of memory at tomoyo_realpath_from_path.
[  165.205462][    T9] usb 2-1: USB disconnect, device number 17
[  165.212591][    T9] usbsevseg 2-1:0.0: USB 7 Segment now disconnected
[  165.403145][  T973] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  165.981370][  T973] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.053122][ T5886] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  166.171955][  T973] usb 1-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  166.209220][  T973] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  166.232060][  T973] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.270451][  T973] usb 1-1: Product: syz
[  166.279513][  T973] usb 1-1: Manufacturer: syz
[  166.294019][  T973] usb 1-1: SerialNumber: syz
[  166.364469][ T5886] usb 2-1: unable to get BOS descriptor or descriptor too short
[  166.384520][ T7221] netlink: 152 bytes leftover after parsing attributes in process `syz.2.352'.
[  166.387799][ T5886] usb 2-1: config 6 has an invalid interface number: 200 but max is 0
[  166.401992][ T7221] netlink: 92 bytes leftover after parsing attributes in process `syz.2.352'.
[  166.403840][ T7221] FAULT_INJECTION: forcing a failure.
[  166.403840][ T7221] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  166.426035][ T7221] CPU: 0 UID: 0 PID: 7221 Comm: syz.2.352 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  166.426058][ T7221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  166.426068][ T7221] Call Trace:
[  166.426074][ T7221]  <TASK>
[  166.426080][ T7221]  dump_stack_lvl+0x16c/0x1f0
[  166.426107][ T7221]  should_fail_ex+0x512/0x640
[  166.426129][ T7221]  _copy_to_user+0x32/0xd0
[  166.426144][ T7221]  simple_read_from_buffer+0xcb/0x170
[  166.426159][ T7221]  proc_fail_nth_read+0x197/0x270
[  166.426177][ T7221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  166.426198][ T7221]  ? rw_verify_area+0xcf/0x680
[  166.426215][ T7221]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  166.426234][ T7221]  vfs_read+0x1e4/0xc60
[  166.426256][ T7221]  ? __pfx___mutex_lock+0x10/0x10
[  166.426271][ T7221]  ? __pfx_vfs_read+0x10/0x10
[  166.426287][ T7221]  ? __fget_files+0x20e/0x3c0
[  166.426305][ T7221]  ksys_read+0x12a/0x250
[  166.426317][ T7221]  ? __pfx_ksys_read+0x10/0x10
[  166.426336][ T7221]  ? __secure_computing+0x28e/0x3b0
[  166.426363][ T7221]  do_syscall_64+0xcd/0x4c0
[  166.426388][ T7221]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.426403][ T7221] RIP: 0033:0x7f654d58d33c
[  166.426417][ T7221] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  166.426427][ T7221] RSP: 002b:00007f654e3b7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  166.426437][ T7221] RAX: ffffffffffffffda RBX: 00007f654d7b6080 RCX: 00007f654d58d33c
[  166.426443][ T7221] RDX: 000000000000000f RSI: 00007f654e3b70a0 RDI: 0000000000000009
[  166.426449][ T7221] RBP: 00007f654e3b7090 R08: 0000000000000000 R09: 0000000000000000
[  166.426455][ T7221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  166.426460][ T7221] R13: 0000000000000000 R14: 00007f654d7b6080 R15: 00007ffea0c20618
[  166.426483][ T7221]  </TASK>
[  167.110141][ T5886] usb 2-1: config 6 has no interface number 0
[  167.276413][ T5886] usb 2-1: config 6 interface 200 has no altsetting 0
[  167.286581][ T5886] usb 2-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  167.297104][ T5886] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.306523][ T5886] usb 2-1: Product: syz
[  167.312783][ T5886] usb 2-1: Manufacturer: syz
[  167.327710][ T5886] usb 2-1: SerialNumber: syz
[  167.388536][ T7228] netlink: 28 bytes leftover after parsing attributes in process `syz.3.354'.
[  167.397807][ T7228] netlink: 8 bytes leftover after parsing attributes in process `syz.3.354'.
[  167.893075][ T5859] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  168.653059][   T30] audit: type=1400 audit(1750585299.301:373): avc:  denied  { ioctl } for  pid=7235 comm="syz.4.356" path="socket:[13517]" dev="sockfs" ino=13517 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  168.783128][ T5859] usb 4-1: Using ep0 maxpacket: 16
[  168.797684][ T5859] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  168.808899][  T973] cdc_ncm 1-1:1.0: failed GET_NTB_PARAMETERS
[  168.817144][  T973] cdc_ncm 1-1:1.0: bind() failure
[  168.822198][ T5859] usb 4-1: config 0 has no interface number 0
[  168.842850][  T973] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  168.861253][ T5859] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  168.880756][  T973] cdc_ncm 1-1:1.1: bind() failure
[  168.891752][ T5859] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.907084][ T5886] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  168.923331][   T10] usb 5-1: new low-speed USB device number 8 using dummy_hcd
[  168.927029][  T973] usb 1-1: USB disconnect, device number 18
[  168.936814][ T5859] usb 4-1: Product: syz
[  168.943499][ T5886] dvb-usb: bulk message failed: -22 (3/0)
[  168.964790][ T5859] usb 4-1: Manufacturer: syz
[  168.969403][ T5859] usb 4-1: SerialNumber: syz
[  168.976205][ T5886] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  169.024621][ T5859] usb 4-1: config 0 descriptor??
[  169.030303][ T5886] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  169.041163][ T5859] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  169.050621][ T5886] usb 2-1: media controller created
[  169.163131][   T10] usb 5-1: Invalid ep0 maxpacket: 64
[  169.189337][ T5886] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  169.267257][ T7250] FAULT_INJECTION: forcing a failure.
[  169.267257][ T7250] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.268128][ T7250] 
[  169.268136][ T7250] ======================================================
[  169.268141][ T7250] WARNING: possible circular locking dependency detected
[  169.268147][ T7250] 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 Not tainted
[  169.268156][ T7250] ------------------------------------------------------
[  169.268162][ T7250] syz.0.358/7250 is trying to acquire lock:
[  169.268170][ T7250] ffffffff8e4d1e00 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  169.268211][ T7250] 
[  169.268211][ T7250] but task is already holding lock:
[  169.268216][ T7250] ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  169.268252][ T7250] 
[  169.268252][ T7250] which lock already depends on the new lock.
[  169.268252][ T7250] 
[  169.268256][ T7250] 
[  169.268256][ T7250] the existing dependency chain (in reverse order) is:
[  169.268261][ T7250] 
[  169.268261][ T7250] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  169.268281][ T7250]        _raw_spin_lock_nested+0x31/0x40
[  169.268301][ T7250]        raw_spin_rq_lock_nested+0x29/0x130
[  169.268318][ T7250]        task_rq_lock+0xcf/0x490
[  169.268336][ T7250]        cgroup_move_task+0x81/0x2a0
[  169.268355][ T7250]        css_set_move_task+0x288/0x5f0
[  169.268370][ T7250]        cgroup_post_fork+0x201/0x9e0
[  169.268392][ T7250]        copy_process+0x5cfc/0x76a0
[  169.268411][ T7250]        kernel_clone+0xfc/0x960
[  169.268429][ T7250]        user_mode_thread+0xc7/0x110
[  169.268448][ T7250]        rest_init+0x23/0x2b0
[  169.268462][ T7250]        start_kernel+0x3ee/0x4d0
[  169.268482][ T7250]        x86_64_start_reservations+0x18/0x30
[  169.268501][ T7250]        x86_64_start_kernel+0x130/0x190
[  169.268519][ T7250]        common_startup_64+0x13e/0x148
[  169.268533][ T7250] 
[  169.268533][ T7250] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  169.268553][ T7250]        _raw_spin_lock_irqsave+0x3a/0x60
[  169.268572][ T7250]        try_to_wake_up+0xb2/0x1680
[  169.268588][ T7250]        __wake_up_common+0x135/0x1f0
[  169.268611][ T7250]        __wake_up+0x31/0x60
[  169.268630][ T7250]        tty_port_default_wakeup+0x2a/0x40
[  169.268653][ T7250]        serial8250_tx_chars+0x68e/0x860
[  169.268676][ T7250]        serial8250_handle_irq+0x761/0xcb0
[  169.268700][ T7250]        serial8250_default_handle_irq+0x9a/0x210
[  169.268725][ T7250]        serial8250_interrupt+0x103/0x210
[  169.268741][ T7250]        __handle_irq_event_percpu+0x229/0x7d0
[  169.268759][ T7250]        handle_irq_event+0xab/0x1e0
[  169.268776][ T7250]        handle_edge_irq+0x28e/0xab0
[  169.268791][ T7250]        __common_interrupt+0xdf/0x250
[  169.268809][ T7250]        common_interrupt+0xba/0xe0
[  169.268824][ T7250]        asm_common_interrupt+0x26/0x40
[  169.268840][ T7250]        filemap_map_pages+0x53c/0x1680
[  169.268859][ T7250]        __handle_mm_fault+0x3b38/0x5490
[  169.268876][ T7250]        handle_mm_fault+0x589/0xd10
[  169.268892][ T7250]        do_user_addr_fault+0x60c/0x1370
[  169.268914][ T7250]        exc_page_fault+0x5c/0xb0
[  169.268931][ T7250]        asm_exc_page_fault+0x26/0x30
[  169.268944][ T7250] 
[  169.268944][ T7250] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  169.268964][ T7250]        _raw_spin_lock_irqsave+0x3a/0x60
[  169.268983][ T7250]        __wake_up+0x1c/0x60
[  169.269001][ T7250]        tty_port_default_wakeup+0x2a/0x40
[  169.269023][ T7250]        serial8250_tx_chars+0x68e/0x860
[  169.269045][ T7250]        serial8250_handle_irq+0x761/0xcb0
[  169.269068][ T7250]        serial8250_default_handle_irq+0x9a/0x210
[  169.269092][ T7250]        serial8250_interrupt+0x103/0x210
[  169.269107][ T7250]        __handle_irq_event_percpu+0x229/0x7d0
[  169.269124][ T7250]        handle_irq_event+0xab/0x1e0
[  169.269141][ T7250]        handle_edge_irq+0x28e/0xab0
[  169.269155][ T7250]        __common_interrupt+0xdf/0x250
[  169.269173][ T7250]        common_interrupt+0xba/0xe0
[  169.269187][ T7250]        asm_common_interrupt+0x26/0x40
[  169.269201][ T7250]        _raw_spin_unlock_irqrestore+0x31/0x80
[  169.269220][ T7250]        uart_write+0x2a4/0xb30
[  169.269240][ T7250]        n_tty_write+0x40f/0x1160
[  169.269253][ T7250]        file_tty_write.constprop.0+0x504/0x9b0
[  169.269275][ T7250]        redirected_tty_write+0xd4/0x150
[  169.269295][ T7250]        vfs_write+0x6c7/0x1150
[  169.269314][ T7250]        ksys_write+0x12a/0x250
[  169.269330][ T7250]        do_syscall_64+0xcd/0x4c0
[  169.269351][ T7250]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.269366][ T7250] 
[  169.269366][ T7250] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  169.269391][ T7250]        _raw_spin_lock_irqsave+0x3a/0x60
[  169.269409][ T7250]        serial8250_console_write+0x181/0x1890
[  169.269424][ T7250]        console_flush_all+0x801/0xc60
[  169.269441][ T7250]        console_unlock+0xd8/0x210
[  169.269457][ T7250]        vprintk_emit+0x418/0x6d0
[  169.269473][ T7250]        _printk+0xc7/0x100
[  169.269485][ T7250]        register_console+0xc2d/0x11b0
[  169.269503][ T7250]        univ8250_console_init+0x5f/0x90
[  169.269523][ T7250]        console_init+0x14f/0x680
[  169.269542][ T7250]        start_kernel+0x29f/0x4d0
[  169.269560][ T7250]        x86_64_start_reservations+0x18/0x30
[  169.269579][ T7250]        x86_64_start_kernel+0x130/0x190
[  169.269596][ T7250]        common_startup_64+0x13e/0x148
[  169.269609][ T7250] 
[  169.269609][ T7250] -> #0 (console_owner){-.-.}-{0:0}:
[  169.269628][ T7250]        __lock_acquire+0x126f/0x1c90
[  169.269651][ T7250]        lock_acquire+0x179/0x350
[  169.269673][ T7250]        console_lock_spinning_enable+0xb0/0xd0
[  169.269690][ T7250]        console_flush_all+0x7aa/0xc60
[  169.269706][ T7250]        console_unlock+0xd8/0x210
[  169.269722][ T7250]        vprintk_emit+0x418/0x6d0
[  169.269738][ T7250]        _printk+0xc7/0x100
[  169.269749][ T7250]        should_fail_ex+0x4e7/0x640
[  169.269768][ T7250]        strncpy_from_user+0x3b/0x2e0
[  169.269785][ T7250]        strncpy_from_user_nofault+0x7f/0x180
[  169.269807][ T7250]        bpf_probe_read_user_str+0x26/0x70
[  169.269828][ T7250]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  169.269841][ T7250]        bpf_trace_run4+0x24c/0x5a0
[  169.269856][ T7250]        __bpf_trace_sched_switch+0x145/0x190
[  169.269872][ T7250]        __traceiter_sched_switch+0x6f/0xc0
[  169.269887][ T7250]        __schedule+0x1bee/0x5de0
[  169.269906][ T7250]        preempt_schedule_common+0x44/0xc0
[  169.269925][ T7250]        preempt_schedule_thunk+0x16/0x30
[  169.269944][ T7250]        fput+0xe2/0xf0
[  169.269966][ T7250]        ksys_write+0x216/0x250
[  169.269984][ T7250]        do_syscall_64+0xcd/0x4c0
[  169.270004][ T7250]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.270018][ T7250] 
[  169.270018][ T7250] other info that might help us debug this:
[  169.270018][ T7250] 
[  169.270022][ T7250] Chain exists of:
[  169.270022][ T7250]   console_owner --> &p->pi_lock --> &rq->__lock
[  169.270022][ T7250] 
[  169.270045][ T7250]  Possible unsafe locking scenario:
[  169.270045][ T7250] 
[  169.270049][ T7250]        CPU0                    CPU1
[  169.270054][ T7250]        ----                    ----
[  169.270058][ T7250]   lock(&rq->__lock);
[  169.270067][ T7250]                                lock(&p->pi_lock);
[  169.270077][ T7250]                                lock(&rq->__lock);
[  169.270088][ T7250]   lock(console_owner);
[  169.270097][ T7250] 
[  169.270097][ T7250]  *** DEADLOCK ***
[  169.270097][ T7250] 
[  169.270101][ T7250] 4 locks held by syz.0.358/7250:
[  169.270109][ T7250]  #0: ffff8880b843a2d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  169.270146][ T7250]  #1: ffffffff8e5c4880 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0
[  169.270181][ T7250]  #2: ffffffff8e5b2240 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  169.270214][ T7250]  #3: ffffffff8e5b22b0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  169.270252][ T7250] 
[  169.270252][ T7250] stack backtrace:
[  169.270259][ T7250] CPU: 0 UID: 0 PID: 7250 Comm: syz.0.358 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  169.270278][ T7250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  169.270288][ T7250] Call Trace:
[  169.270293][ T7250]  <TASK>
[  169.270299][ T7250]  dump_stack_lvl+0x116/0x1f0
[  169.270323][ T7250]  print_circular_bug+0x275/0x350
[  169.270347][ T7250]  check_noncircular+0x14c/0x170
[  169.270373][ T7250]  __lock_acquire+0x126f/0x1c90
[  169.270405][ T7250]  lock_acquire+0x179/0x350
[  169.270426][ T7250]  ? console_lock_spinning_enable+0x9f/0xd0
[  169.270445][ T7250]  ? console_lock_spinning_enable+0x88/0xd0
[  169.270466][ T7250]  console_lock_spinning_enable+0xb0/0xd0
[  169.270484][ T7250]  ? console_lock_spinning_enable+0x9f/0xd0
[  169.270502][ T7250]  console_flush_all+0x7aa/0xc60
[  169.270523][ T7250]  ? __pfx_console_flush_all+0x10/0x10
[  169.270543][ T7250]  ? is_printk_cpu_sync_owner+0x32/0x40
[  169.270565][ T7250]  console_unlock+0xd8/0x210
[  169.270582][ T7250]  ? __pfx_console_unlock+0x10/0x10
[  169.270600][ T7250]  ? do_raw_spin_unlock+0x120/0x230
[  169.270618][ T7250]  ? _printk+0xc7/0x100
[  169.270631][ T7250]  ? __down_trylock_console_sem+0xb0/0x140
[  169.270648][ T7250]  vprintk_emit+0x418/0x6d0
[  169.270667][ T7250]  ? __pfx_vprintk_emit+0x10/0x10
[  169.270685][ T7250]  ? lockdep_hardirqs_on+0x7c/0x110
[  169.270706][ T7250]  ? finish_task_switch.isra.0+0x221/0xc10
[  169.270728][ T7250]  _printk+0xc7/0x100
[  169.270741][ T7250]  ? __pfx__printk+0x10/0x10
[  169.270756][ T7250]  ? __pfx____ratelimit+0x10/0x10
[  169.270777][ T7250]  ? __lock_acquire+0x622/0x1c90
[  169.270801][ T7250]  should_fail_ex+0x4e7/0x640
[  169.270821][ T7250]  strncpy_from_user+0x3b/0x2e0
[  169.270838][ T7250]  ? lock_acquire+0x179/0x350
[  169.270863][ T7250]  strncpy_from_user_nofault+0x7f/0x180
[  169.270886][ T7250]  bpf_probe_read_user_str+0x26/0x70
[  169.270909][ T7250]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  169.270922][ T7250]  bpf_trace_run4+0x24c/0x5a0
[  169.270938][ T7250]  ? __pfx_bpf_trace_run4+0x10/0x10
[  169.270956][ T7250]  ? __lock_acquire+0xb8a/0x1c90
[  169.270981][ T7250]  __bpf_trace_sched_switch+0x145/0x190
[  169.271000][ T7250]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  169.271020][ T7250]  ? plist_check_prev_next+0x12a/0x1a0
[  169.271040][ T7250]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  169.271061][ T7250]  __traceiter_sched_switch+0x6f/0xc0
[  169.271077][ T7250]  ? set_next_task_rt+0x403/0x6a0
[  169.271099][ T7250]  __schedule+0x1bee/0x5de0
[  169.271121][ T7250]  ? get_pid_task+0x51/0x250
[  169.271144][ T7250]  ? find_held_lock+0x2b/0x80
[  169.271165][ T7250]  ? __pfx___schedule+0x10/0x10
[  169.271184][ T7250]  ? find_held_lock+0x2b/0x80
[  169.271205][ T7250]  ? rcu_is_watching+0x12/0xc0
[  169.271222][ T7250]  ? irqentry_exit+0x3b/0x90
[  169.271243][ T7250]  ? lockdep_hardirqs_on+0x7c/0x110
[  169.271264][ T7250]  ? preempt_schedule_thunk+0x16/0x30
[  169.271284][ T7250]  preempt_schedule_common+0x44/0xc0
[  169.271306][ T7250]  preempt_schedule_thunk+0x16/0x30
[  169.271326][ T7250]  ? fput+0x70/0xf0
[  169.271348][ T7250]  ? fput+0xdd/0xf0
[  169.271369][ T7250]  fput+0xe2/0xf0
[  169.271397][ T7250]  ksys_write+0x216/0x250
[  169.271416][ T7250]  ? __pfx_ksys_write+0x10/0x10
[  169.271438][ T7250]  do_syscall_64+0xcd/0x4c0
[  169.271462][ T7250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.271478][ T7250] RIP: 0033:0x7fbeab58d3df
[  169.271489][ T7250] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  169.271504][ T7250] RSP: 002b:00007fbeac3cb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  169.271519][ T7250] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007fbeab58d3df
[  169.271530][ T7250] RDX: 0000000000000001 RSI: 00007fbeac3cb090 RDI: 000000000000000a
[  169.271540][ T7250] RBP: 00007fbeac3cb090 R08: 0000000000000000 R09: 00007fbeac3cadf7
[  169.271550][ T7250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  169.271560][ T7250] R13: 0000000000000000 R14: 00007fbeab7b6160 R15: 00007ffed52dbf78
[  169.271575][ T7250]  </TASK>
[  170.412019][ T7250] CPU: 0 UID: 0 PID: 7250 Comm: syz.0.358 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) 
[  170.412035][ T7250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  170.412042][ T7250] Call Trace:
[  170.412047][ T7250]  <TASK>
[  170.412052][ T7250]  dump_stack_lvl+0x116/0x1f0
[  170.412070][ T7250]  should_fail_ex+0x512/0x640
[  170.412085][ T7250]  strncpy_from_user+0x3b/0x2e0
[  170.412096][ T7250]  ? lock_acquire+0x179/0x350
[  170.412112][ T7250]  strncpy_from_user_nofault+0x7f/0x180
[  170.412128][ T7250]  bpf_probe_read_user_str+0x26/0x70
[  170.412143][ T7250]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  170.412151][ T7250]  bpf_trace_run4+0x24c/0x5a0
[  170.412161][ T7250]  ? __pfx_bpf_trace_run4+0x10/0x10
[  170.412177][ T7250]  ? __lock_acquire+0xb8a/0x1c90
[  170.412192][ T7250]  __bpf_trace_sched_switch+0x145/0x190
[  170.412204][ T7250]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  170.412216][ T7250]  ? plist_check_prev_next+0x12a/0x1a0
[  170.412228][ T7250]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  170.412241][ T7250]  __traceiter_sched_switch+0x6f/0xc0
[  170.412251][ T7250]  ? set_next_task_rt+0x403/0x6a0
[  170.412266][ T7250]  __schedule+0x1bee/0x5de0
[  170.412280][ T7250]  ? get_pid_task+0x51/0x250
[  170.412295][ T7250]  ? find_held_lock+0x2b/0x80
[  170.412307][ T7250]  ? __pfx___schedule+0x10/0x10
[  170.412318][ T7250]  ? find_held_lock+0x2b/0x80
[  170.412330][ T7250]  ? rcu_is_watching+0x12/0xc0
[  170.412342][ T7250]  ? irqentry_exit+0x3b/0x90
[  170.412356][ T7250]  ? lockdep_hardirqs_on+0x7c/0x110
[  170.412369][ T7250]  ? preempt_schedule_thunk+0x16/0x30
[  170.412381][ T7250]  preempt_schedule_common+0x44/0xc0
[  170.412395][ T7250]  preempt_schedule_thunk+0x16/0x30
[  170.412407][ T7250]  ? fput+0x70/0xf0
[  170.412421][ T7250]  ? fput+0xdd/0xf0
[  170.412434][ T7250]  fput+0xe2/0xf0
[  170.412448][ T7250]  ksys_write+0x216/0x250
[  170.412460][ T7250]  ? __pfx_ksys_write+0x10/0x10
[  170.412474][ T7250]  do_syscall_64+0xcd/0x4c0
[  170.412488][ T7250]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.412498][ T7250] RIP: 0033:0x7fbeab58d3df
[  170.412507][ T7250] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  170.412517][ T7250] RSP: 002b:00007fbeac3cb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  170.412527][ T7250] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00007fbeab58d3df
[  170.412534][ T7250] RDX: 0000000000000001 RSI: 00007fbeac3cb090 RDI: 000000000000000a
[  170.412539][ T7250] RBP: 00007fbeac3cb090 R08: 0000000000000000 R09: 00007fbeac3cadf7
[  170.412545][ T7250] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  170.412551][ T7250] R13: 0000000000000000 R14: 00007fbeab7b6160 R15: 00007ffed52dbf78
[  170.412560][ T7250]  </TASK>
[  170.416265][ T5859] gspca_spca1528: reg_w err -110
[  170.700372][ T5886] dvb-usb: bulk message failed: -22 (6/0)
[  170.707676][ T5859] spca1528 4-1:0.1: probe with driver spca1528 failed with error -110
[  170.800551][ T5886] dvb-usb: bulk message failed: -22 (6/0)
[  170.800633][   T10] usb 5-1: new low-speed USB device number 9 using dummy_hcd
[  170.806384][ T5886] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  170.807912][ T5886] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input12
[  170.835836][ T5886] dvb-usb: schedule remote query interval to 150 msecs.
[  170.842791][ T5886] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  170.859197][ T5886] usb 2-1: USB disconnect, device number 18
[  170.891813][    T9] usb 4-1: USB disconnect, device number 17
[  170.925841][ T5886] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.