last executing test programs:

1m23.264177409s ago: executing program 1 (id=3626):
r0 = syz_usb_connect$uac1(0x3, 0xfa, &(0x7f0000000000)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe8, 0x3, 0x1, 0x6, 0x0, 0x9c, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x6, 0x5}, [@extension_unit={0x7, 0x24, 0x8, 0x3, 0x6, 0x6}, @feature_unit={0x9, 0x24, 0x6, 0x4, 0x6, 0x1, [0x4], 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x6, 0x302, 0x6, 0x2, 0x4}, @extension_unit={0x7, 0x24, 0x8, 0x3, 0x4, 0x6}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0x8, 0x1, 0x9, 0x9}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x8000, 0x9, 0x3, "14c773423d37ece9"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x2f, 0x1, 0x5, 0x1, "ed71c6ecee3ad21a"}, @format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x6, 0x1, 0x16, "fe07bc39c906"}, @as_header={0x7, 0x24, 0x1, 0x2, 0x6, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0x5, 0xa, 0xc5, {0x7, 0x25, 0x1, 0xe577aa7104e7939f, 0x6, 0x4004}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x6, 0x4, 0xb4, 0x1, "c1", "de"}, @as_header={0x7, 0x24, 0x1, 0x2, 0xb, 0x5}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0xffff, 0x696, 0x5, "b6b29f0a16"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x8, 0x3, 0xf, 0x8, "", "48975b"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x2, 0x8, 0x5, {0x7, 0x25, 0x1, 0x0, 0x0, 0x8}}}}}}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x310, 0x4, 0x3, 0xb1, 0x8, 0x10}, 0x34, &(0x7f0000000140)={0x5, 0xf, 0x34, 0x3, [@wireless={0xb, 0x10, 0x1, 0x8, 0x80, 0xdc, 0xd, 0x48, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "8701b72f3843ae139829cb280c867fab"}, @ssp_cap={0x10, 0x10, 0xa, 0x4, 0x1, 0xff, 0x0, 0x0, [0x864e86b40fd43e]}]}, 0x6, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x1c2d}}, {0xc7, &(0x7f00000001c0)=@string={0xc7, 0x3, "472aa2a6eb8f5e35954ed0c31cf88542b2a763dea1e4f9fe0d221d0464ccb13cd61fa2231be6db8732df3ecc328e0cb71ed3d0d5b72c30374d4f475acc0357f96606b76ee821bd2e03339959b1de8029bff060d3699b41b67932ad257b895c9137e6d7b384de565482f16ddf124be35aba31523b70545ebef5b46f02d2b93634ef082b2bba9a175a5477bfd264c0a1bee67ea41fd41e4498c49531b1b63515981823dcf39ca8780ebe72645485323b49dccbf2e5c7ced4acff44a14e8f9ca9e21ae090bdf4"}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0xc09}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x200a}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x43f}}, {0xe5, &(0x7f00000005c0)=@string={0xe5, 0x3, "fb5a94d0cc71bf8b3bb212e6329e5818528d9a6e5abc172254ebfb0a51d502f10cec87813873c8a00bc7e2078741c515fe3561ccfd0124ffa50753a59b2b234d024b705cafcdc3f4e9b385e887c16197d95c6a56382fb7a830ac042469fe18b47aeba92461ecb9dfcd3958b83298aab3972a7de9d2080b99e5a7506ca63390bffea577848f343f6ce33602cbef8d8ba160bdb0ba9ec40414a685285d7cc6d1a1dba7f7f75882a68cab5c146057e7e1a3358e5404a5654b2e3158b67ff2bc486d4a39b73aff28a95b303625640bc087cc6006469a90f19792d7defeea6f2ac94cbf05bf"}}]})
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, &(0x7f0000000500)={0x20, 0x11, 0x16, {0x16, 0x24, "6b508c48e8884aa5168440c11cca9af17a58a5cf"}}, &(0x7f00000006c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x405}}, &(0x7f0000000700)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, &(0x7f0000000740)={0x20, 0x29, 0xf, {0xf, 0x29, 0x8, 0x0, 0x7, 0xcd, "a59522ac", "df504822"}}, &(0x7f0000000780)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x5, 0x3, 0x6, 0xf0, 0x7f, 0x9, 0xfffd}}}, &(0x7f0000000c80)={0x84, &(0x7f0000000800)={0x0, 0xc, 0x41, "499838eea0e1bad94b2f5eb9b09ea2e1e1403e1918e2a51026195f8869e9339073a0832258bc2626a773fe57ce02bd2535f0eda6b58ad0194fb4bd5a5623585dac"}, &(0x7f0000000880)={0x0, 0xa, 0x1, 0x80}, &(0x7f00000008c0)={0x0, 0x8, 0x1, 0xcb}, &(0x7f0000000900)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000940)={0x20, 0x0, 0x4, {0x60, 0x2}}, &(0x7f0000000980)={0x40, 0x7, 0x2, 0x3}, &(0x7f00000009c0)={0x40, 0x9, 0x1, 0xbc}, &(0x7f0000000a00)={0x40, 0xb, 0x2, "9773"}, &(0x7f0000000a40)={0x40, 0xf, 0x2, 0x1ff}, &(0x7f0000000a80)={0x40, 0x13, 0x6, @random="ef9e30fb35a6"}, &(0x7f0000000ac0)={0x40, 0x17, 0x6, @random="b4c4c54f512c"}, &(0x7f0000000b00)={0x40, 0x19, 0x2, "1683"}, &(0x7f0000000b40)={0x40, 0x1a, 0x2, 0x3}, &(0x7f0000000b80)={0x40, 0x1c, 0x1, 0x1}, &(0x7f0000000c00)={0x40, 0x1e, 0x1, 0xfe}, &(0x7f0000000c40)={0x40, 0x21, 0x1, 0x2}})
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000580)=ANY=[@ANYBLOB="18000000", @ANYRES16=r2, @ANYBLOB="01000000000000000000010000000400048008000200010000000800010000000000100008800c00078008000600ce400000"], 0x38}}, 0x0)

1m19.963085869s ago: executing program 1 (id=3637):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
close(0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0d000000060000000400000001000000000000", @ANYRES32], 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = semget$private(0x0, 0x6, 0x0)
semctl$IPC_RMID(r2, 0x0, 0x0)
openat(0xffffffffffffffff, 0x0, 0x1, 0x10)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, '\x00', 0x0, @xdp}, 0x94)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[], 0x44}}, 0x20000000)
ioctl$SNDCTL_SEQ_CTRLRATE(0xffffffffffffffff, 0xc0045103, &(0x7f0000000080)=0x6)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r6, 0x84, 0x84, &(0x7f0000000000), 0x90)
sendmsg$MPTCP_PM_CMD_SET_LIMITS(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x50, r5, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_ADDR={0x2c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x3a}}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @private=0xa010101}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0x4}, @MPTCP_PM_ATTR_TOKEN={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008011}, 0x4000)

1m19.029812598s ago: executing program 1 (id=3640):
lsetxattr$security_selinux(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000340), &(0x7f0000000500)='system_u:object_r:removable_device_t:s0\x00', 0x28, 0x2)
syz_open_dev$loop(&(0x7f0000000540), 0x4, 0x402582)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="00000000f4e1", 0x6}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x80}}, @hoplimit={{0x14}}, @hopopts={{0x18, 0x29, 0x36, {0x5e}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x84, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0xd0}}], 0x1, 0x4000000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00"], 0x22)

1m18.920323316s ago: executing program 1 (id=3641):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
write$binfmt_misc(r0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
write$vga_arbiter(0xffffffffffffffff, &(0x7f0000000240)=ANY=[@ANYBLOB="744ed93454e63326bcef4a0b"], 0xc)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
mknod(&(0x7f00000048c0)='./file0\x00', 0x0, 0xffffffff)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f00000021c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000240)={0x50, 0x0, r4, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f0000008380)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008df76a250000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea21056000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000131a5d9400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
syz_fuse_handle_req(r3, &(0x7f0000004900)="fac4e7c21565f79b73d8d7dcc36944c7d36505ed55b2c535ba5bc78cc94f55e518d13a9f4dd794ecf1b09fe12f2893933931db285710f8c78793ddf30ff7dd86203ab0177f8aa062d6fe9529d65fab047ca34c6840b505eee9082e8ccf311bfb84ee46c0d0dd466ba326c6410b06b48ffc309ddd9fcdd816ded9830e41f8cce8d3bc31a817f29e3ecdd0329aadc8b022c55c70eff8905b9bf223ea44cbb290ffe098bb78fcc9e39f16f4f0e8d60e440abc192d530e146bdb59e9e522668bebec672a965ee7bdb300ab4314235dc0e62e94e398742cfeee3b92ce29e1a62fd8375d95ef502ebc1f04959d83a15ee9496198f0b3440b80cb9950324c9d4dfa69381c5c0920e307ab1528efe02739c2a49fc4cf09ff76c165d5005234b8f9378c74040d212eed9e7485cdd758bf4d34c2cf52b278eb3114b13b43214814ba2e2a357c028c737892d0e8ab1f1d009a00ad0dcdb9ffd0f4fa0b03d3b006fd66e8faa4fd44b64dcb92cbb5e9da64165ef01602538708e5dad3c0986a2b03d4d4276c9268af76d300b01ceef84e2a501e2c3d04e31875d1a81270409516d4272d73e9899c5a939c03be73352b61cf32ea1f6cc2d31847703843cd2e54de294b1c957ae618dddd7fdb018908dd7be379fb3db575b0859d9f2a190d8f7abc8400bbcfc866c8f8454102a5b0c215f140cb17677556241e33443aacb35073752aa65f450b2d03750ebbc07ed809f97b5a55a4f11b920cc9bf0a1db7fce63718f85c3326120c8b774ec22ff9c1b7e9114c0b931b6805fa672b53a6a617881fd73dc1b79fbeade0120e08c7abbba9bed82e9700bbf779328ce0a73f7e60459ecfc3f0daf26da8d1b57c1536ec967fdcab8cca66aab0ce0a02320c0090c78511b1672d65b3d62ed38e2655bc6ebfb2480a0c33fc68bba5c444d8cde3f977a382d6413947fcb25e3e9330f45b8874463e2a3fab87d877652de9c2d35208ad5d3e59ee9e63061af0b119d8174e7eaf71551b1f3551d0247717b5bb7d4db41767e2608a2472c7258932e22eb591c957da5fad5732c86cf18ec338e83ed25e41a2e500360c7ea86755efe0962f0d1d4cc945645e01b5a34fc74630c91cd02c5932f2df9ec1e090dd83bda328a7c8d1b8a8294c3c551c1954a7f024eb7ac01e35538612f2f23a6c52c59beab75910c5abad25a3789baa0001569e93561a8992450bdb0a757b916af413d63badc4aeeb9489357ff7fdb27e913278dbb5f2d69bc196d110638601f31fb4db2b301faa7516955d6971b562288328e14c7957696eaa03d3911ec661279e37a850b7515fb4e122c39fd6dc3af40980173e6324ee678b47f74428a593827d75aae3368e661dbe9738a2704d8f7a086e77b9ffb3eb0e16199c58eff45dbe628d268e88bb2d69a310b60db0a850afcb08a2a7b316c70209ecf034d484a6b1f68de857d4ebfd45936c04b532202bea6b3a6d3751cf73db4ca0a76faf7a972f8a68a523b0a51d593436aed65999fe96058e085b4352c0d5603365ae4cf724e5801da03665ee2071e04b45c6de0a59afc376e3ce2ef206c3161f235049d7e0b52e04ccac4f1699629b3f8736601a6dadfd00dd9545cb7cabd1cba12ddb2a23c58b1da9c69ee4ec9853aaa81e1cf7a169f91a1c077fd6c5c2fd366c9a2a285420d5633bf0544003251768db01281f8259a0d0c489f7f7cfc0fa7ff2878fb0cea89ddb3593539a1184e667f3840e8e5043508777dcef371e2ea3cf489fcfd60066a8dcfc9d0fbc21aac05f24a88ceb5c186326d1fe5b6cb4a40d25e6f847f7a4030d0a9cd29b0f9e3b49471730df5c5d1e172376ab2a27f3aaa3d1c5f354952745db1c54464e9f4d224ca1bcc7a4004bbba7a21d60a1fd5a35c1179738fbcb61241f38703610d51b18afc0e0bce11564167344568875374c6114c64b7cd25cb3c005b2577afe3c0f528d5c838152fe7b307d743596c91f43f3958e1f25f741aa4b30baa4063d0d9c3453fa18de83f744786c7b4294415e0222ecd9bd9a115663f32e9505d3618f9c716f23d9e536d429557774f7910aded24931f373507dba89766d760b714da6e264492ffee985422e60da15b7ea862935d21bb878560b0f8270f82cb3a8fc99ac35c30038b95532fe848f8a2876f5782acbad93f1426fee13fa4f0b778950bb2096c7d1c5bdd481ecae83254800f78a762983418c3fd673deda93c206ad399144b141db743640e3102fb453d553f939ad643ce9faabbb01bfad49cd30a61cce67fd46782447e14c7b2d2dc1df244cd7d72404a0f5b54187c75aa45b9b2a73727de0ce187b7e9cfd471efb73e9a84971185cf335cb33fce92e06992398e53be779782a436579bef6d7b0d93915e758fde3fd67b9a964d5a8ddc5950cb2a78262d0e36d329f9ba56b06266a126334c56852b290937423bc178a575a442046a8a4406e88b829d36bea6786774b0c513dc951b330eb5dd914a907b97e83db55cf73c2897dc3d6944dac797b8b1434327fc15caa6b309b62e1aa52d4e8ca7a7db6f99e423489951961f147b3cb14956e801f7b1a15b959546ea229898ab9b99c9a080f5d9176c59ace26b72e620b9ff6e558bfe7808a7b430c414ab90cb0f1e4101be46dc360928797171922d41bcc8c12d17375222c706b3f864f8937ca947b33eb13216b1cd1d4119fa6de7e1a07c652671d20b1930ccf14c443223a4fb93848969465feaffc703347a5d5a9b68339e3951d3b8fc17c6045201af7e84a7026bc741592bd47768a793abe5009eb9427dfcfc4e4a9b9ae71f8582b0cd9c28c6270d5bbdf0f1415c722384808cc8fdaea65eb97d5fda8dd2014163598411c51495fd9fea5ae48c9e0d158217335c0181db4d196af623b5de7ebb1a0a71090e896c11b33cccd4515d1370b00ca48df5b855b8942cf35a8da12d4eb68b52ad786e2146383c54a13a3de979d03039e42a440c6d0db2a1509ccd1aa5097af5b15b49b90928d82e7b944d0750ac6d9433526e65d3ae79201b4a20175aa12692e4ba41c4733673a47e8ea44ed2b34d3ae80ca8b05aa159662f75ba748ef793aa184c8405796185ffb25ca4cb324f4f77610a3b372f5fad04ef85ab771f2f5efa3d95ca0074b9363b3b4095dacc04d48b9c86ebdfd94981a33b2fdb712409462aca416079a5daf92fd24374b6f3f76277fc36bd6d38832ae14db4711b0503fe12b647516d1df64c11962219c17ecc60fd25704a94742d6655e57ac9f89ae1db77fe8679b7f84b403e101d70352f1d80bba74c4aefe14cec35f4168d2e9c2625a0e692504299cf8ca875e7b45fd3c71df003628c3ac6616b3b1a8edb7879e5781877a9873b3885958edec9d1a7d24cc22c49047335dec3cf9b2821c267ac8dfaea3bdb3dde0fc7d1c1c96ce04f3bd5ddd7ec3ba253cc34e7df4a03d58e716b5bf8d681c65931407a60c28922aceff1edb45417bae99167d99e97669d68efddd00a867f5b3ce5763be30e07ff2cf8b15c90a6f656f717bc1b590231f48e3fc4a85124d43a1a811b6043604870e56b81f127db36a686eb77d612609f44b0fb262b17739fbb36c67ed305e114b7b595626e897af9d59acee1af38295c366bc32e3af59427dc11d5cd594add4e226d947ff26a2140f476a43695ebc8f73cf5b7efeb2ce46d63484b9f3ded774088a0a31cb2eeae9538bf0c071f572657f905b33d4b3fb5280879cab0bc5fc7a89be10a9118c419f974c454a37bb934bd488cb1ecbdcb2ac26094f90b8093fc75454317b92278eff430f6622cbb2c4f6a8a2ef5c7388b504a6cf89bf889990977fd4f5ea1a530131a8e2356e3f1db0d9f93d7a65af79f1fadc0b40279965522d47dfe154d62036ce4e53eeb6e96473d3e2f59ce1f54414af8bada3d9b6089e7a670c7418d0f906ddd8494bbea718fb91acd0fdd0f2c19746f4c1ff87167987f056a86f03aad8c11aec6ea967383c29b9c8bc6d4f46c9c2f44fa5a43f52cda78cf36f270a7a9c77c7007a55b6770847aa8cf4676ea9abcbb91ca9a41ad56682f3dae20ed1a67d75391caabdb66808b91e86b9db4a13f7935fff256b54818a589402967c2242a70afffbc7ca73116a1ca81a126d2d609174a93b16d1fa4d18bd6a4e277aa42a8551765b241d1e54174ba7993d1694d5a191b3036cab5eed5311403ba6de613b73beddc753359f7339417e4f07724c6ba1ce99a55c6b8ec72c0a4df4776146877309382d3af87c204ce86f54c2a7c1027adee9ab2e4f6bd205fb41d7d6b2fabf7308ced5c870f156aaa9dbd24f232ad85d6123426c5e5264b4418ebc7acf1cac380212f48dd87c2000f0f0c7e4a54c04523fb7cebbc50c26691ca8ab9748831851392864c02166f5e2f0c7d5d76b71908de9ba69a88b0bbaad0dcfb9e3ad8680275e35218a60227bfb6f773fea9570831db671ec8912abe6c6190499e0100232aba631b9ab148547041f1bfabec860d19ce987c019249f07bf3effcff35a6c5402a584f0a55a3a580aa8303aa9a67856f8cc27abdfde11fd2b8c5432a46fe2c3c08ae53ff42d1c545fb890d097d9b31437c53f6563fe416570b4cb3d5fb084d9ad4165e6eaa6a24a5b77dfd6c0962d233a2030427dcab08660143dc3853d3ae8907a21f812501b1e96fca4e4c73226827477ae9e5e87f88be74228afc7393d7ed98f090577db9d70158e3acc36e07f959d32de1e34b471e2732e384d6cc6fa6d3a218d0abd71af71993cff9e47793dc72d00c5d5079ad76e935c58d349f03c6a976ac204b4663324b63fba9fb7b4a048186d53f72012779b02ecc61faeed40494538a2df95f14be70f80e2c1072f56ccf59ff5d75dea6652ef90138b22c943fd4863e90216cf9ba84e69cbf43661031720bbc22e94bf2fa1dbfe8313487b4cf6cb31e9d26995471ab64a120e0eef82d95620890aaa48afa7acf4ba274dba1b5a1e37c1062fd70fab8218ceddaa8d10154e567c7cb8e5f4bb07c6c6065164c0b374b17c555f9c1ec8d108ae7ada1913db7a447e8ea3713d6e2fd6384ac3286d9941523e01d3fefb32cd65922f2113a5de4c7334657106a2c97a6282b22d7d67f39fd6601916b0d5bdcbe382fa786a3cf74b24cdbb5a2843b56ddb14d5514139b1cffcd68d45f9f082186e2ea8f774c899cbbaac2e6207cbe86645fb346fd360d94a2b61e0cf9d33778cf3b3aac5fbf29288fc065ea5a218b404b82c79098b48a8051d03b6f8c4df4843b665eaf6935ad0e703cd928d228a48b51d23afa1bde22b7655dd4d8fb73b2b10533d6da9b9fe6aac3d1e73e5157c0e33bae4f31f10212d7f87d9341e3090b3c7c8ef79efae8bb744a5f8db2bcedeceea81e8c23716e113bbd24722d6f33dfe6438006fadc9bab9809c5c5b3371994a55263a52e9bcdcd3665f8472bbc0c59d27c0a7d023763ca55f80b7a20014636be698a2f1e0a5ed5320b1591e0c1350fe41593942495ba1a214cf18dee3c73635d208a60737b253cc716d1cdf0c7546dab111bfdc0777c4ae297e9a35153e84d7c5411df5e134f2a128d5c0240aff77e076a1113214ee68fe0c294996944180a7a5c4c35ce341682cb31607c3cf5514b1f1035673f3475376a8cbf20b50cf3272a49c8aafda33fef13aa90781f9c14741886fbdda634205fa98c94dfe5f06533d17d772ec5be90243a24f1db46530fc8b8e167cec2276dc16cd755e371f85827f44da53114333abd41b2ea70faac6762d38b5751e243b2e01ce7d00dce1069419fde74c49ebfabf86eb696fc6f07a8b4f95683449416c9633f3ef6a2eba6a687291e2e7f48a3fd15bdd2187e7790fbfe684b5764d7ef0bb3ba99c2e120300cf58c408608ba6090e15539024787a0290083d808380214a8ecd11effcc05149e476b1ea5b82047411050068806e331171513c57713f0987133e155d3b312aadc9f243f8533fb07ce208d46c42604669ff4b8a28be3bc71f38b45081d262ec130a818d05d8a8b52cf923727f59380441524be1d3448223a2cccaabe7d86a88c4a9ad8683a42cadc41b4f26faa91d9c927edf30cb8137e74d7c8b40a9adc2567de40144ba8f86776a1ee234d02c56fbfecdc636aac44aa59d0392d8e8c13531350f2c4b5b6417db0667a557acca8f931d31a56c3b55f603e9646cc409dd54db6d89be0a7a5b5459639915bacc24885e4a1e2f3a805cd7a315f71601d5fcb2b658deaa676d77ad646003770df1be040641ff3391c4770e5461c38eb2b0eb58e9134de52e78d36c3dfd1ef42d9561b78116e70b3658ba7ff9411a7085b80a8082977d57e9df4851e5f7da33f06f7c47447bab0b4c7d3b9c9a511ff6d8ed4a26287d9ed154302ff6ed1aecaa226d60ded733eebc924ce2df1f7ada22a10db46e768918178cffc926b61544f59f6b0be26900a5204e97b6b91b16c227796f903e5e1d3924a4f3286579507a30a1486d7d186a2fd5059b2e83cecae0c7ae26dc7c262e717263c1599e7da38f3e3ce06abaf77876979c0835c859e101ff6fa4ab2a96e65a497cdf27b1df052d07bbe1bd4284d8f817d586667dca367a668a1904430ee1ca62098d919f0a4eea1244a8e4a7792c86165fdd8b9be99262d2f40ecda00a9a5afc1bde0e630814e8aef82176dcd37463e34e63c115d9d33012e497c41c22e98978ee1e4d44becb9df7920d9f8490427d020d602cc741a03284d01e81804714d46f13ac08e2a6a8677286fd66c528b985dc51d7b150417ce8fe991e2db228bca99fa6eecfe654307fda8a227ce880e7da556ffd3ed3adca545953da9c369033f2e819a1d66636fd1e9794bbd0d7a75e68c44c632eef85b205cab173aa5a9023ecbcdbdd43e4afc7ee5346075ee1bd79795245a8437d41496d3a25144af27fa026fc1b4135e28c753127fa19c147bc14c68b15fe170fff5b916eb069a414c069da3dd2640ddde8e819ae37b670ff42dca8010cced7373d0ee0c2fb05de16dc8959d172c4f467a25038b97fbf9e60bd3c40c73871d4114d6d81acb7d57552495c336e5da9b71b7872e9ebdf082023674118c3f94af6f05ab5e19ecd8ec055dd6eece56f850e902745173f758e2387c1464866348bbb5d436937192371564fd9769eb4542444ef4e60701594fbd6afc80fc7e0f7616ec8286fa1059395a2ff7ffd3fc434b84f23ca88fe44c8cf21e1b13b3f3f66543e71b855f3f785dfe1f954462fbcf57b591c0a725d27381251828d7fdf7e09bdbd625e89e98f61fb76d56ad69106510ecefa93853f0da630f7b4f324c17494d1fa51f94e9daa978b572065f6396a7f3d649060798b32b61ee7bc7ff03fdfd800e8dba8c9b0c8d51433972db34e0cc2666d54dacc4c1da366bfd58f5321f6daa88d4e49a450a75e2ae935471886bda66022b4167a743d8e7518fa2b427408f5c3278152f3d97404e34c2e0531a322518bea013e44c82546b135398263854cc3fa21f72389170c4e422e2e221c43634442eec3712c172f3b9a4e29c43d59ed1715391dc27f7254ac5918f9985288b5ff44a52c93c5663312331a3341fdff4d24607f91c4fc0cce634a4f69f686ab52ec6e36e41a1fc87af4eba40ab2da228194a6cc9b98f271f74666c47a3e371e866dd8a41293dd6474b2dde3f6bc452b010490e17cc4e7df92e7436788e7e60dda166a38314f18e631656862ff7ecdbb85cdad2dea4365443da5617877df6bad1abc1be597a2961df6cf34f5f110a60694b406e4ae9e48077132ed583f76b54f3c37108b19c47acc4bc02072a64a0da39bbbbd6f2110a8e925a63389d963057f466d02a10f6a6ba2112b74e28e0aae33b0f028c2270f1f07c42b25c812c3dc34f811b862c3485b4396cceca3ec6a62e47bd519533c30f3d9cf05b0ec9886f8abb796ce31b290ab6b515dcc7d7f3ab11582fff535ffe2746333c1d288f7a22ee36ed232f1a7d6dc3c825d86d211af3eecdfdea7cb7a4e5139ebec4a3b7e81518e76a6d8951bfb090705f21d158d89061815e7dba1cc8134e2f80955dc63f3fc0a5fb953b4ab05c22ca761092418c32725732e54dcf086430f6b114761b745ae8ab00127ca375ca08d7c4ff7e306f7bfeab6d87a7e43218c267ef145095fc7a1ad58a283007734de55aea229a24c63372ae40e32618468612464d61840d79d837722d8204ed09b9bda9f438df009c9a2e4584755dd4ad91a3378255e0b104258baf6175e7d9df45c3caa2aebfb5866e4d20fa09e06ab689903a1c1b622ea04f1208adbf7cd6ab7a53068441eab17dafb00a07bbd5083a6691f6f34a9fa82b1ded4660deaf67343ab9aaae5f70c0b5a287ba669f32a1431ede98ac58bb4f42ef2a23122cd6a3da7658174853a7400bbda3ea58ce0f5589a6d5eb45e0a17aedf12bb175a8d083492e768f52b23881e61f3492fc039e478a712918ff2b1721b9e6e7911e16539f6104fbd0457b5521391672f1e57cdc2632ace97d4e21372213d1546578f7c8c12218600d85bd53cc6a5f2a2b1e88400c55f13703df10ab28a327112404f4663b19c4e938acd3917bfa5580845d0060a9136dfd88000bc05d07476bda0742ced80e1f61103ac1a501cb648ec6ffcfb0c1ce6fcce6e97832a720eb621091f2bb8ca2535e4c4c2335d6cf8a88cdc484b19dd12a0cad69bcef70f1c5a416ea21ccdbaef497a4ae417370531e48fc48fd01106934b6fc6cfae0acfe78f208d5ecbb773707484b57768781f57126d774a75099b308035862572d3fbf86692d474bd92850405bfbb80dc8a525ff594bb0d908ceaa9f51b2ac7b41a2b4c45621b62b1e1ba55e394ee15c4c222598b4e58b8addf87474a3aa94e9233d36520ded5f6ede8be6c32d38af2f8a0fb27562b2e3330490d46047e0a2d383830c2b0525c049d3005888bbbd247162275b157e440942b37eaf4abb9a4d22ef15d6d3009096d9b3d6732c35c2878e4c2fc905f2d961bf3700f0c08740249b57a18be63a18ff2fd7340fa3baa719839cf8eaa389a2f3b81af202c4a9abbdd030bfaef70cb65fc961bb579ed400e648cd8c1b100b289c38067a6d422c1a0a9f027795eecdaa7230d6e0662d0f59ab1cb0671b3b99ec12b65771f0c7416456b99537d10779d496f17e0c04160e879a5d089adf6f8060d92c44039ef2475f4647b5f3b30335ba2a50403d09644a00122d3bf7553c8eccb0e8dc612a83e6e5a7acab9f014fbbc712623ea86edc9bec0e4c392efaea3c56bb5ec45832ccbe6329509a6800ee36e85bb3b65dcf5aff9aa2db6569a230cdf1296e815d717191bad83ba31c1e42b69c6a5cd214739b1af105a244283c59c4f60d730fe6835ca983f3bea050012d6b6bc13a70591950de0d0d8857c200b61158a13f2c2d2536a379b7b4ac302ffbc78e9769e324c6ebfd567f5f4c2b053f7b59b6b07285194526d40ca6a5c4c376fa127b6b100489ce5266ebafa0cdec24b5bd7a22f295402303f8d1ddc3d1427d4c3beece3309d55f138d878c8054b259c53e59489f5f3610b3784489cdfa6083867a92a5f7e30826a6f590b9c809020c0f8eb73b70a971c050a70af2ca3a70573554b97c60037872df3e5c3f2e91103827306e72fbf1b072250e432b7bf8a5540783a2848724989eb86670e1f5b0675a39f7b1548260fd211d9c05e48e1a3df852842c477a36bbbac07317246dc8b4c3383227485556992735bfea38ef7a8a3a372464dc0ee6b9a09548a37dce62d563d04eaec5cb54c9614170e0811b53fd05dbd192744f74b5e0e3cc1b29dc0755ae4fc0c14ae8927f72864a796e65130e05d012336a96e5b15f17ae6258c67ecab6505bc1a26c00d5010e86f243412ca4264da4ed41670238faca1d7c7ed6ae74cc104ff3f9c045ce7efad15db83c3f5bbf001507caf3e6ee0a11a9c10205d91a7bbc12b2a91065352440a18493315df7dfa671bf8e1bd6d67119fbc3bb69d5661a43481b00ee60dab9d725f7f166ff989a0cbe21ec7f0007bf09cf5b5bc65b5835c4d0bfe6981616dffe0eae36d5b8c39d14645801919bc537212fb941ebe346bcb5037cf8b894ca92a0682fb2b37f08609a4a9465f0c423250343fc2367da64b690e273293431a36813cea94de5cf411c5c3c0265239aafb8fbe45c55fabd94baf7053023d1b0f647abcc07be35fa5a0c3aba2da35f6c2d8a739beccd96916cd30bdd8533411a425ae30b5d02b8d79c3622118641fb8551a31e1c1f4a0551d2b57eeee4097e9c48e09481c228bef6aa3c4aa7b9e72e8731cbc57a20a9e3417ec718c6d57a401d3c04ee2e4066d6d950149e277dc2bdaa23879b2c5135611d82ad8d20a4b2235c09da69fbd9878cbc52b25622165e0ab3bffe476eb2884629596dc865f6b13ba510cb375e59195636deeeb06786a7c9904ccdc58eb8664fe7b4d32bcb9fc8ab135c25ee2c22837c6c3a8c116e8fdcfc310799d0fc974e43d3a73fa0f8bd9057a1465823567f681c1d2e6c4a33770a4dccd06bce94b0af0e4d198b040d8094d610bbbd4501d8da6028b5e73f135cba6a8d7bb6cab2f06576eacd823e520282f9f883634a6dd4cc4810cba3f760b9842a0acae7a396892b658e3b6c84d0e75196b4e6a3240e9d2aadf257ae970153238e347d3cbcbfabae300494ea0d1bf292799e09b8064ed885cce1574ee94c216c50017c43b3407716e5919fa0706fc9e9c382bb321e8d6fa2520543d0427a620bb45c56d3f7e66aa025f17863024a2bd693d932bacfa516fec791e86982d020faa819bf2264f8606ef260a29af16300971d0ec49d6f5a21f9c437b75b44eb59bbaf71947621a1e78c68e2767dd42c7f6e3dd6faeebfc8fdfe4dec6db3fdd2d53c906f6040278ea235b37442f34cfa1a1f1064acce6a7cdb9657c1ea2def6c1f2220ab57ececfe53b4bdb6e57afaac1c055f25202c1efa65b3e48f5b57dcd2b7f3572d1d96a736813ca6acc75c967a89edc5dd62eea64cd46eeab6aa879887360aec466dd287705497e832bd4eb3d73524e4847c18f8b46de1a88a00dfa43acf51fe97288d53e30c6f2739b4532c6e8f7286a25c5f5f10532fee71d7c1c1f6a1c56f2535d94e2dd774f424cab2bf3673e097fd3cfb55ba1f29a6d03dc31abc214a6dc5950824f05f0a3036690120684a7117d42e9d40b56f3738428540c27f25ce4130966fc9b08f831756d5448be9ad7d07b95bfe61fb396438bba4ccaffa7a8a21edc5324d72514427a75a3619e48400e1b13a97ae7097f87c9253035ac3a1e3bf6d22725d22e31b7e0c9515f98f34ba357cc136190f81c010f83306d97a89184656bef128a648b9878bbefc508a631f949d8540ed16aead49d51911901d74d7aa9649317356ebd2ac0441be95291c1c2ba803b2e4604ac4b09e29fc6200819fb2603b46dbe929e4cc661c4f31a6cdc94a81fa62eb28bf447fe2ddbbb3d5f2b97d4189ffe5d83bc8be19ee5c92b958488a55c859d7eb5885674bd351c4125a02151529e9ab01685f2e4bba3aef0d5e9ad8678dab470d761beb8785424d51c4aa728417d1edc7cc44d8c7f2f5a09c68f940fc72a4ed2952e1985b2727befdf551d95e8d43e4dcab6f65b12ea706cbc10e5354a894e7646118e60", 0x2000, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x78, 0x0, 0xfffffffffffffffe, {0xfff, 0xc, 0x0, {0x5, 0x6, 0x1, 0x2c58c9da, 0x1e93, 0x4, 0x200, 0x8002, 0xe26, 0x8000, 0x8, 0x0, 0x0, 0xc8, 0x80000003}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
lseek(r5, 0x0, 0x2)
ioctl$FBIOBLANK(0xffffffffffffffff, 0x4611, 0x3)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$setregs(0xd, r6, 0x9, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$cont(0x9, r6, 0x6, 0x1)
ptrace$getregset(0x4204, r6, 0x1, &(0x7f0000000340)={&(0x7f0000000240)=""/204, 0xcc})
socket$kcm(0xa, 0x2, 0x3a)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000001880)={'bond_slave_0\x00'})
sendmsg$nl_route_sched(r7, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)

1m16.522415588s ago: executing program 1 (id=3648):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='devices.list\x00', 0x275a, 0x0)
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x5)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001aa40)=""/102400, 0x19000)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
connect$netrom(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000480)={{{@in=@loopback, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in6=@private1}, 0x0, @in6=@loopback}}, &(0x7f0000000440)=0xe8)
setreuid(0x0, r3)
ioctl$SNDCTL_DSP_NONBLOCK(r0, 0x500e, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010007000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140000000075c0000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xec}}, 0x0)
prctl$PR_SET_SECCOMP(0x59616d61, 0x2, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x442, 0x0)
pipe2(&(0x7f0000000000)={<r5=>0x0, 0x0}, 0x0)
read$FUSE(r5, &(0x7f0000001240)={0x2020}, 0x2020)
write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[], 0x20)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000400)=0x8, 0x4)
chroot(&(0x7f0000000000)='./bus\x00')
syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0)
write$binfmt_script(r0, &(0x7f00000000c0)={'#! ', './file0'}, 0xb)

1m16.181065736s ago: executing program 1 (id=3649):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000003c0), 0x4)

1m15.996626543s ago: executing program 32 (id=3649):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000003c0), 0x4)

14.700488054s ago: executing program 3 (id=3840):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r2=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r0, r2}, 0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, r2, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x800})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000010001000900000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000001300"], 0x48)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x38}}, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r6, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r6, 0x0)
io_uring_enter(0xffffffffffffffff, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
capset(&(0x7f0000000c00)={0x20080522}, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

12.470295044s ago: executing program 3 (id=3845):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
select(0x0, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x47e, 0x0, 0x3, 0x0, 0x4}, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x11, 0xffffffffffffffff, 0xd1584000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, &(0x7f0000000000)=0x9, 0xb, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read(r0, &(0x7f0000000380)=""/144, 0x90)
pwrite64(r0, 0x0, 0x0, 0x4)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfb, 0x94, 0x7fff0000}]})
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
close_range(r1, 0xffffffffffffffff, 0x0)

12.210551684s ago: executing program 5 (id=3846):
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f0000000180)={0x0, 0x6, 0x6, 0x79, '\x00', 0x80000000})
socket$inet(0x2, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
r1 = getpid()
capset(&(0x7f0000000080)={0x20071026, r1}, &(0x7f0000000280)={0x100, 0x9, 0x9, 0x3affffe, 0x101, 0x7})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
capset(0x0, 0x0)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0xc3, 0x0)
read$msr(r2, &(0x7f0000000640)=""/79, 0x2a)
r3 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
preadv(r3, &(0x7f0000001300)=[{&(0x7f0000000100)=""/200, 0xc8}], 0x1, 0x1000, 0x3f2f0fde)
ioctl$VIDIOC_S_FREQUENCY(r3, 0x402c5639, &(0x7f00000002c0)={0x0, 0x4, 0xfffffffe})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000500)="b9800000c00f3235004000000f30c441bd73fb0966baa00066b8008866eff240a70f0766baf80cb82823c68bef66bafc0c66edc421305e0fb95a0900000f320f20c035080000000f22c066bad104b8fe5f0000ef", 0x54}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1)

11.570092345s ago: executing program 2 (id=3847):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), r0)
sendmsg$IEEE802154_ADD_IFACE(r0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000580)=0x2)
sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019900)=""/102400, 0x19000)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000780), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(r2, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000000480)=""/185, 0xb9, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000640)={0x2, 0x0, {&(0x7f0000001900)=""/4096, 0x1000, 0x0, 0x2, 0x2}}, 0x48)
write$vhost_msg_v2(r2, &(0x7f0000000180)={0x2, 0x0, {&(0x7f0000000280)=""/184, 0x2562bac182d8b35a, 0x0, 0x2, 0x3}}, 0x48)
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1) (fail_nth: 3)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x4)
r4 = dup2(r3, r3)
ioctl$BLKTRACESETUP(r4, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x4, 0x1})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000fc0), 0x0, 0x5)
writev(r8, &(0x7f00000002c0)=[{&(0x7f0000000340)="aefdda9d24030000cb61736002531d78866a42cd", 0x14}], 0x1)

10.473148171s ago: executing program 5 (id=3848):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000040)=0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000340))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
pipe(&(0x7f0000000240)={<r1=>0xffffffffffffffff})
splice(r1, 0x0, r1, 0x0, 0x2000, 0x2)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0x9c000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000850000002a000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r2}, 0x10)
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
ioctl$MON_IOCX_GETX(r3, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000040)=""/111, 0x6f})
ioctl$MON_IOCX_GETX(r3, 0x80089203, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x88401)

10.472325099s ago: executing program 2 (id=3849):
syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0x2c84, 0x8, 0xfffffffd, 0x15f}, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000180)=0xffffeffc, 0x0, 0x4)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000380)={0x0, 0x3ff, 0x5})
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg(r2, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000880), 0x88000, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000100)={0x4, 0xd6, "ae50e74ba166ea39b2fe57d6c4671314f7e8a03e7e5243a96c75fb36caec7363d79c4dc9fbd8c17c7ce933d30c971a484b143eab4b1a95a3754f19595ca86bc1ac3a591757ea6081c1e110690aee705a119c00b68985398b422dc055bd01e41276899cc9a29edabda26d1c837df1fe520314251b6e09a992a74588d56e498c8bb05381644fe702340f877a522db842942ba084287e7f4910b751d3817fb021454fe4f7129d14222ff464ea8fb09335b98cd716c8781f8cc3df7f36c50915fad36fdac2d011735afa27f9ea66a8d86525be74ef7cdd1f"})

9.828896055s ago: executing program 2 (id=3851):
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x24, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8a17ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095d112c7096c326481dcb697bbba79960647e344892771a615dd5f8f1afe2320ecd281f231ac46876d9fd3c9580024c26d01af98161603f1c3d21fdd4e70b4cde9d42ca4fb3403112625d1abfa02993177cbccc42915f2ac641552fcdcf3f6adc6af38a4919143483cf6483fb8ef82348c7689177402b83bb012e98baf67478ee34391258fc58bda307d7cbb7befaf8a7a2b44dfe3af97d79a3d4c46723c8c3ba9c0c55936b2a1676fb3867b8ac5b8a227dc2f535fad41ce137c64794f9ccbc1dc0459702fff14edffc21fdddb8d0c61d6dba0cab45d7b047a6693adb9da39f6802f688d6cc5b84b7e9cfde10fa9b1f58baad9f12a5dbe3f3cf26f065db18e1aa3cd4f7e8063743a9348de36eb3f1b9ec6d96f9fae5fc02830903b460eee70467ef05a97a319ae1959a7b0da4b747d323d3ea6cd292087308bb73fae941353db68db4e323ebf1cce811ca0ef88a360285f8a2341750a9322376c0d1c61008878"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x14, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000280)={'\x00', 0x2, 0x400, 0x7ff, 0xdf8, 0x800, <r3=>0x0})
sched_setattr(r3, &(0x7f00000000c0)={0x38, 0x0, 0x53, 0x3, 0x2, 0x0, 0x10001, 0x1000, 0x7ff, 0x5}, 0x0)
socket(0x10, 0x3, 0x0)
r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000206d049cc20000000000010902a400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB='@0\''], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

9.283527025s ago: executing program 5 (id=3852):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
select(0x0, 0x0, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x47e, 0x0, 0x3, 0x0, 0x4}, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x11, 0xffffffffffffffff, 0xd1584000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, &(0x7f0000000000)=0x9, 0xb, 0x0)
syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read(r0, &(0x7f0000000380)=""/144, 0x90)
pwrite64(r0, 0x0, 0x0, 0x4)
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0xfb, 0x94, 0x7fff0000}]})
syz_genetlink_get_family_id$ieee802154(0x0, 0xffffffffffffffff)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x7ffe, 0x0, 0x9, 0x0, 0x45, 0xfa11, 0x3}, 0x0)
syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0xb00)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[], 0xa4}}, 0x8048)

8.874616043s ago: executing program 3 (id=3855):
syz_emit_ethernet(0x4a, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaa2700000000000086dd6000000000140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='R\x00Y'], 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x18, 0x0, 0x0, 0x7151, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'gretap0\x00'})
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'salsa20-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000000f40)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x7170620a, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffff08}, 0x94)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0x9835, 0xfffffe0010000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
process_mrelease(0xffffffffffffffff, 0x0)
r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_GET(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='6\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000000000000000540000000e0002006e657464657673696d0000000f0002006e657464657673696d3000000800030000000000"], 0x3c}, 0x1, 0x0, 0x0, 0x8001}, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000100)={0x1b, "5660359c3245d1c42317afad7d48ed51000000000000000100"})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r7, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])

8.686908491s ago: executing program 0 (id=3856):
lsetxattr$security_selinux(0x0, 0x0, 0x0, 0x0, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x4, 0x402582)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000000)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e1f0a00"], 0x22)

8.18315978s ago: executing program 0 (id=3857):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
sendmsg$inet(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000330000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x4040844)

8.180204809s ago: executing program 4 (id=3858):
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {<r0=>0xffffffffffffffff}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, r0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0xd0ffbf, 0x1, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x10000}], 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (fail_nth: 4)
write(r2, &(0x7f0000000340)="0a000300010000", 0x7)
recvmmsg(r2, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x40001af, 0x12122, 0x0)
write$bt_hci(r2, &(0x7f00000001c0)={0x1, @auth_requested={{0x411, 0x2}, {0xc8}}}, 0x6)

7.55199462s ago: executing program 4 (id=3859):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xe0000000, 0x564b043a, 0xb, 0xffff, 0x5, 0x2, 0x0, 0x0, 0x80, 0x80000001}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ecffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)={0x20, 0x0, 0x95}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x10f201, 0x0)

7.468875922s ago: executing program 3 (id=3860):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="01030000000000000000020020044400000100000000080002000a010101000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r6, &(0x7f0000002140)={0x2020}, 0x2077)
ioctl$SG_IO(r0, 0x2285, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r7 = syz_open_dev$vbi(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f00000008c0)={0x7, @sliced={0x9, [0x10, 0x4, 0x7, 0x7, 0x4, 0x16, 0x7, 0x7, 0x80, 0x7, 0x1, 0x8, 0x417, 0x4, 0xfffd, 0x3, 0x401, 0x0, 0xd, 0x6, 0x7, 0x0, 0xe, 0x6b, 0x6, 0x400, 0x4, 0x7, 0x2, 0xd6a, 0xad9, 0x7, 0x9, 0xfffb, 0xb229, 0x8, 0x7, 0x4, 0x7fff, 0xfff9, 0xa07, 0x9, 0x8, 0x2, 0x9, 0xb], 0x1}})
syz_open_dev$media(&(0x7f00000006c0), 0x4, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, &(0x7f0000000300)=<r8=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r8, 0x541b, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')

7.441657762s ago: executing program 0 (id=3861):
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f0000000180)={0x0, 0x6, 0x6, 0x79, '\x00', 0x80000000})
socket$inet(0x2, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000280)={0x100, 0x9, 0x9, 0x3affffe, 0x101, 0x7})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
capset(0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0xc3, 0x0)
read$msr(r1, &(0x7f0000000640)=""/79, 0x2a)
r2 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
preadv(r2, &(0x7f0000001300)=[{&(0x7f0000000100)=""/200, 0xc8}], 0x1, 0x1000, 0x3f2f0fde)
ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f00000002c0)={0x0, 0x4, 0xfffffffe})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x3)
syz_kvm_setup_cpu$x86(r4, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000500)="b9800000c00f3235004000000f30c441bd73fb0966baa00066b8008866eff240a70f0766baf80cb82823c68bef66bafc0c66edc421305e0fb95a0900000f320f20c035080000000f22c066bad104b8fe5f0000ef", 0x54}], 0x1, 0x52, &(0x7f0000000200)=[@vmwrite={0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x85200000c}], 0x1)

6.522128051s ago: executing program 3 (id=3862):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
socket$unix(0x1, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x1c, 0x794b, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r3, 0x0, 0x0, 0x20, 0x0)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
ioctl$SIOCSIFMTU(r4, 0x8923, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$kcm(0x10, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x7aed979249b5ae9d, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
write$UHID_INPUT(r5, 0x0, 0x0)

6.28432506s ago: executing program 4 (id=3863):
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000640)={0xffffffffffffffff, &(0x7f0000000480)="df7cb93fd6ccffbce90bd3452b83eb655351947e4817141680d071ee9b69726d95e9c041e3432bcb3834cf655ff54bc17dc242339ae31730c3c5e40e9a572c7041c49c31ef0e44b3f1d06a7fbe20d6f5822536ad7cfbd924e73aa1fa663222d18dec9b0fd64ac5d379ec55b3fad6470202831d2fc9fa5968492b3dc2ae16327ffa8435db0294623fbf55f79373180e8dfe8f28ab3bf623eb7bd8578c97cf735857622851d9c7a2ff37724ba598a6550b44b19a9b85cd47f711ef1583700e1bf2d5b9c90f9761035e97", 0x0}, 0x20)
io_uring_setup(0x2dd6, &(0x7f0000000040)={0x0, 0x108b896, 0x10, 0x0, 0x27b})
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000140)={0xa9e0, 0xffffffffffffffff, 'id0\x00'})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000540)=ANY=[], 0x118)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = accept4$bt_l2cap(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x80800)
getsockopt$bt_BT_FLUSHABLE(r3, 0x112, 0x8, &(0x7f00000001c0)=0xfff, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000580)="cb000000150081054e81f782db44b904021f08010a000000040000a118000200ac141414ffff0d1208000f0100810401880016ea1f0006ea7f400303000803600cfab94dcf5c046181d67f6f94007134cf6ee080005c4ab0f45312b3429fa0e408f456211bef32d4760000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd60100730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad9", 0xac}], 0x1, 0x0, 0x0, 0x7400}, 0x44804)
ioctl$VIDIOC_G_CROP(0xffffffffffffffff, 0xc014563b, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f00000002c0)={{{@in=@private=0xa010100, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x10000, 0x3, 0x1, 0xfffffffffffffffe, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff7}, {0x0, 0x8, 0xfffffffffffffffc, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8)
sendmmsg(r7, &(0x7f0000007fc0), 0x800001d, 0x0)
pread64(r4, &(0x7f0000001240)=""/102400, 0x200000, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x8000, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000380)={'syzkaller0\x00', 0x600})

6.119686278s ago: executing program 5 (id=3864):
r0 = syz_io_uring_setup(0x231b, &(0x7f0000000100)={0x0, 0xb053, 0x100, 0x6, 0x5cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000000)=<r2=>0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='blkio.bfq.sectors\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x74c, &(0x7f0000000100)={0x0, 0x40059c4, 0x800, 0x1000, 0x400005cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0xffffffffffffff0e)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)=ANY=[@ANYBLOB=' \x00'/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x20}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r4})
io_uring_enter(r4, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/sockstat6\x00')
lseek(r7, 0x339, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r0})
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0)
ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x9, 0x0, 0x83, "00000000000000000000ffff00"})
r9 = syz_open_pts(r8, 0x0)
dup3(r9, r8, 0x0)

6.118229712s ago: executing program 0 (id=3865):
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$inet(0x2, 0xa, 0x7ff)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sched_setattr(0x0, &(0x7f0000000000)={0x38, 0x0, 0x4, 0x8001, 0x0, 0x1, 0x200000000002, 0x7, 0x8, 0x5}, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r2 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000200))
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0xcff5}, 0x38)
ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000280)={0x0, 0x800, 0x0, 0x0, 0x4, "0062ba7d820000001652bdc5fcbdc8dace6b04"})
socket$phonet(0x23, 0x2, 0x1)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0}, 0x94)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424dbcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b9649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe09032ba55813e66c88c73e80c78466166c91e662cf73cfe4f894bbb5bf98e72a17863eb292e3dd20e86bc49c16f0a7d28860669e47d471d915b5eded6b23631d83c38de606d4ad396fda977f0b42e70da8c85fd1fa4f18bf586b55ddbd0c43e46ca1a5d4464efb32467aad4910b4a6572add0fe540555c0d958d986b43613da1459d2a158e72a5bc4f7ee46611d6d318c1f059be1c3d5b223c419a1d526172337252a257baca783d66fec8dc72c0fa11f6a2103fe47b85dbc30e9751d64beb8b54b129ddd70c66d9fdc3b945a94d1179c13eaebd5efdb7feeeeaa4dc"], 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000080)=0x5, 0x4)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r3, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0)
add_key(&(0x7f00000000c0)='pkcs7_test\x00', 0x0, &(0x7f0000000200)="100c0608266be7", 0x7, 0xfffffffffffffffc)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000000)={0x0, 0x0})
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
pwrite64(r5, &(0x7f0000000080)='3', 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="14000000"], 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

5.088987942s ago: executing program 5 (id=3866):
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
timer_create(0x3, 0x0, &(0x7f0000000280)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f0000000080))
timer_create(0x2, &(0x7f0000000200)={0x0, 0x28, 0x4, @thr={&(0x7f00000003c0)="d10075680cb2e5c3d9c58574d36d369437af51c1b448aa4701a77b440df01b9062a14831ed38218dab5ddbbb1deaf3eb974a07673b5d4b837e012a279f369d7a79a805a2d936f28254b2eb654d1d05da5dbc8907", &(0x7f0000000440)="3bb3df38660179b5275893c1977cbeb9dd80efdb6890b5a6c9e45af65d0b5bba95c28d0a595b6f5f374288f087ede7f011f40235fdbb3a212befb416dc4558e55027f115bc2f7b1e5fea39b73b002a4bbaa74116c5e23af579e36fe07c98be"}}, &(0x7f0000000340))
timer_settime(r0, 0x1, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x3938700}}, &(0x7f00000002c0))
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
pipe2(&(0x7f0000000300)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4800)
write$FUSE_NOTIFY_POLL(r4, &(0x7f0000000140)={0x18, 0x1, 0x0, {0x2}}, 0x6a)
splice(r3, 0x0, r2, 0x0, 0x18, 0x7)
r5 = socket$nl_route(0x10, 0x3, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfe33)
close_range(0xffffffffffffffff, r4, 0x2)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="7fff0000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r6], 0x50}, 0x1, 0xba01}, 0x0)
recvfrom$unix(0xffffffffffffffff, 0x0, 0xffffff45, 0x40000040, 0x0, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000380)='\x00', 0x89901)

4.34659254s ago: executing program 5 (id=3867):
r0 = socket(0x10, 0x3, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000040)='timerslack_ns\x00')
write$binfmt_format(r3, &(0x7f0000000180)='1\x00', 0x2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\'\x00\x00\x00\a'], 0x50)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000080), 0x0)
r5 = syz_usb_connect$cdc_ncm(0x5, 0x6e, &(0x7f0000000680)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000000020d0000052406000105240000000d240f01fffffffffeff00000206241a00000009058103000200000d0904010000020d00000904010102020d0000090582"], 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000013c0), 0x82000, 0x0)
ioctl$TIOCPKT(r6, 0x5420, &(0x7f00000026c0)=0x3d)
r7 = syz_io_uring_setup(0x3f82, &(0x7f0000000140)={0x0, 0x3cfa, 0x0, 0x3, 0xbc}, &(0x7f0000000280)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x47f6, 0x0, 0x2, 0x0, 0x0)
ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000000)={0xffffffff, 0xee6, 0x3ff, 0x7fff, 0xe, "9921d1580ac5e831efc5657266017db016b6a9"})

4.165851705s ago: executing program 4 (id=3868):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{}, 0x0, 0x0}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
mount(0x0, 0x0, 0x0, 0x800000, 0x0)
finit_module(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
syz_open_procfs(r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TCSBRKP(r2, 0x5425, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
ioctl$TCSETSW2(r3, 0x5408, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x2, 0x0, "23f555d9adb42d4408020e90d1beaa82dc1ecf"})
ioctl$TIOCGPGRP(r2, 0x5437, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
getrlimit(0xc, &(0x7f0000000080))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
getpid()
r4 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
setsockopt$sock_int(r6, 0x1, 0x20, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)

3.708867926s ago: executing program 2 (id=3869):
listen(0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000800), r3)
sendmsg$IEEE802154_ADD_IFACE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x28, r4, 0x1, 0x70bd2b, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy1\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000010}, 0x40882)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r5, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendto$inet6(r5, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
shutdown(r5, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)

2.480304392s ago: executing program 3 (id=3870):
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r0, &(0x7f0000000f80)={0x2020}, 0x2020)
sendto$inet(r0, &(0x7f0000000000)="f56ff971e60546288a436b41", 0xc, 0x80, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
syz_open_dev$loop(&(0x7f0000000080), 0x8000000000000001, 0x14080)
syz_open_procfs(0x0, &(0x7f00000000c0)='fdinfo\x00')
creat(&(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1ab)
landlock_create_ruleset(&(0x7f0000000100)={0x2000, 0x1, 0x3}, 0x18, 0x3)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[], 0x48)
pread64(0xffffffffffffffff, &(0x7f0000000080)=""/237, 0xed, 0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl(0xffffffffffffffff, 0x8b2a, &(0x7f0000000040))
setreuid(0xee01, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
setns(r3, 0x24020000)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
sendto$inet6(r4, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000)="480000001400190d09004beafd0d36020a8429000b4e230f00000000a2bc5603ca00000f7f89004e002050da742dac0000000101ff05020003000200000000000100000000005839", 0x48}], 0x1)

2.41285851s ago: executing program 4 (id=3871):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f00000001c0), 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xa, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
ioctl$SOUND_MIXER_WRITE_VOLUME(0xffffffffffffffff, 0xc0044d06, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
writev(r4, &(0x7f00000000c0)=[{&(0x7f00000002c0)="93076eea99", 0x5}], 0x1)
bind$inet(r4, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000780)={{{@in=@empty, @in=@multicast1}}, {{@in6=@initdev}, 0x0, @in=@empty}}, &(0x7f0000000280)=0xe8)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x2, 0x0, 0x80, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x8, 'syz1\x00', 0x0})
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000540)=0x7b1)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r6=>0x0], 0x1})
r7 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x335}, &(0x7f0000000080)=<r8=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r7, 0x47ba, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000300)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.317882604s ago: executing program 2 (id=3872):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x8401)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000300)="6bfa", 0x2}], 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)
open(0x0, 0x18d03e, 0x0)
r3 = gettid()
process_vm_writev(r3, &(0x7f0000c22000)=[{0x0}], 0x1, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x1}], 0x1, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x5885}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, 0x0)
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)

2.221845341s ago: executing program 0 (id=3873):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f0000000280)='GPL\x00', 0xa, 0xb9, &(0x7f0000000140)=""/185, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="01030000000000000000020020044400000100000000080002000a010101000000000000"], 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)
r6 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
read$FUSE(r6, &(0x7f0000002140)={0x2020}, 0x2077)
ioctl$SG_IO(r0, 0x2285, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r7 = syz_open_dev$vbi(&(0x7f00000003c0), 0x0, 0x2)
ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05640, &(0x7f00000008c0)={0x7, @sliced={0x9, [0x10, 0x4, 0x7, 0x7, 0x4, 0x16, 0x7, 0x7, 0x80, 0x7, 0x1, 0x8, 0x417, 0x4, 0xfffd, 0x3, 0x401, 0x0, 0xd, 0x6, 0x7, 0x0, 0xe, 0x6b, 0x6, 0x400, 0x4, 0x7, 0x2, 0xd6a, 0xad9, 0x7, 0x9, 0xfffb, 0xb229, 0x8, 0x7, 0x4, 0x7fff, 0xfff9, 0xa07, 0x9, 0x8, 0x2, 0x9, 0xb], 0x1}})
syz_open_dev$media(&(0x7f00000006c0), 0x4, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, &(0x7f0000000300)=<r8=>0xffffffffffffffff)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r8, 0x541b, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000140)={[0x80000001, 0x7fffffffffffffff, 0x8, 0x5a58c98, 0xac5, 0x3ff, 0x4c3d, 0xa9c, 0x7, 0x18db48e3, 0xffffffff, 0x10, 0x2, 0x8000000000000001, 0xfffffffffffffffc, 0xabb1], 0x8000000, 0x400})

739.458335ms ago: executing program 0 (id=3874):
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x2, 0x40000)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r1, 0xc0305616, &(0x7f0000000100)={0x0, {0xfff, 0x3}})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge_slave_1\x00', &(0x7f0000000180)=@ethtool_eee={0x45, 0x0, 0x81, 0x1, 0x2, 0xb, 0x4, 0x8, [0x9, 0x5]}})
read$msr(r2, &(0x7f000001b000)=""/102384, 0x18ff0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$sock_linger(r3, 0x1, 0xd, 0x0, &(0x7f0000000080))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x2)
getsockopt$netlink(r4, 0x10e, 0x9, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00'})
r5 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r6=>0x0})
sched_setattr(0x0, &(0x7f0000000200)={0x38, 0x3, 0x2, 0x38, 0x7, 0x80000001, 0x1, 0x3, 0x6, 0x3f4f}, 0x0)
bind$can_j1939(r5, &(0x7f00000000c0)={0x1d, r6}, 0x18)
connect$can_j1939(r5, &(0x7f0000000140)={0x1d, r6}, 0x18)
r7 = memfd_create(0x0, 0x1)
fsetxattr$security_ima(r7, 0x0, &(0x7f0000001200)=@sha1={0x1, "133f9613e19d9ae35fcacf2bf3c557a71b10d14b"}, 0x15, 0x0)
sendmmsg(r5, &(0x7f000000a200), 0x400000000000283, 0x60000800)

686.167107ms ago: executing program 4 (id=3875):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e78, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x7c}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x40000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x8, 0x0)
r3 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="ae", 0x1, 0xffffffffffffffff)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000001400)=0xc)
keyctl$read(0x2, r3, &(0x7f00000003c0)=""/4096, 0x1000)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001cc0)={0x14, 0x19, 0x1, 0x0, 0x25dfdbfb, {0x1d, 0xd601, 0x9}}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0x0)

0s ago: executing program 2 (id=3876):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/Proc\x00\x00\x00\x00\x00\x00\x00\x00D\x00\x00v4\x00\x00s/\xdaL!\xe1\xdc\x1f\v\x04\xf44.\xab%nN\xd4\xfc\x11\x00\xd1l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
fchdir(r0)
r1 = socket$inet6(0xa, 0x80000, 0x3)
sendmsg$inet6(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000240)="56307b68086e5664e675ba2206232d9317d1d53cb00ba9832f69d0ea6c17cd0575fd857bb3a6e5e66cd652feb690110718b4f1fe47dbb5771215ed97067ee0c7be04bcb8921c13a10ca5f242aec615117e850ce206386cd040f0e47b1c2df7ebdcd695e3beccf6c74ad63ba002948060ccacf5cebe699fc0fcb583e59aeb3a829911c4789ee8fe72eb5be61332ab28df9d7050fda447", 0x96}, {&(0x7f00000009c0)="fffac939181802e105b7f2cf2d504e1000edfc5a9316802d0c4a8d616de4bf3d0bc599d3ce5fd49a463d4f8abba32a138aa50c61f2ebd7cdaaec3222c3d3fa473b18990e8b5201bbbaabafaffebc1a1bca38d021fe6e2e9b9ef05ff9e43e7b857f059103c0813ed2d57aac296dfc02e0729fc19ac1305f5b273d7568635e90bccaa11c0aab2ff5d48d6a793c0a8d03fc511780d9576d6953197607284f6cc6e7ac2fb767e6b613", 0x24}, {&(0x7f0000000a80)="aae3e1f0e2306da6bc93eb3b1276d2505af72fdfe135eb4d9890e3b536d69d7948735ac1351f14f45cf591857c7708def738498d06002f94a997fc0b69a500da3c272f53e017dd3a1e62f8a6020000008ac5be82ce2a84c2b25f12a6e2d82f469a92b75cf63442aa9f6faa43b3497afe5415622f1b0909b64edd26afb97a20951e260e9aa8c978ec702004b439c10a0500a3e004cd1f2457b92ef5a32d50d4d852df96f0fce27136400c84b049d406eaed589c40972698af15a96d65e6439936810fd8fa3802a825fa5448186b6fe580ab499afdbc55ffe773c1cbe0ae6f86e8385b1b8b54f2ef9b653a7636387d45c0fd8cabb34643d3685f445649c5365f6bd363993eb051984d69ca284b969a26b5ba9a2a9a7259d6", 0xfffffffffffffda4}, {&(0x7f0000000740)="d5749200c5ef74aca45b42c5faec839d3e69a178f958f351ef4ea17e310b80b17ba0906535c91e2bcf03be4287c0dd809b8c268795e33bcc5464ae25ceb29406792aa761d6b035b14b476660b22878c5a143667086e1e236fba39f1ff1e0c2425ecba51eed67acf445b11c94603fd9fca3188ed542", 0x75}, {&(0x7f00000007c0)="7b78c78523f6f87a38a19485f0a2135e7863ab1cb9b39c077f637ceb1509ae29e19348cf857a643ac27399cc074bf85aadb57e558b70061859dccc2010fd2a344d6fd8c478efabdeb9a9f381ce63fbfae2c86f679bf820b6f90e5d287bb63bbb2cd289d544ec2c3ddb3e173e9d2b327eaf030093d82fcf71c3812b48b792c6708b784a63fbef1f2b2cf0dfe2fcac07eaf5316f04e300a24c09e5d6efa9213891aff132522ae856cf049739966c6313367c693b574aab55caf8d5ff35255c6c3aaa4460dba39d35430d6285483c60a47bc3f84db051a3c49af8", 0xd9}], 0x5}, 0x8010)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x490, 0x0, 0x6affffff, 0x3403000b, 0x0, 0x7, 0x3f8, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00'}, 0x0, 0x2d8, 0x320, 0x0, {0x1000000}, [@common=@unspec=@bpf0={{0x230}, {0x1, [{0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}]}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4f0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
bind$alg(0xffffffffffffffff, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x400, 0x20000000, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x4}, {0x0, 0xffff}, {0x0, 0x3}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_WASH={0x8, 0xd, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40801)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e"], 0x50}}, 0x20008844)
r4 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000001c0)={r5, 0xffffffffffffffff, 0x4, 0x0, @void}, 0x10)
fcntl$notify(r1, 0x402, 0x7)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
pwritev2(r6, &(0x7f0000000580)=[{&(0x7f0000000040)='4', 0x1}], 0x1, 0x1, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(r4, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x401, 0x181, 0x2, 0xa, 0x14000000, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x723, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1, 0x3fd, 0x4000009, 0x200, 0xe2df, 0x9, 0x1, 0x4, 0x40000, 0x7, 0xf58, 0x6]})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='8'], 0x138}}, 0x0)

kernel console output (not intermixed with test programs):

19834][T20149]  ? __pfx_sock_write_iter+0x10/0x10
[ 1176.019851][T20149]  ? __pfx_vfs_write+0x10/0x10
[ 1176.019864][T20149]  ? find_held_lock+0x2b/0x80
[ 1176.019885][T20149]  ksys_write+0x1f8/0x250
[ 1176.019895][T20149]  ? __pfx_ksys_write+0x10/0x10
[ 1176.019908][T20149]  do_syscall_64+0xcd/0xfa0
[ 1176.019921][T20149]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1176.019936][T20149] RIP: 0033:0x7ff3f718f6c9
[ 1176.019951][T20149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1176.019967][T20149] RSP: 002b:00007ff3f803e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1176.019983][T20149] RAX: ffffffffffffffda RBX: 00007ff3f73e5fa0 RCX: 00007ff3f718f6c9
[ 1176.019993][T20149] RDX: 000000000000000d RSI: 0000200000000000 RDI: 000000000000000b
[ 1176.020003][T20149] RBP: 00007ff3f803e090 R08: 0000000000000000 R09: 0000000000000000
[ 1176.020011][T20149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1176.020017][T20149] R13: 00007ff3f73e6038 R14: 00007ff3f73e5fa0 R15: 00007ffe6ead9358
[ 1176.020032][T20149]  </TASK>
[ 1176.262719][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1176.958535][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.964967][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.080344][T15652] usbhid 2-1:0.0: can't add hid device: -71
[ 1177.086546][T15652] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[ 1177.099006][T15652] usb 2-1: USB disconnect, device number 73
[ 1177.261649][ T5886] usb 4-1: USB disconnect, device number 101
[ 1177.322381][T20142] Bluetooth: hci5: Invalid handle: 0x6379 > 0x0eff
[ 1177.363870][T20163] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1177.371301][T20163] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1177.469178][T20163] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1177.486619][T20163] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1178.041520][   T30] kauditd_printk_skb: 7 callbacks suppressed
[ 1178.041563][   T30] audit: type=1400 audit(1762836741.695:1928): avc:  denied  { ioctl } for  pid=20166 comm="syz.2.3571" path="/dev/dri/card1" dev="devtmpfs" ino=628 ioctlcmd=0x642e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1178.073146][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1178.189425][   T30] audit: type=1400 audit(1762836742.185:1929): avc:  denied  { getopt } for  pid=20170 comm="syz.4.3572" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1178.213292][   T30] audit: type=1400 audit(1762836742.185:1930): avc:  denied  { ioctl } for  pid=20170 comm="syz.4.3572" path="socket:[73323]" dev="sockfs" ino=73323 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1178.336479][   T30] audit: type=1400 audit(1762836742.325:1931): avc:  denied  { map } for  pid=20172 comm="syz.4.3573" path="socket:[73331]" dev="sockfs" ino=73331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1178.359879][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1178.551197][   T30] audit: type=1400 audit(1762836742.335:1932): avc:  denied  { read } for  pid=20172 comm="syz.4.3573" path="socket:[73331]" dev="sockfs" ino=73331 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[ 1178.620456][T20181] EXT4-fs (nbd3): unable to read superblock
[ 1179.033096][   T30] audit: type=1400 audit(1762836742.615:1933): avc:  denied  { mounton } for  pid=20180 comm="syz.3.3576" path="/syzcgroup/unified/syz3" dev="cgroup2" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[ 1179.060412][T20184] netlink: 'syz.3.3576': attribute type 3 has an invalid length.
[ 1179.083590][   T30] audit: type=1400 audit(1762836742.685:1934): avc:  denied  { setopt } for  pid=20174 comm="syz.4.3575" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1179.107709][   T30] audit: type=1400 audit(1762836742.745:1935): avc:  denied  { write } for  pid=20174 comm="syz.4.3575" name="unix" dev="proc" ino=4026533005 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 1179.131638][T20178] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1179.132314][T20182] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1179.160302][   T30] audit: type=1400 audit(1762836743.055:1936): avc:  denied  { create } for  pid=20180 comm="syz.3.3576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1179.226215][T15652] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1179.240926][T20178] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1179.245939][   T30] audit: type=1400 audit(1762836743.055:1937): avc:  denied  { write } for  pid=20180 comm="syz.3.3576" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1179.598749][T15652] usb 3-1: config index 0 descriptor too short (expected 65069, got 45)
[ 1180.081683][T15652] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0
[ 1180.112811][T15652] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1180.122979][T15652] usb 3-1: config 0 has no interfaces?
[ 1180.128734][T15652] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00
[ 1180.141436][T15652] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1180.176330][T15652] usb 3-1: config 0 descriptor??
[ 1180.359867][T20142] Bluetooth: hci1: Invalid handle: 0x2834 > 0x0eff
[ 1180.427933][T15652] usb 3-1: USB disconnect, device number 99
[ 1182.183374][T18118] usb 5-1: new high-speed USB device number 95 using dummy_hcd
[ 1182.554681][T18118] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1182.569673][T18118] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1182.600443][T18118] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1182.638729][T18118] usb 5-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1182.802762][T18118] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1182.812016][T18118] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1182.820169][T18118] usb 5-1: Product: syz
[ 1182.824463][T18118] usb 5-1: Manufacturer: syz
[ 1182.829143][T18118] usb 5-1: SerialNumber: syz
[ 1183.712019][ T5814] Bluetooth: hci2: Invalid handle: 0x2834 > 0x0eff
[ 1184.058540][   T30] kauditd_printk_skb: 8 callbacks suppressed
[ 1184.058556][   T30] audit: type=1400 audit(1762836748.055:1946): avc:  denied  { append } for  pid=20247 comm="syz.2.3594" name="loop7" dev="devtmpfs" ino=654 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1184.103473][T18118] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS
[ 1184.124116][T20248] loop7: detected capacity change from 0 to 7
[ 1184.178699][T18118] cdc_ncm 5-1:1.0: bind() failure
[ 1184.188908][T20248] Dev loop7: unable to read RDB block 7
[ 1184.203355][T20248]  loop7: AHDI p3 p4
[ 1184.207303][T20248] loop7: partition table partially beyond EOD, truncated
[ 1184.234902][T18118] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found
[ 1184.247646][T20249] netlink: 4116 bytes leftover after parsing attributes in process `syz.2.3594'.
[ 1184.263241][T18118] cdc_ncm 5-1:1.1: bind() failure
[ 1184.268665][T20249] openvswitch: netlink: Flow key attr not present in new flow.
[ 1184.289586][T18118] usb 5-1: USB disconnect, device number 95
[ 1184.294526][T20248] loop7: p3 start 1886353253 is beyond EOD, truncated
[ 1184.429293][   T30] audit: type=1400 audit(1762836748.415:1947): avc:  denied  { open } for  pid=20253 comm="syz.3.3595" path="/dev/ttyqa" dev="devtmpfs" ino=385 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[ 1184.822767][   T30] audit: type=1400 audit(1762836748.425:1948): avc:  denied  { name_bind } for  pid=20253 comm="syz.3.3595" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[ 1185.138675][   T30] audit: type=1400 audit(1762836749.135:1949): avc:  denied  { create } for  pid=20264 comm="syz.4.3597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[ 1185.341983][   T30] audit: type=1400 audit(1762836749.305:1950): avc:  denied  { read write } for  pid=20264 comm="syz.4.3597" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1185.392854][   T30] audit: type=1400 audit(1762836749.305:1951): avc:  denied  { open } for  pid=20264 comm="syz.4.3597" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[ 1185.418802][T20269] ext4: Unknown parameter 'barrier��'
[ 1185.541166][   T30] audit: type=1400 audit(1762836749.305:1952): avc:  denied  { bind } for  pid=20264 comm="syz.4.3597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1185.671615][   T30] audit: type=1400 audit(1762836749.315:1953): avc:  denied  { write } for  pid=20264 comm="syz.4.3597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1185.951223][T20275] vlan2: entered promiscuous mode
[ 1185.956601][T20275] bridge0: entered promiscuous mode
[ 1185.963006][T20275] vlan2: entered allmulticast mode
[ 1185.968301][T20275] bridge0: entered allmulticast mode
[ 1185.995659][T15652] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[ 1186.041671][   T30] audit: type=1400 audit(1762836749.315:1954): avc:  denied  { name_bind } for  pid=20264 comm="syz.4.3597" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[ 1186.202946][   T30] audit: type=1400 audit(1762836749.795:1955): avc:  denied  { create } for  pid=20272 comm="syz.2.3600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1186.283695][T15652] usb 2-1: Using ep0 maxpacket: 32
[ 1186.298759][T15652] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1186.354793][T15652] usb 2-1: New USB device found, idVendor=9022, idProduct=d662, bcdDevice=b3.0e
[ 1186.373745][T15652] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1186.420696][T15652] usb 2-1: config 0 descriptor??
[ 1186.450318][T15652] dvb-usb: found a 'TeVii S662' in warm state.
[ 1186.498315][T15652] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1186.552744][T15652] dvb-usb: bulk message failed: -22 (2/0)
[ 1186.574674][T15652] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1186.912588][T20273] dvb-usb: bulk message failed: -22 (5/0)
[ 1186.933285][T20273] dw2102: i2c transfer failed.
[ 1186.939728][T15652] dvbdev: DVB: registering new adapter (TeVii S662)
[ 1186.956635][T15652] usb 2-1: media controller created
[ 1186.963128][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1186.969620][T15652] dw2102: i2c transfer failed.
[ 1187.008937][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1187.029975][T15652] dw2102: i2c transfer failed.
[ 1187.042182][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1187.062697][T15652] dw2102: i2c transfer failed.
[ 1187.116092][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1187.129493][T15652] dw2102: i2c transfer failed.
[ 1187.137734][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1187.150481][T15652] dw2102: i2c transfer failed.
[ 1187.493297][T15652] dvb-usb: bulk message failed: -22 (6/0)
[ 1187.499214][T15652] dw2102: i2c transfer failed.
[ 1187.516431][T15652] dvb-usb: MAC address: 02:02:02:02:02:02
[ 1187.538982][T15652] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1187.567195][T15652] dvb-usb: bulk message failed: -22 (3/0)
[ 1187.590007][T15652] dw2102: command 0x0e transfer failed.
[ 1187.596394][T15652] dvb-usb: bulk message failed: -22 (3/0)
[ 1187.603522][T15652] dw2102: command 0x0e transfer failed.
[ 1187.865418][   T10] usb 5-1: new low-speed USB device number 96 using dummy_hcd
[ 1187.914145][T15652] dvb-usb: bulk message failed: -22 (3/0)
[ 1187.953786][T15652] dw2102: command 0x0e transfer failed.
[ 1187.975019][T15652] dvb-usb: bulk message failed: -22 (3/0)
[ 1188.034954][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1188.047464][T15652] dw2102: command 0x0e transfer failed.
[ 1188.063325][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1188.121612][T15652] dvb-usb: bulk message failed: -22 (1/0)
[ 1188.177063][T15652] dw2102: command 0x51 transfer failed.
[ 1188.201563][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1188.236734][T15652] dvb-usb: bulk message failed: -22 (5/0)
[ 1188.269604][T15652] dw2102: i2c probe for address 0x68 failed.
[ 1188.283943][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1188.308943][T15652] dvb-usb: bulk message failed: -22 (5/0)
[ 1188.323399][T15652] dw2102: i2c probe for address 0x69 failed.
[ 1188.329558][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1188.342799][T15652] dvb-usb: bulk message failed: -22 (5/0)
[ 1188.349888][T15652] dw2102: i2c probe for address 0x6a failed.
[ 1188.414739][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1188.437321][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1188.448335][T15652] dw2102: probing for demodulator failed. Is the external power switched on?
[ 1188.521783][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1188.533638][T15652] dvb-usb: no frontend was attached by 'TeVii S662'
[ 1188.553431][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1188.575277][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1189.474267][   T10] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1189.481896][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1189.503473][   T10] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1189.516080][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1189.527257][   T10] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1189.541104][   T10] usb 5-1: string descriptor 0 read error: -22
[ 1189.553749][   T10] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1189.562819][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1189.621528][   T10] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1189.633302][T15652] rc_core: IR keymap rc-tt-1500 not found
[ 1189.639129][T15652] Registered IR keymap rc-empty
[ 1189.708883][T15652] rc rc0: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[ 1189.740446][T20329] audit_log_lost: 6 callbacks suppressed
[ 1189.740475][T20329] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[ 1189.754232][T20329] audit: out of memory in audit_log_start
[ 1189.792466][   T30] audit: type=1400 audit(1762836753.785:1962): avc:  denied  { name_connect } for  pid=20325 comm="syz.1.3613" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1189.814167][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1190.016049][T15652] input: TeVii S662 as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input42
[ 1190.066375][T15652] dvb-usb: schedule remote query interval to 250 msecs.
[ 1190.090405][T15652] dw2102: su3000_power_ctrl: 0, initialized 1
[ 1190.103292][T15652] dvb-usb: TeVii S662 successfully initialized and connected.
[ 1190.212187][ T5866] usb 5-1: USB disconnect, device number 96
[ 1190.273595][T15652] usb 2-1: USB disconnect, device number 74
[ 1190.438991][T15652] dvb-usb: TeVii S662 successfully deinitialized and disconnected.
[ 1190.449026][T20337] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=20337 comm=syz.1.3615
[ 1190.522123][T20346] FAULT_INJECTION: forcing a failure.
[ 1190.522123][T20346] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1190.536309][T20346] CPU: 0 UID: 0 PID: 20346 Comm: syz.0.3616 Not tainted syzkaller #0 PREEMPT(full) 
[ 1190.536334][T20346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1190.536345][T20346] Call Trace:
[ 1190.536351][T20346]  <TASK>
[ 1190.536359][T20346]  dump_stack_lvl+0x16c/0x1f0
[ 1190.536390][T20346]  should_fail_ex+0x512/0x640
[ 1190.536416][T20346]  _copy_from_user+0x2e/0xd0
[ 1190.536439][T20346]  kstrtouint_from_user+0xd6/0x1d0
[ 1190.536465][T20346]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1190.536491][T20346]  ? __lock_acquire+0xb8a/0x1c90
[ 1190.536520][T20346]  proc_fail_nth_write+0x83/0x220
[ 1190.536541][T20346]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1190.536568][T20346]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1190.536586][T20346]  vfs_write+0x2a0/0x11d0
[ 1190.536607][T20346]  ? __pfx___mutex_lock+0x10/0x10
[ 1190.536625][T20346]  ? __pfx_vfs_write+0x10/0x10
[ 1190.536649][T20346]  ? __fget_files+0x20e/0x3c0
[ 1190.536675][T20346]  ksys_write+0x12a/0x250
[ 1190.536692][T20346]  ? __pfx_ksys_write+0x10/0x10
[ 1190.536716][T20346]  do_syscall_64+0xcd/0xfa0
[ 1190.536735][T20346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1190.536753][T20346] RIP: 0033:0x7f833d98e17f
[ 1190.536768][T20346] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1190.536784][T20346] RSP: 002b:00007f833e79d030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1190.536801][T20346] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f833d98e17f
[ 1190.536813][T20346] RDX: 0000000000000001 RSI: 00007f833e79d0a0 RDI: 0000000000000008
[ 1190.536822][T20346] RBP: 00007f833e79d090 R08: 0000000000000000 R09: 0000000000000000
[ 1190.536839][T20346] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1190.536850][T20346] R13: 00007f833dbe6218 R14: 00007f833dbe6180 R15: 00007ffc79d87bb8
[ 1190.536876][T20346]  </TASK>
[ 1190.722544][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1190.795109][T20337] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3615'.
[ 1190.807549][   T30] audit: type=1400 audit(1762836754.795:1963): avc:  denied  { map } for  pid=20336 comm="syz.1.3615" path="socket:[74185]" dev="sockfs" ino=74185 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1190.877008][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.884788][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.892509][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.900221][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.907957][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.915740][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.919181][   T30] audit: type=1400 audit(1762836754.855:1964): avc:  denied  { map } for  pid=20338 comm="syz.4.3617" path="socket:[73593]" dev="sockfs" ino=73593 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1190.923465][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.923480][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.923494][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.923506][T20349] netlink: 'syz.4.3617': attribute type 1 has an invalid length.
[ 1190.946639][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1191.981278][   T30] audit: type=1400 audit(1762836754.875:1965): avc:  denied  { mount } for  pid=20338 comm="syz.4.3617" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1192.003844][   T30] audit: type=1400 audit(1762836755.015:1966): avc:  denied  { connect } for  pid=20341 comm="syz.3.3618" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1192.394302][   T30] audit: type=1400 audit(1762836756.195:1967): avc:  denied  { mount } for  pid=20357 comm="syz.0.3622" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1192.626418][   T30] audit: type=1400 audit(1762836756.375:1968): avc:  denied  { unmount } for  pid=17987 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[ 1192.821588][   T30] audit: type=1400 audit(1762836756.435:1969): avc:  denied  { write } for  pid=20360 comm="syz.3.3621" name="renderD128" dev="devtmpfs" ino=626 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1192.914593][T20371] FAULT_INJECTION: forcing a failure.
[ 1192.914593][T20371] name failslab, interval 1, probability 0, space 0, times 0
[ 1192.959355][T20371] CPU: 1 UID: 0 PID: 20371 Comm: syz.3.3624 Not tainted syzkaller #0 PREEMPT(full) 
[ 1192.959382][T20371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1192.959393][T20371] Call Trace:
[ 1192.959399][T20371]  <TASK>
[ 1192.959407][T20371]  dump_stack_lvl+0x16c/0x1f0
[ 1192.959439][T20371]  should_fail_ex+0x512/0x640
[ 1192.959459][T20371]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1192.959483][T20371]  should_failslab+0xc2/0x120
[ 1192.959505][T20371]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1192.959539][T20371]  ? skb_clone+0x190/0x3f0
[ 1192.959565][T20371]  ? skb_clone+0x190/0x3f0
[ 1192.959584][T20371]  skb_clone+0x190/0x3f0
[ 1192.959608][T20371]  netlink_deliver_tap+0xabd/0xd30
[ 1192.959638][T20371]  netlink_unicast+0x64c/0x870
[ 1192.959667][T20371]  ? __pfx_netlink_unicast+0x10/0x10
[ 1192.959690][T20371]  ? __asan_memset+0x23/0x50
[ 1192.959716][T20371]  ? __build_skb_around+0x278/0x3b0
[ 1192.959742][T20371]  netlink_sendmsg+0x8c8/0xdd0
[ 1192.959771][T20371]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1192.959797][T20371]  ? trace_contention_end+0xdd/0x130
[ 1192.959822][T20371]  sock_sendmsg+0x3cc/0x470
[ 1192.959840][T20371]  ? __pfx_sock_sendmsg+0x10/0x10
[ 1192.959875][T20371]  splice_to_socket+0xaf4/0x1110
[ 1192.959909][T20371]  ? __pfx_splice_to_socket+0x10/0x10
[ 1192.959936][T20371]  ? inode_has_perm+0x16f/0x1d0
[ 1192.959985][T20371]  ? bpf_lsm_file_permission+0x9/0x10
[ 1192.960002][T20371]  ? security_file_permission+0x71/0x210
[ 1192.960023][T20371]  ? rw_verify_area+0xcf/0x6c0
[ 1192.960047][T20371]  ? __pfx_splice_to_socket+0x10/0x10
[ 1192.960065][T20371]  do_splice+0x1478/0x1fc0
[ 1192.960084][T20371]  ? __lock_acquire+0x622/0x1c90
[ 1192.960109][T20371]  ? __pfx_do_splice+0x10/0x10
[ 1192.960124][T20371]  ? __pfx_pipe_clear_nowait+0x10/0x10
[ 1192.960154][T20371]  ? find_held_lock+0x2b/0x80
[ 1192.960177][T20371]  __do_splice+0x32a/0x360
[ 1192.960197][T20371]  ? __pfx___do_splice+0x10/0x10
[ 1192.960223][T20371]  __x64_sys_splice+0x187/0x250
[ 1192.960244][T20371]  do_syscall_64+0xcd/0xfa0
[ 1192.960263][T20371]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1192.960280][T20371] RIP: 0033:0x7f9502b8f6c9
[ 1192.960296][T20371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1192.960312][T20371] RSP: 002b:00007f9500dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113
[ 1192.960329][T20371] RAX: ffffffffffffffda RBX: 00007f9502de6090 RCX: 00007f9502b8f6c9
[ 1192.960340][T20371] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000003
[ 1192.960350][T20371] RBP: 00007f9500dd5090 R08: 000000000004ffe6 R09: 0000000000000000
[ 1192.960360][T20371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1192.960371][T20371] R13: 00007f9502de6128 R14: 00007f9502de6090 R15: 00007ffee206eff8
[ 1192.960397][T20371]  </TASK>
[ 1192.961811][T20371] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3624'.
[ 1193.187337][T20383] FAULT_INJECTION: forcing a failure.
[ 1193.187337][T20383] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1193.273830][T20383] CPU: 0 UID: 0 PID: 20383 Comm: syz.2.3629 Not tainted syzkaller #0 PREEMPT(full) 
[ 1193.273846][T20383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1193.273852][T20383] Call Trace:
[ 1193.273860][T20383]  <TASK>
[ 1193.273865][T20383]  dump_stack_lvl+0x16c/0x1f0
[ 1193.273885][T20383]  should_fail_ex+0x512/0x640
[ 1193.273900][T20383]  _copy_to_user+0x32/0xd0
[ 1193.273915][T20383]  simple_read_from_buffer+0xcb/0x170
[ 1193.273934][T20383]  proc_fail_nth_read+0x197/0x240
[ 1193.273947][T20383]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1193.273960][T20383]  ? rw_verify_area+0xcf/0x6c0
[ 1193.273975][T20383]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1193.273987][T20383]  vfs_read+0x1e4/0xcf0
[ 1193.273999][T20383]  ? __pfx___mutex_lock+0x10/0x10
[ 1193.274010][T20383]  ? __pfx_vfs_read+0x10/0x10
[ 1193.274023][T20383]  ? __fget_files+0x20e/0x3c0
[ 1193.274038][T20383]  ksys_read+0x12a/0x250
[ 1193.274047][T20383]  ? __pfx_ksys_read+0x10/0x10
[ 1193.274060][T20383]  do_syscall_64+0xcd/0xfa0
[ 1193.274072][T20383]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1193.274083][T20383] RIP: 0033:0x7fcc42f8e0dc
[ 1193.274092][T20383] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1193.274102][T20383] RSP: 002b:00007fcc43d96030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1193.274112][T20383] RAX: ffffffffffffffda RBX: 00007fcc431e6090 RCX: 00007fcc42f8e0dc
[ 1193.274119][T20383] RDX: 000000000000000f RSI: 00007fcc43d960a0 RDI: 0000000000000008
[ 1193.274125][T20383] RBP: 00007fcc43d96090 R08: 0000000000000000 R09: 0000000000000000
[ 1193.274131][T20383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1193.274137][T20383] R13: 00007fcc431e6128 R14: 00007fcc431e6090 R15: 00007ffeb9dee818
[ 1193.274151][T20383]  </TASK>
[ 1193.343414][T18118] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[ 1194.043194][T18118] usb 2-1: Using ep0 maxpacket: 16
[ 1194.056050][T18118] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1194.066402][T18118] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1194.281567][T20396] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[ 1194.371932][T18118] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1194.766238][T18118] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1194.783394][T18118] usb 2-1: Product: ఉ
[ 1194.787644][T18118] usb 2-1: Manufacturer: ⩇ꚢ迫㕞井쏐䊅Ʝﻹ∍Н챤㲱ῖ⎢蟛찾踲뜌팞헐ⲷ㜰位婇ό綾٦溷⇨⺽㌃妙⦀퍠魩뙁㉹▭襻酜돗呖䬒嫣ㆺ㭒呰빞듵ɯ맒㐶࣯⬫骺娗睔튿쁤뺡绦ᾤỔ顄闄넱㖶頕⌘ꢜ๸犾呤㊅䤻쯜컇곔䓿亡鲏붐
[ 1194.822078][T18118] usb 2-1: SerialNumber:  
[ 1195.359645][T20405] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3633'.
[ 1195.499205][T20405] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3633'.
[ 1195.570896][T18118] usb 2-1: 0:2 : does not exist
[ 1195.596233][T18118] usb 2-1: USB disconnect, device number 75
[ 1195.953238][T15652] usb 4-1: new low-speed USB device number 102 using dummy_hcd
[ 1196.216161][T15652] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1196.254193][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1196.296674][T20418] FAULT_INJECTION: forcing a failure.
[ 1196.296674][T20418] name failslab, interval 1, probability 0, space 0, times 0
[ 1196.355431][T15652] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1196.679253][T20418] CPU: 0 UID: 0 PID: 20418 Comm: syz.4.3638 Not tainted syzkaller #0 PREEMPT(full) 
[ 1196.679280][T20418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1196.679291][T20418] Call Trace:
[ 1196.679297][T20418]  <TASK>
[ 1196.679305][T20418]  dump_stack_lvl+0x16c/0x1f0
[ 1196.679339][T20418]  should_fail_ex+0x512/0x640
[ 1196.679359][T20418]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[ 1196.679380][T20418]  should_failslab+0xc2/0x120
[ 1196.679400][T20418]  __kvmalloc_node_noprof+0x141/0x9c0
[ 1196.679420][T20418]  ? io_alloc_cache_init+0x38/0x170
[ 1196.679444][T20418]  ? io_alloc_cache_init+0x38/0x170
[ 1196.679461][T20418]  io_alloc_cache_init+0x38/0x170
[ 1196.679481][T20418]  io_uring_setup+0x648/0x2170
[ 1196.679511][T20418]  ? __pfx_io_uring_setup+0x10/0x10
[ 1196.679534][T20418]  ? avc_has_perm_noaudit+0x117/0x3b0
[ 1196.679562][T20418]  ? avc_has_perm_noaudit+0x149/0x3b0
[ 1196.679596][T20418]  ? ksys_write+0x1ac/0x250
[ 1196.679612][T20418]  ? __pfx_ksys_write+0x10/0x10
[ 1196.679633][T20418]  __x64_sys_io_uring_setup+0xc2/0x170
[ 1196.679661][T20418]  do_syscall_64+0xcd/0xfa0
[ 1196.679680][T20418]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1196.679698][T20418] RIP: 0033:0x7ff3f718f6c9
[ 1196.679713][T20418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1196.679729][T20418] RSP: 002b:00007ff3f803dfc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9
[ 1196.679746][T20418] RAX: ffffffffffffffda RBX: 00007ff3f73e5fa0 RCX: 00007ff3f718f6c9
[ 1196.679758][T20418] RDX: 0000200000000280 RSI: 0000200000000200 RDI: 000000000000049a
[ 1196.679775][T20418] RBP: 0000200000000200 R08: 0000000000000000 R09: 0000200000000280
[ 1196.679785][T20418] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001
[ 1196.679796][T20418] R13: 0000200000000340 R14: 000000000000049a R15: 0000200000000280
[ 1196.679821][T20418]  </TASK>
[ 1196.888583][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1196.900341][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1196.912439][T15652] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1196.919871][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1196.939230][T15652] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1196.950946][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1196.962312][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1196.988079][T15652] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1196.996324][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1197.007037][T15652] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1197.018689][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1197.029818][T15652] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1197.082926][T15652] usb 4-1: string descriptor 0 read error: -22
[ 1197.104098][T15652] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1197.114849][T15652] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1197.164069][T15652] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1197.214798][ T5814] Bluetooth: hci2: Invalid handle: 0xf9f3 > 0x0eff
[ 1197.291176][T20432] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1197.299076][T20432] FAULT_INJECTION: forcing a failure.
[ 1197.299076][T20432] name fail_iommufd, interval 1, probability 0, space 0, times 1
[ 1197.312484][T20432] CPU: 1 UID: 0 PID: 20432 Comm: syz.0.3642 Not tainted syzkaller #0 PREEMPT(full) 
[ 1197.312506][T20432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1197.312517][T20432] Call Trace:
[ 1197.312521][T20432]  <TASK>
[ 1197.312525][T20432]  dump_stack_lvl+0x16c/0x1f0
[ 1197.312548][T20432]  should_fail_ex+0x512/0x640
[ 1197.312564][T20432]  temp_kmalloc+0xd5/0x260
[ 1197.312580][T20432]  __batch_init+0x8b/0x2a0
[ 1197.312594][T20432]  ? __pfx___batch_init+0x10/0x10
[ 1197.312613][T20432]  pfn_reader_first+0x3bf/0x640
[ 1197.312630][T20432]  iopt_area_fill_domains+0x1f6/0x850
[ 1197.312641][T20432]  ? interval_tree_span_iter_advance+0x16e/0x1e0
[ 1197.312656][T20432]  ? interval_tree_double_span_iter_update+0x216/0x3b0
[ 1197.312674][T20432]  ? interval_tree_double_span_iter_next+0x144/0x1d0
[ 1197.312691][T20432]  ? __pfx_iopt_area_fill_domains+0x10/0x10
[ 1197.312716][T20432]  ? iopt_map_pages+0x49f/0xa40
[ 1197.312727][T20432]  ? __pfx_down_read+0x10/0x10
[ 1197.312740][T20432]  ? up_write+0x1b2/0x520
[ 1197.312753][T20432]  iopt_map_pages+0x552/0xa40
[ 1197.312768][T20432]  iopt_map_common.isra.0+0x158/0x2d0
[ 1197.312781][T20432]  ? __pfx_iopt_map_common.isra.0+0x10/0x10
[ 1197.312799][T20432]  ? bpf_lsm_capable+0x9/0x10
[ 1197.312815][T20432]  ? iopt_alloc_pages.part.0+0x4cc/0x620
[ 1197.312829][T20432]  ? _raw_spin_unlock+0x28/0x50
[ 1197.312846][T20432]  iopt_map_user_pages+0xea/0x130
[ 1197.312860][T20432]  iommufd_ioas_map+0x341/0x6c0
[ 1197.312874][T20432]  ? __might_fault+0x13b/0x190
[ 1197.312890][T20432]  ? __pfx_iommufd_ioas_map+0x10/0x10
[ 1197.312907][T20432]  iommufd_fops_ioctl+0x34d/0x540
[ 1197.312922][T20432]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1197.312938][T20432]  ? hook_file_ioctl_common+0x145/0x410
[ 1197.312957][T20432]  ? selinux_file_ioctl+0x180/0x270
[ 1197.312969][T20432]  ? selinux_file_ioctl+0xb4/0x270
[ 1197.312981][T20432]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[ 1197.312996][T20432]  __x64_sys_ioctl+0x18e/0x210
[ 1197.313013][T20432]  do_syscall_64+0xcd/0xfa0
[ 1197.313024][T20432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1197.313035][T20432] RIP: 0033:0x7f833d98f6c9
[ 1197.313044][T20432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1197.313054][T20432] RSP: 002b:00007f833e7df038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1197.313065][T20432] RAX: ffffffffffffffda RBX: 00007f833dbe5fa0 RCX: 00007f833d98f6c9
[ 1197.313071][T20432] RDX: 0000200000000000 RSI: 0000000000003b85 RDI: 0000000000000003
[ 1197.313078][T20432] RBP: 00007f833e7df090 R08: 0000000000000000 R09: 0000000000000000
[ 1197.313084][T20432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1197.313090][T20432] R13: 00007f833dbe6038 R14: 00007f833dbe5fa0 R15: 00007ffc79d87bb8
[ 1197.313104][T20432]  </TASK>
[ 1197.643265][T18118] usb 5-1: new high-speed USB device number 97 using dummy_hcd
[ 1197.653816][   T30] kauditd_printk_skb: 16 callbacks suppressed
[ 1197.653832][   T30] audit: type=1400 audit(1762836761.655:1986): avc:  denied  { read write } for  pid=20429 comm="syz.1.3641" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1197.685729][   T30] audit: type=1400 audit(1762836761.685:1987): avc:  denied  { open } for  pid=20429 comm="syz.1.3641" path="/dev/fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1197.718159][   T30] audit: type=1400 audit(1762836761.705:1988): avc:  denied  { mounton } for  pid=20429 comm="syz.1.3641" path="/127/file0" dev="tmpfs" ino=665 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1197.740965][   T30] audit: type=1400 audit(1762836761.715:1989): avc:  denied  { mount } for  pid=20429 comm="syz.1.3641" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1197.794901][T18118] usb 5-1: config 0 has an invalid interface number: 45 but max is 0
[ 1197.804799][T18118] usb 5-1: config 0 has no interface number 0
[ 1197.810989][T18118] usb 5-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.02
[ 1197.823366][T18118] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1197.856440][T18118] usb 5-1: config 0 descriptor??
[ 1197.887063][T15652] usb 4-1: USB disconnect, device number 102
[ 1198.029566][   T30] audit: type=1400 audit(1762836762.015:1990): avc:  denied  { create } for  pid=20429 comm="syz.1.3641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1199.514009][   T30] audit: type=1400 audit(1762836763.505:1991): avc:  denied  { unlink } for  pid=20448 comm="syz.3.3645" name="#55" dev="tmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1199.536337][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1199.619920][   T30] audit: type=1400 audit(1762836763.565:1992): avc:  denied  { mount } for  pid=20448 comm="syz.3.3645" name="/" dev="overlay" ino=643 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1199.661594][   T30] audit: type=1400 audit(1762836763.615:1993): avc:  denied  { unmount } for  pid=17389 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[ 1199.893311][ T5866] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1199.988420][T18118] usb 5-1: string descriptor 0 read error: -71
[ 1200.003411][T18118] usb 5-1: USB disconnect, device number 97
[ 1200.029125][  T142] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1200.043712][ T5866] usb 1-1: Using ep0 maxpacket: 32
[ 1200.068603][ T5866] usb 1-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[ 1200.078642][ T5866] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1200.088157][ T5866] usb 1-1: Product: syz
[ 1200.092411][ T5866] usb 1-1: Manufacturer: syz
[ 1200.097389][ T5866] usb 1-1: SerialNumber: syz
[ 1200.105049][ T5866] usb 1-1: config 0 descriptor??
[ 1200.114996][ T5866] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[ 1200.122775][ T5866] dvb-usb: bulk message failed: -22 (2/0)
[ 1200.132843][ T5866] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1200.145340][ T5866] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[ 1200.175356][  T142] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1200.186360][ T5866] usb 1-1: media controller created
[ 1200.215108][ T5866] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1200.237099][ T5866] usb 1-1: selecting invalid altsetting 7
[ 1200.245641][ T5866] cxusb: set interface failed
[ 1200.255083][ T5814] Bluetooth: hci3: Invalid handle: 0xf9f3 > 0x0eff
[ 1200.280738][ T5866] dvb-usb: bulk message failed: -22 (1/0)
[ 1200.296985][  T142] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1200.316118][   T30] audit: type=1400 audit(1762836764.315:1994): avc:  denied  { append } for  pid=20452 comm="syz.0.3647" name="i2c-1" dev="devtmpfs" ino=4082 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1200.345319][T20454] cxusb: i2c wr: len=79 is too big!
[ 1200.345319][T20454] 
[ 1200.372301][   T30] audit: type=1400 audit(1762836764.365:1995): avc:  denied  { unmount } for  pid=17665 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 1200.393455][ T5866] DVB: Unable to find symbol lgdt330x_attach()
[ 1200.400001][ T5866] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[ 1200.455766][  T142] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1200.483621][ T5866] rc_core: IR keymap rc-dvico-portable not found
[ 1200.514427][ T5866] Registered IR keymap rc-empty
[ 1200.522550][ T5866] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0
[ 1200.549990][ T5814] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1200.559850][ T5814] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1200.571105][ T5814] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1200.582158][ T5814] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1200.590628][ T5814] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1200.598767][ T5866] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input43
[ 1200.612107][ T5866] dvb-usb: schedule remote query interval to 100 msecs.
[ 1200.620038][ T5866] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[ 1200.633530][ T5866] usb 1-1: USB disconnect, device number 99
[ 1200.764122][ T5866] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[ 1200.968710][  T142] bridge_slave_1: left allmulticast mode
[ 1201.031775][  T142] bridge_slave_1: left promiscuous mode
[ 1201.038294][  T142] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1201.228398][  T142] bridge_slave_0: left allmulticast mode
[ 1201.234515][  T142] bridge_slave_0: left promiscuous mode
[ 1201.393387][  T142] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1202.324399][  T142] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1202.334769][  T142] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1202.345571][  T142] bond0 (unregistering): Released all slaves
[ 1202.430875][  T142] bond1 (unregistering): Released all slaves
[ 1202.630806][ T5814] Bluetooth: hci2: command tx timeout
[ 1203.157035][  T142] tipc: Left network mode
[ 1203.182184][T20465] chnl_net:caif_netlink_parms(): no params data found
[ 1203.318180][T20500] FAULT_INJECTION: forcing a failure.
[ 1203.318180][T20500] name failslab, interval 1, probability 0, space 0, times 0
[ 1203.340026][T20500] CPU: 0 UID: 0 PID: 20500 Comm: syz.4.3660 Not tainted syzkaller #0 PREEMPT(full) 
[ 1203.340050][T20500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1203.340059][T20500] Call Trace:
[ 1203.340065][T20500]  <TASK>
[ 1203.340072][T20500]  dump_stack_lvl+0x16c/0x1f0
[ 1203.340103][T20500]  should_fail_ex+0x512/0x640
[ 1203.340123][T20500]  ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0
[ 1203.340146][T20500]  should_failslab+0xc2/0x120
[ 1203.340166][T20500]  __kmalloc_node_track_caller_noprof+0xde/0x8a0
[ 1203.340185][T20500]  ? mptcp_pm_nl_add_addr_doit+0x1e6/0xc80
[ 1203.340213][T20500]  ? kmemdup_noprof+0x29/0x60
[ 1203.340228][T20500]  kmemdup_noprof+0x29/0x60
[ 1203.340244][T20500]  mptcp_pm_nl_add_addr_doit+0x1e6/0xc80
[ 1203.340274][T20500]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[ 1203.340304][T20500]  ? rcu_is_watching+0x12/0xc0
[ 1203.340336][T20500]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1203.340354][T20500]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1203.340378][T20500]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1203.340398][T20500]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1203.340423][T20500]  ? bpf_lsm_capable+0x9/0x10
[ 1203.340443][T20500]  ? security_capable+0x7e/0x260
[ 1203.340470][T20500]  ? ns_capable+0xd7/0x110
[ 1203.340493][T20500]  genl_rcv_msg+0x55c/0x800
[ 1203.340512][T20500]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1203.340530][T20500]  ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10
[ 1203.340565][T20500]  netlink_rcv_skb+0x158/0x420
[ 1203.340591][T20500]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1203.340610][T20500]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1203.340644][T20500]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1203.340672][T20500]  genl_rcv+0x28/0x40
[ 1203.340686][T20500]  netlink_unicast+0x5aa/0x870
[ 1203.340722][T20500]  ? __pfx_netlink_unicast+0x10/0x10
[ 1203.340758][T20500]  netlink_sendmsg+0x8c8/0xdd0
[ 1203.340786][T20500]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1203.340821][T20500]  ____sys_sendmsg+0xa98/0xc70
[ 1203.340840][T20500]  ? copy_msghdr_from_user+0x10a/0x160
[ 1203.340863][T20500]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1203.340891][T20500]  ___sys_sendmsg+0x134/0x1d0
[ 1203.340914][T20500]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1203.340934][T20500]  ? __lock_acquire+0x622/0x1c90
[ 1203.340982][T20500]  __sys_sendmsg+0x16d/0x220
[ 1203.341006][T20500]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1203.341046][T20500]  do_syscall_64+0xcd/0xfa0
[ 1203.341065][T20500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1203.341082][T20500] RIP: 0033:0x7ff3f718f6c9
[ 1203.341098][T20500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1203.341113][T20500] RSP: 002b:00007ff3f803e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1203.341129][T20500] RAX: ffffffffffffffda RBX: 00007ff3f73e5fa0 RCX: 00007ff3f718f6c9
[ 1203.341139][T20500] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000007
[ 1203.341148][T20500] RBP: 00007ff3f803e090 R08: 0000000000000000 R09: 0000000000000000
[ 1203.341159][T20500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1203.341169][T20500] R13: 00007ff3f73e6038 R14: 00007ff3f73e5fa0 R15: 00007ffe6ead9358
[ 1203.341195][T20500]  </TASK>
[ 1203.362657][   T30] kauditd_printk_skb: 12 callbacks suppressed
[ 1203.362670][   T30] audit: type=1400 audit(1762836767.355:2008): avc:  denied  { read open } for  pid=20503 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1203.435345][ T5814] Bluetooth: hci0: Invalid handle: 0x2834 > 0x0eff
[ 1203.520376][   T30] audit: type=1400 audit(1762836767.445:2009): avc:  denied  { getattr } for  pid=20503 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1203.597991][   T10] usb 3-1: new high-speed USB device number 100 using dummy_hcd
[ 1203.902712][   T30] audit: type=1400 audit(1762836767.895:2010): avc:  denied  { add_name } for  pid=20496 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1203.981914][   T30] audit: type=1400 audit(1762836767.895:2011): avc:  denied  { create } for  pid=20496 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1204.048912][   T30] audit: type=1400 audit(1762836767.895:2012): avc:  denied  { write } for  pid=20496 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=12329 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1204.124215][   T10] usb 3-1: Using ep0 maxpacket: 16
[ 1204.156090][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1204.183469][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1204.220679][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1204.248633][T20465] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1204.256473][T20465] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1204.274806][T20465] bridge_slave_0: entered allmulticast mode
[ 1204.281901][   T30] audit: type=1400 audit(1762836767.895:2013): avc:  denied  { append } for  pid=20496 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=12329 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1204.306580][   T10] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[ 1204.306608][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1204.319010][T20465] bridge_slave_0: entered promiscuous mode
[ 1204.368479][   T10] usb 3-1: config 0 descriptor??
[ 1204.490277][   T30] audit: type=1400 audit(1762836768.265:2014): avc:  denied  { remove_name } for  pid=20530 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=12329 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1204.514912][T20527] tipc: Started in network mode
[ 1204.521892][T20527] tipc: Node identity ac1414aa, cluster identity 4711
[ 1204.537111][   T30] audit: type=1400 audit(1762836768.265:2015): avc:  denied  { unlink } for  pid=20530 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=12329 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1204.608924][T20527] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1204.617711][T20531] tipc: Enabled bearer <ib:wg1>, priority 0
[ 1204.650171][  T142] hsr_slave_0: left promiscuous mode
[ 1204.656151][  T142] hsr_slave_1: left promiscuous mode
[ 1204.668542][  T142] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1204.676528][  T142] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1204.684936][  T142] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1204.703364][ T5814] Bluetooth: hci2: command tx timeout
[ 1204.709617][  T142] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1204.818809][  T142] veth1_macvtap: left promiscuous mode
[ 1204.836271][  T142] veth0_macvtap: left promiscuous mode
[ 1204.842009][  T142] veth1_vlan: left promiscuous mode
[ 1204.847461][  T142] veth0_vlan: left promiscuous mode
[ 1204.937271][   T10] input: HID 0955:7214 Haptics as /devices/virtual/input/input44
[ 1205.083794][   T10] shield 0003:0955:7214.000D: Registered Thunderstrike controller
[ 1205.183760][   T10] shield 0003:0955:7214.000D: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[ 1205.306358][T15652] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1205.317759][T15652] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1205.336302][T15652] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[ 1205.349878][   T10] usb 3-1: USB disconnect, device number 100
[ 1205.418558][T15652] shield 0003:0955:7214.000D: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[ 1205.733247][T18118] tipc: Node number set to 2886997162
[ 1205.945609][   T30] audit: type=1400 audit(1762836769.945:2016): avc:  denied  { mounton } for  pid=20540 comm="syz.4.3667" path="/111/file0" dev="tmpfs" ino=598 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[ 1206.148392][   T30] audit: type=1400 audit(1762836770.035:2017): avc:  denied  { create } for  pid=20538 comm="syz.3.3666" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1206.217687][T20535] SELinux: failed to load policy
[ 1206.854779][T20535] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[ 1206.861380][T20535] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1206.871410][T20535] vhci_hcd vhci_hcd.0: Device attached
[ 1206.877101][ T5814] Bluetooth: hci2: command tx timeout
[ 1207.038800][T20554] FAULT_INJECTION: forcing a failure.
[ 1207.038800][T20554] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1207.058274][T20554] CPU: 0 UID: 0 PID: 20554 Comm: syz.3.3669 Not tainted syzkaller #0 PREEMPT(full) 
[ 1207.058300][T20554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1207.058311][T20554] Call Trace:
[ 1207.058317][T20554]  <TASK>
[ 1207.058324][T20554]  dump_stack_lvl+0x16c/0x1f0
[ 1207.058357][T20554]  should_fail_ex+0x512/0x640
[ 1207.058380][T20554]  copy_fpstate_to_sigframe+0x854/0xaf0
[ 1207.058407][T20554]  ? __pfx_copy_fpstate_to_sigframe+0x10/0x10
[ 1207.058428][T20554]  ? posixtimer_deliver_signal+0x105/0x6b0
[ 1207.058450][T20554]  ? posixtimer_deliver_signal+0x1c7/0x6b0
[ 1207.058466][T20554]  ? x86_task_fpu+0x5f/0x90
[ 1207.058485][T20554]  get_sigframe+0x4a8/0x9c0
[ 1207.058500][T20554]  ? __pfx_get_sigframe+0x10/0x10
[ 1207.058514][T20554]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1207.058530][T20554]  ? siginfo_layout+0x177/0x290
[ 1207.058544][T20554]  x64_setup_rt_frame+0x12e/0xcf0
[ 1207.058560][T20554]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1207.058577][T20554]  arch_do_signal_or_restart+0x5e4/0x7c0
[ 1207.058590][T20554]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1207.058606][T20554]  ? ksys_write+0x1ac/0x250
[ 1207.058617][T20554]  ? __pfx_ksys_write+0x10/0x10
[ 1207.058629][T20554]  exit_to_user_mode_loop+0x85/0x130
[ 1207.058642][T20554]  do_syscall_64+0x426/0xfa0
[ 1207.058653][T20554]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1207.058672][T20554] RIP: 0033:0x7f9502b8e17f
[ 1207.058682][T20554] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1207.058693][T20554] RSP: 002b:00007f9500df6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1207.058703][T20554] RAX: 0000000000000001 RBX: 0000000000000005 RCX: 00007f9502b8e17f
[ 1207.058710][T20554] RDX: 0000000000000001 RSI: 00007f9500df6090 RDI: 0000000000000005
[ 1207.058716][T20554] RBP: 00007f9500df6090 R08: 0000000000000000 R09: 00007f9500df5df7
[ 1207.058722][T20554] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1207.058728][T20554] R13: 00007f9502de6038 R14: 00007f9502de5fa0 R15: 00007ffee206eff8
[ 1207.058742][T20554]  </TASK>
[ 1207.273264][   T10] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1207.273329][T18118] usb 33-1: new high-speed USB device number 2 using vhci_hcd
[ 1207.397081][  T142] team0 (unregistering): Port device team_slave_1 removed
[ 1207.430231][  T142] team0 (unregistering): Port device team_slave_0 removed
[ 1207.449768][   T10] usb 1-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[ 1207.459142][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1207.469920][   T10] usb 1-1: Product: syz
[ 1207.474162][   T10] usb 1-1: Manufacturer: syz
[ 1207.478770][   T10] usb 1-1: SerialNumber: syz
[ 1207.486270][   T10] usb 1-1: config 0 descriptor??
[ 1207.727440][   T10] mos7840 1-1:0.0: required endpoints missing
[ 1207.734836][T20550] vhci_hcd: connection reset by peer
[ 1207.742000][T18522] vhci_hcd: stop threads
[ 1207.743440][   T10] usb 1-1: USB disconnect, device number 100
[ 1207.763452][T18522] vhci_hcd: release socket
[ 1207.772257][T18522] vhci_hcd: disconnect device
[ 1207.855615][T20465] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1207.862863][T20465] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1207.870348][T20465] bridge_slave_1: entered allmulticast mode
[ 1207.877116][T20465] bridge_slave_1: entered promiscuous mode
[ 1207.964733][T20465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1207.999007][T20465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1208.035999][T20465] team0: Port device team_slave_0 added
[ 1208.046048][T20465] team0: Port device team_slave_1 added
[ 1208.152865][T20465] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1208.188746][T20465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1208.226899][T20465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1208.242293][T20465] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1208.251341][T20465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1208.329236][T20465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1208.412474][T20465] hsr_slave_0: entered promiscuous mode
[ 1208.422178][T20465] hsr_slave_1: entered promiscuous mode
[ 1208.452430][T20465] debugfs: 'hsr0' already exists in 'hsr'
[ 1208.458326][T20465] Cannot create hsr debugfs directory
[ 1208.954135][ T5814] Bluetooth: hci2: command tx timeout
[ 1209.918068][T20465] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1209.950688][T20465] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1209.960369][T20465] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1209.972339][T20465] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1210.842020][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1210.842036][   T30] audit: type=1400 audit(1762836774.835:2022): avc:  denied  { append } for  pid=20624 comm="syz.2.3681" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[ 1210.853483][T20465] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1210.880475][   T30] audit: type=1400 audit(1762836774.875:2023): avc:  denied  { write } for  pid=20624 comm="syz.2.3681" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[ 1210.903199][   T30] audit: type=1400 audit(1762836774.895:2024): avc:  denied  { create } for  pid=20624 comm="syz.2.3681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1211.196611][   T30] audit: type=1400 audit(1762836774.935:2025): avc:  denied  { write } for  pid=20624 comm="syz.2.3681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1211.217512][   T30] audit: type=1400 audit(1762836774.935:2026): avc:  denied  { ioctl } for  pid=20624 comm="syz.2.3681" path="socket:[74690]" dev="sockfs" ino=74690 ioctlcmd=0x662c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1211.248387][   T30] audit: type=1400 audit(1762836774.935:2027): avc:  denied  { getopt } for  pid=20624 comm="syz.2.3681" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1212.403563][   T30] audit: type=1400 audit(1762836776.365:2028): avc:  denied  { shutdown } for  pid=20641 comm="syz.4.3684" laddr=::1 lport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1212.508422][T18118] vhci_hcd: vhci_device speed not set
[ 1212.577143][T20465] 8021q: adding VLAN 0 to HW filter on device team0
[ 1212.734903][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1212.742043][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1212.782859][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1212.789986][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1212.837969][T20658] FAULT_INJECTION: forcing a failure.
[ 1212.837969][T20658] name failslab, interval 1, probability 0, space 0, times 0
[ 1212.882309][T20658] CPU: 1 UID: 0 PID: 20658 Comm: syz.4.3687 Not tainted syzkaller #0 PREEMPT(full) 
[ 1212.882334][T20658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1212.882346][T20658] Call Trace:
[ 1212.882352][T20658]  <TASK>
[ 1212.882358][T20658]  dump_stack_lvl+0x16c/0x1f0
[ 1212.882401][T20658]  should_fail_ex+0x512/0x640
[ 1212.882421][T20658]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[ 1212.882450][T20658]  should_failslab+0xc2/0x120
[ 1212.882471][T20658]  kmem_cache_alloc_node_noprof+0x78/0x770
[ 1212.882496][T20658]  ? __alloc_skb+0x2b2/0x380
[ 1212.882522][T20658]  ? __alloc_skb+0x2b2/0x380
[ 1212.882540][T20658]  __alloc_skb+0x2b2/0x380
[ 1212.882561][T20658]  ? __pfx___alloc_skb+0x10/0x10
[ 1212.882580][T20658]  ? __pfx__copy_from_iter+0x10/0x10
[ 1212.882605][T20658]  ? skb_page_frag_refill+0x11d/0x5c0
[ 1212.882635][T20658]  tcp_stream_alloc_skb+0x34/0x560
[ 1212.882657][T20658]  tcp_sendmsg_locked+0x12d9/0x42e0
[ 1212.882695][T20658]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1212.882717][T20658]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1212.882738][T20658]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1212.882763][T20658]  ? __local_bh_enable_ip+0xa4/0x120
[ 1212.882789][T20658]  tcp_sendmsg+0x2e/0x50
[ 1212.882806][T20658]  ? __pfx_tcp_sendmsg+0x10/0x10
[ 1212.882825][T20658]  inet_sendmsg+0xb9/0x140
[ 1212.882847][T20658]  __sys_sendto+0x43c/0x520
[ 1212.882868][T20658]  ? __pfx___sys_sendto+0x10/0x10
[ 1212.882909][T20658]  ? ksys_write+0x1ac/0x250
[ 1212.882925][T20658]  ? __pfx_ksys_write+0x10/0x10
[ 1212.882943][T20658]  __x64_sys_sendto+0xe0/0x1c0
[ 1212.882960][T20658]  ? do_syscall_64+0x91/0xfa0
[ 1212.882975][T20658]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1212.883002][T20658]  do_syscall_64+0xcd/0xfa0
[ 1212.883020][T20658]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1212.883037][T20658] RIP: 0033:0x7ff3f718f6c9
[ 1212.883051][T20658] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1212.883068][T20658] RSP: 002b:00007ff3f803e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1212.883086][T20658] RAX: ffffffffffffffda RBX: 00007ff3f73e5fa0 RCX: 00007ff3f718f6c9
[ 1212.883097][T20658] RDX: 0000000000000381 RSI: 00002000000004c0 RDI: 0000000000000003
[ 1212.883108][T20658] RBP: 00007ff3f803e090 R08: 0000000000000000 R09: 0000000000000000
[ 1212.883118][T20658] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001
[ 1212.883128][T20658] R13: 00007ff3f73e6038 R14: 00007ff3f73e5fa0 R15: 00007ffe6ead9358
[ 1212.883153][T20658]  </TASK>
[ 1213.843313][   T30] audit: type=1400 audit(1762836777.835:2029): avc:  denied  { read write } for  pid=20673 comm="syz.4.3689" name="uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1213.897667][   T30] audit: type=1400 audit(1762836777.835:2030): avc:  denied  { append } for  pid=20678 comm="syz.2.3692" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[ 1214.893989][T20691] validate_nla: 42 callbacks suppressed
[ 1214.894007][T20691] netlink: 'syz.4.3689': attribute type 10 has an invalid length.
[ 1214.970397][   T30] audit: type=1400 audit(1762836777.835:2031): avc:  denied  { open } for  pid=20673 comm="syz.4.3689" path="/dev/uinput" dev="devtmpfs" ino=920 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1215.058042][T20465] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1215.144543][T20691] veth0_vlan: left promiscuous mode
[ 1215.151472][T20691] veth0_vlan: entered promiscuous mode
[ 1215.178447][T20691] team0: Device veth0_vlan failed to register rx_handler
[ 1215.453237][T17633] usb 5-1: new high-speed USB device number 98 using dummy_hcd
[ 1216.243630][T17633] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1216.255167][T17633] usb 5-1: config 0 has no interfaces?
[ 1216.260636][T17633] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[ 1216.273677][T17633] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.331011][T17633] usb 5-1: config 0 descriptor??
[ 1217.293298][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1217.293314][   T30] audit: type=1400 audit(1762836781.285:2033): avc:  denied  { write } for  pid=20737 comm="syz.2.3698" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1217.527877][   T30] audit: type=1400 audit(1762836781.285:2034): avc:  denied  { open } for  pid=20737 comm="syz.2.3698" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1217.572656][   T30] audit: type=1400 audit(1762836781.285:2035): avc:  denied  { ioctl } for  pid=20737 comm="syz.2.3698" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x7438 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[ 1217.611544][T20465] veth0_vlan: entered promiscuous mode
[ 1217.627728][T20465] veth1_vlan: entered promiscuous mode
[ 1217.656452][T20465] veth0_macvtap: entered promiscuous mode
[ 1217.665871][T20465] veth1_macvtap: entered promiscuous mode
[ 1217.721776][T20465] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1217.849842][T20465] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1217.913991][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.923537][ T6787] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.942565][ T6787] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.003732][ T6787] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1218.349037][T17633] usb 5-1: string descriptor 0 read error: -71
[ 1218.403767][T18522] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.438540][T17633] usb 5-1: USB disconnect, device number 98
[ 1218.463947][T18522] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.675382][   T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.725627][   T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.755898][   T30] audit: type=1400 audit(1762836782.755:2036): avc:  denied  { mounton } for  pid=20465 comm="syz-executor" path="/root/syzkaller.1gvlbi/syz-tmp" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[ 1218.799179][T20765] netlink: 'syz.0.3703': attribute type 10 has an invalid length.
[ 1218.846542][   T30] audit: type=1400 audit(1762836782.785:2037): avc:  denied  { mounton } for  pid=20465 comm="syz-executor" path="/root/syzkaller.1gvlbi/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1218.869086][T20769] netlink: 'syz.0.3703': attribute type 10 has an invalid length.
[ 1218.926093][T20769] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3703'.
[ 1218.956545][T20769] batadv0: entered promiscuous mode
[ 1218.966278][   T30] audit: type=1400 audit(1762836782.785:2038): avc:  denied  { mounton } for  pid=20465 comm="syz-executor" path="/root/syzkaller.1gvlbi/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=76169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[ 1218.994081][T20769] batadv0: entered allmulticast mode
[ 1219.005101][T20769] bridge0: port 3(batadv0) entered blocking state
[ 1219.044881][T20769] bridge0: port 3(batadv0) entered disabled state
[ 1219.073425][   T30] audit: type=1400 audit(1762836782.815:2039): avc:  denied  { mounton } for  pid=20465 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[ 1219.177351][T20769] bridge0: port 3(batadv0) entered blocking state
[ 1219.183960][T20769] bridge0: port 3(batadv0) entered forwarding state
[ 1219.203642][   T30] audit: type=1400 audit(1762836782.815:2040): avc:  denied  { mount } for  pid=20465 comm="syz-executor" name="/" dev="gadgetfs" ino=7311 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[ 1219.319595][   T30] audit: type=1400 audit(1762836782.815:2041): avc:  denied  { mount } for  pid=20465 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1219.396812][T20765] bridge0: port 3(batadv0) entered disabled state
[ 1219.418242][T20765] batadv0: left allmulticast mode
[ 1219.478624][T20765] batadv0: left promiscuous mode
[ 1219.518953][T20765] bridge0: port 3(batadv0) entered disabled state
[ 1219.520142][T20769] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1219.590801][T20765] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1219.652383][   T30] audit: type=1400 audit(1762836783.645:2042): avc:  denied  { getopt } for  pid=20780 comm="syz.4.3707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[ 1219.722037][T20783] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1219.733919][ T5182] udevd[5182]: worker [19941] terminated by signal 33 (Unknown signal 33)
[ 1219.744419][T20765] bond0: (slave batadv0): Enslaving as an active interface with an up link
[ 1219.752329][ T5182] udevd[5182]: worker [19941] failed while handling '/devices/virtual/block/md_d1'
[ 1220.176705][T20795] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3709'.
[ 1220.239875][T20797] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3709'.
[ 1221.654098][ T5866] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1221.843241][T17633] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1221.893840][ T5866] usb 4-1: Using ep0 maxpacket: 8
[ 1221.977920][ T5866] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1221.993227][T17633] usb 1-1: Using ep0 maxpacket: 32
[ 1222.020942][T17633] usb 1-1: config 0 has an invalid interface number: 85 but max is 0
[ 1222.029334][ T5866] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1222.030777][T17633] usb 1-1: config 0 has no interface number 0
[ 1222.057548][ T5866] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1222.111072][ T5866] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1222.141351][T17633] usb 1-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1222.219861][T17633] usb 1-1: config 0 interface 85 has no altsetting 0
[ 1222.226763][ T5866] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1222.245426][ T5866] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1222.255622][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1222.301291][T17633] usb 1-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[ 1222.336950][T17633] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1222.366340][T17633] usb 1-1: Product: syz
[ 1222.433987][T17633] usb 1-1: Manufacturer: syz
[ 1222.481723][T17633] usb 1-1: SerialNumber: syz
[ 1222.749134][ T5866] usb 4-1: usb_control_msg returned -32
[ 1222.762936][ T5866] usbtmc 4-1:16.0: can't read capabilities
[ 1222.777872][T17633] usb 1-1: config 0 descriptor??
[ 1223.108700][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1223.108728][   T30] audit: type=1400 audit(1762836787.105:2044): avc:  denied  { write } for  pid=20812 comm="syz.3.3714" name="usbtmc0" dev="devtmpfs" ino=4228 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[ 1223.112016][T20839] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3714'.
[ 1223.191519][T20839] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3714'.
[ 1223.230305][T20841] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3714'.
[ 1223.299538][T20841] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3714'.
[ 1223.403640][T17633] appletouch 1-1:0.85: Geyser mode initialized.
[ 1223.412690][T17633] input: appletouch as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.85/input/input45
[ 1223.611739][T20819] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20819 comm=syz.0.3715
[ 1223.765796][   T30] audit: type=1400 audit(1762836787.765:2045): avc:  denied  { setopt } for  pid=20817 comm="syz.0.3715" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1224.083037][T20819] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1224.095055][T18118] usb 1-1: USB disconnect, device number 101
[ 1224.407042][T18118] appletouch 1-1:0.85: input: appletouch disconnected
[ 1224.592498][T20853] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3722'.
[ 1224.653991][T20853] openvswitch: netlink: Flow actions attr not present in new flow.
[ 1224.657854][T20855] vlan2: entered allmulticast mode
[ 1224.668848][   T30] audit: type=1400 audit(1762836788.665:2046): avc:  denied  { create } for  pid=20854 comm="syz.5.3723" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1224.704874][T20855] macvtap0: entered allmulticast mode
[ 1224.711329][T20855] veth0_macvtap: entered allmulticast mode
[ 1224.718806][   T30] audit: type=1400 audit(1762836788.685:2047): avc:  denied  { write } for  pid=20854 comm="syz.5.3723" path="socket:[76993]" dev="sockfs" ino=76993 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1224.808272][T20856] : entered promiscuous mode
[ 1225.093264][T18118] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1225.246612][T18118] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1225.261359][T18118] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1225.328748][T18118] usb 1-1: config 0 descriptor??
[ 1225.356000][T11814] usb 4-1: USB disconnect, device number 103
[ 1225.821680][T18118] cp210x 1-1:0.0: cp210x converter detected
[ 1225.923224][   T10] usb 5-1: new high-speed USB device number 99 using dummy_hcd
[ 1226.012868][T20878] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3729'.
[ 1226.083565][T18118] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[ 1226.203257][   T10] usb 5-1: device descriptor read/64, error -71
[ 1226.306429][T18118] usb 1-1: cp210x converter now attached to ttyUSB0
[ 1226.704231][   T10] usb 5-1: new high-speed USB device number 100 using dummy_hcd
[ 1226.839654][T18118] usb 1-1: USB disconnect, device number 102
[ 1226.850235][T18118] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1226.900244][   T10] usb 5-1: device descriptor read/64, error -71
[ 1227.060732][T18118] cp210x 1-1:0.0: device disconnected
[ 1227.143625][   T10] usb usb5-port1: attempt power cycle
[ 1227.713206][   T10] usb 5-1: new high-speed USB device number 101 using dummy_hcd
[ 1227.778275][   T10] usb 5-1: device descriptor read/8, error -71
[ 1227.876936][   T30] audit: type=1400 audit(1762836791.875:2048): avc:  denied  { read } for  pid=20890 comm="syz.2.3734" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1228.055227][   T10] usb 5-1: new high-speed USB device number 102 using dummy_hcd
[ 1228.195705][   T10] usb 5-1: device descriptor read/8, error -71
[ 1228.341787][   T10] usb usb5-port1: unable to enumerate USB device
[ 1228.823257][   T30] audit: type=1400 audit(1762836792.815:2049): avc:  denied  { create } for  pid=20901 comm="syz.4.3737" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 1228.933259][T17633] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1228.999301][   T30] audit: type=1400 audit(1762836792.815:2050): avc:  denied  { sys_admin } for  pid=20901 comm="syz.4.3737" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 1229.123415][T17633] usb 4-1: Using ep0 maxpacket: 16
[ 1229.154626][T17633] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1229.189357][T17633] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1229.223276][T17633] usb 4-1: New USB device found, idVendor=17ef, idProduct=7309, bcdDevice= 0.00
[ 1229.261528][T17633] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1229.296849][T17633] usb 4-1: config 0 descriptor??
[ 1229.311470][T17633] hub 4-1:0.0: USB hub found
[ 1229.515214][T17633] hub 4-1:0.0: 9 ports detected
[ 1229.524356][T17633] hub 4-1:0.0: insufficient power available to use all downstream ports
[ 1229.599337][   T30] audit: type=1400 audit(1762836793.595:2051): avc:  denied  { ioctl } for  pid=20906 comm="syz.0.3738" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1229.629497][T20908] binder: BINDER_SET_CONTEXT_MGR already set
[ 1229.643406][T20908] binder: 20906:20908 ioctl 4018620d 2000000000c0 returned -16
[ 1229.692555][   T30] audit: type=1400 audit(1762836793.595:2052): avc:  denied  { set_context_mgr } for  pid=20906 comm="syz.0.3738" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1229.717814][T20900] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1229.729062][T20900] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1229.756222][T17633] hub 4-1:0.0: hub_hub_status failed (err = -71)
[ 1229.771056][T17633] hub 4-1:0.0: config failed, can't get hub status (err -71)
[ 1229.838136][   T30] audit: type=1400 audit(1762836793.835:2053): avc:  denied  { write } for  pid=20913 comm="syz.0.3741" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1229.848861][T17633] usb 4-1: USB disconnect, device number 104
[ 1230.030128][   T30] audit: type=1400 audit(1762836793.835:2054): avc:  denied  { open } for  pid=20913 comm="syz.0.3741" path="/dev/sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1230.147969][   T30] audit: type=1400 audit(1762836794.135:2055): avc:  denied  { ioctl } for  pid=20913 comm="syz.0.3741" path="/dev/sg0" dev="devtmpfs" ino=768 ioctlcmd=0x2285 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1230.476257][T20915] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3740'.
[ 1230.534532][T20915] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3740'.
[ 1232.253204][T18118] usb 1-1: new full-speed USB device number 103 using dummy_hcd
[ 1232.345081][ T5814] Bluetooth: hci5: Invalid handle: 0x2834 > 0x0eff
[ 1232.427476][T18118] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDF, changing to 0x8F
[ 1232.458176][T18118] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1232.584742][T11814] usb 5-1: new high-speed USB device number 103 using dummy_hcd
[ 1232.609330][T18118] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1233.055849][T18118] usb 1-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[ 1233.067082][T18118] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1233.084580][T18118] usb 1-1: Product: syz
[ 1233.093935][T18118] usb 1-1: Manufacturer: syz
[ 1233.098792][T18118] usb 1-1: SerialNumber: syz
[ 1233.112417][T18118] usb 1-1: config 0 descriptor??
[ 1233.133294][T11814] usb 5-1: Using ep0 maxpacket: 32
[ 1233.145997][T11814] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1233.171018][T11814] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1233.193540][T11814] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00
[ 1233.219554][T11814] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1233.248415][T11814] usb 5-1: config 0 descriptor??
[ 1234.961214][T20979] netlink: 156 bytes leftover after parsing attributes in process `syz.2.3760'.
[ 1234.976735][T20979] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3760'.
[ 1235.200079][T18118] powermate: Expected payload of 3--6 bytes, found 0 bytes!
[ 1235.209366][T18118] powermate 1-1:0.0: probe with driver powermate failed with error -5
[ 1235.295438][T18118] usb 1-1: USB disconnect, device number 103
[ 1235.727610][T11814] usbhid 5-1:0.0: can't add hid device: -71
[ 1235.735415][T11814] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1235.746494][T11814] usb 5-1: USB disconnect, device number 103
[ 1235.790513][T20982] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1235.811983][ T6787] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1235.871967][T20984] syzkaller0: entered promiscuous mode
[ 1235.877533][T20984] syzkaller0: entered allmulticast mode
[ 1237.809976][T20999] loop7: detected capacity change from 0 to 7
[ 1237.820156][T20999] buffer_io_error: 14 callbacks suppressed
[ 1237.820166][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1237.836186][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1237.932482][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1237.963204][   T30] audit: type=1400 audit(1762836801.795:2056): avc:  denied  { write } for  pid=20998 comm="syz.2.3767" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1238.010435][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1238.041205][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1238.064369][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1238.072445][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1238.082085][T20999] ldm_validate_partition_table(): Disk read failed.
[ 1238.722314][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.950409][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.961174][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1239.038384][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1239.046812][T20999] Buffer I/O error on dev loop7, logical block 0, async page read
[ 1239.057565][T20999] Dev loop7: unable to read RDB block 0
[ 1239.663382][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1239.919596][T21010] [U] 
[ 1240.237664][T20999]  loop7: unable to read partition table
[ 1240.326247][T20999] loop7: partition table beyond EOD, truncated
[ 1240.335383][T20999] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[ 1240.520888][T21016] vlan2: entered promiscuous mode
[ 1240.526048][T21016] bridge0: entered promiscuous mode
[ 1240.531325][T21016] vlan2: entered allmulticast mode
[ 1240.536475][T21016] bridge0: entered allmulticast mode
[ 1240.623300][ T5886] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[ 1240.641501][T21030] netlink: 'syz.4.3777': attribute type 1 has an invalid length.
[ 1240.714077][T21030] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1240.731132][T21030] bond1: (slave batadv0): making interface the new active one
[ 1240.740978][T21030] bond1: (slave batadv0): Enslaving as an active interface with an up link
[ 1240.782611][T21030] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3777'.
[ 1240.794963][ T5886] usb 6-1: Using ep0 maxpacket: 32
[ 1240.796999][T21030] bond1 (unregistering): (slave batadv0): Releasing active interface
[ 1240.835452][T21030] bond1 (unregistering): Released all slaves
[ 1241.011714][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[ 1241.025551][ T5886] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1241.036991][ T5886] usb 6-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00
[ 1241.046571][ T5886] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1241.077836][ T5886] usb 6-1: config 0 descriptor??
[ 1241.243267][T17633] usb 4-1: new low-speed USB device number 105 using dummy_hcd
[ 1241.396846][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1241.404442][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1241.438853][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1241.473310][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1241.593216][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1242.312921][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1242.322301][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1242.394562][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1242.407871][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1242.774457][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1242.788562][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1242.811085][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1242.917783][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1243.046866][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1243.100303][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1243.258422][T17633] usb 4-1: string descriptor 0 read error: -22
[ 1243.282148][T17633] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1243.425990][ T5886] usbhid 6-1:0.0: can't add hid device: -71
[ 1243.454525][ T5886] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1243.928039][T17633] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1243.952910][T21053] [U] 
[ 1244.009759][ T5886] usb 6-1: USB disconnect, device number 2
[ 1244.136171][T17633] usb 4-1: can't set config #168, error -71
[ 1244.243725][T17633] usb 4-1: USB disconnect, device number 105
[ 1244.763243][T17633] usb 4-1: new low-speed USB device number 106 using dummy_hcd
[ 1244.934723][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1244.942269][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1245.027766][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1245.063372][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1245.100379][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1245.120952][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1245.136960][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1245.187332][   T10] usb 1-1: new full-speed USB device number 104 using dummy_hcd
[ 1245.198155][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1245.224325][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1245.249218][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1245.272240][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1245.291806][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1245.316525][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1245.354261][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1245.371343][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1245.464019][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[ 1245.483671][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1245.494906][   T10] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00
[ 1245.513470][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1245.524921][T17633] usb 4-1: string descriptor 0 read error: -22
[ 1245.531169][T17633] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1245.543828][   T10] usb 1-1: config 0 descriptor??
[ 1245.552594][T17633] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1246.047357][T17633] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1246.210365][   T30] audit: type=1400 audit(1762836810.205:2057): avc:  denied  { ioctl } for  pid=21075 comm="syz.0.3791" path="socket:[78550]" dev="sockfs" ino=78550 ioctlcmd=0x5411 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1246.463264][T17633] usb 4-1: USB disconnect, device number 106
[ 1246.493589][   T30] audit: type=1400 audit(1762836810.485:2058): avc:  denied  { write } for  pid=21090 comm="syz.4.3797" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1246.501655][   T10] usbhid 1-1:0.0: can't add hid device: -71
[ 1246.519881][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1246.536296][   T10] usb 1-1: USB disconnect, device number 104
[ 1246.913380][T15652] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1247.343274][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1247.559451][T21095] [U] 
[ 1247.744101][T15652] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1247.750880][T21101] FAULT_INJECTION: forcing a failure.
[ 1247.750880][T21101] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1247.763223][T15652] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1247.802233][T15652] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1247.812690][T21101] CPU: 0 UID: 0 PID: 21101 Comm: syz.4.3802 Not tainted syzkaller #0 PREEMPT(full) 
[ 1247.812714][T21101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1247.812724][T21101] Call Trace:
[ 1247.812730][T21101]  <TASK>
[ 1247.812737][T21101]  dump_stack_lvl+0x16c/0x1f0
[ 1247.812768][T21101]  should_fail_ex+0x512/0x640
[ 1247.812792][T21101]  _copy_to_user+0x32/0xd0
[ 1247.812815][T21101]  copy_siginfo_to_user+0x27/0xc0
[ 1247.812840][T21101]  x64_setup_rt_frame+0x811/0xcf0
[ 1247.812868][T21101]  ? __pfx_x64_setup_rt_frame+0x10/0x10
[ 1247.812889][T21101]  ? __lock_acquire+0xb8a/0x1c90
[ 1247.812912][T21101]  arch_do_signal_or_restart+0x5e4/0x7c0
[ 1247.812934][T21101]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1247.812961][T21101]  ? __might_fault+0x13b/0x190
[ 1247.812992][T21101]  exit_to_user_mode_loop+0x85/0x130
[ 1247.813013][T21101]  do_syscall_64+0x426/0xfa0
[ 1247.813032][T21101]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1247.813049][T21101] RIP: 0033:0x7ff3f718f6c7
[ 1247.813062][T21101] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1247.813078][T21101] RSP: 002b:00007ff3f803e038 EFLAGS: 00000246
[ 1247.813093][T21101] RAX: 0000000000000127 RBX: 00007ff3f73e5fa0 RCX: 00007ff3f718f6c9
[ 1247.813104][T21101] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000004
[ 1247.813117][T21101] RBP: 00007ff3f803e090 R08: 0000000000000000 R09: 0000000000000000
[ 1247.813126][T21101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1247.813135][T21101] R13: 00007ff3f73e6038 R14: 00007ff3f73e5fa0 R15: 00007ffe6ead9358
[ 1247.813158][T21101]  </TASK>
[ 1248.001568][T15652] usb 3-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1248.026184][T15652] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1248.035335][T15652] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1248.043498][T15652] usb 3-1: Product: syz
[ 1248.047652][T15652] usb 3-1: Manufacturer: syz
[ 1248.052223][T15652] usb 3-1: SerialNumber: syz
[ 1249.231314][T21126] FAULT_INJECTION: forcing a failure.
[ 1249.231314][T21126] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1249.244822][T21126] CPU: 1 UID: 0 PID: 21126 Comm: syz.3.3809 Not tainted syzkaller #0 PREEMPT(full) 
[ 1249.244846][T21126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1249.244856][T21126] Call Trace:
[ 1249.244863][T21126]  <TASK>
[ 1249.244870][T21126]  dump_stack_lvl+0x16c/0x1f0
[ 1249.244903][T21126]  should_fail_ex+0x512/0x640
[ 1249.244928][T21126]  _copy_to_user+0x32/0xd0
[ 1249.244952][T21126]  simple_read_from_buffer+0xcb/0x170
[ 1249.244981][T21126]  proc_fail_nth_read+0x197/0x240
[ 1249.245004][T21126]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1249.245026][T21126]  ? rw_verify_area+0xcf/0x6c0
[ 1249.245051][T21126]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1249.245070][T21126]  vfs_read+0x1e4/0xcf0
[ 1249.245095][T21126]  ? __pfx___mutex_lock+0x10/0x10
[ 1249.245113][T21126]  ? __pfx_vfs_read+0x10/0x10
[ 1249.245137][T21126]  ? __fget_files+0x20e/0x3c0
[ 1249.245162][T21126]  ksys_read+0x12a/0x250
[ 1249.245178][T21126]  ? __pfx_ksys_read+0x10/0x10
[ 1249.245202][T21126]  do_syscall_64+0xcd/0xfa0
[ 1249.245219][T21126]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1249.245236][T21126] RIP: 0033:0x7f9502b8e0dc
[ 1249.245250][T21126] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1249.245266][T21126] RSP: 002b:00007f9500df6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1249.245283][T21126] RAX: ffffffffffffffda RBX: 00007f9502de5fa0 RCX: 00007f9502b8e0dc
[ 1249.245295][T21126] RDX: 000000000000000f RSI: 00007f9500df60a0 RDI: 0000000000000003
[ 1249.245305][T21126] RBP: 00007f9500df6090 R08: 0000000000000000 R09: 0000000000000000
[ 1249.245315][T21126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1249.245326][T21126] R13: 00007f9502de6038 R14: 00007f9502de5fa0 R15: 00007ffee206eff8
[ 1249.245349][T21126]  </TASK>
[ 1249.380238][T15652] cdc_ncm 3-1:1.0: failed GET_NTB_PARAMETERS
[ 1249.388677][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1249.606861][T15652] cdc_ncm 3-1:1.0: bind() failure
[ 1249.630750][T15652] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found
[ 1249.673532][T15652] cdc_ncm 3-1:1.1: bind() failure
[ 1249.713569][T15652] usb 3-1: USB disconnect, device number 101
[ 1250.308853][ T5814] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1250.813264][T15652] usb 6-1: new low-speed USB device number 3 using dummy_hcd
[ 1250.976788][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1250.995134][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1251.017533][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1251.041722][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1251.093262][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1251.115563][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1251.122988][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1251.173629][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1251.202309][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1251.243208][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1251.276398][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1251.297063][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1251.325507][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1251.353486][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1251.403509][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1251.436477][T15652] usb 6-1: string descriptor 0 read error: -22
[ 1251.447030][T15652] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1251.461829][T15652] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1251.490307][T15652] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1251.797650][T18115] usb 6-1: USB disconnect, device number 3
[ 1252.326187][T21159] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1253.330636][T21162] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3817'.
[ 1253.967699][   T30] audit: type=1400 audit(1762836817.965:2059): avc:  denied  { connect } for  pid=21164 comm="syz.5.3821" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1257.013403][T15652] usb 1-1: new low-speed USB device number 105 using dummy_hcd
[ 1257.165133][T15652] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.172703][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.183780][T15652] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.258344][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.273258][T18115] usb 4-1: new low-speed USB device number 107 using dummy_hcd
[ 1257.341488][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.417344][T21206] input: syz1 as /devices/virtual/input/input47
[ 1257.433834][T15652] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.441417][   T30] audit: type=1400 audit(1762836821.405:2060): avc:  denied  { ioctl } for  pid=21205 comm="syz.4.3831" path="/dev/uinput" dev="devtmpfs" ino=920 ioctlcmd=0x5504 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[ 1257.473189][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.484145][T17633] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[ 1257.499221][T18115] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.513422][T15652] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.514138][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.534730][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.567961][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.589099][T18115] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.622642][T15652] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.630266][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.631718][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.646547][T17633] usb 6-1: device descriptor read/64, error -71
[ 1257.673177][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.679290][T15652] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.694041][T18115] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.703619][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.706199][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.737705][T15652] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.748995][T18115] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.749025][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.749047][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.785043][T18115] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1257.792700][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1257.809958][T18115] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1257.822736][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1257.824370][T15652] usb 1-1: string descriptor 0 read error: -22
[ 1257.845843][T15652] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1257.848467][T18115] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1257.855416][T15652] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1257.884928][T18115] usb 4-1: string descriptor 0 read error: -22
[ 1257.891451][T18115] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1257.900625][T11814] usb 5-1: new low-speed USB device number 104 using dummy_hcd
[ 1257.908903][T15652] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1257.917492][T17633] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[ 1257.920714][T18115] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1257.950277][T18115] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux1
[ 1258.065618][T17633] usb 6-1: device descriptor read/64, error -71
[ 1258.084600][T11814] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1258.098482][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1258.110275][T11814] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1258.126987][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1258.139384][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1258.177238][T17633] usb usb6-port1: attempt power cycle
[ 1258.414703][ T5886] usb 4-1: USB disconnect, device number 107
[ 1258.487967][T18118] usb 1-1: USB disconnect, device number 105
[ 1258.517444][T11814] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1258.533323][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1258.554311][T11814] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1258.569595][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1258.581022][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1258.595106][T11814] usb 5-1: config 168 descriptor has 1 excess byte, ignoring
[ 1258.602648][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1258.614872][T11814] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1258.628591][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1258.639823][T11814] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1258.719257][T11814] usb 5-1: string descriptor 0 read error: -22
[ 1258.792357][T17633] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[ 1258.812826][T11814] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1258.828142][T17633] usb 6-1: device descriptor read/8, error -71
[ 1258.847043][T11814] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1258.922850][T11814] adutux 5-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1259.083208][T17633] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[ 1259.105654][T17633] usb 6-1: device descriptor read/8, error -71
[ 1259.214554][T17633] usb usb6-port1: unable to enumerate USB device
[ 1259.237628][T17633] usb 5-1: USB disconnect, device number 104
[ 1259.598121][   T30] audit: type=1400 audit(1762836823.595:2061): avc:  denied  { execute_no_trans } for  pid=21219 comm="syz.0.3834" path="/179/file2" dev="tmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1259.708569][   T30] audit: type=1400 audit(1762836823.615:2062): avc:  denied  { create } for  pid=21219 comm="syz.0.3834" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[ 1259.847995][   T30] audit: type=1400 audit(1762836823.845:2063): avc:  denied  { create } for  pid=21219 comm="syz.0.3834" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1261.324078][   T30] audit: type=1400 audit(1762836825.325:2064): avc:  denied  { unlink } for  pid=17082 comm="syz-executor" name="file0" dev="tmpfs" ino=946 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1261.346778][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1262.703294][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[ 1264.224959][T17633] usb 4-1: new low-speed USB device number 108 using dummy_hcd
[ 1264.612846][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1264.621312][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1264.655668][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1264.813840][T21272] FAULT_INJECTION: forcing a failure.
[ 1264.813840][T21272] name failslab, interval 1, probability 0, space 0, times 0
[ 1264.827045][T21272] CPU: 0 UID: 0 PID: 21272 Comm: syz.2.3847 Not tainted syzkaller #0 PREEMPT(full) 
[ 1264.827071][T21272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1264.827080][T21272] Call Trace:
[ 1264.827086][T21272]  <TASK>
[ 1264.827092][T21272]  dump_stack_lvl+0x16c/0x1f0
[ 1264.827123][T21272]  should_fail_ex+0x512/0x640
[ 1264.827140][T21272]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[ 1264.827160][T21272]  should_failslab+0xc2/0x120
[ 1264.827173][T21272]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[ 1264.827189][T21272]  ? __d_lookup+0x25c/0x4a0
[ 1264.827203][T21272]  ? __d_alloc+0x32/0xae0
[ 1264.827217][T21272]  ? __d_alloc+0x32/0xae0
[ 1264.827233][T21272]  __d_alloc+0x32/0xae0
[ 1264.827247][T21272]  d_alloc+0x4a/0x1e0
[ 1264.827259][T21272]  lookup_one_qstr_excl+0x175/0x250
[ 1264.827273][T21272]  ? mnt_want_write+0x161/0x450
[ 1264.827289][T21272]  filename_create+0x1e7/0x4a0
[ 1264.827299][T21272]  ? __pfx_filename_create+0x10/0x10
[ 1264.827311][T21272]  ? __might_fault+0xe3/0x190
[ 1264.827325][T21272]  ? __might_fault+0xe3/0x190
[ 1264.827339][T21272]  ? __might_fault+0x13b/0x190
[ 1264.827355][T21272]  do_mknodat+0x18a/0x5d0
[ 1264.827367][T21272]  ? __pfx_do_mknodat+0x10/0x10
[ 1264.827376][T21272]  ? getname_flags.part.0+0x1c5/0x550
[ 1264.827393][T21272]  __x64_sys_mknod+0x87/0xb0
[ 1264.827404][T21272]  do_syscall_64+0xcd/0xfa0
[ 1264.827416][T21272]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1264.827427][T21272] RIP: 0033:0x7fcc42f8f6c9
[ 1264.827437][T21272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1264.827448][T21272] RSP: 002b:00007fcc43d96038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085
[ 1264.827458][T21272] RAX: ffffffffffffffda RBX: 00007fcc431e6090 RCX: 00007fcc42f8f6c9
[ 1264.827465][T21272] RDX: 0000000000000705 RSI: 100000000000600d RDI: 0000200000000080
[ 1264.827471][T21272] RBP: 00007fcc43d96090 R08: 0000000000000000 R09: 0000000000000000
[ 1264.827477][T21272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1264.827484][T21272] R13: 00007fcc431e6128 R14: 00007fcc431e6090 R15: 00007ffeb9dee818
[ 1264.827498][T21272]  </TASK>
[ 1265.043535][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1265.294881][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1265.306092][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1265.324259][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1265.331675][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1265.342359][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1265.354576][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1265.365803][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1265.378291][T17633] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[ 1265.386178][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1265.397293][T17633] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1265.413270][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1265.428738][T17633] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1265.465993][T17633] usb 4-1: string descriptor 0 read error: -22
[ 1265.497359][T17633] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1265.507375][T17633] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1265.757570][T17633] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1266.247211][T17633] usb 4-1: USB disconnect, device number 108
[ 1267.446461][T11814] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1267.532967][T20142] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[ 1267.542935][T20142] CPU: 1 UID: 0 PID: 20142 Comm: kworker/u9:2 Not tainted syzkaller #0 PREEMPT(full) 
[ 1267.542962][T20142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1267.542975][T20142] Workqueue: hci0 hci_rx_work
[ 1267.543007][T20142] Call Trace:
[ 1267.543014][T20142]  <TASK>
[ 1267.543021][T20142]  dump_stack_lvl+0x16c/0x1f0
[ 1267.543053][T20142]  sysfs_warn_dup+0x7f/0xa0
[ 1267.543078][T20142]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1267.543104][T20142]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1267.543125][T20142]  ? find_held_lock+0x2b/0x80
[ 1267.543153][T20142]  ? do_raw_spin_unlock+0x172/0x230
[ 1267.543173][T20142]  kobject_add_internal+0x2c4/0x9b0
[ 1267.543198][T20142]  kobject_add+0x16e/0x240
[ 1267.543217][T20142]  ? __pfx_kobject_add+0x10/0x10
[ 1267.543238][T20142]  ? do_raw_spin_unlock+0x172/0x230
[ 1267.543275][T20142]  ? kobject_put+0xab/0x5a0
[ 1267.543299][T20142]  device_add+0x288/0x1aa0
[ 1267.543316][T20142]  ? __pfx_dev_set_name+0x10/0x10
[ 1267.543332][T20142]  ? __pfx_device_add+0x10/0x10
[ 1267.543345][T20142]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1267.543366][T20142]  hci_conn_add_sysfs+0x17e/0x230
[ 1267.543378][T20142]  le_conn_complete_evt+0x1260/0x2150
[ 1267.543396][T20142]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1267.543411][T20142]  ? hci_event_packet+0x459/0x11c0
[ 1267.543437][T20142]  hci_le_enh_conn_complete_evt+0x23d/0x380
[ 1267.543461][T20142]  ? skb_pull_data+0x166/0x210
[ 1267.543479][T20142]  hci_le_meta_evt+0x357/0x5e0
[ 1267.543495][T20142]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[ 1267.543512][T20142]  hci_event_packet+0x685/0x11c0
[ 1267.543526][T20142]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1267.543542][T20142]  ? __pfx_hci_event_packet+0x10/0x10
[ 1267.543558][T20142]  ? kcov_remote_start+0x3c9/0x6d0
[ 1267.543571][T20142]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1267.543590][T20142]  hci_rx_work+0x2c5/0x16b0
[ 1267.543606][T20142]  ? rcu_is_watching+0x12/0xc0
[ 1267.543622][T20142]  process_one_work+0x9cf/0x1b70
[ 1267.543640][T20142]  ? __pfx_process_one_work+0x10/0x10
[ 1267.543655][T20142]  ? assign_work+0x1a0/0x250
[ 1267.543667][T20142]  worker_thread+0x6c8/0xf10
[ 1267.543682][T20142]  ? __kthread_parkme+0x19e/0x250
[ 1267.543698][T20142]  ? __pfx_worker_thread+0x10/0x10
[ 1267.543708][T20142]  kthread+0x3c5/0x780
[ 1267.543719][T20142]  ? __pfx_kthread+0x10/0x10
[ 1267.543730][T20142]  ? rcu_is_watching+0x12/0xc0
[ 1267.543743][T20142]  ? __pfx_kthread+0x10/0x10
[ 1267.543753][T20142]  ret_from_fork+0x675/0x7d0
[ 1267.543763][T20142]  ? __pfx_kthread+0x10/0x10
[ 1267.543773][T20142]  ret_from_fork_asm+0x1a/0x30
[ 1267.543795][T20142]  </TASK>
[ 1267.791554][T20142] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1267.805597][T20142] Bluetooth: hci0: failed to register connection device
[ 1267.815302][T21309] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3855'.
[ 1267.827302][T11814] usb 3-1: Using ep0 maxpacket: 32
[ 1267.859025][T11814] usb 3-1: config index 0 descriptor too short (expected 164, got 36)
[ 1267.867619][T11814] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1267.878759][T11814] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1267.888514][T11814] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[ 1267.897828][T11814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.903406][T15652] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[ 1267.908094][T11814] usb 3-1: config 0 descriptor??
[ 1267.976464][T21311] netlink: 'syz.0.3857': attribute type 10 has an invalid length.
[ 1267.989058][T21311] netlink: 'syz.0.3857': attribute type 10 has an invalid length.
[ 1267.997763][T21311] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3857'.
[ 1268.024520][T21311] batadv0: entered promiscuous mode
[ 1268.029872][T21311] batadv0: entered allmulticast mode
[ 1268.128136][   T30] audit: type=1400 audit(1762836832.085:2065): avc:  denied  { kexec_image_load } for  pid=21312 comm="syz.4.3858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1268.143880][T21311] bond0: (slave batadv0): Releasing backup interface
[ 1268.160435][T21314] FAULT_INJECTION: forcing a failure.
[ 1268.160435][T21314] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1268.173838][T21314] CPU: 0 UID: 0 PID: 21314 Comm: syz.4.3858 Not tainted syzkaller #0 PREEMPT(full) 
[ 1268.173860][T21314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1268.173869][T21314] Call Trace:
[ 1268.173875][T21314]  <TASK>
[ 1268.173882][T21314]  dump_stack_lvl+0x16c/0x1f0
[ 1268.173917][T21314]  should_fail_ex+0x512/0x640
[ 1268.173940][T21314]  _copy_to_user+0x32/0xd0
[ 1268.173964][T21314]  simple_read_from_buffer+0xcb/0x170
[ 1268.173991][T21314]  proc_fail_nth_read+0x197/0x240
[ 1268.174010][T21314]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1268.174030][T21314]  ? rw_verify_area+0xcf/0x6c0
[ 1268.174052][T21314]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1268.174070][T21314]  vfs_read+0x1e4/0xcf0
[ 1268.174087][T21314]  ? __pfx___mutex_lock+0x10/0x10
[ 1268.174104][T21314]  ? __pfx_vfs_read+0x10/0x10
[ 1268.174123][T21314]  ? __fget_files+0x20e/0x3c0
[ 1268.174145][T21314]  ksys_read+0x12a/0x250
[ 1268.174160][T21314]  ? __pfx_ksys_read+0x10/0x10
[ 1268.174182][T21314]  do_syscall_64+0xcd/0xfa0
[ 1268.174207][T21314]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1268.174225][T21314] RIP: 0033:0x7ff3f718e0dc
[ 1268.174239][T21314] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1268.174254][T21314] RSP: 002b:00007ff3f801d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1268.174271][T21314] RAX: ffffffffffffffda RBX: 00007ff3f73e6090 RCX: 00007ff3f718e0dc
[ 1268.174282][T21314] RDX: 000000000000000f RSI: 00007ff3f801d0a0 RDI: 0000000000000004
[ 1268.174291][T21314] RBP: 00007ff3f801d090 R08: 0000000000000000 R09: 0000000000000000
[ 1268.174301][T21314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1268.174310][T21314] R13: 00007ff3f73e6128 R14: 00007ff3f73e6090 R15: 00007ffe6ead9358
[ 1268.174334][T21314]  </TASK>
[ 1268.538883][T21311] bridge0: port 3(batadv0) entered blocking state
[ 1268.578594][T11814] hid_parser_main: 61 callbacks suppressed
[ 1268.578616][T11814] logitech 0003:046D:C29C.000E: unknown main item tag 0x0
[ 1268.598404][T21311] bridge0: port 3(batadv0) entered disabled state
[ 1268.645351][T11814] logitech 0003:046D:C29C.000E: unknown main item tag 0x0
[ 1268.684655][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1268.691438][T11814] logitech 0003:046D:C29C.000E: unknown main item tag 0x0
[ 1268.692086][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1268.715488][T11814] logitech 0003:046D:C29C.000E: unknown main item tag 0x0
[ 1268.730580][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1268.734392][T11814] logitech 0003:046D:C29C.000E: unknown main item tag 0x0
[ 1268.750142][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1268.750176][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1268.903444][T11814] logitech 0003:046D:C29C.000E: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.2-1/input0
[ 1268.916088][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1268.930309][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1268.946798][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1269.055065][   T30] audit: type=1400 audit(1762836833.045:2066): avc:  denied  { read } for  pid=21318 comm="syz.3.3860" name="sg0" dev="devtmpfs" ino=768 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[ 1269.349348][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1269.370041][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1269.392410][   T12] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[ 1269.401893][   T12] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[ 1269.824361][T20142] Bluetooth: hci0: command 0x0401 tx timeout
[ 1269.872488][T15652] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[ 1269.901601][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[ 1269.960649][T15652] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1270.868689][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[ 1270.879970][T15652] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[ 1270.891871][T15652] usb 6-1: string descriptor 0 read error: -71
[ 1270.901554][T15652] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1270.916276][T15652] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1270.933809][T15652] usb 6-1: can't set config #168, error -71
[ 1270.944274][T15652] usb 6-1: USB disconnect, device number 8
[ 1271.900620][   T30] audit: type=1400 audit(1762836835.885:2067): avc:  denied  { mounton } for  pid=21353 comm="syz.5.3867" path="/proc/96/task" dev="proc" ino=79100 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[ 1272.013247][   T30] audit: type=1400 audit(1762836835.885:2068): avc:  denied  { mount } for  pid=21353 comm="syz.5.3867" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[ 1272.142858][   T30] audit: type=1400 audit(1762836836.125:2069): avc:  denied  { ioctl } for  pid=21353 comm="syz.5.3867" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[ 1272.183948][T18118] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[ 1272.291601][T11814] logitech 0003:046D:C29C.000E: no inputs found
[ 1272.334388][   T30] audit: type=1400 audit(1762836836.265:2070): avc:  denied  { sys_module } for  pid=21355 comm="syz.4.3868" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[ 1272.390982][T11814] usb 3-1: USB disconnect, device number 102
[ 1272.397868][   T30] audit: type=1400 audit(1762836836.265:2071): avc:  denied  { map_create } for  pid=21355 comm="syz.4.3868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1272.405362][T18118] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1272.551314][   T30] audit: type=1400 audit(1762836836.265:2072): avc:  denied  { map_read map_write } for  pid=21355 comm="syz.4.3868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1272.866496][T18118] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 1272.889954][T18118] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1272.928453][   T30] audit: type=1400 audit(1762836836.265:2073): avc:  denied  { prog_load } for  pid=21355 comm="syz.4.3868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1273.088330][T18118] usb 6-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1273.490185][   T30] audit: type=1400 audit(1762836836.275:2074): avc:  denied  { bpf } for  pid=21355 comm="syz.4.3868" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1273.558358][T18118] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1273.569628][T18118] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1273.580060][T18118] usb 6-1: Product: syz
[ 1273.614930][T18118] usb 6-1: Manufacturer: syz
[ 1273.614935][   T30] audit: type=1400 audit(1762836836.275:2075): avc:  denied  { perfmon } for  pid=21355 comm="syz.4.3868" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1273.614973][   T30] audit: type=1400 audit(1762836836.285:2076): avc:  denied  { read } for  pid=21338 comm="syz.0.3865" dev="nsfs" ino=4026533522 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1273.640789][T18118] usb 6-1: SerialNumber: syz
[ 1273.836825][   T30] audit: type=1400 audit(1762836836.285:2077): avc:  denied  { open } for  pid=21338 comm="syz.0.3865" path="net:[4026533522]" dev="nsfs" ino=4026533522 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[ 1273.982452][   T30] audit: type=1400 audit(1762836836.295:2078): avc:  denied  { create } for  pid=21338 comm="syz.0.3865" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1274.127930][   T30] audit: type=1400 audit(1762836836.395:2079): avc:  denied  { read write } for  pid=18238 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1274.566832][   T30] audit: type=1400 audit(1762836836.395:2080): avc:  denied  { open } for  pid=18238 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1274.747331][   T30] audit: type=1400 audit(1762836836.395:2081): avc:  denied  { ioctl } for  pid=18238 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1274.773817][   T30] audit: type=1400 audit(1762836836.585:2082): avc:  denied  { read } for  pid=21355 comm="syz.4.3868" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1274.796693][   T30] audit: type=1400 audit(1762836836.585:2083): avc:  denied  { open } for  pid=21355 comm="syz.4.3868" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1276.268678][T21390] xt_time: unknown flags 0xc
[ 1276.344457][T21391] comedi comedi3: c6xdigio: I/O port conflict (0x401,3)
[ 1276.352917][T21391] ==================================================================
[ 1276.361079][T21391] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[ 1276.369050][T21391] Read of size 8 at addr ffff88803125c230 by task syz.2.3876/21391
[ 1276.376917][T21391] 
[ 1276.379227][T21391] CPU: 0 UID: 0 PID: 21391 Comm: syz.2.3876 Not tainted syzkaller #0 PREEMPT(full) 
[ 1276.379245][T21391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1276.379254][T21391] Call Trace:
[ 1276.379260][T21391]  <TASK>
[ 1276.379266][T21391]  dump_stack_lvl+0x116/0x1f0
[ 1276.379294][T21391]  print_report+0xcd/0x630
[ 1276.379310][T21391]  ? __virt_addr_valid+0x81/0x610
[ 1276.379332][T21391]  ? __phys_addr+0xe8/0x180
[ 1276.379355][T21391]  ? sysfs_remove_file_ns+0x63/0x70
[ 1276.379373][T21391]  kasan_report+0xe0/0x110
[ 1276.379388][T21391]  ? sysfs_remove_file_ns+0x63/0x70
[ 1276.379406][T21391]  sysfs_remove_file_ns+0x63/0x70
[ 1276.379421][T21391]  driver_remove_file+0x4a/0x60
[ 1276.379439][T21391]  bus_remove_driver+0x224/0x2c0
[ 1276.379461][T21391]  driver_unregister+0x76/0xb0
[ 1276.379476][T21391]  comedi_device_detach_locked+0x12f/0xa50
[ 1276.379499][T21391]  comedi_device_detach+0x67/0xb0
[ 1276.379516][T21391]  comedi_device_attach+0x43d/0x900
[ 1276.379535][T21391]  do_devconfig_ioctl+0x1b1/0x710
[ 1276.379557][T21391]  ? __mutex_lock+0x1c5/0x1060
[ 1276.379572][T21391]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1276.379597][T21391]  ? find_held_lock+0x2b/0x80
[ 1276.379616][T21391]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1276.379635][T21391]  ? futex_wake+0x1ad/0x530
[ 1276.379650][T21391]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1276.379666][T21391]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1276.379684][T21391]  ? do_vfs_ioctl+0x128/0x14f0
[ 1276.379703][T21391]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1276.379722][T21391]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1276.379742][T21391]  ? hook_file_ioctl_common+0x145/0x410
[ 1276.379766][T21391]  ? selinux_file_ioctl+0x180/0x270
[ 1276.379780][T21391]  ? selinux_file_ioctl+0xb4/0x270
[ 1276.379796][T21391]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1276.379810][T21391]  __x64_sys_ioctl+0x18e/0x210
[ 1276.379830][T21391]  do_syscall_64+0xcd/0xfa0
[ 1276.379844][T21391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.379859][T21391] RIP: 0033:0x7fcc42f8f6c9
[ 1276.379872][T21391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1276.379885][T21391] RSP: 002b:00007fcc43d75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1276.379902][T21391] RAX: ffffffffffffffda RBX: 00007fcc431e6180 RCX: 00007fcc42f8f6c9
[ 1276.379911][T21391] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000006
[ 1276.379920][T21391] RBP: 00007fcc43011f91 R08: 0000000000000000 R09: 0000000000000000
[ 1276.379928][T21391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1276.379942][T21391] R13: 00007fcc431e6218 R14: 00007fcc431e6180 R15: 00007ffeb9dee818
[ 1276.379957][T21391]  </TASK>
[ 1276.379961][T21391] 
[ 1276.646090][T21391] Allocated by task 21103:
[ 1276.650481][T21391]  kasan_save_stack+0x33/0x60
[ 1276.655141][T21391]  kasan_save_track+0x14/0x30
[ 1276.659805][T21391]  __kasan_kmalloc+0xaa/0xb0
[ 1276.664375][T21391]  __kmalloc_noprof+0x32f/0x880
[ 1276.669210][T21391]  io_cache_alloc_new+0x45/0xf0
[ 1276.674044][T21391]  __io_prep_rw+0x21d/0x1090
[ 1276.678614][T21391]  io_prep_rw+0x76/0x2c0
[ 1276.682853][T21391]  io_prep_readv+0x20/0xa0
[ 1276.687514][T21391]  io_submit_sqes+0x855/0x2710
[ 1276.692262][T21391]  __do_sys_io_uring_enter+0xd69/0x1630
[ 1276.697794][T21391]  do_syscall_64+0xcd/0xfa0
[ 1276.702277][T21391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.708147][T21391] 
[ 1276.710458][T21391] Freed by task 21103:
[ 1276.714501][T21391]  kasan_save_stack+0x33/0x60
[ 1276.719163][T21391]  kasan_save_track+0x14/0x30
[ 1276.723816][T21391]  __kasan_save_free_info+0x3b/0x60
[ 1276.728999][T21391]  __kasan_slab_free+0x5f/0x80
[ 1276.733739][T21391]  kfree+0x2b8/0x6d0
[ 1276.737622][T21391]  __io_submit_flush_completions+0x1482/0x1980
[ 1276.743757][T21391]  io_submit_sqes+0xa0e/0x2710
[ 1276.748505][T21391]  __do_sys_io_uring_enter+0xd69/0x1630
[ 1276.754036][T21391]  do_syscall_64+0xcd/0xfa0
[ 1276.758525][T21391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1276.764395][T21391] 
[ 1276.766705][T21391] The buggy address belongs to the object at ffff88803125c200
[ 1276.766705][T21391]  which belongs to the cache kmalloc-256 of size 256
[ 1276.780734][T21391] The buggy address is located 48 bytes inside of
[ 1276.780734][T21391]  freed 256-byte region [ffff88803125c200, ffff88803125c300)
[ 1276.794421][T21391] 
[ 1276.796726][T21391] The buggy address belongs to the physical page:
[ 1276.803119][T21391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803125ce00 pfn:0x3125c
[ 1276.813167][T21391] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1276.821648][T21391] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1276.830134][T21391] page_type: f5(slab)
[ 1276.834097][T21391] raw: 00fff00000000240 ffff88813ffa6b40 ffffea0000d08a10 ffffea0000c6e210
[ 1276.842658][T21391] raw: ffff88803125ce00 000000000010000e 00000000f5000000 0000000000000000
[ 1276.851219][T21391] head: 00fff00000000240 ffff88813ffa6b40 ffffea0000d08a10 ffffea0000c6e210
[ 1276.859873][T21391] head: ffff88803125ce00 000000000010000e 00000000f5000000 0000000000000000
[ 1276.868539][T21391] head: 00fff00000000001 ffffea0000c49701 00000000ffffffff 00000000ffffffff
[ 1276.877199][T21391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1276.885841][T21391] page dumped because: kasan: bad access detected
[ 1276.892231][T21391] page_owner tracks the page as allocated
[ 1276.897918][T21391] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5182, tgid 5182 (udevd), ts 70049457810, free_ts 70020049159
[ 1276.917869][T21391]  post_alloc_hook+0x1c0/0x230
[ 1276.922616][T21391]  get_page_from_freelist+0x10a3/0x3a30
[ 1276.928143][T21391]  __alloc_frozen_pages_noprof+0x25f/0x2470
[ 1276.934020][T21391]  alloc_pages_mpol+0x1fb/0x550
[ 1276.938850][T21391]  new_slab+0x24a/0x360
[ 1276.942993][T21391]  ___slab_alloc+0xd79/0x1a50
[ 1276.947655][T21391]  __slab_alloc.constprop.0+0x63/0x110
[ 1276.953098][T21391]  __kmalloc_cache_noprof+0x477/0x780
[ 1276.958471][T21391]  inode_doinit_use_xattr+0x54/0x410
[ 1276.963740][T21391]  inode_doinit_with_dentry+0x10c8/0x12e0
[ 1276.969435][T21391]  selinux_d_instantiate+0x26/0x30
[ 1276.974521][T21391]  security_d_instantiate+0x142/0x1a0
[ 1276.979873][T21391]  d_splice_alias_ops+0x92/0x840
[ 1276.984799][T21391]  kernfs_iop_lookup+0x23f/0x2d0
[ 1276.989721][T21391]  __lookup_slow+0x251/0x460
[ 1276.994298][T21391]  walk_component+0x353/0x5b0
[ 1276.998960][T21391] page last free pid 5182 tgid 5182 stack trace:
[ 1277.005260][T21391]  __free_frozen_pages+0x7df/0x1160
[ 1277.010441][T21391]  __put_partials+0x130/0x170
[ 1277.015106][T21391]  qlist_free_all+0x4d/0x120
[ 1277.019673][T21391]  kasan_quarantine_reduce+0x195/0x1e0
[ 1277.025106][T21391]  __kasan_slab_alloc+0x69/0x90
[ 1277.029938][T21391]  kmem_cache_alloc_noprof+0x250/0x6e0
[ 1277.035383][T21391]  getname_flags.part.0+0x4c/0x550
[ 1277.040477][T21391]  getname_flags+0x93/0xf0
[ 1277.044877][T21391]  do_readlinkat+0xb4/0x3a0
[ 1277.049362][T21391]  __x64_sys_readlink+0x78/0xc0
[ 1277.054196][T21391]  do_syscall_64+0xcd/0xfa0
[ 1277.058674][T21391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1277.064546][T21391] 
[ 1277.066849][T21391] Memory state around the buggy address:
[ 1277.072453][T21391]  ffff88803125c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1277.080490][T21391]  ffff88803125c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1277.088528][T21391] >ffff88803125c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1277.096564][T21391]                                      ^
[ 1277.102178][T21391]  ffff88803125c280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1277.110217][T21391]  ffff88803125c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1277.118255][T21391] ==================================================================
[ 1277.126373][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1277.191817][T21391] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1277.199041][T21391] CPU: 0 UID: 0 PID: 21391 Comm: syz.2.3876 Not tainted syzkaller #0 PREEMPT(full) 
[ 1277.208477][T21391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1277.218528][T21391] Call Trace:
[ 1277.221780][T21391]  <TASK>
[ 1277.224690][T21391]  dump_stack_lvl+0x3d/0x1f0
[ 1277.229282][T21391]  vpanic+0x640/0x6f0
[ 1277.233247][T21391]  panic+0xca/0xd0
[ 1277.236951][T21391]  ? __pfx_panic+0x10/0x10
[ 1277.241350][T21391]  ? sysfs_remove_file_ns+0x63/0x70
[ 1277.246546][T21391]  ? preempt_schedule_common+0x44/0xc0
[ 1277.251997][T21391]  ? preempt_schedule_thunk+0x16/0x30
[ 1277.257361][T21391]  check_panic_on_warn+0xab/0xb0
[ 1277.262281][T21391]  end_report+0x107/0x170
[ 1277.266587][T21391]  kasan_report+0xee/0x110
[ 1277.270990][T21391]  ? sysfs_remove_file_ns+0x63/0x70
[ 1277.276167][T21391]  sysfs_remove_file_ns+0x63/0x70
[ 1277.281183][T21391]  driver_remove_file+0x4a/0x60
[ 1277.286038][T21391]  bus_remove_driver+0x224/0x2c0
[ 1277.290960][T21391]  driver_unregister+0x76/0xb0
[ 1277.295708][T21391]  comedi_device_detach_locked+0x12f/0xa50
[ 1277.301496][T21391]  comedi_device_detach+0x67/0xb0
[ 1277.306507][T21391]  comedi_device_attach+0x43d/0x900
[ 1277.311694][T21391]  do_devconfig_ioctl+0x1b1/0x710
[ 1277.316712][T21391]  ? __mutex_lock+0x1c5/0x1060
[ 1277.321474][T21391]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1277.327006][T21391]  ? find_held_lock+0x2b/0x80
[ 1277.331669][T21391]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1277.337110][T21391]  ? futex_wake+0x1ad/0x530
[ 1277.341611][T21391]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1277.347414][T21391]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1277.353298][T21391]  ? do_vfs_ioctl+0x128/0x14f0
[ 1277.358053][T21391]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1277.363068][T21391]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1277.369906][T21391]  ? hook_file_ioctl_common+0x145/0x410
[ 1277.375457][T21391]  ? selinux_file_ioctl+0x180/0x270
[ 1277.380644][T21391]  ? selinux_file_ioctl+0xb4/0x270
[ 1277.385752][T21391]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1277.391552][T21391]  __x64_sys_ioctl+0x18e/0x210
[ 1277.396301][T21391]  do_syscall_64+0xcd/0xfa0
[ 1277.400785][T21391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1277.406663][T21391] RIP: 0033:0x7fcc42f8f6c9
[ 1277.411075][T21391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1277.430671][T21391] RSP: 002b:00007fcc43d75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1277.439084][T21391] RAX: ffffffffffffffda RBX: 00007fcc431e6180 RCX: 00007fcc42f8f6c9
[ 1277.447041][T21391] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000006
[ 1277.454995][T21391] RBP: 00007fcc43011f91 R08: 0000000000000000 R09: 0000000000000000
[ 1277.462950][T21391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1277.470998][T21391] R13: 00007fcc431e6218 R14: 00007fcc431e6180 R15: 00007ffeb9dee818
[ 1277.478962][T21391]  </TASK>
[ 1277.482209][T21391] Kernel Offset: disabled
[ 1277.486513][T21391] Rebooting in 86400 seconds..