last executing test programs:

10.334255571s ago: executing program 1 (id=993):
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0xe0f]}, 0x8, 0x80000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
r5 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r5, 0xfffffffffffffffb, r5, 0x1)
getdents(0xffffffffffffffff, &(0x7f0000000300)=""/132, 0x84)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000003c0)={'ip6tnl0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x11, 0x8, 0xffffffd6, 0x6, 0x80000001, 0xfffffff7, 0x6, 0x4, 0x8000}})
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), 0xffffffffffffffff)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)
syz_io_uring_setup(0x6ae9, &(0x7f0000000340)={0x0, 0x40000002, 0x4000}, &(0x7f0000000400), 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='qnx6\x00', 0x208800, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(0xffffffffffffffff, 0x40046721, &(0x7f00000001c0)={r0})
socket$packet(0x11, 0x2, 0x300)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
openat$sw_sync(0xffffffffffffff9c, 0x0, 0x0, 0x0)

9.321723492s ago: executing program 1 (id=995):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) (async, rerun: 64)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2}}]}, 0x1c}}, 0x0) (async)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288d3aaea2bc0000def1260a0000", 0x10) (async, rerun: 32)
accept(r1, 0x0, 0x0) (async, rerun: 32)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x449b}, 0x0) (async)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff}) (async)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async, rerun: 32)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 32)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) (async)
r5 = userfaultfd(0x80801)
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_USER_PASSKEY_NEG_REPLY={{0xf2}, 0x3}}}, 0x7) (async, rerun: 32)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) (async, rerun: 32)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) (async, rerun: 32)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48) (async, rerun: 32)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40}) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async, rerun: 64)
r6 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) (rerun: 64)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8) (async, rerun: 64)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x1000}, 0x18) (rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10)

9.113835665s ago: executing program 1 (id=996):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
geteuid()
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, 0x0, 0x0)
syz_io_uring_setup(0x460, 0x0, &(0x7f00000000c0), &(0x7f0000000000))
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="17000000"], 0x48)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'veth0\x00'})
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r3, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xcf070000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4], 0x1, 0x400})

8.079352604s ago: executing program 1 (id=999):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x0, 0xffe0}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x10, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_DIR={0x5, 0x3, 0x75}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x22, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x18000}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) (fail_nth: 7)

7.901560056s ago: executing program 2 (id=1002):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffddb, &(0x7f00000000c0)=0x800000000000000a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default u3er:sy0000000`04093\x00'], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c4604030003000000000000000002003e"], 0x58)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
flock(0xffffffffffffffff, 0x3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

6.931472905s ago: executing program 1 (id=1004):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)={0x30, r4, 0x5, 0x100000, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x8, 0x49, [0xfac20]}]]}, 0x30}}, 0x4000800)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff0200000000"], 0x50)
syz_emit_ethernet(0xfdef, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000100)='mem_connect\x00', r7, 0x0, 0x3}, 0xfffffffffffffef3)
r8 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
fcntl$setlease(r8, 0x400, 0x0)
fcntl$setlease(r8, 0x400, 0x2)
unshare(0x44040200)
socket$rds(0x15, 0x5, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[], 0x9c}, 0x1, 0x0, 0x0, 0x4}, 0x20000014)
r9 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0)
syz_usb_control_io$uac1(r9, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

6.931053065s ago: executing program 4 (id=1005):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap(&(0x7f00000b3000/0x3000)=nil, 0x3000, 0x2, 0x100010, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r1}, 0x10)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)

6.809581622s ago: executing program 3 (id=1006):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f0000000500)={'erspan0\x00', 0x0, 0x8, 0x7800, 0x0, 0x9, {{0x5, 0x4, 0x2, 0x5, 0x14, 0x65, 0x0, 0x5, 0x4, 0x0, @remote, @multicast2}}}})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRES32=r0], &(0x7f0000000100)='syzkaller\x00', 0x8, 0xb5, &(0x7f0000000140)=""/181, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, &(0x7f0000000080)={0x28, 0x7, 0x0, 0x0, &(0x7f00000002c0)='W', 0x1, 0xffffffff})
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = syz_open_dev$swradio(&(0x7f00000000c0), 0x0, 0x2)
ioctl$VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000040)={0xf0f042})
pread64(r4, &(0x7f0000000400)=""/42, 0x2a, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000001080)=@nat={'nat\x00', 0x670, 0x5, 0x398, 0x0, 0x0, 0xffffffff, 0x0, 0x1a8, 0x300, 0x300, 0xffffffff, 0x300, 0x300, 0x5, 0x0, {[{{@uncond, 0x0, 0xc8, 0x110, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x40000, 0x2, 0x0, 0x7}}, @common=@ttl={{0x28}}]}, @unspec=@DNAT1={0x1f, 'DNAT\x00', 0x1, {0x0, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @ipv4=@dev, @gre_key}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x250}}, {{@ip={@local, @empty, 0xffffffff, 0xff, 'team0\x00', 'veth0\x00', {}, {}, 0x1, 0x3, 0x41}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @gre_key, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x1, 0x3, "d596aeacb7ccdc016935e84e452ad7414d1c88c6b7ce7191116145de25a9"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8)

6.802174753s ago: executing program 0 (id=1007):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x4c, 0x0, &(0x7f0000000200)=[@acquire, @transaction={0x40406300, {0x1, 0xf0ffffff, 0x0, 0x0, 0x20, 0x0, 0x0, 0xf0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

6.711029156s ago: executing program 2 (id=1008):
socket$can_raw(0x1d, 0x3, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x6, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x18)
socket(0x40000000015, 0x5, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x28, 0x5, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x5, 0x5, &(0x7f0000000580)=ANY=[@ANYRES8=r1], 0x0, 0x5b4230ff, 0x0, 0x0, 0x41100, 0x2a, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xf739, @void, @value}, 0x94)
r2 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0xc7ec}, 0x1c)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000004c0)=ANY=[@ANYBLOB="581b0800", @ANYRES16, @ANYBLOB="04002dbd7000f2dbdf254f0000000c00839ced540000680000004c007a8008000400000000181c000200134ecc4d908540c3c8630b918a29360800040004005111335ced5fd94e0800040009000000080004000300000048007a801400010003d869f47d8c428eaa74b31794b4b314b5000400000000000c0003004180081ee4f88f1a080004000c0000000c0003007858754e3c504054080004000800000004007a8020007a800800040005000000140002002929590c"], 0xd8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
sendmsg(r2, &(0x7f00000000c0)={0x0, 0x9521, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0x5dc}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

6.643673119s ago: executing program 0 (id=1009):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x80040005, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x2}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x2000004)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000140)={0x0, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000180)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, r1})
pipe2$watch_queue(&(0x7f0000000240), 0x80)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r2, 0x8b1a, &(0x7f0000000040))

5.958961641s ago: executing program 2 (id=1010):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x4e, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f0000000200), 0xc, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000040)={0x9, 0x1, 0x3, "690600fbff366ccee4ba568eb4f80102f537112c74f6024305f11fd3454ad23d", 0x36314d4e})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_coalesce={0xe, 0x3, 0x300, 0x8001, 0x56d0, 0x400004, 0x1438, 0x8a3, 0x8, 0x8, 0x0, 0x4, 0x800, 0x8, 0xb, 0xe39, 0x8, 0x1, 0x1, 0x1, 0x1, 0x1, 0xfffffffc}})
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a07000000000000000000020000000900010073797a300000002f0034000000030a1c47e95ae5a8000000000000000000010073796a7a30000000001200030091abc12404cf378042f26c43f91f00f313000000020a0900000000000000000000000000140047e77ae47775193eef0000110001000100"/153], 0x90}}, 0x0)

5.142737957s ago: executing program 3 (id=1011):
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004", @ANYRES32=0x0], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xf00}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x20082, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="42000000030000000000000000000000000000000000000021000000000000f52f70726f632f7379732f6e65742f697076342f7673"], 0x42)

5.118179069s ago: executing program 0 (id=1012):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16=r0, @ANYRES64=r0, @ANYRES16=r0], 0x4c}}, 0x4000804)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000021000001000000000000000000"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r5, &(0x7f0000000000), &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

4.923632705s ago: executing program 4 (id=1013):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=@updpolicy={0xc4, 0x19, 0x1, 0x70bd2d, 0x0, {{@in=@multicast1=0xe0000002, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x0, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x0, 0x32}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffb}, {0x0, 0x5, 0x0, 0x400000}, 0x0, 0xff80}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x1}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x810}, 0x0)

4.923019853s ago: executing program 0 (id=1014):
openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_open_dev$swradio(0x0, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x22102, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0xff7ffff7)
r3 = eventfd(0x4)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r2})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r3, 0x3, 0x2, r2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x102, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x0, 0x2, 0x0)
r8 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000340)="5c00000026006bab9a3fe3d86e17aa31103a806b876c1d0000007ea60864160af365040000003800400000000000000017534460bc06000000a705251e6182949a3651fe0a84c9f4d493782f55c24509c5bb5b64f69853362ac34071", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r8, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r9 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "69dcaf20127e9a854528f45826cb35be51ca73845d177dd8dba7221daeccfda56b75cfe286fdd14cb5b11b1cab614fec2236da7d88ea0f0700"}, 0x48, 0xfffffffffffffffe)
keyctl$search(0xa, r9, &(0x7f0000000240)='logon\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0)

4.362206141s ago: executing program 2 (id=1015):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r1, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_PIT2(r2, 0x4070aea0, 0x0)
read(r2, &(0x7f0000000040)=""/148, 0xffffff96)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r4}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
prctl$PR_SET_SECUREBITS(0x1c, 0x2)
r5 = syz_usb_connect$hid(0x4, 0x0, 0x0, &(0x7f0000000380)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x201, 0x9, 0x8c, 0x3, 0x8, 0xf7}, 0xf, &(0x7f0000000200)={0x5, 0xf, 0xf, 0x2, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0x10, 0x4, 0x2, 0x9}]}})
syz_usb_disconnect(r5)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5910fae9d6dcd3292ea54c7b6ef915d564c", 0x15)
accept4(0xffffffffffffffff, 0x0, &(0x7f00000003c0), 0x80000)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x4000)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000015c0)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)

4.346259929s ago: executing program 4 (id=1016):
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e008000000008ff", @ANYRES64=r0], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

4.171604286s ago: executing program 3 (id=1017):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)

2.169868425s ago: executing program 4 (id=1018):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r4, 0x4068aea3, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x43}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={0x0}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a01040000000000000000010000030900010073797a30000000002c000000030a01010000000000000000010000000900010073797a30000000000900030073797a3200000000a0000000060a010400000000000000000100000008000b400000000078000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000400001800c0001006269747769736500300002800800034000200002080001400000001408000240000000120c000780060001002b66000008000640000000030900010073797a3000"], 0x114}}, 0x0)
mount(0x0, 0x0, 0x0, 0x75809, 0x0)
r8 = socket$l2tp6(0xa, 0x2, 0x73)
recvfrom(r8, 0x0, 0x0, 0x10021, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(r0, 0x0, &(0x7f0000000180)={0x2, 0x1}, &(0x7f00000001c0))

2.126695222s ago: executing program 0 (id=1019):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffddb, &(0x7f00000000c0)=0x800000000000000a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default u3er:sy0000000`04093\x00'], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c4604030003000000000000000002003e"], 0x58)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
flock(0xffffffffffffffff, 0x3)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

1.923686947s ago: executing program 3 (id=1020):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000203c0000003c000000020000000000000002000004080000000000000003000000000000000000000003000000000000000000000000000002000000000000000000000004"], 0x0, 0x56, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)

874.86575ms ago: executing program 0 (id=1021):
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
ptrace(0x10, 0x0)
ptrace$pokeuser(0x6, 0x0, 0x358, 0xffff8880b8409000)
r1 = getpid()
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000140)=ANY=[@ANYBLOB, @ANYRES32=r4, @ANYBLOB="20000100", @ANYRES32=r4], 0x38}}, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000480)=@abs={0x0, 0x0, 0x8004e24}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.kill\x00', 0x275a, 0x0)
sendmsg$NL80211_CMD_TDLS_OPER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=ANY=[], 0x38}, 0x1, 0x0, 0x0, 0x20004001}, 0x40010)
fcntl$lock(r7, 0x7, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000003e00f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

873.068608ms ago: executing program 4 (id=1022):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x80040005, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x2}, [@NFULA_CFG_FLAGS={0x6, 0x6, 0x1, 0x0, 0x7}, @NFULA_CFG_CMD={0x5, 0x1, 0x1}]}, 0x24}}, 0x2000004)
ioctl$DRM_IOCTL_MODE_GETENCODER(0xffffffffffffffff, 0xc01464a6, &(0x7f0000000140)={0x0, 0x0, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f0000000180)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0], 0x4, r1})
pipe2$watch_queue(&(0x7f0000000240), 0x80)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r2, 0x8b1a, &(0x7f0000000040))

780.794911ms ago: executing program 2 (id=1023):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x80040005, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xe)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {0x7, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffe08}, {}, {0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0xfffffe00}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xc5}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r1, 0x8b1a, &(0x7f0000000040))

703.524969ms ago: executing program 3 (id=1024):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES16=r0, @ANYRES64=r0, @ANYRES16=r0], 0x4c}}, 0x4000804)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002ac0))
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
openat$tun(0xffffffffffffff9c, &(0x7f0000000300), 0x109140, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.current\x00', 0x26e1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/15, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000021000001000000000000000000"], 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYRES32=r4], 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r5, &(0x7f0000000000), &(0x7f0000000500)=""/64}, 0x20)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

592.779555ms ago: executing program 3 (id=1025):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = creat(&(0x7f0000000380)='./file0\x00', 0xecf86c37d53049e1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0xfffffffffffffddb, &(0x7f00000000c0)=0x800000000000000a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default u3er:sy0000000`04093\x00'], 0x2a, 0x0)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), 0x0, 0x0, 0xfffffffffffffffe)
write$binfmt_elf32(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="7f454c4604030003000000000000000002003e"], 0x58)
close(r1)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r3)
flock(0xffffffffffffffff, 0x3)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r4, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

572.123188ms ago: executing program 2 (id=1026):
fsopen(&(0x7f0000000100)='vfat\x00', 0x0)
syz_open_dev$sndctrl(0x0, 0x4, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@newtaction={0x6c, 0x30, 0x1, 0x300, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8848}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0xe4ff}, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x40000000015, 0x5, 0x0)
shmget$private(0x0, 0x4000, 0x808, &(0x7f0000007000/0x4000)=nil)
r3 = socket$netlink(0x10, 0x3, 0x0)
bind$netlink(r3, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x1, 0x160)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="4c0000000206010800000000000000000000000a04000780050005000a000000050001000700000005000700000000000900020006007a310000000010000300686173683a69702c6d616300"], 0x4c}}, 0x0)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})

499.176753ms ago: executing program 4 (id=1027):
syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_vs\x00')
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
syz_open_procfs(0x0, &(0x7f0000000240)='stack\x00')
socket(0x2, 0x80805, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
dup(r0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101000, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000000000000300", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)

0s ago: executing program 1 (id=1028):
fsopen(&(0x7f0000000100)='vfat\x00', 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
socket$packet(0x11, 0x3, 0x300)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}, 0x40000000}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

n it
[  179.693156][ T5877] usb 5-1: Using ep0 maxpacket: 32
[  179.701617][ T7693] vlan3: left allmulticast mode
[  179.730704][ T5877] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  179.762836][ T7693] bond0: left allmulticast mode
[  179.773000][ T5877] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  179.795645][ T7693] bridge0: port 1(vlan3) entered disabled state
[  179.812906][ T7703] Invalid ELF header type: 2 != 1
[  179.818014][   T30] audit: type=1400 audit(1749600349.900:412): avc:  denied  { module_load } for  pid=7702 comm="syz.0.486" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  179.840019][ T7693] batman_adv: batadv0: Removing interface: geneve2
[  179.852716][ T5877] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  180.006018][ T5877] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  180.056098][ T5877] usb 5-1: config 0 interface 0 has no altsetting 0
[  180.133808][ T5877] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  180.175255][ T5877] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  180.246689][ T5877] usb 5-1: Product: syz
[  180.286657][ T5877] usb 5-1: Manufacturer: syz
[  180.308729][ T5877] usb 5-1: SerialNumber: syz
[  180.354357][ T5877] usb 5-1: config 0 descriptor??
[  180.386576][ T5877] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  180.478901][ T5877] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  180.751053][ T7690] overlayfs: failed to resolve './file1/file0': -2
[  181.320059][ T7713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  181.328921][ T7713] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  181.341287][ T7713] ldusb 5-1:0.0: Write buffer overflow, 2147479232 bytes dropped
[  181.640304][  T973] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  181.817866][  T973] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  181.941963][  T973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  182.030461][  T973] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  182.064642][  T973] usb 3-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  182.083690][ T7738] sctp: [Deprecated]: syz.0.496 (pid 7738) Use of struct sctp_assoc_value in delayed_ack socket option.
[  182.083690][ T7738] Use struct sctp_sack_info instead
[  182.083894][  T973] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.122889][  T973] usb 3-1: Product: syz
[  182.128340][   T30] audit: type=1400 audit(1749600352.210:413): avc:  denied  { create } for  pid=7734 comm="syz.0.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  182.155491][  T973] usb 3-1: Manufacturer: syz
[  182.168520][  T973] usb 3-1: SerialNumber: syz
[  182.197544][  T973] usb 3-1: config 0 descriptor??
[  182.203919][   T30] audit: type=1400 audit(1749600352.210:414): avc:  denied  { write } for  pid=7734 comm="syz.0.496" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  182.360732][   T30] audit: type=1400 audit(1749600352.440:415): avc:  denied  { watch_mount } for  pid=7743 comm="syz.3.497" path="/99" dev="tmpfs" ino=545 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  182.400630][ T5863] usb 5-1: USB disconnect, device number 22
[  182.400651][    C1] ldusb 5-1:0.0: usb_submit_urb failed (-19)
[  182.457863][ T5863] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  182.540090][ T7725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  182.549145][ T7725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  182.684005][ T7756] netlink: 24 bytes leftover after parsing attributes in process `syz.1.501'.
[  182.691748][ T7758] netlink: 12 bytes leftover after parsing attributes in process `syz.4.504'.
[  182.751930][ T7756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.501'.
[  182.878289][ T7766] netlink: 52 bytes leftover after parsing attributes in process `syz.3.507'.
[  183.596764][ T7781] netlink: 28 bytes leftover after parsing attributes in process `syz.3.510'.
[  183.645811][   T30] audit: type=1400 audit(1749600353.680:416): avc:  denied  { read } for  pid=7779 comm="syz.1.509" dev="sockfs" ino=15677 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  184.000896][ T7782] xt_cgroup: xt_cgroup: no path or classid specified
[  184.370883][ T7790] netlink: 1060 bytes leftover after parsing attributes in process `syz.2.512'.
[  184.640753][ T7792] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.925388][ T7792] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.610317][ T5827] Bluetooth: hci3: command 0x0406 tx timeout
[  185.616420][ T5827] Bluetooth: hci1: command 0x0406 tx timeout
[  185.623509][ T5820] Bluetooth: hci4: command 0x0406 tx timeout
[  185.629524][ T5820] Bluetooth: hci0: command 0x0406 tx timeout
[  185.766740][ T7792] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.904112][ T7792] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.936608][ T7806] netlink: 'syz.0.517': attribute type 39 has an invalid length.
[  186.058904][ T7792] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.095791][ T7792] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.145213][ T7792] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.188941][ T7792] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.343093][ T5142] Bluetooth: hci3: unexpected event for opcode 0x202a
[  186.450766][ T7817] netlink: 9 bytes leftover after parsing attributes in process `syz.3.522'.
[  186.489804][ T7817] gretap0: entered promiscuous mode
[  186.695831][ T7817] netlink: 5 bytes leftover after parsing attributes in process `syz.3.522'.
[  186.710834][ T7817] 0ªî{X¹¦: renamed from gretap0
[  186.726414][ T7817] 0ªî{X¹¦: left promiscuous mode
[  186.736705][ T7817] 0ªî{X¹¦: entered allmulticast mode
[  186.747834][ T7817] A link change request failed with some changes committed already. Interface 
30ªî{X¹¦ may have been left with an inconsistent configuration, please check.
[  187.579269][   T30] audit: type=1400 audit(1749600357.660:417): avc:  denied  { read } for  pid=7827 comm="syz.0.524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  188.302905][ T7836] netlink: 'syz.3.528': attribute type 39 has an invalid length.
[  188.370717][    T9] usb 2-1: new low-speed USB device number 10 using dummy_hcd
[  188.387276][ T7844] FAULT_INJECTION: forcing a failure.
[  188.387276][ T7844] name failslab, interval 1, probability 0, space 0, times 0
[  188.402045][ T7844] CPU: 1 UID: 0 PID: 7844 Comm: syz.2.530 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  188.402069][ T7844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  188.402080][ T7844] Call Trace:
[  188.402086][ T7844]  <TASK>
[  188.402092][ T7844]  dump_stack_lvl+0x16c/0x1f0
[  188.402122][ T7844]  should_fail_ex+0x512/0x640
[  188.402149][ T7844]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  188.402175][ T7844]  should_failslab+0xc2/0x120
[  188.402199][ T7844]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  188.402222][ T7844]  ? __alloc_skb+0x2b2/0x380
[  188.402249][ T7844]  __alloc_skb+0x2b2/0x380
[  188.402272][ T7844]  ? __pfx___alloc_skb+0x10/0x10
[  188.402295][ T7844]  ? tcp_diag_get_aux_size+0x2df/0x4e0
[  188.402317][ T7844]  ? find_held_lock+0x2b/0x80
[  188.402345][ T7844]  ? inet_diag_dump_one_icsk+0x221/0x580
[  188.402371][ T7844]  inet_diag_dump_one_icsk+0x243/0x580
[  188.402397][ T7844]  inet_diag_cmd_exact+0x298/0x330
[  188.402417][ T7844]  ? __pfx_inet_diag_cmd_exact+0x10/0x10
[  188.402435][ T7844]  ? stack_trace_save+0x8e/0xc0
[  188.402482][ T7844]  inet_diag_handler_cmd+0x1b8/0x2e0
[  188.402502][ T7844]  ? __pfx_inet_diag_handler_cmd+0x10/0x10
[  188.402523][ T7844]  ? find_held_lock+0x2b/0x80
[  188.402543][ T7844]  ? sock_diag_lock_handler+0x10f/0x2e0
[  188.402573][ T7844]  sock_diag_rcv_msg+0x435/0x790
[  188.402598][ T7844]  netlink_rcv_skb+0x155/0x420
[  188.402617][ T7844]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  188.402641][ T7844]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  188.402669][ T7844]  ? netlink_deliver_tap+0x1ae/0xd30
[  188.402685][ T7844]  ? is_vmalloc_addr+0x86/0xa0
[  188.402710][ T7844]  netlink_unicast+0x53d/0x7f0
[  188.402732][ T7844]  ? __pfx_netlink_unicast+0x10/0x10
[  188.402757][ T7844]  netlink_sendmsg+0x8d1/0xdd0
[  188.402781][ T7844]  ? __pfx_netlink_sendmsg+0x10/0x10
[  188.402809][ T7844]  sock_write_iter+0x4fc/0x5b0
[  188.402830][ T7844]  ? __pfx_sock_write_iter+0x10/0x10
[  188.402861][ T7844]  ? __pfx_file_has_perm+0x10/0x10
[  188.402884][ T7844]  do_iter_readv_writev+0x654/0x950
[  188.402906][ T7844]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  188.402925][ T7844]  ? selinux_file_permission+0x126/0x660
[  188.402951][ T7844]  ? bpf_lsm_file_permission+0x9/0x10
[  188.402978][ T7844]  ? security_file_permission+0x71/0x210
[  188.403003][ T7844]  ? rw_verify_area+0xcf/0x680
[  188.403024][ T7844]  vfs_writev+0x35f/0xde0
[  188.403051][ T7844]  ? __pfx_vfs_writev+0x10/0x10
[  188.403088][ T7844]  ? __fget_files+0x20e/0x3c0
[  188.403119][ T7844]  ? do_writev+0x28c/0x340
[  188.403135][ T7844]  do_writev+0x28c/0x340
[  188.403155][ T7844]  ? __pfx_do_writev+0x10/0x10
[  188.403183][ T7844]  do_syscall_64+0xcd/0x4c0
[  188.403211][ T7844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.403228][ T7844] RIP: 0033:0x7f1e65b8e929
[  188.403243][ T7844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.403260][ T7844] RSP: 002b:00007f1e66ab5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  188.403276][ T7844] RAX: ffffffffffffffda RBX: 00007f1e65db5fa0 RCX: 00007f1e65b8e929
[  188.403288][ T7844] RDX: 0000000000000001 RSI: 0000200000000080 RDI: 0000000000000004
[  188.403298][ T7844] RBP: 00007f1e66ab5090 R08: 0000000000000000 R09: 0000000000000000
[  188.403308][ T7844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.403318][ T7844] R13: 0000000000000000 R14: 00007f1e65db5fa0 R15: 00007ffd198af718
[  188.403348][ T7844]  </TASK>
[  188.680940][    C0] Illegal XDP return value 16128 on prog  (id 78) dev bond_slave_1, expect packet loss!
[  188.774571][ T7847] netlink: 24 bytes leftover after parsing attributes in process `syz.4.531'.
[  188.849636][    T9] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  188.858291][    T9] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  188.882498][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  188.913483][    T9] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 33, using maximum allowed: 30
[  188.935412][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 is Bulk; changing to Interrupt
[  188.957235][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  188.975877][ T7847] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7847 comm=syz.4.531
[  188.988864][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  189.019380][    T9] usb 2-1: string descriptor 0 read error: -22
[  189.029907][    T9] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=c3.de
[  189.039254][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.097997][    T9] usb 2-1: config 0 descriptor??
[  189.111403][    T9] hub 2-1:0.0: bad descriptor, ignoring hub
[  189.114178][   T30] audit: type=1400 audit(1749600359.200:418): avc:  denied  { write } for  pid=7852 comm="syz.4.533" name="ppp" dev="devtmpfs" ino=710 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  189.117317][    T9] hub 2-1:0.0: probe with driver hub failed with error -5
[  189.666426][   T30] audit: type=1400 audit(1749600359.740:419): avc:  denied  { bind } for  pid=7833 comm="syz.1.527" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  190.403651][ T7863] netlink: 'syz.0.535': attribute type 2 has an invalid length.
[  190.611565][ T7863] vlan2: entered promiscuous mode
[  190.650276][ T7863] vlan2: entered allmulticast mode
[  190.677437][ T7863] hsr_slave_1: entered allmulticast mode
[  190.881744][  T976] usb 2-1: USB disconnect, device number 10
[  190.960408][    T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  191.190215][    T9] usb 5-1: Using ep0 maxpacket: 16
[  191.571698][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  191.583162][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  191.596796][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  191.605935][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.615709][    T9] usb 5-1: config 0 descriptor??
[  192.135449][    T9] kovaplus 0003:1E7D:2D50.0004: item fetching failed at offset 0/3
[  192.146140][    T9] kovaplus 0003:1E7D:2D50.0004: parse failed
[  192.153274][    T9] kovaplus 0003:1E7D:2D50.0004: probe with driver kovaplus failed with error -22
[  192.230219][ T5897] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  192.295434][ T7888] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  192.330242][  T976] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  192.347039][ T5854] usb 5-1: USB disconnect, device number 23
[  192.380201][ T5897] usb 1-1: Using ep0 maxpacket: 16
[  192.386755][ T5897] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  192.397190][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  192.409060][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  192.419236][ T5897] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  192.435225][ T5897] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  192.449266][ T5897] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  192.460996][ T5897] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  192.469385][ T5897] usb 1-1: Manufacturer: syz
[  192.510443][  T976] usb 2-1: Using ep0 maxpacket: 8
[  192.518460][  T976] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  192.531630][  T976] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  192.543877][  T976] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  192.554750][  T976] usb 2-1: Product: syz
[  192.558913][  T976] usb 2-1: Manufacturer: syz
[  192.565682][  T976] usb 2-1: SerialNumber: syz
[  192.604691][ T5897] usb 1-1: config 0 descriptor??
[  192.770716][ T7893] netlink: 24 bytes leftover after parsing attributes in process `syz.2.543'.
[  192.820374][  T976] usb 2-1: Invalid connection information received from device
[  192.844040][ T5142] Bluetooth: hci4: unexpected event for opcode 0x080f
[  193.473266][ T5897] rc_core: IR keymap rc-hauppauge not found
[  193.496090][ T5897] Registered IR keymap rc-empty
[  193.516343][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  193.535881][ T7900] batman_adv: batadv0: Removing interface: dummy0
[  193.547285][ T7900] bridge_slave_0: left allmulticast mode
[  193.556106][ T7900] bridge_slave_0: left promiscuous mode
[  193.562306][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  193.573479][ T7900] bridge0: port 1(bridge_slave_0) entered disabled state
[  193.777630][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  193.781728][ T5897] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  194.017233][ T5897] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input17
[  194.048494][ T7900] bridge_slave_1: left allmulticast mode
[  194.062047][ T7900] bridge_slave_1: left promiscuous mode
[  194.067968][ T7900] bridge0: port 2(bridge_slave_1) entered disabled state
[  194.084212][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.094754][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.111702][ T7900] bond0: (slave bond_slave_1): Releasing backup interface
[  194.132070][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.151713][ T7900] team0: Port device team_slave_0 removed
[  194.162740][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.163949][ T7900] team0: Port device team_slave_1 removed
[  194.177289][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  194.185184][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_0
[  194.202756][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.205120][ T7900] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  194.240375][ T7900] batman_adv: batadv0: Removing interface: batadv_slave_1
[  194.252361][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.291817][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.335618][ T7902] bridge0: port 1(vlan3) entered blocking state
[  194.363749][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.371155][ T7902] bridge0: port 1(vlan3) entered disabled state
[  194.385206][ T7902] vlan3: entered allmulticast mode
[  194.399864][ T7902] bond0: entered allmulticast mode
[  194.407292][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.434506][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.445603][ T7902] vlan3: entered promiscuous mode
[  194.455746][ T7902] bond0: entered promiscuous mode
[  194.470519][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.493733][ T5897] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  194.532072][ T5897] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  194.549823][ T5897] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  194.578704][ T5897] usb 1-1: USB disconnect, device number 11
[  194.787477][   T24] usb 2-1: USB disconnect, device number 11
[  195.975491][ T7931] netlink: 'syz.1.554': attribute type 39 has an invalid length.
[  196.160653][ T5897] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  196.336629][ T5897] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  196.354617][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.379155][ T5897] usb 5-1: config 0 descriptor??
[  196.894110][ T5816] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  196.902779][ T5816] Bluetooth: hci4: Injecting HCI hardware error event
[  196.912235][ T5821] Bluetooth: hci4: hardware error 0x00
[  196.972449][ T5816] Bluetooth: hci2: command 0x0405 tx timeout
[  197.084542][ T7949] xt_l2tp: v2 sid > 0xffff: 262144
[  197.601689][ T7929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.630573][ T7929] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.195795][   T30] audit: type=1326 audit(1749600368.280:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7955 comm="syz.2.561" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e65b8e929 code=0x0
[  198.713674][ T5854] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  198.727428][ T5897] pegasus 5-1:0.0: can't reset MAC
[  198.732969][ T5897] pegasus 5-1:0.0: probe with driver pegasus failed with error -5
[  198.744677][ T5897] usb 5-1: USB disconnect, device number 24
[  198.970213][ T5821] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  199.700235][ T7968] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  199.742253][ T5854] usb 1-1: Using ep0 maxpacket: 8
[  199.762080][ T5854] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  199.784929][ T5854] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  199.796947][ T5854] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  199.815453][ T5854] usb 1-1: Product: syz
[  199.827165][ T5854] usb 1-1: Manufacturer: syz
[  199.955627][ T5854] usb 1-1: SerialNumber: syz
[  200.217102][ T5854] usb 1-1: Invalid connection information received from device
[  200.559795][ T7976] netlink: 'syz.4.566': attribute type 39 has an invalid length.
[  200.653037][ T7979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.567'.
[  200.666066][ T7979] bond0: entered allmulticast mode
[  200.673426][ T7979] bond_slave_0: entered allmulticast mode
[  200.679269][ T7979] bond_slave_1: entered allmulticast mode
[  200.685317][ T7979] team0: entered allmulticast mode
[  200.692094][ T7979] team_slave_0: entered allmulticast mode
[  200.702888][ T7979] team_slave_1: entered allmulticast mode
[  201.061978][   T30] audit: type=1400 audit(1749600371.090:421): avc:  denied  { associate } for  pid=7989 comm="syz.4.570" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  201.225960][ T7992] nbd: must specify at least one socket
[  201.323930][ T7993] block nbd4: not configured, cannot reconfigure
[  201.390415][ T5897] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  201.439354][   T24] usb 1-1: USB disconnect, device number 12
[  201.550410][ T5897] usb 2-1: Using ep0 maxpacket: 32
[  201.566898][ T5897] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  201.591779][ T5897] usb 2-1: config 0 has no interface number 0
[  201.610823][ T5897] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  201.633562][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.649421][ T5897] usb 2-1: Product: syz
[  201.669944][ T5897] usb 2-1: Manufacturer: syz
[  201.675088][ T5897] usb 2-1: SerialNumber: syz
[  201.682445][ T5897] usb 2-1: config 0 descriptor??
[  201.691850][ T5897] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  201.796230][   T30] audit: type=1400 audit(1749600371.880:422): avc:  denied  { setopt } for  pid=8000 comm="syz.3.575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  202.000686][ T5897] usb 2-1: qt2_attach - failed to power on unit: -71
[  202.007618][ T5897] quatech2 2-1:0.51: probe with driver quatech2 failed with error -71
[  202.018540][ T5897] usb 2-1: USB disconnect, device number 12
[  202.059749][ T8008] FAULT_INJECTION: forcing a failure.
[  202.059749][ T8008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.099891][ T8009] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  202.176027][ T8008] CPU: 0 UID: 0 PID: 8008 Comm: syz.0.574 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  202.176058][ T8008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  202.176068][ T8008] Call Trace:
[  202.176074][ T8008]  <TASK>
[  202.176081][ T8008]  dump_stack_lvl+0x16c/0x1f0
[  202.176113][ T8008]  should_fail_ex+0x512/0x640
[  202.176147][ T8008]  _copy_from_iter+0x29f/0x16f0
[  202.176178][ T8008]  ? __alloc_skb+0x200/0x380
[  202.176204][ T8008]  ? __pfx__copy_from_iter+0x10/0x10
[  202.176231][ T8008]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  202.176263][ T8008]  netlink_sendmsg+0x829/0xdd0
[  202.176288][ T8008]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.176320][ T8008]  ____sys_sendmsg+0xa98/0xc70
[  202.176341][ T8008]  ? copy_msghdr_from_user+0x10a/0x160
[  202.176366][ T8008]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.176388][ T8008]  ? lockdep_hardirqs_on+0x7c/0x110
[  202.176413][ T8008]  ? finish_task_switch.isra.0+0x221/0xc10
[  202.176437][ T8008]  ? rcu_is_watching+0x12/0xc0
[  202.176461][ T8008]  ___sys_sendmsg+0x134/0x1d0
[  202.176488][ T8008]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.176511][ T8008]  ? __lock_acquire+0x622/0x1c90
[  202.176567][ T8008]  __sys_sendmsg+0x16d/0x220
[  202.176593][ T8008]  ? __pfx___sys_sendmsg+0x10/0x10
[  202.176621][ T8008]  ? vfs_write+0x454/0x1150
[  202.176663][ T8008]  do_syscall_64+0xcd/0x4c0
[  202.176692][ T8008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.176711][ T8008] RIP: 0033:0x7fc24df8e929
[  202.176724][ T8008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.176741][ T8008] RSP: 002b:00007fc24ed24038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  202.176758][ T8008] RAX: ffffffffffffffda RBX: 00007fc24e1b6080 RCX: 00007fc24df8e929
[  202.176770][ T8008] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  202.176780][ T8008] RBP: 00007fc24ed24090 R08: 0000000000000000 R09: 0000000000000000
[  202.176790][ T8008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.176800][ T8008] R13: 0000000000000001 R14: 00007fc24e1b6080 R15: 00007fff550f4938
[  202.176825][ T8008]  </TASK>
[  202.539024][   T30] audit: type=1400 audit(1749600372.620:423): avc:  denied  { ioctl } for  pid=8013 comm="syz.4.578" path="socket:[16523]" dev="sockfs" ino=16523 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  202.572970][ T8019] netlink: 'syz.0.579': attribute type 39 has an invalid length.
[  202.731303][  T973] iguanair 3-1:0.0: failed to get version
[  202.737506][  T973] iguanair 3-1:0.0: probe with driver iguanair failed with error -110
[  202.761087][  T973] usb 3-1: USB disconnect, device number 11
[  202.770260][ T6082] udevd[6082]: failed to send result of seq 12872 to main daemon: Connection refused
[  203.060384][ T5877] usb 4-1: new full-speed USB device number 14 using dummy_hcd
[  203.089987][  T973] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  203.275687][ T5877] usb 4-1: config 0 has an invalid interface number: 189 but max is 0
[  203.308176][  T973] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  203.350437][ T5877] usb 4-1: config 0 has no interface number 0
[  203.363400][  T973] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.371609][ T5877] usb 4-1: config 0 interface 189 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  203.385754][ T5877] usb 4-1: config 0 interface 189 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  203.399416][  T973] usb 3-1: config 0 descriptor??
[  203.409020][ T5877] usb 4-1: config 0 interface 189 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 64
[  203.423335][ T5877] usb 4-1: config 0 interface 189 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  203.433641][ T5877] usb 4-1: config 0 interface 189 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  203.455867][ T5877] usb 4-1: New USB device found, idVendor=07b4, idProduct=010a, bcdDevice= 1.02
[  203.466580][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  203.591586][ T5877] usb 4-1: Product: syz
[  203.595826][ T5877] usb 4-1: Manufacturer: syz
[  203.601790][ T5877] usb 4-1: SerialNumber: syz
[  203.609166][ T5877] usb 4-1: config 0 descriptor??
[  203.615525][ T8026] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  203.624375][ T5877] ums-alauda 4-1:0.189: USB Mass Storage device detected
[  203.652977][ T5877] scsi host1: usb-storage 4-1:0.189
[  203.851512][  T976] usb 4-1: USB disconnect, device number 14
[  203.968691][ T8044] overlayfs: overlapping lowerdir path
[  204.152513][ T8048] netlink: 'syz.4.586': attribute type 12 has an invalid length.
[  204.160565][ T8048] netlink: 'syz.4.586': attribute type 11 has an invalid length.
[  204.168331][ T8048] netlink: 224 bytes leftover after parsing attributes in process `syz.4.586'.
[  204.494522][ T8047] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  204.721464][ T7995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  204.795082][ T7995] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  205.086031][ T8055] netlink: 'syz.1.590': attribute type 39 has an invalid length.
[  205.190437][ T5821] Bluetooth: hci2: ACL packet for unknown connection handle 201
[  205.460384][ T5877] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  205.641813][ T5877] usb 5-1: config 0 has an invalid interface number: 6 but max is 0
[  205.662753][ T5877] usb 5-1: config 0 has no interface number 0
[  205.668911][ T5877] usb 5-1: New USB device found, idVendor=12d1, idProduct=109b, bcdDevice=4b.ba
[  205.692268][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.693496][  T973] pegasus 3-1:0.0: can't reset MAC
[  205.721239][  T973] pegasus 3-1:0.0: probe with driver pegasus failed with error -5
[  205.735043][ T5877] usb 5-1: config 0 descriptor??
[  205.783402][ T5877] option 5-1:0.6: GSM modem (1-port) converter detected
[  205.803381][  T973] usb 3-1: USB disconnect, device number 12
[  205.986963][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.011837][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.108770][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.311036][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.356833][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.377516][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.401234][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.423193][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  206.435160][ T8060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  206.443945][ T8060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  207.776783][ T5877] usb 1-1: new low-speed USB device number 13 using dummy_hcd
[  207.920243][  T973] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  207.935858][ T5877] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  207.971649][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  208.032009][ T5877] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  208.086899][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  208.098363][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  208.110907][ T5877] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  208.118541][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  208.129846][ T5877] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  208.141744][  T973] usb 4-1: Using ep0 maxpacket: 16
[  208.147133][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  208.158994][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  208.174371][ T5877] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  208.182458][  T973] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  208.191654][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  208.202573][  T973] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  208.208654][ T5897] usb 5-1: USB disconnect, device number 25
[  208.210744][ T5877] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  208.232623][  T973] usb 4-1: Product: syz
[  208.240215][  T973] usb 4-1: Manufacturer: syz
[  208.244919][  T973] usb 4-1: SerialNumber: syz
[  208.249655][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  208.263859][  T973] usb 4-1: config 0 descriptor??
[  208.269016][ T5877] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  208.297551][ T8113] overlayfs: overlapping lowerdir path
[  208.311988][ T5877] usb 1-1: string descriptor 0 read error: -22
[  208.321043][ T5877] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  208.337299][ T5877] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.371119][ T5877] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  208.378544][ T5897] option 5-1:0.6: device disconnected
[  209.143599][ T8121] netlink: 'syz.0.604': attribute type 2 has an invalid length.
[  209.625573][ T8126] syz.4.610: attempt to access beyond end of device
[  209.625573][ T8126] nbd4: rw=0, sector=1, nr_sectors = 1 limit=0
[  209.870368][ T8126] qnx4: unable to read the superblock
[  210.087399][ T8138] netlink: 892 bytes leftover after parsing attributes in process `syz.4.614'.
[  210.840698][ T5897] usb 4-1: USB disconnect, device number 15
[  210.844316][ T5921] usb 3-1: new full-speed USB device number 13 using dummy_hcd
[  210.912310][  T976] usb 1-1: USB disconnect, device number 13
[  211.049222][ T8154] netlink: 8 bytes leftover after parsing attributes in process `syz.1.621'.
[  211.067646][ T8155] netlink: 28 bytes leftover after parsing attributes in process `syz.4.620'.
[  211.079561][ T8154] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0
[  211.089540][ T8154] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  211.099851][ T8154] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  211.109350][ T8154] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  211.123374][ T8154] geneve3: entered promiscuous mode
[  211.128656][ T8154] geneve3: entered allmulticast mode
[  211.192550][ T5921] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  211.204582][ T5921] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  211.215487][ T5921] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  211.224823][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.236964][ T5921] usb 3-1: Product: syz
[  211.243421][ T5921] usb 3-1: Manufacturer: syz
[  211.251317][ T5921] usb 3-1: SerialNumber: syz
[  211.336271][ T8163] netlink: 'syz.0.619': attribute type 33 has an invalid length.
[  211.623785][ T8166] overlayfs: overlapping lowerdir path
[  211.728555][ T5921] usb 3-1: 0:2 : does not exist
[  211.954407][ T5921] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  211.987502][ T5921] usb 3-1: USB disconnect, device number 13
[  212.077976][ T8170] netlink: 892 bytes leftover after parsing attributes in process `syz.3.626'.
[  212.470325][   T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  212.644377][   T24] usb 4-1: Using ep0 maxpacket: 16
[  212.709960][   T24] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  212.723184][   T24] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  212.731640][   T24] usb 4-1: Product: syz
[  212.736084][   T24] usb 4-1: Manufacturer: syz
[  212.741314][   T24] usb 4-1: SerialNumber: syz
[  212.775449][   T24] usb 4-1: config 0 descriptor??
[  212.872119][ T8185] netlink: 16 bytes leftover after parsing attributes in process `syz.0.630'.
[  212.906655][ T8185] netlink: 64 bytes leftover after parsing attributes in process `syz.0.630'.
[  213.258524][ T8189] netlink: 'syz.0.631': attribute type 10 has an invalid length.
[  213.335682][ T8189] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  213.968080][ T8200] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  214.058101][ T8204] netlink: 892 bytes leftover after parsing attributes in process `syz.2.638'.
[  214.175582][ T8202] xt_CT: You must specify a L4 protocol and not use inversions on it
[  214.330222][ T5897] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  214.480361][ T5897] usb 2-1: Using ep0 maxpacket: 8
[  214.497106][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 49, changing to 9
[  214.512310][ T8217] netlink: 36 bytes leftover after parsing attributes in process `syz.0.641'.
[  214.513020][ T5897] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 26185, setting to 1024
[  214.539594][ T5897] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  214.736403][ T8221] netlink: 48 bytes leftover after parsing attributes in process `syz.2.642'.
[  214.853825][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.904359][ T5897] usb 2-1: config 0 descriptor??
[  214.915446][ T8200] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  215.149808][ T8227] kvm: Disabled LAPIC found during irq injection
[  215.215993][ T8236] netlink: 76 bytes leftover after parsing attributes in process `syz.0.647'.
[  215.322796][ T5921] usb 4-1: USB disconnect, device number 16
[  215.331571][ T5897] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  215.462444][ T8242] netlink: 28 bytes leftover after parsing attributes in process `syz.3.648'.
[  215.738389][   T30] audit: type=1400 audit(1749600385.810:424): avc:  denied  { audit_write } for  pid=8239 comm="syz.0.649" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  215.768055][ T5921] usb 2-1: USB disconnect, device number 13
[  215.836728][   T30] audit: type=1400 audit(1749600385.920:425): avc:  denied  { create } for  pid=8245 comm="syz.2.650" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  216.143146][ T8252] vlan4: entered promiscuous mode
[  216.148194][ T8252] bridge0: entered promiscuous mode
[  216.273663][ T8258] netlink: 24 bytes leftover after parsing attributes in process `syz.2.654'.
[  216.413385][ T8258] netlink: 4 bytes leftover after parsing attributes in process `syz.2.654'.
[  216.986263][ T8267] netlink: 52 bytes leftover after parsing attributes in process `syz.3.656'.
[  217.117716][ T8272] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.658'.
[  217.381431][ T5921] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  217.420172][  T973] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  217.510181][   T24] usb 4-1: new full-speed USB device number 17 using dummy_hcd
[  217.540242][ T5897] usb 2-1: new low-speed USB device number 14 using dummy_hcd
[  217.540281][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  217.554270][  T973] usb 3-1: device descriptor read/64, error -71
[  217.566112][ T5921] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  217.575585][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  217.583798][ T5921] usb 5-1: Product: syz
[  217.587948][ T5921] usb 5-1: Manufacturer: syz
[  217.593697][ T5921] usb 5-1: SerialNumber: syz
[  217.599807][ T5921] usb 5-1: config 0 descriptor??
[  217.673116][   T24] usb 4-1: config 0 has no interfaces?
[  217.681620][   T24] usb 4-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  217.691748][ T5897] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  217.692976][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  217.709785][   T24] usb 4-1: Product: syz
[  217.711619][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.714061][   T24] usb 4-1: Manufacturer: syz
[  217.726723][   T24] usb 4-1: SerialNumber: syz
[  217.727367][ T5897] usb 2-1: config 0 descriptor??
[  217.733135][   T24] usb 4-1: config 0 descriptor??
[  217.800216][  T973] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  217.940364][  T973] usb 3-1: device descriptor read/64, error -71
[  217.967557][   T24] usb 4-1: USB disconnect, device number 17
[  218.396798][  T973] usb usb3-port1: attempt power cycle
[  218.523849][ T8290] FAULT_INJECTION: forcing a failure.
[  218.523849][ T8290] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  218.537334][ T8290] CPU: 0 UID: 0 PID: 8290 Comm: syz.3.665 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  218.537358][ T8290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  218.537368][ T8290] Call Trace:
[  218.537373][ T8290]  <TASK>
[  218.537380][ T8290]  dump_stack_lvl+0x16c/0x1f0
[  218.537410][ T8290]  should_fail_ex+0x512/0x640
[  218.537441][ T8290]  _copy_from_iter+0x29f/0x16f0
[  218.537469][ T8290]  ? __alloc_skb+0x200/0x380
[  218.537493][ T8290]  ? __pfx__copy_from_iter+0x10/0x10
[  218.537515][ T8290]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  218.537538][ T8290]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  218.537571][ T8290]  netlink_sendmsg+0x829/0xdd0
[  218.537595][ T8290]  ? __pfx_netlink_sendmsg+0x10/0x10
[  218.537624][ T8290]  ____sys_sendmsg+0xa98/0xc70
[  218.537644][ T8290]  ? copy_msghdr_from_user+0x10a/0x160
[  218.537669][ T8290]  ? __pfx_____sys_sendmsg+0x10/0x10
[  218.537701][ T8290]  ___sys_sendmsg+0x134/0x1d0
[  218.537727][ T8290]  ? __pfx____sys_sendmsg+0x10/0x10
[  218.537750][ T8290]  ? __lock_acquire+0x622/0x1c90
[  218.537824][ T8290]  __sys_sendmsg+0x16d/0x220
[  218.537851][ T8290]  ? __pfx___sys_sendmsg+0x10/0x10
[  218.537893][ T8290]  do_syscall_64+0xcd/0x4c0
[  218.537921][ T8290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  218.537944][ T8290] RIP: 0033:0x7fac4298e929
[  218.537959][ T8290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  218.537975][ T8290] RSP: 002b:00007fac4389e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  218.537991][ T8290] RAX: ffffffffffffffda RBX: 00007fac42bb5fa0 RCX: 00007fac4298e929
[  218.538002][ T8290] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  218.538012][ T8290] RBP: 00007fac4389e090 R08: 0000000000000000 R09: 0000000000000000
[  218.538022][ T8290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  218.538032][ T8290] R13: 0000000000000000 R14: 00007fac42bb5fa0 R15: 00007fff7c90d7d8
[  218.538056][ T8290]  </TASK>
[  218.810973][  T973] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  218.843237][  T973] usb 3-1: device descriptor read/8, error -71
[  219.070222][   T24] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  219.090177][  T973] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  219.110586][  T973] usb 3-1: device descriptor read/8, error -71
[  219.257342][  T973] usb usb3-port1: unable to enumerate USB device
[  219.270181][   T24] usb 4-1: Using ep0 maxpacket: 32
[  219.276637][   T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  219.287261][   T24] usb 4-1: config 0 has no interface number 0
[  219.298905][   T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  219.312219][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  219.320745][   T24] usb 4-1: Product: syz
[  219.324930][   T24] usb 4-1: Manufacturer: syz
[  219.329523][   T24] usb 4-1: SerialNumber: syz
[  219.339573][   T24] usb 4-1: config 0 descriptor??
[  219.346936][   T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  219.388047][ T8300] bridge_slave_0: left allmulticast mode
[  219.393756][ T8300] bridge_slave_0: left promiscuous mode
[  219.399418][ T8300] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.408280][ T8300] bridge_slave_1: left allmulticast mode
[  219.415667][ T8300] bridge_slave_1: left promiscuous mode
[  219.422437][ T8300] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.434099][ T8300] bond0: (slave bond_slave_0): Releasing backup interface
[  219.447971][ T8300] bond0: (slave bond_slave_1): Releasing backup interface
[  219.457928][ T8300] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  219.465673][ T8300] batman_adv: batadv0: Removing interface: batadv_slave_0
[  219.474272][ T8300] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  219.482280][ T8300] batman_adv: batadv0: Removing interface: batadv_slave_1
[  219.535044][ T8300] bridge0: port 1(vlan4) entered blocking state
[  219.542467][ T8300] bridge0: port 1(vlan4) entered disabled state
[  219.548874][ T8300] vlan4: entered allmulticast mode
[  219.549517][ T8286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  219.561797][ T8300] bond0: entered allmulticast mode
[  219.565550][ T8286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  219.569411][ T8300] vlan4: entered promiscuous mode
[  219.578907][ T5897] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  219.581957][ T8300] bond0: entered promiscuous mode
[  219.593704][ T5897] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9
[  219.606903][ T5897] asix 2-1:0.0: probe with driver asix failed with error -71
[  219.621480][ T5897] usb 2-1: USB disconnect, device number 14
[  219.652970][   T24] usb 4-1: qt2_attach - failed to power on unit: -71
[  219.659762][   T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  219.676396][   T24] usb 4-1: USB disconnect, device number 18
[  219.689868][   T30] audit: type=1400 audit(1749600389.770:426): avc:  denied  { create } for  pid=8303 comm="syz.0.669" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  219.710619][    C1] vkms_vblank_simulate: vblank timer overrun
[  219.723914][ T8304] input: syz1 as /devices/virtual/input/input18
[  220.227319][ T5897] usb 5-1: USB disconnect, device number 26
[  220.423214][ T8315] snd_dummy snd_dummy.0: control 6:65280:0:syz0:-3 is already present
[  220.820658][ T8314] syz.3.673 (8314) used greatest stack depth: 20968 bytes left
[  221.054021][   T30] audit: type=1400 audit(1749600391.140:427): avc:  denied  { getopt } for  pid=8326 comm="syz.3.676" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  221.054305][ T8330] netlink: 16 bytes leftover after parsing attributes in process `syz.3.676'.
[  221.073350][    C1] vkms_vblank_simulate: vblank timer overrun
[  221.405906][   T30] audit: type=1400 audit(1749600391.490:428): avc:  denied  { write } for  pid=8333 comm="syz.4.678" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  221.424760][    C1] vkms_vblank_simulate: vblank timer overrun
[  222.830188][ T5897] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  222.955214][ T8365] FAULT_INJECTION: forcing a failure.
[  222.955214][ T8365] name failslab, interval 1, probability 0, space 0, times 0
[  223.108691][ T5897] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  223.137937][ T8365] CPU: 0 UID: 0 PID: 8365 Comm: syz.1.685 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  223.137965][ T8365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  223.137977][ T8365] Call Trace:
[  223.137984][ T8365]  <TASK>
[  223.137991][ T8365]  dump_stack_lvl+0x16c/0x1f0
[  223.138022][ T8365]  should_fail_ex+0x512/0x640
[  223.138046][ T8365]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  223.138073][ T8365]  should_failslab+0xc2/0x120
[  223.138099][ T8365]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  223.138122][ T8365]  ? __alloc_skb+0x2b2/0x380
[  223.138151][ T8365]  __alloc_skb+0x2b2/0x380
[  223.138192][ T8365]  ? __pfx___alloc_skb+0x10/0x10
[  223.138219][ T8365]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  223.138245][ T8365]  netlink_alloc_large_skb+0x69/0x130
[  223.138265][ T8365]  netlink_sendmsg+0x6a1/0xdd0
[  223.138289][ T8365]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.138318][ T8365]  ____sys_sendmsg+0xa98/0xc70
[  223.138339][ T8365]  ? copy_msghdr_from_user+0x10a/0x160
[  223.138365][ T8365]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.138397][ T8365]  ___sys_sendmsg+0x134/0x1d0
[  223.138424][ T8365]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.138448][ T8365]  ? __lock_acquire+0x622/0x1c90
[  223.138505][ T8365]  __sys_sendmsg+0x16d/0x220
[  223.138532][ T8365]  ? __pfx___sys_sendmsg+0x10/0x10
[  223.138574][ T8365]  do_syscall_64+0xcd/0x4c0
[  223.138602][ T8365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.138620][ T8365] RIP: 0033:0x7f0d70d8e929
[  223.138635][ T8365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.138652][ T8365] RSP: 002b:00007f0d71be9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.138670][ T8365] RAX: ffffffffffffffda RBX: 00007f0d70fb6160 RCX: 00007f0d70d8e929
[  223.138682][ T8365] RDX: 0000000020004804 RSI: 0000200000006040 RDI: 0000000000000004
[  223.138693][ T8365] RBP: 00007f0d71be9090 R08: 0000000000000000 R09: 0000000000000000
[  223.138704][ T8365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.138714][ T8365] R13: 0000000000000001 R14: 00007f0d70fb6160 R15: 00007ffcdd76fbe8
[  223.138739][ T8365]  </TASK>
[  223.361289][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  223.371574][ T5897] usb 3-1: config 0 descriptor??
[  223.477935][ T8373] netlink: 48 bytes leftover after parsing attributes in process `syz.3.688'.
[  224.532254][ T8349] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  224.551603][ T8349] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  225.609787][ T5897] pegasus 3-1:0.0: can't reset MAC
[  225.652193][ T5897] pegasus 3-1:0.0: probe with driver pegasus failed with error -5
[  225.716560][ T5897] usb 3-1: USB disconnect, device number 18
[  225.868863][ T8404] netlink: 'syz.1.697': attribute type 39 has an invalid length.
[  226.002250][ T8410] netlink: 8 bytes leftover after parsing attributes in process `syz.3.699'.
[  227.100758][ T8420] netlink: 'syz.2.701': attribute type 5 has an invalid length.
[  227.222832][ T8420] netlink: 'syz.2.701': attribute type 7 has an invalid length.
[  227.546061][ T8420] : entered promiscuous mode
[  228.079546][ T8429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.705'.
[  228.987903][   T30] audit: type=1400 audit(1749600399.070:429): avc:  denied  { mounton } for  pid=8448 comm="syz.0.711" path="/bus" dev="ramfs" ino=18477 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  228.989715][ T8449] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  229.018317][ T8449] overlayfs: failed to set xattr on upper
[  229.024269][ T8449] overlayfs: ...falling back to redirect_dir=nofollow.
[  229.032932][ T8450] netlink: 8 bytes leftover after parsing attributes in process `syz.2.709'.
[  229.100203][ T8449] overlayfs: ...falling back to index=off.
[  229.106035][ T8449] overlayfs: ...falling back to uuid=null.
[  229.148557][ T8454] netlink: 'syz.3.710': attribute type 39 has an invalid length.
[  230.418373][ T8470] netlink: 4 bytes leftover after parsing attributes in process `syz.3.718'.
[  232.112648][ T8490] FAULT_INJECTION: forcing a failure.
[  232.112648][ T8490] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  232.130158][ T8490] CPU: 1 UID: 0 PID: 8490 Comm: syz.3.725 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  232.130185][ T8490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  232.130195][ T8490] Call Trace:
[  232.130201][ T8490]  <TASK>
[  232.130207][ T8490]  dump_stack_lvl+0x16c/0x1f0
[  232.130236][ T8490]  should_fail_ex+0x512/0x640
[  232.130259][ T8490]  _copy_from_iter+0x29f/0x16f0
[  232.130280][ T8490]  ? __pfx__copy_from_iter+0x10/0x10
[  232.130295][ T8490]  ? _copy_from_iter+0x15d/0x16f0
[  232.130316][ T8490]  skb_copy_datagram_from_iter+0x124/0x740
[  232.130332][ T8490]  ? packet_cached_dev_get+0x14b/0x320
[  232.130351][ T8490]  packet_sendmsg+0x21eb/0x5880
[  232.130366][ T8490]  ? avc_has_perm+0xda/0x1c0
[  232.130384][ T8490]  ? sock_has_perm+0x259/0x2f0
[  232.130396][ T8490]  ? __pfx_sock_has_perm+0x10/0x10
[  232.130410][ T8490]  ? __pfx_packet_sendmsg+0x10/0x10
[  232.130433][ T8490]  __sys_sendto+0x4a3/0x520
[  232.130449][ T8490]  ? __pfx___sys_sendto+0x10/0x10
[  232.130475][ T8490]  ? ksys_write+0x1ac/0x250
[  232.130489][ T8490]  ? __pfx_ksys_write+0x10/0x10
[  232.130504][ T8490]  __x64_sys_sendto+0xe0/0x1c0
[  232.130518][ T8490]  ? do_syscall_64+0x91/0x4c0
[  232.130535][ T8490]  ? lockdep_hardirqs_on+0x7c/0x110
[  232.130551][ T8490]  do_syscall_64+0xcd/0x4c0
[  232.130568][ T8490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  232.130580][ T8490] RIP: 0033:0x7fac4298e929
[  232.130589][ T8490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  232.130600][ T8490] RSP: 002b:00007fac4389e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  232.130611][ T8490] RAX: ffffffffffffffda RBX: 00007fac42bb5fa0 RCX: 00007fac4298e929
[  232.130618][ T8490] RDX: 0000000000000046 RSI: 0000200000000280 RDI: 0000000000000006
[  232.130624][ T8490] RBP: 00007fac4389e090 R08: 0000000000000000 R09: 0000000000000000
[  232.130630][ T8490] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  232.130636][ T8490] R13: 0000000000000000 R14: 00007fac42bb5fa0 R15: 00007fff7c90d7d8
[  232.130650][ T8490]  </TASK>
[  232.346547][    C1] vkms_vblank_simulate: vblank timer overrun
[  232.357574][ T5877] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  232.590194][ T5877] usb 2-1: Using ep0 maxpacket: 16
[  232.611447][ T5877] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  232.622463][ T5877] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  232.686860][ T5877] usb 2-1: config 0 interface 0 has no altsetting 0
[  233.705548][ T5877] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  234.225810][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.258793][   T30] audit: type=1400 audit(1749600404.340:430): avc:  denied  { append } for  pid=8507 comm="syz.3.729" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  234.301785][ T8509] netlink: 8 bytes leftover after parsing attributes in process `syz.3.729'.
[  234.354269][ T5877] usb 2-1: config 0 descriptor??
[  234.367500][ T8509] openvswitch: netlink: Unknown nsh attribute 0
[  234.390282][ T8509] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  234.854937][   T30] audit: type=1400 audit(1749600404.940:431): avc:  denied  { create } for  pid=8519 comm="syz.0.731" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  234.935739][   T30] audit: type=1400 audit(1749600405.020:432): avc:  denied  { write } for  pid=8519 comm="syz.0.731" path="socket:[18662]" dev="sockfs" ino=18662 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  234.989492][ T8488] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  235.006367][ T8488] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  235.081244][ T8539] netlink: 'syz.3.738': attribute type 39 has an invalid length.
[  235.141944][ T5877] usb 2-1: USB disconnect, device number 15
[  235.171248][ T8533] netlink: 20 bytes leftover after parsing attributes in process `syz.0.731'.
[  236.820386][   T30] audit: type=1400 audit(1749600406.900:433): avc:  denied  { bind } for  pid=8558 comm="syz.2.743" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  238.300290][   T30] audit: type=1400 audit(1749600408.310:434): avc:  denied  { watch watch_reads } for  pid=8569 comm="syz.0.746" path=2F6D656D66643A2D42D54E49C56A9A707070F00884A26D202864656C6574656429 dev="tmpfs" ino=80 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  239.172217][ T8592] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  239.414172][ T8599] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1548 sclass=netlink_route_socket pid=8599 comm=syz.3.756
[  240.200376][ T5854] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  241.584791][ T8601] pimreg: entered allmulticast mode
[  241.745990][ T5854] usb 4-1: config 0 has an invalid interface number: 164 but max is 0
[  241.754193][ T5854] usb 4-1: config 0 has no interface number 0
[  241.762320][ T5854] usb 4-1: config 0 interface 164 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  241.803950][ T5854] usb 4-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=11.ad
[  241.825131][ T5854] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  241.872388][ T5854] usb 4-1: Product: syz
[  241.880311][ T5854] usb 4-1: Manufacturer: syz
[  241.913616][ T5854] usb 4-1: SerialNumber: syz
[  242.006068][ T5854] usb 4-1: config 0 descriptor??
[  242.770907][ T5854] cxacru 4-1:0.164: cxacru_bind: interface has incorrect endpoints
[  242.778942][ T5854] cxacru 4-1:0.164: usbatm_usb_probe: bind failed: -19!
[  242.923897][ T5854] usb 4-1: USB disconnect, device number 19
[  243.909277][ T8632] netlink: 14 bytes leftover after parsing attributes in process `syz.2.762'.
[  244.159354][  T973] Process accounting resumed
[  244.287810][   T30] audit: type=1400 audit(1749600414.370:435): avc:  denied  { ioctl } for  pid=8640 comm="syz.3.767" path="/dev/usbmon7" dev="devtmpfs" ino=738 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  244.400204][ T5854] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  244.562987][ T8644] vlan4: entered promiscuous mode
[  244.568153][ T8644] bridge0: entered promiscuous mode
[  244.570166][ T5854] usb 5-1: Using ep0 maxpacket: 16
[  244.597151][ T5854] usb 5-1: unable to get BOS descriptor or descriptor too short
[  244.610861][ T5854] usb 5-1: unable to read config index 0 descriptor/start: -71
[  244.618448][ T5854] usb 5-1: can't read configurations, error -71
[  245.250818][  T973] usb 3-1: new full-speed USB device number 19 using dummy_hcd
[  245.401386][  T973] usb 3-1: device descriptor read/64, error -71
[  245.475822][   T30] audit: type=1400 audit(1749600415.560:436): avc:  denied  { write } for  pid=8659 comm="syz.4.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  245.523005][   T30] audit: type=1400 audit(1749600415.580:437): avc:  denied  { setopt } for  pid=8659 comm="syz.4.774" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  245.650319][  T973] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  246.173522][ T5854] usb 5-1: new low-speed USB device number 28 using dummy_hcd
[  246.280603][  T973] usb 3-1: device descriptor read/64, error -71
[  246.341741][ T5854] usb 5-1: No LPM exit latency info found, disabling LPM.
[  246.516498][ T5854] usb 5-1: config 9 has an invalid interface number: 233 but max is 3
[  246.527417][ T5854] usb 5-1: config 9 has an invalid interface number: 250 but max is 3
[  246.535709][ T5854] usb 5-1: config 9 has an invalid interface number: 22 but max is 3
[  246.546547][ T5854] usb 5-1: config 9 contains an unexpected descriptor of type 0x2, skipping
[  246.555332][ T5854] usb 5-1: config 9 has an invalid interface number: 191 but max is 3
[  246.566204][ T5854] usb 5-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config
[  246.578375][ T5854] usb 5-1: config 9 has no interface number 0
[  246.587123][ T5854] usb 5-1: config 9 has no interface number 1
[  246.593569][ T5854] usb 5-1: config 9 has no interface number 2
[  246.599670][ T5854] usb 5-1: config 9 has no interface number 3
[  246.608534][ T5854] usb 5-1: config 9 interface 233 altsetting 15 endpoint 0xA has invalid maxpacket 32, setting to 8
[  246.638078][ T5897] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  246.665936][ T5854] usb 5-1: config 9 interface 233 altsetting 15 endpoint 0xE has invalid maxpacket 1951, setting to 8
[  246.678434][ T5854] usb 5-1: config 9 interface 233 altsetting 15 has an invalid descriptor for endpoint zero, skipping
[  246.690907][ T5854] usb 5-1: config 9 interface 233 altsetting 15 endpoint 0x9 has invalid maxpacket 1023, setting to 8
[  246.702173][ T5854] usb 5-1: config 9 interface 233 altsetting 15 endpoint 0x1 has invalid maxpacket 1023, setting to 8
[  246.713374][ T8677] netlink: 52 bytes leftover after parsing attributes in process `syz.3.779'.
[  246.722797][ T5854] usb 5-1: config 9 interface 233 altsetting 15 endpoint 0x5 has invalid maxpacket 64, setting to 8
[  246.747822][  T973] usb usb3-port1: attempt power cycle
[  246.764459][ T5854] usb 5-1: config 9 interface 250 altsetting 127 has a duplicate endpoint with address 0x5, skipping
[  246.775651][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0x7 has invalid maxpacket 64, setting to 8
[  246.789594][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0x2 has invalid maxpacket 16, setting to 8
[  246.800585][ T5897] usb 2-1: Using ep0 maxpacket: 16
[  246.805878][   T30] audit: type=1400 audit(1749600416.870:438): avc:  denied  { ioctl } for  pid=8680 comm="syz.0.780" path="socket:[18391]" dev="sockfs" ino=18391 ioctlcmd=0x64a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  246.835084][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0xF has invalid wMaxPacketSize 0
[  246.845491][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0x1, skipping
[  246.910025][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0xE, skipping
[  246.921892][   T30] audit: type=1400 audit(1749600417.010:439): avc:  denied  { map } for  pid=8682 comm="syz.0.782" path="socket:[18405]" dev="sockfs" ino=18405 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  246.924416][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0xE, skipping
[  246.960024][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0x9, skipping
[  246.973983][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0x8 has invalid maxpacket 32, setting to 8
[  247.014389][ T8684] affs: No valid root block on device nullb0
[  247.061872][ T5897] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  247.182061][ T5897] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  247.200273][ T5897] usb 2-1: Product: syz
[  247.207104][ T5897] usb 2-1: Manufacturer: syz
[  247.213951][ T5897] usb 2-1: SerialNumber: syz
[  247.214135][   T30] audit: type=1400 audit(1749600417.300:440): avc:  denied  { module_request } for  pid=8678 comm="syz.3.781" kmod=6E65746465762D567B09224E6403651F730ABBB11C37 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  247.224010][ T5897] usb 2-1: config 0 descriptor??
[  247.242741][    C1] vkms_vblank_simulate: vblank timer overrun
[  247.243120][  T973] usb 3-1: new full-speed USB device number 21 using dummy_hcd
[  247.247858][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0xC has invalid maxpacket 1024, setting to 8
[  247.279613][ T5854] usb 5-1: config 9 interface 22 altsetting 203 endpoint 0x4 has invalid maxpacket 1023, setting to 8
[  247.296103][  T973] usb 3-1: device descriptor read/8, error -71
[  247.334611][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0xB, skipping
[  247.345619][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0x5, skipping
[  247.356833][ T5854] usb 5-1: config 9 interface 22 altsetting 203 has a duplicate endpoint with address 0xA, skipping
[  247.367863][ T5854] usb 5-1: config 9 interface 191 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  247.381110][ T5854] usb 5-1: config 9 interface 233 has no altsetting 0
[  247.387880][ T5854] usb 5-1: config 9 interface 250 has no altsetting 0
[  247.395206][ T5854] usb 5-1: config 9 interface 22 has no altsetting 0
[  247.402460][ T5854] usb 5-1: config 9 interface 191 has no altsetting 0
[  247.412672][ T5854] usb 5-1: New USB device found, idVendor=1199, idProduct=9005, bcdDevice=1f.94
[  247.422021][ T5854] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  247.430391][ T5854] usb 5-1: Product: 䴦ﺊ負祿垣细⠎醘�軚⎈湵늚꒒崆뢆ޣ鹑䭇㧗얒ᔿ⻛庾艊���⻄�䜕�䜀襲㋱ཇ�焆뤷튥漨냛㼧�頻�૭膥ᛙ麔况ᙵ⧾
[  247.449431][ T5854] usb 5-1: Manufacturer: �
[  247.454296][ T5854] usb 5-1: SerialNumber: ä°Š
[  247.541391][  T973] usb 3-1: new full-speed USB device number 22 using dummy_hcd
[  247.572050][  T973] usb 3-1: device descriptor read/8, error -71
[  247.720439][ T5854] usb 5-1: selecting invalid altsetting 0
[  247.726191][ T5854] usb 5-1: Could not set interface, error -22
[  247.734124][  T973] usb usb3-port1: unable to enumerate USB device
[  247.740526][   T30] audit: type=1400 audit(1749600417.790:441): avc:  denied  { ioctl } for  pid=8659 comm="syz.4.774" path="socket:[18916]" dev="sockfs" ino=18916 ioctlcmd=0x891a scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  248.284145][ T5854] usb 5-1: selecting invalid altsetting 0
[  248.306465][ T5854] usb 5-1: Could not set interface, error -22
[  248.328478][ T5854] usb 5-1: USB disconnect, device number 28
[  248.590773][ T8716] block device autoloading is deprecated and will be removed.
[  248.618398][ T8720] netlink: 'syz.0.787': attribute type 9 has an invalid length.
[  248.768151][ T8720] netlink: 212260 bytes leftover after parsing attributes in process `syz.0.787'.
[  248.822587][   T30] audit: type=1400 audit(1749600418.800:442): avc:  denied  { getopt } for  pid=8715 comm="syz.2.789" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  249.207702][ T8734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.791'.
[  249.373577][ T5854] usb 2-1: USB disconnect, device number 16
[  249.377166][ T8738] FAULT_INJECTION: forcing a failure.
[  249.377166][ T8738] name failslab, interval 1, probability 0, space 0, times 0
[  249.426021][ T5897] usb 4-1: new full-speed USB device number 20 using dummy_hcd
[  249.426926][ T8738] CPU: 1 UID: 0 PID: 8738 Comm: syz.2.793 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  249.426947][ T8738] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.426960][ T8738] Call Trace:
[  249.426965][ T8738]  <TASK>
[  249.426971][ T8738]  dump_stack_lvl+0x16c/0x1f0
[  249.426999][ T8738]  should_fail_ex+0x512/0x640
[  249.427020][ T8738]  ? __kmalloc_noprof+0xbf/0x510
[  249.427041][ T8738]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  249.427063][ T8738]  should_failslab+0xc2/0x120
[  249.427085][ T8738]  __kmalloc_noprof+0xd2/0x510
[  249.427110][ T8738]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  249.427131][ T8738]  ? cred_has_capability.isra.0+0x193/0x2f0
[  249.427155][ T8738]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  249.427176][ T8738]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  249.427204][ T8738]  ? bpf_lsm_capable+0x9/0x10
[  249.427220][ T8738]  ? security_capable+0x7e/0x260
[  249.427243][ T8738]  genl_rcv_msg+0x55c/0x800
[  249.427265][ T8738]  ? __pfx_genl_rcv_msg+0x10/0x10
[  249.427284][ T8738]  ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10
[  249.427304][ T8738]  ? __pfx_devlink_nl_reload_doit+0x10/0x10
[  249.427326][ T8738]  ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10
[  249.427351][ T8738]  ? __lock_acquire+0x622/0x1c90
[  249.427376][ T8738]  netlink_rcv_skb+0x155/0x420
[  249.427393][ T8738]  ? __pfx_genl_rcv_msg+0x10/0x10
[  249.427413][ T8738]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  249.427439][ T8738]  ? netlink_deliver_tap+0x1ae/0xd30
[  249.427453][ T8738]  ? is_vmalloc_addr+0x86/0xa0
[  249.427475][ T8738]  genl_rcv+0x28/0x40
[  249.427491][ T8738]  netlink_unicast+0x53d/0x7f0
[  249.427511][ T8738]  ? __pfx_netlink_unicast+0x10/0x10
[  249.427534][ T8738]  netlink_sendmsg+0x8d1/0xdd0
[  249.427555][ T8738]  ? __pfx_netlink_sendmsg+0x10/0x10
[  249.427580][ T8738]  ____sys_sendmsg+0xa98/0xc70
[  249.427599][ T8738]  ? copy_msghdr_from_user+0x10a/0x160
[  249.427620][ T8738]  ? __pfx_____sys_sendmsg+0x10/0x10
[  249.427636][ T8738]  ? irqentry_exit+0x3b/0x90
[  249.427675][ T8738]  ___sys_sendmsg+0x134/0x1d0
[  249.427699][ T8738]  ? __pfx____sys_sendmsg+0x10/0x10
[  249.427719][ T8738]  ? __lock_acquire+0x622/0x1c90
[  249.427770][ T8738]  __sys_sendmsg+0x16d/0x220
[  249.427792][ T8738]  ? __pfx___sys_sendmsg+0x10/0x10
[  249.427814][ T8738]  ? __pfx_bpf_trace_run2+0x10/0x10
[  249.427836][ T8738]  ? syscall_trace_enter+0x1cb/0x260
[  249.427855][ T8738]  ? rcu_is_watching+0x12/0xc0
[  249.427876][ T8738]  do_syscall_64+0xcd/0x4c0
[  249.427901][ T8738]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.427917][ T8738] RIP: 0033:0x7f1e65b8e929
[  249.427929][ T8738] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  249.427943][ T8738] RSP: 002b:00007f1e66ab5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  249.427959][ T8738] RAX: ffffffffffffffda RBX: 00007f1e65db5fa0 RCX: 00007f1e65b8e929
[  249.427969][ T8738] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  249.427978][ T8738] RBP: 00007f1e66ab5090 R08: 0000000000000000 R09: 0000000000000000
[  249.427988][ T8738] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  249.427997][ T8738] R13: 0000000000000000 R14: 00007f1e65db5fa0 R15: 00007ffd198af718
[  249.428018][ T8738]  </TASK>
[  250.001760][ T5897] usb 4-1: not running at top speed; connect to a high speed hub
[  250.013973][ T5897] usb 4-1: config index 0 descriptor too short (expected 7558, got 134)
[  250.034834][ T5897] usb 4-1: config 161 has too many interfaces: 214, using maximum allowed: 32
[  250.089226][ T5897] usb 4-1: config 161 has an invalid descriptor of length 0, skipping remainder of the config
[  250.126634][ T5897] usb 4-1: config 161 has 1 interface, different from the descriptor's value: 214
[  250.157960][ T5897] usb 4-1: too many endpoints for config 161 interface 0 altsetting 0: 128, using maximum allowed: 30
[  250.195977][ T5897] usb 4-1: config 161 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  250.430314][ T5897] usb 4-1: config 161 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 128
[  250.504711][ T5897] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  250.528949][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.548478][ T5897] usb 4-1: Product: syz
[  250.558550][ T5897] usb 4-1: Manufacturer: syz
[  250.567787][ T5897] usb 4-1: SerialNumber: syz
[  250.804102][ T8718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  250.812750][ T8718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  250.867972][ T5897] usb 4-1: 0:2 : does not exist
[  250.921171][ T5897] usb 4-1: USB disconnect, device number 20
[  250.967630][ T8761] snd_dummy snd_dummy.0: control 6:65280:0:syz0:-3 is already present
[  251.038375][   T30] audit: type=1400 audit(1749600421.120:443): avc:  denied  { getopt } for  pid=8762 comm="syz.4.801" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  251.066925][ T8763] loop6: detected capacity change from 0 to 524287999
[  251.088428][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.088879][   T30] audit: type=1400 audit(1749600421.150:444): avc:  denied  { append } for  pid=8762 comm="syz.4.801" name="loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  251.096445][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.096533][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.139273][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.148167][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.158393][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.179746][ T8767] openvswitch: netlink: Message has 16 unknown bytes.
[  251.179756][ T8768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.803'.
[  251.232947][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.244199][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.252170][ T8763] ldm_validate_partition_table(): Disk read failed.
[  251.258967][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.269174][ T8763] Buffer I/O error on dev loop6, logical block 0, async page read
[  251.278128][ T8763] Dev loop6: unable to read RDB block 0
[  251.287825][ T8763]  loop6: unable to read partition table
[  251.294802][ T8763] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  251.428339][ T8764] ldm_validate_partition_table(): Disk read failed.
[  251.435514][ T8764] Dev loop6: unable to read RDB block 0
[  251.446630][ T8764]  loop6: unable to read partition table
[  251.456472][ T8764] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  252.139475][   T30] audit: type=1400 audit(1749600422.220:445): avc:  denied  { connect } for  pid=8781 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  252.166831][   T30] audit: type=1400 audit(1749600422.250:446): avc:  denied  { read } for  pid=8781 comm="syz.4.808" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  254.117366][   T30] audit: type=1400 audit(1749600424.200:447): avc:  denied  { getattr } for  pid=8804 comm="syz.1.816" name="/" dev="dmabuf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  254.160263][ T5897] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  254.334250][ T5897] usb 4-1: Using ep0 maxpacket: 8
[  254.353813][ T5897] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  254.383161][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.412346][ T5897] usb 4-1: Product: syz
[  254.417600][ T5897] usb 4-1: Manufacturer: syz
[  254.422770][ T5897] usb 4-1: SerialNumber: syz
[  254.429930][ T5897] usb 4-1: config 0 descriptor??
[  254.654847][ T5897] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  255.220865][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.227780][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  257.037097][   T30] audit: type=1400 audit(1749600427.120:448): avc:  denied  { read } for  pid=8839 comm="syz.4.824" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  257.174925][ T5897] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  257.211866][ T5897] usb 4-1: USB disconnect, device number 21
[  257.265865][   T30] audit: type=1400 audit(1749600427.150:449): avc:  denied  { write } for  pid=8839 comm="syz.4.824" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  257.629020][   T30] audit: type=1400 audit(1749600427.270:450): avc:  denied  { open } for  pid=8839 comm="syz.4.824" path="/dev/ttyqd" dev="devtmpfs" ino=388 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  257.667291][   T30] audit: type=1400 audit(1749600427.390:451): avc:  denied  { create } for  pid=8845 comm="syz.0.825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  257.924496][ T8857] FAULT_INJECTION: forcing a failure.
[  257.924496][ T8857] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  257.937712][ T8857] CPU: 1 UID: 0 PID: 8857 Comm: syz.0.826 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  257.937736][ T8857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  257.937746][ T8857] Call Trace:
[  257.937752][ T8857]  <TASK>
[  257.937759][ T8857]  dump_stack_lvl+0x16c/0x1f0
[  257.937791][ T8857]  should_fail_ex+0x512/0x640
[  257.937819][ T8857]  _copy_to_user+0x32/0xd0
[  257.937847][ T8857]  simple_read_from_buffer+0xcb/0x170
[  257.937872][ T8857]  proc_fail_nth_read+0x197/0x270
[  257.937895][ T8857]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.937920][ T8857]  ? rw_verify_area+0xcf/0x680
[  257.937939][ T8857]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  257.937960][ T8857]  vfs_read+0x1e1/0xc60
[  257.937985][ T8857]  ? __pfx___mutex_lock+0x10/0x10
[  257.938011][ T8857]  ? __pfx_vfs_read+0x10/0x10
[  257.938039][ T8857]  ? __fget_files+0x20e/0x3c0
[  257.938061][ T8857]  ? rcu_is_watching+0x10/0xc0
[  257.938091][ T8857]  ksys_read+0x12a/0x250
[  257.938111][ T8857]  ? __pfx_ksys_read+0x10/0x10
[  257.938140][ T8857]  do_syscall_64+0xcd/0x4c0
[  257.938169][ T8857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  257.938186][ T8857] RIP: 0033:0x7fc24df8d33c
[  257.938200][ T8857] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  257.938217][ T8857] RSP: 002b:00007fc24bdf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  257.938234][ T8857] RAX: ffffffffffffffda RBX: 00007fc24e1b6160 RCX: 00007fc24df8d33c
[  257.938245][ T8857] RDX: 000000000000000f RSI: 00007fc24bdf60a0 RDI: 0000000000000009
[  257.938256][ T8857] RBP: 00007fc24bdf6090 R08: 0000000000000000 R09: 0000000000000000
[  257.938266][ T8857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  257.938276][ T8857] R13: 0000000000000000 R14: 00007fc24e1b6160 R15: 00007fff550f4938
[  257.938301][ T8857]  </TASK>
[  258.125561][    C1] vkms_vblank_simulate: vblank timer overrun
[  258.999082][ T8866] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  259.904237][ T8892] netlink: 'syz.0.837': attribute type 39 has an invalid length.
[  261.574169][ T5863] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  261.670261][ T8916] FAULT_INJECTION: forcing a failure.
[  261.670261][ T8916] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  261.943626][ T5863] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  261.969450][ T5863] usb 1-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00
[  261.996931][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.021615][ T5863] usb 1-1: config 0 descriptor??
[  262.023779][ T8916] CPU: 1 UID: 0 PID: 8916 Comm: syz.1.846 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  262.023802][ T8916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  262.023811][ T8916] Call Trace:
[  262.023817][ T8916]  <TASK>
[  262.023823][ T8916]  dump_stack_lvl+0x16c/0x1f0
[  262.023851][ T8916]  should_fail_ex+0x512/0x640
[  262.023877][ T8916]  _copy_to_user+0x32/0xd0
[  262.023900][ T8916]  simple_read_from_buffer+0xcb/0x170
[  262.023923][ T8916]  proc_fail_nth_read+0x197/0x270
[  262.023943][ T8916]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  262.023964][ T8916]  ? rw_verify_area+0xcf/0x680
[  262.023981][ T8916]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  262.024000][ T8916]  vfs_read+0x1e1/0xc60
[  262.024022][ T8916]  ? __pfx___mutex_lock+0x10/0x10
[  262.024045][ T8916]  ? __pfx_vfs_read+0x10/0x10
[  262.024069][ T8916]  ? __fget_files+0x20e/0x3c0
[  262.024096][ T8916]  ksys_read+0x12a/0x250
[  262.024114][ T8916]  ? __pfx_ksys_read+0x10/0x10
[  262.024139][ T8916]  do_syscall_64+0xcd/0x4c0
[  262.024164][ T8916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.024180][ T8916] RIP: 0033:0x7f0d70d8d33c
[  262.024193][ T8916] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  262.024208][ T8916] RSP: 002b:00007f0d71c2b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  262.024224][ T8916] RAX: ffffffffffffffda RBX: 00007f0d70fb5fa0 RCX: 00007f0d70d8d33c
[  262.024234][ T8916] RDX: 000000000000000f RSI: 00007f0d71c2b0a0 RDI: 0000000000000009
[  262.024243][ T8916] RBP: 00007f0d71c2b090 R08: 0000000000000000 R09: 0000000000000000
[  262.024252][ T8916] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001
[  262.024261][ T8916] R13: 0000000000000000 R14: 00007f0d70fb5fa0 R15: 00007ffcdd76fbe8
[  262.024282][ T8916]  </TASK>
[  262.437665][ T5863] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  262.561595][ T8923] tipc: Started in network mode
[  262.566728][ T8923] tipc: Node identity ac1414aa, cluster identity 4711
[  262.577800][ T8923] tipc: Enabled bearer <udp:syz2>, priority 10
[  263.320261][ T5863] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  263.517459][ T8934] netlink: 56 bytes leftover after parsing attributes in process `syz.1.850'.
[  263.604951][ T8935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.843'.
[  263.969400][  T973] tipc: Node number set to 2886997162
[  264.012810][ T8935] block device autoloading is deprecated and will be removed.
[  264.034531][   T30] audit: type=1400 audit(1749600433.790:452): avc:  denied  { mount } for  pid=8906 comm="syz.0.843" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  264.221185][ T5863] usb 5-1: Using ep0 maxpacket: 8
[  264.228384][ T5863] usb 5-1: config 1 interface 0 altsetting 102 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  264.259198][ T5863] usb 5-1: config 1 interface 0 has no altsetting 0
[  264.268093][ T5863] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  264.293269][ T5863] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.301879][ T5863] usb 5-1: Product: syz
[  264.306014][ T5863] usb 5-1: Manufacturer: syz
[  264.311506][ T5863] usb 5-1: SerialNumber: syz
[  264.318511][ T8926] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  264.447614][ T8944] netlink: 148 bytes leftover after parsing attributes in process `syz.1.851'.
[  264.505972][ T8944] netlink: 56 bytes leftover after parsing attributes in process `syz.1.851'.
[  264.519464][ T8944] netlink: 40 bytes leftover after parsing attributes in process `syz.1.851'.
[  264.657121][   T30] audit: type=1400 audit(1749600434.740:453): avc:  denied  { create } for  pid=8948 comm="syz.2.854" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  264.678031][   T30] audit: type=1400 audit(1749600434.750:454): avc:  denied  { ioctl } for  pid=8948 comm="syz.2.854" path="socket:[19908]" dev="sockfs" ino=19908 ioctlcmd=0x890c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  265.082183][   T30] audit: type=1400 audit(1749600435.160:455): avc:  denied  { write } for  pid=8925 comm="syz.4.848" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  265.490628][ T8955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  265.592598][ T8955] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  265.810213][  T973] usb 1-1: USB disconnect, device number 14
[  265.872021][   T30] audit: type=1400 audit(1749600435.950:456): avc:  denied  { ioctl } for  pid=8956 comm="syz.2.857" path="socket:[20490]" dev="sockfs" ino=20490 ioctlcmd=0x89ed scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  265.898009][ T8962] FAULT_INJECTION: forcing a failure.
[  265.898009][ T8962] name failslab, interval 1, probability 0, space 0, times 0
[  265.930327][ T8962] CPU: 0 UID: 0 PID: 8962 Comm: syz.1.856 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  265.930355][ T8962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  265.930364][ T8962] Call Trace:
[  265.930369][ T8962]  <TASK>
[  265.930376][ T8962]  dump_stack_lvl+0x16c/0x1f0
[  265.930403][ T8962]  should_fail_ex+0x512/0x640
[  265.930418][ T8962]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  265.930435][ T8962]  should_failslab+0xc2/0x120
[  265.930451][ T8962]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  265.930465][ T8962]  ? __alloc_skb+0x2b2/0x380
[  265.930483][ T8962]  __alloc_skb+0x2b2/0x380
[  265.930498][ T8962]  ? __pfx___alloc_skb+0x10/0x10
[  265.930512][ T8962]  ? __pfx_tc_new_tfilter+0x10/0x10
[  265.930530][ T8962]  netlink_ack+0x15d/0xb80
[  265.930547][ T8962]  netlink_rcv_skb+0x332/0x420
[  265.930559][ T8962]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  265.930581][ T8962]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  265.930598][ T8962]  ? netlink_deliver_tap+0x1ae/0xd30
[  265.930612][ T8962]  netlink_unicast+0x53d/0x7f0
[  265.930625][ T8962]  ? __pfx_netlink_unicast+0x10/0x10
[  265.930643][ T8962]  netlink_sendmsg+0x8d1/0xdd0
[  265.930658][ T8962]  ? __pfx_netlink_sendmsg+0x10/0x10
[  265.930675][ T8962]  ____sys_sendmsg+0xa98/0xc70
[  265.930688][ T8962]  ? copy_msghdr_from_user+0x10a/0x160
[  265.930704][ T8962]  ? __pfx_____sys_sendmsg+0x10/0x10
[  265.930723][ T8962]  ___sys_sendmsg+0x134/0x1d0
[  265.930740][ T8962]  ? __pfx____sys_sendmsg+0x10/0x10
[  265.930755][ T8962]  ? __lock_acquire+0x622/0x1c90
[  265.930790][ T8962]  __sys_sendmsg+0x16d/0x220
[  265.930806][ T8962]  ? __pfx___sys_sendmsg+0x10/0x10
[  265.930832][ T8962]  do_syscall_64+0xcd/0x4c0
[  265.930850][ T8962]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  265.930861][ T8962] RIP: 0033:0x7f0d70d8e929
[  265.930870][ T8962] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  265.930881][ T8962] RSP: 002b:00007f0d71c0a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  265.930892][ T8962] RAX: ffffffffffffffda RBX: 00007f0d70fb6080 RCX: 00007f0d70d8e929
[  265.930899][ T8962] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  265.930905][ T8962] RBP: 00007f0d71c0a090 R08: 0000000000000000 R09: 0000000000000000
[  265.930911][ T8962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  265.930918][ T8962] R13: 0000000000000001 R14: 00007f0d70fb6080 R15: 00007ffcdd76fbe8
[  265.930931][ T8962]  </TASK>
[  266.359699][   T30] audit: type=1400 audit(1749600436.440:457): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  266.427439][ T8973] netlink: 'syz.0.860': attribute type 39 has an invalid length.
[  266.957420][  T973] usb 5-1: USB disconnect, device number 30
[  269.314536][ T9017] netlink: 'syz.0.872': attribute type 39 has an invalid length.
[  269.350570][ T5863] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  269.570395][ T5863] usb 2-1: Using ep0 maxpacket: 16
[  269.579964][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  269.604751][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  269.619373][ T5863] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  269.620131][   T30] audit: type=1400 audit(1749600439.700:458): avc:  denied  { mount } for  pid=9026 comm="syz.0.877" name="/" dev="rpc_pipefs" ino=20025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  269.632362][ T5854] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  269.665606][ T5863] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  269.675343][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.694034][ T5863] usb 2-1: config 0 descriptor??
[  269.699429][ T9028] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  269.815909][   T30] audit: type=1400 audit(1749600439.890:459): avc:  denied  { unmount } for  pid=5823 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  269.837611][ T5854] usb 4-1: Using ep0 maxpacket: 8
[  269.865167][ T5854] usb 4-1: no configurations
[  269.961792][ T5821] Bluetooth: hci2: link tx timeout
[  269.967071][ T5821] Bluetooth: hci2: killing stalled connection 10:aa:aa:aa:aa:aa
[  269.971927][ T5854] usb 4-1: can't read configurations, error -22
[  270.202232][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  270.203250][ T9041] Unsupported ieee802154 address type: 0
[  270.235518][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  270.259043][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  270.510552][ T5854] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  270.610199][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  270.632467][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  270.653474][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  271.211640][ T5854] usb 4-1: Using ep0 maxpacket: 8
[  271.226844][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  271.243577][ T5854] usb 4-1: no configurations
[  271.258412][ T5854] usb 4-1: can't read configurations, error -22
[  271.268157][ T5863] microsoft 0003:045E:07DA.0006: unknown main item tag 0x0
[  271.285270][ T5854] usb usb4-port1: attempt power cycle
[  271.299711][ T5863] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0006/input/input19
[  271.355961][   T30] audit: type=1400 audit(1749600441.430:460): avc:  denied  { map } for  pid=9053 comm="syz.4.884" path="socket:[20088]" dev="sockfs" ino=20088 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  271.714367][ T5863] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  271.816470][ T5854] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  271.838532][   T30] audit: type=1400 audit(1749600441.430:461): avc:  denied  { setopt } for  pid=9053 comm="syz.4.884" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  271.863779][ T5854] usb 4-1: Using ep0 maxpacket: 8
[  271.870135][ T5854] usb 4-1: no configurations
[  271.874797][ T5854] usb 4-1: can't read configurations, error -22
[  272.318531][ T5142] Bluetooth: hci2: command 0x0405 tx timeout
[  272.433154][  T973] usb 2-1: USB disconnect, device number 17
[  273.913764][ T5863] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  274.283918][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  274.299314][ T5863] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  274.346398][ T5863] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  274.369172][ T5863] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  274.380981][ T5863] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.413706][ T5863] usb 2-1: Product: syz
[  274.436816][ T5863] usb 2-1: Manufacturer: syz
[  274.452427][ T5863] usb 2-1: SerialNumber: syz
[  274.466013][ T5863] usb 2-1: config 0 descriptor??
[  274.472219][ T9078] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  274.482218][ T9078] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  274.491147][ T5863] usb 2-1: ucan: probing device on interface #0
[  274.602189][ T9101] netlink: 20 bytes leftover after parsing attributes in process `syz.4.895'.
[  275.564039][ T5863] usb 2-1: ucan: failed to retrieve device info
[  275.570397][ T5863] usb 2-1: ucan: probe failed; try to update the device firmware
[  275.604247][ T5863] usb 2-1: USB disconnect, device number 18
[  276.826751][ T9127] netlink: 36 bytes leftover after parsing attributes in process `syz.0.903'.
[  276.984469][ T9130] netlink: 'syz.2.904': attribute type 10 has an invalid length.
[  278.141456][ T5863] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  278.357572][ T5863] usb 2-1: Using ep0 maxpacket: 8
[  278.418152][ T5863] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  278.451444][ T5863] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  278.481603][ T5863] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  278.499914][ T5863] usb 2-1: Product: syz
[  278.507343][ T5863] usb 2-1: Manufacturer: syz
[  278.520129][ T5863] usb 2-1: SerialNumber: syz
[  278.690256][ T5877] usb 4-1: new low-speed USB device number 26 using dummy_hcd
[  278.845063][ T5863] usb 2-1: palm_os_3_probe - error -110 getting connection information
[  278.928554][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  278.983211][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.018826][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  279.035663][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  279.047707][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  279.090299][ T5863] visor 2-1:1.0: probe with driver visor failed with error -110
[  279.100501][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  279.107927][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.130190][  T973] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  279.151203][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  279.170869][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  279.190504][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  279.226783][ T5877] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  279.383418][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  279.394822][ T5877] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  279.406554][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  279.417718][ T5877] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  279.439772][ T5877] usb 4-1: string descriptor 0 read error: -22
[  279.447276][ T5877] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  279.460126][  T973] usb 1-1: Using ep0 maxpacket: 8
[  279.470826][  T973] usb 1-1: config 0 contains an unexpected descriptor of type 0x1, skipping
[  279.500297][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.558198][  T973] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  279.863608][  T973] usb 1-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  280.080340][  T973] usb 1-1: New USB device strings: Mfr=8, Product=0, SerialNumber=0
[  280.088605][  T973] usb 1-1: Manufacturer: syz
[  280.098797][ T5877] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  280.107087][  T973] usb 1-1: config 0 descriptor??
[  280.371529][  T973] usb 2-1: USB disconnect, device number 19
[  280.683784][   T30] audit: type=1400 audit(1749600450.750:462): avc:  denied  { connect } for  pid=9178 comm="syz.2.916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  281.864824][ T5877] usb 1-1: USB disconnect, device number 15
[  282.111431][  T973] usb 4-1: USB disconnect, device number 26
[  282.118328][ T9205] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.924'.
[  282.190910][   T30] audit: type=1400 audit(1749600452.270:463): avc:  denied  { mounton } for  pid=9199 comm="syz.4.921" path="/proc/579/ns" dev="proc" ino=21081 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  282.277578][ T5863] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  283.080193][ T5863] usb 3-1: Using ep0 maxpacket: 16
[  283.101224][ T5863] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  283.116854][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  283.148480][ T5863] usb 3-1: Product: syz
[  283.160577][ T5863] usb 3-1: Manufacturer: syz
[  283.303840][ T5863] usb 3-1: SerialNumber: syz
[  283.323885][ T5863] usb 3-1: config 0 descriptor??
[  283.332324][ T9224] FAULT_INJECTION: forcing a failure.
[  283.332324][ T9224] name failslab, interval 1, probability 0, space 0, times 0
[  283.350429][ T9224] CPU: 0 UID: 0 PID: 9224 Comm: syz.0.928 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  283.350460][ T9224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  283.350471][ T9224] Call Trace:
[  283.350477][ T9224]  <TASK>
[  283.350484][ T9224]  dump_stack_lvl+0x16c/0x1f0
[  283.350514][ T9224]  should_fail_ex+0x512/0x640
[  283.350540][ T9224]  ? __kmalloc_noprof+0xbf/0x510
[  283.350562][ T9224]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  283.350586][ T9224]  should_failslab+0xc2/0x120
[  283.350610][ T9224]  __kmalloc_noprof+0xd2/0x510
[  283.350636][ T9224]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  283.350659][ T9224]  ? cred_has_capability.isra.0+0x193/0x2f0
[  283.350684][ T9224]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  283.350707][ T9224]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  283.350736][ T9224]  ? bpf_lsm_capable+0x9/0x10
[  283.350753][ T9224]  ? security_capable+0x7e/0x260
[  283.350777][ T9224]  genl_rcv_msg+0x55c/0x800
[  283.350800][ T9224]  ? __pfx_genl_rcv_msg+0x10/0x10
[  283.350820][ T9224]  ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10
[  283.350843][ T9224]  ? __pfx_devlink_nl_reload_doit+0x10/0x10
[  283.350867][ T9224]  ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10
[  283.350898][ T9224]  netlink_rcv_skb+0x155/0x420
[  283.350916][ T9224]  ? __pfx_genl_rcv_msg+0x10/0x10
[  283.350937][ T9224]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  283.350964][ T9224]  ? netlink_deliver_tap+0x1ae/0xd30
[  283.350986][ T9224]  genl_rcv+0x28/0x40
[  283.351004][ T9224]  netlink_unicast+0x53d/0x7f0
[  283.351026][ T9224]  ? __pfx_netlink_unicast+0x10/0x10
[  283.351052][ T9224]  netlink_sendmsg+0x8d1/0xdd0
[  283.351074][ T9224]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.351100][ T9224]  ____sys_sendmsg+0xa98/0xc70
[  283.351120][ T9224]  ? copy_msghdr_from_user+0x10a/0x160
[  283.351143][ T9224]  ? __pfx_____sys_sendmsg+0x10/0x10
[  283.351172][ T9224]  ___sys_sendmsg+0x134/0x1d0
[  283.351196][ T9224]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.351217][ T9224]  ? __lock_acquire+0x622/0x1c90
[  283.351272][ T9224]  __sys_sendmsg+0x16d/0x220
[  283.351295][ T9224]  ? __pfx___sys_sendmsg+0x10/0x10
[  283.351335][ T9224]  do_syscall_64+0xcd/0x4c0
[  283.351361][ T9224]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.351377][ T9224] RIP: 0033:0x7fc24df8e929
[  283.351391][ T9224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.351407][ T9224] RSP: 002b:00007fc24ed45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.351424][ T9224] RAX: ffffffffffffffda RBX: 00007fc24e1b5fa0 RCX: 00007fc24df8e929
[  283.351434][ T9224] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 0000000000000004
[  283.351444][ T9224] RBP: 00007fc24ed45090 R08: 0000000000000000 R09: 0000000000000000
[  283.351461][ T9224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  283.351470][ T9224] R13: 0000000000000000 R14: 00007fc24e1b5fa0 R15: 00007fff550f4938
[  283.351495][ T9224]  </TASK>
[  283.800237][   T30] audit: type=1400 audit(1749600453.450:464): avc:  denied  { ioctl } for  pid=9220 comm="syz.3.927" path="socket:[21109]" dev="sockfs" ino=21109 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  284.403216][ T9216] netlink: 8 bytes leftover after parsing attributes in process `syz.1.926'.
[  284.884396][ T9248] openvswitch: netlink: Key 22 has unexpected len 2 expected 4
[  285.048408][ T5863] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  285.067036][ T9253] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.936'.
[  285.756261][ T5854] usb 3-1: USB disconnect, device number 23
[  285.807293][ T5863] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  285.817867][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  285.859040][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  286.079897][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  286.139273][ T5863] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  286.156532][ T9266] overlayfs: missing 'lowerdir'
[  286.158589][ T5863] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  286.182007][ T5863] usb 4-1: Manufacturer: syz
[  286.520815][ T9272] input: syz0 as /devices/virtual/input/input20
[  286.527873][ T5863] usb 4-1: config 0 descriptor??
[  286.529530][ T9272] FAULT_INJECTION: forcing a failure.
[  286.529530][ T9272] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.529556][ T9272] CPU: 1 UID: 0 PID: 9272 Comm: syz.2.942 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  286.529578][ T9272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  286.529587][ T9272] Call Trace:
[  286.529593][ T9272]  <TASK>
[  286.529600][ T9272]  dump_stack_lvl+0x16c/0x1f0
[  286.529630][ T9272]  should_fail_ex+0x512/0x640
[  286.529658][ T9272]  _copy_from_user+0x2e/0xd0
[  286.529685][ T9272]  input_event_from_user+0x133/0x3b0
[  286.529709][ T9272]  ? __pfx_input_event_from_user+0x10/0x10
[  286.529732][ T9272]  ? __pfx___might_resched+0x10/0x10
[  286.529753][ T9272]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  286.529777][ T9272]  ? input_event+0x98/0xb0
[  286.529800][ T9272]  uinput_write+0xbb4/0x12b0
[  286.529831][ T9272]  ? __pfx_uinput_write+0x10/0x10
[  286.529858][ T9272]  ? bpf_lsm_file_permission+0x9/0x10
[  286.529884][ T9272]  ? security_file_permission+0x71/0x210
[  286.529910][ T9272]  ? rw_verify_area+0xcf/0x680
[  286.529929][ T9272]  ? __pfx_uinput_write+0x10/0x10
[  286.529954][ T9272]  vfs_write+0x2a0/0x1150
[  286.529981][ T9272]  ? __pfx_vfs_write+0x10/0x10
[  286.529999][ T9272]  ? find_held_lock+0x2b/0x80
[  286.530021][ T9272]  ? __fget_files+0x204/0x3c0
[  286.530047][ T9272]  ? __fget_files+0x20e/0x3c0
[  286.530081][ T9272]  ksys_write+0x1f8/0x250
[  286.530102][ T9272]  ? __pfx_ksys_write+0x10/0x10
[  286.530130][ T9272]  do_syscall_64+0xcd/0x4c0
[  286.530168][ T9272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.530186][ T9272] RIP: 0033:0x7f1e65b8e929
[  286.530200][ T9272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  286.530216][ T9272] RSP: 002b:00007f1e66ab5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  286.530232][ T9272] RAX: ffffffffffffffda RBX: 00007f1e65db5fa0 RCX: 00007f1e65b8e929
[  286.530243][ T9272] RDX: 000000000000045c RSI: 0000200000000a40 RDI: 0000000000000003
[  286.530253][ T9272] RBP: 00007f1e66ab5090 R08: 0000000000000000 R09: 0000000000000000
[  286.530263][ T9272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.530273][ T9272] R13: 0000000000000000 R14: 00007f1e65db5fa0 R15: 00007ffd198af718
[  286.530298][ T9272]  </TASK>
[  286.579029][ T9275] input: syz1 as /devices/virtual/input/input21
[  286.655976][ T9274] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.656024][ T9274] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  286.717436][ T9274] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.717476][ T9274] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  286.748340][ T9280] loop2: detected capacity change from 0 to 7
[  286.755538][ T9280] Dev loop2: unable to read RDB block 7
[  286.755572][ T9280]  loop2: unable to read partition table
[  286.755725][ T9280] loop2: partition table beyond EOD, truncated
[  286.755742][ T9280] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  286.787190][ T9274] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.787225][ T9274] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  286.990152][ T5863] rc_core: IR keymap rc-hauppauge not found
[  286.990170][ T5863] Registered IR keymap rc-empty
[  286.990271][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.013347][ T9274] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.015318][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.026882][ T9274] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0
[  287.060960][ T5863] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  287.367155][ T9298] netlink: 88 bytes leftover after parsing attributes in process `syz.3.932'.
[  287.650257][ T5863] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input22
[  287.721310][ T9298] x_tables: duplicate underflow at hook 4
[  287.727252][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.768918][   T30] audit: type=1400 audit(1749600457.850:465): avc:  denied  { ioctl } for  pid=9242 comm="syz.3.932" path="mnt:[4026532806]" dev="nsfs" ino=4026532806 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  287.800405][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.824627][ T9274] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 20000 - 0
[  287.840653][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.841440][ T9274] netdevsim netdevsim1 eth0: set [1, 1] type 2 family 0 port 6081 - 0
[  287.863877][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  287.870972][ T9274] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 20000 - 0
[  287.871033][ T9274] netdevsim netdevsim1 eth1: set [1, 1] type 2 family 0 port 6081 - 0
[  287.879259][ T9274] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 20000 - 0
[  287.896396][ T9274] netdevsim netdevsim1 eth2: set [1, 1] type 2 family 0 port 6081 - 0
[  288.334705][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.410252][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.430202][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.432055][ T9274] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 20000 - 0
[  288.450237][ T9274] netdevsim netdevsim1 eth3: set [1, 1] type 2 family 0 port 6081 - 0
[  288.451878][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.520477][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.557627][ T5863] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  288.569746][ T9314] SELinux:  Context system_u:object_r:auditd_etc_t:s0 is not valid (left unmapped).
[  288.584977][   T30] audit: type=1400 audit(1749600458.660:466): avc:  denied  { relabelto } for  pid=9307 comm="syz.4.951" name="file0" dev="tmpfs" ino=1053 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:auditd_etc_t:s0"
[  288.600325][ T5863] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  288.647188][   T30] audit: type=1400 audit(1749600458.670:467): avc:  denied  { associate } for  pid=9307 comm="syz.4.951" name="file0" dev="tmpfs" ino=1053 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:auditd_etc_t:s0"
[  288.670117][ T5863] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  288.687617][   T30] audit: type=1400 audit(1749600458.770:468): avc:  denied  { read write } for  pid=9318 comm="syz.4.955" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  288.700331][ T5863] usb 4-1: USB disconnect, device number 27
[  288.712890][   T30] audit: type=1400 audit(1749600458.770:469): avc:  denied  { open } for  pid=9318 comm="syz.4.955" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  288.960212][   T30] audit: type=1400 audit(1749600458.890:470): avc:  denied  { wake_alarm } for  pid=9315 comm="syz.1.954" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  290.442237][  T973] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  290.500489][ T9334] netlink: 'syz.0.958': attribute type 6 has an invalid length.
[  290.525148][ T9334] netlink: 32 bytes leftover after parsing attributes in process `syz.0.958'.
[  290.667753][  T973] usb 3-1: Using ep0 maxpacket: 8
[  290.771827][  T973] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 7
[  290.794122][  T973] usb 3-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  290.825516][  T973] usb 3-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  290.835935][  T973] usb 3-1: Product: syz
[  290.840927][  T973] usb 3-1: Manufacturer: syz
[  290.846631][  T973] usb 3-1: SerialNumber: syz
[  290.960250][ T5863] usb 1-1: new full-speed USB device number 16 using dummy_hcd
[  291.106251][  T973] usb 3-1: Invalid connection information received from device
[  291.213420][ T5863] usb 1-1: too many endpoints for config 0 interface 0 altsetting 8: 33, using maximum allowed: 30
[  291.231068][ T5863] usb 1-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  291.243609][ T5863] usb 1-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 33
[  291.256652][ T5897] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  291.267467][ T5863] usb 1-1: config 0 interface 0 has no altsetting 0
[  291.277178][ T5863] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[  291.289183][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.299889][ T5863] usb 1-1: config 0 descriptor??
[  291.422857][ T5897] usb 5-1: Using ep0 maxpacket: 32
[  291.433494][ T5897] usb 5-1: config 0 has an invalid interface number: 184 but max is 11
[  291.445920][ T5897] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 12
[  291.462332][ T5897] usb 5-1: config 0 has no interface number 0
[  291.469609][ T5897] usb 5-1: config 0 interface 184 has no altsetting 0
[  291.483769][ T5897] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  291.494228][ T5897] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.502706][ T5897] usb 5-1: Product: syz
[  291.507157][ T5897] usb 5-1: Manufacturer: syz
[  291.515100][ T5897] usb 5-1: SerialNumber: syz
[  291.532469][ T5897] usb 5-1: config 0 descriptor??
[  291.551746][ T5897] smsc75xx v1.0.0
[  292.056568][ T9368] overlayfs: overlapping lowerdir path
[  292.518464][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  292.536436][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  292.546891][ T5863] usbhid 1-1:0.0: can't add hid device: -71
[  292.562329][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[  292.582243][  T973] usb 3-1: USB disconnect, device number 24
[  292.582967][ T5863] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  292.686437][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61
[  292.697145][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  292.713861][ T5863] usb 1-1: USB disconnect, device number 16
[  292.720455][ T5897] smsc75xx 5-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61
[  292.730363][ T5897] smsc75xx 5-1:0.184: probe with driver smsc75xx failed with error -61
[  292.810036][ T9354] IPv6: Can't replace route, no match found
[  292.858552][ T5949] usb 5-1: USB disconnect, device number 31
[  293.914660][ T9380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  294.322364][   T30] audit: type=1400 audit(1749600464.410:471): avc:  denied  { getopt } for  pid=9385 comm="syz.1.972" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  294.425712][   T30] audit: type=1400 audit(1749600464.510:472): avc:  denied  { create } for  pid=9387 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  294.486648][   T30] audit: type=1400 audit(1749600464.550:473): avc:  denied  { write } for  pid=9387 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  294.547508][   T30] audit: type=1400 audit(1749600464.550:474): avc:  denied  { nlmsg_write } for  pid=9387 comm="syz.2.973" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  294.628429][   T30] audit: type=1400 audit(1749600464.630:475): avc:  denied  { create } for  pid=9393 comm="syz.2.975" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  295.057991][   T30] audit: type=1800 audit(1749600465.140:476): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.1.974" name="/newroot/195" dev="tmpfs" ino=1049 res=0 errno=0
[  295.171093][ T9410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.980'.
[  295.240661][ T9410] netlink: 'syz.1.980': attribute type 2 has an invalid length.
[  295.321037][ T9410] netlink: 'syz.1.980': attribute type 1 has an invalid length.
[  295.341772][ T9414] FAULT_INJECTION: forcing a failure.
[  295.341772][ T9414] name failslab, interval 1, probability 0, space 0, times 0
[  295.354544][   T30] audit: type=1400 audit(1749600465.420:477): avc:  denied  { setattr } for  pid=9409 comm="syz.1.980" name="" dev="pipefs" ino=22090 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  295.376560][ T9410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.980'.
[  295.534440][ T9414] CPU: 1 UID: 0 PID: 9414 Comm: syz.2.981 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  295.534468][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.534478][ T9414] Call Trace:
[  295.534484][ T9414]  <TASK>
[  295.534491][ T9414]  dump_stack_lvl+0x16c/0x1f0
[  295.534513][ T9414]  should_fail_ex+0x512/0x640
[  295.534531][ T9414]  should_failslab+0xc2/0x120
[  295.534548][ T9414]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  295.534563][ T9414]  ? __alloc_skb+0x2b2/0x380
[  295.534579][ T9414]  ? cfg80211_connect+0x745/0x2130
[  295.534597][ T9414]  __alloc_skb+0x2b2/0x380
[  295.534612][ T9414]  ? __pfx___alloc_skb+0x10/0x10
[  295.534629][ T9414]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  295.534650][ T9414]  wireless_send_event+0x3bd/0xc50
[  295.534671][ T9414]  ? __pfx_wireless_send_event+0x10/0x10
[  295.534693][ T9414]  ioctl_standard_iw_point+0xaa1/0xca0
[  295.534712][ T9414]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  295.534729][ T9414]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[  295.534749][ T9414]  ? __pfx___mutex_lock+0x10/0x10
[  295.534769][ T9414]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  295.534784][ T9414]  ioctl_standard_call+0x166/0x1d0
[  295.534802][ T9414]  ? __pfx_ioctl_standard_call+0x10/0x10
[  295.534819][ T9414]  ? __pfx_cfg80211_wext_siwessid+0x10/0x10
[  295.534833][ T9414]  wireless_process_ioctl.constprop.0+0x28e/0x3d0
[  295.534854][ T9414]  wext_handle_ioctl+0x226/0x2a0
[  295.534865][ T9414]  ? __pfx_wext_handle_ioctl+0x10/0x10
[  295.534878][ T9414]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  295.534895][ T9414]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  295.534913][ T9414]  sock_ioctl+0x3a1/0x6b0
[  295.534926][ T9414]  ? __pfx_sock_ioctl+0x10/0x10
[  295.534938][ T9414]  ? hook_file_ioctl_common+0x145/0x410
[  295.534952][ T9414]  ? selinux_file_ioctl+0x180/0x270
[  295.534966][ T9414]  ? selinux_file_ioctl+0xb4/0x270
[  295.534981][ T9414]  ? __pfx_sock_ioctl+0x10/0x10
[  295.534994][ T9414]  __x64_sys_ioctl+0x18e/0x210
[  295.535009][ T9414]  do_syscall_64+0xcd/0x4c0
[  295.535027][ T9414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.535037][ T9414] RIP: 0033:0x7f1e65b8e929
[  295.535050][ T9414] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.535061][ T9414] RSP: 002b:00007f1e66ab5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  295.535072][ T9414] RAX: ffffffffffffffda RBX: 00007f1e65db5fa0 RCX: 00007f1e65b8e929
[  295.535078][ T9414] RDX: 0000200000000040 RSI: 0000000000008b1a RDI: 0000000000000004
[  295.535085][ T9414] RBP: 00007f1e66ab5090 R08: 0000000000000000 R09: 0000000000000000
[  295.535090][ T9414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.535097][ T9414] R13: 0000000000000000 R14: 00007f1e65db5fa0 R15: 00007ffd198af718
[  295.535111][ T9414]  </TASK>
[  297.010161][   T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  297.339144][ T9434] xt_l2tp: v2 sid > 0xffff: 262144
[  297.530414][   T24] usb 1-1: Using ep0 maxpacket: 8
[  297.539712][   T24] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  298.031093][   T24] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  298.056303][   T24] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  298.117208][   T24] usb 1-1: Product: syz
[  298.135460][   T24] usb 1-1: Manufacturer: syz
[  298.167636][   T24] usb 1-1: SerialNumber: syz
[  298.515912][ T9450] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  299.032772][ T9454] Option 'Ó¾,0A–˜' to dns_resolver key: bad/missing value
[  299.195959][   T24] usb 1-1: can't set config #1, error -71
[  299.209453][   T24] usb 1-1: USB disconnect, device number 17
[  299.304993][ T9463] overlayfs: overlapping lowerdir path
[  299.503387][ T9465] syz.1.993: attempt to access beyond end of device
[  299.503387][ T9465] nbd1: rw=0, sector=16, nr_sectors = 1 limit=0
[  299.517064][ T9465] qnx6: unable to read the first superblock
[  299.524110][ T9465] syz.1.993: attempt to access beyond end of device
[  299.524110][ T9465] nbd1: rw=0, sector=0, nr_sectors = 1 limit=0
[  299.536973][ T9465] qnx6: unable to read the first superblock
[  299.542919][ T9465] qnx6: unable to read the first superblock
[  299.620287][ T5863] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  299.790438][ T5863] usb 5-1: device descriptor read/64, error -71
[  299.870229][ T5877] usb 4-1: new full-speed USB device number 28 using dummy_hcd
[  300.057021][ T5877] usb 4-1: unable to get BOS descriptor or descriptor too short
[  300.127900][ T5863] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  300.128880][ T5877] usb 4-1: not running at top speed; connect to a high speed hub
[  300.149575][ T5877] usb 4-1: config 129 has an invalid interface number: 81 but max is 0
[  300.291194][ T5877] usb 4-1: config 129 has no interface number 0
[  300.299771][ T5877] usb 4-1: config 129 interface 81 has no altsetting 0
[  300.320360][ T5863] usb 5-1: device descriptor read/64, error -71
[  300.338222][ T5877] usb 4-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=97.a8
[  300.351738][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.379943][ T5877] usb 4-1: Product: syz
[  300.384323][ T5877] usb 4-1: Manufacturer: syz
[  300.388916][ T5877] usb 4-1: SerialNumber: syz
[  300.440417][ T5863] usb usb5-port1: attempt power cycle
[  300.606048][ T9454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.792775][ T5863] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  300.852268][ T5863] usb 5-1: device descriptor read/8, error -71
[  301.101455][ T5863] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  301.163230][ T5863] usb 5-1: device descriptor read/8, error -71
[  301.339404][ T5863] usb usb5-port1: unable to enumerate USB device
[  301.374791][ T9454] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.390662][ T5877] ttusbir 4-1:129.81: cannot find expected altsetting
[  301.400433][ T5877] usb 4-1: USB disconnect, device number 28
[  302.738421][   T30] audit: type=1400 audit(1749600472.820:478): avc:  denied  { map } for  pid=9507 comm="syz.0.1007" path="/dev/binderfs/binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  302.823145][   T30] audit: type=1400 audit(1749600472.860:479): avc:  denied  { call } for  pid=9507 comm="syz.0.1007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  304.570273][ T5949] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  304.730183][ T5949] usb 2-1: Using ep0 maxpacket: 8
[  304.742632][ T5949] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  304.834683][ T5949] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  305.153628][ T5949] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  305.162872][ T5949] usb 2-1: Product: syz
[  305.167114][ T5949] usb 2-1: Manufacturer: syz
[  305.178611][ T5949] usb 2-1: SerialNumber: syz
[  305.200516][ T9539] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1014'.
[  305.210133][ T9539] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1014'.
[  305.308674][   T30] audit: type=1400 audit(1749600475.380:480): avc:  denied  { append } for  pid=9540 comm="syz.2.1015" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  305.461076][ T5949] usb 2-1: Invalid connection information received from device
[  305.483459][ T9545] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1016'.
[  307.101700][ T9547] netlink: 'syz.3.1017': attribute type 1 has an invalid length.
[  307.421434][ T9547] 8021q: adding VLAN 0 to HW filter on device bond1
[  307.742062][   T30] audit: type=1400 audit(1749600477.820:481): avc:  denied  { read } for  pid=9549 comm="syz.4.1018" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  308.755924][ T5854] usb 2-1: USB disconnect, device number 20
[  309.516838][ T9571] loop2: detected capacity change from 0 to 7
[  309.529555][ T9571] Dev loop2: unable to read RDB block 7
[  309.535875][ T9571]  loop2: unable to read partition table
[  309.543525][ T9571] loop2: partition table beyond EOD, truncated
[  309.552966][ T9571] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  309.785708][ T9579] bridge0: entered promiscuous mode
[  309.791175][ T9579] vlan2: entered promiscuous mode
[  309.796197][ T9579] bond0: entered promiscuous mode
[  309.801212][ T9579] team0: entered promiscuous mode
[  309.806212][ T9579] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:579
[  309.815480][ T9579] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 9579, name: syz.4.1027
[  309.824488][ T9579] preempt_count: 201, expected: 0
[  309.829505][ T9579] RCU nest depth: 0, expected: 0
[  309.834439][ T9579] 3 locks held by syz.4.1027/9579:
[  309.839534][ T9579]  #0: ffffffff90aa1cc0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0
[  309.849114][ T9579]  #1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  309.858174][ T9579]  #2: ffff88807cd48368 (&dev_addr_list_lock_key#6/3){+...}-{3:3}, at: dev_uc_add+0x6f/0x110
[  309.868362][ T9579] Preemption disabled at:
[  309.868368][ T9579] [<ffffffff895d46a3>] dev_uc_add+0x63/0x110
[  309.878635][ T9579] CPU: 1 UID: 0 PID: 9579 Comm: syz.4.1027 Not tainted 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  309.878650][ T9579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  309.878657][ T9579] Call Trace:
[  309.878662][ T9579]  <TASK>
[  309.878667][ T9579]  dump_stack_lvl+0x16c/0x1f0
[  309.878686][ T9579]  __might_resched+0x3c0/0x5e0
[  309.878702][ T9579]  ? __pfx___might_resched+0x10/0x10
[  309.878715][ T9579]  ? __pfx__printk+0x10/0x10
[  309.878737][ T9579]  __mutex_lock+0x106/0xb90
[  309.878754][ T9579]  ? __down_trylock_console_sem+0xb0/0x140
[  309.878773][ T9579]  ? team_change_rx_flags+0x39/0x220
[  309.878800][ T9579]  ? __pfx___mutex_lock+0x10/0x10
[  309.878818][ T9579]  ? __pfx_console_unlock+0x10/0x10
[  309.878833][ T9579]  ? __pfx_netdev_info+0x10/0x10
[  309.878844][ T9579]  ? __pfx__printk+0x10/0x10
[  309.878864][ T9579]  ? team_change_rx_flags+0x39/0x220
[  309.878877][ T9579]  team_change_rx_flags+0x39/0x220
[  309.878893][ T9579]  ? __pfx_team_change_rx_flags+0x10/0x10
[  309.878909][ T9579]  __dev_set_promiscuity+0x217/0x590
[  309.878925][ T9579]  ? __pfx__printk+0x10/0x10
[  309.878943][ T9579]  netif_set_promiscuity+0x52/0x150
[  309.878967][ T9579]  dev_set_promiscuity+0xb2/0x260
[  309.878979][ T9579]  bond_change_rx_flags+0x22b/0x740
[  309.878998][ T9579]  ? __pfx_bond_change_rx_flags+0x10/0x10
[  309.879014][ T9579]  ? __dev_change_flags+0x55d/0x720
[  309.879029][ T9579]  ? rtnl_newlink+0xcd9/0x2000
[  309.879048][ T9579]  ? __pfx_bond_change_rx_flags+0x10/0x10
[  309.879067][ T9579]  __dev_set_promiscuity+0x217/0x590
[  309.879087][ T9579]  netif_set_promiscuity+0x52/0x150
[  309.879105][ T9579]  dev_set_promiscuity+0xb2/0x260
[  309.879117][ T9579]  vlan_dev_change_rx_flags+0x123/0x150
[  309.879131][ T9579]  ? __pfx_vlan_dev_change_rx_flags+0x10/0x10
[  309.879145][ T9579]  __dev_set_promiscuity+0x217/0x590
[  309.879164][ T9579]  netif_set_promiscuity+0x52/0x150
[  309.879181][ T9579]  dev_set_promiscuity+0xb2/0x260
[  309.879192][ T9579]  br_manage_promisc+0x2ce/0x4f0
[  309.879214][ T9579]  br_dev_change_rx_flags+0x3b/0x50
[  309.879227][ T9579]  ? __pfx_br_dev_change_rx_flags+0x10/0x10
[  309.879241][ T9579]  __dev_set_promiscuity+0x217/0x590
[  309.879265][ T9579]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  309.879287][ T9579]  __dev_set_rx_mode+0x205/0x2e0
[  309.879307][ T9579]  dev_uc_add+0xee/0x110
[  309.879322][ T9579]  vlan_dev_open+0x277/0x6c0
[  309.879336][ T9579]  ? __pfx_vlan_dev_open+0x10/0x10
[  309.879350][ T9579]  __dev_open+0x2e4/0x7d0
[  309.879366][ T9579]  ? __pfx___dev_open+0x10/0x10
[  309.879387][ T9579]  __dev_change_flags+0x55d/0x720
[  309.879405][ T9579]  ? __pfx___dev_change_flags+0x10/0x10
[  309.879424][ T9579]  ? rtnl_configure_link+0x60/0x280
[  309.879440][ T9579]  rtnl_configure_link+0xfe/0x280
[  309.879457][ T9579]  rtnl_newlink+0xcd9/0x2000
[  309.879479][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  309.879495][ T9579]  ? find_held_lock+0x2b/0x80
[  309.879509][ T9579]  ? avc_has_perm_noaudit+0x117/0x3b0
[  309.879523][ T9579]  ? avc_has_perm_noaudit+0x149/0x3b0
[  309.879536][ T9579]  ? cred_has_capability.isra.0+0x193/0x2f0
[  309.879562][ T9579]  ? find_held_lock+0x2b/0x80
[  309.879575][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  309.879592][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  309.879608][ T9579]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  309.879626][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  309.879644][ T9579]  rtnetlink_rcv_msg+0x95b/0xe90
[  309.879664][ T9579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  309.879686][ T9579]  ? ref_tracker_free+0x37c/0x830
[  309.879705][ T9579]  netlink_rcv_skb+0x155/0x420
[  309.879718][ T9579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  309.879738][ T9579]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  309.879756][ T9579]  ? netlink_deliver_tap+0x1ae/0xd30
[  309.879770][ T9579]  netlink_unicast+0x53d/0x7f0
[  309.879784][ T9579]  ? __pfx_netlink_unicast+0x10/0x10
[  309.879801][ T9579]  netlink_sendmsg+0x8d1/0xdd0
[  309.879815][ T9579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  309.879833][ T9579]  ____sys_sendmsg+0xa98/0xc70
[  309.879852][ T9579]  ? copy_msghdr_from_user+0x10a/0x160
[  309.879878][ T9579]  ? __pfx_____sys_sendmsg+0x10/0x10
[  309.879893][ T9579]  ? preempt_schedule_thunk+0x16/0x30
[  309.879911][ T9579]  ? try_to_wake_up+0xa2f/0x1680
[  309.879928][ T9579]  ___sys_sendmsg+0x134/0x1d0
[  309.879946][ T9579]  ? __pfx____sys_sendmsg+0x10/0x10
[  309.879966][ T9579]  ? __lock_acquire+0x622/0x1c90
[  309.880001][ T9579]  __sys_sendmsg+0x16d/0x220
[  309.880018][ T9579]  ? __pfx___sys_sendmsg+0x10/0x10
[  309.880035][ T9579]  ? __x64_sys_futex+0x1e0/0x4c0
[  309.880076][ T9579]  do_syscall_64+0xcd/0x4c0
[  309.880104][ T9579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  309.880122][ T9579] RIP: 0033:0x7fecbdd8e929
[  309.880137][ T9579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  309.880154][ T9579] RSP: 002b:00007fecbebd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  309.880170][ T9579] RAX: ffffffffffffffda RBX: 00007fecbdfb5fa0 RCX: 00007fecbdd8e929
[  309.880180][ T9579] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000e
[  309.880186][ T9579] RBP: 00007fecbde10b39 R08: 0000000000000000 R09: 0000000000000000
[  309.880193][ T9579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  309.880199][ T9579] R13: 0000000000000000 R14: 00007fecbdfb5fa0 R15: 00007ffcdb320308
[  309.880216][ T9579]  </TASK>
[  310.393795][ T9579] 
[  310.396097][ T9579] =============================
[  310.400912][ T9579] [ BUG: Invalid wait context ]
[  310.405729][ T9579] 6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 Tainted: G        W          
[  310.414369][ T9579] -----------------------------
[  310.419184][ T9579] syz.4.1027/9579 is trying to lock:
[  310.424435][ T9579] ffff8880258f0e00 (team->team_lock_key#3){+.+.}-{4:4}, at: team_change_rx_flags+0x39/0x220
[  310.434510][ T9579] other info that might help us debug this:
[  310.440376][ T9579] context-{5:5}
[  310.443804][ T9579] 3 locks held by syz.4.1027/9579:
[  310.448881][ T9579]  #0: ffffffff90aa1cc0 (&ops->srcu#2){.+.+}-{0:0}, at: rtnl_link_ops_get+0x113/0x2c0
[  310.458430][ T9579]  #1: ffffffff9034cbe8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_newlink+0x600/0x2000
[  310.467448][ T9579]  #2: ffff88807cd48368 (&dev_addr_list_lock_key#6/3){+...}-{3:3}, at: dev_uc_add+0x6f/0x110
[  310.477615][ T9579] stack backtrace:
[  310.481308][ T9579] CPU: 1 UID: 0 PID: 9579 Comm: syz.4.1027 Tainted: G        W           6.16.0-rc1-syzkaller-00003-gf09079bd04a9 #0 PREEMPT(full) 
[  310.481326][ T9579] Tainted: [W]=WARN
[  310.481330][ T9579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  310.481337][ T9579] Call Trace:
[  310.481341][ T9579]  <TASK>
[  310.481345][ T9579]  dump_stack_lvl+0x116/0x1f0
[  310.481365][ T9579]  __lock_acquire+0xa12/0x1c90
[  310.481386][ T9579]  lock_acquire+0x179/0x350
[  310.481402][ T9579]  ? team_change_rx_flags+0x39/0x220
[  310.481418][ T9579]  ? __pfx___might_resched+0x10/0x10
[  310.481431][ T9579]  ? __pfx__printk+0x10/0x10
[  310.481449][ T9579]  __mutex_lock+0x199/0xb90
[  310.481466][ T9579]  ? team_change_rx_flags+0x39/0x220
[  310.481480][ T9579]  ? __down_trylock_console_sem+0xb0/0x140
[  310.481490][ T9579]  ? team_change_rx_flags+0x39/0x220
[  310.481505][ T9579]  ? __pfx___mutex_lock+0x10/0x10
[  310.481522][ T9579]  ? __pfx_console_unlock+0x10/0x10
[  310.481536][ T9579]  ? __pfx_netdev_info+0x10/0x10
[  310.481546][ T9579]  ? __pfx__printk+0x10/0x10
[  310.481564][ T9579]  ? team_change_rx_flags+0x39/0x220
[  310.481578][ T9579]  team_change_rx_flags+0x39/0x220
[  310.481593][ T9579]  ? __pfx_team_change_rx_flags+0x10/0x10
[  310.481608][ T9579]  __dev_set_promiscuity+0x217/0x590
[  310.481628][ T9579]  ? __pfx__printk+0x10/0x10
[  310.481654][ T9579]  netif_set_promiscuity+0x52/0x150
[  310.481673][ T9579]  dev_set_promiscuity+0xb2/0x260
[  310.481684][ T9579]  bond_change_rx_flags+0x22b/0x740
[  310.481702][ T9579]  ? __pfx_bond_change_rx_flags+0x10/0x10
[  310.481719][ T9579]  ? __dev_change_flags+0x55d/0x720
[  310.481735][ T9579]  ? rtnl_newlink+0xcd9/0x2000
[  310.481753][ T9579]  ? __pfx_bond_change_rx_flags+0x10/0x10
[  310.481771][ T9579]  __dev_set_promiscuity+0x217/0x590
[  310.481788][ T9579]  netif_set_promiscuity+0x52/0x150
[  310.481804][ T9579]  dev_set_promiscuity+0xb2/0x260
[  310.481815][ T9579]  vlan_dev_change_rx_flags+0x123/0x150
[  310.481830][ T9579]  ? __pfx_vlan_dev_change_rx_flags+0x10/0x10
[  310.481843][ T9579]  __dev_set_promiscuity+0x217/0x590
[  310.481860][ T9579]  netif_set_promiscuity+0x52/0x150
[  310.481877][ T9579]  dev_set_promiscuity+0xb2/0x260
[  310.481887][ T9579]  br_manage_promisc+0x2ce/0x4f0
[  310.481908][ T9579]  br_dev_change_rx_flags+0x3b/0x50
[  310.481920][ T9579]  ? __pfx_br_dev_change_rx_flags+0x10/0x10
[  310.481933][ T9579]  __dev_set_promiscuity+0x217/0x590
[  310.481948][ T9579]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  310.481961][ T9579]  __dev_set_rx_mode+0x205/0x2e0
[  310.481977][ T9579]  dev_uc_add+0xee/0x110
[  310.481989][ T9579]  vlan_dev_open+0x277/0x6c0
[  310.482002][ T9579]  ? __pfx_vlan_dev_open+0x10/0x10
[  310.482016][ T9579]  __dev_open+0x2e4/0x7d0
[  310.482031][ T9579]  ? __pfx___dev_open+0x10/0x10
[  310.482048][ T9579]  __dev_change_flags+0x55d/0x720
[  310.482065][ T9579]  ? __pfx___dev_change_flags+0x10/0x10
[  310.482082][ T9579]  ? rtnl_configure_link+0x60/0x280
[  310.482097][ T9579]  rtnl_configure_link+0xfe/0x280
[  310.482112][ T9579]  rtnl_newlink+0xcd9/0x2000
[  310.482131][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.482147][ T9579]  ? find_held_lock+0x2b/0x80
[  310.482167][ T9579]  ? avc_has_perm_noaudit+0x117/0x3b0
[  310.482179][ T9579]  ? avc_has_perm_noaudit+0x149/0x3b0
[  310.482190][ T9579]  ? cred_has_capability.isra.0+0x193/0x2f0
[  310.482210][ T9579]  ? find_held_lock+0x2b/0x80
[  310.482222][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.482239][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.482255][ T9579]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  310.482272][ T9579]  ? __pfx_rtnl_newlink+0x10/0x10
[  310.482289][ T9579]  rtnetlink_rcv_msg+0x95b/0xe90
[  310.482308][ T9579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.482327][ T9579]  ? ref_tracker_free+0x37c/0x830
[  310.482343][ T9579]  netlink_rcv_skb+0x155/0x420
[  310.482357][ T9579]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  310.482375][ T9579]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  310.482389][ T9579]  ? netlink_deliver_tap+0x1ae/0xd30
[  310.482401][ T9579]  netlink_unicast+0x53d/0x7f0
[  310.482413][ T9579]  ? __pfx_netlink_unicast+0x10/0x10
[  310.482427][ T9579]  netlink_sendmsg+0x8d1/0xdd0
[  310.482439][ T9579]  ? __pfx_netlink_sendmsg+0x10/0x10
[  310.482453][ T9579]  ____sys_sendmsg+0xa98/0xc70
[  310.482466][ T9579]  ? copy_msghdr_from_user+0x10a/0x160
[  310.482482][ T9579]  ? __pfx_____sys_sendmsg+0x10/0x10
[  310.482493][ T9579]  ? preempt_schedule_thunk+0x16/0x30
[  310.482509][ T9579]  ? try_to_wake_up+0xa2f/0x1680
[  310.482523][ T9579]  ___sys_sendmsg+0x134/0x1d0
[  310.482540][ T9579]  ? __pfx____sys_sendmsg+0x10/0x10
[  310.482555][ T9579]  ? __lock_acquire+0x622/0x1c90
[  310.482579][ T9579]  __sys_sendmsg+0x16d/0x220
[  310.482595][ T9579]  ? __pfx___sys_sendmsg+0x10/0x10
[  310.482611][ T9579]  ? __x64_sys_futex+0x1e0/0x4c0
[  310.482632][ T9579]  do_syscall_64+0xcd/0x4c0
[  310.482652][ T9579]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.482670][ T9579] RIP: 0033:0x7fecbdd8e929
[  310.482684][ T9579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.482696][ T9579] RSP: 002b:00007fecbebd8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  310.482706][ T9579] RAX: ffffffffffffffda RBX: 00007fecbdfb5fa0 RCX: 00007fecbdd8e929
[  310.482713][ T9579] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 000000000000000e
[  310.482720][ T9579] RBP: 00007fecbde10b39 R08: 0000000000000000 R09: 0000000000000000
[  310.482726][ T9579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  310.482732][ T9579] R13: 0000000000000000 R14: 00007fecbdfb5fa0 R15: 00007ffcdb320308
[  310.482742][ T9579]  </TASK>
[  311.071148][ T9579] vlan3: entered promiscuous mode
[  316.653171][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  316.659460][ T1301] ieee802154 phy1 wpan1: encryption failed: -22