last executing test programs:

38.191598873s ago: executing program 1 (id=2659):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000003e0007010000000000000000047c0000100045800c0009"], 0x28}}, 0x4040040)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_int(r4, 0x0, 0xa, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x98cf2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv2(r5, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
move_pages(r8, 0x0, 0x0, &(0x7f0000000240)=[0x1], 0x0, 0x0)
shmget(0x1, 0x4000, 0x200, &(0x7f0000ffb000/0x4000)=nil)

36.885205966s ago: executing program 1 (id=2662):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000340)='dE\x00^\x1b\x19\xabr\xb7a\xa57\xf9\xd5\x8fR\xa0\xf6\xf7IQH\xcdPHSG\x05\x94X\x9d\xb5\xa0\xeb\xa1\xd0\x95j\xf4A\x15y\x83\xeb2\x8e0O\xdaY\xd7\xb8Q\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000780)='\xb9T\xb9\xf5\x9d\xee/\xc9\xa8\xaa\xe6\xad\xb4s\x002tT5j<\xd4\xfc\x03\x12~\x8d\xf7\xe0\xfc\x96M\x82\xf3\xf5I\xbc*[\x1eX1\xb6\x15\x1a/\x83\x99\x88\xe9\x00\xf3\xefO2\xac\xfe\n\xf4\xed>M\x84D\xf9O!Ywe\x7f\x8b\xd1C\xf3\x7fr\xe8\x1cy\xb4\x00BO\r\x86f^U\xae\x9d\x9e\x15\xa9Oon\xbf\x88vv\xea\xd9\xb6\x11F\xdfq\xa2\x9a\xa0\xfb\xadBT\xf5Q\xd2\xd4\xb7\xa3\xe7\xea\xb1\xc2\xcd\xb4\xe4\x8e\xdc.!Z\x9b\xf3\x92_\xf9$\xba\t\xc3\x8a\x1bO\r\xdeo\xd54\x83\xe2?-\xa4-\xa2\x19\x14\x80[\xa5\x94\xcd\x85\x83\xf6_C\xfe\x89\x88\t\xf2\xa6\xdb\xc1q\xce\x123Y\xdb)\xdc\xd8\x19\x87\x84P\xd9', &(0x7f00000003c0)='dU|\xcb\t\'_\x05\xe0<`\x8a(\xa0G7\xe1\x89\xd5U\xe1L\xa5\xa3\xcb4D\xbe\x02\xefZ%\xdbb{\xccw\x9b\x00'/61, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000a00)='wsync', &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xf7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0fM\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="d2", 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000280)='\x11\xbb\xac3q\xb0\xeb\x06\xbd\xab\xf3\xb0\xfe\xccn\x9c\x00', &(0x7f00000000c0)='{)+}@@!}\x00f\x01\x0e\x00\xadq\x1e\x03uK\x85\xe1\xe3u\xc2\xb9\xce&s$\x9co\xeb\x97o`\r\x83\r\'\x0ff\x04Q*\xe7', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000002b807e0f87e698ff44822817e8a0ee08b916386c000000"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7})
close(r6)

35.863853072s ago: executing program 1 (id=2665):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r2=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
r3 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, 0x0, 0x0, <r7=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r6, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r7, 0x0, 0x10001, 0x0, 0x0, 0x2000, 0x749bc})
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="38000000180001000000000002000000020000000001fd0600030000060015000200000014001680100008800c0003800500010001000000d3b5777c8800006efa47a19e15c0cdc2a2d93e7f996a"], 0x38}}, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r2, 0x1, 0xfffd, 0x2000, 0x1ff, 0x1})
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000040)={'\x00\f\x00', 0x0, 0x2, 0x2, 0xfffffffe, 0x1, "00000000000100eba91db29800", "00004702", "0300", "17ad3700", ["fdffffff84a438dfc5d5c010", "d78cb8b0211a83be12ff0bff", "0000effffff7ffffbfff8100"]})

34.711630157s ago: executing program 1 (id=2667):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
dup(r0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'wg0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
r1 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4010, r1, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x451982)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
socket$netlink(0x10, 0x3, 0xc)
pipe2(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendto$inet6(r4, &(0x7f00000000c0)="c0b780676e57bbca4f04fb090e987ba5d3a636fe5dcbaf875372ba4efe55841ccd1b7c07987147e0be164d40384741d4723661c947c32e10a5377a158e973dae0e7f93c19e10fd2b29499047afffc859a5167322070972892a429009362d3d70da5c9b4899b3aa932fec03808cd55a11d7e81d4f21d49dea862f1a03e53681bf28656297ea7cda29b575a3f1747678e2db19886a9fd2641d", 0x98, 0x20000084, &(0x7f0000000000)={0xa, 0x4e23, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0xffffffffffffff5b)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, 0x0, &(0x7f0000000180))
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text16={0x10, &(0x7f0000000280)="f30f1ecfd92b66b8010000000f01d966b9c40d000066b80080000066ba000000000f30f2abb811010f00d03664650f01c3e800d065dac80f21ac", 0x3a}], 0x1, 0x69, 0x0, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$SNDRV_TIMER_IOCTL_START(0xffffffffffffffff, 0x54a0)

34.183789115s ago: executing program 1 (id=2668):
r0 = syz_open_dev$video4linux(&(0x7f00000003c0), 0x40006, 0x981c3)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x10, 0x8000)
recvmmsg(r2, &(0x7f00000000c0), 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x1)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205649, &(0x7f00000006c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f907, 0x3, '\x00', @p_u8=&(0x7f0000000280)=0x3}})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10000000, 0x40000000, 0x802, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040))
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r5, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000680)={0x0, 0xfc000000}, 0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000010}, 0x44080)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x4000)
bind$inet6(r5, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r5, 0x84, 0x79, &(0x7f0000000240)=ANY=[@ANYRESOCT=r5, @ANYRES64=r0, @ANYRESOCT=r4], 0x8)
io_setup(0x17, &(0x7f0000000540))
socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f0000000040)=0x1, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()

32.936354307s ago: executing program 1 (id=2674):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xb, 0x2008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10002)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
chdir(0x0)
ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000000200)={0x0, 0x8001})
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r6 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xff00000000000000, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000002000)}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x1005, 0x6576, 0x109})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000000), 0x0)

30.559455606s ago: executing program 4 (id=2685):
pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4c"], 0x15) (async, rerun: 64)
r1 = dup(r0) (rerun: 64)
write$FUSE_BMAP(r1, &(0x7f0000000100)={0x18}, 0x18) (async, rerun: 64)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="38010000fe0000"], 0x138) (async, rerun: 64)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002}) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async, rerun: 64)
r4 = dup3(r3, r2, 0x0) (rerun: 64)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) (async, rerun: 64)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x68, 0x18, &(0x7f00000004c0)={@flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @ptr={0x70742a85, 0x0, 0x0, 0x50, 0x2, 0x23}, @ptr={0x70742a85, 0x1, 0x0, 0x0, 0x1, 0x48}}, &(0x7f0000000240)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0}) (rerun: 64)
ioctl$PPPIOCSMRU(r1, 0x40047452, &(0x7f0000000000)=0xf0e)
syz_io_uring_setup(0x49a, &(0x7f0000000200)={0x0, 0x79af, 0x2, 0x1, 0x40000052, 0x0, r1}, &(0x7f0000000340), &(0x7f00000000c0))

29.707841402s ago: executing program 4 (id=2687):
r0 = socket$inet(0xa, 0x801, 0x84)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x141280, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r2, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r4, 0x0, r3})
write$P9_RGETLOCK(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff6a)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x84000)
tee(0xffffffffffffffff, r5, 0x60000000000, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='io_uring_link\x00', r6, 0x0, 0x4}, 0x18)
r7 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000001a40)=""/102392, 0x18ff8)
r9 = add_key(&(0x7f0000000140)='encrypted\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$read(0xb, r9, 0x0, 0x0)
write$P9_RSTATu(r7, &(0x7f0000000340)=ANY=[@ANYBLOB="300200007d00000005ef000000000000080000000000000000000000000000000000000000000000000005000000000000001b00046e6f6465767b65766f6f7e0539c60005000037d93a8b920000003800704a86cec602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e11400cfc26dd7c500f04cd85f2a70f5e9930e3c5db45a5500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/548, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x230)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
io_uring_enter(0xffffffffffffffff, 0x47f6, 0x0, 0x0, 0x0, 0x0)
setxattr$incfs_size(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440), &(0x7f0000000480)=0x2, 0x8, 0x2)
close_range(r1, 0xffffffffffffffff, 0x200000000000000)
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @private=0xa050102}, 0x10)
socket$netlink(0x10, 0x3, 0x1)
listen(r0, 0x8)
r10 = accept4(r0, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r10, 0x84, 0x22, 0x0, 0x0)

28.411401366s ago: executing program 4 (id=2691):
r0 = openat$cachefiles(0xffffffffffffff9c, 0x0, 0x140, 0x0)
preadv(r0, 0x0, 0x0, 0x6, 0x2e58)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000b40)={0x54, 0x1, 0x1, {0x0, 0x1}, {0x60, 0x2}, @period={0x59, 0x0, 0x8, 0x2, 0x448, {0x2, 0x8, 0x679c, 0x401}, 0x0, 0x0}})
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x2250)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
bind$xdp(r0, &(0x7f00000001c0)={0x2c, 0x3, 0x0, 0x21}, 0x10)
syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, 0x0)
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, 0x0)
read$dsp(0xffffffffffffffff, &(0x7f00000011c0)=""/4117, 0x200021d5)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_pidfd_open(r2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
r3 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000080)="2e00000011008188040f46ec0800b9cca7480ef4210000fee3bd6efb440013030e001b000d000008ba800082da01", 0x2e}], 0x1}, 0x48d4)

27.3313384s ago: executing program 4 (id=2694):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x1000000000000000, 0x47)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r1, &(0x7f00000002c0)="f9", 0x1, 0x40, &(0x7f0000000040)={0xa, 0x0, 0xfffffffc, @rand_addr=' \x01\x00'}, 0x1c)
sendto$inet6(r1, &(0x7f0000000300)='H', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c)
shutdown(r1, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000440)={<r2=>0x0, @in6={{0xa, 0x4e22, 0xfffffffa, @empty, 0x4}}, 0x7fff, 0x2, 0x100, 0x5, 0x60, 0x2, 0xf}, &(0x7f0000000100)=0x9c)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYRES64=r2], 0x48)
syz_emit_ethernet(0x66, &(0x7f0000019600)=ANY=[@ANYRESOCT=r3, @ANYRESDEC=r0], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x211, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x222000)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000840))
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x3b}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000019300)={0x0, 0xfffffff8, 0x9, 0xfffc, 0x4, 0x5, 0x2, 0x0, 0xfffffffffffffffd, 0x0, 0x9, 0x1})
ioctl$SNDRV_PCM_IOCTL_FORWARD(r7, 0x40084149, &(0x7f0000000340)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000019540)={0xb, 0x0, 0x0, 0x0, 0x2f5ecdf2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10001}, 0x94)
syz_genetlink_get_family_id$wireguard(&(0x7f00000005c0), 0xffffffffffffffff)
read$msr(r4, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x19, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @cgroup_sockopt=0x15, 0xffffffffffffffff, 0x6}, 0x94)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r8=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r8, &(0x7f0000019500)={&(0x7f0000019440)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000194c0)={&(0x7f0000019480)=ANY=[@ANYBLOB="18000100010000d4"], 0x18}}, 0x4000)

26.486764189s ago: executing program 4 (id=2698):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
r2 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x1f, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000fcffffff000000000900000018010000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000006d00000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000ff7f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
syz_usb_control_io$hid(r2, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0})
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000400)=""/101, 0x65}], 0x1}}], 0x1, 0x60, 0x0)

25.245753741s ago: executing program 4 (id=2701):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = fsopen(&(0x7f0000000400)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='\xd1S{O', &(0x7f0000000080)='\x1e\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000001680)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000640)='dU|\xcbM\xe6\x91q\xe0\x05\xbes\xc0\xd2\xdb0}\xa6\xc4tly\xe0+\xb8~\xd9ymx\xa1\x06\xb4F\xf3Q:\xfem\xea\xed\xfc\x04\xf88\xe0\xa1&\xa8\xff\x10\xb3\xb2\x92N\f\x00!\xdbV\xc3\xca\r\x8c\xfb\x8esJ\xb3\x1bf\xce\v\x0e\xe3\xd5', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000040)='\x00', &(0x7f0000000340)='dE\x00^\x1b\x19\xabr\xb7a\xa57\xf9\xd5\x8fR\xa0\xf6\xf7IQH\xcdPHSG\x05\x94X\x9d\xb5\xa0\xeb\xa1\xd0\x95j\xf4A\x15y\x83\xeb2\x8e0O\xdaY\xd7\xb8Q\xb4', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000780)='\xb9T\xb9\xf5\x9d\xee/\xc9\xa8\xaa\xe6\xad\xb4s\x002tT5j<\xd4\xfc\x03\x12~\x8d\xf7\xe0\xfc\x96M\x82\xf3\xf5I\xbc*[\x1eX1\xb6\x15\x1a/\x83\x99\x88\xe9\x00\xf3\xefO2\xac\xfe\n\xf4\xed>M\x84D\xf9O!Ywe\x7f\x8b\xd1C\xf3\x7fr\xe8\x1cy\xb4\x00BO\r\x86f^U\xae\x9d\x9e\x15\xa9Oon\xbf\x88vv\xea\xd9\xb6\x11F\xdfq\xa2\x9a\xa0\xfb\xadBT\xf5Q\xd2\xd4\xb7\xa3\xe7\xea\xb1\xc2\xcd\xb4\xe4\x8e\xdc.!Z\x9b\xf3\x92_\xf9$\xba\t\xc3\x8a\x1bO\r\xdeo\xd54\x83\xe2?-\xa4-\xa2\x19\x14\x80[\xa5\x94\xcd\x85\x83\xf6_C\xfe\x89\x88\t\xf2\xa6\xdb\xc1q\xce\x123Y\xdb)\xdc\xd8\x19\x87\x84P\xd9', &(0x7f00000003c0)='dU|\xcb\t\'_\x05\xe0<`\x8a(\xa0G7\xe1\x89\xd5U\xe1L\xa5\xa3\xcb4D\xbe\x02\xefZ%\xdbb{\xccw\x9b\x00'/61, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000a00)='wsync', &(0x7f0000000b40)="b2", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f0000000840)='\x00\x9b~\xd7\xde\x91d\r\xa3e\xec=Z\xce\xb0\xdfr\xbfQ\x85n4\xf5T\xc2\x86;\x03K\x80pF\xeaK\xb4t\xef\'\n\x05\xc9\xcfc\x92\bE\xf9\xf9\xcf\x96\x99\xde\x1e3\xcdA\xf9\x1bj\xc3\x8b\xbe\xee\xb3e\xd8Mk\xf1+\xbf\xd5\x98\x8c\x13\xdc\x85\x17\xcd\xf8\xf5\a\xde9\xd1\x8b\xf0&P\x92\x99u8\xb6,#\x0f\x89\xd9ic\xb5\xba\xe7\x03\x8d-\v\xd3S\x98\x89@\x8aWLU\xb1\xc4i6\xa5\xb7\x1d\xf3s\xaf\x7f\xb16\xa2\xbe\xfa\xfa~2\x1d\xeb\xd0G\xdc\a\xa3\x93n\x82\xa7h\xd7\x83N\x8aW\xaa\xc1\xc7\xec\xea\x13\xbe\xf3fQ\xfa\x8cP\xa7\xc1O,\x83\xec\xa9\xeb\xb2 u\x15A\xde\f8T\x81\xccces\xfa\xef\xf4 =z\xfc\xef]~tY \xef8\r,x~\xa0,\xc7@\xc0\xef\xc1`\xec}\xa2\x8d\x95\xff0c\xcd\x02~\xf7\x1a\x93\xff\xcd\xadB7\x13\x84BPC\xa4\xa2O\xf0\xdd\xde\xc5H.y\xfc\xe9$\xf6\xa6t\xa3\xdbr\x00+\x01{\xfb-\x1f\x1b\xeb\xd9b\xf0\n\x99\x0fM\xfa_\x10\xd0%\xe7o\xc9\bO\xfe\xfb\xca\xf8\x9d]\xa1\x98(Nw\x87\xd15', &(0x7f0000000100)="d2", 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000a40)='\xcfD\xbc\xbf\xff\xdc\x83\xc5$\xb3\xecr\xe4G:\x93\xdfj\x96\x7f\x03\xe5\x94\xec\xe6\x04T\xcbn\xa5\xc3\x04[\x02\xa9[=\xf9\x8b\xf7\xc1\x9c\x83@\x1e\x99\xca\xc3\x85\xb8\xbeSAk\xf4\xb6 \xdf\xa0P\x18\x19\xae\x8c\x9a\x19mm\r<|\xe8\x9e\xa0x\x84p2\xf9\xe2\xed\xb0\f\x7f;\xf6J18G\x84c\x88\x9d{\xf4~\xdby:\xd8\xc5\xccrun4\xe0\xca\xc1\x0f\xc3\x03D\xe1\f\xb3O\xa4\x1c\x04]8)}\x83:\x9e\xc0X\xdb\xd9\x89\x94\x9b(\x19\\\xf5!w\xbafo\xea\xe4\xb5Xe\x84\xbc\xcdw\x802\xb4\xb8\x1f\xc2\x97\xbfi\xe8\xf8\xbd\x1d,\xffUX\xbeA\x00{\"\xdbya#I\x03\xec\xed\x8b\x97\xff\x1eiq\xd1n\xf99\xc6\a\a\xed\x0f\x15x\x91\xdc\x05P\xf7\xf3\xad\xa3\xbc\xe4[\xa2\xc7\xfa\x9e\xad\xa2\xad\x86\xc4\aD\xc9\xdf\xf8\xf7\xc1\xc5\xc5.\x8a&:\x90\xb2\x8c\x86\xb2\\\xa8%!\x98TQ\x91\x00\x00\x00\x00$\x99\xbf', &(0x7f00000006c0)='\x01\x8dik\xc2\xed\xf9\x8a\xae\x86\xae)Dn<(\x02:cU\xa0d\xd4\x1f\xd4\x95\x93\xb7\xc1\xcc\x84\x8c\xdd\xbf^]~\xcf\xcb6w\xb3\xfa0b\x88\x04\x10\x9d_\x97\x9f\x89\xb7\xe35C\xf3\x1b\xafV\\wGU\xaf\xa4\f&\xe7m\xf0\xaa{\xb2\xe5\xe2\xeb\x9bN#\x99\xdc\x9f\"\xab&\x8f\x01\x17Y\xaf\xb7\xdc`r\x9c6\\\x0e\x94\xc0a\xf7\xd4u\xdf\xf0\x9b\xb0p\v\xa1\x8a\x145\x9b\xd95\xc8U\xe4V\x81-1\xb0K\x9a\xa3+\x03\xc1\xf0\xeb\xafYI&\x9e\xd0\xe1\x148\xfe\x10\x0f\xbd\xa2\xed}\xe6\x1asT\x1f\x92\xdb\xa1&\'\xc7\xe9\xa5\xd0\x89\x8d\xf1$\"\xdc\xe5\xfcT\xad\fj\xfe\'t', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000280)='\x11\xbb\xac3q\xb0\xeb\x06\xbd\xab\xf3\xb0\xfe\xccn\x9c\x00', &(0x7f00000000c0)='{)+}@@!}\x00f\x01\x0e\x00\xadq\x1e\x03uK\x85\xe1\xe3u\xc2\xb9\xce&s$\x9co\xeb\x97o`\r\x83\r\'\x0ff\x04Q*\xe7', 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000002b807e0f87e698ff44822817e8a0ee08b916386c000000"], 0x14}, 0x1, 0x0, 0x0, 0x801}, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r7})
close(r6)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="0e00000000000000000000060000040000000000", @ANYRES32=r7, @ANYRESHEX=r7, @ANYRES32=0x0, @ANYRES64=r7, @ANYBLOB="00000000000000000000000000000000001e00000000000000000000ea926a8152b800a69764fedcbf82a356988fc340f8785ced5d0ba8f55e0309f0a20b3d6ed9263057951bede782c36c94afaf395205bc69f80ed172231cda0c9949ff68ebc713be98329780e3b4e41f74f663483774079f411597b9b1c6d66e0486f8ee6f16bd13097732cdc9", @ANYRES64=r0], 0x48)

17.602235608s ago: executing program 32 (id=2674):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0x4, &(0x7f0000000140)={0xb, 0x2008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10002)
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
chdir(0x0)
ioctl$KVM_GET_XCRS(r2, 0x8188aea6, &(0x7f0000000200)={0x0, 0x8001})
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r6 = socket$kcm(0xa, 0x3, 0x3a)
sendmsg$kcm(r6, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xff00000000000000, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000002000)}], 0x1)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r7, 0xc02064b2, &(0x7f0000000100)={0x1005, 0x6576, 0x109})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r7, 0x100000000)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000000), 0x0)

13.084172066s ago: executing program 5 (id=2720):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0)
socket$inet6(0xa, 0x3, 0x6) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94) (async)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0) (async)

11.951392832s ago: executing program 3 (id=2733):
r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0)
syz_usb_control_io(r0, &(0x7f0000000140)={0x2c, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="000302bcdf000203"]}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000c40)={0x84, &(0x7f0000000740)=ANY=[@ANYBLOB="870302f580049639"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000000c0)={0x44, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x82, 0x2, 'j\x00'}, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000040)={0x14, 0x0, 0x0}, &(0x7f0000000600)={0x44, &(0x7f00000002c0)={0x0, 0x6, 0x2, "9d4c"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

11.589084395s ago: executing program 2 (id=2734):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
recvfrom$ax25(r0, 0x0, 0x0, 0x100, 0x0, 0x0)

10.411021733s ago: executing program 5 (id=2720):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0)
socket$inet6(0xa, 0x3, 0x6) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94) (async)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0) (async)

10.39443875s ago: executing program 2 (id=2737):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket(0x1, 0x2, 0x0)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SSUBSCRIP(r1, 0x89e1, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r4 = fanotify_init(0x200, 0x0)
fanotify_mark(r4, 0x1, 0x40000032, r3, 0x0)
syz_open_dev$evdev(&(0x7f0000000100), 0x80000000, 0x200180)
pipe(&(0x7f0000005880)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
fsetxattr$security_selinux(r5, &(0x7f00000000c0), &(0x7f0000000040)='system_u:object_r:dhcp_state_t:s0\x00', 0x1e, 0x0)
mq_unlink(0x0)
syslog(0x4, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
umount2(&(0x7f0000000040)='./file0\x00', 0x2)
ioctl$sock_SIOCETHTOOL(r0, 0x89f1, &(0x7f00000002c0)={'ip6tnl0\x00', &(0x7f0000000000)=@ethtool_cmd={0x0, 0x0, 0x0, 0x200, 0x2, 0x0, 0x0, 0x0, 0xdb, 0x4, 0x0, 0xfffff7fc, 0x4, 0x0, 0x0, 0x47, [0xfffffffc, 0x80]}})

8.853453568s ago: executing program 0 (id=2738):
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f00000000c0)='minix\x00', 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_usb_connect$printer(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x0, 0x3, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x7, 0x1, 0x1, 0xe, "", {{{0x9, 0x5, 0x1, 0x2, 0x200, 0x5, 0x9, 0xd4}}, [{{0x9, 0x5, 0x82, 0x2, 0x10, 0x4, 0x7, 0xea}}]}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x110, 0x1, 0x9, 0x3, 0x8, 0xe1}, 0x0, 0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
r8 = dup(r7)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="8200000000"])
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000007911c00000000000850000003900000095000000f8000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xfe01, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x21)
r9 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
write$RDMA_USER_CM_CMD_QUERY(0xffffffffffffffff, &(0x7f0000000240)={0x13, 0x10, 0xfa00, {0x0, 0xffffffffffffffff, 0x2}}, 0x18)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r10 = gettid()
rt_sigqueueinfo(r10, 0x21, 0x0)
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x3, 0x0, 0x7, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x0, 0xfffffffbfffffffe, 0x0, 0x1, 0x100000000, 0x10000000000], 0x100000})
r11 = socket(0xe, 0xa, 0x6)
r12 = socket(0x3, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000000600))
sendmsg$nl_route_sched(r12, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)

8.850855924s ago: executing program 2 (id=2739):
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, 0x0, 0x801, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_KEY={0x8, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, 0x24}}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x40006)
syz_create_resource$binfmt(&(0x7f00000000c0)='./file1\x00')
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r5, 0x114, 0x6, &(0x7f0000000040), 0x4)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22)
rmdir(&(0x7f0000000140)='./cgroup/../file0\x00')
socket$inet_sctp(0x2, 0x5, 0x84)
r6 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@ip_retopts={{0x10}}], 0x10}}], 0x1, 0x4000854)
ioctl$CEC_TRANSMIT(0xffffffffffffffff, 0xc0386105, &(0x7f0000000080)={0x9, 0x0, 0x20009, 0x0, 0x0, 0x2, "fff8000000000000c5c6ff0017c3a86d", 0x3, 0x2, 0xb, 0xff, 0x2, 0x1, 0xfb})

8.850395407s ago: executing program 3 (id=2740):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r7, &(0x7f0000000140)={0x1f, 0x3}, 0x6)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_aout(r8, &(0x7f00000008c0)=ANY=[], 0x5b)
sendfile(r7, r8, &(0x7f0000000000), 0x9)
r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r9}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x2d)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x50, 0xfb0, &(0x7f0000000800)={@fd={0x66642a85, 0x0, r2}, @fd={0x66642a85, 0x0, r3}, @fda={0x66642a85, 0x3, 0x1, 0x16}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x2000}], 0x0, 0x0, 0x0})

5.914611846s ago: executing program 2 (id=2741):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
connect$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "f235cd041ecfd237d48b9fc39aa09025f026b0634b6f82bded015a1b2cc967eff95fd0b6841d40ae65cd6ddd03de31eba0328a09ff4f717c7b1b1c65e750c8"}, 0x60)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r1)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r2, 0x0)
r4 = syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
mount(0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r4, &(0x7f00000000c0)='pagemap\x00')
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = accept(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='percpu_create_chunk\x00'}, 0x18)
sendmsg$TEAM_CMD_OPTIONS_SET(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)

5.839689822s ago: executing program 3 (id=2742):
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno='])

5.579698174s ago: executing program 0 (id=2743):
openat$tun(0xffffffffffffff9c, 0x0, 0x2080, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x24004801)
fsopen(&(0x7f0000000200)='mqueue\x00', 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={&(0x7f0000000300)=0xff, 0xffffffffffffffff, 0x0, 0x3, 0x1}}, 0x20)

5.491746957s ago: executing program 3 (id=2744):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
r1 = socket(0x1, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$NFNL_MSG_CTHELPER_GET(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100808}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1, 0x9, 0x301, 0x0, 0x0, {0x5}}, 0x14}}, 0x0)
ioctl$SG_SET_TIMEOUT(r0, 0x2201, &(0x7f000001fa40)=0xfffffffe)

5.175826369s ago: executing program 3 (id=2745):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x12, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b33e0f32f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d0000002100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x31, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
recvmsg(0xffffffffffffffff, 0x0, 0x40)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_io_uring_setup(0x497, 0x0, 0x0, 0x0)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000"], 0xf0}}, 0x40000)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040341a05f7000000000001090224000100008000090400ee"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r3)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
socket$rxrpc(0x21, 0x2, 0x2)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=fscache'])
r5 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)

5.159758672s ago: executing program 2 (id=2746):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, r2, 0x303, 0x0, 0x0, {0x6}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) (fail_nth: 7)

4.586388824s ago: executing program 5 (id=2720):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0)
socket$inet6(0xa, 0x3, 0x6) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94) (async)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0) (async)

2.316287172s ago: executing program 0 (id=2747):
r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0xffffffffffffffff}, 0xc)
readv(r0, &(0x7f0000001c80)=[{&(0x7f0000000140)=""/200, 0xc8}], 0x1)
close_range(r0, r1, 0x0)

2.170267986s ago: executing program 0 (id=2748):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r4, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r5, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000400)={'syztnl2\x00', &(0x7f0000000380)={'ip6gre0\x00', <r6=>0x0, 0x4, 0xf, 0x1, 0x1, 0x0, @mcast1, @mcast1, 0x701, 0x8000, 0x10, 0x8}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000780)={r4, 0xe0, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000540)=[0x0], 0x0, 0x50, &(0x7f0000000580)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000005c0), &(0x7f0000000600), 0x8, 0x3a, 0x8, 0x8, &(0x7f0000000640)}}, 0x10)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000880)={'sit0\x00', &(0x7f00000007c0)={'syztnl0\x00', <r8=>0x0, 0x40, 0x8, 0xff, 0x4, {{0x21, 0x4, 0x3, 0x4, 0x84, 0x65, 0x0, 0x6, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @remote, {[@timestamp_prespec={0x44, 0xc, 0xcd, 0x3, 0x8, [{@loopback, 0x2}]}, @timestamp_prespec={0x44, 0xc, 0x9a, 0x3, 0x7, [{@multicast2}]}, @cipso={0x86, 0x33, 0xffffffffffffffff, [{0x6, 0x8, "e1fd9e96f6d3"}, {0x7, 0xa, "ec07ba0689d77d5e"}, {0x5, 0xc, "ec504f3b52d1ee53cd59"}, {0x5, 0xf, "c11f3a88e06b007839169f34a2"}]}, @timestamp={0x44, 0x10, 0xaa, 0x0, 0x7, [0x1, 0x400, 0xb9]}, @end, @timestamp_addr={0x44, 0x14, 0x16, 0x1, 0x7, [{@multicast2, 0x8000}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4}]}]}}}}})
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000008c0)={<r9=>0x0, @local, @dev}, &(0x7f0000000900)=0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r10=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r10, 0x2890}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_REMOTE={0x8, 0x2, @remote}]}}}]}, 0x3c}, 0x1, 0x2, 0x0, 0xcc844}, 0x0)
sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000940)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=0x0, @ANYBLOB="20002abd7000fedbdf2509000000680001801400020076657468315f746f5f7465616d0000001400020073697430000000000000000000000000080003000000000008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="140002006261746164765f736c6176655f3000007c0001800800030000000000140002007665746830000000000000000000000008000100", @ANYRES32=r8, @ANYBLOB="08000300000000001400020076657468315f746f5f7465616d00000008000100", @ANYRES32=r9, @ANYBLOB="14000200626f6e645f736c6176655f300000000008000100", @ANYRES32=r10, @ANYBLOB="1400020076657468305f746f5f62626f6e64000000340001801400020067656e6576653100000000000000000008000300020000001400020073797a6b616c6c6572310000000000"], 0x12c}, 0x1, 0x0, 0x0, 0x800}, 0x40)
setsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x119, 0x1, &(0x7f0000000000)=0x2, 0x4)

1.146726973s ago: executing program 0 (id=2749):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0xe, 0x101000)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r0, 0xc0305602, &(0x7f0000000240)={0x0, 0x4, 0x1001, 0x1000000}) (fail_nth: 2)

775.978384ms ago: executing program 0 (id=2750):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x12, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61154c000000000061138c0000000000bfa00000000000001503000008004e002d3501000000000095004100000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffbd4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe01c5473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076ebae3f55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b33e0f32f1ad2e99e0e67ab93716d20000009fbb0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000207b40407d0000002100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0x31}, 0x94)
recvmsg(0xffffffffffffffff, 0x0, 0x40)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x3279, 0x0, 0x8, 0x18e}, 0x0, 0x0)
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$nl_crypto(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="f0000000"], 0xf0}}, 0x40000)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040341a05f7000000000001090224000100008000090400ee"], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r4 = dup(r3)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r4, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
socket$rxrpc(0x21, 0x2, 0x2)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',cache=fscache'])
r5 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0)

574.187776ms ago: executing program 3 (id=2751):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x4, 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB="00032c3f0cfd621f00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x6}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f00000003c0)={0x8, [0x403, 0x5, 0x11, 0xfff5, 0x2, 0x204, 0x0, 0xbb, 0x5, 0x0, 0x0, 0x7, 0x3, 0x7, 0x10, 0x8, 0x100, 0x9, 0x8, 0x5, 0x7, 0x5, 0x0, 0x8, 0x4, 0x1, 0x7, 0xc5a4, 0x100, 0x758c, 0x2, 0x9, 0x2, 0x5, 0x9, 0x82da, 0x6, 0x0, 0x6, 0x7, 0x2, 0x6fd7, 0xfff8, 0x0, 0x9, 0x5, 0x0, 0x8], 0x7})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x30004001)
sendmmsg(0xffffffffffffffff, &(0x7f00000007c0)=[{{&(0x7f00000000c0)=@x25, 0x80, &(0x7f0000000640), 0x0, &(0x7f00000019c0)=ANY=[@ANYBLOB="8800000000000000150a0000070000005c5edbaa28101b550c4cbf091ad386c290dac03fe77d26ee0943080c00000000000000963e35a5bd8e8c05d797420d26fc0f958b5d08993fd8e00ac373a03482b31b822d6027147b5c057d67aa5fc943d8d65a28e7fb4c9efa7d24ab1c77930a7f712e24c34882ea8d0155db48eeff3590b40000000040004000000000000000880000007f0000007181d155fe76ed5dfd08952731b68861cc130d8f1de81d164118f6adb30cdf6dbe0c8f3d0a7e3dec010c8500000000000cf0b94c78abc7d37c5127b20ae5f5e20af9a047045541dc00824b1fa5b4937a376404dbeb41631241e8ec7cd6cf486652d7748d4e8ac98fce59"], 0xc8}}], 0x1, 0x5)
sendmsg(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000780)="a9", 0xfffffdef}], 0x11}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r3)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
readv(r6, &(0x7f0000001140)=[{&(0x7f0000000700)=""/206, 0xce}], 0x1)

560.822456ms ago: executing program 2 (id=2752):
socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={'\x00', 0x1, 0x101, 0x2, 0x4, 0x5, <r0=>0x0})
sched_setscheduler(r0, 0x2, &(0x7f0000000080)=0xf)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x401)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
r3 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r3, &(0x7f0000000080)={0x24, @short={0x2, 0x2, 0xaaa3}}, 0x14)
r4 = syz_open_procfs(0x0, &(0x7f0000000240)='net/unix\x00')
read$FUSE(r4, &(0x7f0000002240)={0x2020}, 0x2020)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r7, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x20000000, 0x2, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b211b3e7e8b89b4b08b3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6ce08fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"})
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async', 0x42, 0x0)
ioctl$DRM_IOCTL_CONTROL(r4, 0x40086414, &(0x7f00000000c0)={0x3, 0xd0})
r8 = syz_open_procfs(0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x900, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

0s ago: executing program 5 (id=2720):
r0 = socket$inet6(0xa, 0x3, 0x6)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22})
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c)
socket$inet_udplite(0x2, 0x2, 0x88)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0)
socket$inet6(0xa, 0x3, 0x6) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x2c, r3, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_PAGE={0x5}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x9}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x40044) (async)
ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x2, 0x0, 0x22}) (async)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e2b, 0x7, @loopback, 0x6}, 0x1c) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0) (async)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x8e79f0352167ea94) (async)
sendmmsg$inet6(r0, &(0x7f0000000600)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@hopopts={{0x18, 0x29, 0x36, {0x29}}}, @flowinfo={{0x14, 0x29, 0xb, 0x3}}], 0x30}}], 0x1, 0x0) (async)

kernel console output (not intermixed with test programs):

iptor/start: -61
[  611.873232][  T978] usb 4-1: can't read configurations, error -61
[  612.004994][  T978] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[  612.165677][  T978] usb 4-1: too many configurations: 65, using maximum allowed: 8
[  612.200944][  T978] usb 4-1: unable to read config index 0 descriptor/start: -61
[  612.225387][  T978] usb 4-1: can't read configurations, error -61
[  612.245418][  T978] usb usb4-port1: attempt power cycle
[  612.398289][ T5942] usb 3-1: USB disconnect, device number 61
[  612.615178][  T978] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  612.656542][   T30] audit: type=1400 audit(1751827858.610:1527): avc:  denied  { getopt } for  pid=13438 comm="syz.4.2105" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  612.678738][  T978] usb 4-1: too many configurations: 65, using maximum allowed: 8
[  612.685710][T13446] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2103'.
[  612.700455][  T978] usb 4-1: unable to read config index 0 descriptor/start: -61
[  612.716987][  T978] usb 4-1: can't read configurations, error -61
[  612.855325][  T978] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  612.876211][  T978] usb 4-1: too many configurations: 65, using maximum allowed: 8
[  612.888262][  T978] usb 4-1: unable to read config index 0 descriptor/start: -61
[  612.896115][  T978] usb 4-1: can't read configurations, error -61
[  612.902875][  T978] usb usb4-port1: unable to enumerate USB device
[  615.764978][ T5893] usb 2-1: new full-speed USB device number 64 using dummy_hcd
[  616.114982][ T5893] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  616.225669][T13491] ceph: No mds server is up or the cluster is laggy
[  616.418109][  T978] usb 4-1: new full-speed USB device number 80 using dummy_hcd
[  616.455030][ T5893] usb 2-1: config 0 has no interface number 0
[  616.474592][ T5900] libceph: mon0 (1)[c::]:6789 connect error
[  616.504393][ T5893] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  616.667495][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.960485][ T5893] usb 2-1: Product: syz
[  616.969813][ T5893] usb 2-1: Manufacturer: syz
[  616.974454][ T5893] usb 2-1: SerialNumber: syz
[  617.004476][T13489] can0: slcan on ttyS3.
[  617.008434][  T978] usb 4-1: device descriptor read/64, error -71
[  617.027870][ T5893] usb 2-1: config 0 descriptor??
[  617.152689][T13503] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  617.181471][T13502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.192737][T13489] can0 (unregistered): slcan off ttyS3.
[  617.224185][T13502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.266329][ T5893] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  617.280080][T13502] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[  617.306011][ T5893] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  617.342123][ T5893] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  617.355217][  T978] usb 4-1: new full-speed USB device number 81 using dummy_hcd
[  617.375068][ T5893] usb 2-1: media controller created
[  617.405660][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  617.515773][T13473] FAULT_INJECTION: forcing a failure.
[  617.515773][T13473] name failslab, interval 1, probability 0, space 0, times 0
[  617.528722][  T978] usb 4-1: device descriptor read/64, error -71
[  617.544588][T13473] CPU: 0 UID: 0 PID: 13473 Comm: syz.1.2114 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  617.544618][T13473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  617.544629][T13473] Call Trace:
[  617.544636][T13473]  <TASK>
[  617.544644][T13473]  dump_stack_lvl+0x16c/0x1f0
[  617.544676][T13473]  should_fail_ex+0x512/0x640
[  617.544700][T13473]  ? fs_reclaim_acquire+0xae/0x150
[  617.544722][T13473]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  617.544749][T13473]  should_failslab+0xc2/0x120
[  617.544777][T13473]  __kmalloc_noprof+0xd2/0x510
[  617.544807][T13473]  tomoyo_realpath_from_path+0xc2/0x6e0
[  617.544836][T13473]  ? tomoyo_profile+0x47/0x60
[  617.544859][T13473]  tomoyo_path_number_perm+0x245/0x580
[  617.544878][T13473]  ? tomoyo_path_number_perm+0x237/0x580
[  617.544900][T13473]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  617.544922][T13473]  ? find_held_lock+0x2b/0x80
[  617.544966][T13473]  ? find_held_lock+0x2b/0x80
[  617.544988][T13473]  ? hook_file_ioctl_common+0x145/0x410
[  617.545011][T13473]  ? __fget_files+0x20e/0x3c0
[  617.545042][T13473]  security_file_ioctl+0x9b/0x240
[  617.545068][T13473]  __x64_sys_ioctl+0xb7/0x210
[  617.545090][T13473]  do_syscall_64+0xcd/0x4c0
[  617.545117][T13473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  617.545136][T13473] RIP: 0033:0x7fec4dd8e929
[  617.545150][T13473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  617.545166][T13473] RSP: 002b:00007fec4ecb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  617.545185][T13473] RAX: ffffffffffffffda RBX: 00007fec4dfb5fa0 RCX: 00007fec4dd8e929
[  617.545196][T13473] RDX: 0000200000002480 RSI: 0000000000000707 RDI: 000000000000000d
[  617.545208][T13473] RBP: 00007fec4ecb2090 R08: 0000000000000000 R09: 0000000000000000
[  617.545219][T13473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  617.545230][T13473] R13: 0000000000000000 R14: 00007fec4dfb5fa0 R15: 00007ffed5693138
[  617.545256][T13473]  </TASK>
[  617.744944][ T5893] DVB: Unable to find symbol dib7000p_attach()
[  617.751714][ T5893] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  617.760587][ T5893] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  617.769675][ T5893] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  617.779640][ T5893] usb 2-1: media controller created
[  617.787749][ T5893] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  617.787981][  T978] usb usb4-port1: attempt power cycle
[  617.801999][T13473] ERROR: Out of memory at tomoyo_realpath_from_path.
[  617.812602][ T5893] dib0700: the master dib7090 has to be initialized first
[  617.821943][ T5893] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  617.893595][T13513] ubi31: attaching mtd0
[  617.906917][T13513] ubi31: scanning is finished
[  618.299881][T13513] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  618.307569][T13513] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  618.314917][T13513] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  618.321964][T13513] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  618.329477][T13513] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  618.336724][T13513] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  618.345337][T13513] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 364198396
[  618.400006][T13513] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  618.410227][T13516] ubi31: background thread "ubi_bgt31d" started, PID 13516
[  618.534960][  T978] usb 4-1: new full-speed USB device number 82 using dummy_hcd
[  618.567715][  T978] usb 4-1: device descriptor read/8, error -71
[  618.683750][   T30] audit: type=1400 audit(1751827864.630:1528): avc:  denied  { map } for  pid=13523 comm="syz.2.2125" path="/proc/1443/net/icmp" dev="proc" ino=4026533120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  618.789275][ T5893] rc_core: IR keymap rc-dib0700-rc5 not found
[  618.875319][ T5893] Registered IR keymap rc-empty
[  618.887471][ T5893] dvb-usb: could not initialize remote control.
[  618.909566][ T5893] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  618.939409][   T30] audit: type=1400 audit(1751827864.630:1529): avc:  denied  { execute } for  pid=13523 comm="syz.2.2125" path="/proc/1443/net/icmp" dev="proc" ino=4026533120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  618.985558][  T978] usb 4-1: new full-speed USB device number 83 using dummy_hcd
[  619.040577][T13535] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2130'.
[  619.069048][ T5893] usb 2-1: USB disconnect, device number 64
[  619.101188][T13535] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2130'.
[  619.119907][T13532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  619.143207][T13532] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  619.190791][ T5893] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  619.205022][  T978] usb 4-1: device not accepting address 83, error -71
[  619.223609][   T30] audit: type=1400 audit(1751827865.160:1530): avc:  denied  { read } for  pid=13530 comm="syz.4.2129" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  619.254819][  T978] usb usb4-port1: unable to enumerate USB device
[  619.265285][T13541] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2128'.
[  620.496758][T13553] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2133'.
[  622.025308][ T5900] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  622.155082][ T5900] usb 1-1: device descriptor read/64, error -71
[  623.668162][ T5900] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[  623.994980][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  624.014139][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  624.359888][   T30] audit: type=1400 audit(1751827870.310:1531): avc:  denied  { connect } for  pid=13566 comm="syz.1.2138" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  624.484539][T13573] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  624.534042][T13573] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  624.742706][T13585] netlink: 'syz.0.2145': attribute type 3 has an invalid length.
[  624.752887][T13585] netlink: 'syz.0.2145': attribute type 3 has an invalid length.
[  625.674599][   T30] audit: type=1400 audit(1751827871.620:1532): avc:  denied  { watch watch_reads } for  pid=13593 comm="syz.3.2150" path="/syzcgroup/cpu/syz3/cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  625.700179][    C1] vkms_vblank_simulate: vblank timer overrun
[  625.876989][T13607] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  626.136772][   T30] audit: type=1400 audit(1751827872.090:1533): avc:  denied  { ioctl } for  pid=13603 comm="syz.0.2151" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  626.381621][T13616] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2149'.
[  626.436094][T13623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2157'.
[  626.453850][T13623] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2157'.
[  626.513869][T13627] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.533324][T13627] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  627.794461][T13640] random: crng reseeded on system resumption
[  627.825033][ T5900] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[  627.851099][T13641] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=20257 sclass=netlink_route_socket pid=13641 comm=syz.4.2161
[  628.243433][T13641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  628.253721][T13641] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.331274][T13641] NILFS (nullb0): couldn't find nilfs on the device
[  629.011222][T13643] FAULT_INJECTION: forcing a failure.
[  629.011222][T13643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  629.035858][T13643] CPU: 1 UID: 0 PID: 13643 Comm: syz.0.2162 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  629.035887][T13643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  629.035898][T13643] Call Trace:
[  629.035904][T13643]  <TASK>
[  629.035911][T13643]  dump_stack_lvl+0x16c/0x1f0
[  629.035942][T13643]  should_fail_ex+0x512/0x640
[  629.035971][T13643]  _copy_from_iter+0x29f/0x16f0
[  629.036003][T13643]  ? __pfx__copy_from_iter+0x10/0x10
[  629.036029][T13643]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  629.036066][T13643]  copy_page_from_iter+0xde/0x180
[  629.036094][T13643]  tun_build_skb.constprop.0+0x2e8/0x14f0
[  629.036130][T13643]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  629.036174][T13643]  ? __pfx__kstrtoull+0x10/0x10
[  629.036200][T13643]  tun_get_user+0x165f/0x3b80
[  629.036238][T13643]  ? __pfx_tun_get_user+0x10/0x10
[  629.036263][T13643]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  629.036295][T13643]  ? find_held_lock+0x2b/0x80
[  629.036319][T13643]  ? tun_get+0x191/0x370
[  629.036350][T13643]  tun_chr_write_iter+0xdc/0x210
[  629.036379][T13643]  vfs_write+0x6c4/0x1150
[  629.036405][T13643]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  629.036435][T13643]  ? __pfx_vfs_write+0x10/0x10
[  629.036455][T13643]  ? find_held_lock+0x2b/0x80
[  629.036493][T13643]  ksys_write+0x12a/0x250
[  629.036522][T13643]  ? __pfx_ksys_write+0x10/0x10
[  629.036553][T13643]  do_syscall_64+0xcd/0x4c0
[  629.036581][T13643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  629.036599][T13643] RIP: 0033:0x7f9b2ff8d3df
[  629.036614][T13643] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  629.036631][T13643] RSP: 002b:00007f9b30dee000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  629.036649][T13643] RAX: ffffffffffffffda RBX: 00007f9b301b5fa0 RCX: 00007f9b2ff8d3df
[  629.036661][T13643] RDX: 0000000000000046 RSI: 0000200000000580 RDI: 00000000000000c8
[  629.036672][T13643] RBP: 00007f9b30dee090 R08: 0000000000000000 R09: 0000000000000000
[  629.036683][T13643] R10: 0000000000000046 R11: 0000000000000293 R12: 0000000000000001
[  629.036694][T13643] R13: 0000000000000000 R14: 00007f9b301b5fa0 R15: 00007fffa9816088
[  629.036718][T13643]  </TASK>
[  629.262095][    C1] vkms_vblank_simulate: vblank timer overrun
[  629.424967][ T5900] usb 2-1: Using ep0 maxpacket: 16
[  629.434559][ T5900] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  629.443454][ T5900] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  629.453811][ T5900] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  629.508950][T13651] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  629.527020][ T5900] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  629.536210][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.544293][ T5900] usb 2-1: Product: syz
[  629.567462][ T5900] usb 2-1: Manufacturer: syz
[  629.579413][ T5900] usb 2-1: SerialNumber: syz
[  629.757689][T13655] Failed to initialize the IGMP autojoin socket (err -2)
[  630.020026][ T5900] usb 2-1: 0:2 : does not exist
[  630.460286][T13677] Device name cannot be null; rc = [-22]
[  630.718586][  T978] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  630.915006][  T978] usb 4-1: Using ep0 maxpacket: 8
[  631.759213][  T978] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  631.764527][ T5900] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[  631.787152][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  631.832484][  T978] usb 4-1: Product: syz
[  631.839745][  T978] usb 4-1: Manufacturer: syz
[  631.844783][  T978] usb 4-1: SerialNumber: syz
[  631.963260][  T978] usb 4-1: config 0 descriptor??
[  631.994335][ T5900] usb 2-1: USB disconnect, device number 65
[  632.140962][    T9] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[  632.315060][    T9] usb 1-1: Using ep0 maxpacket: 32
[  632.389601][  T978] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  632.400318][    T9] usb 1-1: config 2 has an invalid interface number: 45 but max is 0
[  632.422114][    T9] usb 1-1: config 2 has no interface number 0
[  632.432276][    T9] usb 1-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  632.445420][    T9] usb 1-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  632.458977][    T9] usb 1-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92
[  632.468407][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  632.489953][    T9] usb 1-1: Product: syz
[  632.495323][    T9] usb 1-1: Manufacturer: syz
[  632.501112][    T9] usb 1-1: SerialNumber: syz
[  632.518962][    T9] kobil_sct 1-1:2.45: KOBIL USB smart card terminal converter detected
[  632.550350][    T9] usb 1-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  632.973288][ T5900] usb 1-1: USB disconnect, device number 69
[  633.009116][ T5900] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  633.050908][ T5900] kobil_sct 1-1:2.45: device disconnected
[  633.205699][T13695] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2175'.
[  633.415020][T13706] Failed to initialize the IGMP autojoin socket (err -2)
[  633.609550][  T978] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  633.901929][  T978] usb 4-1: USB disconnect, device number 84
[  633.913773][T13713] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2178'.
[  633.938543][T13716] netlink: 'syz.0.2179': attribute type 1 has an invalid length.
[  633.999558][T13719] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13719 comm=syz.0.2179
[  634.024903][T13716] 8021q: adding VLAN 0 to HW filter on device bond2
[  634.502596][T13726] block device autoloading is deprecated and will be removed.
[  634.915450][T13731] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2182'.
[  635.057412][T13735] FAULT_INJECTION: forcing a failure.
[  635.057412][T13735] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  635.095674][T13735] CPU: 0 UID: 0 PID: 13735 Comm: syz.4.2184 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  635.095702][T13735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  635.095713][T13735] Call Trace:
[  635.095720][T13735]  <TASK>
[  635.095727][T13735]  dump_stack_lvl+0x16c/0x1f0
[  635.095757][T13735]  should_fail_ex+0x512/0x640
[  635.095791][T13735]  _copy_from_iter+0x29f/0x16f0
[  635.095821][T13735]  ? __alloc_skb+0x200/0x380
[  635.095845][T13735]  ? __pfx__copy_from_iter+0x10/0x10
[  635.095872][T13735]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  635.095899][T13735]  netlink_sendmsg+0x829/0xdd0
[  635.095921][T13735]  ? __pfx_netlink_sendmsg+0x10/0x10
[  635.095949][T13735]  ____sys_sendmsg+0xa95/0xc70
[  635.095968][T13735]  ? copy_msghdr_from_user+0x10a/0x160
[  635.095992][T13735]  ? __pfx_____sys_sendmsg+0x10/0x10
[  635.096021][T13735]  ___sys_sendmsg+0x134/0x1d0
[  635.096047][T13735]  ? __pfx____sys_sendmsg+0x10/0x10
[  635.096069][T13735]  ? __lock_acquire+0x622/0x1c90
[  635.096117][T13735]  __sys_sendmsg+0x16d/0x220
[  635.096141][T13735]  ? __pfx___sys_sendmsg+0x10/0x10
[  635.096182][T13735]  do_syscall_64+0xcd/0x4c0
[  635.096210][T13735]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.096228][T13735] RIP: 0033:0x7f89afb8e929
[  635.096242][T13735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  635.096258][T13735] RSP: 002b:00007f89b0a01038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  635.096276][T13735] RAX: ffffffffffffffda RBX: 00007f89afdb5fa0 RCX: 00007f89afb8e929
[  635.096287][T13735] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000004
[  635.096298][T13735] RBP: 00007f89b0a01090 R08: 0000000000000000 R09: 0000000000000000
[  635.096308][T13735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  635.096318][T13735] R13: 0000000000000000 R14: 00007f89afdb5fa0 R15: 00007ffe9358dc78
[  635.096342][T13735]  </TASK>
[  635.126328][T13739] IPv6: NLM_F_REPLACE set, but no existing node found!
[  635.508922][T13755] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2185'.
[  635.884678][T13759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2188'.
[  636.210157][T13763] fuse: Bad value for 'fd'
[  636.215047][ T5900] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  636.353541][T13765] netlink: 'syz.0.2191': attribute type 21 has an invalid length.
[  636.419496][ T5900] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  636.427770][ T5900] usb 3-1: config 0 has no interface number 0
[  636.438946][T13765] netlink: 'syz.0.2191': attribute type 6 has an invalid length.
[  636.447451][T13765] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2191'.
[  636.458615][ T5900] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  636.467936][ T5900] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.479113][ T5900] usb 3-1: Product: syz
[  636.483393][ T5900] usb 3-1: Manufacturer: syz
[  636.499308][ T5900] usb 3-1: SerialNumber: syz
[  636.518766][ T5900] usb 3-1: config 0 descriptor??
[  636.634196][T13775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.646514][T13775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  636.714433][T13778] FAULT_INJECTION: forcing a failure.
[  636.714433][T13778] name failslab, interval 1, probability 0, space 0, times 0
[  636.728472][T13775] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  636.750080][T13778] CPU: 1 UID: 0 PID: 13778 Comm: syz.0.2194 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  636.750110][T13778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  636.750124][T13778] Call Trace:
[  636.750130][T13778]  <TASK>
[  636.750138][T13778]  dump_stack_lvl+0x16c/0x1f0
[  636.750169][T13778]  should_fail_ex+0x512/0x640
[  636.750199][T13778]  should_failslab+0xc2/0x120
[  636.750226][T13778]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  636.750251][T13778]  ? skb_clone+0x190/0x3f0
[  636.750279][T13778]  skb_clone+0x190/0x3f0
[  636.750305][T13778]  netlink_deliver_tap+0xabd/0xd30
[  636.750340][T13778]  netlink_unicast+0x5df/0x7f0
[  636.750362][T13778]  ? __pfx_netlink_unicast+0x10/0x10
[  636.750379][T13778]  ? __build_skb_around+0x278/0x3b0
[  636.750407][T13778]  netlink_sendmsg+0x8d1/0xdd0
[  636.750430][T13778]  ? __pfx_netlink_sendmsg+0x10/0x10
[  636.750459][T13778]  ____sys_sendmsg+0xa95/0xc70
[  636.750480][T13778]  ? copy_msghdr_from_user+0x10a/0x160
[  636.750504][T13778]  ? __pfx_____sys_sendmsg+0x10/0x10
[  636.750535][T13778]  ___sys_sendmsg+0x134/0x1d0
[  636.750562][T13778]  ? __pfx____sys_sendmsg+0x10/0x10
[  636.750586][T13778]  ? __lock_acquire+0x622/0x1c90
[  636.750636][T13778]  __sys_sendmsg+0x16d/0x220
[  636.750662][T13778]  ? __pfx___sys_sendmsg+0x10/0x10
[  636.750704][T13778]  do_syscall_64+0xcd/0x4c0
[  636.750733][T13778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  636.750757][T13778] RIP: 0033:0x7f9b2ff8e929
[  636.750773][T13778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  636.750790][T13778] RSP: 002b:00007f9b30dee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  636.750808][T13778] RAX: ffffffffffffffda RBX: 00007f9b301b5fa0 RCX: 00007f9b2ff8e929
[  636.750820][T13778] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  636.750831][T13778] RBP: 00007f9b30dee090 R08: 0000000000000000 R09: 0000000000000000
[  636.750842][T13778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  636.750852][T13778] R13: 0000000000000000 R14: 00007f9b301b5fa0 R15: 00007fffa9816088
[  636.750878][T13778]  </TASK>
[  636.752228][T13778] netlink: 'syz.0.2194': attribute type 1 has an invalid length.
[  636.915227][T13775] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  636.989860][T13778] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.2194'.
[  637.095172][   T30] audit: type=1400 audit(1751827883.030:1534): avc:  denied  { create } for  pid=13779 comm="syz.0.2195" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  637.171506][   T30] audit: type=1400 audit(1751827883.030:1535): avc:  denied  { mounton } for  pid=13779 comm="syz.0.2195" path="/412/file0" dev="tmpfs" ino=2223 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  637.190618][ T5900] asix 3-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  637.211758][ T5900] asix 3-1:0.251: probe with driver asix failed with error -524
[  637.598381][   T30] audit: type=1400 audit(1751827883.550:1536): avc:  denied  { create } for  pid=13744 comm="syz.2.2187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[  637.618728][    C1] vkms_vblank_simulate: vblank timer overrun
[  638.271203][T13797] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2197'.
[  638.305044][T13796] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  638.628193][  T978] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[  638.697026][ T5900] usb 3-1: USB disconnect, device number 62
[  638.802624][T13803] fuse: Bad value for 'fd'
[  638.836246][  T978] usb 2-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  638.853946][  T978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  639.195957][  T978] usb 2-1: config 0 descriptor??
[  639.216898][  T978] usb 2-1: Invalid firmware size=18.
[  639.291014][   T30] audit: type=1400 audit(1751827885.240:1537): avc:  denied  { write } for  pid=13809 comm="syz.0.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  639.513998][T13816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2206'.
[  639.696426][ T5900] usb 2-1: USB disconnect, device number 66
[  640.424038][T13835] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2213'.
[  640.433832][T13835] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2213'.
[  640.446524][T13835] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2213'.
[  640.484955][  T978] usb 4-1: new high-speed USB device number 85 using dummy_hcd
[  640.762021][  T978] usb 4-1: Using ep0 maxpacket: 8
[  640.795109][  T978] usb 4-1: config 0 interface 0 has no altsetting 0
[  640.818047][T13841] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2214'.
[  640.829794][  T978] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e
[  640.835905][T13843] FAULT_INJECTION: forcing a failure.
[  640.835905][T13843] name failslab, interval 1, probability 0, space 0, times 0
[  640.870225][T13843] CPU: 1 UID: 0 PID: 13843 Comm: syz.0.2215 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  640.870254][T13843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  640.870265][T13843] Call Trace:
[  640.870272][T13843]  <TASK>
[  640.870279][T13843]  dump_stack_lvl+0x16c/0x1f0
[  640.870311][T13843]  should_fail_ex+0x512/0x640
[  640.870335][T13843]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  640.870369][T13843]  should_failslab+0xc2/0x120
[  640.870397][T13843]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  640.870422][T13843]  ? simple_xattr_alloc+0x41/0xa0
[  640.870440][T13843]  ? simple_xattr_set+0x5b/0x3e0
[  640.870463][T13843]  kstrdup+0x53/0x100
[  640.870494][T13843]  simple_xattr_set+0x5b/0x3e0
[  640.870516][T13843]  shmem_xattr_handler_set+0x31b/0x3b0
[  640.870548][T13843]  ? __pfx_shmem_xattr_handler_set+0x10/0x10
[  640.870573][T13843]  __vfs_setxattr+0x172/0x1e0
[  640.870600][T13843]  ? __pfx___vfs_setxattr+0x10/0x10
[  640.870624][T13843]  ? bpf_lsm_capable+0x9/0x10
[  640.870643][T13843]  ? security_capable+0x7e/0x260
[  640.870669][T13843]  __vfs_setxattr_noperm+0x127/0x660
[  640.870699][T13843]  __vfs_setxattr_locked+0x182/0x260
[  640.870724][T13843]  ? __lock_acquire+0xb8a/0x1c90
[  640.870743][T13843]  vfs_setxattr+0x145/0x360
[  640.870769][T13843]  ? lock_acquire+0x179/0x350
[  640.870787][T13843]  ? __pfx_vfs_setxattr+0x10/0x10
[  640.870812][T13843]  ? mnt_get_write_access+0x54/0x300
[  640.870833][T13843]  ? mnt_get_write_access+0x54/0x300
[  640.870856][T13843]  do_setxattr+0x145/0x180
[  640.870884][T13843]  filename_setxattr+0x16b/0x1d0
[  640.870910][T13843]  ? __pfx_filename_setxattr+0x10/0x10
[  640.870936][T13843]  ? getname_flags.part.0+0x1c5/0x550
[  640.870962][T13843]  path_setxattrat+0x1de/0x2a0
[  640.870988][T13843]  ? __pfx_path_setxattrat+0x10/0x10
[  640.871018][T13843]  ? ksys_write+0x190/0x250
[  640.871064][T13843]  ? fput+0x70/0xf0
[  640.871080][T13843]  ? ksys_write+0x1ac/0x250
[  640.871103][T13843]  ? __pfx_ksys_write+0x10/0x10
[  640.871130][T13843]  __x64_sys_lsetxattr+0xc9/0x140
[  640.871155][T13843]  ? do_syscall_64+0x91/0x4c0
[  640.871180][T13843]  ? lockdep_hardirqs_on+0x7c/0x110
[  640.871204][T13843]  do_syscall_64+0xcd/0x4c0
[  640.871231][T13843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  640.871250][T13843] RIP: 0033:0x7f9b2ff8e929
[  640.871265][T13843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  640.871282][T13843] RSP: 002b:00007f9b30dee038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  640.871300][T13843] RAX: ffffffffffffffda RBX: 00007f9b301b5fa0 RCX: 00007f9b2ff8e929
[  640.871312][T13843] RDX: 00002000000001c0 RSI: 0000200000000180 RDI: 0000200000000140
[  640.871323][T13843] RBP: 00007f9b30dee090 R08: 0000000000000000 R09: 0000000000000000
[  640.871334][T13843] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  640.871344][T13843] R13: 0000000000000000 R14: 00007f9b301b5fa0 R15: 00007fffa9816088
[  640.871370][T13843]  </TASK>
[  640.986244][  T978] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  640.986439][    C1] vkms_vblank_simulate: vblank timer overrun
[  640.991317][  T978] usb 4-1: Product: syz
[  641.236647][  T978] usb 4-1: Manufacturer: syz
[  641.240351][   T30] audit: type=1400 audit(1751827887.190:1538): avc:  denied  { map } for  pid=13839 comm="syz.4.2216" path="socket:[41054]" dev="sockfs" ino=41054 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  641.244444][  T978] usb 4-1: SerialNumber: syz
[  641.308795][  T978] usb 4-1: config 0 descriptor??
[  641.328433][  T978] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found
[  641.353666][   T30] audit: type=1400 audit(1751827887.190:1539): avc:  denied  { read } for  pid=13839 comm="syz.4.2216" path="socket:[41054]" dev="sockfs" ino=41054 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  641.499273][T13855] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  641.522135][T13855] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  641.555230][ T5900] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  641.559364][  T978] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected
[  641.587875][  T978] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22
[  641.718591][ T5900] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  641.732164][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  641.894187][ T5900] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  641.969057][T13863] erspan0: entered promiscuous mode
[  641.990072][T13861] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2222'.
[  642.039639][ T5900] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  642.100983][ T5900] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  642.127338][T13824] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  642.140884][ T5900] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  642.165405][T13824] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  642.182824][ T5900] usb 3-1: Manufacturer: syz
[  642.188885][    T9] usb 4-1: USB disconnect, device number 85
[  642.222988][ T5900] usb 3-1: config 0 descriptor??
[  642.262158][   T30] audit: type=1400 audit(1751827888.210:1540): avc:  denied  { mount } for  pid=13866 comm="syz.4.2223" name="/" dev="autofs" ino=41095 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  642.303107][T13862] could not allocate digest TFM handle sha256-ce
[  642.315115][  T978] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[  642.328209][T13858] erspan0: left promiscuous mode
[  642.387334][T13872] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  642.396265][T13872] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  642.505425][  T978] usb 1-1: Using ep0 maxpacket: 16
[  642.581961][  T978] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  642.626549][  T978] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 32, changing to 9
[  642.634943][ T5893] usb 2-1: new full-speed USB device number 67 using dummy_hcd
[  642.638130][  T978] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 1160, setting to 1024
[  642.682661][  T978] usb 1-1: config 0 interface 0 has no altsetting 0
[  642.685290][   T24] kernel write not supported for file /binder/stats (pid: 24 comm: kworker/1:0)
[  642.716451][  T978] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  642.769383][ T5900] usbhid 3-1:0.0: can't add hid device: -71
[  642.853755][  T978] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  642.864257][ T5900] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  642.878562][  T978] usb 1-1: Product: syz
[  642.888333][  T978] usb 1-1: Manufacturer: syz
[  642.893009][  T978] usb 1-1: SerialNumber: syz
[  642.903714][ T5900] usb 3-1: USB disconnect, device number 63
[  642.935938][T13878] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2226'.
[  642.942909][  T978] usb 1-1: config 0 descriptor??
[  642.952416][T13861] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  643.120387][   T30] audit: type=1400 audit(1751827889.070:1541): avc:  denied  { unmount } for  pid=5827 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  643.235132][T13887] FAULT_INJECTION: forcing a failure.
[  643.235132][T13887] name failslab, interval 1, probability 0, space 0, times 0
[  643.248099][T13887] CPU: 0 UID: 0 PID: 13887 Comm: syz.4.2229 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  643.248125][T13887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  643.248136][T13887] Call Trace:
[  643.248142][T13887]  <TASK>
[  643.248150][T13887]  dump_stack_lvl+0x16c/0x1f0
[  643.248182][T13887]  should_fail_ex+0x512/0x640
[  643.248207][T13887]  ? fs_reclaim_acquire+0xae/0x150
[  643.248232][T13887]  ? tomoyo_encode2+0x100/0x3e0
[  643.248257][T13887]  should_failslab+0xc2/0x120
[  643.248283][T13887]  __kmalloc_noprof+0xd2/0x510
[  643.248306][T13887]  ? __schedule+0x3fff/0x5de0
[  643.248335][T13887]  tomoyo_encode2+0x100/0x3e0
[  643.248363][T13887]  tomoyo_encode+0x29/0x50
[  643.248387][T13887]  tomoyo_mount_acl+0x144/0x850
[  643.248417][T13887]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  643.248440][T13887]  ? __pfx___schedule+0x10/0x10
[  643.248502][T13887]  ? tomoyo_domain+0xbb/0x150
[  643.248518][T13887]  ? tomoyo_profile+0x47/0x60
[  643.248538][T13887]  tomoyo_mount_permission+0x16d/0x420
[  643.248562][T13887]  ? tomoyo_mount_permission+0x14f/0x420
[  643.248586][T13887]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  643.248610][T13887]  ? lockdep_hardirqs_on+0x7c/0x110
[  643.248644][T13887]  ? security_sb_mount+0x22/0x260
[  643.248669][T13887]  security_sb_mount+0x9b/0x260
[  643.248690][T13887]  path_mount+0x128/0x2020
[  643.248708][T13887]  ? kmem_cache_free+0x2d1/0x4d0
[  643.248728][T13887]  ? __pfx_path_mount+0x10/0x10
[  643.248747][T13887]  ? putname+0x154/0x1a0
[  643.248766][T13887]  __x64_sys_mount+0x28d/0x310
[  643.248782][T13887]  ? __pfx___x64_sys_mount+0x10/0x10
[  643.248799][T13887]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  643.248825][T13887]  do_syscall_64+0xcd/0x4c0
[  643.248851][T13887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  643.248868][T13887] RIP: 0033:0x7f89afb8e929
[  643.248883][T13887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  643.248898][T13887] RSP: 002b:00007f89b09e0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  643.248915][T13887] RAX: ffffffffffffffda RBX: 00007f89afdb6080 RCX: 00007f89afb8e929
[  643.248927][T13887] RDX: 0000200000000080 RSI: 0000200000000100 RDI: 0000200000000580
[  643.248938][T13887] RBP: 00007f89b09e0090 R08: 0000000000000000 R09: 0000000000000000
[  643.248947][T13887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.248957][T13887] R13: 0000000000000000 R14: 00007f89afdb6080 R15: 00007ffe9358dc78
[  643.248981][T13887]  </TASK>
[  643.318616][T13861] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  643.508817][    C1] vkms_vblank_simulate: vblank timer overrun
[  643.749725][T13890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2225'.
[  645.021092][  T978] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input41
[  646.517561][  T978] usb 1-1: USB disconnect, device number 70
[  646.561462][ T5850] synaptics_usb 1-1:0.0: synusb_open - usb_submit_urb failed, error: -19
[  646.711735][T13908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2234'.
[  646.713387][T13913] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2234'.
[  646.791472][T13915] binder: Binderfs stats mode cannot be changed during a remount
[  646.896306][   T30] audit: type=1400 audit(1751827892.740:1542): avc:  denied  { remount } for  pid=13909 comm="syz.0.2236" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  647.026939][T13908] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2234'.
[  648.311361][   T10] usb 4-1: new high-speed USB device number 86 using dummy_hcd
[  648.508215][T13942] netlink: 'syz.0.2242': attribute type 1 has an invalid length.
[  648.559707][   T10] usb 4-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  648.736277][T13951] FAULT_INJECTION: forcing a failure.
[  648.736277][T13951] name failslab, interval 1, probability 0, space 0, times 0
[  648.749054][T13951] CPU: 0 UID: 0 PID: 13951 Comm: syz.0.2242 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  648.749079][T13951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  648.749090][T13951] Call Trace:
[  648.749096][T13951]  <TASK>
[  648.749103][T13951]  dump_stack_lvl+0x16c/0x1f0
[  648.749132][T13951]  should_fail_ex+0x512/0x640
[  648.749158][T13951]  should_failslab+0xc2/0x120
[  648.749183][T13951]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  648.749208][T13951]  ? skb_clone+0x190/0x3f0
[  648.749236][T13951]  skb_clone+0x190/0x3f0
[  648.749260][T13951]  netlink_deliver_tap+0xabd/0xd30
[  648.749294][T13951]  netlink_unicast+0x5df/0x7f0
[  648.749313][T13951]  ? __pfx_netlink_unicast+0x10/0x10
[  648.749338][T13951]  netlink_sendmsg+0x8d1/0xdd0
[  648.749360][T13951]  ? __pfx_netlink_sendmsg+0x10/0x10
[  648.749388][T13951]  ____sys_sendmsg+0xa95/0xc70
[  648.749407][T13951]  ? copy_msghdr_from_user+0x10a/0x160
[  648.749431][T13951]  ? __pfx_____sys_sendmsg+0x10/0x10
[  648.749470][T13951]  ___sys_sendmsg+0x134/0x1d0
[  648.749496][T13951]  ? __pfx____sys_sendmsg+0x10/0x10
[  648.749517][T13951]  ? __lock_acquire+0x622/0x1c90
[  648.749565][T13951]  __sys_sendmsg+0x16d/0x220
[  648.749588][T13951]  ? __pfx___sys_sendmsg+0x10/0x10
[  648.749627][T13951]  do_syscall_64+0xcd/0x4c0
[  648.749665][T13951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  648.749683][T13951] RIP: 0033:0x7f9b2ff8e929
[  648.749697][T13951] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  648.749714][T13951] RSP: 002b:00007f9b30dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  648.749732][T13951] RAX: ffffffffffffffda RBX: 00007f9b301b6160 RCX: 00007f9b2ff8e929
[  648.749744][T13951] RDX: 000000000000c0b0 RSI: 0000200000000280 RDI: 0000000000000004
[  648.749754][T13951] RBP: 00007f9b30dac090 R08: 0000000000000000 R09: 0000000000000000
[  648.749763][T13951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  648.749774][T13951] R13: 0000000000000001 R14: 00007f9b301b6160 R15: 00007fffa9816088
[  648.749797][T13951]  </TASK>
[  648.750850][T13942] bond3: entered promiscuous mode
[  648.894993][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  648.925856][T13942] 8021q: adding VLAN 0 to HW filter on device bond3
[  649.305661][   T10] usb 4-1: config 0 descriptor??
[  649.493908][T13951] 8021q: adding VLAN 0 to HW filter on device bond3
[  649.504748][T13951] bond3: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  649.516529][T13951] bond3: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  649.553629][T13951] bond3: (slave ip6gre1): making interface the new active one
[  649.563963][T13951] ip6gre1: entered promiscuous mode
[  650.581309][   T10] pegasus 4-1:0.0: probe with driver pegasus failed with error -32
[  650.614339][T13958] nbd: must specify an index to disconnect
[  650.621489][T13958] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  650.629198][T13951] bond3: (slave ip6gre1): Enslaving as an active interface with an up link
[  650.655019][ T5893] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  650.818881][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  650.829163][ T5893] usb 3-1: config 0 interface 0 has no altsetting 0
[  650.846013][ T5893] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  650.865047][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  650.894475][ T5893] usb 3-1: config 0 descriptor??
[  652.204537][T13981] netlink: 'syz.1.2249': attribute type 1 has an invalid length.
[  652.279862][T13981] bond2: entered promiscuous mode
[  652.292578][T13981] 8021q: adding VLAN 0 to HW filter on device bond2
[  652.445144][ T5893] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[  652.703700][   T10] usb 4-1: USB disconnect, device number 86
[  652.723228][T13989] 8021q: adding VLAN 0 to HW filter on device bond2
[  652.757362][T13989] bond2: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  652.767761][T13989] bond2: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  652.840686][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  652.938450][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  652.956886][T13989] bond2: (slave ip6gre1): making interface the new active one
[  652.965857][T13989] ip6gre1: entered promiscuous mode
[  652.988557][T13989] bond2: (slave ip6gre1): Enslaving as an active interface with an up link
[  653.017607][ T5893] usb 1-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00
[  653.056838][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  653.078863][T14002] netlink: 'syz.3.2253': attribute type 1 has an invalid length.
[  653.109837][ T5893] usb 1-1: config 0 descriptor??
[  653.239076][T14002] bond0: entered promiscuous mode
[  653.269933][T14002] 8021q: adding VLAN 0 to HW filter on device bond0
[  653.313581][T14003] 8021q: adding VLAN 0 to HW filter on device bond0
[  653.334366][T14003] bond0: (slave ip6gre1): The slave device specified does not support setting the MAC address
[  653.345995][T14003] bond0: (slave ip6gre1): Setting fail_over_mac to active for active-backup mode
[  653.432072][T14003] bond0: (slave ip6gre1): making interface the new active one
[  653.440485][T14003] ip6gre1: entered promiscuous mode
[  653.467363][T14003] bond0: (slave ip6gre1): Enslaving as an active interface with an up link
[  653.574737][ T5893] greenasia 0003:0E8F:0012.0016: invalid report_count -2073855044
[  653.613023][ T5893] greenasia 0003:0E8F:0012.0016: item 0 4 1 9 parsing failed
[  653.637629][ T5893] greenasia 0003:0E8F:0012.0016: parse failed
[  653.646326][T14008] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2254'.
[  653.664450][ T5893] greenasia 0003:0E8F:0012.0016: probe with driver greenasia failed with error -22
[  653.674200][T14008] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2254'.
[  653.685783][T14008] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2254'.
[  653.851964][ T5893] usb 3-1: USB disconnect, device number 64
[  653.957826][ T5900] usb 1-1: USB disconnect, device number 71
[  654.593587][T14017] binder: BINDER_SET_CONTEXT_MGR already set
[  654.604454][T14017] binder: 14016:14017 ioctl 4018620d 200000000040 returned -16
[  654.645451][T14017] overlayfs: failed to resolve './file0': -2
[  654.659734][T14021] FAULT_INJECTION: forcing a failure.
[  654.659734][T14021] name failslab, interval 1, probability 0, space 0, times 0
[  654.690665][T14021] CPU: 1 UID: 0 PID: 14021 Comm: syz.3.2259 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  654.690692][T14021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  654.690702][T14021] Call Trace:
[  654.690708][T14021]  <TASK>
[  654.690716][T14021]  dump_stack_lvl+0x16c/0x1f0
[  654.690746][T14021]  should_fail_ex+0x512/0x640
[  654.690770][T14021]  ? __kvmalloc_node_noprof+0x124/0x620
[  654.690797][T14021]  should_failslab+0xc2/0x120
[  654.690823][T14021]  __kvmalloc_node_noprof+0x137/0x620
[  654.690845][T14021]  ? lockdep_init_map_type+0x5c/0x280
[  654.690864][T14021]  ? alloc_netdev_mqs+0xb5b/0x1570
[  654.690895][T14021]  ? alloc_netdev_mqs+0xb5b/0x1570
[  654.690918][T14021]  alloc_netdev_mqs+0xb5b/0x1570
[  654.690945][T14021]  ? ip_bucket+0x146/0x1b0
[  654.690967][T14021]  __ip_tunnel_create+0x3ad/0x6e0
[  654.690988][T14021]  ? __pfx___ip_tunnel_create+0x10/0x10
[  654.691009][T14021]  ? bpf_lsm_capable+0x9/0x10
[  654.691030][T14021]  ? security_capable+0x7e/0x260
[  654.691055][T14021]  ip_tunnel_ctl+0x543/0xb90
[  654.691079][T14021]  ipip_tunnel_ctl+0xfb/0x280
[  654.691103][T14021]  ip_tunnel_siocdevprivate+0x10c/0x1b0
[  654.691126][T14021]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  654.691151][T14021]  ? full_name_hash+0xbc/0x110
[  654.691171][T14021]  ? netdev_name_node_lookup+0x127/0x180
[  654.691197][T14021]  dev_ifsioc+0x8ee/0x1f70
[  654.691224][T14021]  ? __pfx_dev_ifsioc+0x10/0x10
[  654.691247][T14021]  ? __pfx___mutex_lock+0x10/0x10
[  654.691282][T14021]  ? dev_load+0x8e/0x240
[  654.691310][T14021]  dev_ioctl+0x1b2/0x10e0
[  654.691335][T14021]  sock_ioctl+0x5b3/0x6b0
[  654.691356][T14021]  ? __pfx_sock_ioctl+0x10/0x10
[  654.691374][T14021]  ? hook_file_ioctl_common+0x145/0x410
[  654.691400][T14021]  ? selinux_file_ioctl+0x180/0x270
[  654.691433][T14021]  ? selinux_file_ioctl+0xb4/0x270
[  654.691459][T14021]  ? __pfx_sock_ioctl+0x10/0x10
[  654.691479][T14021]  __x64_sys_ioctl+0x18e/0x210
[  654.691503][T14021]  do_syscall_64+0xcd/0x4c0
[  654.691531][T14021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  654.691548][T14021] RIP: 0033:0x7ffb55d8e929
[  654.691563][T14021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  654.691580][T14021] RSP: 002b:00007ffb56c41038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  654.691599][T14021] RAX: ffffffffffffffda RBX: 00007ffb55fb5fa0 RCX: 00007ffb55d8e929
[  654.691610][T14021] RDX: 00002000000002c0 RSI: 00000000000089f1 RDI: 0000000000000003
[  654.691621][T14021] RBP: 00007ffb56c41090 R08: 0000000000000000 R09: 0000000000000000
[  654.691632][T14021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  654.691642][T14021] R13: 0000000000000000 R14: 00007ffb55fb5fa0 R15: 00007ffcf2af41d8
[  654.691666][T14021]  </TASK>
[  654.966322][    C1] vkms_vblank_simulate: vblank timer overrun
[  655.645646][ T5900] kernel write not supported for file /binder/stats (pid: 5900 comm: kworker/1:5)
[  656.228107][   T10] usb 2-1: new high-speed USB device number 68 using dummy_hcd
[  656.626384][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  656.651477][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  656.672234][   T10] usb 2-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  656.776873][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.792018][   T10] usb 2-1: config 0 descriptor??
[  656.797378][T14050] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2268'.
[  656.955077][ T5900] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  657.135043][ T5900] usb 1-1: Using ep0 maxpacket: 8
[  657.161946][ T5900] usb 1-1: config 1 has an invalid interface number: 195 but max is 3
[  657.173992][ T5900] usb 1-1: config 1 has an invalid interface number: 44 but max is 3
[  657.175089][T14061] 9p: Unknown Cache mode or invalid value fscacheg
[  657.183237][ T5900] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  657.183295][ T5900] usb 1-1: config 1 has an invalid interface number: 65 but max is 3
[  657.252097][ T5900] usb 1-1: config 1 has an invalid descriptor of length 16, skipping remainder of the config
[  657.259966][T14064] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2275'.
[  657.262663][ T5900] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 4
[  657.281790][ T5900] usb 1-1: config 1 has no interface number 0
[  657.288225][ T5900] usb 1-1: config 1 has no interface number 1
[  657.294497][ T5900] usb 1-1: config 1 has no interface number 2
[  657.325118][   T10] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  657.344077][ T5900] usb 1-1: config 1 interface 195 altsetting 8 endpoint 0xC has invalid maxpacket 1024, setting to 64
[  657.374650][ T5900] usb 1-1: config 1 interface 195 altsetting 8 endpoint 0x8 has invalid maxpacket 1024, setting to 64
[  657.466674][ T5900] usb 1-1: config 1 interface 195 altsetting 8 endpoint 0xD has invalid maxpacket 512, setting to 64
[  657.686278][ T5900] usb 1-1: config 1 interface 44 altsetting 1 has a duplicate endpoint with address 0xC, skipping
[  657.735832][ T5900] usb 1-1: config 1 interface 44 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  657.781418][ T5900] usb 1-1: config 1 interface 44 altsetting 1 endpoint 0x5 has invalid maxpacket 25393, setting to 64
[  657.798855][ T5900] usb 1-1: config 1 interface 44 altsetting 1 has a duplicate endpoint with address 0x5, skipping
[  657.816974][ T5900] usb 1-1: config 1 interface 44 altsetting 1 has a duplicate endpoint with address 0x8, skipping
[  657.831549][ T5900] usb 1-1: config 1 interface 44 altsetting 1 has 6 endpoint descriptors, different from the interface descriptor's value: 8
[  657.848856][ T5900] usb 1-1: config 1 interface 65 altsetting 6 has a duplicate endpoint with address 0x5, skipping
[  657.874270][ T5900] usb 1-1: config 1 interface 65 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 14
[  657.897555][ T5900] usb 1-1: config 1 interface 195 has no altsetting 0
[  657.904706][ T5900] usb 1-1: config 1 interface 44 has no altsetting 0
[  657.919530][ T5900] usb 1-1: config 1 interface 65 has no altsetting 0
[  657.940311][ T5900] usb 1-1: New USB device found, idVendor=2304, idProduct=0243, bcdDevice=89.b4
[  657.960613][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.973897][ T5900] usb 1-1: Product: syz
[  657.984024][ T5900] usb 1-1: Manufacturer: syz
[  658.006538][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  658.113973][ T5900] usb 1-1: SerialNumber: syz
[  658.178283][   T10] usb 3-1: config 0 has no interface number 0
[  658.196569][   T10] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  658.208649][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.216900][   T10] usb 3-1: Product: syz
[  658.221229][   T10] usb 3-1: Manufacturer: syz
[  658.226199][   T10] usb 3-1: SerialNumber: syz
[  658.237587][   T10] usb 3-1: config 0 descriptor??
[  658.416094][ T5900] dvb-usb: found a 'Pinnacle PCTV 73A' in cold state, will try to load a firmware
[  658.459934][   T10] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  658.477932][ T5900] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  658.489486][   T10] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  658.505237][   T10] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  658.513487][   T10] usb 3-1: media controller created
[  658.540078][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  658.570841][T14082] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2279'.
[  658.582675][ T5900] dib0700: firmware download failed at 7 with -22
[  658.650198][ T5900] dvb-usb: found a 'Pinnacle PCTV 73A' in cold state, will try to load a firmware
[  658.704339][ T5900] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  658.748977][ T5900] dib0700: firmware download failed at 7 with -22
[  658.817346][ T5893] usb 2-1: USB disconnect, device number 68
[  658.841609][ T5900] dvb-usb: found a 'Pinnacle PCTV 73A' in cold state, will try to load a firmware
[  658.854273][ T5900] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  658.864959][ T5900] dib0700: firmware download failed at 7 with -22
[  658.876242][ T5900] usb 1-1: USB disconnect, device number 72
[  658.951923][T14094] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2282'.
[  658.961184][T14094] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2282'.
[  659.049720][T14100] random: crng reseeded on system resumption
[  659.074959][  T978] usb 4-1: new high-speed USB device number 87 using dummy_hcd
[  659.265125][  T978] usb 4-1: Using ep0 maxpacket: 8
[  659.277475][  T978] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  659.287318][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.360415][  T978] pvrusb2: Hardware description: Terratec Grabster AV400
[  659.371682][  T978] pvrusb2: **********
[  659.386993][  T978] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  659.397521][  T978] pvrusb2: Important functionality might not be entirely working.
[  659.405439][  T978] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  659.418278][  T978] pvrusb2: **********
[  659.500889][T14111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2287'.
[  659.512929][T14111] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2287'.
[  659.616309][   T10] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  660.118357][   T30] audit: type=1400 audit(1751827906.070:1543): avc:  denied  { write } for  pid=14089 comm="syz.3.2281" path="socket:[41528]" dev="sockfs" ino=41528 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  660.135808][T14090] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  660.509470][ T2335] pvrusb2: Invalid write control endpoint
[  660.840447][ T2335] pvrusb2: Invalid write control endpoint
[  660.846936][ T2335] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  660.857467][   T10] usb 3-1: USB disconnect, device number 65
[  660.861172][ T2335] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  660.924247][   T30] audit: type=1400 audit(1751827906.830:1544): avc:  denied  { create } for  pid=14122 comm="syz.1.2290" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  660.924352][ T2335] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  661.039502][ T2335] pvrusb2: Device being rendered inoperable
[  661.051457][ T2335] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  661.065342][ T2335] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  661.078009][T14105] Restarting kernel threads ...
[  661.083966][ T2335] pvrusb2: Attached sub-driver cx25840
[  661.223033][T14105] Done restarting kernel threads.
[  661.228193][ T2335] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  661.238976][ T2335] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  661.266579][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2292'.
[  661.275516][T14132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2292'.
[  661.288007][T14132] netlink: 'syz.2.2292': attribute type 3 has an invalid length.
[  662.240240][ T5900] usb 4-1: USB disconnect, device number 87
[  662.248751][T14152] netlink: 'syz.4.2301': attribute type 1 has an invalid length.
[  662.273145][T14154] Failed to initialize the IGMP autojoin socket (err -2)
[  662.390098][T14158] bond1: (slave ip6gretap1): making interface the new active one
[  662.398678][T14158] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  662.412773][T14152] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2301'.
[  662.424327][T14154] netlink: 'syz.2.2302': attribute type 2 has an invalid length.
[  662.424863][T14152] 8021q: adding VLAN 0 to HW filter on device bond1
[  663.575828][   T30] audit: type=1400 audit(1751827909.470:1545): avc:  denied  { setopt } for  pid=14187 comm="syz.0.2315" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  663.730076][T14195] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2316'.
[  663.751789][T14176] netlink: 'syz.4.2310': attribute type 10 has an invalid length.
[  663.777429][T14176] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2310'.
[  663.841527][T14176] team0: Port device geneve0 added
[  664.576795][   T10] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  664.867885][   T10] usb 1-1: Using ep0 maxpacket: 8
[  664.917617][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  665.037708][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  665.225877][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  665.244365][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  665.258054][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  665.272736][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  665.284942][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  665.763386][   T10] usb 1-1: usb_control_msg returned -71
[  665.772045][   T10] usbtmc 1-1:16.0: can't read capabilities
[  665.787075][   T10] usb 1-1: USB disconnect, device number 73
[  666.594089][T14243] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  666.647542][T14250] netlink: 'syz.1.2337': attribute type 10 has an invalid length.
[  666.658738][T14250] team0: Port device hsr_slave_0 added
[  667.526164][   T30] audit: type=1400 audit(1751827913.470:1546): avc:  denied  { setattr } for  pid=14269 comm="syz.4.2345" name="ptmx" dev="devtmpfs" ino=615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ptmx_t tclass=chr_file permissive=1
[  668.007799][T14284] mac80211_hwsim hwsim6 syzkaller0: entered promiscuous mode
[  668.161166][T14284] mac80211_hwsim hwsim6 syzkaller0: entered allmulticast mode
[  668.462076][T14297] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2351'.
[  668.471150][T14297] bond0: option use_carrier: invalid value (172)
[  669.218112][T14311] netlink: 'syz.0.2357': attribute type 10 has an invalid length.
[  669.236033][T14311] syz_tun: entered promiscuous mode
[  669.263679][T14311] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  669.585646][T14328] support for the xor transformation has been removed.
[  672.233846][   T30] audit: type=1400 audit(1751827918.180:1547): avc:  denied  { bind } for  pid=14365 comm="syz.1.2375" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  673.218646][   T30] audit: type=1400 audit(1751827919.170:1548): avc:  denied  { lock } for  pid=14389 comm="syz.0.2385" path="socket:[42935]" dev="sockfs" ino=42935 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  674.626928][   T30] audit: type=1400 audit(1751827920.570:1549): avc:  denied  { ioctl } for  pid=14406 comm="syz.1.2392" path="socket:[44042]" dev="sockfs" ino=44042 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  677.566119][T14461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2406'.
[  677.986412][T14481] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2414'.
[  680.039283][T14515] netlink: 'syz.2.2425': attribute type 16 has an invalid length.
[  680.115124][T14515] netlink: 'syz.2.2425': attribute type 17 has an invalid length.
[  680.122128][T14519] 9pnet_fd: Insufficient options for proto=fd
[  682.957820][T14578] lo speed is unknown, defaulting to 1000
[  682.964272][T14578] lo speed is unknown, defaulting to 1000
[  682.971631][T14578] lo speed is unknown, defaulting to 1000
[  682.990234][T14578] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  683.013000][T14578] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -2
[  683.363804][T14578] lo speed is unknown, defaulting to 1000
[  683.373480][T14578] lo speed is unknown, defaulting to 1000
[  683.383524][T14578] lo speed is unknown, defaulting to 1000
[  683.390691][T14578] lo speed is unknown, defaulting to 1000
[  683.405031][T14578] lo speed is unknown, defaulting to 1000
[  685.405966][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  685.412404][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  685.635437][T14609] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2452'.
[  687.314620][T14643] netlink: 'syz.1.2464': attribute type 12 has an invalid length.
[  687.351217][T14643] bond2: left promiscuous mode
[  687.371935][T14643] ip6gre1: left promiscuous mode
[  690.511280][   T30] audit: type=1400 audit(1751827936.460:1550): avc:  denied  { ioctl } for  pid=14676 comm="syz.3.2475" path="socket:[44408]" dev="sockfs" ino=44408 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  690.610038][   T30] audit: type=1400 audit(1751827936.560:1551): avc:  denied  { connect } for  pid=14682 comm="syz.2.2479" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  691.254785][T14690] binder: 14689:14690 ioctl c0306201 200000000280 returned -14
[  693.470014][T14716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2489'.
[  694.988494][T14730] netlink: 'syz.0.2494': attribute type 10 has an invalid length.
[  695.989024][T14746] could not allocate digest TFM handle sha224-arm64
[  696.027588][T14760] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29200 sclass=netlink_route_socket pid=14760 comm=syz.1.2502
[  696.236885][T14764] netlink: 'syz.1.2502': attribute type 4 has an invalid length.
[  696.249246][T14765] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2504'.
[  696.265017][   T10] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  696.274530][T14765] FAULT_INJECTION: forcing a failure.
[  696.274530][T14765] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  696.290432][T14765] CPU: 1 UID: 0 PID: 14765 Comm: syz.3.2504 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  696.290457][T14765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  696.290466][T14765] Call Trace:
[  696.290470][T14765]  <TASK>
[  696.290474][T14765]  dump_stack_lvl+0x16c/0x1f0
[  696.290496][T14765]  should_fail_ex+0x512/0x640
[  696.290515][T14765]  _copy_to_user+0x32/0xd0
[  696.290533][T14765]  simple_read_from_buffer+0xcb/0x170
[  696.290550][T14765]  proc_fail_nth_read+0x197/0x270
[  696.290566][T14765]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  696.290582][T14765]  ? rw_verify_area+0xcf/0x680
[  696.290595][T14765]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  696.290610][T14765]  vfs_read+0x1e1/0xc60
[  696.290626][T14765]  ? __pfx___mutex_lock+0x10/0x10
[  696.290643][T14765]  ? __pfx_vfs_read+0x10/0x10
[  696.290662][T14765]  ? __fget_files+0x20e/0x3c0
[  696.290682][T14765]  ksys_read+0x12a/0x250
[  696.290696][T14765]  ? __pfx_ksys_read+0x10/0x10
[  696.290711][T14765]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  696.290729][T14765]  do_syscall_64+0xcd/0x4c0
[  696.290747][T14765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  696.290760][T14765] RIP: 0033:0x7ffb55d8d33c
[  696.290770][T14765] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  696.290781][T14765] RSP: 002b:00007ffb56c41030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  696.290792][T14765] RAX: ffffffffffffffda RBX: 00007ffb55fb5fa0 RCX: 00007ffb55d8d33c
[  696.290799][T14765] RDX: 000000000000000f RSI: 00007ffb56c410a0 RDI: 0000000000000004
[  696.290805][T14765] RBP: 00007ffb56c41090 R08: 0000000000000000 R09: 0000000000000000
[  696.290812][T14765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  696.290819][T14765] R13: 0000000000000000 R14: 00007ffb55fb5fa0 R15: 00007ffcf2af41d8
[  696.290832][T14765]  </TASK>
[  697.273725][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  697.287342][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  697.294290][   T10] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  697.304524][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  697.430505][   T10] usb 3-1: config 0 descriptor??
[  697.449315][T14772] Failed to initialize the IGMP autojoin socket (err -2)
[  697.653278][T14782] FAULT_INJECTION: forcing a failure.
[  697.653278][T14782] name failslab, interval 1, probability 0, space 0, times 0
[  697.791392][T14782] CPU: 0 UID: 0 PID: 14782 Comm: syz.0.2508 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  697.791422][T14782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  697.791433][T14782] Call Trace:
[  697.791444][T14782]  <TASK>
[  697.791452][T14782]  dump_stack_lvl+0x16c/0x1f0
[  697.791482][T14782]  should_fail_ex+0x512/0x640
[  697.791506][T14782]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  697.791533][T14782]  should_failslab+0xc2/0x120
[  697.791559][T14782]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  697.791583][T14782]  ? __alloc_skb+0x2b2/0x380
[  697.791606][T14782]  ? bpf_lsm_capable+0x9/0x10
[  697.791629][T14782]  __alloc_skb+0x2b2/0x380
[  697.791652][T14782]  ? __pfx___alloc_skb+0x10/0x10
[  697.791675][T14782]  ? genl_rcv_msg+0x4f0/0x800
[  697.791694][T14782]  ? genl_rcv_msg+0x4bb/0x800
[  697.791721][T14782]  netlink_ack+0x15d/0xb80
[  697.791747][T14782]  netlink_rcv_skb+0x332/0x420
[  697.791765][T14782]  ? __pfx_genl_rcv_msg+0x10/0x10
[  697.791787][T14782]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  697.791815][T14782]  ? netlink_deliver_tap+0x1ae/0xd30
[  697.791846][T14782]  genl_rcv+0x28/0x40
[  697.791864][T14782]  netlink_unicast+0x53a/0x7f0
[  697.791885][T14782]  ? __pfx_netlink_unicast+0x10/0x10
[  697.791911][T14782]  netlink_sendmsg+0x8d1/0xdd0
[  697.791934][T14782]  ? __pfx_netlink_sendmsg+0x10/0x10
[  697.791962][T14782]  ____sys_sendmsg+0xa95/0xc70
[  697.791982][T14782]  ? copy_msghdr_from_user+0x10a/0x160
[  697.792006][T14782]  ? __pfx_____sys_sendmsg+0x10/0x10
[  697.792037][T14782]  ___sys_sendmsg+0x134/0x1d0
[  697.792063][T14782]  ? __pfx____sys_sendmsg+0x10/0x10
[  697.792085][T14782]  ? __lock_acquire+0x622/0x1c90
[  697.792136][T14782]  __sys_sendmsg+0x16d/0x220
[  697.792160][T14782]  ? __pfx___sys_sendmsg+0x10/0x10
[  697.792202][T14782]  do_syscall_64+0xcd/0x4c0
[  697.792231][T14782]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.792250][T14782] RIP: 0033:0x7f9b2ff8e929
[  697.792265][T14782] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.792282][T14782] RSP: 002b:00007f9b30dcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  697.792305][T14782] RAX: ffffffffffffffda RBX: 00007f9b301b6080 RCX: 00007f9b2ff8e929
[  697.792317][T14782] RDX: 0000000004020050 RSI: 0000200000000000 RDI: 0000000000000003
[  697.792328][T14782] RBP: 00007f9b30dcd090 R08: 0000000000000000 R09: 0000000000000000
[  697.792338][T14782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.792349][T14782] R13: 0000000000000000 R14: 00007f9b301b6080 R15: 00007fffa9816088
[  697.792374][T14782]  </TASK>
[  698.494028][T14788] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  698.734373][T14786] 9p: Unknown Cache mode or invalid value fscacheg
[  699.374209][   T30] audit: type=1400 audit(1751827945.280:1552): avc:  granted  { setsecparam } for  pid=14796 comm="syz.1.2511" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  699.601456][   T30] audit: type=1400 audit(1751827945.280:1553): avc:  granted  { setsecparam } for  pid=14796 comm="syz.1.2511" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  699.655500][   T10] usb 2-1: new high-speed USB device number 69 using dummy_hcd
[  699.765312][   T30] audit: type=1400 audit(1751827945.430:1554): avc:  denied  { ioctl } for  pid=14799 comm="syz.4.2512" path="socket:[44689]" dev="sockfs" ino=44689 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sock_file permissive=1
[  699.790908][   T30] audit: type=1400 audit(1751827945.430:1555): avc:  denied  { accept } for  pid=14799 comm="syz.4.2512" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  699.814375][   T30] audit: type=1400 audit(1751827945.600:1556): avc:  denied  { setopt } for  pid=14801 comm="syz.0.2514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  699.989384][   T10] usb 2-1: config 8 has an invalid interface number: 156 but max is 3
[  700.587562][   T10] usb 2-1: config 8 has an invalid interface number: 148 but max is 3
[  700.788766][   T10] usb 2-1: config 8 has an invalid interface number: 49 but max is 3
[  700.797875][   T10] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  700.819643][   T10] usb 2-1: config 8 has 3 interfaces, different from the descriptor's value: 4
[  700.929550][   T10] usb 2-1: config 8 has no interface number 0
[  700.936506][   T10] usb 2-1: config 8 has no interface number 1
[  700.942607][   T10] usb 2-1: config 8 has no interface number 2
[  700.950664][   T10] usb 2-1: too many endpoints for config 8 interface 49 altsetting 237: 174, using maximum allowed: 30
[  700.963177][   T10] usb 2-1: config 8 interface 49 altsetting 237 has 0 endpoint descriptors, different from the interface descriptor's value: 174
[  700.978887][   T10] usb 2-1: config 8 interface 156 has no altsetting 0
[  701.006200][   T10] usb 2-1: config 8 interface 148 has no altsetting 0
[  701.013120][   T10] usb 2-1: config 8 interface 49 has no altsetting 0
[  701.091937][   T10] usb 2-1: New USB device found, idVendor=04cb, idProduct=012f, bcdDevice=cf.1d
[  701.127228][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  701.205656][   T10] usb 2-1: Product: ꪮ쒐䝤瓆崐項욧ឣ䤋鱪딱浣䇯쌊笔ꚫ驓闋粅印ˇꦋ砿“ꅠ滱ᯋậ૰䯽칾侙瞥Ꜻ磒簢㫄诎∩讫햊გ찯韮➊໌緼辋缄码䄜ᶔ鲷⽘ꔋ巭殃䠠᷹徝焞㛓죞燜톊䒶꣼腇᱙碞杀ꌡ嬡㙞撬퀳綘ƣ횇ଇ躼ึᑀ倯
[  701.230371][    C1] vxcan1: j1939_tp_rxtimer: 0xffff888036068800: rx timeout, send abort
[  701.244896][    C1] vxcan1: j1939_xtp_rx_abort_one: 0xffff888036068800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  701.254829][   T10] usb 2-1: Manufacturer: ж
[  701.628355][   T10] usb 2-1: SerialNumber: 㰁
[  701.840850][T14797] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  701.853035][T14797] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  701.882637][   T30] audit: type=1400 audit(1751827947.830:1557): avc:  granted  { setsecparam } for  pid=14796 comm="syz.1.2511" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  701.912567][   T10] usb 2-1: USB disconnect, device number 69
[  701.960413][T14822] Driver unsupported XDP return value 0 on prog  (id 509) dev N/A, expect packet loss!
[  702.042841][T14825] blktrace: Concurrent blktraces are not allowed on sg0
[  702.265607][T14831] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  702.275597][  T978] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  702.301563][T14831] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  702.434888][  T978] usb 1-1: Using ep0 maxpacket: 16
[  702.441804][  T978] usb 1-1: config 254 has an invalid interface number: 235 but max is 0
[  702.450704][  T978] usb 1-1: config 254 has no interface number 0
[  702.457339][  T978] usb 1-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32
[  702.469602][  T978] usb 1-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  703.011575][  T978] usb 1-1: config 254 interface 235 has no altsetting 0
[  703.021218][  T978] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  703.074949][  T978] usb 1-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3
[  703.085276][  T978] usb 1-1: Product: syz
[  703.089462][  T978] usb 1-1: Manufacturer: syz
[  703.095379][  T978] usb 1-1: SerialNumber: syz
[  703.113679][T14823] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  703.128819][T14838] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2521'.
[  703.178007][  T978] usbtest 1-1:254.235: couldn't get endpoints, -22
[  703.192911][  T978] usbtest 1-1:254.235: probe with driver usbtest failed with error -22
[  703.323879][ T5893] usb 3-1: USB disconnect, device number 66
[  703.487816][T14843] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2525'.
[  703.725020][T14848] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  704.017419][ T5893] usb 1-1: USB disconnect, device number 74
[  704.764759][T14860] FAULT_INJECTION: forcing a failure.
[  704.764759][T14860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  704.844904][T14860] CPU: 1 UID: 0 PID: 14860 Comm: syz.1.2531 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  704.844933][T14860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  704.844943][T14860] Call Trace:
[  704.844949][T14860]  <TASK>
[  704.844956][T14860]  dump_stack_lvl+0x16c/0x1f0
[  704.844986][T14860]  should_fail_ex+0x512/0x640
[  704.845012][T14860]  _copy_from_iter+0x29f/0x16f0
[  704.845038][T14860]  ? __alloc_skb+0x200/0x380
[  704.845062][T14860]  ? __pfx__copy_from_iter+0x10/0x10
[  704.845085][T14860]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  704.845109][T14860]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  704.845143][T14860]  netlink_sendmsg+0x829/0xdd0
[  704.845166][T14860]  ? __pfx_netlink_sendmsg+0x10/0x10
[  704.845193][T14860]  ____sys_sendmsg+0xa95/0xc70
[  704.845213][T14860]  ? copy_msghdr_from_user+0x10a/0x160
[  704.845243][T14860]  ? __pfx_____sys_sendmsg+0x10/0x10
[  704.845273][T14860]  ___sys_sendmsg+0x134/0x1d0
[  704.845299][T14860]  ? __pfx____sys_sendmsg+0x10/0x10
[  704.845321][T14860]  ? __lock_acquire+0x622/0x1c90
[  704.845368][T14860]  __sys_sendmsg+0x16d/0x220
[  704.845393][T14860]  ? __pfx___sys_sendmsg+0x10/0x10
[  704.845433][T14860]  do_syscall_64+0xcd/0x4c0
[  704.845461][T14860]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  704.845479][T14860] RIP: 0033:0x7fec4dd8e929
[  704.845493][T14860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  704.845510][T14860] RSP: 002b:00007fec4ecb2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  704.845527][T14860] RAX: ffffffffffffffda RBX: 00007fec4dfb5fa0 RCX: 00007fec4dd8e929
[  704.845539][T14860] RDX: 0000000000048000 RSI: 0000200000000040 RDI: 0000000000000003
[  704.845550][T14860] RBP: 00007fec4ecb2090 R08: 0000000000000000 R09: 0000000000000000
[  704.845561][T14860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  704.845572][T14860] R13: 0000000000000000 R14: 00007fec4dfb5fa0 R15: 00007ffed5693138
[  704.845595][T14860]  </TASK>
[  705.443108][T14870] random: crng reseeded on system resumption
[  705.479980][T14868] team0: Port device hsr_slave_0 removed
[  705.489967][T14868] bond2: (slave ip6gre1): Releasing backup interface
[  706.128636][ T5893] usb 2-1: new high-speed USB device number 70 using dummy_hcd
[  706.573236][T14883] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  706.733147][ T5893] usb 2-1: device descriptor read/64, error -71
[  706.985201][ T5893] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  707.705021][ T5893] usb 2-1: device descriptor read/64, error -71
[  707.827052][ T5893] usb usb2-port1: attempt power cycle
[  708.145901][   T30] audit: type=1400 audit(1751827954.100:1558): avc:  denied  { create } for  pid=14898 comm="syz.2.2545" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  708.169013][T14891] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[  708.175560][T14891] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  708.262322][T14891] vhci_hcd vhci_hcd.0: Device attached
[  708.395535][ T5893] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  708.404076][T14905] FAULT_INJECTION: forcing a failure.
[  708.404076][T14905] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  708.447659][  T978] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  708.881944][   T10] usb 33-1: new low-speed USB device number 2 using vhci_hcd
[  708.906622][T14905] CPU: 0 UID: 0 PID: 14905 Comm: syz.4.2546 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  708.906649][T14905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  708.906660][T14905] Call Trace:
[  708.906665][T14905]  <TASK>
[  708.906672][T14905]  dump_stack_lvl+0x16c/0x1f0
[  708.906701][T14905]  should_fail_ex+0x512/0x640
[  708.906730][T14905]  _copy_to_user+0x32/0xd0
[  708.906758][T14905]  simple_read_from_buffer+0xcb/0x170
[  708.906784][T14905]  proc_fail_nth_read+0x197/0x270
[  708.906806][T14905]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.906827][T14905]  ? rw_verify_area+0xcf/0x680
[  708.906846][T14905]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  708.906868][T14905]  vfs_read+0x1e1/0xc60
[  708.906894][T14905]  ? __pfx___mutex_lock+0x10/0x10
[  708.906920][T14905]  ? __pfx_vfs_read+0x10/0x10
[  708.906950][T14905]  ? __fget_files+0x20e/0x3c0
[  708.906984][T14905]  ksys_read+0x12a/0x250
[  708.907006][T14905]  ? __pfx_ksys_read+0x10/0x10
[  708.907037][T14905]  do_syscall_64+0xcd/0x4c0
[  708.907065][T14905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.907084][T14905] RIP: 0033:0x7f89afb8d33c
[  708.907099][T14905] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  708.907115][T14905] RSP: 002b:00007f89b0a01030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  708.907133][T14905] RAX: ffffffffffffffda RBX: 00007f89afdb5fa0 RCX: 00007f89afb8d33c
[  708.907145][T14905] RDX: 000000000000000f RSI: 00007f89b0a010a0 RDI: 0000000000000004
[  708.907156][T14905] RBP: 00007f89b0a01090 R08: 0000000000000000 R09: 0000000000000000
[  708.907167][T14905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.907178][T14905] R13: 0000000000000000 R14: 00007f89afdb5fa0 R15: 00007ffe9358dc78
[  708.907202][T14905]  </TASK>
[  709.192162][ T5893] usb 2-1: device not accepting address 72, error -71
[  709.224873][  T978] usb 1-1: Using ep0 maxpacket: 16
[  709.234102][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  709.245827][  T978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  709.255819][  T978] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  709.269774][  T978] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  709.279078][  T978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  709.357252][  T978] usb 1-1: config 0 descriptor??
[  709.577313][ T5900] usb 4-1: new high-speed USB device number 88 using dummy_hcd
[  709.743208][ T5900] usb 4-1: Using ep0 maxpacket: 8
[  709.913070][ T5900] usb 4-1: config 0 has an invalid interface number: 239 but max is 0
[  709.940276][ T5900] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  710.246470][T14891] random: crng reseeded on system resumption
[  710.271170][ T5900] usb 4-1: config 0 has no interface number 0
[  710.278667][ T5900] usb 4-1: config 0 interface 239 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  710.417986][T14923] 9pnet_fd: Insufficient options for proto=fd
[  710.427901][ T5900] usb 4-1: New USB device found, idVendor=04da, idProduct=390d, bcdDevice=99.1a
[  710.438157][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  710.446282][ T5900] usb 4-1: Product: syz
[  710.453222][ T5900] usb 4-1: Manufacturer: syz
[  710.461577][ T5900] usb 4-1: SerialNumber: syz
[  710.502291][ T5900] usb 4-1: config 0 descriptor??
[  710.538228][T14926] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  710.547989][T14926] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  710.905613][T14900] usb 33-1: recv xbuf, 0
[  710.911093][  T978] usbhid 1-1:0.0: can't add hid device: -71
[  710.922979][ T5900] ath6kl: Failed to submit usb control message: -71
[  710.924672][  T978] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  710.932608][ T5900] ath6kl: unable to send the bmi data to the device: -71
[  710.946294][T10617] vhci_hcd: stop threads
[  710.950562][T10617] vhci_hcd: release socket
[  710.956049][T10617] vhci_hcd: disconnect device
[  710.960896][ T5900] ath6kl: Unable to send get target info: -71
[  711.015368][ T5900] ath6kl: Failed to init ath6kl core: -71
[  711.040718][ T5900] ath6kl_usb 4-1:0.239: probe with driver ath6kl_usb failed with error -71
[  711.114878][   T10] vhci_hcd: vhci_device speed not set
[  711.129654][  T978] usb 1-1: USB disconnect, device number 75
[  711.164061][ T5900] usb 4-1: USB disconnect, device number 88
[  711.234004][T14934] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  711.481437][T14938] 9pnet_fd: Insufficient options for proto=fd
[  711.688614][T14942] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2556'.
[  711.877821][T14947] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  712.234149][   T30] audit: type=1400 audit(1751827958.180:1559): avc:  denied  { ioctl } for  pid=14948 comm="syz.3.2560" path="socket:[43953]" dev="sockfs" ino=43953 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  714.104134][T14991] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2574'.
[  714.140616][T14991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  714.184989][T14991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  716.735040][   T10] usb 1-1: new full-speed USB device number 76 using dummy_hcd
[  716.946120][   T10] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  716.954328][   T10] usb 1-1: config 0 has no interface number 0
[  717.012705][   T10] usb 1-1: too many endpoints for config 0 interface 105 altsetting 99: 45, using maximum allowed: 30
[  717.048044][   T10] usb 1-1: config 0 interface 105 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 45
[  717.108756][   T10] usb 1-1: config 0 interface 105 has no altsetting 0
[  717.257554][   T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  717.270351][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  717.367521][   T10] usb 1-1: Product: syz
[  717.782427][   T10] usb 1-1: Manufacturer: syz
[  717.794943][   T10] usb 1-1: SerialNumber: syz
[  717.804606][   T10] usb 1-1: config 0 descriptor??
[  718.090336][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  718.111269][T15022] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2582'.
[  718.525083][   T10] gspca_sonixj: reg_r err -32
[  718.529832][   T10] sonixj 1-1:0.105: probe with driver sonixj failed with error -32
[  720.593984][ T5900] usb 1-1: USB disconnect, device number 76
[  721.546057][   T30] audit: type=1400 audit(1751827967.500:1560): avc:  denied  { remount } for  pid=15043 comm="syz.1.2592" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  721.566318][T15044] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  721.644893][   T30] audit: type=1400 audit(1751827967.580:1561): avc:  denied  { unmount } for  pid=5831 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  722.131696][T15073] SELinux:  Context system_u:object_r:crond_var_run_t:s0 is not valid (left unmapped).
[  722.153082][   T30] audit: type=1400 audit(1751827968.090:1562): avc:  denied  { relabelto } for  pid=15059 comm="syz.1.2595" name="488" dev="tmpfs" ino=2599 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  722.179697][    C1] vkms_vblank_simulate: vblank timer overrun
[  722.954893][   T30] audit: type=1400 audit(1751827968.090:1563): avc:  denied  { associate } for  pid=15059 comm="syz.1.2595" name="488" dev="tmpfs" ino=2599 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:crond_var_run_t:s0"
[  723.076837][   T30] audit: type=1400 audit(1751827969.020:1564): avc:  denied  { remove_name } for  pid=5831 comm="syz-executor" name="file1" dev="tmpfs" ino=2604 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  723.104460][   T30] audit: type=1400 audit(1751827969.020:1565): avc:  denied  { rmdir } for  pid=5831 comm="syz-executor" name="488" dev="tmpfs" ino=2599 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:crond_var_run_t:s0"
[  723.492164][T15087] No control pipe specified
[  724.380662][T15101] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  724.405370][T15101] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  725.915803][T15122] fuse: Unknown parameter '�H��n����t
6�'
[  725.917063][T15117] team0: Refused to change device type
[  726.915040][  T978] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[  728.054870][  T978] usb 3-1: Using ep0 maxpacket: 8
[  728.642374][   T30] audit: type=1400 audit(1751827973.980:1566): avc:  denied  { watch watch_reads } for  pid=15142 comm="syz.1.2619" path="pipe:[3769]" dev="pipefs" ino=3769 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  728.923250][  T978] usb 3-1: unable to read config index 0 descriptor/start: -71
[  728.930935][  T978] usb 3-1: can't read configurations, error -71
[  729.227400][   T30] audit: type=1400 audit(1751827975.170:1567): avc:  denied  { read } for  pid=5189 comm="acpid" name="event5" dev="devtmpfs" ino=3701 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  729.278858][T15169] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2622'.
[  729.433218][   T30] audit: type=1400 audit(1751827975.170:1568): avc:  denied  { open } for  pid=5189 comm="acpid" path="/dev/input/event5" dev="devtmpfs" ino=3701 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  729.617509][   T30] audit: type=1400 audit(1751827975.180:1569): avc:  denied  { ioctl } for  pid=5189 comm="acpid" path="/dev/input/event5" dev="devtmpfs" ino=3701 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  729.687903][T15171] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2626'.
[  729.701077][T15171] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2626'.
[  730.818955][T15187] overlayfs: overlapping lowerdir path
[  730.924523][T15188] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  731.037327][T15188] usb usb1: check_ctrlrecip: process 15188 (syz.4.2628) requesting ep 01 but needs 81
[  731.377911][T15196] netlink: 'syz.3.2630': attribute type 4 has an invalid length.
[  731.399008][T15156] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2623'.
[  732.281929][T15203] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  732.386902][T15203] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  732.502951][T15208] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2638'.
[  733.935134][T15218] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  733.970647][   T30] audit: type=1400 audit(1751827979.880:1570): avc:  denied  { create } for  pid=15217 comm="syz.2.2642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  734.134983][ T5900] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  734.279614][   T30] audit: type=1400 audit(1751827979.880:1571): avc:  denied  { bind } for  pid=15217 comm="syz.2.2642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  734.295558][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2641'.
[  734.301516][   T30] audit: type=1400 audit(1751827979.880:1572): avc:  denied  { setopt } for  pid=15217 comm="syz.2.2642" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  734.308377][ T5900] usb 2-1: Using ep0 maxpacket: 32
[  734.327815][T15219] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2641'.
[  734.345753][ T5900] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  734.353876][ T5900] usb 2-1: config 0 has no interface number 0
[  734.363142][ T5900] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  734.372480][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.380568][ T5900] usb 2-1: Product: syz
[  734.384878][ T5900] usb 2-1: Manufacturer: syz
[  734.389522][ T5900] usb 2-1: SerialNumber: syz
[  734.410927][ T5900] usb 2-1: config 0 descriptor??
[  734.538702][   T30] audit: type=1326 audit(1751827980.490:1573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.572793][   T30] audit: type=1326 audit(1751827980.510:1574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.573443][T15228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2645'.
[  734.598984][   T30] audit: type=1326 audit(1751827980.510:1575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.605899][ T5893] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[  734.635236][   T30] audit: type=1326 audit(1751827980.510:1576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.662895][ T5900] radio-si470x 2-1:0.35: this is not a si470x device.
[  734.698063][   T30] audit: type=1326 audit(1751827980.510:1577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.726641][   T30] audit: type=1326 audit(1751827980.510:1578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.754335][   T30] audit: type=1326 audit(1751827980.510:1579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15227 comm="syz.4.2645" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89afb8e929 code=0x7ffc0000
[  734.824554][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  735.039745][ T5900] radio-raremono 2-1:0.35: this is not Thanko's Raremono.
[  735.131303][ T5900] usb 2-1: USB disconnect, device number 74
[  735.137411][ T5893] usb 3-1: config 0 interface 0 has no altsetting 0
[  735.175601][ T5893] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  735.226620][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.258313][ T5893] usb 3-1: config 0 descriptor??
[  736.599108][T15241] rpc_pipefs: Unknown parameter 'trans'
[  736.862949][T15248] FAULT_INJECTION: forcing a failure.
[  736.862949][T15248] name failslab, interval 1, probability 0, space 0, times 0
[  736.907080][T15248] CPU: 1 UID: 0 PID: 15248 Comm: syz.4.2651 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  736.907112][T15248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  736.907122][T15248] Call Trace:
[  736.907128][T15248]  <TASK>
[  736.907135][T15248]  dump_stack_lvl+0x16c/0x1f0
[  736.907166][T15248]  should_fail_ex+0x512/0x640
[  736.907189][T15248]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  736.907215][T15248]  should_failslab+0xc2/0x120
[  736.907239][T15248]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  736.907262][T15248]  ? __alloc_skb+0x2b2/0x380
[  736.907289][T15248]  __alloc_skb+0x2b2/0x380
[  736.907311][T15248]  ? __pfx___alloc_skb+0x10/0x10
[  736.907332][T15248]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  736.907354][T15248]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  736.907385][T15248]  netlink_alloc_large_skb+0x69/0x130
[  736.907404][T15248]  netlink_sendmsg+0x6a1/0xdd0
[  736.907425][T15248]  ? __pfx_netlink_sendmsg+0x10/0x10
[  736.907451][T15248]  ____sys_sendmsg+0xa95/0xc70
[  736.907470][T15248]  ? copy_msghdr_from_user+0x10a/0x160
[  736.907493][T15248]  ? __pfx_____sys_sendmsg+0x10/0x10
[  736.907513][T15248]  ? kfree+0x24f/0x4d0
[  736.907531][T15248]  ? __pfx__kstrtoull+0x10/0x10
[  736.907556][T15248]  ___sys_sendmsg+0x134/0x1d0
[  736.907579][T15248]  ? __pfx____sys_sendmsg+0x10/0x10
[  736.907625][T15248]  ? __pfx___might_resched+0x10/0x10
[  736.907655][T15248]  __sys_sendmmsg+0x200/0x420
[  736.907680][T15248]  ? __pfx___sys_sendmmsg+0x10/0x10
[  736.907710][T15248]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  736.907744][T15248]  ? fput+0x70/0xf0
[  736.907760][T15248]  ? ksys_write+0x1ac/0x250
[  736.907781][T15248]  ? __pfx_ksys_write+0x10/0x10
[  736.907806][T15248]  __x64_sys_sendmmsg+0x9c/0x100
[  736.907828][T15248]  ? lockdep_hardirqs_on+0x7c/0x110
[  736.907849][T15248]  do_syscall_64+0xcd/0x4c0
[  736.907876][T15248]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.907895][T15248] RIP: 0033:0x7f89afb8e929
[  736.907912][T15248] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.907928][T15248] RSP: 002b:00007f89b0a01038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  736.907947][T15248] RAX: ffffffffffffffda RBX: 00007f89afdb5fa0 RCX: 00007f89afb8e929
[  736.907958][T15248] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[  736.907970][T15248] RBP: 00007f89b0a01090 R08: 0000000000000000 R09: 0000000000000000
[  736.907980][T15248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.907991][T15248] R13: 0000000000000000 R14: 00007f89afdb5fa0 R15: 00007ffe9358dc78
[  736.908015][T15248]  </TASK>
[  737.174348][    C1] vkms_vblank_simulate: vblank timer overrun
[  737.370285][T15255] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2652'.
[  738.922248][T15273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2659'.
[  739.251821][   T30] kauditd_printk_skb: 48 callbacks suppressed
[  739.251836][   T30] audit: type=1326 audit(1751827985.200:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  739.336209][   T30] audit: type=1326 audit(1751827985.200:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  739.870175][   T30] audit: type=1326 audit(1751827985.240:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ffb55d8d290 code=0x7ffc0000
[  739.937486][   T30] audit: type=1326 audit(1751827985.240:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  740.042585][   T30] audit: type=1326 audit(1751827985.240:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  740.139638][T15292] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2657'.
[  740.205564][T15288] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  740.236734][   T30] audit: type=1326 audit(1751827985.260:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  740.260956][   T30] audit: type=1326 audit(1751827985.270:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15276 comm="syz.3.2658" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7ffb55d8e929 code=0x7ffc0000
[  740.654752][T15300] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  741.436637][T15309] netlink: 'syz.4.2664': attribute type 83 has an invalid length.
[  742.507796][T15307] team0: left allmulticast mode
[  742.512657][T15307] team0: left promiscuous mode
[  742.520553][T15307] bridge0: port 1(team0) entered disabled state
[  742.864110][T15317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  743.358921][ T5900] usb 3-1: USB disconnect, device number 69
[  743.392967][T15307] bond0: (slave ip6gre1): Releasing backup interface
[  743.404876][T15307] ip6gre1: left promiscuous mode
[  743.433553][T15322] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2669'.
[  745.745021][   T10] usb 4-1: new high-speed USB device number 89 using dummy_hcd
[  745.935495][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  746.025016][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  746.031673][   T10] usb 4-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  746.278109][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.295289][   T10] usb 4-1: config 0 descriptor??
[  746.366658][T15371] uprobe: syz.4.2682:15371 failed to unregister, leaking uprobe
[  746.742450][T15383] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  746.826855][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  746.834686][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  748.155471][T15390] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  748.508755][T15401] netlink: 'syz.2.2689': attribute type 12 has an invalid length.
[  748.632601][T15396] 9p: Unknown Cache mode or invalid value fscacheg
[  748.744915][T15406] FAULT_INJECTION: forcing a failure.
[  748.744915][T15406] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  748.758058][T15406] CPU: 0 UID: 0 PID: 15406 Comm: syz.0.2690 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  748.758074][T15406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  748.758081][T15406] Call Trace:
[  748.758085][T15406]  <TASK>
[  748.758090][T15406]  dump_stack_lvl+0x16c/0x1f0
[  748.758111][T15406]  should_fail_ex+0x512/0x640
[  748.758129][T15406]  _copy_to_user+0x32/0xd0
[  748.758147][T15406]  simple_read_from_buffer+0xcb/0x170
[  748.758164][T15406]  proc_fail_nth_read+0x197/0x270
[  748.758179][T15406]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  748.758194][T15406]  ? rw_verify_area+0xcf/0x680
[  748.758207][T15406]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  748.758222][T15406]  vfs_read+0x1e1/0xc60
[  748.758238][T15406]  ? __pfx___mutex_lock+0x10/0x10
[  748.758255][T15406]  ? __pfx_vfs_read+0x10/0x10
[  748.758273][T15406]  ? __fget_files+0x20e/0x3c0
[  748.758293][T15406]  ksys_read+0x12a/0x250
[  748.758307][T15406]  ? __pfx_ksys_read+0x10/0x10
[  748.758326][T15406]  do_syscall_64+0xcd/0x4c0
[  748.758343][T15406]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.758356][T15406] RIP: 0033:0x7f9b2ff8d33c
[  748.758365][T15406] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  748.758376][T15406] RSP: 002b:00007f9b30dee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  748.758387][T15406] RAX: ffffffffffffffda RBX: 00007f9b301b5fa0 RCX: 00007f9b2ff8d33c
[  748.758394][T15406] RDX: 000000000000000f RSI: 00007f9b30dee0a0 RDI: 0000000000000007
[  748.758400][T15406] RBP: 00007f9b30dee090 R08: 0000000000000000 R09: 0000000000000000
[  748.758407][T15406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.758413][T15406] R13: 0000000000000000 R14: 00007f9b301b5fa0 R15: 00007fffa9816088
[  748.758427][T15406]  </TASK>
[  749.724410][T15418] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2693'.
[  749.948462][   T30] audit: type=1400 audit(1751827995.870:1635): avc:  denied  { listen } for  pid=15417 comm="syz.0.2693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  750.008181][T15418] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=32813 sclass=netlink_route_socket pid=15418 comm=syz.0.2693
[  750.264577][   T10] usb 4-1: USB disconnect, device number 89
[  751.015406][T15435] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  751.065944][T15435] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  752.264353][T15448] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  753.070228][T15463] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2702'.
[  753.752503][T15468] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2707'.
[  754.044611][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  754.066511][ T5836] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  754.084923][ T5836] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  754.103229][ T5836] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  754.114176][ T5836] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  754.127240][   T10] usb 5-1: USB disconnect, device number 36
[  754.142518][   T30] audit: type=1400 audit(1751828000.080:1636): avc:  denied  { mounton } for  pid=15469 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  754.190359][T15469] Failed to initialize the IGMP autojoin socket (err -2)
[  754.759568][T15469] chnl_net:caif_netlink_parms(): no params data found
[  755.085376][ T5893] usb 4-1: new full-speed USB device number 90 using dummy_hcd
[  755.269784][ T5893] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  755.278471][ T5893] usb 4-1: config 0 has no interface number 0
[  755.284573][ T5893] usb 4-1: too many endpoints for config 0 interface 105 altsetting 99: 45, using maximum allowed: 30
[  755.303046][ T5893] usb 4-1: config 0 interface 105 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 45
[  755.317232][ T5893] usb 4-1: config 0 interface 105 has no altsetting 0
[  755.325941][ T5893] usb 4-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  755.338934][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  755.365250][ T5893] usb 4-1: Product: syz
[  755.369441][ T5893] usb 4-1: Manufacturer: syz
[  755.374027][ T5893] usb 4-1: SerialNumber: syz
[  755.394448][ T5893] usb 4-1: config 0 descriptor??
[  755.461983][T15469] bridge0: port 1(bridge_slave_0) entered blocking state
[  755.479838][T15469] bridge0: port 1(bridge_slave_0) entered disabled state
[  755.497400][T15469] bridge_slave_0: entered allmulticast mode
[  755.518656][T15469] bridge_slave_0: entered promiscuous mode
[  755.529922][T15469] bridge0: port 2(bridge_slave_1) entered blocking state
[  755.556493][T15469] bridge0: port 2(bridge_slave_1) entered disabled state
[  755.566196][T15469] bridge_slave_1: entered allmulticast mode
[  755.581727][T15469] bridge_slave_1: entered promiscuous mode
[  755.620393][ T5893] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  755.920179][ T5893] gspca_sonixj: reg_r err -32
[  755.959597][ T5893] sonixj 4-1:0.105: probe with driver sonixj failed with error -32
[  756.039022][T15505] random: crng reseeded on system resumption
[  756.440521][ T5836] Bluetooth: hci1: command tx timeout
[  757.129532][T15469] team0: Port device team_slave_0 added
[  757.204849][T15469] team0: Port device team_slave_1 added
[  758.390142][ T5893] usb 4-1: USB disconnect, device number 90
[  758.410643][T15469] batman_adv: batadv0: Adding interface: batadv_slave_0
[  758.442573][T15469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.496079][ T5836] Bluetooth: hci1: command tx timeout
[  758.730293][T15529] ubi: mtd0 is already attached to ubi31
[  759.148312][T15469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  759.337941][T15469] batman_adv: batadv0: Adding interface: batadv_slave_1
[  759.363645][T15469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  759.389592][    C0] vkms_vblank_simulate: vblank timer overrun
[  759.441735][T15469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  759.482711][T15533] fuse: Unknown parameter 'rootmode000�ZǪ!Τي�yF00000000000�P00000'
[  760.002724][T15469] hsr_slave_0: entered promiscuous mode
[  760.018496][T15469] hsr_slave_1: entered promiscuous mode
[  760.138565][T15540] FAULT_INJECTION: forcing a failure.
[  760.138565][T15540] name failslab, interval 1, probability 0, space 0, times 0
[  760.151748][T15540] CPU: 0 UID: 0 PID: 15540 Comm: syz.0.2723 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  760.151772][T15540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  760.151783][T15540] Call Trace:
[  760.151790][T15540]  <TASK>
[  760.151797][T15540]  dump_stack_lvl+0x16c/0x1f0
[  760.151828][T15540]  should_fail_ex+0x512/0x640
[  760.151853][T15540]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  760.151878][T15540]  should_failslab+0xc2/0x120
[  760.151906][T15540]  __kmalloc_cache_noprof+0x6a/0x3e0
[  760.151927][T15540]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  760.151950][T15540]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  760.151972][T15540]  ? genl_start+0x1e8/0x980
[  760.151996][T15540]  genl_start+0x1e8/0x980
[  760.152020][T15540]  __netlink_dump_start+0x60b/0x990
[  760.152049][T15540]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  760.152073][T15540]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  760.152102][T15540]  ? __pfx_genl_get_cmd+0x10/0x10
[  760.152120][T15540]  ? __pfx_genl_start+0x10/0x10
[  760.152137][T15540]  ? __pfx_genl_dumpit+0x10/0x10
[  760.152156][T15540]  ? __pfx_genl_done+0x10/0x10
[  760.152179][T15540]  ? __radix_tree_lookup+0x21f/0x2c0
[  760.152208][T15540]  genl_rcv_msg+0x46e/0x800
[  760.152231][T15540]  ? __pfx_genl_rcv_msg+0x10/0x10
[  760.152253][T15540]  ? __pfx_ethnl_default_start+0x10/0x10
[  760.152278][T15540]  ? __pfx_ethnl_default_dumpit+0x10/0x10
[  760.152302][T15540]  ? __pfx_ethnl_default_done+0x10/0x10
[  760.152330][T15540]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  760.152358][T15540]  netlink_rcv_skb+0x155/0x420
[  760.152377][T15540]  ? __pfx_genl_rcv_msg+0x10/0x10
[  760.152399][T15540]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  760.152436][T15540]  genl_rcv+0x28/0x40
[  760.152455][T15540]  netlink_unicast+0x53a/0x7f0
[  760.152477][T15540]  ? __pfx_netlink_unicast+0x10/0x10
[  760.152503][T15540]  netlink_sendmsg+0x8d1/0xdd0
[  760.152527][T15540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  760.152556][T15540]  ____sys_sendmsg+0xa95/0xc70
[  760.152577][T15540]  ? copy_msghdr_from_user+0x10a/0x160
[  760.152602][T15540]  ? __pfx_____sys_sendmsg+0x10/0x10
[  760.152634][T15540]  ___sys_sendmsg+0x134/0x1d0
[  760.152660][T15540]  ? __pfx____sys_sendmsg+0x10/0x10
[  760.152683][T15540]  ? __lock_acquire+0x622/0x1c90
[  760.152735][T15540]  __sys_sendmsg+0x16d/0x220
[  760.152760][T15540]  ? __pfx___sys_sendmsg+0x10/0x10
[  760.152803][T15540]  do_syscall_64+0xcd/0x4c0
[  760.152831][T15540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  760.152849][T15540] RIP: 0033:0x7f9b2ff8e929
[  760.152864][T15540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  760.152881][T15540] RSP: 002b:00007f9b30dcd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  760.152900][T15540] RAX: ffffffffffffffda RBX: 00007f9b301b6080 RCX: 00007f9b2ff8e929
[  760.152911][T15540] RDX: 0000000000000000 RSI: 00002000000007c0 RDI: 0000000000000003
[  760.152922][T15540] RBP: 00007f9b30dcd090 R08: 0000000000000000 R09: 0000000000000000
[  760.152933][T15540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  760.152944][T15540] R13: 0000000000000000 R14: 00007f9b301b6080 R15: 00007fffa9816088
[  760.152969][T15540]  </TASK>
[  760.467934][    C0] vkms_vblank_simulate: vblank timer overrun
[  760.738772][ T5836] Bluetooth: hci1: command tx timeout
[  761.038008][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  761.048171][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  761.060241][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  761.068592][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  761.076424][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  761.144032][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2724'.
[  761.265093][T15545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2724'.
[  761.645098][T15542] Failed to initialize the IGMP autojoin socket (err -2)
[  762.619350][T15561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2727'.
[  763.012870][ T5836] Bluetooth: hci1: command tx timeout
[  763.320017][ T5836] Bluetooth: hci5: command tx timeout
[  763.329391][   T30] audit: type=1400 audit(1751828009.150:1637): avc:  denied  { relabelfrom } for  pid=15542 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  763.448778][   T30] audit: type=1400 audit(1751828009.280:1638): avc:  denied  { relabelto } for  pid=15542 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  764.365220][   T30] audit: type=1400 audit(1751828010.300:1639): avc:  denied  { connect } for  pid=15569 comm="syz.0.2730" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  764.562596][T15469] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.345744][   T10] usb 4-1: new high-speed USB device number 91 using dummy_hcd
[  765.564849][   T10] usb 4-1: Using ep0 maxpacket: 16
[  765.787721][   T30] audit: type=1400 audit(1751828011.740:1640): avc:  denied  { read } for  pid=15583 comm="syz.2.2734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  765.968660][T15469] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  765.979481][   T10] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  765.994810][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  766.036580][   T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  766.078150][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  766.095251][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.114823][   T10] usb 4-1: Product: syz
[  766.125100][   T10] usb 4-1: Manufacturer: syz
[  766.129742][   T10] usb 4-1: SerialNumber: syz
[  766.156402][T15469] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.272615][T15469] netdevsim netdevsim4  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  766.294540][ T5840] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  766.307737][ T5840] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  766.317036][ T5840] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  766.325476][ T5840] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  766.333132][ T5840] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  766.352826][T15588] Failed to initialize the IGMP autojoin socket (err -2)
[  766.854418][   T10] usb 4-1: 0:2 : does not exist
[  767.534648][   T30] audit: type=1400 audit(1751828013.480:1641): avc:  denied  { relabelfrom } for  pid=15592 comm="syz.2.2737" name="" dev="pipefs" ino=47676 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  767.595291][   T10] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  767.978858][   T10] usb 4-1: USB disconnect, device number 91
[  767.987500][T15469] netdevsim netdevsim4 netdevsim0: renamed from eth1
[  768.112519][T15469] netdevsim netdevsim4 netdevsim1: renamed from eth2
[  768.201058][T15469] netdevsim netdevsim4 netdevsim2: renamed from eth3
[  768.579845][T15607] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  771.149502][T15469] netdevsim netdevsim4 netdevsim3: renamed from eth4
[  771.298368][T15615] 9pnet_fd: Insufficient options for proto=fd
[  771.419014][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  771.438924][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  771.449435][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  771.475500][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  771.631855][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  771.798561][T15624] Failed to initialize the IGMP autojoin socket (err -2)
[  771.948648][T15469] 8021q: adding VLAN 0 to HW filter on device team0
[  772.009964][T10603] bridge0: port 1(bridge_slave_0) entered blocking state
[  772.017202][T10603] bridge0: port 1(bridge_slave_0) entered forwarding state
[  772.092372][T10580] bridge0: port 2(bridge_slave_1) entered blocking state
[  772.099522][T10580] bridge0: port 2(bridge_slave_1) entered forwarding state
[  772.396440][   T10] usb 4-1: new high-speed USB device number 92 using dummy_hcd
[  772.567782][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  772.595091][T15636] FAULT_INJECTION: forcing a failure.
[  772.595091][T15636] name failslab, interval 1, probability 0, space 0, times 0
[  772.614890][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  772.646879][   T10] usb 4-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  772.660848][T15636] CPU: 0 UID: 0 PID: 15636 Comm: syz.2.2746 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  772.660874][T15636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  772.660884][T15636] Call Trace:
[  772.660890][T15636]  <TASK>
[  772.660897][T15636]  dump_stack_lvl+0x16c/0x1f0
[  772.660924][T15636]  should_fail_ex+0x512/0x640
[  772.660952][T15636]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  772.660979][T15636]  should_failslab+0xc2/0x120
[  772.661005][T15636]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  772.661029][T15636]  ? genl_rcv_msg+0x46e/0x800
[  772.661049][T15636]  ? netlink_rcv_skb+0x155/0x420
[  772.661065][T15636]  ? __alloc_skb+0x2b2/0x380
[  772.661093][T15636]  __alloc_skb+0x2b2/0x380
[  772.661115][T15636]  ? __pfx___alloc_skb+0x10/0x10
[  772.661149][T15636]  netlink_dump+0x678/0xce0
[  772.661182][T15636]  ? __pfx_netlink_dump+0x10/0x10
[  772.661218][T15636]  ? __asan_memset+0x23/0x50
[  772.661239][T15636]  ? genl_start+0x67f/0x980
[  772.661263][T15636]  __netlink_dump_start+0x6d6/0x990
[  772.661284][T15636]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  772.661307][T15636]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  772.661337][T15636]  ? __pfx_genl_start+0x10/0x10
[  772.661355][T15636]  ? __pfx_genl_dumpit+0x10/0x10
[  772.661373][T15636]  ? __pfx_genl_done+0x10/0x10
[  772.661394][T15636]  ? bpf_lsm_capable+0x9/0x10
[  772.661413][T15636]  ? security_capable+0x7e/0x260
[  772.661436][T15636]  ? ns_capable+0xd7/0x110
[  772.661461][T15636]  genl_rcv_msg+0x46e/0x800
[  772.661485][T15636]  ? __pfx_genl_rcv_msg+0x10/0x10
[  772.661507][T15636]  ? __pfx_batadv_tt_local_dump+0x10/0x10
[  772.661541][T15636]  netlink_rcv_skb+0x155/0x420
[  772.661558][T15636]  ? __pfx_genl_rcv_msg+0x10/0x10
[  772.661580][T15636]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  772.661609][T15636]  ? netlink_deliver_tap+0x1ae/0xd30
[  772.661641][T15636]  genl_rcv+0x28/0x40
[  772.661660][T15636]  netlink_unicast+0x53a/0x7f0
[  772.661681][T15636]  ? __pfx_netlink_unicast+0x10/0x10
[  772.661707][T15636]  netlink_sendmsg+0x8d1/0xdd0
[  772.661731][T15636]  ? __pfx_netlink_sendmsg+0x10/0x10
[  772.661760][T15636]  ____sys_sendmsg+0xa95/0xc70
[  772.661785][T15636]  ? copy_msghdr_from_user+0x10a/0x160
[  772.661810][T15636]  ? __pfx_____sys_sendmsg+0x10/0x10
[  772.661842][T15636]  ___sys_sendmsg+0x134/0x1d0
[  772.661874][T15636]  ? __pfx____sys_sendmsg+0x10/0x10
[  772.661900][T15636]  ? __lock_acquire+0x622/0x1c90
[  772.661954][T15636]  __sys_sendmsg+0x16d/0x220
[  772.661971][T15636]  ? __pfx___sys_sendmsg+0x10/0x10
[  772.661996][T15636]  do_syscall_64+0xcd/0x4c0
[  772.662017][T15636]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.662029][T15636] RIP: 0033:0x7f102198e929
[  772.662038][T15636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  772.662049][T15636] RSP: 002b:00007f1022768038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  772.662060][T15636] RAX: ffffffffffffffda RBX: 00007f1021bb6080 RCX: 00007f102198e929
[  772.662068][T15636] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000004
[  772.662074][T15636] RBP: 00007f1022768090 R08: 0000000000000000 R09: 0000000000000000
[  772.662081][T15636] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  772.662087][T15636] R13: 0000000000000000 R14: 00007f1021bb6080 R15: 00007ffcd2b006d8
[  772.662101][T15636]  </TASK>
[  773.036720][T15469] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  773.124864][T15469] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  773.334833][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.344674][   T10] usb 4-1: config 0 descriptor??
[  773.627426][T15640] 9p: Unknown Cache mode or invalid value fscacheg
[  775.085157][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  775.098334][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  775.108385][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  775.119867][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  775.127669][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  775.178676][T10594] bond0 (unregistering): Released all slaves
[  775.840318][T10594] bond1 (unregistering): Released all slaves
[  775.901738][T15655] FAULT_INJECTION: forcing a failure.
[  775.901738][T15655] name failslab, interval 1, probability 0, space 0, times 0
[  775.941693][T15655] CPU: 0 UID: 0 PID: 15655 Comm: syz.0.2749 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  775.941719][T15655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  775.941726][T15655] Call Trace:
[  775.941730][T15655]  <TASK>
[  775.941736][T15655]  dump_stack_lvl+0x16c/0x1f0
[  775.941758][T15655]  should_fail_ex+0x512/0x640
[  775.941774][T15655]  ? fs_reclaim_acquire+0xae/0x150
[  775.941787][T15655]  ? tomoyo_encode2+0x100/0x3e0
[  775.941803][T15655]  should_failslab+0xc2/0x120
[  775.941821][T15655]  __kmalloc_noprof+0xd2/0x510
[  775.941836][T15655]  ? d_absolute_path+0x136/0x1a0
[  775.941851][T15655]  tomoyo_encode2+0x100/0x3e0
[  775.941870][T15655]  tomoyo_encode+0x29/0x50
[  775.941886][T15655]  tomoyo_realpath_from_path+0x18f/0x6e0
[  775.941906][T15655]  tomoyo_path_number_perm+0x245/0x580
[  775.941925][T15655]  ? tomoyo_path_number_perm+0x237/0x580
[  775.941940][T15655]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  775.941956][T15655]  ? find_held_lock+0x2b/0x80
[  775.941982][T15655]  ? find_held_lock+0x2b/0x80
[  775.941996][T15655]  ? hook_file_ioctl_common+0x145/0x410
[  775.942011][T15655]  ? __fget_files+0x20e/0x3c0
[  775.942030][T15655]  security_file_ioctl+0x9b/0x240
[  775.942047][T15655]  __x64_sys_ioctl+0xb7/0x210
[  775.942062][T15655]  do_syscall_64+0xcd/0x4c0
[  775.942080][T15655]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.942092][T15655] RIP: 0033:0x7f9b2ff8e929
[  775.942101][T15655] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  775.942112][T15655] RSP: 002b:00007f9b30dee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  775.942123][T15655] RAX: ffffffffffffffda RBX: 00007f9b301b5fa0 RCX: 00007f9b2ff8e929
[  775.942131][T15655] RDX: 0000200000000240 RSI: 00000000c0305602 RDI: 0000000000000003
[  775.942137][T15655] RBP: 00007f9b30dee090 R08: 0000000000000000 R09: 0000000000000000
[  775.942144][T15655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  775.942150][T15655] R13: 0000000000000000 R14: 00007f9b301b5fa0 R15: 00007fffa9816088
[  775.942165][T15655]  </TASK>
[  775.942177][T15655] ERROR: Out of memory at tomoyo_realpath_from_path.
[  776.334579][T10594] bond2 (unregistering): Released all slaves
[  776.391268][T15469] 8021q: adding VLAN 0 to HW filter on device batadv0
[  776.417031][ T5900] usb 4-1: USB disconnect, device number 92
[  776.484174][T15650] Failed to initialize the IGMP autojoin socket (err -2)
[  776.484890][T10594] tipc: Disabling bearer <udp:syz2>
[  776.531156][T10594] tipc: Disabling bearer <eth:syzkaller0>
[  776.811058][T10594] tipc: Left network mode
[  776.876231][T10594] IPVS: stopping master sync thread 9346 ...
[  777.936163][T10594] Oops: general protection fault, probably for non-canonical address 0xdffffc001fffe000: 0000 [#1] SMP KASAN NOPTI
[  777.948256][T10594] KASAN: probably user-memory-access in range [0x00000000ffff0000-0x00000000ffff0007]
[  777.957774][T10594] CPU: 0 UID: 0 PID: 10594 Comm: kworker/u8:15 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) 
[  777.970082][T10594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  777.980114][T10594] Workqueue: netns cleanup_net
[  777.984863][T10594] RIP: 0010:ip6_mc_clear_src+0x89/0x5a0
[  777.990409][T10594] Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 6e aa 7d f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
[  778.009996][T10594] RSP: 0018:ffffc90004e2f528 EFLAGS: 00010206
[  778.016053][T10594] RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a3e768b
[  778.024010][T10594] RDX: ffff88807c130000 RSI: ffffffff8a3e7612 RDI: 0000000000000005
[  778.031956][T10594] RBP: ffff8880341e5c00 R08: 0000000000000005 R09: 0000000000000000
[  778.039926][T10594] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  778.047887][T10594] R13: ffffed100683cb82 R14: ffff8880341e5c28 R15: 0000000000000001
[  778.055833][T10594] FS:  0000000000000000(0000) GS:ffff888124715000(0000) knlGS:0000000000000000
[  778.064741][T10594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  778.071312][T10594] CR2: 00007fbdd60b2e9c CR3: 000000000e382000 CR4: 00000000003526f0
[  778.079260][T10594] Call Trace:
[  778.082515][T10594]  <TASK>
[  778.085429][T10594]  mld_clear_delrec+0xfb/0x640
[  778.090202][T10594]  ipv6_mc_destroy_dev+0x49/0x690
[  778.095217][T10594]  ? __local_bh_enable_ip+0xa4/0x120
[  778.100492][T10594]  addrconf_ifdown.isra.0+0x13ef/0x1a90
[  778.106014][T10594]  ? __pfx_addrconf_ifdown.isra.0+0x10/0x10
[  778.111883][T10594]  ? tls_dev_event+0xfd/0x10b0
[  778.116622][T10594]  addrconf_notify+0x220/0x19e0
[  778.121462][T10594]  ? ip6mr_device_event+0x1bc/0x230
[  778.126639][T10594]  notifier_call_chain+0xb9/0x410
[  778.131641][T10594]  ? __pfx_addrconf_notify+0x10/0x10
[  778.136912][T10594]  call_netdevice_notifiers_info+0xbe/0x140
[  778.142786][T10594]  unregister_netdevice_many_notify+0xf9d/0x2700
[  778.149114][T10594]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  778.155861][T10594]  ? unregister_netdevice_queue+0x22e/0x3f0
[  778.161734][T10594]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  778.167961][T10594]  default_device_exit_batch+0x853/0xaf0
[  778.173588][T10594]  ? __pfx_default_device_exit_batch+0x10/0x10
[  778.179721][T10594]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  778.185168][T10594]  ? __pfx___might_resched+0x10/0x10
[  778.190455][T10594]  ? __pfx_default_device_exit_batch+0x10/0x10
[  778.196591][T10594]  ops_undo_list+0x363/0xab0
[  778.201166][T10594]  ? __pfx_ops_undo_list+0x10/0x10
[  778.206257][T10594]  ? __local_bh_enable_ip+0xa4/0x120
[  778.211522][T10594]  cleanup_net+0x408/0x890
[  778.215917][T10594]  ? __pfx_cleanup_net+0x10/0x10
[  778.220842][T10594]  ? rcu_is_watching+0x12/0xc0
[  778.225587][T10594]  process_one_work+0x9cf/0x1b70
[  778.230516][T10594]  ? __pfx_batadv_nc_worker+0x10/0x10
[  778.235883][T10594]  ? __pfx_process_one_work+0x10/0x10
[  778.241234][T10594]  ? assign_work+0x1a0/0x250
[  778.245797][T10594]  worker_thread+0x6c8/0xf10
[  778.250366][T10594]  ? __pfx_worker_thread+0x10/0x10
[  778.255450][T10594]  kthread+0x3c2/0x780
[  778.259493][T10594]  ? __pfx_kthread+0x10/0x10
[  778.264055][T10594]  ? rcu_is_watching+0x12/0xc0
[  778.268796][T10594]  ? __pfx_kthread+0x10/0x10
[  778.273360][T10594]  ret_from_fork+0x5d4/0x6f0
[  778.277930][T10594]  ? __pfx_kthread+0x10/0x10
[  778.282498][T10594]  ret_from_fork_asm+0x1a/0x30
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  778.287242][T10594]  </TASK>
[  778.290237][T10594] Modules linked in:
[  778.294362][T10594] ---[ end trace 0000000000000000 ]---
[  778.300740][T10594] RIP: 0010:ip6_mc_clear_src+0x89/0x5a0
[  778.329016][T10594] Code: 49 bc 00 00 00 00 00 fc ff df 48 8d 45 10 49 89 c5 48 89 04 24 49 c1 ed 03 4d 01 e5 eb 32 e8 6e aa 7d f7 48 89 d8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 80 04 00 00 4c 8b 3b 48 8d 7b 30 48 89 de e8
[  778.402292][T10594] RSP: 0018:ffffc90004e2f528 EFLAGS: 00010206
[  778.423805][T10594] RAX: 000000001fffe000 RBX: 00000000ffff0000 RCX: ffffffff8a3e768b
[  778.438719][T10594] RDX: ffff88807c130000 RSI: ffffffff8a3e7612 RDI: 0000000000000005
[  778.460004][T10594] RBP: ffff8880341e5c00 R08: 0000000000000005 R09: 0000000000000000
[  778.484831][T10594] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  778.492843][T10594] R13: ffffed100683cb82 R14: ffff8880341e5c28 R15: 0000000000000001
[  778.507676][T10594] FS:  0000000000000000(0000) GS:ffff888124715000(0000) knlGS:0000000000000000
[  778.517764][T10594] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  778.536745][T10594] CR2: 00000000fffff400 CR3: 00000000254fc000 CR4: 00000000003526f0
[  778.557140][T10594] Kernel panic - not syncing: Fatal exception
[  778.563428][T10594] Kernel Offset: disabled
[  778.567734][T10594] Rebooting in 86400 seconds..