last executing test programs:

14.30067428s ago: executing program 1 (id=2954):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000cc0)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000f80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000e00)={0x40, 0x13, 0x6, @local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000001740)={0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x40, 0x19, 0x2, "0200"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000140)={0x40, 0x8c13bf79f89e49ce}, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, &(0x7f0000000080)={0x20, 0x22, 0x74, {0x74, 0xe, "c1bec6b9a395b0d1539646be590c2092b0b66d625d75c3d8f1ce7f6736972d341a6ffd7d904ab331106289342a97eea361ca56498a898628b16900d67f520ed17a617faf701d4567419caf2cad4795595900f289e85bb765643aa7f82649df273d7fbdcbeda02a7aee84a9e274142249eda1"}}, &(0x7f0000000000)={0x0, 0x3, 0x32, @string={0x32, 0x3, "7f136d6039c4f1f4c1543aa103560324151743453bc9de5c4e7a06925b9cbd55315958028ffe469dd206bdf2fdeaf214"}}}, &(0x7f0000000400)={0x44, &(0x7f0000000500)=ANY=[@ANYBLOB="401359000000ce5ecbff1d1861c926813842b83c37849250b134bcbf480e00000000000000697edef6eac619e39a021ea7d24080152f176ba0d74b03af03a24af500f60a2515f438c41377076e90fc827ccbf898af895cf8a8d6a12586aa88215b1ad45f9724fd67c0"], &(0x7f0000000240)={0x0, 0xa, 0x1, 0xc7}, &(0x7f0000000280)={0x0, 0x8, 0x1}, &(0x7f00000002c0)={0x20, 0x81, 0x1, ']'}, &(0x7f0000000300)={0x20, 0x82, 0x3, "305bed"}, &(0x7f0000000340)={0x20, 0x83, 0x2, "b691"}, &(0x7f0000000380)={0x20, 0x84, 0x3, "5aeddf"}, &(0x7f00000003c0)={0x20, 0x85, 0x3, "389d77"}})

13.606597042s ago: executing program 3 (id=2957):
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

13.101469474s ago: executing program 3 (id=2958):
mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000203850000a26939d60000000000000f0800010001"], 0x1c}}, 0x0)
recvmsg(r0, &(0x7f0000001680)={&(0x7f00000001c0)=@generic, 0x80, &(0x7f0000001540)=[{&(0x7f0000000300)=""/191, 0xbf}, {&(0x7f00000003c0)=""/130, 0x82}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000000240)=""/118, 0x76}, {&(0x7f0000001480)=""/146, 0x92}, {&(0x7f0000000100)}], 0x6, &(0x7f00000015c0)=""/153, 0x99}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r2=>0x0}) (async)
r3 = getpgrp(0xffffffffffffffff)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000040)={0x5, 0xfffffffd, 0x0, 0x8001, 0x1, "f3f0a0e7c6f3a0153af5e3c9309af36ca56c3d"}) (async)
writev(r6, &(0x7f0000000340)=[{&(0x7f0000000c80)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa46193218553971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484edac92717591a6467c38af94b14d4bf366d5fb232c24bc8a9d5361dd979a98ff5ea6a331cf27110b4457301454119173622e1ddef43e79842b3dcbce701ec9195770fd820823cd45fe00baa87d3000000000000570d", 0x223}], 0xea3) (async)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r5)
ioctl$IOCTL_GET_NCIDEV_IDX(r4, 0x0, &(0x7f00000000c0)=<r8=>0x0)
sendmsg$NFC_CMD_DEV_UP(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r7, 0x1, 0x70bd26, 0x23c, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x1c}}, 0x0) (async, rerun: 32)
write$nci(r4, &(0x7f00000001c0)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0x9, @v={0x1, 0x2, 0x2, 0x6, 0x7, 0x3, 0x80, {0xfc, 0xc, "30ea56c4f61cab1d"}, 0x7, 0xf3, 0xff, 0x4, 0x1, "eb"}}, 0x1a) (async, rerun: 32)
prctl$PR_SET_PTRACER(0x59616d61, r3) (async)
prctl$PR_SET_PTRACER(0x59616d61, r3) (async, rerun: 64)
r9 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route_sched(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {}, {0x0, 0x5}, {0x9, 0xa}}}, 0x24}}, 0x0) (async)
r10 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000100)={0x2, @broadcast, 0x4e22, 0x2, 'nq\x00', 0x57, 0x940a, 0x7f}, 0x2c)

12.571600213s ago: executing program 3 (id=2960):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
r2 = getpid()
syz_pidfd_open(r2, 0x0)

12.070568802s ago: executing program 4 (id=2961):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
setgroups(0x0, 0x0)
r0 = socket(0x28, 0x1, 0x0)
connect$packet(r0, &(0x7f0000000100)={0x28, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f00000002c0))
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xfad9, 0x10000, 0x3}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
io_uring_setup(0x3e36, &(0x7f00000001c0)={0x0, 0x535a, 0x10, 0x3, 0x198, 0x0, r2})
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x249}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b40500000000000071f9ff00ffffffe606000000000000009500000000040001413e7c209a1c6f76697b2617db1adf5d1cc09dc0f2eec632e0465cc664714f741bb4cc1772cde62de0061be4b5317b8a16501200cc31"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
read$char_usb(r1, &(0x7f0000000280)=""/56, 0x38)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
dup(r6)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, 0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003c40), 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x3, 0x5}, {0xffff, 0xe}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x2}}]}, 0x2c}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000b92e670879092702832401020301090212000107d440000936a07cfc045e7a66c20a1ef78838873b04aa000046a54502"], 0x0)
syz_io_uring_setup(0x1727, &(0x7f0000000500)={0x0, 0xdd06, 0x2, 0x8000, 0x1f1}, &(0x7f0000000480), &(0x7f0000000040))

12.037203062s ago: executing program 3 (id=2962):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x1, 0x0, 0x0, 0x41100, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$unix(0x1, 0x1, 0x0)
r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
chdir(0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10290}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_BRIDGE={0x4}]}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4008040)
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r7, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})

11.190431701s ago: executing program 2 (id=2963):
r0 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000280)='ns/net\x00')
socket$phonet_pipe(0x23, 0x5, 0x2)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=<r3=>r2, 0x11, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0}, 0x40)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000640)={@cgroup=r3, 0x24, 0x0, 0xd8, &(0x7f0000000000)=[0x0], 0x1, 0x0, 0x0, 0x0, 0x0}, 0x40)

11.1902786s ago: executing program 2 (id=2964):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000009c0), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x11)
ioctl$TCGETS(r0, 0x8924, 0x0) (fail_nth: 2)

10.852369919s ago: executing program 2 (id=2965):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x101000, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_loose}, {@ignoreqv}, {@access_any}, {@mmap}, {@version_L}], [{@hash}, {@appraise_type}]}})
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000003200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_SET_RAND_ADDR={{}, 0x8}}}, 0x7)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
r2 = syz_open_dev$evdev(0x0, 0x0, 0x822b01)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001340)={&(0x7f0000000b00)=ANY=[], 0x0, 0x2a, 0x0, 0x0, 0x4, 0x10000, @value}, 0x28)
r3 = socket(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xa, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r8}, 0x38)
io_setup(0x1, &(0x7f0000000380)=<r9=>0x0)
io_submit(r9, 0x2, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}])
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2778)

9.668334299s ago: executing program 1 (id=2967):
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000480), 0xffffffffffffffff)
socket$kcm(0x11, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = syz_io_uring_setup(0x110, &(0x7f0000000200)={0x0, 0xfec9, 0x8, 0x5, 0x3d4}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r1, 0x18, &(0x7f0000000000)={0x8, 0xffffffffffffffff, 0x4, {0x4, 0x1}, 0x8}, 0x1)

9.384682907s ago: executing program 2 (id=2968):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000000000000000000005eb0ef573ea33a30fe9c0bd48c"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x7, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000000000001811c2fe00a732ecb92f2c6f63b594037070caae4d31b253fcc48f9627628fa4a52d7d0ee1028ed8aa65854548b64219d12bbf85846f507a80f13744445655511ed84a859a42f760d2a60a2b74e0ce6f0c7b3beaa6a41cdbd8e5cb937254c80fd3f6818e4212c20fe343ece8f35f0561ec2d74", @ANYRES32=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r2, 0x4b72, &(0x7f0000000600)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x6002, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
ioctl$TCSETSW2(r4, 0x5425, 0x0)
r5 = syz_io_uring_setup(0x88f, &(0x7f0000000200)={0x0, 0xaee2, 0x8, 0x202, 0xbfdffffb}, &(0x7f0000000000)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x3406}, 0x1})
io_uring_enter(r5, 0x47f6, 0x0, 0x2, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000b80)={{0x12, 0x1, 0x110, 0x6d, 0xca, 0xaf, 0x10, 0x565, 0x1, 0xb9c4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xf, 0x6, 0x40, 0x6, [{{0x9, 0x4, 0x7b, 0x4, 0x0, 0x8d, 0xeb, 0x2e, 0x6}}]}}]}}, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000004040)=ANY=[@ANYBLOB="682400003e000701feffffff00000000037c000008004280040008000c00018006"], 0x2468}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xa6, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r9, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendmsg$NFQNL_MSG_VERDICT_BATCH(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="680000000303030000000000000000000700000408000377c1dac408000340000000d208000340ffff5f4508000340000000060c000200fffffffe000000090c000200fffffffb0000000108000340000000080800034000008000"/104], 0x68}, 0x1, 0x0, 0x0, 0x1}, 0x800)

8.850239826s ago: executing program 3 (id=2969):
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x101000, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_loose}, {@ignoreqv}, {@access_any}, {@mmap}, {@version_L}], [{@hash}, {@appraise_type}]}})
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000003200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_LE_SET_ADV_SET_RAND_ADDR={{}, 0x8}}}, 0x7)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
dup(r1)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r3 = socket(0x10, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_procfs(0xffffffffffffffff, 0x0)
ioctl$FBIOPUT_VSCREENINFO(0xffffffffffffffff, 0x4601, 0x0)
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0xa, 0x4, 0x4, 0x6, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r7, 0x2, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0), &(0x7f0000000240), 0xfff, r8}, 0x38)
io_setup(0x1, &(0x7f0000000380)=<r9=>0x0)
io_submit(r9, 0x2, &(0x7f0000000440)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x0, 0x2}])
write$char_usb(r2, &(0x7f0000000040)="e2", 0x2778)

6.541514029s ago: executing program 4 (id=2970):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, 0x0)
r0 = syz_open_dev$video(&(0x7f0000000140), 0x101, 0xab02)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)={0x14, 0x25, 0x1, 0x70bd27, 0x25dfdbfc, {0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40000)
r2 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1e7d, 0x31ce, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0x20, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x6, {0x9, 0x21, 0x5, 0xa5, 0x1, {0x22, 0xc3c}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x7, 0xd4, 0x1}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x74, 0x4, 0xe}}]}}}]}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000440)={0xa, 0x6, 0x310, 0x9, 0xf0, 0x12, 0x10, 0x6}, 0x38, &(0x7f0000000200)={0x5, 0xf, 0x38, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x80, "ba30bc1632b85943f524d29d8d84bc2f"}, @wireless={0xb, 0x10, 0x1, 0xc, 0x18, 0x7f, 0x6, 0x1, 0x1}, @ss_container_id={0x14, 0x10, 0x4, 0xd6, "6f81aa6941b0cb04a317df86bf5be0b5"}]}, 0x2, [{0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x448}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x4c0a}}]})
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, 0x0)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, 0x0)
r3 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000001b00)={&(0x7f0000000040)=@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x80, 0x0}, 0x2)
sendmsg$inet(r3, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0x0, 0xa6820000}, 0xafe6)
close_range(r3, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000100)={0x9, {0xf8000002, 0x9, 0x8, 0xb}})
fchdir(0xffffffffffffffff)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r4, 0x84, 0x77, &(0x7f00000001c0)={<r5=>0x0, 0xf, 0x1, [0x6]}, &(0x7f0000000240)=0xa)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000480)={r5, @in6={{0xa, 0x4e20, 0x8001, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x41}}, 0x7}}, 0x87, 0x21}, 0x90)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$SYNC_IOC_MERGE(r4, 0xc0303e03, &(0x7f00000000c0)={"cd1d21e08fe6be73f2c3bb883c2f283da134ec69380faa74bdc59a30bbeaad15", r4})

6.48162594s ago: executing program 0 (id=2971):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
sendmmsg$sock(r0, &(0x7f0000000340)=[{{&(0x7f0000000080)=@ieee802154={0x24, @short={0x2, 0x3, 0xaaa2}}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)="af660981589fd89e51d94d6909975e43f5ddb330d7f55fe72bebbc0076ba1f286fb7b2c31cf66a1615a94787238cdd589028", 0x32}], 0x1, &(0x7f00000002c0)=[@timestamping={{0x14, 0x1, 0x25, 0x81}}, @mark={{0x14, 0x1, 0x24, 0x40}}, @timestamping={{0x14, 0x1, 0x25, 0xabb}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0x60}}], 0x1, 0x10)
r1 = io_uring_setup(0x4ab7, &(0x7f0000000380)={0x0, 0xf95, 0x2, 0x3, 0xcf})
syz_io_uring_setup(0x4960, &(0x7f0000000400)={0x0, 0xa5f1, 0x1000, 0x3, 0x342, 0x0, r1}, &(0x7f0000000480), &(0x7f00000004c0))
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x13f, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f0000000140)={0x14, 0x88, 0xfa00, {r3, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x2000000000001005, 0x19dff}}}, 0x90)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
listen(r4, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000840)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)

5.682582268s ago: executing program 1 (id=2972):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
r2 = getpid()
syz_pidfd_open(r2, 0x0)

5.610593043s ago: executing program 0 (id=2973):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="40000000010203000000080000000000021800022c00018006000e40000400001400018008000100e000000208000200ffffffff0c000280050001"], 0x40}, 0x1, 0x0, 0x0, 0x40004}, 0x810)
modify_ldt$write2(0x11, &(0x7f0000000280)={0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x10)
r1 = socket$caif_seqpacket(0x25, 0x5, 0x0)
setsockopt$CAIFSO_LINK_SELECT(r1, 0x10e, 0x7f, 0x0, 0x41)

5.478417107s ago: executing program 1 (id=2974):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000bc0), r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x14, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, [@printk={@llx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xb0}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7f}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200003, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c00)={0x14, r1, 0x301, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x800)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r4, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, 0xffffffffffffffff, 0x0, 0x3}}, 0x20)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r0)

5.426028098s ago: executing program 0 (id=2975):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x2042, 0x0)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x509c01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000980)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r9=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r7, r9, 0x25, 0x2}, 0x14)
syz_emit_ethernet(0x19, &(0x7f0000000440)={@local, @local, @val={@val={0x88a8, 0x6, 0x1, 0x1}, {0x8100, 0x5, 0x0, 0x3}}, {@x25={0x805, {0x1, 0x8, 0x13}}}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000600)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0xa, 0xffff}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80}, 0x800)
socket$packet(0x11, 0x3, 0x300)
ioctl$vim2m_VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000340)=@userptr={0xd, 0x3, 0x0, 0xe000, 0x4, {0x0, 0x2710}, {0x2, 0x8, 0x5, 0x2, 0x9, 0x20, "ce7f9a90"}, 0x7fffffff, 0x2, {&(0x7f0000000300)}, 0x1})
r10 = openat$binfmt_format(0xffffff9c, &(0x7f0000003040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
write$binfmt_format(r10, &(0x7f0000003080)='1\x00', 0x1)

5.306290054s ago: executing program 1 (id=2976):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
userfaultfd(0x80001)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x2d)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x60301, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x1f, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000040000001801000020696c25000000207b1af8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b05d25a806f8c6394f91a24fc6007020f", 0x17}], 0x1, 0x0, 0x0, 0x400300}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
write$cgroup_subtree(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33)

5.125001735s ago: executing program 4 (id=2977):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18060000000000000000000000000040180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000020000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0x3c00, 0x3, 0x0, 0x0, 0x0}, &(0x7f0000000100), &(0x7f0000000140))
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
readv(r3, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0xe)
ppoll(&(0x7f00000000c0)=[{r2, 0x8000}], 0x1, &(0x7f0000000200), 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f0000000500)=ANY=[@ANYBLOB="180100000000000000000000000000008500"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0x8200, 0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0x1, &(0x7f0000001140)='/dev/snd/midiC#D\xb1z', 0x12)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x0)
sendmsg$nl_route(r0, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/input/handlers\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb3d68000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000002d00)=ANY=[@ANYBLOB="200000001000010700000000000000000a0000000c0002006e6c3830323131"], 0x20}}, 0x800)

4.142068571s ago: executing program 2 (id=2978):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
r3 = creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r4 = fanotify_init(0xf00, 0x0)
fanotify_mark(r4, 0x105, 0x40009975, r3, 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r5}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r6 = io_uring_setup(0x3454, &(0x7f0000000080)={0x0, 0xffffafff, 0x1000, 0x2, 0x33e, 0x0, r3})
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
r7 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x40}}, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0x54}, 0x1, 0x0, 0x0, 0x20004000}, 0x0)
mmap(&(0x7f00006e7000/0x2000)=nil, 0x2000, 0xc, 0x2010, r3, 0x61ad2000)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@dellink={0x20, 0x11, 0x1, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r9, 0x2201, 0x800}}, 0x20}}, 0x40040)

3.57772179s ago: executing program 3 (id=2979):
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
syz_open_dev$vim2m(&(0x7f0000000180), 0x3c59, 0x2)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x208181, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='wchan\x00')
pipe2$9p(&(0x7f0000000240), 0x104800)
unlink(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x2010, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r3 = syz_open_procfs(0x0, &(0x7f0000000300)='net/unix\x00')
lseek(r3, 0x2000, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f000000850000002300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f00000011c0)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000090400000000000000000000010500000008000000000000000000000300000000020000000200000000000000000000000000000b"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0)
sched_setscheduler(r0, 0x6, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYRES64], 0x0)
syz_usb_control_io$printer(r5, 0x0, 0x0)

2.946152618s ago: executing program 1 (id=2980):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
setgroups(0x0, 0x0)
r0 = socket(0x28, 0x1, 0x0)
connect$packet(r0, &(0x7f0000000100)={0x28, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x14)
ioctl$sock_qrtr_TIOCOUTQ(r0, 0x5411, &(0x7f00000002c0))
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xfad9, 0x10000, 0x3}, &(0x7f0000000240)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
io_uring_setup(0x3e36, &(0x7f00000001c0)={0x0, 0x535a, 0x10, 0x3, 0x198, 0x0, r2})
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1, 0x0, 0x0, 0x0, {0x249}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r2, 0x12, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000003c0)=ANY=[@ANYBLOB="b40500000000000071f9ff00ffffffe606000000000000009500000000040001413e7c209a1c6f76697b2617db1adf5d1cc09dc0f2eec632e0465cc664714f741bb4cc1772cde62de0061be4b5317b8a16501200cc31"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd96, &(0x7f0000000080)=""/201, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd56, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
read$char_usb(r1, &(0x7f0000000280)=""/56, 0x38)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r6 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
dup(r6)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, 0x0, 0x0)
sendmmsg$inet6(r7, &(0x7f0000003c40), 0x0, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {0x3, 0x5}, {0xffff, 0xe}}, [@TCA_RATE={0x6, 0x5, {0x2, 0x2}}]}, 0x2c}}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000b92e670879092702832401020301090212000107d440000936a07cfc045e7a66c20a1ef78838873b04aa000046a54502"], 0x0)
syz_io_uring_setup(0x1727, &(0x7f0000000500)={0x0, 0xdd06, 0x2, 0x8000, 0x1f1}, &(0x7f0000000480), &(0x7f0000000040))

2.913774497s ago: executing program 0 (id=2981):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[], 0xc8}}, 0x0)

2.686026284s ago: executing program 4 (id=2982):
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18020000ffffffff00000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000006000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x84, &(0x7f0000000040)=ANY=[@ANYBLOB='grpquota_inmit=7,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00['])
r0 = socket$inet6(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='neigh_update\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendto$inet6(r0, &(0x7f00000000c0)="900000001c001f4d154a817393278bff0a80a578020000000104740014000100ac1414bb0542d6401051a2d708f37ac8da1a297e0099c5ac0000c5b068d0bf46d323456536016466fcb78dcaaf6c3efed495a46215be0000760700c0c80cefd28581d158ba86c9d2896c6d3bca2d0000000b0015009e49a6560641263da4de1df32c1739d7fbee9aa241731ae9e0b390", 0x90, 0x0, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r3)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
close(r4)
r5 = socket$netlink(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00', @random="010000000700"})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r7, &(0x7f0000000480)={0x2, 0x4e24, @loopback}, 0x10)
setsockopt$sock_int(r7, 0x1, 0x21, &(0x7f0000000040), 0x4)
sendmmsg$inet(r7, &(0x7f00000017c0)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000a00)="3912c1d03d9f66103940872256d8995b00c720af0cfa51b2b3b1448411fe107e64af467c85a200ebafdbee2c35b8ad1677fe7bb27ca22acbe83c449484972354b3baa1809633e690474a9154f95bd6874f20a0b290c590d44a9f5cd01414544ad719b82a550f2a7215e33e2dfdc1ce61a75637323b8828c5e5ef1f77b3d93114d46ceddb9d976eea7e20bb95e24e1e8b9974397bb8d73856a38618eac0ab333267fc833503b4df7838f5e522192252f4fd72ae45d21b55414a82ec84ff620a1ee2fe4691573a8afc79adaac5f0618cb457b14013f9e048cdec329a9e3343140213a41330b43e3290ef836c8839b303f0639a7561361247db2646977014051dcf3dc1246225f9aae3ca02943571bb39ecfdfa5b9ebc30a0476103c6133c7da6313848373c719a1f43ba5a765b8aa97caf7717fa063166951aa4e72d5616e6b42d6866fb308970430b2ff44c25b7dde2494389d1717c83f83ac7a632da0472bd6b0295b9f1fd1fc43099b1062bef744785158264f636cbf13926e7fcde7ebc1560a20961df3286df51b246ee7fe9474a8d51498bd90230bc89ea8dccb85035edd01aa93ed2f82297c3c3703990cb5201c7b92a04ea7abf9a36a488369161a9bfa42664d84860974fddbabed7eb509350917a3bbd427fe226bd1dd3420a7d711641babb2e36d9637c0b33a41a3578861d75e7e93c22ee94e9594258dc1883c2d749cad6e03b767555610c200efb5f104f91be7fb2513c97f3f279da2baedf7f91ed97ae33edef2ab348dded9df075b1ca5855866843aff902b6678075cb4a3d988ffd8ed61885400d1bcf6dc38c6be9b6428d4eba30711556510eb41b5c04590f11e393317a4fc988b39ecdbe322344c5ec4ed178e1dd35182a00f3ac345bfeea9936b6a015151332962bd28c5e1dbcdd825d51c78ef6db73170d9cfd47f2ca210ce8c103d37be1c61427bd3cf1bb5bcf9888f6e1631f404ea51f9cd8e0725459f9a531af19e2b533532f0b66fb5e9614d0895d35ccda358ac482a824fe67165bdaedcda5ddd86924c4fe5f22a043f92aed7a105fb54ec323273e660c17b8ae89d1546022320711ae0cab37564fc6b394f39e0b216227fa74b76c2a020d42f167891cbaf960fc0288547f2d31dceff3787135659a65878e5df65ce0004104a665098be576ebaf3733b6ba57e40f40ac74aad7d8b41db0f55513389faa84b1ce0fafed7018bcc5a687118bfab115b7a3163fb22af534406206065acf06066a5fb65f0b928cd25838c0c1a7b06bc42e622f502e515b87426b2a184b593bf35a4d454dc56881bbda1b9350f956e086196447a5052288aa0556e638d292bfd1abad58ef5db98f92694b30c3eda5b25a44688b24eadf579616c034ef688fad705c3dc99aafda0f7bbb591fd20e0ff96e8941188b9676b833aa91ba5ab1cf7acbdf16f14c843dd3cfeedf8e7628051f361ba328496c8a05aa68997257cb505dba270e132c437bc6df39134b0807fea53ecb84714ab0d9d8cda271e15bddac37ae4e0534322d649b74c90499919b771679c7211b4df2c80864809991750f966f52d217f63e80b7142b9205576133469a0a950060cd2fa0c25554b89900ebb6a991954990adeee517e55ff3abe4f3f7c07cb735b80be674d53ccc5bef27421c7bb602c7f22dde05", 0x4a2}, {&(0x7f0000000340)="1a22433159c35c547db1a9bd5582bd2d716bbf32c94e8d9d09e6d1a23556545d14524704667983a92bc34422c38cdfeaf8ac6eb4bf11d5a5316daabbce66bf1ba1147759adfae446129e8fb91077471cb281d7eeb3618a0c7d", 0x59}, {&(0x7f00000004c0)="e51b943cfb35e987c56b00fe4bfab443e0d79ece66524a5799bff0e72b0fd678d0e8fce7a06042ee3c4b9cd9e83de9cc37008f010febfede9c4226256937b5c5fa459bcd78751973b586eb78cfd938af5ec41ca5", 0x54}], 0x3}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000001c40)="0349ee47070c03607b5bae292ac8b762044157dd1ea30758ca9a7bfbd23efe5ba3cf173f0478438cbae7a57fe81ae074996dfd64d0c8db1c53c331a33a95a0d2cb94d0cd09f710c11df6be5cc730821bae016a0ea4073e7e4bd62cc1aff09c799d1ebe2a8388a02e50dd19c4b7b1e91a0a1d8904b32b45710d16dc796b719e7adabac89602c834ff01f6b5839643d5a2d8edb9d77af834a7fb82c2fdbdedbab80f961971ed25e2cee13220d342969544a6ce40ead993604e38deb309b330177ed7d23f919596f483ece2d540a95568272a0e879281d83615f589c89e1a7b0cea2a2fac406dbe67256f354a79cb99de0f7e1f4aa617405f284bca8cea6048f1155a89e98746e6912a7509caca768fd2b1ae942cce6a29d848f660b18ca860f9e5f9d95562c4a19fdd9b59932a453a934f0b98fa91129d29dfa2f8f21424c590ed8fe31a79ba09ef72c497ddd5ce7826e096e30746772e34cfc47e9eb5b56187132d87702b56e40d6751a58f9e6aa732d610f7aa631759a3afa266f730a0ee4a8d93555ba710d1bfb9ea4d633faee1529b8565af53eb34cfaca3e31dda587c2be2df3fe5a5a0e2a500eb8cc40db50854a6ec225fca2900148eb7a83c9189cedd69b7eb874f92f00f7635510d2dc062cfcfd8c9a473ac15c7ffbcc56399f6150750d7090917358870f16f684528a9d69bac3046256ad4e101073115712a89b0dd76fe5e8648696ce8dfe82b3220807dd7a446cd158fdf9426b7ddab8584eefb4152d25757e2642b77a21b364327ea38e911f60e6e6718730942c1db47cf80f16aac0950a5c2d412c620b526dca7f601a25b0089f69652889f0ac0667980d074e48dd8d20096097b772317cb8ba11531bd353d584f278e5b2565456f4997f73541add2e336a9beba29baeea7df3bbc5ad5f00c7c6f3c1ba93fbc1dba159497752eefa611d14f26b7c9a07aacda2e9b7572ea3fa66f67c04ee30f0e8f94038c01de81689c12fc44c71ed2b93b31ddc0d9acf62e6e9d71699d0d987ae87c529fcd79ab48433a43ed86d09095bf8d9798f80bbdd36d4ddeb90e752ac9e96079cfa4595daaed34df23e3771b791f3a54f86be3fe4a41f41c8d0f3a28cac2bf926eb95c8badf9fd2d0eb767664872417a08dade17937cadc00a8e3afe349d0e7a3cdfc1b1af108a7a5142a2b5832e99aff5ef27b525d4ea83d1523210c6cc673bcf42cc2e4561d2e8abad128992074d0aaa467eae584f62d347b70fa4f282f463ea0c916ec2e5b8490c87347bc70a11e9748a844d45cc744847e89acbb2e0bc03014c4865d426f52a460b1c0354fb90e4b882e23b674606737e5b878d1f18628f8f2389a071b0d2c64bcdb634b59e2effaabed7ee7812002956e776c039b16bd1cb0b663f4c8a16ad422856f7e6de282b33f268ff11f7972678bd337373b399e514c4dbebfcb812edc05f0e60b68df71682244b458009b85ee038722fc4b6b0c322d6d59ae9d290870d9c86707ad7f080f53d883454526ca942d6b6232cac0b378f0f2bb5209d93e2487a80a9677ac6b850d88cf1f8d47a5f5b534ad4cbf459235fd3662513ac1c53f0ba321b3cf9ede7b9a7e712fc5bf0b17cd164ef34178b3b", 0x47c}, {&(0x7f0000000100)="aa3d375025bc5e5b22402c6bc2b74d05557866776adbe43f0b87154fb9ccb967587c784994ee8b2b6822efc7f5d8b6498f0c7bd3df443b29475108699ab2dc772583b8de74fd4eff96bdeac758d85aac80928ff807a27624831c36caa3250460ce26adc9f1cc83e58d21abd5fafce3212e7d76b915a0b55b6d2e46ecff544879ec590032ae88298e2dbc1c6716283b544f9ef21650df51ef5fa6c60b5b2aa2a8726747286f2b7701ac1577449e25db02a1cda6eec796beb384a72c092d1fd027be88c6a1a4", 0xc5}], 0x2}}], 0x2, 0x8010)
shutdown(r7, 0x1)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r9=>0x0})
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a40)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="3b9600000000000000003b00000008000300", @ANYRES32=r9, @ANYBLOB="4a003300400000000802110000010802110000015050505050500000000600000101010101002d1a02881b06000000000000000d00c0001c0000000004ce950000e972060303030303030000"], 0x68}}, 0x14)
ioctl$SIOCSIFHWADDR(r3, 0x8b06, &(0x7f0000000000)={'wlan1\x00', @random="02000000000a"})
syz_genetlink_get_family_id$nl802154(&(0x7f0000000bc0), r2)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f00000005c0)=ANY=[@ANYBLOB="00a370e987a3c776af5b14849b793392de014f10f66c5a348bc1b4c023be5a269a51295753ef3f52b712cb08a6ded22632997c20a2695ca3e153109342b6228f5ff800322585405f9a5aab9d7189c519dd41d36b68695928d0e29ff80642d4c083256bc11843203ce741af8b926f6b53c4fb3add8d404a54d386d72c7f192deefdeb71bf4f0692f19527ecf4f548e01369eda2858170d46083117a76a06718ffc909d6fa72dc6b355bd5d2fbd8f1a63457b50a7f6928f820af515c25eb", @ANYRES16=r9, @ANYBLOB="010327bd7000fddbdf25010000003d4d8b733ca8a3cd12d0c8149a094f0796ab2cb24d8a17fd7e4f8b0ae6d17a23e2c803361958c8954fd38f20b1855bc35e53dc79c117c78dfcd2e4ed3c17d88e2282c2ec12f127ea7e495fd2d88f61af47722d1261ad03aa3abd58c81507501728d5caa35b224dbfc4f6374c5011d96d6aac46b4a205000000206bb7d3756c292ffcc272617d5d62493d71d5740bf45c43efb88997534ec41e0a3558947a641abe49b2839e23faca1c6c98d754"], 0x14}, 0x1, 0x0, 0x0, 0x4c080}, 0x820)

2.585210933s ago: executing program 0 (id=2983):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r0, 0x4)
mkdirat(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0x111)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
shmctl$IPC_RMID(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000740)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x4e23, @broadcast}, 0x2, 0x0, 0x4}}, 0x2e)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x42, &(0x7f0000000480)=ANY=[@ANYBLOB="0180c2000000ece65fbcee5586dd8009e914000c1100fe8000000000000000000000000000bbfe8000000000000000000000000000c900030e22000c907881030000"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x0, 0x0, 0x0, 0x1b30}})
ioctl(r4, 0x8b1a, &(0x7f0000000040))
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000080), 0x1000000, &(0x7f0000000240)={[{@verity_require}]})
r5 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x8801)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000001340)={{0x0, 0x1, 0x0, 0x8, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x1, 0x0, 'syz0\x00', &(0x7f0000000180)=['-[\'\x00'], 0x4})
io_setup(0x202, &(0x7f0000000200))
mount$9p_tcp(&(0x7f00000002c0), &(0x7f0000000300)='./cgroup.cpu/cgroup.procs\x00', &(0x7f00000004c0), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="7472616e733d74637411a8fb72743d3078303030303030303030303030346532322c70726976706f72742c00"])
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

1.831342559s ago: executing program 4 (id=2984):
syz_open_dev$vim2m(&(0x7f0000000000), 0x9, 0x2)
syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb08004500ac1414aa030490781200183f2500000000000000000100007f0000017f000001"], 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000100)='vfat\x00', 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
fsopen(&(0x7f0000000100)='adfs\x00', 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

1.762200682s ago: executing program 0 (id=2985):
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
creat(0x0, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
memfd_create(&(0x7f0000000080)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\x8aSpA\xd4\x98\x85D\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97\xe7\xe6\x97\xf9\xb3\xf6\xb9\v\xb5$\xee\x84\x1cn,B\xd5?\xe5E:+Pm\x1d\xb4\xb8', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r1, 0x0, 0x9}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)='blkio.bfq.io_service_time\x00', 0x0, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x25817000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_STAT(0x0, 0x3, 0x12, 0x0) (fail_nth: 1)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

1.761701843s ago: executing program 2 (id=2986):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00'})
io_setup(0x6, &(0x7f0000000240)=<r2=>0x0)
io_cancel(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x100000002, 0x0, 0x2}, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x400, r0, 0x1})
eventfd2(0x1, 0x80800)
timer_delete(0x0)
r3 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x142, 0x1fe)
sendmsg$NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000002a40)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9911d1ca", @ANYRES16=r1, @ANYBLOB="00032abd7000fddbdf25050000000c009900080000005e000000"], 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x4000010)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000002bc0)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
copy_file_range(r5, 0x0, r4, 0x0, 0xffffffffa003e45b, 0x700000000000000)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x885)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140), 0x8200, 0x0)
r9 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, r9, {0x2}}, './file0\x00'})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r11, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x42, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1)
syz_kvm_setup_cpu$x86(r10, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f00000002c0)="0f0d51f40f01d10fc75800f30fc73600102e0f71e100b800008ec0640f017400aa26b9e4080f01c966b81f6269e766ba000000000f30653e0f01c50c0cb8d09bbc8966efbafc0cedba4300ba210066ed3626f00fc70d", 0x56}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r5, r11, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000002b00)=[@text64={0x40, &(0x7f0000002a80)="0f010e2ef20f2b9b061300000fc76ed166b80c008ec848b8f67f0000000000000f23c80f21f8350400b0000f23f88f49b002cb0f0174d1d70f01d1660fd107430f07", 0x42}], 0x1, 0x0, &(0x7f0000002b40)=[@vmwrite={0x8, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0xa299}], 0x1)

0s ago: executing program 4 (id=2987):
prctl$PR_SET_SYSCALL_USER_DISPATCH_OFF(0x3b, 0x0)
socket(0x400000000010, 0x3, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x200000001003, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f0000000200)={0x10000f66, 0x2, 0x3})
ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x2) (async)
ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_STREAMON(r0, 0x40045612, &(0x7f0000000000)=0x2)
r1 = socket$inet6(0xa, 0x2, 0x3a)
syz_init_net_socket$rose(0xb, 0x5, 0x0) (async)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCDELRT(r2, 0x890c, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, 0x5, @default, @bpq0, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})
r3 = syz_usb_connect(0x4, 0x36, &(0x7f0000000240)=ANY=[@ANYRESDEC=r1], 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
connect$inet6(r1, &(0x7f00000007c0)={0xa, 0x0, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4276}, 0x1c)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4890)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000000906010200000000000000000005000001c114f89d6ce30d55ffffffff0c000280080001407f000001"], 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffe9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffe9, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r1, 0x8b12, &(0x7f0000000600)="e27284e3ab2be1a7497bc61b12f5a15f91917d85925399719916fc9995d2354d2c5bf14d1fe9ef01f832f177ff63cab31a118e86a6fc0857caf31c685ff4f123cf86fd210c733d0768cf9da925934aba9fb10a955bfaa14a85581ac69f3403e2ff35093cefa25ae5dcf386143b772a6c44a975b975b96dd84b33e9bf80ae16ee9274d0764f839677349cf2cd64697ccf1aec2bd3e3585069bf40f17d98c21d3304a50b5d8b8e2bd72df840cf5dc32a28faddaaee4f99620f915d852f9ad0d237e5e0bcb1fabe2af30b88bf04e76f55614478f96db99ff4b3d0b3ae546d57ec7b049a7dd837551754c8ac7c413efb692979c3e879b71e93f3e16cadffd9a533be297dde02000000000000b5251ad8910fcf61393c27babf9c8aff943a3190a6b2c7531bc7174a3784f8ca4d0aa2cba18e36230b9fc6c1412beeb5804535fddbc2e3dc5007e77a6b682a1da88dbf59b0b1c0250a5f5db6d646ab4656cb88b6bfa8b5bbdcfe25aa55fff4fb690022e72095137cdb8fc101fe345716be4cadf4746428ac525734fbc510b749353377082fd47cb76501110ad75d22") (async)
ioctl(r1, 0x8b12, &(0x7f0000000600)="e27284e3ab2be1a7497bc61b12f5a15f91917d85925399719916fc9995d2354d2c5bf14d1fe9ef01f832f177ff63cab31a118e86a6fc0857caf31c685ff4f123cf86fd210c733d0768cf9da925934aba9fb10a955bfaa14a85581ac69f3403e2ff35093cefa25ae5dcf386143b772a6c44a975b975b96dd84b33e9bf80ae16ee9274d0764f839677349cf2cd64697ccf1aec2bd3e3585069bf40f17d98c21d3304a50b5d8b8e2bd72df840cf5dc32a28faddaaee4f99620f915d852f9ad0d237e5e0bcb1fabe2af30b88bf04e76f55614478f96db99ff4b3d0b3ae546d57ec7b049a7dd837551754c8ac7c413efb692979c3e879b71e93f3e16cadffd9a533be297dde02000000000000b5251ad8910fcf61393c27babf9c8aff943a3190a6b2c7531bc7174a3784f8ca4d0aa2cba18e36230b9fc6c1412beeb5804535fddbc2e3dc5007e77a6b682a1da88dbf59b0b1c0250a5f5db6d646ab4656cb88b6bfa8b5bbdcfe25aa55fff4fb690022e72095137cdb8fc101fe345716be4cadf4746428ac525734fbc510b749353377082fd47cb76501110ad75d22")
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl(r6, 0x8b1a, &(0x7f0000000040)) (async)
ioctl(r6, 0x8b1a, &(0x7f0000000040))
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58) (async)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast6)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (async)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000300)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = accept4(r7, 0x0, 0x0, 0x80800)
sendmmsg$alg(r8, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x20000004}], 0x1, 0x40800)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0) (async)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x42, 0x0)
setresuid(0x0, 0xee00, 0xee00)
ioctl$FS_IOC_SETFLAGS(r9, 0x40086602, &(0x7f0000000080)=0x1)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) (async)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

[ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  685.267788][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  685.329567][ T5868] usb 1-1: new low-speed USB device number 50 using dummy_hcd
[  685.528705][T13857] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  685.538827][T13854] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  685.563222][ T5868] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  685.581426][ T5868] usb 1-1: config 0 has no interface number 0
[  685.594594][ T5868] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  685.623505][ T5868] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  685.654170][ T5868] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  685.678849][T13863] nfs4: Unknown parameter '
reezer.state'
[  685.726903][ T5868] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.740510][ T5868] usb 1-1: config 0 descriptor??
[  685.747288][T13844] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  685.788753][ T5868] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  686.097711][T13844] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2186'.
[  686.116260][T12000] usb 1-1: USB disconnect, device number 50
[  686.322185][T13870] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2195'.
[  687.413293][T13884] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[  687.419842][T13884] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  687.427493][T13884] vhci_hcd vhci_hcd.0: Device attached
[  687.509747][   T30] audit: type=1400 audit(1749819882.367:1004): avc:  denied  { mount } for  pid=13876 comm="syz.1.2199" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  687.761625][   T30] audit: type=1400 audit(1749819882.367:1005): avc:  denied  { mounton } for  pid=13876 comm="syz.1.2199" path="/405/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  687.775939][T13885] vhci_hcd: connection closed
[  687.799515][   T49] vhci_hcd: stop threads
[  687.808453][   T49] vhci_hcd: release socket
[  687.854082][   T49] vhci_hcd: disconnect device
[  687.867284][   T30] audit: type=1400 audit(1749819882.467:1006): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  688.583118][T13903] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  688.899389][    T9] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  689.348379][    T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  689.369393][    T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  689.418255][    T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  689.433115][    T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  689.734058][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  689.757349][    T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  689.940558][    T9] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -12
[  690.029943][ T5868] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  690.165169][ T5935] usb 4-1: USB disconnect, device number 44
[  690.190858][ T5868] usb 3-1: Using ep0 maxpacket: 32
[  690.207446][ T5868] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  690.219062][ T5868] usb 3-1: config 0 has no interface number 0
[  690.257082][ T5868] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  690.282772][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.309377][ T5868] usb 3-1: Product: syz
[  690.314724][ T5868] usb 3-1: Manufacturer: syz
[  690.330170][ T5868] usb 3-1: SerialNumber: syz
[  690.345725][ T5868] usb 3-1: config 0 descriptor??
[  690.390693][ T5868] radio-si470x 3-1:0.35: could not find interrupt in endpoint
[  690.398239][ T5868] radio-si470x 3-1:0.35: probe with driver radio-si470x failed with error -5
[  690.686133][   T30] audit: type=1400 audit(1749819886.587:1007): avc:  denied  { execute } for  pid=13923 comm="syz.1.2214" path="/dev/video7" dev="devtmpfs" ino=950 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  690.985300][T13933] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2211'.
[  690.999603][ T5868] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  691.007015][ T5868] usbhid 3-1:0.35: couldn't find an input interrupt endpoint
[  691.181447][    T9] usb 3-1: USB disconnect, device number 49
[  691.209349][ T5883] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  691.619188][T13947] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  692.115512][ T5883] usb 2-1: Using ep0 maxpacket: 32
[  692.126583][ T5883] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  692.138766][ T5883] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  692.148051][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.156323][ T5883] usb 2-1: Product: syz
[  692.160694][ T5883] usb 2-1: Manufacturer: syz
[  692.165440][ T5883] usb 2-1: SerialNumber: syz
[  692.175693][ T5883] usb 2-1: config 0 descriptor??
[  692.184462][T13932] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  692.324324][ T5883] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input33
[  692.445695][T13958] Malformed UNC in devname
[  692.445695][T13958] 
[  692.452813][T13958] CIFS: VFS: Malformed UNC in devname
[  694.576938][T13970] batadv1: entered promiscuous mode
[  694.583138][T13970] 8021q: adding VLAN 0 to HW filter on device batadv1
[  694.669484][T13970] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.678140][T13970] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  695.596920][T13983] nfs4: Unknown parameter '
reezer.state'
[  696.988268][ T5825] usb 2-1: USB disconnect, device number 42
[  696.994388][    C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  697.006860][   T30] audit: type=1400 audit(1749819892.887:1008): avc:  denied  { mount } for  pid=13974 comm="syz.3.2227" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  697.113783][   T30] audit: type=1326 audit(1749819893.017:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13986 comm="syz.2.2230" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc0ecb8e929 code=0x0
[  697.334501][ T9124] syz_tun (unregistering): left allmulticast mode
[  697.385497][T13990] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2230'.
[  697.435166][   T30] audit: type=1400 audit(1749819893.307:1010): avc:  denied  { setopt } for  pid=13988 comm="syz.1.2229" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  697.699489][T13990] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2230'.
[  697.764505][T13990] netlink: 'syz.2.2230': attribute type 11 has an invalid length.
[  697.777232][T13989] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2229'.
[  697.797562][T13990] netlink: 'syz.2.2230': attribute type 13 has an invalid length.
[  697.849557][   T30] audit: type=1400 audit(1749819893.697:1011): avc:  denied  { ioctl } for  pid=13986 comm="syz.2.2230" path="/" dev="configfs" ino=1136 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  698.257812][T13998] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  698.534867][ T7923] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.549975][T14004] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  698.562814][T14004] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  698.573482][T14004] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  698.588562][T14004] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  698.591969][T14008] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2233'.
[  698.672008][ T7923] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.700752][T14004] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  698.834311][ T7923] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.470841][   T30] audit: type=1400 audit(1749819895.357:1012): avc:  denied  { bind } for  pid=14015 comm="syz.0.2235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  699.935721][ T7923] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.789445][ T5830] Bluetooth: hci0: command tx timeout
[  701.009486][   T30] audit: type=1400 audit(1749819896.907:1013): avc:  denied  { bind } for  pid=14031 comm="syz.0.2240" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  701.095890][   T30] audit: type=1400 audit(1749819896.997:1014): avc:  denied  { map } for  pid=14035 comm="syz.1.2241" path="/dev/dlm_plock" dev="devtmpfs" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  701.133816][   T30] audit: type=1400 audit(1749819896.997:1015): avc:  denied  { execute } for  pid=14035 comm="syz.1.2241" path="/dev/dlm_plock" dev="devtmpfs" ino=96 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  701.228516][T14001] chnl_net:caif_netlink_parms(): no params data found
[  701.297489][T14045] input: syz1 as /devices/virtual/input/input34
[  702.403565][T14060] FAULT_INJECTION: forcing a failure.
[  702.403565][T14060] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  702.446800][T14060] CPU: 1 UID: 0 PID: 14060 Comm: syz.0.2245 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  702.446827][T14060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  702.446837][T14060] Call Trace:
[  702.446843][T14060]  <TASK>
[  702.446849][T14060]  dump_stack_lvl+0x16c/0x1f0
[  702.446879][T14060]  should_fail_ex+0x512/0x640
[  702.446905][T14060]  _copy_from_user+0x2e/0xd0
[  702.446929][T14060]  get_timespec64+0x8b/0x240
[  702.446954][T14060]  ? __pfx_get_timespec64+0x10/0x10
[  702.446983][T14060]  do_pselect.constprop.0+0xc1/0x1e0
[  702.447009][T14060]  ? __pfx_do_pselect.constprop.0+0x10/0x10
[  702.447041][T14060]  __x64_sys_pselect6+0x182/0x240
[  702.447068][T14060]  ? __pfx___x64_sys_pselect6+0x10/0x10
[  702.447098][T14060]  do_syscall_64+0xcd/0x4c0
[  702.447123][T14060]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  702.447140][T14060] RIP: 0033:0x7f6b3598e929
[  702.447153][T14060] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  702.447169][T14060] RSP: 002b:00007f6b337f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e
[  702.447187][T14060] RAX: ffffffffffffffda RBX: 00007f6b35bb5fa0 RCX: 00007f6b3598e929
[  702.447198][T14060] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040
[  702.447208][T14060] RBP: 00007f6b337f6090 R08: 0000200000000300 R09: 0000000000000000
[  702.447219][T14060] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  702.447229][T14060] R13: 0000000000000000 R14: 00007f6b35bb5fa0 R15: 00007fff6efd2838
[  702.447252][T14060]  </TASK>
[  702.452464][T14057] block nbd0: shutting down sockets
[  702.637203][T14001] bridge0: port 1(bridge_slave_0) entered blocking state
[  702.647248][T14001] bridge0: port 1(bridge_slave_0) entered disabled state
[  702.659774][T14001] bridge_slave_0: entered allmulticast mode
[  702.703533][T14001] bridge_slave_0: entered promiscuous mode
[  702.721328][ T7923] bridge_slave_1: left allmulticast mode
[  702.728122][ T7923] bridge_slave_1: left promiscuous mode
[  702.741677][ T7923] bridge0: port 2(bridge_slave_1) entered disabled state
[  702.777376][ T7923] bridge_slave_0: left allmulticast mode
[  702.784560][ T7923] bridge_slave_0: left promiscuous mode
[  702.797216][ T7923] bridge0: port 1(bridge_slave_0) entered disabled state
[  702.859970][ T5830] Bluetooth: hci0: command tx timeout
[  703.387302][T14074] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  703.641335][T14079] netlink: 'syz.1.2251': attribute type 1 has an invalid length.
[  703.699107][T14081] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'.
[  704.197739][ T7923] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  704.208114][ T7923] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  704.218022][ T7923] bond0 (unregistering): Released all slaves
[  704.234072][ T7923] bond1 (unregistering): Released all slaves
[  704.244767][T14001] bridge0: port 2(bridge_slave_1) entered blocking state
[  704.256708][T14001] bridge0: port 2(bridge_slave_1) entered disabled state
[  704.264165][T14001] bridge_slave_1: entered allmulticast mode
[  704.287071][T14001] bridge_slave_1: entered promiscuous mode
[  704.336599][T14079] bond2: entered promiscuous mode
[  704.352169][T14079] 8021q: adding VLAN 0 to HW filter on device bond2
[  704.412083][T14083] 8021q: adding VLAN 0 to HW filter on device bond2
[  704.437649][T14083] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  704.448083][T14083] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  704.579495][ T5868] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  704.939381][ T5830] Bluetooth: hci0: command tx timeout
[  705.351725][T14083] bond2: (slave ip6gre1): making interface the new active one
[  705.359219][T14083] ip6gre1: entered promiscuous mode
[  705.437511][T14083] bond2: (slave ip6gre1): Enslaving as an active interface with an up link
[  705.601629][ T5868] usb 4-1: config 0 has an invalid interface number: 138 but max is 0
[  705.714288][T14001] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.033430][ T5868] usb 4-1: config 0 has no interface number 0
[  706.258594][ T5868] usb 4-1: config 0 interface 138 altsetting 0 endpoint 0x3 has invalid maxpacket 1023, setting to 64
[  706.263526][T14001] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  706.271903][ T5868] usb 4-1: New USB device found, idVendor=07c4, idProduct=a004, bcdDevice=b4.df
[  706.287797][ T5868] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  706.295977][ T5868] usb 4-1: Product: syz
[  706.306068][ T5868] usb 4-1: Manufacturer: syz
[  706.315289][ T5868] usb 4-1: SerialNumber: syz
[  706.329595][ T5868] usb 4-1: config 0 descriptor??
[  706.340532][T14085] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  706.361909][ T5868] ums-datafab 4-1:0.138: USB Mass Storage device detected
[  706.401148][T14106] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2257'.
[  706.416498][ T5868] scsi host1: usb-storage 4-1:0.138
[  706.603893][T14001] team0: Port device team_slave_0 added
[  706.629402][ T5868] usb 4-1: USB disconnect, device number 45
[  706.636042][T14001] team0: Port device team_slave_1 added
[  706.826551][T14001] batman_adv: batadv0: Adding interface: batadv_slave_0
[  706.838428][T14001] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  706.866526][T14001] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  706.892113][T14001] batman_adv: batadv0: Adding interface: batadv_slave_1
[  706.899072][T14001] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  706.930398][T14001] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  707.029443][ T5830] Bluetooth: hci0: command tx timeout
[  707.291727][ T7923] hsr_slave_0: left promiscuous mode
[  707.361730][ T7923] hsr_slave_1: left promiscuous mode
[  707.423203][ T7923] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  707.533072][ T7923] batman_adv: batadv0: Removing interface: batadv_slave_0
[  707.654561][ T7923] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  707.690628][ T7923] batman_adv: batadv0: Removing interface: batadv_slave_1
[  708.400863][T14141] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  708.743265][ T7923] veth1_macvtap: left promiscuous mode
[  708.791529][ T7923] veth0_macvtap: left promiscuous mode
[  708.837778][ T7923] veth1_vlan: left promiscuous mode
[  710.275671][T14150] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  710.497885][ T7923] team0 (unregistering): Port device team_slave_1 removed
[  710.531905][ T7923] team0 (unregistering): Port device team_slave_0 removed
[  711.145541][T14001] hsr_slave_0: entered promiscuous mode
[  711.240256][T14001] hsr_slave_1: entered promiscuous mode
[  711.246556][T14001] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  711.256690][T14001] Cannot create hsr debugfs directory
[  712.090412][T14191] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2275'.
[  713.146157][ T7923] IPVS: stop unused estimator thread 0...
[  713.877801][T14236] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  715.107973][T14001] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  715.140652][T14001] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  715.192084][T14001] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  715.288566][T14001] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  716.261483][T14258] nfs4: Unknown parameter '
reezer.state'
[  717.336026][T14001] 8021q: adding VLAN 0 to HW filter on device bond0
[  717.837923][T14001] 8021q: adding VLAN 0 to HW filter on device team0
[  717.935612][T14269] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.2288'.
[  718.002619][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  718.009773][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  718.153077][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  718.160225][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  718.334857][   T30] audit: type=1400 audit(1749819914.227:1016): avc:  denied  { map } for  pid=14281 comm="syz.0.2296" path="/dev/cuse" dev="devtmpfs" ino=100 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  719.488440][T14287] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  719.764431][T14314] nfs4: Unknown parameter '
reezer.state'
[  720.566846][ T5825] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  720.579158][T14001] 8021q: adding VLAN 0 to HW filter on device batadv0
[  720.710566][T14335] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2305'.
[  720.789557][ T5825] usb 3-1: Using ep0 maxpacket: 8
[  720.799078][ T5825] usb 3-1: no configurations
[  720.803883][ T5825] usb 3-1: can't read configurations, error -22
[  721.254886][ T5825] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  721.419695][ T5825] usb 3-1: Using ep0 maxpacket: 8
[  721.427928][ T5825] usb 3-1: no configurations
[  721.435192][ T5825] usb 3-1: can't read configurations, error -22
[  721.450024][ T5825] usb usb3-port1: attempt power cycle
[  721.626932][T14001] veth0_vlan: entered promiscuous mode
[  721.727554][T14001] veth1_vlan: entered promiscuous mode
[  721.831181][T14001] veth0_macvtap: entered promiscuous mode
[  721.861909][ T5825] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  721.892782][T14001] veth1_macvtap: entered promiscuous mode
[  721.914182][ T5825] usb 3-1: Using ep0 maxpacket: 8
[  721.920449][ T5825] usb 3-1: no configurations
[  721.925438][ T5825] usb 3-1: can't read configurations, error -22
[  721.931742][ T5868] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  722.024260][T14001] batman_adv: batadv0: Interface activated: batadv_slave_0
[  722.077359][T14001] batman_adv: batadv0: Interface activated: batadv_slave_1
[  722.095878][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  722.106927][ T5825] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  722.133531][T14001] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  722.145085][ T5868] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  722.169474][T14001] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  722.180108][ T5825] usb 3-1: Using ep0 maxpacket: 8
[  722.188746][ T5868] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  722.209639][ T5825] usb 3-1: no configurations
[  722.214473][ T5825] usb 3-1: can't read configurations, error -22
[  722.226463][ T5868] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  722.236005][ T5825] usb usb3-port1: unable to enumerate USB device
[  722.268836][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.316658][T14001] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  722.329922][T14001] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  722.898188][ T5868] usb 2-1: config 0 descriptor??
[  722.901747][T14373] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2311'.
[  723.312103][T14360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  723.328564][T14379] nfs4: Unknown parameter '
reezer.state'
[  723.414816][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.423180][T14360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  723.435385][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  723.496532][ T5868] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[  723.580656][T14135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  723.592089][ T5868] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  723.636914][T14376] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  723.646114][T14135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  723.699082][   T30] audit: type=1400 audit(1749819919.597:1017): avc:  denied  { mounton } for  pid=14001 comm="syz-executor" path="/root/syzkaller.w9gMPM/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  723.725705][T14360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  723.771779][T14360] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  723.795937][   T30] audit: type=1400 audit(1749819919.617:1018): avc:  denied  { mounton } for  pid=14001 comm="syz-executor" path="/root/syzkaller.w9gMPM/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  723.841436][ T5868] usb 2-1: USB disconnect, device number 43
[  723.882878][   T30] audit: type=1400 audit(1749819919.617:1019): avc:  denied  { mounton } for  pid=14001 comm="syz-executor" path="/root/syzkaller.w9gMPM/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=42791 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  724.113266][   T30] audit: type=1400 audit(1749819919.647:1020): avc:  denied  { mounton } for  pid=14001 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2776 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  724.189219][T14400] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  724.216011][ T5130] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  724.429396][ T5130] usb 3-1: Using ep0 maxpacket: 16
[  724.452957][   T30] audit: type=1400 audit(1749819919.657:1021): avc:  denied  { mounton } for  pid=14001 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  724.477677][T12000] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  724.571845][ T5130] usb 3-1: config 15 has an invalid interface number: 123 but max is 0
[  724.617963][ T5130] usb 3-1: config 15 has no interface number 0
[  724.655066][ T5130] usb 3-1: config 15 interface 123 has no altsetting 0
[  724.695764][ T5130] usb 3-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=b9.c4
[  724.714245][ T5130] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.729395][T12000] usb 5-1: device descriptor read/64, error -71
[  724.756953][ T5130] usb 3-1: Product: syz
[  724.765395][ T5130] usb 3-1: Manufacturer: syz
[  724.799056][ T5130] usb 3-1: SerialNumber: syz
[  724.806219][T14410] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2317'.
[  724.999514][T12000] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  725.157963][T14390] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.2315'.
[  725.226206][T12000] usb 5-1: device descriptor read/64, error -71
[  725.298485][ T5130] belkin_sa 3-1:15.123: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  725.343929][ T5130] usb 3-1: bcdDevice: b9c4, bfc: 0
[  725.356591][ T5130] usb 3-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  725.380134][T12000] usb usb5-port1: attempt power cycle
[  725.394850][ T5130] usb 3-1: USB disconnect, device number 54
[  725.417424][ T5130] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  725.437981][ T5130] belkin_sa 3-1:15.123: device disconnected
[  725.749971][T12000] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  725.850610][T12000] usb 5-1: device descriptor read/8, error -71
[  726.122144][T14427] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2323'.
[  726.136401][ T5868] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  726.520109][T12000] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  726.621284][ T5868] usb 2-1: Using ep0 maxpacket: 8
[  727.537075][ T5868] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  727.573183][ T5868] usb 2-1: config 0 has no interfaces?
[  727.586665][ T5868] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  727.609331][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.679202][ T5868] usb 2-1: config 0 descriptor??
[  727.789331][T12000] usb 5-1: device not accepting address 7, error -71
[  727.796235][T12000] usb usb5-port1: unable to enumerate USB device
[  728.119798][ T5935] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  728.509476][T14440] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  728.520646][ T5935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  728.539301][ T5935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  728.549144][ T5935] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  728.617240][ T5935] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  728.648327][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  728.690225][ T5935] usb 1-1: config 0 descriptor??
[  729.096958][ T5868] usb 2-1: USB disconnect, device number 44
[  729.136429][T14437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.149118][T14437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.175132][ T5935] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving
[  729.192046][ T5935] plantronics 0003:047F:FFFF.0017: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  729.392547][T14437] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  729.481145][T14437] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  729.646301][ T5935] usb 1-1: USB disconnect, device number 51
[  729.965025][T14483] netlink: 64535 bytes leftover after parsing attributes in process `syz.3.2339'.
[  730.449347][ T5868] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  731.451247][ T5868] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  731.778591][ T5868] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  731.845292][ T5868] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  731.871540][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  731.901174][T14476] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  731.922485][ T5868] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  732.519366][ T5868] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  732.554037][T14499] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  732.571799][ T5935] usb 3-1: USB disconnect, device number 55
[  732.771890][ T5868] usb 5-1: Using ep0 maxpacket: 8
[  732.788010][ T5868] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  732.803242][ T5868] usb 5-1: config 0 has no interfaces?
[  732.815957][ T5868] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  732.825307][ T5868] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  732.954958][T14517] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2353'.
[  733.292633][ T5868] usb 5-1: config 0 descriptor??
[  733.340163][ T5130] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  733.518240][ T5130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  733.578288][ T5130] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  733.660678][ T5130] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  733.738203][ T5130] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  733.795343][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.910571][ T5130] usb 2-1: config 0 descriptor??
[  735.250126][T14515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.381925][T14515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  735.454450][ T5935] usb 5-1: USB disconnect, device number 8
[  735.483328][ T5130] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving
[  735.559725][ T5130] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  735.689574][T14515] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  735.970073][T14515] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  736.402918][ T5883] usb 2-1: USB disconnect, device number 45
[  737.127707][T14559] nfs4: Unknown parameter '
reezer.state'
[  737.169500][ T5883] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  737.255420][T14556] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  737.666839][ T5883] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  737.679028][ T5883] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  737.706462][ T5883] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  737.715936][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  737.728937][T14548] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  737.738854][ T5883] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  737.848541][   T30] audit: type=1400 audit(1749819933.748:1022): avc:  denied  { ioctl } for  pid=14570 comm="syz.0.2370" path="socket:[44067]" dev="sockfs" ino=44067 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  737.963949][ T5883] usb 5-1: USB disconnect, device number 9
[  738.026828][T14571] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2370'.
[  738.037560][T14571] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2370'.
[  738.047104][T14571] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2370'.
[  738.341308][T14586] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  738.475537][T14591] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2375'.
[  739.968380][T14604] nfs4: Unknown parameter '
reezer.state'
[  742.993779][T14640] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  743.364350][T14641] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2392'.
[  743.390061][T14650] nfs4: Unknown parameter '
reezer.state'
[  745.041538][T14671] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2398'.
[  746.718251][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  746.727931][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  747.626204][T14696] nfs4: Unknown parameter '
reezer.state'
[  748.058392][ T5935] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  749.079317][ T5935] usb 1-1: Using ep0 maxpacket: 8
[  749.117999][ T5935] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  749.178021][ T5935] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  749.210526][ T5935] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  749.250189][T14711] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2413'.
[  749.289783][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.340337][ T5935] usb 1-1: config 0 descriptor??
[  749.698379][T14722] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.2414'.
[  750.892700][ T5825] usb 1-1: USB disconnect, device number 52
[  751.695605][T14735] nfs4: Unknown parameter '
reezer.state'
[  754.789351][T14763] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  755.106131][T14774] netlink: 64535 bytes leftover after parsing attributes in process `syz.3.2429'.
[  755.126360][ T5897] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  755.686482][ T5897] usb 5-1: Using ep0 maxpacket: 8
[  755.708872][ T5897] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  755.798085][ T5897] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  755.807473][ T5897] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  755.817129][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.832681][ T5897] usb 5-1: config 0 descriptor??
[  756.699373][ T5830] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  756.708134][ T5830] Bluetooth: hci0: Injecting HCI hardware error event
[  756.716856][T14004] Bluetooth: hci0: hardware error 0x00
[  756.950937][T14782] nfs4: Unknown parameter '
reezer.state'
[  758.076178][ T5825] usb 5-1: USB disconnect, device number 10
[  758.345528][T14812] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2441'.
[  758.628738][T14811] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  758.860237][T14004] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  760.980780][T14844] nfs4: Unknown parameter '
reezer.state'
[  762.139771][ T5897] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  762.269397][ T5130] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  762.299490][ T5897] usb 2-1: Using ep0 maxpacket: 8
[  762.328983][ T5897] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  762.353999][ T5897] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  762.386184][ T5897] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  762.388830][T14854] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2454'.
[  762.413983][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.435079][ T5130] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  762.471810][ T5897] usb 2-1: config 0 descriptor??
[  762.505703][ T5130] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  762.603799][ T5130] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  762.671028][ T5130] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.780206][T14847] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  762.807147][ T5130] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  763.375689][ T5130] usb 1-1: USB disconnect, device number 53
[  764.782228][T14887] nfs4: Unknown parameter '
reezer.state'
[  765.630682][ T5130] usb 2-1: USB disconnect, device number 46
[  765.655516][T14900] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2467'.
[  766.231553][T14905] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  766.445091][T14906] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2469'.
[  768.296652][T14933] nfs4: Unknown parameter '
reezer.state'
[  770.759326][ T5825] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  770.839340][ T5897] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  771.002835][ T5825] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  771.137283][ T5825] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  771.291602][ T5825] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  771.424776][ T5825] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  771.454743][ T5897] usb 2-1: Using ep0 maxpacket: 8
[  771.611000][ T5897] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  771.620093][ T5897] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  771.629127][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  771.641790][ T5897] usb 2-1: config 0 descriptor??
[  771.754890][ T5825] usb 5-1: can't set config #27, error -71
[  772.068000][ T5825] usb 5-1: USB disconnect, device number 11
[  772.755315][T14951] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  773.190005][T14972] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2489'.
[  774.131326][ T5825] usb 2-1: USB disconnect, device number 47
[  775.560580][T12000] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  775.769186][T12000] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  775.843389][T12000] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  775.997586][T12000] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  776.135477][T12000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  776.142351][T15002] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  777.166801][T15005] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  777.190150][T14988] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  777.207139][T12000] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  777.984898][T12000] usb 3-1: USB disconnect, device number 56
[  778.028082][T15025] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2505'.
[  778.079816][ T5883] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  778.309326][ T5883] usb 5-1: Using ep0 maxpacket: 8
[  778.333677][ T5883] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  778.347906][ T5883] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  778.363193][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  778.796263][ T5883] usb 5-1: config 0 descriptor??
[  779.388036][T15046] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.2511'.
[  780.786282][ T5825] usb 5-1: USB disconnect, device number 12
[  780.803041][ T5897] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  781.209341][ T5897] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  781.818491][ T5897] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  781.825993][T15076] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2519'.
[  781.858988][ T5897] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  781.871317][T15071] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  781.880524][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  781.894807][T15066] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  781.916432][ T5897] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  782.201335][ T5897] usb 4-1: USB disconnect, device number 46
[  782.800095][T15086] nfs4: Unknown parameter '
reezer.state'
[  783.792678][T15099] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.2527'.
[  785.973058][T15125] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2533'.
[  786.802338][T15130] nfs4: Unknown parameter '
reezer.state'
[  787.317620][T15131] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  788.113110][T15149] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  788.544877][T15152] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2540'.
[  789.112484][T15155] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2542'.
[  791.086931][T15179] nfs4: Unknown parameter '
reezer.state'
[  792.535859][T15187] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  792.869408][ T5130] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  793.159522][ T5130] usb 4-1: Using ep0 maxpacket: 8
[  793.168986][ T5130] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  793.182489][ T5130] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  793.742060][ T5130] usb 4-1: config 0 descriptor??
[  794.175757][ T5130] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  794.217345][ T5130] asix 4-1:0.0: probe with driver asix failed with error -32
[  794.640594][T15222] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  794.683719][T15225] nfs4: Unknown parameter '
reezer.state'
[  795.668369][ T5825] usb 4-1: USB disconnect, device number 47
[  795.679550][T15229] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2564'.
[  796.223783][T15238] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  796.943006][T15242] netlink: 64535 bytes leftover after parsing attributes in process `syz.0.2568'.
[  799.182942][T15270] nfs4: Unknown parameter '
reezer.state'
[  800.129313][ T5868] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  800.570698][ T5868] usb 2-1: Using ep0 maxpacket: 8
[  800.999521][ T5868] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  801.008669][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  801.095528][ T5868] usb 2-1: config 0 descriptor??
[  801.186478][T15282] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2580'.
[  801.476583][ T5868] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  802.113462][ T5868] asix 2-1:0.0: probe with driver asix failed with error -32
[  802.249300][T12000] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  802.495688][T15297] netlink: 64535 bytes leftover after parsing attributes in process `syz.3.2582'.
[  802.858108][T12000] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  802.905155][T12000] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  802.997629][T15302] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  803.202560][T15296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2583'.
[  803.225522][T12000] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  803.245030][T12000] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  803.257584][ T5130] usb 2-1: USB disconnect, device number 48
[  803.357452][T15298] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  803.366134][T15280] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  803.491813][T12000] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  804.141776][ T5883] usb 3-1: USB disconnect, device number 57
[  804.516989][T15321] nfs4: Unknown parameter '
reezer.state'
[  805.189336][T12000] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  805.487429][T12000] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  806.182321][T12000] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  806.192249][T12000] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  806.201330][T12000] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  806.212325][T15322] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  806.222863][T12000] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  806.884928][ T5825] usb 1-1: USB disconnect, device number 54
[  806.946087][T15339] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2594'.
[  807.000088][T15343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2596'.
[  807.829449][ T5883] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  808.588773][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  808.598202][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  808.613912][ T5883] usb 2-1: Using ep0 maxpacket: 8
[  808.624581][ T5883] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  808.636442][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.653188][ T5883] usb 2-1: config 0 descriptor??
[  808.673161][T15360] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  808.830510][T15362] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2601'.
[  808.879350][ T5883] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  808.951755][T15368] nfs4: Unknown parameter '
reezer.state'
[  810.743585][ T5883] asix 2-1:0.0: probe with driver asix failed with error -32
[  811.043378][ T5883] usb 2-1: USB disconnect, device number 49
[  812.270691][T15388] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2607'.
[  814.771594][T15415] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  814.804187][T15422] nfs4: Unknown parameter '
reezer.state'
[  815.751228][ T5868] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  817.179373][ T5868] usb 2-1: Using ep0 maxpacket: 8
[  817.247999][ T5868] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  817.296003][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  817.303044][T12000] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  817.355575][T15435] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  817.371078][ T5868] usb 2-1: config 0 descriptor??
[  818.055080][T12000] usb 5-1: Using ep0 maxpacket: 16
[  818.250603][T12000] usb 5-1: config 15 has an invalid interface number: 123 but max is 0
[  818.258882][T12000] usb 5-1: config 15 has no interface number 0
[  818.265312][T12000] usb 5-1: config 15 interface 123 has no altsetting 0
[  818.281722][T12000] usb 5-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=b9.c4
[  818.290918][T12000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  818.291757][T15436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2620'.
[  818.298948][T12000] usb 5-1: Product: syz
[  818.298964][T12000] usb 5-1: Manufacturer: syz
[  818.319306][T12000] usb 5-1: SerialNumber: syz
[  818.373313][ T5868] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  818.411283][T12000] belkin_sa 5-1:15.123: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  818.449504][ T5868] asix 2-1:0.0: probe with driver asix failed with error -71
[  818.455574][T12000] usb 5-1: bcdDevice: b9c4, bfc: 0
[  818.577769][T12000] usb 5-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  818.590366][T12000] usb 5-1: USB disconnect, device number 13
[  818.598606][T12000] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  818.620404][T12000] belkin_sa 5-1:15.123: device disconnected
[  818.649537][ T5868] usb 2-1: USB disconnect, device number 50
[  818.882491][T15453] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  822.489635][ T5883] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  822.509781][T15491] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  822.669299][ T5868] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  822.677113][ T5883] usb 4-1: Using ep0 maxpacket: 8
[  822.700512][ T5883] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  822.841354][ T5868] usb 3-1: Using ep0 maxpacket: 16
[  822.946530][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.188833][ T5868] usb 3-1: config 15 has an invalid interface number: 123 but max is 0
[  823.320002][ T5883] usb 4-1: config 0 descriptor??
[  823.361868][ T5868] usb 3-1: config 15 has no interface number 0
[  823.629266][ T5868] usb 3-1: config 15 interface 123 has no altsetting 0
[  823.692014][ T5868] usb 3-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=b9.c4
[  823.703891][ T5868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  823.715627][ T5868] usb 3-1: Product: syz
[  823.720586][ T5868] usb 3-1: Manufacturer: syz
[  823.725207][ T5868] usb 3-1: SerialNumber: syz
[  824.046253][T15483] netlink: 9280 bytes leftover after parsing attributes in process `syz.2.2634'.
[  824.055635][ T5883] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  824.065685][ T5883] asix 4-1:0.0: probe with driver asix failed with error -32
[  824.079328][ T5868] belkin_sa 3-1:15.123: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  824.095269][ T5868] usb 3-1: bcdDevice: b9c4, bfc: 0
[  824.103923][ T5868] usb 3-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  824.125990][ T5868] usb 3-1: USB disconnect, device number 58
[  824.136081][ T5868] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  824.150537][ T5868] belkin_sa 3-1:15.123: device disconnected
[  825.084458][T15519] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  825.105744][T12000] usb 4-1: USB disconnect, device number 48
[  825.390443][T15526] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  825.790650][T15527] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2640'.
[  828.571145][T15554] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  829.265060][T12000] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  829.729282][T12000] usb 2-1: Using ep0 maxpacket: 8
[  829.857950][T12000] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  829.868750][T15569] netlink: 1284 bytes leftover after parsing attributes in process `syz.4.2655'.
[  829.874600][   T30] audit: type=1326 audit(1749820025.748:1023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  829.952966][T15575] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  830.334292][T12000] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  830.345084][T12000] usb 2-1: config 0 descriptor??
[  830.350324][   T30] audit: type=1326 audit(1749820025.748:1024): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  830.489745][   T30] audit: type=1326 audit(1749820025.748:1025): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  830.602559][   T30] audit: type=1326 audit(1749820025.748:1026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  830.838900][T12000] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  830.856288][   T30] audit: type=1326 audit(1749820025.748:1027): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  830.929421][T12000] asix 2-1:0.0: probe with driver asix failed with error -32
[  830.937134][   T30] audit: type=1326 audit(1749820025.748:1028): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  831.004306][   T30] audit: type=1326 audit(1749820025.748:1029): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  831.921047][   T30] audit: type=1326 audit(1749820025.748:1030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  831.948195][   T30] audit: type=1326 audit(1749820025.748:1031): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  831.975191][   T30] audit: type=1326 audit(1749820025.748:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15568 comm="syz.4.2655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f922278e929 code=0x7ffc0000
[  832.554479][T12000] usb 2-1: USB disconnect, device number 51
[  835.001320][T15619] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  835.925721][T15631] netlink: 64535 bytes leftover after parsing attributes in process `syz.2.2662'.
[  835.947844][T15629] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  835.959408][ T5868] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  835.969281][ T5883] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  836.834430][ T5868] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  836.847697][T15640] Invalid ELF header type: 3 != 1
[  836.856962][ T5883] usb 5-1: Using ep0 maxpacket: 8
[  836.870810][T15640] kernel read not supported for file / 
�7���âW)�s���!Q���fs�l{T�r�)r��O���2:"��T+͟v|�ղDvc���֠�6�x�c: (pid: 15640 comm: syz.0.2673)
[  836.935350][ T5868] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  836.945622][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  836.945642][   T30] audit: type=1800 audit(1749820032.788:1041): pid=15640 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.2673" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=48355 res=0 errno=0
[  837.016175][ T5883] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  837.084632][ T5868] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  837.111154][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.184166][ T5868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  837.300071][ T5883] usb 5-1: config 0 descriptor??
[  837.371996][T15622] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  837.510983][   T30] audit: type=1400 audit(1749820032.898:1042): avc:  denied  { getopt } for  pid=15638 comm="syz.0.2673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  837.571973][ T5868] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  837.944891][ T5883] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  838.012940][ T5883] asix 5-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  838.051318][ T5868] usb 2-1: USB disconnect, device number 52
[  838.078747][ T5883] asix 5-1:0.0: probe with driver asix failed with error -32
[  839.277633][T12000] usb 5-1: USB disconnect, device number 14
[  839.690529][T15676] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  840.189267][T12000] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  840.616422][T15679] nfs4: Unknown parameter '
reezer.state'
[  840.732560][T12000] usb 5-1: Using ep0 maxpacket: 32
[  842.015438][T12000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11
[  842.063830][T12000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  842.099285][T12000] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB5, changing to 0x85
[  842.139497][T12000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  842.301907][T12000] usb 5-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68
[  842.367987][T12000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  842.602136][T12000] usb 5-1: Product: syz
[  842.645347][T12000] usb 5-1: Manufacturer: syz
[  842.675324][T12000] usb 5-1: SerialNumber: syz
[  842.740075][T12000] usb 5-1: config 0 descriptor??
[  842.782194][T12000] usb 5-1: can't set config #0, error -71
[  842.818259][T12000] usb 5-1: USB disconnect, device number 15
[  842.979138][T15706] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2693'.
[  843.901486][ T5868] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  843.952295][T15713] FAULT_INJECTION: forcing a failure.
[  843.952295][T15713] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  843.969024][T15713] CPU: 0 UID: 0 PID: 15713 Comm: syz.1.2694 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  843.969048][T15713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  843.969057][T15713] Call Trace:
[  843.969063][T15713]  <TASK>
[  843.969069][T15713]  dump_stack_lvl+0x16c/0x1f0
[  843.969091][T15713]  should_fail_ex+0x512/0x640
[  843.969109][T15713]  _copy_from_user+0x2e/0xd0
[  843.969125][T15713]  ucma_write+0x128/0x330
[  843.969141][T15713]  ? __pfx_ucma_write+0x10/0x10
[  843.969156][T15713]  ? bpf_lsm_file_permission+0x9/0x10
[  843.969181][T15713]  ? security_file_permission+0x71/0x210
[  843.969206][T15713]  ? rw_verify_area+0xcf/0x680
[  843.969225][T15713]  ? __pfx_ucma_write+0x10/0x10
[  843.969245][T15713]  vfs_write+0x29d/0x1150
[  843.969271][T15713]  ? __pfx_vfs_write+0x10/0x10
[  843.969290][T15713]  ? find_held_lock+0x2b/0x80
[  843.969313][T15713]  ? __fget_files+0x204/0x3c0
[  843.969341][T15713]  ? __fget_files+0x20e/0x3c0
[  843.969361][T15713]  ? sysvec_kvm_asyncpf_interrupt+0x10/0xc0
[  843.969396][T15713]  ksys_write+0x1f8/0x250
[  843.969416][T15713]  ? __pfx_ksys_write+0x10/0x10
[  843.969444][T15713]  do_syscall_64+0xcd/0x4c0
[  843.969473][T15713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  843.969490][T15713] RIP: 0033:0x7f739178e929
[  843.969504][T15713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  843.969520][T15713] RSP: 002b:00007f73926ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  843.969537][T15713] RAX: ffffffffffffffda RBX: 00007f73919b6080 RCX: 00007f739178e929
[  843.969548][T15713] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 0000000000000003
[  843.969558][T15713] RBP: 00007f73926ad090 R08: 0000000000000000 R09: 0000000000000000
[  843.969568][T15713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  843.969578][T15713] R13: 0000000000000000 R14: 00007f73919b6080 R15: 00007ffdcb055f28
[  843.969602][T15713]  </TASK>
[  844.419402][ T5868] usb 3-1: Using ep0 maxpacket: 8
[  844.426096][ T5868] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  844.435182][ T5868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.444432][ T5868] usb 3-1: config 0 descriptor??
[  844.467102][T15716] nfs4: Unknown parameter '
reezer.state'
[  844.853640][ T5868] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  845.267216][ T5868] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  845.411668][ T5868] asix 3-1:0.0: probe with driver asix failed with error -32
[  845.781347][T15728] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  846.479911][ T5883] usb 3-1: USB disconnect, device number 59
[  846.597922][T12000] hid-generic 0040:0001:0000.0019: item fetching failed at offset 5/7
[  846.644479][T12000] hid-generic 0040:0001:0000.0019: probe with driver hid-generic failed with error -22
[  846.817663][ T5897] usb 2-1: new low-speed USB device number 53 using dummy_hcd
[  847.501459][ T5897] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  847.516041][ T5897] usb 2-1: config 0 has no interface number 0
[  847.540827][ T5897] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  847.632484][ T5897] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  847.726480][   T30] audit: type=1400 audit(1749820043.603:1043): avc:  denied  { setattr } for  pid=15753 comm="syz.0.2705" name="/" dev="configfs" ino=1136 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  847.761034][ T5897] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  847.866095][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  848.022142][ T5897] usb 2-1: config 0 descriptor??
[  848.583688][T15733] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  848.639114][ T5897] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  848.660118][   T30] audit: type=1400 audit(1749820044.573:1044): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  848.730428][   T30] audit: type=1400 audit(1749820044.643:1045): avc:  denied  { read } for  pid=15765 comm="syz.2.2708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  848.964714][T15773] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  849.576606][ T5931] kworker/1:5 (5931) used greatest stack depth: 16536 bytes left
[  853.655827][ T5868] usb 2-1: USB disconnect, device number 53
[  853.676903][   T30] audit: type=1400 audit(1749820049.573:1046): avc:  denied  { write } for  pid=15782 comm="syz.3.2712" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  853.741117][T15785] random: crng reseeded on system resumption
[  854.707451][T15793] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  854.832188][T15789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2714'.
[  854.959237][    T9] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  855.120471][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  856.226539][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  856.243101][    T9] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  856.252241][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  856.272589][    T9] usb 3-1: Product: syz
[  856.430034][ T5868] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  856.438932][    T9] usb 3-1: Manufacturer: syz
[  856.444932][    T9] usb 3-1: SerialNumber: syz
[  856.449003][T15811] FAULT_INJECTION: forcing a failure.
[  856.449003][T15811] name failslab, interval 1, probability 0, space 0, times 0
[  856.459304][    T9] usb 3-1: config 0 descriptor??
[  856.472516][T15811] CPU: 0 UID: 0 PID: 15811 Comm: syz.1.2719 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  856.472541][T15811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  856.472551][T15811] Call Trace:
[  856.472557][T15811]  <TASK>
[  856.472564][T15811]  dump_stack_lvl+0x16c/0x1f0
[  856.472593][T15811]  should_fail_ex+0x512/0x640
[  856.472615][T15811]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  856.472642][T15811]  should_failslab+0xc2/0x120
[  856.472667][T15811]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  856.472689][T15811]  ? security_file_alloc+0x34/0x2b0
[  856.472718][T15811]  security_file_alloc+0x34/0x2b0
[  856.472742][T15811]  init_file+0x93/0x4c0
[  856.472769][T15811]  alloc_empty_file+0x73/0x1e0
[  856.472786][T15811]  path_openat+0xda/0x2cb0
[  856.472808][T15811]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.472835][T15811]  ? __pfx_path_openat+0x10/0x10
[  856.472859][T15811]  ? __lock_acquire+0xb8a/0x1c90
[  856.472889][T15811]  do_filp_open+0x20b/0x470
[  856.472912][T15811]  ? __pfx_do_filp_open+0x10/0x10
[  856.472954][T15811]  ? alloc_fd+0x471/0x7d0
[  856.472985][T15811]  do_sys_openat2+0x11b/0x1d0
[  856.473000][T15811]  ? __pfx_do_sys_openat2+0x10/0x10
[  856.473019][T15811]  ? __fget_files+0x20e/0x3c0
[  856.473047][T15811]  __x64_sys_openat+0x174/0x210
[  856.473068][T15811]  ? __pfx___x64_sys_openat+0x10/0x10
[  856.473084][T15811]  ? ksys_write+0x1ac/0x250
[  856.473117][T15811]  do_syscall_64+0xcd/0x4c0
[  856.473145][T15811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  856.473162][T15811] RIP: 0033:0x7f739178e929
[  856.473176][T15811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  856.473192][T15811] RSP: 002b:00007f73926ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  856.473209][T15811] RAX: ffffffffffffffda RBX: 00007f73919b5fa0 RCX: 00007f739178e929
[  856.473220][T15811] RDX: 0000000000003f00 RSI: 0000200000002240 RDI: ffffffffffffff9c
[  856.473231][T15811] RBP: 00007f73926ce090 R08: 0000000000000000 R09: 0000000000000000
[  856.473241][T15811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  856.473251][T15811] R13: 0000000000000000 R14: 00007f73919b5fa0 R15: 00007ffdcb055f28
[  856.473278][T15811]  </TASK>
[  856.854219][   T64] Bluetooth: (null): Invalid header checksum
[  856.891892][   T64] Bluetooth: (null): Invalid header checksum
[  856.904281][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  857.003432][ T5868] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  857.026485][ T5868] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  857.045595][    T9] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  857.054619][ T5868] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  857.215990][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  857.245521][ T5868] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  857.331519][    T9] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  857.380455][ T5868] usb 4-1: config 0 descriptor??
[  857.448753][    T9] usb 3-1: media controller created
[  857.641899][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  857.740201][T15825] vlan2: entered promiscuous mode
[  857.745310][T15825] bridge0: entered promiscuous mode
[  857.884586][T15803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  857.907288][T15803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  858.569606][    T9] DVB: Unable to find symbol tda10046_attach()
[  858.575798][    T9] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  858.584414][    T9] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  858.620002][ T5868] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving
[  858.631612][    T9] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  858.664904][ T5868] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  858.706558][    T9] usb 3-1: USB disconnect, device number 60
[  860.047717][T15852] netlink: 'syz.2.2729': attribute type 1 has an invalid length.
[  860.279276][    T9] usb 4-1: reset high-speed USB device number 49 using dummy_hcd
[  861.566544][T15870] nfs4: Unknown parameter '
reezer.state'
[  861.591196][ T5868] usb 4-1: USB disconnect, device number 49
[  861.639298][ T5897] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  862.016279][ T5897] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  862.056213][ T5897] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  862.076347][ T5897] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  862.094241][   T64] Bluetooth: hci5: Frame reassembly failed (-84)
[  862.103606][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  862.187877][T15859] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  862.316342][ T5897] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  863.333513][ T5897] usb 3-1: USB disconnect, device number 61
[  863.402896][T10788] udevd[10788]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  863.718468][T15901] syz.1.2743 (15901): attempted to duplicate a private mapping with mremap.  This is not supported.
[  863.905847][   T30] audit: type=1400 audit(1749820059.813:1047): avc:  denied  { read } for  pid=5825 comm="kworker/0:3" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=47985 scontext=system_u:system_r:kernel_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  864.486708][T14004] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  864.493227][ T5830] Bluetooth: hci5: command 0x1003 tx timeout
[  865.500703][T15929] infiniband syz!: set down
[  865.505512][T15929] infiniband syz!: added team_slave_0
[  865.891137][T15929] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[  865.895506][T15929] infiniband syz!: Couldn't open port 1
[  865.930391][T15929] RDS/IB: syz!: added
[  865.934724][T15929] smc: adding ib device syz! with port count 1
[  865.944370][T15929] smc:    ib device syz! port 1 has pnetid 
[  867.199680][T15916] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2745'.
[  867.279384][   T30] audit: type=1400 audit(1749820063.113:1048): avc:  denied  { write } for  pid=15915 comm="syz.3.2745" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  867.644756][ T5897] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  867.926416][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  868.069817][ T5897] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  868.094985][ T5935] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  868.161148][ T5897] usb 4-1: New USB device strings: Mfr=32, Product=0, SerialNumber=9
[  868.250296][ T5897] usb 4-1: Manufacturer: syz
[  868.283199][ T5897] usb 4-1: SerialNumber: syz
[  868.329282][ T5935] usb 2-1: Using ep0 maxpacket: 8
[  868.370872][ T5935] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  868.386250][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  868.398872][ T5897] usb 4-1: config 0 descriptor??
[  868.416384][ T5935] usb 2-1: Product: syz
[  868.421352][ T5897] usb 4-1: can't set config #0, error -71
[  868.435439][ T5897] usb 4-1: USB disconnect, device number 50
[  868.448767][ T5935] usb 2-1: Manufacturer: syz
[  868.457213][ T5935] usb 2-1: SerialNumber: syz
[  868.518792][ T5935] usb 2-1: config 0 descriptor??
[  868.539739][ T5130] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  869.204541][ T5935] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  869.215437][ T5130] usb 5-1: Using ep0 maxpacket: 32
[  869.239550][T15976] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  869.246090][T15976] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  869.255184][ T5130] usb 5-1: config 0 has an invalid interface number: 124 but max is 0
[  869.265680][ T5130] usb 5-1: config 0 has no interface number 0
[  869.280289][ T5130] usb 5-1: config 0 interface 124 altsetting 0 has an endpoint descriptor with address 0x1A, changing to 0xA
[  869.295314][T15976] vhci_hcd vhci_hcd.0: Device attached
[  869.354479][T15983] befs: (nbd0): No write support. Marking filesystem read-only
[  869.385302][T15983] syz.0.2760: attempt to access beyond end of device
[  869.385302][T15983] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[  869.613833][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  869.620809][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  869.646853][ T5130] usb 5-1: New USB device found, idVendor=0bfd, idProduct=001c, bcdDevice=8c.e8
[  869.681806][ T5130] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  869.763367][ T5130] usb 5-1: Product: syz
[  869.776934][ T5130] usb 5-1: Manufacturer: syz
[  869.786833][ T5130] usb 5-1: SerialNumber: syz
[  869.803151][ T5130] usb 5-1: config 0 descriptor??
[  869.831436][ T5130] kvaser_usb 5-1:0.124: error -ENODEV: Cannot get usb endpoint(s)
[  869.859333][ T5897] usb 38-1: SetAddress Request (18) to port 0
[  869.874902][ T5897] usb 38-1: new SuperSpeed USB device number 18 using vhci_hcd
[  869.953823][T15994] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  870.147743][ T5935] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  870.158462][T15977] vhci_hcd: connection reset by peer
[  870.203878][T14135] vhci_hcd: stop threads
[  870.386502][T14135] vhci_hcd: release socket
[  870.394103][T15997] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2762'.
[  870.419292][T14135] vhci_hcd: disconnect device
[  870.452536][ T5935] usb 5-1: USB disconnect, device number 16
[  870.969299][ T5935] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  871.050838][ T5868] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  871.129243][ T5935] usb 3-1: Using ep0 maxpacket: 8
[  871.136347][ T5935] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  871.145674][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.156882][ T5935] usb 3-1: config 0 descriptor??
[  871.196945][T12000] usb 2-1: USB disconnect, device number 54
[  871.243745][T16024] nfs4: Unknown parameter '
reezer.state'
[  871.249234][ T5868] usb 1-1: Using ep0 maxpacket: 16
[  871.261149][ T5868] usb 1-1: config 5 has an invalid interface number: 168 but max is 0
[  871.278270][ T5868] usb 1-1: config 5 has no interface number 0
[  871.289429][ T5868] usb 1-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  871.301302][ T5868] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  871.333136][ T5868] usb 1-1: config 5 interface 168 altsetting 7 bulk endpoint 0x4 has invalid maxpacket 1023
[  871.373829][ T5868] usb 1-1: config 5 interface 168 has no altsetting 0
[  871.398174][ T5868] usb 1-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  871.413084][ T5868] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.429645][ T5868] usb 1-1: Product: syz
[  871.444521][ T5868] usb 1-1: Manufacturer: syz
[  871.455060][ T5868] usb 1-1: SerialNumber: syz
[  871.463230][T16017] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  871.471143][T16017] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  871.627793][ T5935] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  871.638126][ T5935] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0
[  871.648666][ T5935] asix 3-1:0.0: probe with driver asix failed with error -32
[  872.214128][T16017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  872.222984][T16017] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  872.235631][T16017] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2766'.
[  872.246661][T16017] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2766'.
[  872.257872][T16017] netlink: 'syz.0.2766': attribute type 18 has an invalid length.
[  872.276282][T16017] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  872.285201][T16017] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  872.294026][T16017] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  872.302880][T16017] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  872.501765][T16042] loop6: detected capacity change from 0 to 74
[  872.672266][T16047] trusted_key: encrypted_key: insufficient parameters specified
[  873.212476][    C0] usb 1-1: NFC: Urb failure (status -71)
[  873.219596][    C0] usb 1-1: NFC: Urb failure (status -71)
[  873.245524][ T5868] usb 1-1: NFC: Unable to get FW version
[  873.270621][ T5868] pn533_usb 1-1:5.168: probe with driver pn533_usb failed with error -71
[  873.306893][ T5868] usb 1-1: USB disconnect, device number 55
[  874.114749][ T5130] usb 3-1: USB disconnect, device number 62
[  875.166213][ T5897] usb 38-1: device descriptor read/8, error -110
[  876.045897][ T5897] usb usb38-port1: attempt power cycle
[  877.110549][ T5897] usb usb38-port1: unable to enumerate USB device
[  877.368122][T16103] netlink: 64535 bytes leftover after parsing attributes in process `syz.4.2790'.
[  877.514448][T16105] netlink: 64535 bytes leftover after parsing attributes in process `syz.3.2791'.
[  877.680148][T16108] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  878.323248][T16114] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2792'.
[  879.073371][ T5897] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  879.483970][ T5897] usb 5-1: Using ep0 maxpacket: 16
[  879.513167][ T5897] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  879.602305][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  879.619482][    T9] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  879.683377][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  879.765917][ T5897] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  879.812755][T16138] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  879.850716][ T5897] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  879.959104][ T5897] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  880.037237][ T5897] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  880.105278][ T5897] usb 5-1: Manufacturer: syz
[  880.203999][ T5897] usb 5-1: config 0 descriptor??
[  880.459645][    T9] usb 3-1: Using ep0 maxpacket: 32
[  880.659524][    T9] usb 3-1: config 0 has an invalid interface number: 44 but max is 1
[  880.676023][    T9] usb 3-1: config 0 has an invalid interface association descriptor of length 4, skipping
[  880.686802][    T9] usb 3-1: config 0 has no interface number 1
[  880.700299][    T9] usb 3-1: config 0 interface 44 altsetting 127 has an endpoint descriptor with address 0xBD, changing to 0x8D
[  880.716502][    T9] usb 3-1: config 0 interface 44 altsetting 127 endpoint 0x8D has invalid maxpacket 1244, setting to 1024
[  880.739240][    T9] usb 3-1: config 0 interface 44 altsetting 127 bulk endpoint 0x8D has invalid maxpacket 1024
[  880.791163][ T5897] rc_core: IR keymap rc-hauppauge not found
[  880.799857][    T9] usb 3-1: config 0 interface 44 altsetting 127 has an invalid descriptor for endpoint zero, skipping
[  880.800821][ T5897] Registered IR keymap rc-empty
[  880.816129][    T9] usb 3-1: config 0 interface 44 altsetting 127 endpoint 0xD has an invalid bInterval 0, changing to 7
[  880.818737][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  880.837634][    T9] usb 3-1: config 0 interface 44 altsetting 127 has an invalid descriptor for endpoint zero, skipping
[  880.848897][    T9] usb 3-1: config 0 interface 44 altsetting 127 endpoint 0xE has invalid wMaxPacketSize 0
[  880.852353][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  880.859022][    T9] usb 3-1: config 0 interface 44 altsetting 127 has a duplicate endpoint with address 0x3, skipping
[  880.877242][    T9] usb 3-1: config 0 interface 44 altsetting 127 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  880.889978][    T9] usb 3-1: config 0 interface 44 altsetting 127 has 11 endpoint descriptors, different from the interface descriptor's value: 10
[  880.907138][    T9] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x9 has invalid maxpacket 1024, setting to 64
[  880.919560][    T9] usb 3-1: config 0 interface 0 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  880.955619][    T9] usb 3-1: config 0 interface 0 altsetting 4 has a duplicate endpoint with address 0x5, skipping
[  880.959866][ T5897] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  881.013443][ T5897] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input36
[  881.014191][    T9] usb 3-1: config 0 interface 44 has no altsetting 0
[  881.057883][    T9] usb 3-1: config 0 interface 0 has no altsetting 0
[  881.066416][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.071339][    T9] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0171, bcdDevice=de.c0
[  881.083055][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.093052][    T9] usb 3-1: Product: Т
[  881.097301][    T9] usb 3-1: Manufacturer: а
[  881.101576][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.102179][    T9] usb 3-1: SerialNumber: 謲옞䀰┰ᅝ䈄矽❥챑烙롚핫ꕜ㮰舌ꚭ⭎퐑遴઀ᑴꟽ堵荅ꮼ䐸鍣䷇綒꜉ࡃ琲ᷘ妟崖뭇糟꡿降폃ᕷ亸쎃㿚﬚곭ནↅ焴䜷⧕熿쳵遉掞梠繝ⴁ䴦폢☦䨥ᐴ앉箝繓搴鹏㍟ࣲ䄉냜ᰝȭっ㮙₪鐡㖤蹌礄뎇썪Í챡㴟駶窃뮆ꃭ➻⛰
[  881.202831][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.223986][    T9] usb 3-1: config 0 descriptor??
[  881.242384][T16133] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  881.373094][   T30] audit: type=1400 audit(1749820077.273:1049): avc:  denied  { validate_trans } for  pid=16158 comm="syz.0.2807" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  881.393607][    C0] vkms_vblank_simulate: vblank timer overrun
[  881.398464][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.432372][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.454116][T16133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  881.469271][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.476076][T16133] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  881.594509][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.608934][T16133] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  881.619492][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.634452][T16133] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  881.649451][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  881.707629][T16164] FAULT_INJECTION: forcing a failure.
[  881.707629][T16164] name failslab, interval 1, probability 0, space 0, times 0
[  881.720800][T16164] CPU: 0 UID: 0 PID: 16164 Comm: syz.3.2808 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  881.720825][T16164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  881.720835][T16164] Call Trace:
[  881.720844][T16164]  <TASK>
[  881.720852][T16164]  dump_stack_lvl+0x16c/0x1f0
[  881.720882][T16164]  should_fail_ex+0x512/0x640
[  881.720904][T16164]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  881.720931][T16164]  should_failslab+0xc2/0x120
[  881.720955][T16164]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  881.720976][T16164]  ? kasan_save_track+0x14/0x30
[  881.721000][T16164]  ? kasan_save_free_info+0x3b/0x60
[  881.721016][T16164]  ? __alloc_skb+0x2b2/0x380
[  881.721041][T16164]  ? unix_dgram_sendmsg+0x7f1/0x1840
[  881.721069][T16164]  __alloc_skb+0x2b2/0x380
[  881.721092][T16164]  ? __pfx___alloc_skb+0x10/0x10
[  881.721119][T16164]  ? __lock_acquire+0x622/0x1c90
[  881.721151][T16164]  alloc_skb_with_frags+0xe0/0x860
[  881.721176][T16164]  sock_alloc_send_pskb+0x7fb/0x990
[  881.721201][T16164]  ? avc_has_perm_noaudit+0x117/0x3b0
[  881.721227][T16164]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  881.721248][T16164]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  881.721270][T16164]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  881.721291][T16164]  ? avc_has_perm+0x11a/0x1c0
[  881.721307][T16164]  ? __pfx_avc_has_perm+0x10/0x10
[  881.721331][T16164]  unix_dgram_sendmsg+0x41a/0x1840
[  881.721360][T16164]  ? __pfx_sock_has_perm+0x10/0x10
[  881.721381][T16164]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  881.721404][T16164]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  881.721436][T16164]  ? __import_iovec+0x1dd/0x650
[  881.721460][T16164]  ? __might_fault+0xe3/0x190
[  881.721480][T16164]  ? __might_fault+0x13b/0x190
[  881.721504][T16164]  unix_seqpacket_sendmsg+0x12a/0x1c0
[  881.721531][T16164]  ____sys_sendmsg+0xa95/0xc70
[  881.721551][T16164]  ? copy_msghdr_from_user+0x10a/0x160
[  881.721575][T16164]  ? __pfx_____sys_sendmsg+0x10/0x10
[  881.721593][T16164]  ? trace_sched_exit_tp+0xde/0x130
[  881.721630][T16164]  ___sys_sendmsg+0x134/0x1d0
[  881.721657][T16164]  ? __pfx____sys_sendmsg+0x10/0x10
[  881.721710][T16164]  ? __pfx___might_resched+0x10/0x10
[  881.721732][T16164]  ? __sys_sendmmsg+0x229/0x420
[  881.721759][T16164]  __sys_sendmmsg+0x200/0x420
[  881.721788][T16164]  ? __pfx___sys_sendmmsg+0x10/0x10
[  881.721835][T16164]  ? fput+0x70/0xf0
[  881.721860][T16164]  ? ksys_write+0x1ac/0x250
[  881.721888][T16164]  __x64_sys_sendmmsg+0x9c/0x100
[  881.721912][T16164]  ? lockdep_hardirqs_on+0x7c/0x110
[  881.721937][T16164]  do_syscall_64+0xcd/0x4c0
[  881.721964][T16164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  881.721981][T16164] RIP: 0033:0x7fc567f8e929
[  881.722002][T16164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  881.722018][T16164] RSP: 002b:00007fc568e2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  881.722035][T16164] RAX: ffffffffffffffda RBX: 00007fc5681b6160 RCX: 00007fc567f8e929
[  881.722046][T16164] RDX: 0400000000000159 RSI: 0000200000001c00 RDI: 0000000000000004
[  881.722057][T16164] RBP: 00007fc568e2c090 R08: 0000000000000000 R09: 0000000000000000
[  881.722067][T16164] R10: 0000000000040840 R11: 0000000000000246 R12: 0000000000000002
[  881.722077][T16164] R13: 0000000000000000 R14: 00007fc5681b6160 R15: 00007fff4d84faf8
[  881.722101][T16164]  </TASK>
[  882.056788][    C0] vkms_vblank_simulate: vblank timer overrun
[  882.099331][ T5897] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  882.105928][    T9] ftdi_sio 3-1:0.44: FTDI USB Serial Device converter detected
[  882.114819][    T9] ftdi_sio ttyUSB0: unknown device type: 0xdec0
[  882.126302][    T9] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  882.134225][    T9] ftdi_sio ttyUSB1: unknown device type: 0xdec0
[  882.145267][    T9] usb 3-1: USB disconnect, device number 63
[  882.153910][    T9] ftdi_sio 3-1:0.44: device disconnected
[  882.160885][    T9] ftdi_sio 3-1:0.0: device disconnected
[  883.016634][ T5897] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  883.026110][ T5897] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  883.092162][T16173] wireguard0: entered promiscuous mode
[  883.108958][T16173] wireguard0: entered allmulticast mode
[  883.202511][ T5897] usb 5-1: USB disconnect, device number 17
[  883.346146][T16177] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  883.458740][T16183] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2811'.
[  884.835361][ T5897] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  884.843538][ T5935] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  885.501895][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  885.519646][ T5935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  885.537055][ T5897] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  885.551093][ T5935] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  885.567258][ T5897] usb 5-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  885.618825][ T5935] usb 1-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  885.628063][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.636089][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  885.645355][ T5897] usb 5-1: config 0 descriptor??
[  885.651445][ T5935] usb 1-1: config 0 descriptor??
[  885.952203][T16221] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2825'.
[  886.134989][T16194] FAULT_INJECTION: forcing a failure.
[  886.134989][T16194] name failslab, interval 1, probability 0, space 0, times 0
[  886.154798][T16194] CPU: 0 UID: 0 PID: 16194 Comm: syz.0.2815 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  886.154826][T16194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  886.154836][T16194] Call Trace:
[  886.154842][T16194]  <TASK>
[  886.154849][T16194]  dump_stack_lvl+0x16c/0x1f0
[  886.154882][T16194]  should_fail_ex+0x512/0x640
[  886.154905][T16194]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  886.154928][T16194]  should_failslab+0xc2/0x120
[  886.154953][T16194]  __kmalloc_cache_noprof+0x6a/0x3e0
[  886.154971][T16194]  ? find_held_lock+0x2b/0x80
[  886.154992][T16194]  ? alloc_pipe_info+0x10e/0x590
[  886.155020][T16194]  alloc_pipe_info+0x10e/0x590
[  886.155047][T16194]  splice_direct_to_actor+0x77d/0xa30
[  886.155072][T16194]  ? __pfx_direct_splice_actor+0x10/0x10
[  886.155095][T16194]  ? find_held_lock+0x2b/0x80
[  886.155116][T16194]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  886.155136][T16194]  ? get_pid_task+0xfc/0x250
[  886.155169][T16194]  do_splice_direct+0x174/0x240
[  886.155192][T16194]  ? __pfx_do_splice_direct+0x10/0x10
[  886.155214][T16194]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  886.155236][T16194]  ? bpf_lsm_file_permission+0x9/0x10
[  886.155262][T16194]  ? security_file_permission+0x71/0x210
[  886.155289][T16194]  ? rw_verify_area+0xcf/0x680
[  886.155311][T16194]  do_sendfile+0xb06/0xe50
[  886.155336][T16194]  ? __pfx_do_sendfile+0x10/0x10
[  886.155357][T16194]  ? __fget_files+0x20e/0x3c0
[  886.155386][T16194]  __x64_sys_sendfile64+0x1d8/0x220
[  886.155409][T16194]  ? ksys_write+0x1ac/0x250
[  886.155429][T16194]  ? __pfx___x64_sys_sendfile64+0x10/0x10
[  886.155463][T16194]  do_syscall_64+0xcd/0x4c0
[  886.155492][T16194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  886.155508][T16194] RIP: 0033:0x7f6b3598e929
[  886.155523][T16194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  886.155543][T16194] RSP: 002b:00007f6b337f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  886.155561][T16194] RAX: ffffffffffffffda RBX: 00007f6b35bb5fa0 RCX: 00007f6b3598e929
[  886.155572][T16194] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000008
[  886.155581][T16194] RBP: 00007f6b337f6090 R08: 0000000000000000 R09: 0000000000000000
[  886.155592][T16194] R10: 00004000000053d2 R11: 0000000000000246 R12: 0000000000000001
[  886.155602][T16194] R13: 0000000000000000 R14: 00007f6b35bb5fa0 R15: 00007fff6efd2838
[  886.155626][T16194]  </TASK>
[  886.157484][ T5935] usbhid 1-1:0.0: can't add hid device: -71
[  886.529306][ T5897] usbhid 5-1:0.0: can't add hid device: -71
[  886.539290][ T5897] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  886.561956][ T5897] usb 5-1: USB disconnect, device number 18
[  886.572935][ T5935] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  886.581035][T16223] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  886.594190][ T5935] usb 1-1: USB disconnect, device number 56
[  887.226442][T16228] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2826'.
[  888.997013][T16242] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  889.003564][T16242] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  889.027610][T16242] vhci_hcd vhci_hcd.0: Device attached
[  889.339349][ T5897] usb 40-1: SetAddress Request (14) to port 0
[  889.345847][ T5897] usb 40-1: new SuperSpeed USB device number 14 using vhci_hcd
[  889.649466][ T5935] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  889.669285][T15964] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  889.836840][T15964] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  889.849246][ T5935] usb 4-1: Using ep0 maxpacket: 8
[  889.875736][ T5935] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  889.901235][T15964] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  889.933342][ T5935] usb 4-1: config 0 has no interface number 0
[  889.986325][ T5935] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  890.008096][T15964] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  890.225329][T15964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.254166][ T5935] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  890.418614][ T5935] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  890.439225][T16250] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  890.613940][ T5935] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  890.638609][T15964] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  890.797804][ T5935] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  890.966062][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  891.019873][T16256] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2832'.
[  891.052524][ T5935] usb 4-1: config 0 descriptor??
[  891.089335][T15964] usb 1-1: USB disconnect, device number 57
[  891.121925][ T5935] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  893.076253][ T5935] usb 4-1: USB disconnect, device number 51
[  893.120628][ T5935] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  893.280101][T16243] vhci_hcd: connection reset by peer
[  893.291214][ T1156] vhci_hcd: stop threads
[  893.383986][T16284] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  894.211179][ T1156] vhci_hcd: release socket
[  894.215745][ T1156] vhci_hcd: disconnect device
[  894.469348][ T5897] usb 40-1: device descriptor read/8, error -110
[  894.537521][T16293] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2847'.
[  894.875771][T16306] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4)
[  894.882326][T16306] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  894.910608][T16306] vhci_hcd vhci_hcd.0: Device attached
[  894.931147][ T5897] usb usb40-port1: attempt power cycle
[  895.143596][   T30] audit: type=1400 audit(1749820091.053:1050): avc:  denied  { compute_member } for  pid=16299 comm="syz.1.2850" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  895.164151][    C0] vkms_vblank_simulate: vblank timer overrun
[  895.189537][ T5825] usb 42-1: SetAddress Request (2) to port 0
[  895.258761][ T5825] usb 42-1: new SuperSpeed USB device number 2 using vhci_hcd
[  895.496860][    T9] usb 1-1: new low-speed USB device number 58 using dummy_hcd
[  896.271267][ T5868] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=5868 comm=kworker/0:4
[  896.565271][T16323] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2855'.
[  896.687016][T16325] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  896.705756][ T5868] kernel read not supported for file /dsp (pid: 5868 comm: kworker/0:4)
[  896.998492][ T5897] usb usb40-port1: unable to enumerate USB device
[  897.025983][    T9] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  897.067895][    T9] usb 1-1: config 0 has no interface number 0
[  897.124966][    T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  897.142318][    T9] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  897.169351][    T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  897.178968][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  897.198648][    T9] usb 1-1: config 0 descriptor??
[  897.221688][   T30] audit: type=1400 audit(1749820093.133:1051): avc:  denied  { read write } for  pid=16318 comm="syz.1.2855" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  897.348064][   T30] audit: type=1400 audit(1749820093.133:1052): avc:  denied  { open } for  pid=16318 comm="syz.1.2855" path="/550/file0/file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  897.349580][T16314] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  897.678498][    T9] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  897.846458][T16308] vhci_hcd: connection reset by peer
[  897.891428][ T2952] vhci_hcd: stop threads
[  897.905508][ T5935] usb 1-1: USB disconnect, device number 58
[  897.941965][ T2952] vhci_hcd: release socket
[  897.981335][ T2952] vhci_hcd: disconnect device
[  898.666988][T16338] netlink: 64535 bytes leftover after parsing attributes in process `syz.3.2860'.
[  899.066776][T16340] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2861'.
[  899.616631][T16355] fuse: Unknown parameter 'r'
[  899.741183][ T2952] Bluetooth: (null): Too short H5 packet
[  899.765235][ T2952] Bluetooth: (null): Invalid header checksum
[  899.794195][ T2952] Bluetooth: (null): Invalid header checksum
[  900.379271][ T5825] usb 42-1: device descriptor read/8, error -110
[  900.770865][ T5825] usb usb42-port1: attempt power cycle
[  901.654493][ T5825] usb usb42-port1: unable to enumerate USB device
[  901.663223][   T30] audit: type=1400 audit(1749820097.553:1053): avc:  denied  { rename } for  pid=16374 comm="syz.3.2872" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  901.889248][    T9] usb 3-1: new low-speed USB device number 64 using dummy_hcd
[  901.897671][   T30] audit: type=1400 audit(1749820097.803:1054): avc:  denied  { map } for  pid=16382 comm="syz.4.2875" path="/dev/zero" dev="devtmpfs" ino=6 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1
[  902.670819][    T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  902.710878][    T9] usb 3-1: config 0 has no interface number 0
[  902.728057][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  902.767246][    T9] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  902.799227][    T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  902.810097][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.860313][    T9] usb 3-1: config 0 descriptor??
[  902.866399][T16373] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  902.939344][    T9] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  902.947835][ T5935] Process accounting resumed
[  903.008010][T16398] netlink: 'syz.0.2879': attribute type 10 has an invalid length.
[  903.116449][   T30] audit: type=1400 audit(1749820099.013:1055): avc:  denied  { bind } for  pid=16391 comm="syz.3.2877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  903.142329][    T9] usb 3-1: USB disconnect, device number 64
[  903.166610][T16398] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2879'.
[  904.546191][T16422] FAULT_INJECTION: forcing a failure.
[  904.546191][T16422] name failslab, interval 1, probability 0, space 0, times 0
[  904.588728][T16422] CPU: 0 UID: 0 PID: 16422 Comm: syz.2.2885 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  904.588754][T16422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  904.588763][T16422] Call Trace:
[  904.588770][T16422]  <TASK>
[  904.588777][T16422]  dump_stack_lvl+0x16c/0x1f0
[  904.588808][T16422]  should_fail_ex+0x512/0x640
[  904.588831][T16422]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  904.588855][T16422]  should_failslab+0xc2/0x120
[  904.588879][T16422]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  904.588900][T16422]  ? find_held_lock+0x2b/0x80
[  904.588919][T16422]  ? getname_flags.part.0+0x4c/0x550
[  904.588941][T16422]  getname_flags.part.0+0x4c/0x550
[  904.588961][T16422]  getname_flags+0x93/0xf0
[  904.588983][T16422]  do_sys_openat2+0xb8/0x1d0
[  904.588999][T16422]  ? __pfx_do_sys_openat2+0x10/0x10
[  904.589016][T16422]  ? __fget_files+0x20e/0x3c0
[  904.589046][T16422]  __x64_sys_creat+0xcc/0x120
[  904.589063][T16422]  ? __pfx___x64_sys_creat+0x10/0x10
[  904.589079][T16422]  ? __pfx_ksys_write+0x10/0x10
[  904.589103][T16422]  ? rcu_is_watching+0x12/0xc0
[  904.589123][T16422]  ? do_syscall_64+0x91/0x4c0
[  904.589153][T16422]  do_syscall_64+0xcd/0x4c0
[  904.589180][T16422]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  904.589196][T16422] RIP: 0033:0x7fc0ecb8e929
[  904.589210][T16422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  904.589225][T16422] RSP: 002b:00007fc0ed9d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  904.589242][T16422] RAX: ffffffffffffffda RBX: 00007fc0ecdb5fa0 RCX: 00007fc0ecb8e929
[  904.589253][T16422] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000140
[  904.589263][T16422] RBP: 00007fc0ed9d2090 R08: 0000000000000000 R09: 0000000000000000
[  904.589273][T16422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  904.589282][T16422] R13: 0000000000000000 R14: 00007fc0ecdb5fa0 R15: 00007ffffc89afc8
[  904.589304][T16422]  </TASK>
[  904.851451][   T30] audit: type=1400 audit(1749820100.753:1056): avc:  denied  { map } for  pid=16426 comm="syz.4.2887" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  904.876792][   T30] audit: type=1400 audit(1749820100.753:1057): avc:  denied  { execute } for  pid=16426 comm="syz.4.2887" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  906.059439][T16437] netlink: 'syz.1.2891': attribute type 1 has an invalid length.
[  906.102286][T16437] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2891'.
[  907.094586][T16443] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  907.407099][T16455] FAULT_INJECTION: forcing a failure.
[  907.407099][T16455] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  907.427710][T16455] CPU: 0 UID: 0 PID: 16455 Comm: syz.0.2894 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  907.427734][T16455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  907.427745][T16455] Call Trace:
[  907.427751][T16455]  <TASK>
[  907.427758][T16455]  dump_stack_lvl+0x16c/0x1f0
[  907.427789][T16455]  should_fail_ex+0x512/0x640
[  907.427817][T16455]  _copy_from_user+0x2e/0xd0
[  907.427843][T16455]  copy_from_sockptr_offset.constprop.0+0x136/0x170
[  907.427868][T16455]  ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10
[  907.427899][T16455]  sk_setsockopt+0x170/0x3e40
[  907.427920][T16455]  ? __pfx_sk_setsockopt+0x10/0x10
[  907.427936][T16455]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  907.427967][T16455]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  907.427997][T16455]  ? find_held_lock+0x2b/0x80
[  907.428025][T16455]  ? selinux_socket_setsockopt+0x6a/0x80
[  907.428052][T16455]  do_sock_setsockopt+0x3f2/0x470
[  907.428070][T16455]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  907.428102][T16455]  __sys_setsockopt+0x1a0/0x230
[  907.428131][T16455]  __x64_sys_setsockopt+0xbd/0x160
[  907.428153][T16455]  ? do_syscall_64+0x91/0x4c0
[  907.428179][T16455]  ? lockdep_hardirqs_on+0x7c/0x110
[  907.428203][T16455]  do_syscall_64+0xcd/0x4c0
[  907.428230][T16455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  907.428248][T16455] RIP: 0033:0x7f6b3598e929
[  907.428262][T16455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  907.428279][T16455] RSP: 002b:00007f6b337b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  907.428297][T16455] RAX: ffffffffffffffda RBX: 00007f6b35bb6160 RCX: 00007f6b3598e929
[  907.428308][T16455] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000006
[  907.428319][T16455] RBP: 00007f6b337b4090 R08: 0000000000000010 R09: 0000000000000000
[  907.428330][T16455] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  907.428340][T16455] R13: 0000000000000000 R14: 00007f6b35bb6160 R15: 00007fff6efd2838
[  907.428364][T16455]  </TASK>
[  907.633700][    C0] vkms_vblank_simulate: vblank timer overrun
[  911.223641][T16496] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  911.319011][T16498] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2904'.
[  912.538484][T16501] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes.
[  912.720580][T16509] input: syz1 as /devices/virtual/input/input37
[  912.857771][   T30] audit: type=1400 audit(1749820108.763:1058): avc:  denied  { connect } for  pid=16506 comm="syz.4.2908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  912.859464][T16511] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096
[  913.302246][T13999] tipc: Subscription rejected, illegal request
[  913.459103][T16524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2913'.
[  913.481020][T16524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  913.560449][T16524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  913.632744][T16524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  915.109503][   T30] audit: type=1400 audit(1749820111.023:1059): avc:  denied  { unmount } for  pid=5824 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  915.581407][T16538] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  915.916909][T15964] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  915.918122][T16547] No control pipe specified
[  916.104799][   T30] audit: type=1400 audit(1749820112.013:1060): avc:  denied  { unmount } for  pid=5822 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  916.159270][T15964] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  916.200180][T15964] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  916.231079][T16554] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2921'.
[  916.240540][T15964] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  916.258096][T15964] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  916.277828][T16541] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  916.291976][T15964] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  916.515838][T16566] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  917.053867][T16570] net veth1_virt_wifi ������: renamed from virt_wifi0
[  917.066816][T15964] usb 1-1: USB disconnect, device number 59
[  917.241137][   T30] audit: type=1400 audit(1749820113.153:1061): avc:  denied  { write } for  pid=16573 comm="syz.2.2927" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  917.275236][T16572] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.2925'.
[  917.361906][T16578] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2929'.
[  917.438853][ T5935] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  917.886283][T16580] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  920.653941][ T5935] usb 5-1: device descriptor read/all, error -71
[  920.719299][ T5897] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  920.855857][T16589] syz.1.2931 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  922.864077][ T5897] usb 3-1: Using ep0 maxpacket: 8
[  922.942857][ T5897] usb 3-1: device descriptor read/all, error -71
[  923.273468][T16618] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  923.633943][ T5935] usb 2-1: new low-speed USB device number 55 using dummy_hcd
[  923.717130][   T30] audit: type=1400 audit(1749820119.613:1062): avc:  denied  { write } for  pid=16613 comm="syz.2.2939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  923.850175][ T5935] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  923.858525][ T5935] usb 2-1: config 0 has no interface number 0
[  923.871127][ T5935] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  924.004467][ T5935] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  924.054506][ T5935] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  924.106720][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.119892][ T5897] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  924.330193][ T5935] usb 2-1: config 0 descriptor??
[  924.447615][T16609] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  924.455109][ T5897] usb 3-1: Using ep0 maxpacket: 32
[  924.496476][ T5935] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  924.513520][ T5897] usb 3-1: config 0 has an invalid interface number: 247 but max is 0
[  924.523228][ T5897] usb 3-1: config 0 has no interface number 0
[  924.544735][ T5897] usb 3-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice= 1.9b
[  924.558011][ T5897] usb 3-1: New USB device strings: Mfr=128, Product=0, SerialNumber=0
[  924.558426][T16631] netlink: 'syz.3.2944': attribute type 4 has an invalid length.
[  924.566750][ T5897] usb 3-1: Manufacturer: syz
[  924.577648][T16631] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.2944'.
[  924.583728][ T5897] usb 3-1: config 0 descriptor??
[  925.422305][   T30] audit: type=1400 audit(1749820120.833:1063): avc:  denied  { mount } for  pid=16630 comm="syz.3.2944" name="/" dev="rpc_pipefs" ino=51656 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  925.499646][ T5897] usb 3-1: USB disconnect, device number 66
[  925.526036][T16639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  925.540937][T16639] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  926.889287][   T30] audit: type=1400 audit(1749820122.753:1064): avc:  denied  { write } for  pid=16645 comm="syz.2.2948" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  927.486775][ T5935] usb 2-1: USB disconnect, device number 55
[  927.538582][T16653] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2951'.
[  927.608927][   T30] audit: type=1400 audit(1749820123.493:1065): avc:  denied  { getopt } for  pid=16649 comm="syz.1.2951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  927.659104][T16657] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  927.787822][T16659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2952'.
[  927.845482][T16631] syz.3.2944 (16631): drop_caches: 2
[  927.859305][ T5897] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  928.079637][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  928.096186][ T5897] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  928.106659][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.194048][T16663] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[  928.564882][ T5897] usb 3-1: config 0 descriptor??
[  928.717916][   T30] audit: type=1400 audit(1749820124.623:1066): avc:  denied  { connect } for  pid=16668 comm="syz.0.2956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  928.741849][   T30] audit: type=1400 audit(1749820124.643:1067): avc:  denied  { bind } for  pid=16668 comm="syz.0.2956" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  929.009255][T16673] qrtr: Invalid version 0
[  929.018330][T16673] ptrace attach of "./syz-executor exec"[5824] was attempted by "./syz-executor exec"[16673]
[  929.050128][ T5935] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  929.185301][ T5897] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor
[  929.219227][ T5935] usb 2-1: Using ep0 maxpacket: 8
[  929.353970][ T5935] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  929.372512][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.383974][ T5897] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.001B/input/input38
[  929.403251][T16654] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  929.419752][T16654] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  929.419907][ T5935] usb 2-1: config 0 descriptor??
[  929.470288][   T30] audit: type=1400 audit(1749820125.373:1068): avc:  denied  { mount } for  pid=16652 comm="syz.2.2949" name="/" dev="hugetlbfs" ino=51729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  929.535342][   T30] audit: type=1400 audit(1749820125.383:1069): avc:  denied  { unmount } for  pid=16652 comm="syz.2.2949" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  929.658831][ T5897] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  930.350676][ T5868] usb 3-1: USB disconnect, device number 67
[  930.373700][ T5935] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  930.397422][ T5935] asix 2-1:0.0: probe with driver asix failed with error -61
[  930.775329][ T5935] usb 5-1: new low-speed USB device number 21 using dummy_hcd
[  931.260712][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  931.336579][T16701] can0: slcan on ptm0.
[  931.344047][T16701] FAULT_INJECTION: forcing a failure.
[  931.344047][T16701] name failslab, interval 1, probability 0, space 0, times 0
[  931.360848][ T5935] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  931.362309][T16701] CPU: 0 UID: 0 PID: 16701 Comm: syz.2.2964 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  931.362331][T16701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  931.362340][T16701] Call Trace:
[  931.362345][T16701]  <TASK>
[  931.362351][T16701]  dump_stack_lvl+0x16c/0x1f0
[  931.362378][T16701]  should_fail_ex+0x512/0x640
[  931.362398][T16701]  ? fs_reclaim_acquire+0xae/0x150
[  931.362414][T16701]  ? tomoyo_encode2+0x100/0x3e0
[  931.362434][T16701]  should_failslab+0xc2/0x120
[  931.362455][T16701]  __kmalloc_noprof+0xd2/0x510
[  931.362474][T16701]  ? d_absolute_path+0x136/0x1a0
[  931.362493][T16701]  tomoyo_encode2+0x100/0x3e0
[  931.362517][T16701]  tomoyo_encode+0x29/0x50
[  931.362535][T16701]  tomoyo_realpath_from_path+0x18f/0x6e0
[  931.362563][T16701]  tomoyo_path_number_perm+0x245/0x580
[  931.362580][T16701]  ? tomoyo_path_number_perm+0x237/0x580
[  931.362600][T16701]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  931.362620][T16701]  ? find_held_lock+0x2b/0x80
[  931.362659][T16701]  ? find_held_lock+0x2b/0x80
[  931.362676][T16701]  ? hook_file_ioctl_common+0x145/0x410
[  931.362705][T16701]  ? __fget_files+0x20e/0x3c0
[  931.362728][T16701]  security_file_ioctl+0x9b/0x240
[  931.362750][T16701]  __x64_sys_ioctl+0xb7/0x210
[  931.362768][T16701]  do_syscall_64+0xcd/0x4c0
[  931.362792][T16701]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  931.362807][T16701] RIP: 0033:0x7fc0ecb8e929
[  931.362820][T16701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  931.362834][T16701] RSP: 002b:00007fc0ed9d2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  931.362849][T16701] RAX: ffffffffffffffda RBX: 00007fc0ecdb5fa0 RCX: 00007fc0ecb8e929
[  931.362859][T16701] RDX: 0000000000000000 RSI: 0000000000008924 RDI: 0000000000000003
[  931.362868][T16701] RBP: 00007fc0ed9d2090 R08: 0000000000000000 R09: 0000000000000000
[  931.362876][T16701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  931.362885][T16701] R13: 0000000000000000 R14: 00007fc0ecdb5fa0 R15: 00007ffffc89afc8
[  931.362907][T16701]  </TASK>
[  931.362926][T16701] ERROR: Out of memory at tomoyo_realpath_from_path.
[  931.376111][ T5935] usb 5-1: config 0 has no interface number 0
[  931.607399][ T5935] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  931.622898][ T5935] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  931.634217][T16700] can0 (unregistered): slcan off ptm0.
[  931.646999][ T5935] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  931.665526][ T5935] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.692300][ T5935] usb 5-1: config 0 descriptor??
[  931.701988][T16691] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  931.716899][ T5935] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  932.259817][T16719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  932.272635][T16719] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  932.695609][ T5868] usb 2-1: USB disconnect, device number 56
[  935.307037][    C1] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  936.259437][ T5868] usb 5-1: USB disconnect, device number 21
[  936.619417][T12000] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[  936.942366][T12000] usb 3-1: Using ep0 maxpacket: 16
[  936.979202][   T30] audit: type=1400 audit(1749820132.873:1070): avc:  denied  { setopt } for  pid=16752 comm="syz.0.2973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  936.979531][T12000] usb 3-1: config 15 has an invalid interface number: 123 but max is 0
[  937.069171][T12000] usb 3-1: config 15 has no interface number 0
[  937.091371][T12000] usb 3-1: config 15 interface 123 has no altsetting 0
[  937.127371][T12000] usb 3-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=b9.c4
[  937.156171][T12000] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  937.175471][T12000] usb 3-1: Product: syz
[  937.381873][T12000] usb 3-1: Manufacturer: syz
[  937.386504][T12000] usb 3-1: SerialNumber: syz
[  938.384243][T12000] usb 3-1: can't set config #15, error -71
[  938.691781][T16764] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.2976'.
[  938.911347][T12000] usb 3-1: USB disconnect, device number 68
[  939.132198][T16781] netlink: 'syz.2.2978': attribute type 1 has an invalid length.
[  939.512071][ T5868] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  939.839367][ T5868] usb 4-1: device descriptor read/64, error -71
[  939.884573][T16791] tmpfs: Unknown parameter 'grpquota_inmit'
[  939.915437][T16781] 8021q: adding VLAN 0 to HW filter on device bond2
[  939.958224][T16782] bond2: (slave gretap1): making interface the new active one
[  939.967990][T16782] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  940.113601][ T5868] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  940.233954][ T5825] usb 2-1: new low-speed USB device number 57 using dummy_hcd
[  940.400154][ T5868] usb 4-1: device descriptor read/64, error -71
[  940.426196][T16798] 9pnet: Could not find request transport: tct��rt=0x0000000000004e22
[  940.452292][ T5825] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  940.467135][ T5825] usb 2-1: config 0 has no interface number 0
[  940.482334][ T5825] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  940.495203][ T5825] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  940.508892][ T5825] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  940.518491][ T5868] usb usb4-port1: attempt power cycle
[  940.527148][ T5825] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.547272][ T5825] usb 2-1: config 0 descriptor??
[  940.547388][T16793] bond2 (unregistering): (slave gretap1): Releasing active interface
[  940.557706][T16792] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  940.569838][T16793] bond2 (unregistering): Released all slaves
[  940.580185][ T5825] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  940.613558][T16791] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2982'.
[  940.859223][ T5868] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  940.866881][T16810] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  940.878114][T16810] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  942.519785][ T5868] usb 4-1: device descriptor read/8, error -71
[  942.609311][T16815] FAULT_INJECTION: forcing a failure.
[  942.609311][T16815] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  942.610905][T16815] 
[  942.610911][T16815] ======================================================
[  942.610918][T16815] WARNING: possible circular locking dependency detected
[  942.610925][T16815] 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 Not tainted
[  942.610935][T16815] ------------------------------------------------------
[  942.610941][T16815] syz.0.2985/16815 is trying to acquire lock:
[  942.610951][T16815] ffffffff8e4d1dc0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x9f/0xd0
[  942.610995][T16815] 
[  942.610995][T16815] but task is already holding lock:
[  942.611000][T16815] ffff8880b843bc98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  942.611037][T16815] 
[  942.611037][T16815] which lock already depends on the new lock.
[  942.611037][T16815] 
[  942.611043][T16815] 
[  942.611043][T16815] the existing dependency chain (in reverse order) is:
[  942.611049][T16815] 
[  942.611049][T16815] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  942.611070][T16815]        _raw_spin_lock_nested+0x31/0x40
[  942.611092][T16815]        raw_spin_rq_lock_nested+0x29/0x130
[  942.611111][T16815]        task_rq_lock+0xcf/0x490
[  942.611130][T16815]        cgroup_move_task+0x81/0x2a0
[  942.611151][T16815]        css_set_move_task+0x288/0x5f0
[  942.611166][T16815]        cgroup_post_fork+0x201/0x9e0
[  942.611185][T16815]        copy_process+0x5cfc/0x76a0
[  942.611205][T16815]        kernel_clone+0xfc/0x960
[  942.611224][T16815]        user_mode_thread+0xc7/0x110
[  942.611244][T16815]        rest_init+0x23/0x2b0
[  942.611260][T16815]        start_kernel+0x3ee/0x4d0
[  942.611281][T16815]        x86_64_start_reservations+0x18/0x30
[  942.611303][T16815]        x86_64_start_kernel+0x130/0x190
[  942.611324][T16815]        common_startup_64+0x13e/0x148
[  942.611339][T16815] 
[  942.611339][T16815] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  942.611360][T16815]        _raw_spin_lock_irqsave+0x3a/0x60
[  942.611381][T16815]        try_to_wake_up+0xb2/0x1680
[  942.611399][T16815]        __wake_up_common+0x132/0x1f0
[  942.611424][T16815]        __wake_up+0x31/0x60
[  942.611443][T16815]        tty_port_default_wakeup+0x2a/0x40
[  942.611468][T16815]        serial8250_tx_chars+0x68e/0x860
[  942.611494][T16815]        serial8250_handle_irq+0x761/0xcb0
[  942.611510][T16815]        serial8250_default_handle_irq+0x9a/0x210
[  942.611526][T16815]        serial8250_interrupt+0x103/0x210
[  942.611544][T16815]        __handle_irq_event_percpu+0x22c/0x7d0
[  942.611564][T16815]        handle_irq_event+0xab/0x1e0
[  942.611582][T16815]        handle_edge_irq+0x28e/0xab0
[  942.611598][T16815]        __common_interrupt+0xe2/0x250
[  942.611618][T16815]        common_interrupt+0xba/0xe0
[  942.611635][T16815]        asm_common_interrupt+0x26/0x40
[  942.611650][T16815]        pv_native_safe_halt+0xf/0x20
[  942.611672][T16815]        default_idle+0x13/0x20
[  942.611686][T16815]        default_idle_call+0x6d/0xb0
[  942.611702][T16815]        do_idle+0x391/0x510
[  942.611720][T16815]        cpu_startup_entry+0x4f/0x60
[  942.611739][T16815]        start_secondary+0x21d/0x2b0
[  942.611759][T16815]        common_startup_64+0x13e/0x148
[  942.611774][T16815] 
[  942.611774][T16815] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  942.611796][T16815]        _raw_spin_lock_irqsave+0x3a/0x60
[  942.611817][T16815]        __wake_up+0x1c/0x60
[  942.611836][T16815]        tty_port_default_wakeup+0x2a/0x40
[  942.611861][T16815]        serial8250_tx_chars+0x68e/0x860
[  942.611889][T16815]        serial8250_handle_irq+0x761/0xcb0
[  942.611905][T16815]        serial8250_default_handle_irq+0x9a/0x210
[  942.611921][T16815]        serial8250_interrupt+0x103/0x210
[  942.611938][T16815]        __handle_irq_event_percpu+0x22c/0x7d0
[  942.611956][T16815]        handle_irq_event+0xab/0x1e0
[  942.611973][T16815]        handle_edge_irq+0x28e/0xab0
[  942.611990][T16815]        __common_interrupt+0xe2/0x250
[  942.612008][T16815]        common_interrupt+0xba/0xe0
[  942.612024][T16815]        asm_common_interrupt+0x26/0x40
[  942.612039][T16815]        pv_native_safe_halt+0xf/0x20
[  942.612060][T16815]        default_idle+0x13/0x20
[  942.612075][T16815]        default_idle_call+0x6d/0xb0
[  942.612090][T16815]        do_idle+0x391/0x510
[  942.612107][T16815]        cpu_startup_entry+0x4f/0x60
[  942.612126][T16815]        start_secondary+0x21d/0x2b0
[  942.612145][T16815]        common_startup_64+0x13e/0x148
[  942.612159][T16815] 
[  942.612159][T16815] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  942.612180][T16815]        _raw_spin_lock_irqsave+0x3a/0x60
[  942.612199][T16815]        serial8250_console_write+0x181/0x1890
[  942.612216][T16815]        console_flush_all+0x801/0xc60
[  942.612233][T16815]        console_unlock+0xd8/0x210
[  942.612250][T16815]        vprintk_emit+0x418/0x6d0
[  942.612268][T16815]        _printk+0xc7/0x100
[  942.612291][T16815]        register_console+0xc2d/0x11b0
[  942.612309][T16815]        univ8250_console_init+0x5f/0x90
[  942.612331][T16815]        console_init+0x14f/0x680
[  942.612352][T16815]        start_kernel+0x29f/0x4d0
[  942.612371][T16815]        x86_64_start_reservations+0x18/0x30
[  942.612393][T16815]        x86_64_start_kernel+0x130/0x190
[  942.612413][T16815]        common_startup_64+0x13e/0x148
[  942.612427][T16815] 
[  942.612427][T16815] -> #0 (console_owner){-.-.}-{0:0}:
[  942.612447][T16815]        __lock_acquire+0x126f/0x1c90
[  942.612470][T16815]        lock_acquire+0x179/0x350
[  942.612493][T16815]        console_lock_spinning_enable+0xb0/0xd0
[  942.612510][T16815]        console_flush_all+0x7aa/0xc60
[  942.612528][T16815]        console_unlock+0xd8/0x210
[  942.612545][T16815]        vprintk_emit+0x418/0x6d0
[  942.612563][T16815]        _printk+0xc7/0x100
[  942.612586][T16815]        should_fail_ex+0x4e7/0x640
[  942.612606][T16815]        strncpy_from_user+0x3b/0x2e0
[  942.612625][T16815]        strncpy_from_user_nofault+0x7f/0x180
[  942.612648][T16815]        bpf_probe_read_user_str+0x26/0x70
[  942.612670][T16815]        bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  942.612683][T16815]        bpf_trace_run4+0x24c/0x5a0
[  942.612698][T16815]        __bpf_trace_sched_switch+0x145/0x190
[  942.612717][T16815]        __traceiter_sched_switch+0x6c/0xc0
[  942.612732][T16815]        __schedule+0x1bee/0x5de0
[  942.612753][T16815]        preempt_schedule_common+0x44/0xc0
[  942.612774][T16815]        preempt_schedule_thunk+0x16/0x30
[  942.612793][T16815]        vfs_write+0x466/0x1150
[  942.612812][T16815]        ksys_write+0x12a/0x250
[  942.612830][T16815]        do_syscall_64+0xcd/0x4c0
[  942.612854][T16815]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  942.612870][T16815] 
[  942.612870][T16815] other info that might help us debug this:
[  942.612870][T16815] 
[  942.612874][T16815] Chain exists of:
[  942.612874][T16815]   console_owner --> &p->pi_lock --> &rq->__lock
[  942.612874][T16815] 
[  942.612904][T16815]  Possible unsafe locking scenario:
[  942.612904][T16815] 
[  942.612909][T16815]        CPU0                    CPU1
[  942.612914][T16815]        ----                    ----
[  942.612918][T16815]   lock(&rq->__lock);
[  942.612929][T16815]                                lock(&p->pi_lock);
[  942.612940][T16815]                                lock(&rq->__lock);
[  942.612951][T16815]   lock(console_owner);
[  942.612962][T16815] 
[  942.612962][T16815]  *** DEADLOCK ***
[  942.612962][T16815] 
[  942.612966][T16815] 5 locks held by syz.0.2985/16815:
[  942.612976][T16815]  #0: ffff888035d7f5f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370
[  942.613020][T16815]  #1: ffff8880b843bc98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  942.613059][T16815]  #2: ffffffff8e5c4840 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run4+0x1cf/0x5a0
[  942.613096][T16815]  #3: ffffffff8e5b2200 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  942.613140][T16815]  #4: ffffffff8e5b2270 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  942.613178][T16815] 
[  942.613178][T16815] stack backtrace:
[  942.613186][T16815] CPU: 1 UID: 0 PID: 16815 Comm: syz.0.2985 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  942.613207][T16815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  942.613217][T16815] Call Trace:
[  942.613223][T16815]  <TASK>
[  942.613230][T16815]  dump_stack_lvl+0x116/0x1f0
[  942.613255][T16815]  print_circular_bug+0x275/0x350
[  942.613280][T16815]  check_noncircular+0x14c/0x170
[  942.613307][T16815]  __lock_acquire+0x126f/0x1c90
[  942.613337][T16815]  lock_acquire+0x179/0x350
[  942.613360][T16815]  ? console_lock_spinning_enable+0x9f/0xd0
[  942.613381][T16815]  ? console_lock_spinning_enable+0x88/0xd0
[  942.613402][T16815]  console_lock_spinning_enable+0xb0/0xd0
[  942.613420][T16815]  ? console_lock_spinning_enable+0x9f/0xd0
[  942.613438][T16815]  console_flush_all+0x7aa/0xc60
[  942.613460][T16815]  ? __pfx_console_flush_all+0x10/0x10
[  942.613483][T16815]  ? is_printk_cpu_sync_owner+0x32/0x40
[  942.613507][T16815]  console_unlock+0xd8/0x210
[  942.613525][T16815]  ? __pfx_console_unlock+0x10/0x10
[  942.613543][T16815]  ? do_raw_spin_unlock+0x100/0x230
[  942.613562][T16815]  ? _printk+0xc7/0x100
[  942.613586][T16815]  ? __down_trylock_console_sem+0xb0/0x140
[  942.613604][T16815]  vprintk_emit+0x418/0x6d0
[  942.613624][T16815]  ? __pfx_vprintk_emit+0x10/0x10
[  942.613643][T16815]  ? process_measurement+0x4a6/0x23e0
[  942.613666][T16815]  ? down_write+0x14d/0x200
[  942.613685][T16815]  _printk+0xc7/0x100
[  942.613709][T16815]  ? __pfx__printk+0x10/0x10
[  942.613737][T16815]  ? __pfx____ratelimit+0x10/0x10
[  942.613760][T16815]  ? __lock_acquire+0x622/0x1c90
[  942.613787][T16815]  should_fail_ex+0x4e7/0x640
[  942.613810][T16815]  strncpy_from_user+0x3b/0x2e0
[  942.613830][T16815]  ? lock_acquire+0x179/0x350
[  942.613856][T16815]  strncpy_from_user_nofault+0x7f/0x180
[  942.613881][T16815]  bpf_probe_read_user_str+0x26/0x70
[  942.613911][T16815]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  942.613924][T16815]  bpf_trace_run4+0x24c/0x5a0
[  942.613942][T16815]  ? __pfx_bpf_trace_run4+0x10/0x10
[  942.613958][T16815]  ? is_bpf_text_address+0x8a/0x1a0
[  942.613981][T16815]  ? __lock_acquire+0xb8a/0x1c90
[  942.614008][T16815]  __bpf_trace_sched_switch+0x145/0x190
[  942.614029][T16815]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  942.614048][T16815]  ? update_triggers+0x571/0x5a0
[  942.614072][T16815]  ? plist_check_prev_next+0x12a/0x1a0
[  942.614093][T16815]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  942.614117][T16815]  __traceiter_sched_switch+0x6c/0xc0
[  942.614133][T16815]  ? set_next_task_rt+0x403/0x6a0
[  942.614157][T16815]  __schedule+0x1bee/0x5de0
[  942.614179][T16815]  ? find_held_lock+0x2b/0x80
[  942.614204][T16815]  ? __pfx___schedule+0x10/0x10
[  942.614230][T16815]  ? irqentry_exit+0x3b/0x90
[  942.614254][T16815]  ? lockdep_hardirqs_on+0x7c/0x110
[  942.614279][T16815]  ? preempt_schedule_thunk+0x16/0x30
[  942.614300][T16815]  preempt_schedule_common+0x44/0xc0
[  942.614325][T16815]  preempt_schedule_thunk+0x16/0x30
[  942.614347][T16815]  ? vfs_write+0x454/0x1150
[  942.614367][T16815]  ? vfs_write+0x461/0x1150
[  942.614387][T16815]  vfs_write+0x466/0x1150
[  942.614410][T16815]  ? __pfx___mutex_lock+0x10/0x10
[  942.614435][T16815]  ? __pfx_vfs_write+0x10/0x10
[  942.614459][T16815]  ? __fget_files+0x20e/0x3c0
[  942.614484][T16815]  ksys_write+0x12a/0x250
[  942.614504][T16815]  ? __pfx_ksys_write+0x10/0x10
[  942.614528][T16815]  do_syscall_64+0xcd/0x4c0
[  942.614554][T16815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  942.614571][T16815] RIP: 0033:0x7f6b3598d3df
[  942.614584][T16815] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  942.614601][T16815] RSP: 002b:00007f6b337b4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  942.614617][T16815] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f6b3598d3df
[  942.614629][T16815] RDX: 0000000000000001 RSI: 00007f6b337b4090 RDI: 000000000000000b
[  942.614638][T16815] RBP: 00007f6b337b4090 R08: 0000000000000000 R09: 00007f6b337b3df7
[  942.614650][T16815] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  942.614660][T16815] R13: 0000000000000000 R14: 00007f6b35bb6160 R15: 00007fff6efd2838
[  942.614678][T16815]  </TASK>
[  943.766772][T16815] CPU: 1 UID: 0 PID: 16815 Comm: syz.0.2985 Not tainted 6.16.0-rc1-syzkaller-00101-g27605c8c0f69 #0 PREEMPT(full) 
[  943.766788][T16815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  943.766795][T16815] Call Trace:
[  943.766800][T16815]  <TASK>
[  943.766806][T16815]  dump_stack_lvl+0x116/0x1f0
[  943.766826][T16815]  should_fail_ex+0x512/0x640
[  943.766842][T16815]  strncpy_from_user+0x3b/0x2e0
[  943.766855][T16815]  ? lock_acquire+0x179/0x350
[  943.766873][T16815]  strncpy_from_user_nofault+0x7f/0x180
[  943.766889][T16815]  bpf_probe_read_user_str+0x26/0x70
[  943.766905][T16815]  bpf_prog_bc7c5c6b9645592f+0x3e/0x44
[  943.766914][T16815]  bpf_trace_run4+0x24c/0x5a0
[  943.766925][T16815]  ? __pfx_bpf_trace_run4+0x10/0x10
[  943.766936][T16815]  ? is_bpf_text_address+0x8a/0x1a0
[  943.766950][T16815]  ? __lock_acquire+0xb8a/0x1c90
[  943.766967][T16815]  __bpf_trace_sched_switch+0x145/0x190
[  943.766980][T16815]  ? __pfx___bpf_trace_sched_switch+0x10/0x10
[  943.766992][T16815]  ? update_triggers+0x571/0x5a0
[  943.767009][T16815]  ? plist_check_prev_next+0x12a/0x1a0
[  943.767023][T16815]  ? tracing_record_taskinfo_sched_switch+0x54/0x400
[  943.767037][T16815]  __traceiter_sched_switch+0x6c/0xc0
[  943.767048][T16815]  ? set_next_task_rt+0x403/0x6a0
[  943.767064][T16815]  __schedule+0x1bee/0x5de0
[  943.767078][T16815]  ? find_held_lock+0x2b/0x80
[  943.767094][T16815]  ? __pfx___schedule+0x10/0x10
[  943.767110][T16815]  ? irqentry_exit+0x3b/0x90
[  943.767125][T16815]  ? lockdep_hardirqs_on+0x7c/0x110
[  943.767141][T16815]  ? preempt_schedule_thunk+0x16/0x30
[  943.767154][T16815]  preempt_schedule_common+0x44/0xc0
[  943.767170][T16815]  preempt_schedule_thunk+0x16/0x30
[  943.767184][T16815]  ? vfs_write+0x454/0x1150
[  943.767196][T16815]  ? vfs_write+0x461/0x1150
[  943.767209][T16815]  vfs_write+0x466/0x1150
[  943.767222][T16815]  ? __pfx___mutex_lock+0x10/0x10
[  943.767238][T16815]  ? __pfx_vfs_write+0x10/0x10
[  943.767253][T16815]  ? __fget_files+0x20e/0x3c0
[  943.767269][T16815]  ksys_write+0x12a/0x250
[  943.767282][T16815]  ? __pfx_ksys_write+0x10/0x10
[  943.767297][T16815]  do_syscall_64+0xcd/0x4c0
[  943.767314][T16815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  943.767325][T16815] RIP: 0033:0x7f6b3598d3df
[  943.767334][T16815] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  943.767345][T16815] RSP: 002b:00007f6b337b4030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  943.767356][T16815] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f6b3598d3df
[  943.767363][T16815] RDX: 0000000000000001 RSI: 00007f6b337b4090 RDI: 000000000000000b
[  943.767369][T16815] RBP: 00007f6b337b4090 R08: 0000000000000000 R09: 00007f6b337b3df7
[  943.767376][T16815] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  943.767382][T16815] R13: 0000000000000000 R14: 00007f6b35bb6160 R15: 00007fff6efd2838
[  943.767392][T16815]  </TASK>
[  944.133000][ T5825] usb 2-1: USB disconnect, device number 57
[  944.142985][T16816] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2987'.