last executing test programs:

3m28.621509378s ago: executing program 3 (id=997):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0xc, 0x6, 0x0, 0x7, 0x20, 0x800, 0x7ff, 0x8ea}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m28.619814107s ago: executing program 3 (id=999):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x8, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="7a0a00ff000000007110bf000000000095"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)

3m28.552010283s ago: executing program 3 (id=1000):
newfstatat(0xffffffffffffff9c, &(0x7f0000000a80)='./cgroup\x00', &(0x7f0000000ac0), 0x4000)

3m28.55184612s ago: executing program 3 (id=1001):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)

3m28.472003016s ago: executing program 3 (id=1002):
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000001c0)={0xa1, 0x11, 0x0, 0x3f00, 0x0, 0x0, 0x0})

3m28.231353608s ago: executing program 3 (id=1005):
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x505}, "234f7234290b7d02", "b1c69b782c7b0a1d004000", "9d7c4f4c", "a6991707956c0811"}, 0x28)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

3m28.163360234s ago: executing program 32 (id=1005):
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_128={{0x505}, "234f7234290b7d02", "b1c69b782c7b0a1d004000", "9d7c4f4c", "a6991707956c0811"}, 0x28)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32, @ANYBLOB="200001"], 0x38}}, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m51.160666707s ago: executing program 0 (id=1888):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080)

1m51.160466289s ago: executing program 0 (id=1889):
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1m51.159182243s ago: executing program 0 (id=1890):
r0 = fsopen(&(0x7f0000000000)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, 0x0, 0x0, 0x0)
readv(r0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = syz_usb_connect(0x5, 0x46, &(0x7f0000000780)=ANY=[@ANYBLOB="12010000e75fcc08c0070515c5b8010203010902340001000080000904ba00038e4ee2000905000000041a06010905010300021007c109050c04400006030f07059acbf5"], 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000100)={0x14, 0x0, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000000)="93", 0xf5)

1m49.535143697s ago: executing program 0 (id=1899):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080)

1m49.450620663s ago: executing program 0 (id=1893):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00')
lseek(r0, 0x1, 0x0)

1m49.45003196s ago: executing program 0 (id=1895):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rt_sigsuspend(&(0x7f0000000040)={[0x8]}, 0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x1000, 0x0, @mcast1}, 0x1c)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d350987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r5)
readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/222, 0xdd}], 0x100000000000001e)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0x1)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a181004000000003a1ffffff0000000e000a000d00000002800000121f", 0x2e}], 0x1}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000240), 0x41d3, 0x2)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)

1m33.488022813s ago: executing program 33 (id=1895):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
rt_sigsuspend(&(0x7f0000000040)={[0x8]}, 0x8)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, 0x0, 0x0)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x1000, 0x0, @mcast1}, 0x1c)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d350987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
r5 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
r6 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r5)
readv(r6, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/222, 0xdd}], 0x100000000000001e)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(r2, 0x5421, &(0x7f0000000140)=0x1)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a181004000000003a1ffffff0000000e000a000d00000002800000121f", 0x2e}], 0x1}, 0x0)
syz_open_dev$vim2m(&(0x7f0000000240), 0x41d3, 0x2)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)

1m29.21949941s ago: executing program 4 (id=1941):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3a616dc4010203010902120001000000000904"], 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000340), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r1, 0x404c534a, &(0x7f0000000ac0)={0x0, 0x2d})
syz_usb_control_io(r0, 0x0, 0x0)
r2 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$uac1(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$printer(r2, 0x0, &(0x7f0000000380)={0x1c, &(0x7f0000000100)={0x0, 0x16, 0x4, "4cd36688"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000012"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000140)={0xc, &(0x7f0000000440)={0x40, 0x30, 0xc5, {0xc5, 0x2, "e93dfbc36cc2e5f8c8ad7b67d53887824d3181186c8a44e0d3fb60a94ab76601b8fa85edf732dcded31226961827e0b714c49bbe73082381df72ad4916ca976e7ad664fa5717f3fd73825d8c8c348e9bcab2192c4c076a3ab7ca79f8c4849bb13a2cf82013885d7f9824a712d17574f22067138e3a24b77b13f135b2c5102bf6138acb8acd31bd7b61ada9c84e2ae2e37020551675a7fbff74945b365cf67ff5d57f1899806e7be6b0eba3fb74ae97bcfcfae632a1065dbb958befa26bf1a98e230db6"}}, &(0x7f0000000080)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

1m25.949122744s ago: executing program 4 (id=1962):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
socket$inet6(0xa, 0x3, 0x5)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1m25.948761351s ago: executing program 4 (id=1963):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582020002", @ANYBLOB], 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x50540)
syz_usb_connect$uac1(0x2, 0xaf, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[], 0x0)
syz_usb_disconnect(0xffffffffffffffff)

1m24.570461552s ago: executing program 4 (id=1970):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

1m24.509195068s ago: executing program 4 (id=1972):
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4ea3, 0x0, @loopback}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x9511, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)

1m24.408777136s ago: executing program 4 (id=1973):
syz_usb_connect(0x6, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x250, 0x8a, 0x80, 0x45, 0x20, 0x1b3d, 0x1f8, 0x459d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xaf, 0x5, 0x30, 0x1, [{{0x9, 0x4, 0xfc, 0x6, 0x0, 0x6c, 0xd0, 0xb0, 0x6}}]}}]}}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
request_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='abcdefghijklmnop', 0x0)
request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup3(r0, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080)

1m9.29649312s ago: executing program 34 (id=1973):
syz_usb_connect(0x6, 0x24, &(0x7f0000000200)={{0x12, 0x1, 0x250, 0x8a, 0x80, 0x45, 0x20, 0x1b3d, 0x1f8, 0x459d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xaf, 0x5, 0x30, 0x1, [{{0x9, 0x4, 0xfc, 0x6, 0x0, 0x6c, 0xd0, 0xb0, 0x6}}]}}]}}, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
request_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='abcdefghijklmnop', 0x0)
request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
dup3(r0, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080)

17.341270626s ago: executing program 5 (id=2365):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="010000000000000073000040"])

15.810479215s ago: executing program 5 (id=2376):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="2b70696473206aa4af0b9c8df7bfd54c8c0cefe2ed8f367f18a6"], 0x6)

15.720064077s ago: executing program 5 (id=2372):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="0d00000011a0", @ANYRES16=r1, @ANYBLOB="010026bd7000ffdbdf25050000000c0006000100000001000000"], 0x20}}, 0x8000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0)
close(r3)
timer_create(0x6, &(0x7f00000000c0)={0x0, 0x1e, 0x2, @thr={&(0x7f0000000380)="e60b8357f80c62a46cda0aa4a8d2bf053504507f875676de6fe90fe37ccb95ff0572eb0c4a570d19a1b75978033ebbf869542e2511ec128f818c4f9ceae9e80aa2a275884d3de24bb0de11fd6c7d75f8d00fefc5f5411cbf43fa8fde998fadd27d60633aecd375f4313fa853570371328ef70e442b1b0b458b28e3912a21fc7708c42a86ef5ec2895fb5fe02fa75b935703d8914fb2782276cc609a771feee8fe3b539a79d22dd773fc521723deaf469f606c2ebea17c166585db8463d635fb4fe9578e5a788978e43", &(0x7f0000000480)="a2a07b6e1688ac5d190c34e861568022ab6bb6605d5f28e3bafbc92ba55ce902d6b9b7543aa293fd357d0e01de8e76a8a120f6c0d725536ae4aa4c81c678e4aec018ae3fd09c0ad1a83e07384871cf8cd5c3a9768ff34780a403bd3ba026aeecef8567b3678881eb34f29dc89e8afdc9d8f52d7964fddc937766a4ecd033e647ca449a5777115f02fc14cfbc3e39006eaa76bad3087625201e70c0719057963627414b5f676ecee90987bde74cab996c523881be741a58a9f30f6be05eef3ba5b494514c3541bfba0cb01387a84c7734e83fbaa27a69f5171a50e99ff02d5e68e43316cb"}}, &(0x7f0000000100)=<r5=>0x0)
clock_gettime(0x0, &(0x7f0000000200)={<r6=>0x0, <r7=>0x0})
timer_settime(r5, 0x0, &(0x7f0000000280)={{r6, r7+60000000}}, &(0x7f0000000300))
ioctl$KVM_CHECK_EXTENSION(r4, 0xae01, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000001c0)={0x5, 0x1, 0x0, 0x2000, &(0x7f0000ee3000/0x2000)=nil})
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @random="429e82211cf8", @void, {@ipv6={0x86dd, @generic={0xa, 0x6, "7abd6a", 0x0, 0x67, 0x1, @private0, @mcast2}}}}, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r3, 0x4020aed2, &(0x7f0000000040)={0x399000, 0x399000, 0x8})
r8 = socket$inet(0x2, 0x2, 0x40)
setsockopt$IP_VS_SO_SET_TIMEOUT(r8, 0x0, 0x48a, &(0x7f0000000580)={0x9, 0x8, 0x3}, 0xc)

15.456916474s ago: executing program 5 (id=2375):
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x82001)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000001080)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x22000)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x50, 0x0, &(0x7f0000001980)="d527cf11805d55533beee663b219fc6742ceda12c4ba069e5d711c602617720ced4aeef3c627ec8ad698db10e3f3dbd3712fbe8eb20ba74f94971ff02659784db4600a1b79ec37b13575abaf52a8afe4"})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})

15.455350429s ago: executing program 5 (id=2377):
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000001580)={r0})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
setfsuid(0xee00)
sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0)

14.813581938s ago: executing program 5 (id=2389):
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r0, 0x3309)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, 0x0, 0x4c050)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x330, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x40000000000000}}}, 0xb8}}, 0x0)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000001340)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0d, &(0x7f0000000040))
syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0)

1.719445345s ago: executing program 2 (id=2494):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000100), 0x0, 0x80002)
ioctl$SNDRV_PCM_IOCTL_DROP(r0, 0x4143, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000540)={0xfffffffc, [[0x4, 0x0, 0x4, 0x4, 0xd, 0xb42, 0x52c6dbfc, 0x53ee], [0x9, 0x7, 0x3, 0x1, 0x0, 0x8, 0xfda, 0x101], [0x0, 0x3ff, 0x1, 0x0, 0x3, 0x1000, 0x2, 0xfffffffa]], '\x00', [{0x6, 0x1}, {0x5, 0x0, 0x0, 0x1}, {0xe, 0x9, 0x1, 0x0, 0x1, 0x1}, {0x4, 0x4, 0x0, 0x1}, {0xdae6, 0x10001, 0x1, 0x0, 0x1, 0x1}, {0x80, 0x6e, 0x1, 0x1, 0x1}, {0x1, 0x400, 0x1, 0x0, 0x1}, {0x8, 0xf, 0x1, 0x0, 0x1}, {0x9, 0xa7, 0x1, 0x0, 0x1}, {0x9, 0xe, 0x1, 0x0, 0x1}, {0x1, 0xfffffffc, 0x0, 0x0, 0x1}, {0x4, 0x40, 0x1, 0x0, 0x1, 0x1}], '\x00', 0x7}) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}]}], {0x14}}, 0xa0}, 0x1, 0x0, 0x0, 0x58fe7ab67a988db6}, 0x0) (async)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) (async)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x5) (async)
close_range(r2, 0xffffffffffffffff, 0x0) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d00000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000380)='percpu_alloc_percpu\x00', r4}, 0x10) (async)
r6 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000000), 0x169101, 0x0)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
syz_emit_ethernet(0x72, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr=0x64010102, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x3}, @timestamp_prespec={0x44, 0x2c, 0x0, 0x3, 0x0, [{@remote}, {}, {@dev}, {@local}, {@dev}]}]}}}}}}}, 0x0) (async, rerun: 64)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r7=>r5, {0x5}}, './file0\x00'}) (async, rerun: 64)
r8 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000840)={0x1b, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x0, 0x4}, 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000940)=@bpf_tracing={0x1a, 0xf, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x75, &(0x7f00000007c0)=""/117, 0x41000, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x24b9a, 0xffffffffffffffff, 0x8, &(0x7f0000000440)=[r0, r7, r8], &(0x7f00000008c0)=[{0x5, 0x3, 0x3, 0x2}, {0x5, 0x1, 0xd, 0x3}, {0x2, 0x3, 0x8, 0x8}, {0x2, 0x1, 0x1, 0x7}, {0x2, 0x3, 0xf, 0xb}, {0x2, 0x5, 0xc, 0x2}, {0x0, 0x4, 0x2, 0x4}, {0x3, 0x2, 0x5, 0x8}], 0x10, 0x80000000}, 0x94) (async)
sync()

1.659692079s ago: executing program 2 (id=2495):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x4, 0x70014, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x400000}, 0x50)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='T\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="30003300c0000000ffffffffffff080211000000505050505050"], 0x54}}, 0x0)
socket(0x10, 0x803, 0x0)

1.658649465s ago: executing program 2 (id=2496):
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc)
syz_emit_ethernet(0x4a, &(0x7f0000000380)={@broadcast, @dev, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "72b2af", 0x4, 0x2f, 0x0, @dev, @mcast2, {[], {0x0, 0x883e, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0)
r1 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000580)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01090000000000000f"])
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0x1000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x9, 0x0, 0x7], 0xeeee8000, 0x2113c0})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={0x0, 0x989680}, 0x1, 0x40, 0x1})
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
sendmsg$inet(r0, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000180)="c6", 0x1}], 0x1}, 0x4000080)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r7, 0x6, 0x8, 0x0, &(0x7f00000000c0))
mount$bpf(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000004c0), 0x1000800, &(0x7f0000000600)=ANY=[@ANYBLOB="e2"])

669.783641ms ago: executing program 2 (id=2515):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x1c, 0x1, 0x0, "6040a7190200002000000000000000ff1057e31e94000000000000000006ff00", 0x42303159})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x100000000)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$unix(r4, &(0x7f0000000fc0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)="1a", 0x1}], 0x1, 0x0, 0x0, 0x10004814}}], 0x1, 0x480d0)
sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={0x0, 0x178}}, 0x20000800)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r5 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x1, 0x3, 0x34b}, &(0x7f00000000c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB=' '], 0x20}}, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_DESTROY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x1c, 0x3, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x20000090)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={0xc4, 0x0, 0x1, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@CTA_TUPLE_REPLY={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0x9, 0x1, 'snmp\x00'}}, @CTA_NAT_DST={0x6c, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @private0}, @CTA_NAT_V4_MINIP={0x8, 0x1, @empty}, @CTA_NAT_V6_MINIP={0x14, 0x4, @dev={0xfe, 0x80, '\x00', 0x32}}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @empty}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast2}, @CTA_NAT_PROTO={0x1c, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}]}, @CTA_SYNPROXY={0x14, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_TSOFF={0x8}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x100}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x9}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}]}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4}, 0x1)

449.983686ms ago: executing program 1 (id=2518):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x7, r2, 0x2000, 0x10000, 0x0, 0x3, 0x2a7345, 0x20d37, 0xfffffffffffffff0})

449.286376ms ago: executing program 2 (id=2519):
r0 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_STATION(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010002000000800000001200000008000300", @ANYRES32=r3, @ANYBLOB="0b2e00000000000000e473cb06001201ff010000"], 0x30}, 0x1, 0x0, 0x0, 0x24004870}, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
unshare(0x22020600)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000100)={0x200000000000001}, 0x8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @dev, 0x5}, 0x1c)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000640)={0x250, r1, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x6, 0x4a}}}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x16}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_TX_RATES={0x1dc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x38, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x3c2, 0x3, 0x6, 0xd13, 0xfffb, 0xfe00, 0x3]}}, @NL80211_TXRATE_HT={0x1d, 0x2, [{0x7, 0x1}, {0x3, 0x5}, {0x0, 0x7}, {0x0, 0x2}, {0x7, 0x9}, {0x5, 0x5}, {0x6}, {0x5, 0x3}, {0x1, 0x1}, {0x2, 0x4}, {0x3, 0x6}, {0x1, 0x1}, {0x3, 0x4}, {0x0, 0x5}, {0x2, 0x5}, {0x1, 0x9}, {0x4, 0x4}, {0x5, 0x1}, {0x4, 0x5}, {0x3, 0xa}, {}, {0x7, 0x7}, {0x4, 0x4}, {0x0, 0x8}, {0x0, 0x6}]}]}, @NL80211_BAND_2GHZ={0x28, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x10, 0x1, [0x2, 0xc, 0x48, 0x9, 0x6c, 0x18, 0x3, 0x1, 0x48, 0x18, 0x24, 0x22]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x80, 0x8, 0x3, 0xffff, 0x315, 0xd04, 0xcc5a, 0x9]}}]}, @NL80211_BAND_60GHZ={0x50, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x7f, 0xa8, 0xc9d0, 0x0, 0x0, 0x6]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x30, 0x2, [{0x0, 0x3}, {0x5, 0x1}, {0x4, 0x5}, {0x1, 0x1}, {0x6, 0x7}, {0x7, 0x5}, {0x1, 0x8}, {0x5, 0xa}, {0x6, 0x7}, {0x4, 0x1}, {0x6, 0x9}, {0x7, 0x7}, {0x5, 0xa}, {0x1, 0x6}, {0x7, 0x9}, {0x0, 0xa}, {0x1, 0x8}, {0x1, 0x5}, {0x0, 0x7}, {0x0, 0x6}, {}, {0x3, 0x8}, {0x5, 0x5}, {0x0, 0xa}, {0x3, 0x9}, {0x0, 0x5}, {0x4, 0xa}, {0x1}, {0x0, 0x1}, {}, {0x2, 0x4}, {0x4, 0x5}, {0x6, 0x6}, {0x7, 0x8}, {0x6, 0x1}, {0x5, 0x3}, {0x7, 0x7}, {0x1, 0x8}, {0x2, 0x4}, {0x6}, {0x5, 0x9}, {0x3, 0x9}, {0x1, 0x1}, {0x5, 0x3}]}]}, @NL80211_BAND_2GHZ={0x70, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x14, 0x1, [0x36, 0x12, 0x18, 0x6c, 0x2, 0xc, 0x36, 0x4, 0x48, 0xc, 0x12, 0x1, 0x2, 0x2, 0xc, 0x2]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x3f, 0x2, [{0x0, 0xa}, {0x1}, {0x6, 0x8}, {0x2, 0x3}, {0x7, 0xa}, {0x7, 0x3}, {0x1, 0x7}, {0x2, 0x1}, {0x2, 0x9}, {0x6, 0x8}, {0x3, 0x1}, {0x1, 0x9}, {0x1, 0x9}, {0x5, 0x1}, {0x1, 0x2}, {0x2, 0x4}, {0x2, 0x6}, {0x5, 0x6}, {0x0, 0x4}, {0x5, 0x5}, {0x7, 0xa}, {0x6, 0x1}, {0x6, 0x6}, {0x1, 0x4}, {0x7, 0x9}, {0x6, 0x4}, {0x6, 0xa}, {0x0, 0x8}, {0x6, 0x8}, {0x2, 0x3}, {0x1, 0x4}, {0x3, 0x4}, {0x2, 0x8}, {0x5, 0x1}, {0x0, 0xa}, {0x2, 0x2}, {0x1, 0x5}, {0x6, 0x3}, {0x0, 0x6}, {0x3, 0x1}, {0x7, 0x2}, {0x0, 0x8}, {0x0, 0xa}, {0x4}, {0x5, 0x2}, {0x0, 0x4}, {0x4, 0x5}, {}, {0x1, 0x7}, {0x3, 0x1}, {0x1}, {0x6, 0x6}, {0x0, 0x4}, {0x5, 0x8}, {0x0, 0x5}, {0x7, 0x3}, {0x1, 0x5}, {0x2, 0x1}, {0x0, 0x1}]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7f, 0x8, 0x7, 0x2, 0x8001, 0x3ff, 0x3, 0x1]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0x2, 0x5, 0x1, 0x8, 0x2, 0x200, 0x8]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x0, 0x0, 0x80, 0x1, 0x0, 0x6, 0x3]}}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x6, 0x6}, {0x0, 0x3}, {0x4, 0x9}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0xb9, 0x200, 0xb, 0x3, 0x7f, 0x8, 0x3]}}, @NL80211_TXRATE_HT={0x17, 0x2, [{0x3, 0x4}, {0x4, 0x7}, {0x1, 0x9}, {}, {0x3, 0xa}, {0x3}, {0x0, 0x6}, {0x3}, {0x2}, {0x4}, {0x4, 0x7}, {0x4, 0xa}, {0x0, 0x8}, {0x5, 0x8}, {0x6, 0x1}, {0x1, 0xa}, {0x1, 0x8}, {0x1, 0x7}, {0x1, 0x5}]}]}, @NL80211_BAND_60GHZ={0x2c, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x26, 0x2, [{0x2}, {0x6, 0x3}, {0x6, 0x6}, {0x4}, {0x0, 0x2}, {0x1, 0x1}, {0x1, 0x8}, {0x1, 0x1}, {0x0, 0x7}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0xa}, {0x0, 0x9}, {0x0, 0x3}, {0x1, 0x9}, {0x4, 0x2}, {0x6, 0x1}, {0x4, 0x2}, {0x2, 0x6}, {0x5, 0x9}, {0x7, 0xa}, {0x1}, {0x4, 0xa}, {0x1, 0x6}, {0x3, 0x8}, {0x1, 0x3}, {0x7, 0x2}, {0x7}, {0x0, 0x1}, {0x5, 0x5}, {0x3, 0x2}, {0x7, 0x9}, {0x3, 0x2}, {0x0, 0x9}]}]}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0xffff}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x1000}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x800}]}, 0x250}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000f5ffffff00010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004"], 0xe8}}, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB="78000000070a01020000000000000000070000060900010073797a31000000005800048054000180090001006d6574610000000044000280080001400000000c0800034000000000080002400000000d0800014000000008080002400000000908000140000000090800024000000018080001"], 0x78}, 0x1, 0x0, 0x0, 0x40080}, 0x4000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r5)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000580)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000040200f2c8dc1b000000180001801400020073797a5f74756e0000000000000000000c000280"], 0x38}, 0x1, 0x0, 0x0, 0x20000844}, 0x0)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x30, r1, 0x20, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xdf1}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1707}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000800}, 0x40000)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000003400), 0x101001, 0x0)
write$cgroup_int(r8, &(0x7f0000003880)=0x100000000, 0x12)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f00000001c0)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x5, 0x1, 0x6})
r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r9, 0x4068aea3, &(0x7f0000000500)={0xc4, 0x0, 0x6})
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="340000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000c002b80080002000400000008001b"], 0x34}}, 0x4040004)
socket(0x2a, 0x2, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=@ipv4_delrule={0x24, 0x21, 0xb12becd5a2b54ddf, 0x0, 0x0, {}, [@FRA_GENERIC_POLICY=@FRA_SUPPRESS_PREFIXLEN={0x8, 0xe, 0x978}]}, 0x24}}, 0x0)

359.292163ms ago: executing program 1 (id=2520):
r0 = socket(0x40000000015, 0x5, 0x0)
setsockopt$sock_int(r0, 0x1, 0xa, &(0x7f00006dbffc), 0xd)
r1 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
r3 = socket$inet(0x2, 0x1, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r5, @ANYBLOB="0c0002"], 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xb, 0x9}}, [@filter_kind_options=@f_u32={{0x8}, {0x18, 0x2, [@TCA_U32_SEL={0x14, 0x5, {0xc, 0x6, 0x0, 0x7, 0x20, 0x800, 0x7ff, 0x8ea}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080}, 0x4000)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)={0x13c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_NAT_DST={0x48, 0xd, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @CTA_NAT_V6_MINIP={0x14, 0x4, @mcast1}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @multicast1}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @local}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x2}, @CTA_SEQ_ADJ_ORIG={0xc, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x9}]}, @CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_HELP={0x10, 0x5, 0x0, 0x1, {0xa, 0x1, 'Q.931\x00'}}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x4}, @CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'sane-20000\x00'}}, @CTA_TUPLE_MASTER={0x74, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @local}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x34}}, {0x8, 0x2, @private=0xa010101}}}]}]}, 0x13c}, 0x1, 0x0, 0x0, 0x20004040}, 0x20008004)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x3c, r12, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x6}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x80000001}]}, 0x3c}}, 0x8006)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r10, &(0x7f0000000580)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000ac0)={0x3cc, r12, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0x84, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x7f, 0x4, "2f173bb329ced0f55bcc7b7bc4f1becd4eba095be82d097c9ccbddfa9db2b607fdae8539f0ebffde4f566a5f0064862fa501597ee2b53d349f52db4be7454a28c50704b80571a64fc2eb819fcce09fe3b1587257825bbe2d464b665ae09fd3dc6d7679c099042797f9538aea43953c561508e29f4ca93d8ff7c62d"}]}, @ETHTOOL_A_DEBUG_HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}]}, @ETHTOOL_A_DEBUG_HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x2d0, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}, @ETHTOOL_A_BITSET_MASK={0xc3, 0x5, "ba1c0b3e4b8a0c40c8609a271aabcb84e5f3eb27ab09a6d09293febb7f1fd6acc5727fbec601bfd6691f671b17af64ef4d562621a0e1ee07136b5b263d440e112090eb27c40c8404d7021031296361dc3d419b9d131e129921639b5bd1d8bafa11c181639436b91896e9e26c2f32afe0c2c44316c613b335ae829627697fb04bd29272fe6f4f901dbe9d670a8872d7bc608a2b31e92ad710b031953f7aeb1d284589163457e14147c0a58c3a01436692e7f3a57c5aa8e92cf3623c0a85991a"}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x7}, @ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x19c, 0x3, 0x0, 0x1, [{0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '[\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, ']):\\.$:@\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x1d, 0x2, 'r\xfc\xf9\xe3\xa1\xaa3B\x05\x12>\xd4\x82\x85\xff\xf8x\xb9J\xa3\xeba*\xe2\xe1'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'hash\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x6}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, 'cmac(aes-generic)\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x9}]}, {0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'hash\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x1000}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '/\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xf, 0x2, '\xa3J:)]\\/%\\;\x00'}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'exthdr\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz0\x00'}]}, {0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x10001}, @ETHTOOL_A_BITSET_BIT_NAME={0xa, 0x2, '-%}].\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x16, 0x2, 'cmac(aes-generic)\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'hash\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x7fff}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}, {0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xc, 0x2, 'nl80211\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}, @ETHTOOL_A_BITSET_BITS={0x58, 0x3, 0x0, 0x1, [{0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x5}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0xb, 0x2, 'exthdr\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x3}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x80}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x94f}, @ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'syz2\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}]}]}]}]}, 0x3cc}, 0x1, 0x0, 0x0, 0x8}, 0x8010)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r13=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x44, r8, 0x801, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee3b90807eef16f162471f4"}, @NL80211_KEY_IDX={0x5}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac08}]}]}, 0x44}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x19}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)
r14 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r14, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r14, 0x117, 0x1, &(0x7f0000000080)="adbebecb099100000a00000000000000", 0x18)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

309.531299ms ago: executing program 6 (id=2522):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

260.097144ms ago: executing program 6 (id=2523):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
ioctl$BLKPG(r1, 0x1269, &(0x7f00000001c0)={0x1, 0x0, 0x98, &(0x7f00000000c0)={0x0, 0x1000, 0x11}})
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="090e2bbd700002dcdf251b0000000c00060001"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x8ef, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
r4 = syz_open_dev$media(&(0x7f00000012c0), 0x66, 0x180502)
ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f0000002f00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000640)=[{}, {}, {}, {}], 0x0, 0x0, 0x0})
ioctl$BLKPG(r1, 0x1269, &(0x7f0000000180)={0x1, 0x0, 0x98, &(0x7f0000000200)={0xfffffffffffffffc, 0x8}})
r5 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
ioctl$sock_bt_bnep_BNEPCONNADD(r5, 0x400442c8, &(0x7f0000000540)=ANY=[@ANYRES32=r0])
getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4)

259.802178ms ago: executing program 1 (id=2524):
r0 = mq_open(&(0x7f0000000180)=',\xa0&^]-\x00', 0x43, 0x138, &(0x7f00000001c0)={0xfffffffffffffff9, 0x9, 0x9, 0x2})
mq_getsetattr(r0, &(0x7f0000000200)={0x0, 0xd38, 0x2, 0x8000}, &(0x7f0000000240))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x14, 0x28, 0x9, 0x70bd2b, 0x0, {0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x844)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_lsm={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000cb9aeee87910000000000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x2}, 0x94)

198.465652ms ago: executing program 1 (id=2525):
sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000800}, 0x4000008)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r0 = syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_RENAMEAT={0x23, 0x30, 0x0, r3, 0x0, 0x0, r3})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r0, 0x18, &(0x7f0000000100)={0x7fff, r3, 0x0, {0xd463}, 0x2}, 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
io_setup(0x80000000, &(0x7f0000000040)=<r5=>0x0)
r6 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802)
writev(r6, &(0x7f0000000240)=[{&(0x7f0000000200)='3V', 0x2}, {0x0, 0x300}], 0x2)
r7 = eventfd2(0x6, 0x80000)
io_submit(r5, 0x7, &(0x7f0000001a80)=[&(0x7f0000000500)={0x0, 0x0, 0x0, 0x3, 0x8, r3, &(0x7f0000000400)="a90c78eba5a2289834787206d20f5336bb9c278b876a65da1967608f65b7b98538fb9338110358938352883ef72e73d9ee33045313338eeaadb246ecb98fcf2fee457a36cf8ad9434404263b358defb0fb642753994f3e08d7a397cb2bb1a091d6a0b2dc4d11ed1796254bab365702dac611ea341e55f5f1a6647c126cd2c4195ee7e284af2433ae0b8a7d6b3ea687b274ca5be7978eed6878ae767a6652cc150073bc8793401a836ddfd7b2c75178f918e14ef0e69edeaeb2e37a36d2dd1a11e5296fbcbfee7dd2e48136cbab712ae9bf04c84b991433368e328363adf512592852599ce5e7ee6de35a6b5c", 0xec, 0x9e4}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000540)="acee894262ef0a4fc3dbf4918def93b5b9d36cede169f98cea292886b274dfd299ed8eb955a4d23ebb604d6f8deca7215d6ac8563d842a421a566ea29866b19f9e549239727f01d8ec5c25f28178c09e6b5d0fe48c39d53a60a762470a31e9a1f5963df2e778f4725da69de09ab11b2f05bbaf", 0x73, 0x0, 0x0, 0x3, r3}, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x7, r0, &(0x7f0000000600)="30e7befb1c8346d223a5de70494ea5a98f56125b1eeaa796c258a35011d442c044af4f3e920a0d12df1d42f59324be25273e25f09ea282517caf503772c08eb4e36114ae21295d872f22dfc063a5d6f5b24b89985a184aec3f7cc2f1fa71a1ad13c1b1f365b2df3336d78a49efcae6bc855b6bc858ea57a6fd71c35197848a7d8262a089cb332e4d6e4e3e06d50b95", 0x8f, 0xdf, 0x0, 0x0, r6}, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x8, 0x7, r4, &(0x7f0000000700)="379984bf61e99732f4c6328d8524fe1ec2d7389a8ed2f1cbeb86d8849b9b643729cfc6ca2738951d5310aa485bb9235d1a07caf9073e4a4b349368efce39f4b4ee08b80ddae58bb49f279b02bb02850a7cc9b5b19b89c4942edd260aef93d60c76c98b8307af48b31ed8ced59c66b75151d474198c1cdf92e98640cf28996e0db79d5ab3b89e6124080c955b67df5997c154498730c029809ab65d90758107c7d0720c6ef05f3fc50116ee590a92b60cd19af24168479f3cd4e015491e55c50e1cb8a5ef643bad5fbb95496a8e9b25cf6bc5cd96e8a77d435f2076", 0xdb, 0xc1b8, 0x0, 0x1, r3}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x8, 0x0, r0, &(0x7f0000000840)="dbf6e8c82f29135facb6f2037dca92c5bf952caf4c887043aab8847b2938bd058fed28bc08f00dbac81f2d6e6a053a93933ee6dd0c6f55d20617308aa81696d917f032771895da9a97b7f4eeb9e978ecae30409b9899684c9f94a4ed08e9aacc71a3a91552504d3009da74ed8349e40a2c9c7effcb88a0b12fc39daa908d8fd0b6183239398173eec6fd4546890855f0c560f0ff6f730476a8d41686885e3f2a3e3195cee880ed6cc0055f", 0xab, 0xffffffffffffffff}, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x5, r3, &(0x7f0000000940)="48c8ec168b7fcbc7a450f25b9297ba06e6390fb13c6b4e2156adb9ff63ec0dc4c121c6e4ff4e184ee07b7c0e15d3c64ae3b6584d40e70e370579b14f1c7778ec17b0d3820c4d9e4f76a969d795d99892083d4c9f98415201dc2b908f6f5f28efb70a045baad40b457ae848dce85cac1702512409555c12b827d540470a9e34a8f491c27db50a3b83f889134852454b3e045c17ac876e952011706e912932ca8d2f7f2c19c8ec27ac81040b317b071d3cd3088d751052bb72b3d0f7c3b694e8dbb15b771f57cdeda7969aaf20708384b50757b6cc7f3a3ef75da8d23ad68a24122c11aa90190b93da09dff0cd1e927daecb93cbf5f3d58579f7864adf5cc94717e60eb7dd4ad3a392eeace1d82c2e0ab639889715affa8d8364ff04abfaf4bbc2137b947790960210759f35e9bf8d6da87b1fb13b650615e8c1ece96c6e5599c761d11063e0f6f3e0d1f8ba1996bcb34dcd2cf9f1d7d15bbb071c98ce124339532852a8da3bbe10bec6aac17837eda287102d97369a8af323812c08781262cc3946903b0b2e8da48782d7bf5f597fd42f2ddda4c471719de65eee71db787c59aaebbb4e1a2a52005adfa79d1dddb2a30d37e703a84301a92c3b6f2dc83a6b15d704f336fce0158c4f05f1b6d5cf26eabbe2c98c02c86e64c6bf87cc2639065d1f4dbe4ba48568b22aa68ee96dd26ff371b2c0b5989903b5604bac88061f6fe0aeb7a508b8793cb98fa693054aaae56af946a9ac616dd862744907df1a12aea2f97d37cedd9fb84f7d48c4ef031a6df8316ae8921b00eed62c4fa73504d23f7bd968807fb0b4693410af98996aff6664d9a9a2b62cb521112ba81d080992636efb15ba428471a399000cfa772b65cd4a1f8c3703e5468adf676c7fa9256444b164a9d6129684b2d9d39efe3b1e4cd9adafef9ede7bf23dc4aa003426dcd7d16cecdf0160b11210c0138fc7c506b5100f62e8385ae75b7c53dd856f360c7d05a25a183c43ad7d4f472315834b1524e683172929fd8b58f2ceb3254638c17304cedf4ca447420c03f15c4fd3cf1f6c8444627c646bd3131a89c49b151f12a09dfc22f0dfda7e84c0af376456de040d3dabb4b6451a180a34af6d5f9d57bcdf93c11c54bec9032f5b80f90ef8284f9d9764a95133034e17deb0ad261affc68e3f8024431578ab2694c9e00c3f7554964fee466c3375728539e22c96fa78f634477e4ae8607f010059b400d889f635379d19a884adcff27efe26fdff10a5721f20905d9b21af947b499a5507a16968b3d2ec2c845a12779c9a9a9abf886aa974e5a00e810002be72e61d95a2ba4ebd988a1e3918d8f237826eccc82f2895d84aee6437b4901395a66c3b1a8746e86ef9208db288b073dd387072c8501dfb5e77f11fc9a864352b19fd79518be4a692404833fcbdf168b9b3a9e9504bc1af479cc62f301dcb7e95251474696b3833fdc543ab340af4871d7f2dedeaa6921f186f2214b0a7ec41fa2d9783b55e157226e2ca4ea3e6e1c0917293223f80db1f6156fbb6b1689cd889b7ca08563b0f88d23581b033e5f9ad12aedcf4148c954695c477fda6ec74eceeae3fc889c09c4522db9f40c5f494c2edd962cdfd07b7a408e3da9796df538a6fabce7b6fc2ef14c0e01852fb452d3caf835276e9fd3ca63ba82eab55ad030bc7e0d1aa4a3259f36a10d8bf49b1372cb7e08412c6b3abc4e020078634f35a5d64da1c6ed8c2a754fba6940ef16eb876591f85d3a79a306c4cb3ab8436899a46f78f114311c68b3c483824a00f6887e02869dda87a85b2c07d63ac3412fd1da27ac974bd791810c86558ab28186877b3da1178f1fad8a244b003679ec4714da2046dc651026ef2a843fef33a3ed9a4789aedfc4ba9fb97d6e62bb1a99b472d24cc9463f0721350fb8ce69a5d3315d36feba3408ea46c5a21296f32a4a112c07732d25d14596b6b9953d26f2bb4eb068df7235dac2826175824b69cbb9583bd98f248595cdbf63007419f4784e8c9e3a1a24d5b7ba18ac2b5a2ff603d9610bed863434c32822972913d8a9675188923769100c3fd4145aa4f27b28e22a7aa30382c109484ea50a9e0fc7d39af0ae1c34cdc6201196ee96819731c36f1a9121e4df2a2badbda4903981f1ea0d709919b12e39229ab039a3135b12dd83321106a45530f87734a35d36f580882e54cebf05425e9953ceda2aee91254bce2dda97b0d59464d937841c0103ed0901a2774e42ada75e08fa2206a5120341ebce3a30fd09198674dd68da229172f5ead678cb0e6d8767eb43b33c298985216cb7afe9468950018a9f9dc9f58e76d1a66ae959adef760bf48baeb8a830876e720d3a12d01bb8ea7130b3e993d3bee0540a177434e0a866b99dcb615925d3c56f9ec85a26c586c56b2b6b01394ea23b093238fbed0873f3761bf176f0755b4883d618d761224d0c94cbdde8acd2bc6f253163b6d1e128fdd928ca2f4b1c4d614cf8e5d6c33f7aade70dc5dfd28f98c6e3137d64fcdd14418a3d817ef3e414ecaf5850d9c62f2b43c74de5d8d9c4589ec22e4593c2126d7214d26f6f9b490608eb7d9a749542f41576efe94f6a990a662ad51961fd52ddf19f42da9ad0dc4e955c7a3c2bbdcbaecb9f1562d5cb28945d52e246a84373a6f40e1d3894e1f8dc36371aa842f2bb04c34f8cc4cfb28f0437b2e33f2b16e7a0ef113829c214f5b4f0bded8fc379f4bbeb1c1b6ad93ce82fbb025fa7819c8eeb7da500ea2148069ed98a088cf9b10e36e76ddad2db2a279f89a890fc0f48d1099fbfa1e11d23c031cc751a6e307f0a2e55490cc2ab0c2d9c5df3c28681a6e36827df173d436ae84c88287d7d4d35f676cebb988bca935510b5afc9971ff0f80532580fa9e13a0285ac90541f5afb2111d769bcc4aa82cc9d7c3e37fa8832d63b6b27eb989acb44ed3ac93cc15916932bb5c0c9ed0d6f531c90f98999df325b7315bc65866ae6ac5c6970bc06fe41177e7baf43d3141cd2c64c15e583fd49e6ee397bc8c87620ddf6278f63e8eb0d846c1e38b16a6f9a72710a9b05d9ad954144688219a7a360d7cac2659d7af000bb5c7a16a5443ac5f1fec693353bc2712142b4d53e220ffb402a0b893c80948ab605604b1deb0cc2bafc79aff2d38b673876122b2116fc54af58fc31488a3298a8e2842f4d6bd69baa91e8376e640c1fe50622d0f7c56adb939c0e5b3dd5669d5fddd95882f0d12729d8a0824ff1a22dde6d206c8709e4e0772a80547813bde587cd606db310d33fdc3d8eeed9400c636f2497f35b33b52fde051142570f5bba7fe2c026f5c4357d87b4027c3cf3a33a4f9104de8af92819bcb45999ef605d0ebcf96a13824568fa7f634f7cfe20f3db556908b920b2d70821bf75a466bf5a2c752ab5876191924a897cc845d4f7bb0d6b0680f0981105b8907b5c78357a6ef08966cb587b69123c6b3de5a78eff7842eeacebccf130250714874b30df50e99e1fecd1da3813ed289f9d8cfdcfe4d40821ba137d73a2cd059ef133945835d6466c0bb5aeefe0c97b68e71bef6073a12a3987f3cc591f80dc409b5fd5b731edf0dbd0224e3bc10242fb5e9e6df2bf71e588dd72da42b448d7b5f362b90f39a2b054c5cafb3f52241c7ff0c31140876c9eef277d124ec044a361a8b2994d09cf0691b46da4b5f63fe2cc3c08d3d8e8b64f12a7b1d764493f2dba0fec8fe97a3999a11e4c9d6a558c8d3a726423210f614513ff5169cd737f6b702c03939c491c24ed3cc2c57ddb459395adfdad9efee22057d042911ffc6ce727c43605173e1e4e2920c74add958058c53174e60204bcba639f2320dee64fce98c4be91ae8d309fc15a4c3f90055cf7dd509d30c4cc9ac07c5958aaa2be44cb2eb72ce0e6bae258744fe2c4e7e34d4f86a98c396e05cb278ad48ddf468351a1362b5ca96a60745c76b39ea90083d572cb073e850189a30f4380a560603bcc427d06d7dafe873a37fae91880c55f7703c43fa3558c9aa0eb2676e0fc023bb6c3657c221bab831005717346ca8e256bef4559e0210d5929b41cb495556a20d1d37eda8736b94f86161cec0034d8357069065a922c719b9817f6d17ad3974f3603a7bac6ec36eee4f902745d048aa0a35ba90f0aece398bc8b4985202df932fb13a8b6f054acfab96203280748655569e4ab3a3072f8ba686def2dff424405bf3d1d2ecb54566f1379b3cdb2a56647d0cf21d841bcc2925895f8ca137ce2770d8eb742f503e02ef90ffb21d0ba3c34f8ce47e70cf1e891b84d5ef5408ae5ed9bedbae311b1b3dcf6548e562cf93868cfbcdf2bd2dba8d2a362f962809fd9359af9fa16481dd5eb17c2ec156aed845d645beffa04a7bfc29f6be21e669c33825515f507d3fb9b52d11ce6ec15c0dcdbb71fba716b929f4cbd599d753fafda0ef1ac8aa52fa752eb49f5844f02c1267c73dd221d3879e62b350ee38fc652e9110d365c69039166244bfcddc1dcba35cb5bb5f47adc1763a38dc4108f96abd4cf4414f45ba847e6a2af4e4fb729d6242925c75fb19ad93d6339cc19c50f6b91a48323f487ba29ed3254197c2bcb6997d082f9af8141fc53c7b4276905377018d5a350eb356bde05deb745c2cb8f9158280aa33ca4e08402d24f40e04dc2f0b6a92c20827dfc142006efe17e16402e207636611f3fc923c6709769f3a1770bef782758719dcd7158e97264bd45922095262d684a97471cda70bb841c44b00dabc92883130ceaeb52a21b13bbd4d34e8f70d1dbbf713141f1667a6be174bb6c542e7cfd4b072ac5f313a9240d3c1e4023bf71ccb3c93a212105ea8d7639af630cf2cef0e409f8270120633ff80c108ba26014d175ffbe902c071f7263bebddee5ec9ec1322696779a73b8ff47674a14c130be896ee48ca5a10056bc02d51c9406f5fca491d6f84418b38946b819f9d7a1020d898e86b43bc5854a5aeaf70f52b8ddd43aa4766d88db48b0c6abc619b210bc214c6ff6225f76b26a00cae2e978d4534bb35a2cf99d8ebc345278e7963856209dc75ac2e0f4ce9874cf1f6d688423efb3538fda842f82e9fa4b27a656ed43b0475920c34a8003a17f6b3ed0b27497a2b4d4bb3fab373bc380b6b5fd0efc429497607a1ffed37d1aff7a090c6fc93c2b5e9cbec132f51ef7bb08b20e6de3c513eb5c191dd2d3a8a67692869dcbf775cea97bd30bd7001c48c8d6a2e11733c0714eaeeae8a1b7f9a09c454e5ea8441df77609d949fb59f30d13f65e798f9aba9d0c49429dc935c447cd467477071413c2ed493e9e8bef90fb05eb0b05a643007ad32ec1ca50de7f5dc26cd67e6ce2e8ae3859f292181a601172181cc7a1351e1493d8b5708dc12c590cd1463261ee8164c125a8084e08f215f0a9c7e4c91da1fa1a9b64e5063700b8885e27785327dcd944825f14fcde2722b1f0fadad6f054b6d952d4c1d6e7f7371153505f266fc2e711329e9c91406ecaf74226ce620aac9255e189abc3ae198b14610488edb5956eb529ee66242eea5cfc6d80592a803f728c7dcc87f50975a651aeba391a4d6bfc6c6cf9d69f3bbd1b0b33d828be612d9326e4132a18b180d7dce51b52eeb2fce90451abd5c4045a14b4582a11ad37c4efc3258b1a8becb07d69056b19d5d3c9378a57406d63bc496d7bda7282b73ad3858f910268cfbce58b888c14ba78b335df6bb728c9f1620ed28dba78e70a0f430d8fae59b12244217f83e5d6daa68721acd5c60f5bf81844d55854388047332f3ffe301a24adef1958d1f38ed488c013aeaeac725d392eea8", 0x1000, 0x4, 0x0, 0x1}, &(0x7f0000001a40)={0x0, 0x0, 0x0, 0x7, 0x3, r4, &(0x7f0000001980)="a11372bf4337128b0ec0802c8dbb2251037366df845a01e8349426a5ded9d589ac133d623260feccf5af2b75f2c0bdae8ed5e7fe2c60c4840b777e36fe1795501165e0db3559d204466a2ed3c864a049aad4613d277e223be615485018e82e21a5f315794497e71aab9312f498ecd5489ead953237c81f6be1f9ad46b761b13d90daaf7a483937523311c62b00002683e8a2cf97d016", 0x96, 0xeb8a, 0x0, 0x0, r7}])
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000001b0001c0"])

198.02379ms ago: executing program 2 (id=2526):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast2}, &(0x7f0000000200)=0x10)
bind$inet(r1, &(0x7f0000000240)={0x2, 0x4e23, @rand_addr=0x64010102}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
open(0x0, 0x0, 0x100)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\\\x00')
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
read$FUSE(r5, &(0x7f0000001300)={0x2020}, 0x2020)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000140)={[0x20000000007, 0x80, 0x2, 0x800002, 0xfffffffffffffffd, 0x7, 0x40, 0x0, 0x0, 0x40000, 0x5, 0x7f, 0x9, 0x1000000000400001, 0x1, 0x1002], 0x1, 0x1c0706})
r6 = syz_open_dev$I2C(&(0x7f00000002c0), 0x1, 0x0)
ioctl$I2C_RDWR(r6, 0x707, &(0x7f0000001440)={&(0x7f00000014c0)=[{0x9, 0x10, 0x110, &(0x7f0000001900)="8ebb2a9cddd819d4edb5054fe962df4b17ccddbd5e01000000000000802af7ac41740cfc96d51327d35776cab3bde2a1f017c2bacbe3764a42b57f5c2b8f6b75738c5d0a82710a4d810960ed1cb5557d49cf7fe28adb13a65040b2a1f84949672c99aa593315f698eaa46cd17ff97487e9bcc672f63e4625a5af9ab47a90fdef5739aba2724f8bd68ec0135067fc8c31f8194f7f1f43ed6d66144c0df0d05a7b611562bcbfd2ac6ae3a972a6e07c16000000002d73d65b708e29000000000000000005ac8704c3ab89d947000000000000000000000000e05a459e8ee35327d3f3a4c7d9e1e47f2f396e907ff08572129845302df2cdc72be761ea05880b4e6f28a448addfbb26183178e6c04559f93f"}, {0x5, 0x0, 0xeb, &(0x7f0000001600)="77ca707ca611ce4c8cc54758b39354f07248a11308b0a32fc1b621cd6a5fe894125d5426d84e9411417e552c2aa4e56d9a84394cb52f295a6f82a4240c46e10042ab6893b76cac29cf12e0416bb77f366e1ede49175ae57611560be8fcec3aceedcb76ad9b9c307a677d670d828cf13525782732de7f1039d185ebe7e374376fe9593560b0f7d96ff2f6806b472eda8dc899bd07bee241214097218be13f03bf2dfd02ad5fc4c2a5e6794a167c86a6200eed370c1c90f31d55f27ca46348885bcc530fdbf2ede07ca50b7be85665818d06f66a4503b9dfcab7b0847f1869cf5f7231ae300ea2633b30f4c9"}, {0x7, 0x1010, 0x40, &(0x7f0000001480)="0156e72606943fbdfe3b16ec80e2f4ad7543329bdd62b5ad7637391dc78029c4c66b90dbbd6e8e8b1f859156a8182e0bc926cd3a448f6292a070d87834868fe1"}], 0x26})
r7 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x25dfdbfc, {0x60, 0x0, 0x0, r9, {0x0, 0x6}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8, 0x3, 0xf3c4}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x2}, @TCA_FQ_CODEL_CE_THRESHOLD_MASK={0x5, 0xb, 0x6}]}}]}, 0x50}}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

197.78816ms ago: executing program 6 (id=2527):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0xee01, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95c, 0x0, 0x4000000201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x800000df})
r1 = socket$tipc(0x1e, 0x5, 0x0)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140)={0x42, 0xf5, 0x1}, 0x10)
capset(&(0x7f0000002040)={0x20071026}, &(0x7f0000002080)={0x1, 0xffff, 0x0, 0x3, 0xb, 0x6})
r3 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1812c1, 0x0)
fchown(r3, 0xee01, 0x0)

184.888873ms ago: executing program 1 (id=2528):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
sendto$inet6(r0, &(0x7f0000000500)="a4", 0x1, 0x4000041, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f0000000040)=[@in6={0xa, 0x4e21, 0x1, @remote, 0x7}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000540)=ANY=[], 0xed)

184.717612ms ago: executing program 6 (id=2529):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000400)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x3, 0x2a7345, 0x20d37, 0xfffffffffffffff0}) (fail_nth: 10)

60.080875ms ago: executing program 1 (id=2530):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000c3c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f00000000c0)={0x50, 0x0, r1, {0x7, 0x1f, 0x9, 0x7ab78c4493c52f9b, 0xcb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}}, 0x50)
openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1301, 0x9f)

59.870395ms ago: executing program 6 (id=2531):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r0}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

0s ago: executing program 6 (id=2532):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x4c050)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000002240)={&(0x7f0000000040)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in6=@private2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x330, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x40000000000000}}}, 0xb8}}, 0x0)
syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x700}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

[T12222] input: syz0 as /devices/virtual/input/input40
[  290.390215][   T40] audit: type=1400 audit(1751543667.223:725): avc:  denied  { ioctl } for  pid=12225 comm="syz.5.2139" path="socket:[29590]" dev="sockfs" ino=29590 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  290.619816][ T6133] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  290.759787][   T59] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  290.771595][ T6133] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.776645][ T6133] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  290.781155][ T6133] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.785486][ T6133] usb 6-1: config 0 descriptor??
[  290.790230][ T6133] pwc: Askey VC010 type 2 USB webcam detected.
[  290.911295][   T59] usb 11-1: Using ep0 maxpacket: 32
[  290.914081][   T59] usb 11-1: config 0 has an invalid interface number: 74 but max is 0
[  290.916562][   T59] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  290.919890][   T59] usb 11-1: config 0 has no interface number 0
[  290.921930][   T59] usb 11-1: config 0 interface 74 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  290.924686][   T59] usb 11-1: config 0 interface 74 has no altsetting 0
[  290.928316][   T59] usb 11-1: New USB device found, idVendor=1ae7, idProduct=9003, bcdDevice=44.08
[  290.931030][   T59] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.933288][   T59] usb 11-1: Product: syz
[  290.934538][   T59] usb 11-1: Manufacturer: syz
[  290.935883][   T59] usb 11-1: SerialNumber: syz
[  290.938557][   T59] usb 11-1: config 0 descriptor??
[  290.942053][   T59] em28xx 11-1:0.74: New device syz syz @ 480 Mbps (1ae7:9003, interface 74, class 74)
[  290.944708][   T59] em28xx 11-1:0.74: Video interface 74 found:
[  291.191052][ T6133] pwc: recv_control_msg error -32 req 02 val 2b00
[  291.194318][ T6133] pwc: recv_control_msg error -32 req 02 val 2700
[  291.197532][ T6133] pwc: recv_control_msg error -32 req 02 val 2c00
[  291.201386][ T6133] pwc: recv_control_msg error -32 req 04 val 1000
[  291.204569][ T6133] pwc: recv_control_msg error -32 req 04 val 1300
[  291.207501][ T6133] pwc: recv_control_msg error -32 req 04 val 1400
[  291.411248][ T6133] pwc: recv_control_msg error -71 req 02 val 2100
[  291.413594][ T6133] pwc: recv_control_msg error -71 req 04 val 1500
[  291.415833][ T6133] pwc: recv_control_msg error -71 req 02 val 2500
[  291.418064][ T6133] pwc: recv_control_msg error -71 req 02 val 2400
[  291.420399][ T6133] pwc: recv_control_msg error -71 req 02 val 2600
[  291.422635][ T6133] pwc: recv_control_msg error -71 req 02 val 2900
[  291.424880][ T6133] pwc: recv_control_msg error -71 req 02 val 2800
[  291.427174][ T6133] pwc: recv_control_msg error -71 req 04 val 1100
[  291.429455][ T6133] pwc: recv_control_msg error -71 req 04 val 1200
[  291.432849][ T6133] pwc: Registered as video103.
[  291.435282][ T6133] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb6/6-1/input/input41
[  291.444323][ T6133] usb 6-1: USB disconnect, device number 48
[  291.544676][   T59] em28xx 11-1:0.74: chip ID is em2765
[  291.821648][T12247] input: syz0 as /devices/virtual/input/input42
[  291.838503][   T59] em28xx 11-1:0.74: reading from i2c device at 0xa0 failed (error=-5)
[  291.841179][   T59] em28xx 11-1:0.74: board has no eeprom
[  291.849656][   T59] em28xx 11-1:0.74: writing to i2c device at 0xb8 failed (error=-5)
[  291.852151][   T59] em28xx 11-1:0.74: couldn't read from i2c device 0xb8: error -5
[  291.855105][   T59] em28xx 11-1:0.74: writing to i2c device at 0xba failed (error=-5)
[  291.857630][   T59] em28xx 11-1:0.74: couldn't read from i2c device 0xba: error -5
[  291.861009][   T59] em28xx 11-1:0.74: writing to i2c device at 0x90 failed (error=-5)
[  291.863571][   T59] em28xx 11-1:0.74: couldn't read from i2c device 0x90: error -5
[  291.866278][   T59] em28xx 11-1:0.74: writing to i2c device at 0x42 failed (error=-5)
[  291.869126][   T59] em28xx 11-1:0.74: couldn't read from i2c device 0x42: error -5
[  291.873178][   T59] em28xx 11-1:0.74: writing to i2c device at 0x60 failed (error=-5)
[  291.875592][   T59] em28xx 11-1:0.74: couldn't read from i2c device 0x60: error -5
[  291.877985][   T59] em28xx 11-1:0.74: No sensor detected
[  291.940138][   T59] em28xx 11-1:0.74: Identified as SpeedLink Vicious And Devine Laplace webcam (card=91)
[  291.943266][   T59] em28xx 11-1:0.74: Currently, V4L2 is not supported on this model
[  291.948050][   T59] usb 11-1: USB disconnect, device number 4
[  291.952656][   T59] em28xx 11-1:0.74: Disconnecting em28xx
[  291.954759][ T6134] em28xx 11-1:0.74: Registering snapshot button...
[  291.967511][ T6134] input: em28xx snapshot button as /devices/platform/dummy_hcd.6/usb11/11-1/11-1:0.74/input/input43
[  291.982345][ T6134] em28xx 11-1:0.74: Remote control support is not available for this card.
[  291.986542][   T59] em28xx 11-1:0.74: Closing input extension
[  291.989090][   T59] em28xx 11-1:0.74: Deregistering snapshot button
[  292.016089][   T59] em28xx 11-1:0.74: Freeing device
[  292.113071][T12269] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  292.118235][   T40] audit: type=1400 audit(1751543668.943:726): avc:  denied  { map } for  pid=12268 comm="syz.1.2159" path="socket:[29695]" dev="sockfs" ino=29695 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  292.289717][ T6940] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  292.359697][ T2295] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  292.439641][ T6940] usb 10-1: device descriptor read/64, error -71
[  292.551154][ T2295] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  292.554907][ T2295] usb 6-1: config 0 has no interfaces?
[  292.556621][ T2295] usb 6-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  292.559448][ T2295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.563208][ T2295] usb 6-1: config 0 descriptor??
[  292.689755][ T6940] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  292.821868][ T6940] usb 10-1: device descriptor read/64, error -71
[  292.940647][ T6940] usb usb10-port1: attempt power cycle
[  293.289687][ T6940] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  293.310631][ T6940] usb 10-1: device descriptor read/8, error -71
[  293.549858][ T6940] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  293.580334][ T6940] usb 10-1: device descriptor read/8, error -71
[  293.699939][ T6940] usb usb10-port1: unable to enumerate USB device
[  295.139837][T12125] usb 6-1: USB disconnect, device number 49
[  295.331817][T12294] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2169'.
[  295.435976][T12298] binder: 12297:12298 ioctl c0306201 200000001a80 returned -11
[  295.509635][ T6940] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  295.661516][ T6940] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  295.666020][ T6940] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  295.669521][ T6940] usb 10-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  295.673450][ T6940] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  295.678967][ T6940] usb 10-1: config 0 descriptor??
[  295.719670][T12125] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  295.849770][T12125] usb 11-1: device descriptor read/64, error -71
[  296.102631][ T6940] steelseries 0003:1038:12B6.0013: hidraw1: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.5-1/input0
[  296.119780][T12125] usb 11-1: new high-speed USB device number 6 using dummy_hcd
[  296.259682][T12125] usb 11-1: device descriptor read/64, error -71
[  296.329684][ T2295] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  296.370287][T12125] usb usb11-port1: attempt power cycle
[  296.491302][ T2295] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.494849][ T2295] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.498101][ T2295] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  296.501304][ T2295] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.505800][ T2295] usb 6-1: config 0 descriptor??
[  296.512059][ T6134] usb 10-1: USB disconnect, device number 18
[  296.719694][T12125] usb 11-1: new high-speed USB device number 7 using dummy_hcd
[  296.740208][T12125] usb 11-1: device descriptor read/8, error -71
[  296.915141][ T2295] usbhid 6-1:0.0: can't add hid device: -71
[  296.917793][ T2295] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  296.922458][ T2295] usb 6-1: USB disconnect, device number 50
[  296.979754][T12125] usb 11-1: new high-speed USB device number 8 using dummy_hcd
[  297.003210][T12125] usb 11-1: device descriptor read/8, error -71
[  297.109944][T12125] usb usb11-port1: unable to enumerate USB device
[  297.329701][   T10] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  297.480921][   T10] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  297.483585][   T10] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  297.486690][   T10] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  297.489785][   T10] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  297.493613][   T10] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  297.498331][   T10] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  297.501395][   T10] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  297.503976][   T10] usb 10-1: Product: syz
[  297.505344][   T10] usb 10-1: Manufacturer: syz
[  297.512953][   T10] cdc_wdm 10-1:1.0: skipping garbage
[  297.514904][   T10] cdc_wdm 10-1:1.0: skipping garbage
[  297.517780][   T10] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  297.519959][   T10] cdc_wdm 10-1:1.0: Unknown control protocol
[  297.547422][T12321] binder: 12320:12321 ioctl c0306201 200000001a80 returned -11
[  297.920060][   T61] usb 10-1: USB disconnect, device number 19
[  298.049677][T12125] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  298.209684][T12125] usb 6-1: Using ep0 maxpacket: 32
[  298.213742][T12125] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  298.217996][T12125] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[  298.222027][T12125] usb 6-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  298.229429][T12125] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  298.233543][T12125] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.236884][T12125] usb 6-1: Product: syz
[  298.238729][T12125] usb 6-1: Manufacturer: syz
[  298.241003][T12125] usb 6-1: SerialNumber: syz
[  298.246403][T12125] cdc_ncm 6-1:1.0: skipping garbage
[  298.248086][T12125] cdc_ncm 6-1:1.0: skipping garbage
[  298.249907][T12125] cdc_ncm 6-1:1.0: CDC Union missing and no IAD found
[  298.252078][T12125] cdc_ncm 6-1:1.0: bind() failure
[  298.447559][T12125] usb 6-1: USB disconnect, device number 51
[  298.500296][   T40] audit: type=1400 audit(1751543675.323:727): avc:  denied  { connect } for  pid=12337 comm="syz.5.2189" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  298.909741][ T6134] usb 11-1: new high-speed USB device number 9 using dummy_hcd
[  299.073022][ T6134] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.099715][ T6134] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  299.106360][ T6134] usb 11-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  299.110321][ T6134] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.116296][ T6134] usb 11-1: config 0 descriptor??
[  299.530691][ T6134] kovaplus 0003:1E7D:2D50.0014: item fetching failed at offset 1/5
[  299.533390][ T6134] kovaplus 0003:1E7D:2D50.0014: parse failed
[  299.535695][ T6134] kovaplus 0003:1E7D:2D50.0014: probe with driver kovaplus failed with error -22
[  299.731141][ T6133] usb 11-1: USB disconnect, device number 9
[  299.790424][   T34] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[  299.899707][ T6134] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  299.941318][   T34] usb 10-1: config 5 has an invalid interface number: 123 but max is 0
[  299.943989][   T34] usb 10-1: config 5 has no interface number 0
[  299.945953][   T34] usb 10-1: config 5 interface 123 altsetting 7 endpoint 0x4 has invalid maxpacket 1023, setting to 64
[  299.949691][   T34] usb 10-1: config 5 interface 123 has no altsetting 0
[  299.953407][   T34] usb 10-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7
[  299.956213][   T34] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.958739][   T34] usb 10-1: Product: syz
[  299.960299][   T34] usb 10-1: Manufacturer: syz
[  299.961802][   T34] usb 10-1: SerialNumber: syz
[  299.965432][T12360] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  300.029708][ T6134] usb 6-1: device descriptor read/64, error -71
[  300.187359][   T34] comedi comedi0: Wrong number of endpoints
[  300.189355][   T34] ni6501 10-1:5.123: driver 'ni6501' failed to auto-configure device.
[  300.195999][   T34] usb 10-1: USB disconnect, device number 20
[  300.280992][ T6134] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  300.420062][ T6134] usb 6-1: device descriptor read/64, error -71
[  300.529851][ T6134] usb usb6-port1: attempt power cycle
[  300.889682][ T6134] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  300.910139][ T6134] usb 6-1: device descriptor read/8, error -71
[  301.159764][ T6134] usb 6-1: new high-speed USB device number 55 using dummy_hcd
[  301.180996][ T6134] usb 6-1: device descriptor read/8, error -71
[  301.293623][ T6134] usb usb6-port1: unable to enumerate USB device
[  301.989257][T12404] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  301.991377][T12404] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  301.994517][T12404] vhci_hcd vhci_hcd.0: Device attached
[  302.002814][T12405] vhci_hcd: cannot find a urb of seqnum 0 max seqnum 0
[  302.007129][ T1143] vhci_hcd: stop threads
[  302.008505][ T1143] vhci_hcd: release socket
[  302.010459][ T1143] vhci_hcd: disconnect device
[  302.199679][   T10] usb 11-1: new high-speed USB device number 10 using dummy_hcd
[  302.350337][   T10] usb 11-1: Using ep0 maxpacket: 8
[  302.356611][   T10] usb 11-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  302.360249][   T10] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.362838][   T10] usb 11-1: Product: syz
[  302.364411][   T10] usb 11-1: Manufacturer: syz
[  302.366222][   T10] usb 11-1: SerialNumber: syz
[  302.370079][   T10] usb 11-1: config 0 descriptor??
[  302.374120][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  303.079792][    T9] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  303.231128][    T9] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[  303.234294][    T9] usb 6-1: config 0 has no interface number 0
[  303.238175][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  303.241161][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.243715][    T9] usb 6-1: Product: syz
[  303.245148][    T9] usb 6-1: Manufacturer: syz
[  303.246678][    T9] usb 6-1: SerialNumber: syz
[  303.249938][    T9] usb 6-1: config 0 descriptor??
[  303.333186][   T40] audit: type=1400 audit(1751543680.163:728): avc:  denied  { ioctl } for  pid=12423 comm="syz.5.2221" path="socket:[33893]" dev="sockfs" ino=33893 ioctlcmd=0x89a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  303.334247][T12424] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2221'.
[  303.533003][T12427] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12427 comm=syz.1.2220
[  303.641532][ T6075] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  303.680625][    T9] usb 6-1: Found UVC 0.08 device syz (046d:0823)
[  303.682818][    T9] usb 6-1: No valid video chain found.
[  303.686391][    T9] usb 6-1: USB disconnect, device number 56
[  303.790862][ T6075] usb 10-1: config 0 has no interfaces?
[  303.794397][ T6075] usb 10-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  303.797271][ T6075] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.800036][ T6075] usb 10-1: Product: syz
[  303.801502][ T6075] usb 10-1: Manufacturer: syz
[  303.803416][ T6075] usb 10-1: SerialNumber: syz
[  303.806110][ T6075] usb 10-1: config 0 descriptor??
[  304.051869][T12125] usb 10-1: USB disconnect, device number 21
[  304.387405][   T10] gspca_sonixj: reg_w1 err -71
[  304.388918][   T10] sonixj 11-1:0.0: probe with driver sonixj failed with error -71
[  304.392572][   T10] usb 11-1: USB disconnect, device number 10
[  304.599472][T12435] binder_alloc: 12434: binder_alloc_buf, no vma
[  304.602444][T12435] binder: 12434:12435 ioctl c0306201 200000001a80 returned -11
[  304.919705][ T2295] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  305.081143][ T2295] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.084777][ T2295] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.087903][ T2295] usb 10-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  305.092028][ T2295] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.100042][ T2295] usb 10-1: config 0 descriptor??
[  305.159715][   T10] usb 11-1: new high-speed USB device number 11 using dummy_hcd
[  305.290125][   T10] usb 11-1: device descriptor read/64, error -71
[  305.509094][ T2295] steelseries 0003:1038:12B6.0015: item fetching failed at offset 6/7
[  305.513191][ T2295] steelseries 0003:1038:12B6.0015: probe with driver steelseries failed with error -22
[  305.529643][   T10] usb 11-1: new high-speed USB device number 12 using dummy_hcd
[  305.659720][   T10] usb 11-1: device descriptor read/64, error -71
[  305.706403][ T2295] usb 10-1: USB disconnect, device number 22
[  305.770178][   T10] usb usb11-port1: attempt power cycle
[  306.109868][   T10] usb 11-1: new high-speed USB device number 13 using dummy_hcd
[  306.130572][   T10] usb 11-1: device descriptor read/8, error -71
[  306.169825][T12125] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  306.319872][T12125] usb 6-1: Using ep0 maxpacket: 16
[  306.324121][T12125] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.328261][T12125] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  306.332099][T12125] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  306.335693][T12125] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.340994][T12125] usb 6-1: config 0 descriptor??
[  306.369703][   T10] usb 11-1: new high-speed USB device number 14 using dummy_hcd
[  306.390372][   T10] usb 11-1: device descriptor read/8, error -71
[  306.500046][   T10] usb usb11-port1: unable to enumerate USB device
[  306.501053][ T6940] usb 10-1: new full-speed USB device number 23 using dummy_hcd
[  306.615448][T12463] binder_alloc: 12462: binder_alloc_buf, no vma
[  306.617789][T12463] binder: 12462:12463 ioctl c0306201 200000001a80 returned -11
[  306.645479][T12465] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2235'.
[  306.661249][ T6940] usb 10-1: config 0 has an invalid interface number: 128 but max is 0
[  306.663797][ T6940] usb 10-1: config 0 has no interface number 0
[  306.667591][ T6940] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  306.670778][ T6940] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.673286][ T6940] usb 10-1: Product: syz
[  306.674624][ T6940] usb 10-1: Manufacturer: syz
[  306.676111][ T6940] usb 10-1: SerialNumber: syz
[  306.678786][ T6940] usb 10-1: config 0 descriptor??
[  306.896746][T12470] random: crng reseeded on system resumption
[  307.687062][ T6940] usb 10-1: Firmware version (0.0) predates our first public release.
[  307.689992][ T6940] usb 10-1: Please update to version 0.2 or newer
[  307.733940][ T6940] usb 10-1: USB disconnect, device number 23
[  308.124939][T12494] binder_alloc: 12493: binder_alloc_buf, no vma
[  308.127345][T12494] binder: 12493:12494 ioctl c0306201 200000001a80 returned -11
[  308.459777][    T9] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[  308.579667][   T59] usb 11-1: new high-speed USB device number 15 using dummy_hcd
[  308.614852][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  308.619217][    T9] usb 10-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  308.622919][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.628523][    T9] usb 10-1: config 0 descriptor??
[  308.729670][   T59] usb 11-1: Using ep0 maxpacket: 8
[  308.733578][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 13
[  308.739301][   T59] usb 11-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  308.743186][   T59] usb 11-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  308.746562][   T59] usb 11-1: Product: syz
[  308.748348][   T59] usb 11-1: Manufacturer: syz
[  308.750443][   T59] usb 11-1: SerialNumber: syz
[  308.754649][   T59] usb 11-1: config 0 descriptor??
[  308.759087][   T59] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  308.839174][    T9] usbhid 10-1:0.0: can't add hid device: -71
[  308.841073][    T9] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  308.844273][    T9] usb 10-1: USB disconnect, device number 24
[  309.054400][   T24] usb 6-1: USB disconnect, device number 57
[  309.299644][ T6134] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[  309.419673][   T24] usb 6-1: new high-speed USB device number 58 using dummy_hcd
[  309.469600][ T6134] usb 10-1: Using ep0 maxpacket: 32
[  309.472733][ T6134] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  309.476134][ T6134] usb 10-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  309.479040][ T6134] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.483446][ T6134] usb 10-1: config 0 descriptor??
[  309.487084][ T6134] ldusb 10-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  309.491256][ T6134] ldusb 10-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  309.549708][   T24] usb 6-1: device descriptor read/64, error -71
[  309.562501][   T59] gspca_zc3xx: reg_w_i err -71
[  309.789701][   T24] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  309.929719][   T24] usb 6-1: device descriptor read/64, error -71
[  309.995294][ T6134] usb 10-1: USB disconnect, device number 25
[  309.998420][ T6134] ldusb 10-1:0.0: LD USB Device #0 now disconnected
[  310.040144][   T24] usb usb6-port1: attempt power cycle
[  310.149682][   T59] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  310.151906][   T59] gspca_zc3xx 11-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  310.155657][   T59] usb 11-1: USB disconnect, device number 15
[  310.389686][   T24] usb 6-1: new high-speed USB device number 60 using dummy_hcd
[  310.410044][   T24] usb 6-1: device descriptor read/8, error -71
[  310.609814][   T59] usb 11-1: new high-speed USB device number 16 using dummy_hcd
[  310.669729][   T24] usb 6-1: new high-speed USB device number 61 using dummy_hcd
[  310.690676][   T24] usb 6-1: device descriptor read/8, error -71
[  310.770490][   T59] usb 11-1: too many configurations: 9, using maximum allowed: 8
[  310.774764][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.778059][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.782433][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.785371][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.788108][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.792202][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.796895][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.801319][   T24] usb usb6-port1: unable to enumerate USB device
[  310.804537][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.809695][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.814337][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.818338][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.823094][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.826743][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.830388][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.833889][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.836762][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.841373][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.845839][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.849693][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.852725][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.857020][T12520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2252'.
[  310.859940][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.863827][   T59] usb 11-1: config 0 has 1 interface, different from the descriptor's value: 9
[  310.866705][   T59] usb 11-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  310.870684][   T59] usb 11-1: config 0 interface 0 has no altsetting 0
[  310.874424][   T59] usb 11-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  310.877871][   T59] usb 11-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  310.880602][   T59] usb 11-1: Product: syz
[  310.882024][   T59] usb 11-1: Manufacturer: syz
[  310.883538][   T59] usb 11-1: SerialNumber: syz
[  310.888299][   T59] usb 11-1: config 0 descriptor??
[  310.893667][   T59] yurex 11-1:0.0: USB YUREX device now attached to Yurex #0
[  310.944031][   T40] audit: type=1400 audit(1751543687.773:729): avc:  denied  { write } for  pid=12510 comm="syz.5.2250" name="mice" dev="devtmpfs" ino=939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  310.958657][T12522] TCP: TCP_TX_DELAY enabled
[  311.215977][    C2] usb 11-1: yurex_control_callback - control failed: -71
[  311.216524][    T9] usb 11-1: USB disconnect, device number 16
[  311.221610][T12523] yurex 11-1:0.0: yurex_write - failed to send bulk msg, error -19
[  311.222590][    T9] yurex 11-1:0.0: USB YUREX #0 now disconnected
[  311.413748][T12526] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2253'.
[  312.020086][   T59] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[  312.164104][T12552] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=12552 comm=syz.1.2264
[  312.169749][   T59] usb 10-1: Using ep0 maxpacket: 32
[  312.177903][   T59] usb 10-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  312.182113][   T59] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.190462][   T59] usb 10-1: config 0 descriptor??
[  312.195636][   T59] gspca_main: sunplus-2.14.0 probing 041e:400b
[  312.229663][ T6004] usb 11-1: new high-speed USB device number 17 using dummy_hcd
[  312.379632][ T6004] usb 11-1: Using ep0 maxpacket: 16
[  312.384022][ T6004] usb 11-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  312.386919][ T6004] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.389452][ T6004] usb 11-1: Product: syz
[  312.390951][ T6004] usb 11-1: Manufacturer: syz
[  312.392452][ T6004] usb 11-1: SerialNumber: syz
[  312.397356][ T6004] usb 11-1: config 0 descriptor??
[  312.400388][ T6004] ftdi_sio 11-1:0.0: FTDI USB Serial Device converter detected
[  312.403632][ T6004] usb 11-1: Detected FT232H
[  312.601565][ T6004] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  312.609679][ T6075] usb 6-1: new high-speed USB device number 62 using dummy_hcd
[  312.764106][ T6075] usb 6-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  312.766945][ T6075] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.769454][ T6075] usb 6-1: Product: syz
[  312.771013][ T6075] usb 6-1: Manufacturer: syz
[  312.772913][ T6075] usb 6-1: SerialNumber: syz
[  312.775868][ T6075] usb 6-1: config 0 descriptor??
[  312.779043][ T6075] ch341 6-1:0.0: ch341-uart converter detected
[  313.012947][ T6004] usb 11-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  313.212866][    T9] usb 11-1: USB disconnect, device number 17
[  313.221279][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  313.224553][    T9] ftdi_sio 11-1:0.0: device disconnected
[  313.383426][ T6075] usb 6-1: failed to send control message: -71
[  313.385425][ T6075] ch341-uart ttyUSB1: probe with driver ch341-uart failed with error -71
[  313.390403][ T6075] usb 6-1: USB disconnect, device number 62
[  313.393348][ T6075] ch341 6-1:0.0: device disconnected
[  313.760982][T12560] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2268'.
[  313.801874][T12541] fuse: Bad value for 'group_id'
[  313.803518][T12541] fuse: Bad value for 'group_id'
[  313.806164][T12541] fuse: Unknown parameter '0x0000000000000005'
[  313.809714][   T59] gspca_sunplus: reg_w_riv err -71
[  313.811451][   T59] sunplus 10-1:0.0: probe with driver sunplus failed with error -71
[  313.817678][   T59] usb 10-1: USB disconnect, device number 26
[  314.189638][ T2295] usb 6-1: new high-speed USB device number 63 using dummy_hcd
[  314.319807][ T2295] usb 6-1: device descriptor read/64, error -71
[  314.341361][T12570] xt_hashlimit: size too large, truncated to 1048576
[  314.559715][ T2295] usb 6-1: new high-speed USB device number 64 using dummy_hcd
[  314.689690][ T2295] usb 6-1: device descriptor read/64, error -71
[  314.729848][    T9] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[  314.745768][T12584] @: renamed from vlan0 (while UP)
[  314.839912][ T2295] usb usb6-port1: attempt power cycle
[  314.881221][    T9] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  314.884399][    T9] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 3
[  314.901670][    T9] usb 10-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  314.905466][    T9] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  314.908805][    T9] usb 10-1: SerialNumber: syz
[  314.986306][T12591] netlink: 60 bytes leftover after parsing attributes in process `syz.6.2276'.
[  315.149201][    T9] usb 10-1: 0:2 : does not exist
[  315.154968][    T9] usb 10-1: unit 5 not found!
[  315.197393][    T9] usb 10-1: USB disconnect, device number 27
[  315.209776][ T2295] usb 6-1: new high-speed USB device number 65 using dummy_hcd
[  315.232411][ T2295] usb 6-1: device descriptor read/8, error -71
[  315.479820][ T2295] usb 6-1: new high-speed USB device number 66 using dummy_hcd
[  315.510347][ T2295] usb 6-1: device descriptor read/8, error -71
[  315.620773][ T2295] usb usb6-port1: unable to enumerate USB device
[  315.667822][T12602] xt_hashlimit: size too large, truncated to 1048576
[  315.693681][T12605] binder: BINDER_SET_CONTEXT_MGR already set
[  315.695792][T12605] binder: 12603:12605 ioctl 4018620d 200000000040 returned -16
[  315.698631][T12605] binder: 12603:12605 ioctl c0306201 200000001a80 returned -11
[  315.979709][    T9] usb 10-1: new high-speed USB device number 28 using dummy_hcd
[  316.049694][T12125] usb 11-1: new high-speed USB device number 18 using dummy_hcd
[  316.129662][    T9] usb 10-1: Using ep0 maxpacket: 32
[  316.133715][    T9] usb 10-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.138339][    T9] usb 10-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.142583][    T9] usb 10-1: config 0 interface 0 has no altsetting 0
[  316.146318][    T9] usb 10-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  316.150503][    T9] usb 10-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  316.153819][    T9] usb 10-1: Product: syz
[  316.157707][    T9] usb 10-1: config 0 descriptor??
[  316.201429][T12125] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.204782][T12125] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.207799][T12125] usb 11-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  316.210717][T12125] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.214645][T12125] usb 11-1: config 0 descriptor??
[  316.568049][    T9] waterforce 0003:1044:7A4D.0016: unknown main item tag 0x0
[  316.570823][    T9] waterforce 0003:1044:7A4D.0016: unknown main item tag 0x0
[  316.573947][    T9] waterforce 0003:1044:7A4D.0016: unknown main item tag 0x0
[  316.576991][    T9] waterforce 0003:1044:7A4D.0016: unknown main item tag 0x0
[  316.580936][    T9] waterforce 0003:1044:7A4D.0016: unknown main item tag 0x0
[  316.585630][    T9] waterforce 0003:1044:7A4D.0016: hidraw1: USB HID v0.05 Device [syz] on usb-dummy_hcd.5-1/input0
[  316.623248][T12125] usbhid 11-1:0.0: can't add hid device: -71
[  316.625282][T12125] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  316.628724][T12125] usb 11-1: USB disconnect, device number 18
[  316.640015][    T9] waterforce 0003:1044:7A4D.0016: fw version request failed with -38
[  316.768706][ T6940] usb 10-1: USB disconnect, device number 28
[  316.991968][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  316.994135][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  317.329944][   T40] audit: type=1400 audit(1751543694.163:730): avc:  denied  { map } for  pid=12616 comm="syz.6.2286" path="/proc/107/smaps" dev="proc" ino=34123 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  317.372041][T12428] usb 6-1: new high-speed USB device number 67 using dummy_hcd
[  317.411500][T12626] xfrm0: entered promiscuous mode
[  317.413203][T12626] xfrm0: entered allmulticast mode
[  317.514825][T12621] binder: 12620:12621 ioctl c0306201 200000000480 returned -14
[  317.531863][T12428] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  317.535089][T12428] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  317.538700][T12428] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  317.542395][T12428] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  317.544872][T12428] usb 6-1: SerialNumber: syz
[  317.749713][    T9] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  317.754222][T12428] usb 6-1: 0:2 : does not exist
[  317.755914][T12428] usb 6-1: unit 255 not found!
[  317.759973][T12428] usb 6-1: 5:0: cannot get min/max values for control 2 (id 5)
[  317.765601][T12428] usb 6-1: 5:0: cannot get min/max values for control 3 (id 5)
[  317.773627][T12428] usb 6-1: USB disconnect, device number 67
[  317.785486][ T6035] udevd[6035]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  317.899668][    T9] usb 10-1: Using ep0 maxpacket: 16
[  317.903250][    T9] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 244, using maximum allowed: 30
[  317.906586][    T9] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  317.910559][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 65504, setting to 1024
[  317.913981][    T9] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 1024
[  317.917013][    T9] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  317.920172][    T9] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  317.923069][    T9] usb 10-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 244
[  317.928517][    T9] usb 10-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  317.931485][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.933963][    T9] usb 10-1: Product: syz
[  317.935291][    T9] usb 10-1: Manufacturer: syz
[  317.936767][    T9] usb 10-1: SerialNumber: syz
[  317.940284][    T9] usb 10-1: config 0 descriptor??
[  317.942402][T12621] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  317.945634][    T9] port100 10-1:0.0: NFC: Could not get supported command types
[  318.160198][    T9] usb 10-1: USB disconnect, device number 29
[  318.459698][T12125] usb 11-1: new full-speed USB device number 19 using dummy_hcd
[  318.559744][   T59] usb 6-1: new high-speed USB device number 68 using dummy_hcd
[  318.611314][T12125] usb 11-1: unable to get BOS descriptor or descriptor too short
[  318.614097][T12125] usb 11-1: not running at top speed; connect to a high speed hub
[  318.619271][T12125] usb 11-1: config 1 has an invalid descriptor of length 130, skipping remainder of the config
[  318.624504][T12125] usb 11-1: config 1 has 1 interface, different from the descriptor's value: 3
[  318.630529][T12125] usb 11-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  318.634317][T12125] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.637594][T12125] usb 11-1: Product: syz
[  318.639459][T12125] usb 11-1: Manufacturer: syz
[  318.641719][T12125] usb 11-1: SerialNumber: syz
[  318.716304][T12645] binder: BINDER_SET_CONTEXT_MGR already set
[  318.718214][T12645] binder: 12644:12645 ioctl 4018620d 200000000040 returned -16
[  318.721397][T12645] binder: 12644:12645 ioctl c0306201 200000001a80 returned -11
[  318.729803][   T59] usb 6-1: Using ep0 maxpacket: 16
[  318.733769][   T59] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  318.738843][   T59] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  318.746425][   T59] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  318.750212][   T59] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.754013][   T59] usb 6-1: Product: syz
[  318.755809][   T59] usb 6-1: Manufacturer: syz
[  318.756522][T12647] xt_hashlimit: size too large, truncated to 1048576
[  318.757682][   T59] usb 6-1: SerialNumber: syz
[  318.764344][   T59] usb 6-1: config 0 descriptor??
[  318.769844][   T59] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  318.773638][   T59] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  319.181743][T12652] syzkaller1: entered promiscuous mode
[  319.183585][T12652] syzkaller1: entered allmulticast mode
[  319.372785][   T59] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  319.375178][   T59] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  320.260311][   T29] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  320.381375][   T59] em28xx 6-1:0.0: AC97 vendor ID = 0x00fc00fe
[  320.411093][   T29] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  320.413696][   T29] usb 10-1: config 0 has no interface number 0
[  320.415685][   T29] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  320.419077][   T29] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  320.422913][   T29] usb 10-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  320.425816][   T29] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.430090][   T29] usb 10-1: config 0 descriptor??
[  320.582191][   T59] em28xx 6-1:0.0: Unknown AC97 audio processor detected!
[  320.584695][   T59] em28xx 6-1:0.0: couldn't setup AC97 register 2
[  320.586921][   T59] em28xx 6-1:0.0: couldn't setup AC97 register 4
[  320.589205][   T59] em28xx 6-1:0.0: couldn't setup AC97 register 6
[  320.591612][   T59] em28xx 6-1:0.0: couldn't setup AC97 register 54
[  320.593875][   T59] em28xx 6-1:0.0: couldn't setup AC97 register 56
[  320.597608][   T59] usb 6-1: USB disconnect, device number 68
[  320.844007][   T29] prodikeys 0003:041E:2801.0017: hidraw1: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.5-1/input1
[  320.850192][   T29] hid_prodikeys: hid-prodikeys: failed to find output report
[  320.850192][   T29] 
[  321.039191][T12665] fuse: Bad value for 'group_id'
[  321.041650][T12665] fuse: Bad value for 'group_id'
[  321.181391][T12125] usb 11-1: 0:2 : does not exist
[  321.195508][T12125] usb 11-1: USB disconnect, device number 19
[  321.211632][ T6035] udevd[6035]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb11/11-1/11-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  321.527375][T12679] syzkaller1: entered promiscuous mode
[  321.529143][T12679] syzkaller1: entered allmulticast mode
[  321.556548][T12125] usb 10-1: USB disconnect, device number 30
[  321.899813][T12125] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[  322.073671][T12125] usb 10-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  322.077657][T12125] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.089693][T12125] usb 10-1: Product: syz
[  322.091547][T12125] usb 10-1: Manufacturer: syz
[  322.093559][T12125] usb 10-1: SerialNumber: syz
[  322.110067][T12125] usb 10-1: config 0 descriptor??
[  322.118314][T12125] gspca_main: sq905c-2.14.0 probing 2770:9052
[  322.127150][ T6001] usb 7-1: Failed to load image "edgeport/down.fw" err -110
[  322.133467][ T6001] usb 7-1: Direct firmware load for edgeport/boot.fw failed with error -2
[  322.136190][ T6001] usb 7-1: Falling back to sysfs fallback for: edgeport/boot.fw
[  322.157192][T12699] xt_hashlimit: size too large, truncated to 1048576
[  322.292740][T12705] binder: 12704:12705 ioctl c0306201 200000001a80 returned -11
[  322.649216][   T40] audit: type=1400 audit(1751543699.473:731): avc:  denied  { map } for  pid=12716 comm="syz.6.2317" path="/dev/video3" dev="devtmpfs" ino=959 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  322.736371][T12125] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[  322.743739][T12125] sq905c 10-1:0.0: probe with driver sq905c failed with error -71
[  322.750458][T12125] usb 10-1: USB disconnect, device number 31
[  323.274356][T12725] xt_hashlimit: size too large, truncated to 1048576
[  323.284475][T12726] netlink: 'syz.1.2318': attribute type 10 has an invalid length.
[  323.290863][T12726] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  323.295581][T12726] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2318'.
[  323.298377][T12726] bridge_slave_1: left allmulticast mode
[  323.301770][T12726] bridge_slave_1: left promiscuous mode
[  323.303631][T12726] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.307189][T12726] bridge_slave_0: left allmulticast mode
[  323.308937][T12726] bridge_slave_0: left promiscuous mode
[  323.311672][T12726] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.323179][T12726] bond0: (slave bridge0): Releasing backup interface
[  323.434579][T12734] binder: BINDER_SET_CONTEXT_MGR already set
[  323.436774][T12734] binder: 12733:12734 ioctl 4018620d 200000000040 returned -16
[  323.440648][T12734] binder: 12733:12734 ioctl c0306201 200000001a80 returned -11
[  324.675922][T12748] xt_hashlimit: size too large, truncated to 1048576
[  324.930328][T12755] netlink: 232 bytes leftover after parsing attributes in process `syz.5.2329'.
[  325.002060][T12755] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3070988179 (3070988179 ns) > initial count (1876204212 ns). Using initial count to start timer.
[  325.415936][T12762] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2331'.
[  325.496210][T12764] binder: BINDER_SET_CONTEXT_MGR already set
[  325.498817][T12764] binder: 12763:12764 ioctl 4018620d 200000000040 returned -16
[  325.504836][T12764] binder: 12763:12764 ioctl c0306201 200000001a80 returned -11
[  325.812855][   T40] audit: type=1400 audit(1751543702.643:732): avc:  denied  { associate } for  pid=12778 comm="syz.5.2338" name="cpuset.effective_cpus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  325.820902][   T40] audit: type=1400 audit(1751543702.643:733): avc:  denied  { read append } for  pid=12778 comm="syz.5.2338" name="cpuset.effective_cpus" dev="9p" ino=35913970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  325.835841][   T40] audit: type=1400 audit(1751543702.643:734): avc:  denied  { open } for  pid=12778 comm="syz.5.2338" path="/130/file0/cpuset.effective_cpus" dev="9p" ino=35913970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  325.846870][   T40] audit: type=1400 audit(1751543702.643:735): avc:  denied  { write } for  pid=12778 comm="syz.5.2338" name="cpuset.effective_cpus" dev="9p" ino=35913970 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  325.854772][   T40] audit: type=1400 audit(1751543702.663:736): avc:  denied  { unmount } for  pid=11304 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  325.927402][T12789] binder: BINDER_SET_CONTEXT_MGR already set
[  325.929367][T12789] binder: 12788:12789 ioctl 4018620d 200000000040 returned -16
[  325.932482][T12789] binder: 12788:12789 ioctl c0306201 200000001a80 returned -11
[  325.957723][T12791] FAULT_INJECTION: forcing a failure.
[  325.957723][T12791] name failslab, interval 1, probability 0, space 0, times 1
[  325.961736][T12791] CPU: 2 UID: 0 PID: 12791 Comm: syz.5.2343 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  325.961751][T12791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  325.961758][T12791] Call Trace:
[  325.961762][T12791]  <TASK>
[  325.961766][T12791]  dump_stack_lvl+0x16c/0x1f0
[  325.961802][T12791]  should_fail_ex+0x512/0x640
[  325.961821][T12791]  ? fs_reclaim_acquire+0xae/0x150
[  325.961834][T12791]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  325.961849][T12791]  should_failslab+0xc2/0x120
[  325.961865][T12791]  __kmalloc_noprof+0xd2/0x510
[  325.961881][T12791]  tomoyo_realpath_from_path+0xc2/0x6e0
[  325.961897][T12791]  ? tomoyo_profile+0x47/0x60
[  325.961914][T12791]  tomoyo_path_number_perm+0x245/0x580
[  325.961926][T12791]  ? tomoyo_path_number_perm+0x237/0x580
[  325.961940][T12791]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  325.961953][T12791]  ? find_held_lock+0x2b/0x80
[  325.961978][T12791]  ? find_held_lock+0x2b/0x80
[  325.961990][T12791]  ? hook_file_ioctl_common+0x145/0x410
[  325.962010][T12791]  ? __fget_files+0x20e/0x3c0
[  325.962026][T12791]  security_file_ioctl+0x9b/0x240
[  325.962041][T12791]  __x64_sys_ioctl+0xb7/0x210
[  325.962054][T12791]  do_syscall_64+0xcd/0x4c0
[  325.962071][T12791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  325.962082][T12791] RIP: 0033:0x7fc8edb8e929
[  325.962091][T12791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  325.962101][T12791] RSP: 002b:00007fc8ee9e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  325.962112][T12791] RAX: ffffffffffffffda RBX: 00007fc8eddb5fa0 RCX: 00007fc8edb8e929
[  325.962118][T12791] RDX: 0000200000000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  325.962124][T12791] RBP: 00007fc8ee9e3090 R08: 0000000000000000 R09: 0000000000000000
[  325.962130][T12791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  325.962137][T12791] R13: 0000000000000000 R14: 00007fc8eddb5fa0 R15: 00007fffc4fbdf68
[  325.962149][T12791]  </TASK>
[  325.962154][T12791] ERROR: Out of memory at tomoyo_realpath_from_path.
[  326.100595][T12801] FAULT_INJECTION: forcing a failure.
[  326.100595][T12801] name failslab, interval 1, probability 0, space 0, times 0
[  326.106542][T12801] CPU: 0 UID: 0 PID: 12801 Comm: syz.6.2348 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  326.106558][T12801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  326.106566][T12801] Call Trace:
[  326.106570][T12801]  <TASK>
[  326.106574][T12801]  dump_stack_lvl+0x16c/0x1f0
[  326.106593][T12801]  should_fail_ex+0x512/0x640
[  326.106607][T12801]  ? fs_reclaim_acquire+0xae/0x150
[  326.106619][T12801]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  326.106635][T12801]  should_failslab+0xc2/0x120
[  326.106651][T12801]  __kmalloc_noprof+0xd2/0x510
[  326.106664][T12801]  ? kernel_text_address+0x8d/0x100
[  326.106679][T12801]  tomoyo_realpath_from_path+0xc2/0x6e0
[  326.106694][T12801]  ? tomoyo_profile+0x47/0x60
[  326.106711][T12801]  tomoyo_path_number_perm+0x245/0x580
[  326.106723][T12801]  ? tomoyo_path_number_perm+0x237/0x580
[  326.106737][T12801]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  326.106750][T12801]  ? __pfx__kstrtoull+0x10/0x10
[  326.106764][T12801]  ? find_held_lock+0x2b/0x80
[  326.106787][T12801]  ? from_kuid+0x8d/0xd0
[  326.106799][T12801]  ? __pfx_from_kuid+0x10/0x10
[  326.106814][T12801]  tomoyo_path_chown+0x173/0x1b0
[  326.106830][T12801]  ? __pfx_tomoyo_path_chown+0x10/0x10
[  326.106847][T12801]  ? from_vfsuid+0xea/0x140
[  326.106858][T12801]  ? __pfx_from_vfsuid+0x10/0x10
[  326.106870][T12801]  security_path_chown+0x12a/0x2e0
[  326.106884][T12801]  chown_common+0x3d3/0x680
[  326.106903][T12801]  ? __pfx_chown_common+0x10/0x10
[  326.106927][T12801]  ksys_fchown+0x11a/0x190
[  326.106944][T12801]  __x64_sys_fchown+0x72/0xb0
[  326.106959][T12801]  ? lockdep_hardirqs_on+0x7c/0x110
[  326.106974][T12801]  do_syscall_64+0xcd/0x4c0
[  326.106990][T12801]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.107001][T12801] RIP: 0033:0x7f1f31f8e929
[  326.107010][T12801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.107021][T12801] RSP: 002b:00007f1f32d0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000005d
[  326.107032][T12801] RAX: ffffffffffffffda RBX: 00007f1f321b5fa0 RCX: 00007f1f31f8e929
[  326.107038][T12801] RDX: 0000000000000000 RSI: 000000000000ee01 RDI: 0000000000000004
[  326.107045][T12801] RBP: 00007f1f32d0f090 R08: 0000000000000000 R09: 0000000000000000
[  326.107051][T12801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.107057][T12801] R13: 0000000000000000 R14: 00007f1f321b5fa0 R15: 00007ffc1ae509a8
[  326.107070][T12801]  </TASK>
[  326.107075][T12801] ERROR: Out of memory at tomoyo_realpath_from_path.
[  326.155489][T12799] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2347'.
[  326.210087][   T40] audit: type=1800 audit(1751543703.033:737): pid=12799 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.2347" name="bus" dev="9p" ino=35913960 res=0 errno=0
[  326.260446][T12808] 9pnet_virtio: no channels available for device syz
[  326.431022][T12816] binder: 12815:12816 ioctl c0306201 200000001a80 returned -11
[  326.479695][   T24] usb 11-1: new high-speed USB device number 20 using dummy_hcd
[  326.641168][   T24] usb 11-1: Using ep0 maxpacket: 8
[  326.643989][T12834] FAULT_INJECTION: forcing a failure.
[  326.643989][T12834] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  326.644570][   T24] usb 11-1: config 0 has an invalid interface number: 186 but max is 0
[  326.648903][T12834] CPU: 1 UID: 0 PID: 12834 Comm: syz.5.2361 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  326.648919][T12834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  326.648926][T12834] Call Trace:
[  326.648931][T12834]  <TASK>
[  326.648935][T12834]  dump_stack_lvl+0x16c/0x1f0
[  326.648954][T12834]  should_fail_ex+0x512/0x640
[  326.648970][T12834]  _copy_from_user+0x2e/0xd0
[  326.648986][T12834]  copy_msghdr_from_user+0x98/0x160
[  326.649022][T12834]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  326.649047][T12834]  ___sys_sendmsg+0xfe/0x1d0
[  326.649062][T12834]  ? __pfx____sys_sendmsg+0x10/0x10
[  326.649075][T12834]  ? __lock_acquire+0x622/0x1c90
[  326.649106][T12834]  __sys_sendmsg+0x16d/0x220
[  326.649121][T12834]  ? __pfx___sys_sendmsg+0x10/0x10
[  326.649144][T12834]  do_syscall_64+0xcd/0x4c0
[  326.649160][T12834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.649171][T12834] RIP: 0033:0x7fc8edb8e929
[  326.649180][T12834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.649191][T12834] RSP: 002b:00007fc8ee9e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  326.649202][T12834] RAX: ffffffffffffffda RBX: 00007fc8eddb5fa0 RCX: 00007fc8edb8e929
[  326.649209][T12834] RDX: 0000000000008000 RSI: 0000200000000340 RDI: 0000000000000004
[  326.649215][T12834] RBP: 00007fc8ee9e3090 R08: 0000000000000000 R09: 0000000000000000
[  326.649221][T12834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.649227][T12834] R13: 0000000000000000 R14: 00007fc8eddb5fa0 R15: 00007fffc4fbdf68
[  326.649251][T12834]  </TASK>
[  326.652710][T12836] binder: 12835:12836 ioctl c0306201 200000001a80 returned -11
[  326.657497][   T24] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  326.657517][   T24] usb 11-1: config 0 has no interface number 0
[  326.657552][   T24] usb 11-1: config 0 interface 186 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  326.724432][   T24] usb 11-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  326.727260][   T24] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.729854][   T24] usb 11-1: Product: syz
[  326.731231][   T24] usb 11-1: Manufacturer: syz
[  326.732715][   T24] usb 11-1: SerialNumber: syz
[  326.735633][   T24] usb 11-1: config 0 descriptor??
[  326.738600][   T24] iowarrior 11-1:0.186: no interrupt-in endpoint found
[  328.501298][T12851] syz.2.2371 (12851): drop_caches: 1
[  328.508459][T12857] syz.2.2371 (12857): drop_caches: 1
[  328.547486][T12851] syz.2.2371 (12851): drop_caches: 1
[  328.556652][T12857] syz.2.2371 (12857): drop_caches: 1
[  328.582990][T12868] binder: 12867:12868 ioctl c0306201 200000001a80 returned -11
[  328.621436][T12870] FAULT_INJECTION: forcing a failure.
[  328.621436][T12870] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  328.625812][T12870] CPU: 2 UID: 0 PID: 12870 Comm: syz.1.2378 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  328.625829][T12870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  328.625835][T12870] Call Trace:
[  328.625840][T12870]  <TASK>
[  328.625844][T12870]  dump_stack_lvl+0x16c/0x1f0
[  328.625863][T12870]  should_fail_ex+0x512/0x640
[  328.625880][T12870]  _copy_from_user+0x2e/0xd0
[  328.625895][T12870]  copy_msghdr_from_user+0x98/0x160
[  328.625911][T12870]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  328.625932][T12870]  ___sys_sendmsg+0xfe/0x1d0
[  328.625947][T12870]  ? __pfx____sys_sendmsg+0x10/0x10
[  328.625961][T12870]  ? __lock_acquire+0x622/0x1c90
[  328.625993][T12870]  __sys_sendmsg+0x16d/0x220
[  328.626008][T12870]  ? __pfx___sys_sendmsg+0x10/0x10
[  328.626030][T12870]  do_syscall_64+0xcd/0x4c0
[  328.626047][T12870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.626058][T12870] RIP: 0033:0x7f74b858e929
[  328.626067][T12870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.626077][T12870] RSP: 002b:00007f74b93cc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.626088][T12870] RAX: ffffffffffffffda RBX: 00007f74b87b5fa0 RCX: 00007f74b858e929
[  328.626094][T12870] RDX: 0000000020000090 RSI: 0000200000000240 RDI: 0000000000000003
[  328.626101][T12870] RBP: 00007f74b93cc090 R08: 0000000000000000 R09: 0000000000000000
[  328.626107][T12870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.626113][T12870] R13: 0000000000000000 R14: 00007f74b87b5fa0 R15: 00007fffe823ca28
[  328.626126][T12870]  </TASK>
[  328.639656][   T40] audit: type=1326 audit(1751543705.463:738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12871 comm="syz.2.2379" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2e4d38e929 code=0x0
[  328.676445][T12874] xs_local_setup_socket: unhandled error (13) connecting to /var/run/rpcbind.sock
[  328.678917][   T40] audit: type=1400 audit(1751543705.483:739): avc:  denied  { ioctl } for  pid=12873 comm="syz.5.2377" path="/dev/btrfs-control" dev="devtmpfs" ino=1335 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  328.782691][   T40] audit: type=1400 audit(1751543705.613:740): avc:  denied  { append } for  pid=12875 comm="syz.1.2380" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  329.239494][   T24] usb 11-1: USB disconnect, device number 20
[  329.385683][T12895] binder: 12894:12895 ioctl c0306201 200000001a80 returned -11
[  329.502815][T12882] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  329.505904][T12882] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  329.508721][T12900] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  329.516662][T12882] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  329.523670][T12884] random: crng reseeded on system resumption
[  329.604877][T12907] FAULT_INJECTION: forcing a failure.
[  329.604877][T12907] name failslab, interval 1, probability 0, space 0, times 0
[  329.609016][T12907] CPU: 2 UID: 0 PID: 12907 Comm: syz.2.2388 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  329.609039][T12907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  329.609046][T12907] Call Trace:
[  329.609052][T12907]  <TASK>
[  329.609057][T12907]  dump_stack_lvl+0x16c/0x1f0
[  329.609076][T12907]  should_fail_ex+0x512/0x640
[  329.609091][T12907]  ? fs_reclaim_acquire+0xae/0x150
[  329.609108][T12907]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  329.609131][T12907]  should_failslab+0xc2/0x120
[  329.609154][T12907]  __kmalloc_noprof+0xd2/0x510
[  329.609177][T12907]  tomoyo_realpath_from_path+0xc2/0x6e0
[  329.609193][T12907]  ? tomoyo_profile+0x47/0x60
[  329.609210][T12907]  tomoyo_path_number_perm+0x245/0x580
[  329.609222][T12907]  ? tomoyo_path_number_perm+0x237/0x580
[  329.609235][T12907]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  329.609248][T12907]  ? find_held_lock+0x2b/0x80
[  329.609278][T12907]  ? find_held_lock+0x2b/0x80
[  329.609290][T12907]  ? hook_file_ioctl_common+0x145/0x410
[  329.609309][T12907]  ? __fget_files+0x20e/0x3c0
[  329.609326][T12907]  security_file_ioctl+0x9b/0x240
[  329.609341][T12907]  __x64_sys_ioctl+0xb7/0x210
[  329.609355][T12907]  do_syscall_64+0xcd/0x4c0
[  329.609375][T12907]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.609391][T12907] RIP: 0033:0x7f2e4d38e929
[  329.609401][T12907] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.609412][T12907] RSP: 002b:00007f2e4e1d3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  329.609422][T12907] RAX: ffffffffffffffda RBX: 00007f2e4d5b6080 RCX: 00007f2e4d38e929
[  329.609429][T12907] RDX: 0000200000000540 RSI: 00000000400442c8 RDI: 0000000000000005
[  329.609435][T12907] RBP: 00007f2e4e1d3090 R08: 0000000000000000 R09: 0000000000000000
[  329.609442][T12907] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.609448][T12907] R13: 0000000000000000 R14: 00007f2e4d5b6080 R15: 00007fffa5b9f838
[  329.609461][T12907]  </TASK>
[  329.609466][T12907] ERROR: Out of memory at tomoyo_realpath_from_path.
[  329.693564][T12909] FAULT_INJECTION: forcing a failure.
[  329.693564][T12909] name failslab, interval 1, probability 0, space 0, times 0
[  329.697562][T12909] CPU: 0 UID: 0 PID: 12909 Comm: syz.1.2392 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  329.697577][T12909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  329.697584][T12909] Call Trace:
[  329.697588][T12909]  <TASK>
[  329.697593][T12909]  dump_stack_lvl+0x16c/0x1f0
[  329.697612][T12909]  should_fail_ex+0x512/0x640
[  329.697627][T12909]  ? fs_reclaim_acquire+0xae/0x150
[  329.697639][T12909]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  329.697654][T12909]  should_failslab+0xc2/0x120
[  329.697670][T12909]  __kmalloc_noprof+0xd2/0x510
[  329.697686][T12909]  tomoyo_realpath_from_path+0xc2/0x6e0
[  329.697702][T12909]  ? tomoyo_profile+0x47/0x60
[  329.697719][T12909]  tomoyo_path_number_perm+0x245/0x580
[  329.697731][T12909]  ? tomoyo_path_number_perm+0x237/0x580
[  329.697745][T12909]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  329.697758][T12909]  ? find_held_lock+0x2b/0x80
[  329.697782][T12909]  ? find_held_lock+0x2b/0x80
[  329.697794][T12909]  ? hook_file_ioctl_common+0x145/0x410
[  329.697814][T12909]  ? __fget_files+0x20e/0x3c0
[  329.697830][T12909]  security_file_ioctl+0x9b/0x240
[  329.697845][T12909]  __x64_sys_ioctl+0xb7/0x210
[  329.697858][T12909]  do_syscall_64+0xcd/0x4c0
[  329.697874][T12909]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.697885][T12909] RIP: 0033:0x7f74b858e929
[  329.697894][T12909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.697905][T12909] RSP: 002b:00007f74b93cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  329.697915][T12909] RAX: ffffffffffffffda RBX: 00007f74b87b5fa0 RCX: 00007f74b858e929
[  329.697922][T12909] RDX: 0000200000000180 RSI: 00000000c008ae88 RDI: 0000000000000005
[  329.697928][T12909] RBP: 00007f74b93cc090 R08: 0000000000000000 R09: 0000000000000000
[  329.697935][T12909] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.697941][T12909] R13: 0000000000000000 R14: 00007f74b87b5fa0 R15: 00007fffe823ca28
[  329.697954][T12909]  </TASK>
[  329.697959][T12909] ERROR: Out of memory at tomoyo_realpath_from_path.
[  329.800039][ T6940] usb 11-1: new high-speed USB device number 21 using dummy_hcd
[  329.840456][   T24] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  329.951753][ T6940] usb 11-1: Using ep0 maxpacket: 8
[  329.956234][ T6940] usb 11-1: config 0 has an invalid interface number: 186 but max is 0
[  329.959684][ T6940] usb 11-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  329.963849][ T6940] usb 11-1: config 0 has no interface number 0
[  329.966466][ T6940] usb 11-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  329.970902][ T6940] usb 11-1: config 0 interface 186 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  329.974330][ T6940] usb 11-1: config 0 interface 186 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  329.980008][ T6940] usb 11-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  329.982874][ T6940] usb 11-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.985376][ T6940] usb 11-1: Product: syz
[  329.986718][ T6940] usb 11-1: Manufacturer: syz
[  329.988146][ T6940] usb 11-1: SerialNumber: syz
[  329.989747][   T24] usb 10-1: Using ep0 maxpacket: 8
[  329.992406][   T24] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  329.994177][ T6940] usb 11-1: config 0 descriptor??
[  329.995595][   T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  329.998752][ T6940] iowarrior 11-1:0.186: no interrupt-in endpoint found
[  330.001227][   T24] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  330.007531][   T24] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  330.013705][   T24] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  330.017527][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.071769][T12917] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2396'.
[  330.074716][T12917] openvswitch: netlink: Invalid MD length 0 for MD type 0
[  330.077073][T12917] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  330.230863][   T24] usb 10-1: usb_control_msg returned -32
[  330.232639][   T24] usbtmc 10-1:16.0: can't read capabilities
[  330.262206][T12921] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2397'.
[  330.291600][   T40] audit: type=1326 audit(1751543707.123:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12922 comm="syz.1.2398" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f74b858e929 code=0x0
[  330.392371][T12924] xt_hashlimit: size too large, truncated to 1048576
[  330.407574][   T40] audit: type=1400 audit(1751543707.233:742): avc:  denied  { mounton } for  pid=12925 comm="syz.2.2399" path="/syzcgroup/unified/syz2" dev="cgroup2" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  330.411076][T12927] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  330.418956][T12927] UDF-fs: Scanning with blocksize 512 failed
[  330.422623][T12927] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  330.425109][T12927] UDF-fs: Scanning with blocksize 1024 failed
[  330.427268][T12927] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  330.430059][T12927] UDF-fs: Scanning with blocksize 2048 failed
[  330.432155][T12927] UDF-fs: warning (device nullb0): udf_load_vrs: No VRS found
[  330.434406][T12927] UDF-fs: Scanning with blocksize 4096 failed
[  330.494465][T12933] FAULT_INJECTION: forcing a failure.
[  330.494465][T12933] name failslab, interval 1, probability 0, space 0, times 0
[  330.498706][T12933] CPU: 3 UID: 0 PID: 12933 Comm: syz.2.2400 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  330.498721][T12933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  330.498728][T12933] Call Trace:
[  330.498734][T12933]  <TASK>
[  330.498738][T12933]  dump_stack_lvl+0x16c/0x1f0
[  330.498759][T12933]  should_fail_ex+0x512/0x640
[  330.498774][T12933]  ? fs_reclaim_acquire+0xae/0x150
[  330.498785][T12933]  ? tomoyo_encode2+0x100/0x3e0
[  330.498799][T12933]  should_failslab+0xc2/0x120
[  330.498815][T12933]  __kmalloc_noprof+0xd2/0x510
[  330.498828][T12933]  ? d_absolute_path+0x136/0x1a0
[  330.498841][T12933]  tomoyo_encode2+0x100/0x3e0
[  330.498858][T12933]  tomoyo_encode+0x29/0x50
[  330.498871][T12933]  tomoyo_realpath_from_path+0x18f/0x6e0
[  330.498889][T12933]  tomoyo_path_number_perm+0x245/0x580
[  330.498901][T12933]  ? tomoyo_path_number_perm+0x237/0x580
[  330.498915][T12933]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  330.498928][T12933]  ? find_held_lock+0x2b/0x80
[  330.498953][T12933]  ? find_held_lock+0x2b/0x80
[  330.498965][T12933]  ? hook_file_ioctl_common+0x145/0x410
[  330.498984][T12933]  ? __fget_files+0x20e/0x3c0
[  330.499001][T12933]  security_file_ioctl+0x9b/0x240
[  330.499016][T12933]  __x64_sys_ioctl+0xb7/0x210
[  330.499029][T12933]  do_syscall_64+0xcd/0x4c0
[  330.499045][T12933]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  330.499056][T12933] RIP: 0033:0x7f2e4d38e929
[  330.499065][T12933] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  330.499076][T12933] RSP: 002b:00007f2e4e1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  330.499086][T12933] RAX: ffffffffffffffda RBX: 00007f2e4d5b5fa0 RCX: 00007f2e4d38e929
[  330.499093][T12933] RDX: 0000200000000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  330.499099][T12933] RBP: 00007f2e4e1f4090 R08: 0000000000000000 R09: 0000000000000000
[  330.499106][T12933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  330.499112][T12933] R13: 0000000000000000 R14: 00007f2e4d5b5fa0 R15: 00007fffa5b9f838
[  330.499125][T12933]  </TASK>
[  330.499136][T12933] ERROR: Out of memory at tomoyo_realpath_from_path.
[  330.595558][T12937] fuse: Unknown parameter 'grou00000000000000000000'
[  330.728293][   T40] audit: type=1400 audit(1751543707.553:743): avc:  denied  { unmount } for  pid=5931 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  330.909694][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  330.967571][   T40] audit: type=1326 audit(1751543707.793:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12960 comm="syz.2.2410" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2e4d38e929 code=0x0
[  331.214062][T12964] fuse: Unknown parameter 'grou00000000000000000000'
[  331.241017][   T40] audit: type=1400 audit(1751543708.073:745): avc:  denied  { shutdown } for  pid=12965 comm="syz.1.2412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  331.247348][   T40] audit: type=1400 audit(1751543708.073:746): avc:  denied  { read } for  pid=12965 comm="syz.1.2412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  331.378451][T12974] FAULT_INJECTION: forcing a failure.
[  331.378451][T12974] name failslab, interval 1, probability 0, space 0, times 0
[  331.383228][T12974] CPU: 2 UID: 0 PID: 12974 Comm: syz.1.2416 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  331.383247][T12974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  331.383257][T12974] Call Trace:
[  331.383264][T12974]  <TASK>
[  331.383270][T12974]  dump_stack_lvl+0x16c/0x1f0
[  331.383298][T12974]  should_fail_ex+0x512/0x640
[  331.383317][T12974]  ? fs_reclaim_acquire+0xae/0x150
[  331.383332][T12974]  ? tomoyo_encode2+0x100/0x3e0
[  331.383353][T12974]  should_failslab+0xc2/0x120
[  331.383376][T12974]  __kmalloc_noprof+0xd2/0x510
[  331.383403][T12974]  tomoyo_encode2+0x100/0x3e0
[  331.383430][T12974]  tomoyo_encode+0x29/0x50
[  331.383451][T12974]  tomoyo_realpath_from_path+0x18f/0x6e0
[  331.383475][T12974]  ? tomoyo_profile+0x47/0x60
[  331.383502][T12974]  tomoyo_path_number_perm+0x245/0x580
[  331.383520][T12974]  ? tomoyo_path_number_perm+0x237/0x580
[  331.383536][T12974]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  331.383556][T12974]  ? find_held_lock+0x2b/0x80
[  331.383597][T12974]  ? find_held_lock+0x2b/0x80
[  331.383614][T12974]  ? hook_file_ioctl_common+0x145/0x410
[  331.383639][T12974]  ? __fget_files+0x20e/0x3c0
[  331.383665][T12974]  security_file_ioctl+0x9b/0x240
[  331.383689][T12974]  __x64_sys_ioctl+0xb7/0x210
[  331.383708][T12974]  do_syscall_64+0xcd/0x4c0
[  331.383729][T12974]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.383745][T12974] RIP: 0033:0x7f74b858e929
[  331.383759][T12974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.383774][T12974] RSP: 002b:00007f74b93cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  331.383790][T12974] RAX: ffffffffffffffda RBX: 00007f74b87b5fa0 RCX: 00007f74b858e929
[  331.383800][T12974] RDX: 0000200000000180 RSI: 00000000c008ae88 RDI: 0000000000000005
[  331.383810][T12974] RBP: 00007f74b93cc090 R08: 0000000000000000 R09: 0000000000000000
[  331.383818][T12974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.383824][T12974] R13: 0000000000000000 R14: 00007f74b87b5fa0 R15: 00007fffe823ca28
[  331.383863][T12974]  </TASK>
[  331.383879][T12974] ERROR: Out of memory at tomoyo_realpath_from_path.
[  331.868935][ T5944] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  331.876859][ T5944] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  331.880821][ T5944] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  331.885485][ T5944] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  331.892211][ T5944] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  332.053951][T12985] chnl_net:caif_netlink_parms(): no params data found
[  332.070820][T12996] fuse: Unknown parameter 'grou00000000000000000000'
[  332.155207][T12985] bridge0: port 1(bridge_slave_0) entered blocking state
[  332.157629][T12985] bridge0: port 1(bridge_slave_0) entered disabled state
[  332.161017][T12985] bridge_slave_0: entered allmulticast mode
[  332.164097][T12985] bridge_slave_0: entered promiscuous mode
[  332.169479][T12985] bridge0: port 2(bridge_slave_1) entered blocking state
[  332.171932][T12985] bridge0: port 2(bridge_slave_1) entered disabled state
[  332.174483][T12985] bridge_slave_1: entered allmulticast mode
[  332.177324][T12985] bridge_slave_1: entered promiscuous mode
[  332.180972][T13003] syzkaller1: entered promiscuous mode
[  332.183314][T13003] syzkaller1: entered allmulticast mode
[  332.200688][   T40] audit: type=1400 audit(1751543709.023:747): avc:  denied  { getopt } for  pid=13002 comm="syz.2.2423" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  332.236217][T12985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  332.241299][T12985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  332.285395][T12985] team0: Port device team_slave_0 added
[  332.290541][T12985] team0: Port device team_slave_1 added
[  332.327151][T12985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  332.329537][T12985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.338964][T12985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  332.345434][T12985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  332.347964][T12985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  332.356851][T12985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  332.398301][T12985] hsr_slave_0: entered promiscuous mode
[  332.400608][T12985] hsr_slave_1: entered promiscuous mode
[  332.403410][T13009] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  332.566542][T12428] usb 11-1: USB disconnect, device number 21
[  332.629330][T13017] sch_fq: defrate 0 ignored.
[  332.707208][T13020] autofs: Unknown parameter 'ceph'
[  332.899189][T12985] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  332.905721][T12985] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  332.909709][T12985] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  332.913968][T12985] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  332.982619][T12985] 8021q: adding VLAN 0 to HW filter on device bond0
[  332.989819][ T5943] Bluetooth: hci2: command 0x0c1a tx timeout
[  333.003318][T12985] 8021q: adding VLAN 0 to HW filter on device team0
[  333.009244][ T1146] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.011486][ T1146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.017215][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  333.019416][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  333.164913][T12985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  333.188721][T12985] veth0_vlan: entered promiscuous mode
[  333.193823][T12985] veth1_vlan: entered promiscuous mode
[  333.207265][T12985] veth0_macvtap: entered promiscuous mode
[  333.211198][T12985] veth1_macvtap: entered promiscuous mode
[  333.220668][T12985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  333.226791][T12985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  333.231400][T12985] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  333.234019][T12985] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  333.236735][T12985] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  333.239350][T12985] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  333.281067][ T1146] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  333.283434][ T1146] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  333.298077][ T1146] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  333.301435][ T1146] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  333.345035][T13052] FAULT_INJECTION: forcing a failure.
[  333.345035][T13052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  333.349149][T13052] CPU: 3 UID: 0 PID: 13052 Comm: syz.2.2432 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  333.349165][T13052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  333.349172][T13052] Call Trace:
[  333.349176][T13052]  <TASK>
[  333.349181][T13052]  dump_stack_lvl+0x16c/0x1f0
[  333.349200][T13052]  should_fail_ex+0x512/0x640
[  333.349223][T13052]  _copy_from_user+0x2e/0xd0
[  333.349239][T13052]  ? __pfx_do_get_msr+0x10/0x10
[  333.349255][T13052]  msr_io+0x93/0x2a0
[  333.349268][T13052]  ? __pfx_msr_io+0x10/0x10
[  333.349278][T13052]  ? arch_stack_walk+0xa6/0x100
[  333.349291][T13052]  kvm_arch_vcpu_ioctl+0x7fb/0x5120
[  333.349301][T13052]  ? kvm_arch_vcpu_ioctl+0x7d2/0x5120
[  333.349313][T13052]  ? stack_trace_save+0x8e/0xc0
[  333.349327][T13052]  ? stack_depot_save_flags+0x28/0xa40
[  333.349341][T13052]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  333.349351][T13052]  ? __lock_acquire+0xb8a/0x1c90
[  333.349369][T13052]  ? kasan_save_stack+0x42/0x60
[  333.349382][T13052]  ? kasan_save_stack+0x33/0x60
[  333.349394][T13052]  ? kasan_save_track+0x14/0x30
[  333.349406][T13052]  ? kasan_save_free_info+0x3b/0x60
[  333.349416][T13052]  ? __kasan_slab_free+0x51/0x70
[  333.349429][T13052]  ? kfree+0x2b4/0x4d0
[  333.349439][T13052]  ? tomoyo_path_number_perm+0x470/0x580
[  333.349451][T13052]  ? security_file_ioctl+0x9b/0x240
[  333.349466][T13052]  ? __x64_sys_ioctl+0xb7/0x210
[  333.349478][T13052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.349490][T13052]  ? __lock_acquire+0xb8a/0x1c90
[  333.349510][T13052]  ? __mutex_trylock_common+0xe9/0x250
[  333.349527][T13052]  ? __pfx___mutex_trylock_common+0x10/0x10
[  333.349544][T13052]  ? __pfx___might_resched+0x10/0x10
[  333.349573][T13052]  ? rcu_is_watching+0x12/0xc0
[  333.349586][T13052]  ? trace_contention_end+0xdd/0x130
[  333.349603][T13052]  ? __mutex_lock+0x1ca/0xb90
[  333.349619][T13052]  ? kvm_vcpu_ioctl+0x280/0x1690
[  333.349633][T13052]  ? __pfx___mutex_lock+0x10/0x10
[  333.349653][T13052]  ? tomoyo_path_number_perm+0x18d/0x580
[  333.349668][T13052]  ? kvm_vcpu_ioctl+0x1236/0x1690
[  333.349679][T13052]  kvm_vcpu_ioctl+0x1236/0x1690
[  333.349693][T13052]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  333.349709][T13052]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  333.349726][T13052]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  333.349745][T13052]  ? hook_file_ioctl_common+0x145/0x410
[  333.349765][T13052]  ? selinux_file_ioctl+0x180/0x270
[  333.349778][T13052]  ? selinux_file_ioctl+0xb4/0x270
[  333.349793][T13052]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  333.349805][T13052]  __x64_sys_ioctl+0x18b/0x210
[  333.349818][T13052]  do_syscall_64+0xcd/0x4c0
[  333.349834][T13052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.349847][T13052] RIP: 0033:0x7f2e4d38e929
[  333.349861][T13052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.349876][T13052] RSP: 002b:00007f2e4e1f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  333.349894][T13052] RAX: ffffffffffffffda RBX: 00007f2e4d5b5fa0 RCX: 00007f2e4d38e929
[  333.349906][T13052] RDX: 0000200000000180 RSI: 00000000c008ae88 RDI: 0000000000000005
[  333.349916][T13052] RBP: 00007f2e4e1f4090 R08: 0000000000000000 R09: 0000000000000000
[  333.349928][T13052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.349938][T13052] R13: 0000000000000000 R14: 00007f2e4d5b5fa0 R15: 00007fffa5b9f838
[  333.349962][T13052]  </TASK>
[  333.400158][T13055] fuse: Unknown parameter 'group_i00000000000000000000'
[  333.729062][ T5944] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  333.735514][ T5944] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  333.742724][ T5944] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  333.756078][ T5944] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  333.761499][ T5944] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  333.811231][T13073] bridge0: port 3(vlan0) entered blocking state
[  333.813602][T13073] bridge0: port 3(vlan0) entered disabled state
[  333.815591][T13073] vlan0: entered allmulticast mode
[  333.817479][T13073] netdevsim netdevsim6 netdevsim0: entered allmulticast mode
[  333.823412][T13073] vlan0: entered promiscuous mode
[  333.825168][T13073] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  333.928740][T13083] program syz.6.2443 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  333.942170][T13070] chnl_net:caif_netlink_parms(): no params data found
[  333.959872][ T5944] Bluetooth: hci5: command tx timeout
[  334.026284][T13070] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.028978][T13070] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.031523][T13070] bridge_slave_0: entered allmulticast mode
[  334.034092][T13070] bridge_slave_0: entered promiscuous mode
[  334.038748][T13070] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.042088][T13070] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.044308][T13070] bridge_slave_1: entered allmulticast mode
[  334.046857][T13070] bridge_slave_1: entered promiscuous mode
[  334.091671][T13070] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.098757][T13070] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.153876][T13070] team0: Port device team_slave_0 added
[  334.160973][T13070] team0: Port device team_slave_1 added
[  334.202636][T13070] batman_adv: batadv0: Adding interface: batadv_slave_0
[  334.204764][T13070] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.213347][T13070] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  334.217947][T13070] batman_adv: batadv0: Adding interface: batadv_slave_1
[  334.222623][T13070] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  334.231957][T13070] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  334.293739][T13070] hsr_slave_0: entered promiscuous mode
[  334.297601][T13070] hsr_slave_1: entered promiscuous mode
[  334.300059][T13070] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  334.303141][T13070] Cannot create hsr debugfs directory
[  334.413327][   T46] bridge_slave_1: left allmulticast mode
[  334.415079][   T46] bridge_slave_1: left promiscuous mode
[  334.417169][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.422823][   T46] bridge_slave_0: left allmulticast mode
[  334.425108][   T46] bridge_slave_0: left promiscuous mode
[  334.427503][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.557273][   T46] bond0 (unregistering): (slave gretap1): Releasing backup interface
[  334.672280][   T46] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[  334.675096][   T46] bond_slave_0: left promiscuous mode
[  334.677556][   T46] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[  334.680777][   T46] bond_slave_1: left promiscuous mode
[  334.683136][   T46] 
 (unregistering): Released all slaves
[  334.729843][   T61] usb 6-1: new high-speed USB device number 69 using dummy_hcd
[  334.757807][   T46] bond0 (unregistering): Released all slaves
[  334.900122][   T61] usb 6-1: Using ep0 maxpacket: 8
[  334.907893][   T61] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  334.912627][   T61] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  334.915582][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  334.918698][   T61] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  334.924771][   T61] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  334.928690][   T61] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  334.939836][   T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.045847][   T46] hsr_slave_0: left promiscuous mode
[  335.048243][   T46] hsr_slave_1: left promiscuous mode
[  335.050615][   T46] batman_adv: batadv0: Removing interface: batadv_slave_0
[  335.053642][   T46] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.079971][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  335.149404][   T61] usb 6-1: usb_control_msg returned -32
[  335.152385][   T61] usbtmc 6-1:16.0: can't read capabilities
[  335.353130][T13114] FAULT_INJECTION: forcing a failure.
[  335.353130][T13114] name failslab, interval 1, probability 0, space 0, times 0
[  335.357033][T13114] CPU: 2 UID: 0 PID: 13114 Comm: syz.6.2449 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  335.357048][T13114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  335.357055][T13114] Call Trace:
[  335.357061][T13114]  <TASK>
[  335.357065][T13114]  dump_stack_lvl+0x16c/0x1f0
[  335.357084][T13114]  should_fail_ex+0x512/0x640
[  335.357101][T13114]  should_failslab+0xc2/0x120
[  335.357117][T13114]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  335.357131][T13114]  ? skb_clone+0x190/0x3f0
[  335.357149][T13114]  skb_clone+0x190/0x3f0
[  335.357164][T13114]  netlink_deliver_tap+0xabd/0xd30
[  335.357184][T13114]  netlink_unicast+0x5df/0x7f0
[  335.357196][T13114]  ? __pfx_netlink_unicast+0x10/0x10
[  335.357211][T13114]  netlink_sendmsg+0x8d1/0xdd0
[  335.357223][T13114]  ? __pfx_netlink_sendmsg+0x10/0x10
[  335.357239][T13114]  ____sys_sendmsg+0xa95/0xc70
[  335.357250][T13114]  ? copy_msghdr_from_user+0x10a/0x160
[  335.357265][T13114]  ? __pfx_____sys_sendmsg+0x10/0x10
[  335.357282][T13114]  ___sys_sendmsg+0x134/0x1d0
[  335.357297][T13114]  ? __pfx____sys_sendmsg+0x10/0x10
[  335.357310][T13114]  ? __lock_acquire+0x622/0x1c90
[  335.357343][T13114]  __sys_sendmsg+0x16d/0x220
[  335.357362][T13114]  ? __pfx___sys_sendmsg+0x10/0x10
[  335.357385][T13114]  do_syscall_64+0xcd/0x4c0
[  335.357402][T13114]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  335.357413][T13114] RIP: 0033:0x7f1f31f8e929
[  335.357422][T13114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  335.357432][T13114] RSP: 002b:00007f1f32d0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  335.357442][T13114] RAX: ffffffffffffffda RBX: 00007f1f321b5fa0 RCX: 00007f1f31f8e929
[  335.357449][T13114] RDX: 0000000020000090 RSI: 0000200000000240 RDI: 0000000000000003
[  335.357456][T13114] RBP: 00007f1f32d0f090 R08: 0000000000000000 R09: 0000000000000000
[  335.357462][T13114] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  335.357468][T13114] R13: 0000000000000000 R14: 00007f1f321b5fa0 R15: 00007ffc1ae509a8
[  335.357481][T13114]  </TASK>
[  335.791939][ T5944] Bluetooth: hci3: command tx timeout
[  335.807455][   T46] team0 (unregistering): Port device team_slave_1 removed
[  335.897695][   T46] team0 (unregistering): Port device team_slave_0 removed
[  335.911798][T13119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  335.915979][T13119] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.029705][ T5944] Bluetooth: hci5: command tx timeout
[  336.576491][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  336.576501][   T40] audit: type=1326 audit(1751543713.403:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13127 comm="syz.6.2452" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f31f8e929 code=0x0
[  336.593295][T13070] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  336.605687][T13070] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  336.618885][T13070] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  336.634736][T13070] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  336.691868][T13070] 8021q: adding VLAN 0 to HW filter on device bond0
[  336.706321][T13070] 8021q: adding VLAN 0 to HW filter on device team0
[  336.711999][ T1150] bridge0: port 1(bridge_slave_0) entered blocking state
[  336.714300][ T1150] bridge0: port 1(bridge_slave_0) entered forwarding state
[  336.721503][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.723706][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.849762][T13070] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.877109][T13070] veth0_vlan: entered promiscuous mode
[  336.884199][T13070] veth1_vlan: entered promiscuous mode
[  336.909278][T13070] veth0_macvtap: entered promiscuous mode
[  336.914622][T13070] veth1_macvtap: entered promiscuous mode
[  336.923326][T13070] batman_adv: batadv0: Interface activated: batadv_slave_0
[  336.931107][T13070] batman_adv: batadv0: Interface activated: batadv_slave_1
[  336.936328][T13070] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.939229][T13070] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.942760][T13070] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.945359][T13070] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  337.007848][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.010351][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.030959][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  337.034225][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  337.081385][   T40] audit: type=1400 audit(1751543713.913:751): avc:  denied  { map } for  pid=13140 comm="syz.2.2436" path="socket:[37740]" dev="sockfs" ino=37740 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  337.088616][   T40] audit: type=1400 audit(1751543713.913:752): avc:  denied  { accept } for  pid=13140 comm="syz.2.2436" path="socket:[37740]" dev="sockfs" ino=37740 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  337.097348][   T40] audit: type=1400 audit(1751543713.913:753): avc:  denied  { ioctl } for  pid=13140 comm="syz.2.2436" path="socket:[40221]" dev="sockfs" ino=40221 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  337.105294][   T40] audit: type=1400 audit(1751543713.913:754): avc:  denied  { bind } for  pid=13140 comm="syz.2.2436" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  337.111702][   T40] audit: type=1804 audit(1751543713.913:755): pid=13141 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.2.2436" name="/newroot/0/file0" dev="tmpfs" ino=18 res=1 errno=0
[  337.118883][   T40] audit: type=1800 audit(1751543713.913:756): pid=13141 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.2.2436" name="file0" dev="tmpfs" ino=18 res=0 errno=0
[  337.132124][T13143] use of bytesused == 0 is deprecated and will be removed in the future,
[  337.135266][T13143] use the actual size instead.
[  337.150939][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  337.212208][T13147] fuse: Unknown parameter 'group_id00000000000000000000'
[  337.432787][T13158] zonefs (nbd6) ERROR: Not a zoned block device
[  337.445321][T13158] netlink: 212376 bytes leftover after parsing attributes in process `syz.6.2459'.
[  337.462357][ T1146] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  337.465138][   T40] audit: type=1400 audit(1751543714.293:757): avc:  denied  { create } for  pid=13157 comm="syz.6.2459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  337.465834][T13158] x_tables: duplicate underflow at hook 2
[  337.473186][   T40] audit: type=1400 audit(1751543714.293:758): avc:  denied  { setopt } for  pid=13157 comm="syz.6.2459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  337.493898][T13161] tipc: Started in network mode
[  337.496010][T13161] tipc: Node identity 026495fe2eb5, cluster identity 4711
[  337.499105][T13161] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  337.546084][T13160] tipc: Disabling bearer <eth:syzkaller0>
[  337.687966][   T12] tipc: Subscription rejected, illegal request
[  337.736385][T13170] xt_hashlimit: size too large, truncated to 1048576
[  337.829041][T13174] fuse: Unknown parameter 'group_id00000000000000000000'
[  337.855962][T13176] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2465'.
[  337.869870][ T5944] Bluetooth: hci3: command tx timeout
[  337.932865][T13178] input: syz0 as /devices/virtual/input/input46
[  338.109764][ T5944] Bluetooth: hci5: command tx timeout
[  338.298741][   T40] audit: type=1326 audit(1751543715.123:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13181 comm="syz.6.2468" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f31f8e929 code=0x0
[  339.288966][T13193] fuse: Unknown parameter 'group_id00000000000000000000'
[  339.402949][T13195] xt_CT: You must specify a L4 protocol and not use inversions on it
[  339.616846][T13198] FAULT_INJECTION: forcing a failure.
[  339.616846][T13198] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.622271][T13198] CPU: 2 UID: 0 PID: 13198 Comm: syz.6.2475 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  339.622298][T13198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  339.622309][T13198] Call Trace:
[  339.622316][T13198]  <TASK>
[  339.622324][T13198]  dump_stack_lvl+0x16c/0x1f0
[  339.622354][T13198]  should_fail_ex+0x512/0x640
[  339.622388][T13198]  _copy_from_iter+0x29f/0x16f0
[  339.622421][T13198]  ? __pfx__copy_from_iter+0x10/0x10
[  339.622448][T13198]  ? rcu_is_watching+0x12/0xc0
[  339.622470][T13198]  ? trace_kmalloc+0x2b/0xd0
[  339.622496][T13198]  ? __kmalloc_noprof+0x242/0x510
[  339.622525][T13198]  kernfs_fop_write_iter+0x19a/0x510
[  339.622550][T13198]  vfs_write+0x6c4/0x1150
[  339.622573][T13198]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  339.622595][T13198]  ? __pfx___mutex_lock+0x10/0x10
[  339.622621][T13198]  ? __pfx_vfs_write+0x10/0x10
[  339.622660][T13198]  ksys_write+0x12a/0x250
[  339.622683][T13198]  ? __pfx_ksys_write+0x10/0x10
[  339.622711][T13198]  do_syscall_64+0xcd/0x4c0
[  339.622739][T13198]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.622773][T13198] RIP: 0033:0x7f1f31f8e929
[  339.622789][T13198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.622806][T13198] RSP: 002b:00007f1f32d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  339.622824][T13198] RAX: ffffffffffffffda RBX: 00007f1f321b5fa0 RCX: 00007f1f31f8e929
[  339.622836][T13198] RDX: 0000000000000006 RSI: 0000200000000300 RDI: 0000000000000005
[  339.622848][T13198] RBP: 00007f1f32d0f090 R08: 0000000000000000 R09: 0000000000000000
[  339.622859][T13198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.622870][T13198] R13: 0000000000000000 R14: 00007f1f321b5fa0 R15: 00007ffc1ae509a8
[  339.622895][T13198]  </TASK>
[  339.840532][T13202] netlink: 56 bytes leftover after parsing attributes in process `\'.
[  339.846623][T13202] bridge0: port 2(bridge_slave_1) entered disabled state
[  339.949871][ T5943] Bluetooth: hci3: command tx timeout
[  339.951796][ T5944] Bluetooth: hci2: command 0x0c1a tx timeout
[  339.959779][   T29] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  339.961793][   T29] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  340.189837][ T5944] Bluetooth: hci5: command tx timeout
[  340.898230][T13210] kvm: kvm [13208]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x8000000000000003
[  340.910895][T13118] usbtmc 10-1:16.0: usb_control_msg returned -110
[  340.929308][ T6075] usb 6-1: USB disconnect, device number 69
[  340.952137][T13212] FAULT_INJECTION: forcing a failure.
[  340.952137][T13212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.956260][T13212] CPU: 1 UID: 0 PID: 13212 Comm: syz.1.2480 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  340.956275][T13212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  340.956282][T13212] Call Trace:
[  340.956287][T13212]  <TASK>
[  340.956292][T13212]  dump_stack_lvl+0x16c/0x1f0
[  340.956311][T13212]  should_fail_ex+0x512/0x640
[  340.956327][T13212]  ? __pfx_do_get_msr+0x10/0x10
[  340.956344][T13212]  _copy_to_user+0x32/0xd0
[  340.956359][T13212]  ? __pfx_do_get_msr+0x10/0x10
[  340.956374][T13212]  msr_io+0x21f/0x2a0
[  340.956387][T13212]  ? __pfx_msr_io+0x10/0x10
[  340.956397][T13212]  ? arch_stack_walk+0xa6/0x100
[  340.956410][T13212]  kvm_arch_vcpu_ioctl+0x7fb/0x5120
[  340.956421][T13212]  ? kvm_arch_vcpu_ioctl+0x7d2/0x5120
[  340.956432][T13212]  ? stack_trace_save+0x8e/0xc0
[  340.956447][T13212]  ? stack_depot_save_flags+0x28/0xa40
[  340.956462][T13212]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[  340.956472][T13212]  ? __lock_acquire+0xb8a/0x1c90
[  340.956490][T13212]  ? kasan_save_stack+0x42/0x60
[  340.956503][T13212]  ? kasan_save_stack+0x33/0x60
[  340.956514][T13212]  ? kasan_save_track+0x14/0x30
[  340.956526][T13212]  ? kasan_save_free_info+0x3b/0x60
[  340.956537][T13212]  ? __kasan_slab_free+0x51/0x70
[  340.956550][T13212]  ? kfree+0x2b4/0x4d0
[  340.956559][T13212]  ? tomoyo_path_number_perm+0x470/0x580
[  340.956572][T13212]  ? security_file_ioctl+0x9b/0x240
[  340.956585][T13212]  ? __x64_sys_ioctl+0xb7/0x210
[  340.956596][T13212]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.956609][T13212]  ? __lock_acquire+0xb8a/0x1c90
[  340.956629][T13212]  ? __mutex_trylock_common+0xe9/0x250
[  340.956645][T13212]  ? __pfx___mutex_trylock_common+0x10/0x10
[  340.956662][T13212]  ? __pfx___might_resched+0x10/0x10
[  340.956677][T13212]  ? rcu_is_watching+0x12/0xc0
[  340.956689][T13212]  ? trace_contention_end+0xdd/0x130
[  340.956706][T13212]  ? __mutex_lock+0x1ca/0xb90
[  340.956723][T13212]  ? kvm_vcpu_ioctl+0x280/0x1690
[  340.956736][T13212]  ? __pfx___mutex_lock+0x10/0x10
[  340.956756][T13212]  ? tomoyo_path_number_perm+0x18d/0x580
[  340.956771][T13212]  ? kvm_vcpu_ioctl+0x1236/0x1690
[  340.956782][T13212]  kvm_vcpu_ioctl+0x1236/0x1690
[  340.956796][T13212]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  340.956812][T13212]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  340.956828][T13212]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  340.956847][T13212]  ? hook_file_ioctl_common+0x145/0x410
[  340.956867][T13212]  ? selinux_file_ioctl+0x180/0x270
[  340.956907][T13212]  ? selinux_file_ioctl+0xb4/0x270
[  340.956921][T13212]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  340.956934][T13212]  __x64_sys_ioctl+0x18b/0x210
[  340.956947][T13212]  do_syscall_64+0xcd/0x4c0
[  340.956964][T13212]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.956975][T13212] RIP: 0033:0x7f2b18b8e929
[  340.956985][T13212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.956995][T13212] RSP: 002b:00007f2b19acb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  340.957006][T13212] RAX: ffffffffffffffda RBX: 00007f2b18db5fa0 RCX: 00007f2b18b8e929
[  340.957012][T13212] RDX: 0000200000000180 RSI: 00000000c008ae88 RDI: 0000000000000005
[  340.957019][T13212] RBP: 00007f2b19acb090 R08: 0000000000000000 R09: 0000000000000000
[  340.957025][T13212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  340.957031][T13212] R13: 0000000000000000 R14: 00007f2b18db5fa0 R15: 00007ffec0563818
[  340.957044][T13212]  </TASK>
[  341.147952][T13217] team0: No ports can be present during mode change
[  341.151904][T13217] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2482'.
[  341.246890][T13217] team0 (unregistering): Port device team_slave_0 removed
[  341.253986][T13217] team0 (unregistering): Port device team_slave_1 removed
[  341.609746][ T6075] usb 6-1: new high-speed USB device number 70 using dummy_hcd
[  341.709952][    C2] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  341.759702][ T6075] usb 6-1: Using ep0 maxpacket: 16
[  341.763715][ T6075] usb 6-1: config 59 has an invalid interface number: 227 but max is 3
[  341.766396][ T6075] usb 6-1: config 59 has an invalid interface number: 26 but max is 3
[  341.768908][ T6075] usb 6-1: config 59 has an invalid interface number: 254 but max is 3
[  341.771873][ T6075] usb 6-1: config 59 contains an unexpected descriptor of type 0x2, skipping
[  341.774567][ T6075] usb 6-1: config 59 has an invalid interface number: 141 but max is 3
[  341.777297][ T6075] usb 6-1: config 59 has no interface number 0
[  341.779647][ T6075] usb 6-1: config 59 has no interface number 1
[  341.781572][ T6075] usb 6-1: config 59 has no interface number 2
[  341.783475][ T6075] usb 6-1: config 59 has no interface number 3
[  341.785416][ T6075] usb 6-1: config 59 interface 227 altsetting 8 endpoint 0x5 has invalid maxpacket 1024, setting to 64
[  341.788787][ T6075] usb 6-1: config 59 interface 227 altsetting 8 endpoint 0xA has invalid maxpacket 1023, setting to 64
[  341.792896][ T6075] usb 6-1: config 59 interface 227 altsetting 8 endpoint 0xB has invalid maxpacket 512, setting to 64
[  341.796236][ T6075] usb 6-1: config 59 interface 227 altsetting 8 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  341.799531][ T6075] usb 6-1: config 59 interface 227 altsetting 8 endpoint 0x7 has invalid maxpacket 1024, setting to 64
[  341.803173][ T6075] usb 6-1: config 59 interface 254 altsetting 192 has an invalid descriptor for endpoint zero, skipping
[  341.806528][ T6075] usb 6-1: config 59 interface 254 altsetting 192 endpoint 0x6 has invalid maxpacket 1024, setting to 64
[  341.810149][ T6075] usb 6-1: config 59 interface 254 altsetting 192 has a duplicate endpoint with address 0x6, skipping
[  341.813469][ T6075] usb 6-1: config 59 interface 254 altsetting 192 has a duplicate endpoint with address 0x8, skipping
[  341.816725][ T6075] usb 6-1: config 59 interface 254 altsetting 192 has a duplicate endpoint with address 0x5, skipping
[  341.820085][ T6075] usb 6-1: config 59 interface 254 altsetting 192 has an invalid descriptor for endpoint zero, skipping
[  341.823406][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0x4, skipping
[  341.826631][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has an invalid descriptor for endpoint zero, skipping
[  341.830240][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0xB, skipping
[  341.833506][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0xB, skipping
[  341.836700][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0x2, skipping
[  341.840001][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0x3, skipping
[  341.843240][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0xD, skipping
[  341.846478][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0xE, skipping
[  341.849796][ T6075] usb 6-1: config 59 interface 141 altsetting 12 has a duplicate endpoint with address 0x7, skipping
[  341.852980][ T6075] usb 6-1: config 59 interface 227 has no altsetting 0
[  341.855030][ T6075] usb 6-1: config 59 interface 26 has no altsetting 0
[  341.857074][ T6075] usb 6-1: config 59 interface 254 has no altsetting 0
[  341.859123][ T6075] usb 6-1: config 59 interface 141 has no altsetting 0
[  341.869170][ T6075] usb 6-1: New USB device found, idVendor=046d, idProduct=08a7, bcdDevice=32.4d
[  341.872179][ T6075] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.874632][ T6075] usb 6-1: Product: Ї
[  341.875913][ T6075] usb 6-1: Manufacturer: Љ
[  341.877326][ T6075] usb 6-1: SerialNumber: ᐁ
[  341.942587][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  341.942598][   T40] audit: type=1326 audit(1751543718.773:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13232 comm="syz.6.2487" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f31f8e929 code=0x0
[  342.029742][ T5944] Bluetooth: hci3: command tx timeout
[  342.029852][   T29] Bluetooth: hci5: Opcode 0x0c1a failed: -110
[  342.033407][   T29] Bluetooth: hci5: Error when powering off device on rfkill (-110)
[  342.087524][T13225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.092582][T13225] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.196336][   T40] audit: type=1400 audit(1751543719.023:766): avc:  denied  { map } for  pid=13243 comm="syz.2.2492" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  342.203547][   T40] audit: type=1400 audit(1751543719.023:767): avc:  denied  { execute } for  pid=13243 comm="syz.2.2492" path="/dev/hpet" dev="devtmpfs" ino=630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  342.295388][   T40] audit: type=1400 audit(1751543719.123:768): avc:  denied  { read write } for  pid=13070 comm="syz-executor" name="loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  342.302851][   T40] audit: type=1400 audit(1751543719.123:769): avc:  denied  { open } for  pid=13070 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  342.310595][   T40] audit: type=1400 audit(1751543719.123:770): avc:  denied  { ioctl } for  pid=13070 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  342.342798][   T40] audit: type=1400 audit(1751543719.173:771): avc:  denied  { ioctl } for  pid=13247 comm="syz.2.2494" path="/dev/ndctl0" dev="devtmpfs" ino=109 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  342.634166][ T6075] usb 6-1: USB disconnect, device number 70
[  342.776291][T13265] overlay: ./file0 is not a directory
[  342.806670][T13270] FAULT_INJECTION: forcing a failure.
[  342.806670][T13270] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  342.811132][T13270] CPU: 2 UID: 0 PID: 13270 Comm: syz.1.2501 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  342.811148][T13270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  342.811155][T13270] Call Trace:
[  342.811160][T13270]  <TASK>
[  342.811164][T13270]  dump_stack_lvl+0x16c/0x1f0
[  342.811184][T13270]  should_fail_ex+0x512/0x640
[  342.811201][T13270]  should_fail_alloc_page+0xe7/0x130
[  342.811218][T13270]  prepare_alloc_pages+0x3c2/0x610
[  342.811232][T13270]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  342.811247][T13270]  ? kasan_save_stack+0x33/0x60
[  342.811259][T13270]  ? kasan_save_track+0x14/0x30
[  342.811272][T13270]  ? __kasan_slab_alloc+0x89/0x90
[  342.811284][T13270]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  342.811299][T13270]  ? ptlock_alloc+0x1f/0x70
[  342.811309][T13270]  ? pte_alloc_one+0x82/0x3a0
[  342.811320][T13270]  ? __pte_alloc+0x6d/0x3c0
[  342.811340][T13270]  ? __handle_mm_fault+0x4358/0x5490
[  342.811355][T13270]  ? handle_mm_fault+0x589/0xd10
[  342.811365][T13270]  ? __get_user_pages+0x589/0x3b80
[  342.811374][T13270]  ? __gup_longterm_locked+0x5e7/0x1840
[  342.811384][T13270]  ? gup_fast_fallback+0x1ab3/0x29e0
[  342.811393][T13270]  ? pin_user_pages_fast+0xa7/0xf0
[  342.811402][T13270]  ? pfn_reader_user_pin+0xcd0/0x10b0
[  342.811418][T13270]  ? iopt_pages_fill_xarray+0x3b5/0xa20
[  342.811441][T13270]  ? iopt_area_add_access+0x1d3/0x380
[  342.811462][T13270]  ? iommufd_access_pin_pages+0x632/0xa00
[  342.811477][T13270]  ? iommufd_test+0x4704/0x6140
[  342.811488][T13270]  ? iommufd_fops_ioctl+0x33f/0x4e0
[  342.811502][T13270]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  342.811532][T13270]  ? __lock_acquire+0xb8a/0x1c90
[  342.811558][T13270]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  342.811573][T13270]  ? policy_nodemask+0xea/0x4e0
[  342.811590][T13270]  alloc_pages_mpol+0x1fb/0x550
[  342.811612][T13270]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  342.811632][T13270]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  342.811665][T13270]  ? find_held_lock+0x2b/0x80
[  342.811681][T13270]  ? find_held_lock+0x2b/0x80
[  342.811696][T13270]  folio_alloc_mpol_noprof+0x36/0x2f0
[  342.811723][T13270]  vma_alloc_folio_noprof+0xed/0x1e0
[  342.811748][T13270]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  342.811774][T13270]  ? find_held_lock+0x2b/0x80
[  342.811792][T13270]  __handle_mm_fault+0x2f21/0x5490
[  342.811818][T13270]  ? __pfx___handle_mm_fault+0x10/0x10
[  342.811857][T13270]  handle_mm_fault+0x589/0xd10
[  342.811881][T13270]  __get_user_pages+0x589/0x3b80
[  342.811901][T13270]  ? __pfx___get_user_pages+0x10/0x10
[  342.811915][T13270]  ? is_bpf_text_address+0x8a/0x1a0
[  342.811933][T13270]  ? __pfx_down_read_killable+0x10/0x10
[  342.811951][T13270]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  342.811973][T13270]  ? is_bpf_text_address+0x94/0x1a0
[  342.811992][T13270]  __gup_longterm_locked+0x5e7/0x1840
[  342.812014][T13270]  ? __pfx___gup_longterm_locked+0x10/0x10
[  342.812036][T13270]  ? sanity_check_pinned_pages+0x23/0x1200
[  342.812071][T13270]  gup_fast_fallback+0x1ab3/0x29e0
[  342.812085][T13270]  ? __lock_acquire+0x622/0x1c90
[  342.812122][T13270]  ? __pfx_gup_fast_fallback+0x10/0x10
[  342.812142][T13270]  ? find_held_lock+0x2b/0x80
[  342.812164][T13270]  ? is_bpf_text_address+0x8a/0x1a0
[  342.812184][T13270]  ? bpf_ksym_find+0x127/0x1c0
[  342.812211][T13270]  pin_user_pages_fast+0xa7/0xf0
[  342.812228][T13270]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  342.812245][T13270]  ? __kernel_text_address+0xd/0x40
[  342.812262][T13270]  ? unwind_get_return_address+0x59/0xa0
[  342.812288][T13270]  ? arch_stack_walk+0xa6/0x100
[  342.812305][T13270]  pfn_reader_user_pin+0xcd0/0x10b0
[  342.812323][T13270]  ? stack_trace_save+0x8e/0xc0
[  342.812336][T13270]  ? __pfx_pfn_reader_user_pin+0x10/0x10
[  342.812350][T13270]  ? stack_depot_save_flags+0x28/0xa40
[  342.812364][T13270]  ? interval_tree_iter_first+0x1a5/0x250
[  342.812383][T13270]  iopt_pages_fill_xarray+0x3b5/0xa20
[  342.812399][T13270]  ? iopt_area_add_access+0x1b0/0x380
[  342.812416][T13270]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.812430][T13270]  ? __pfx_iopt_pages_fill_xarray+0x10/0x10
[  342.812464][T13270]  iopt_area_add_access+0x1d3/0x380
[  342.812483][T13270]  iommufd_access_pin_pages+0x632/0xa00
[  342.812504][T13270]  ? __pfx_iommufd_access_pin_pages+0x10/0x10
[  342.812521][T13270]  ? iommufd_test+0x469e/0x6140
[  342.812536][T13270]  iommufd_test+0x4704/0x6140
[  342.812552][T13270]  ? __pfx_iommufd_test+0x10/0x10
[  342.812564][T13270]  ? find_held_lock+0x2b/0x80
[  342.812576][T13270]  ? __might_fault+0xe3/0x190
[  342.812589][T13270]  ? __might_fault+0xe3/0x190
[  342.812601][T13270]  ? __might_fault+0x13b/0x190
[  342.812619][T13270]  iommufd_fops_ioctl+0x33f/0x4e0
[  342.812633][T13270]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  342.812649][T13270]  ? hook_file_ioctl_common+0x145/0x410
[  342.812670][T13270]  ? selinux_file_ioctl+0x180/0x270
[  342.812683][T13270]  ? selinux_file_ioctl+0xb4/0x270
[  342.812698][T13270]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  342.812712][T13270]  __x64_sys_ioctl+0x18b/0x210
[  342.812726][T13270]  do_syscall_64+0xcd/0x4c0
[  342.812742][T13270]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.812752][T13270] RIP: 0033:0x7f2b18b8e929
[  342.812762][T13270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.812772][T13270] RSP: 002b:00007f2b19acb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  342.812782][T13270] RAX: ffffffffffffffda RBX: 00007f2b18db5fa0 RCX: 00007f2b18b8e929
[  342.812789][T13270] RDX: 0000200000000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  342.812795][T13270] RBP: 00007f2b19acb090 R08: 0000000000000000 R09: 0000000000000000
[  342.812802][T13270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.812808][T13270] R13: 0000000000000000 R14: 00007f2b18db5fa0 R15: 00007ffec0563818
[  342.812821][T13270]  </TASK>
[  342.943740][   T40] audit: type=1400 audit(1751543719.773:772): avc:  denied  { unmount } for  pid=12006 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  343.178675][T13294] FAULT_INJECTION: forcing a failure.
[  343.178675][T13294] name failslab, interval 1, probability 0, space 0, times 0
[  343.182743][T13294] CPU: 1 UID: 0 PID: 13294 Comm: syz.1.2510 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  343.182758][T13294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  343.182765][T13294] Call Trace:
[  343.182770][T13294]  <TASK>
[  343.182774][T13294]  dump_stack_lvl+0x16c/0x1f0
[  343.182794][T13294]  should_fail_ex+0x512/0x640
[  343.182809][T13294]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  343.182824][T13294]  should_failslab+0xc2/0x120
[  343.182840][T13294]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  343.182853][T13294]  ? __alloc_skb+0x2b2/0x380
[  343.182870][T13294]  __alloc_skb+0x2b2/0x380
[  343.182883][T13294]  ? __pfx___alloc_skb+0x10/0x10
[  343.182896][T13294]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  343.182910][T13294]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  343.182927][T13294]  netlink_alloc_large_skb+0x69/0x130
[  343.182940][T13294]  netlink_sendmsg+0x6a1/0xdd0
[  343.182952][T13294]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.182968][T13294]  ____sys_sendmsg+0xa95/0xc70
[  343.182979][T13294]  ? copy_msghdr_from_user+0x10a/0x160
[  343.182993][T13294]  ? __pfx_____sys_sendmsg+0x10/0x10
[  343.183006][T13294]  ? kfree+0x24f/0x4d0
[  343.183015][T13294]  ? __pfx__kstrtoull+0x10/0x10
[  343.183029][T13294]  ___sys_sendmsg+0x134/0x1d0
[  343.183044][T13294]  ? __pfx____sys_sendmsg+0x10/0x10
[  343.183071][T13294]  ? __pfx___might_resched+0x10/0x10
[  343.183087][T13294]  __sys_sendmmsg+0x200/0x420
[  343.183103][T13294]  ? __pfx___sys_sendmmsg+0x10/0x10
[  343.183126][T13294]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  343.183148][T13294]  ? fput+0x70/0xf0
[  343.183164][T13294]  ? ksys_write+0x1ac/0x250
[  343.183177][T13294]  ? __pfx_ksys_write+0x10/0x10
[  343.183192][T13294]  __x64_sys_sendmmsg+0x9c/0x100
[  343.183206][T13294]  ? lockdep_hardirqs_on+0x7c/0x110
[  343.183220][T13294]  do_syscall_64+0xcd/0x4c0
[  343.183236][T13294]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.183247][T13294] RIP: 0033:0x7f2b18b8e929
[  343.183256][T13294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.183267][T13294] RSP: 002b:00007f2b19acb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  343.183277][T13294] RAX: ffffffffffffffda RBX: 00007f2b18db5fa0 RCX: 00007f2b18b8e929
[  343.183284][T13294] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004
[  343.183290][T13294] RBP: 00007f2b19acb090 R08: 0000000000000000 R09: 0000000000000000
[  343.183296][T13294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.183303][T13294] R13: 0000000000000000 R14: 00007f2b18db5fa0 R15: 00007ffec0563818
[  343.183315][T13294]  </TASK>
[  343.342702][T13298] binder: 13297:13298 ioctl c018620c 2000000000c0 returned -22
[  343.370460][T13303] input: syz0 as /devices/virtual/input/input47
[  343.412402][   T40] audit: type=1400 audit(1751543720.233:773): avc:  denied  { map } for  pid=13304 comm="syz.2.2515" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  343.419892][   T40] audit: type=1400 audit(1751543720.233:774): avc:  denied  { execute } for  pid=13304 comm="syz.2.2515" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  343.542631][T13309] xt_hashlimit: size too large, truncated to 1048576
[  343.602692][T13312] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2519'.
[  343.643170][T13312] netlink: 'syz.2.2519': attribute type 2 has an invalid length.
[  343.645897][T13312] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  343.680168][T13318] fuse: Bad value for 'fd'
[  343.795786][T13328] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate.
[  343.804189][T13326] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2523'.
[  343.896537][T13338] FAULT_INJECTION: forcing a failure.
[  343.896537][T13338] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  343.904140][T13338] CPU: 3 UID: 0 PID: 13338 Comm: syz.6.2529 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  343.904158][T13338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  343.904164][T13338] Call Trace:
[  343.904168][T13338]  <TASK>
[  343.904173][T13338]  dump_stack_lvl+0x16c/0x1f0
[  343.904193][T13338]  should_fail_ex+0x512/0x640
[  343.904209][T13338]  should_fail_alloc_page+0xe7/0x130
[  343.904226][T13338]  prepare_alloc_pages+0x3c2/0x610
[  343.904238][T13338]  ? rcu_is_watching+0x12/0xc0
[  343.904253][T13338]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  343.904268][T13338]  ? kasan_save_stack+0x33/0x60
[  343.904280][T13338]  ? kasan_save_track+0x14/0x30
[  343.904292][T13338]  ? __kasan_slab_alloc+0x89/0x90
[  343.904305][T13338]  ? kmem_cache_alloc_noprof+0x1cb/0x3b0
[  343.904318][T13338]  ? ptlock_alloc+0x1f/0x70
[  343.904329][T13338]  ? pte_alloc_one+0x82/0x3a0
[  343.904338][T13338]  ? __pte_alloc+0x6d/0x3c0
[  343.904352][T13338]  ? __handle_mm_fault+0x4358/0x5490
[  343.904367][T13338]  ? handle_mm_fault+0x589/0xd10
[  343.904378][T13338]  ? __get_user_pages+0x589/0x3b80
[  343.904386][T13338]  ? __gup_longterm_locked+0x5e7/0x1840
[  343.904396][T13338]  ? gup_fast_fallback+0x1ab3/0x29e0
[  343.904405][T13338]  ? pin_user_pages_fast+0xa7/0xf0
[  343.904414][T13338]  ? pfn_reader_user_pin+0xcd0/0x10b0
[  343.904429][T13338]  ? iopt_area_add_access+0x1d3/0x380
[  343.904446][T13338]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  343.904459][T13338]  ? __lock_acquire+0x622/0x1c90
[  343.904480][T13338]  ? __lock_acquire+0x622/0x1c90
[  343.904497][T13338]  ? __lock_acquire+0x622/0x1c90
[  343.904512][T13338]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  343.904525][T13338]  ? policy_nodemask+0xea/0x4e0
[  343.904542][T13338]  alloc_pages_mpol+0x1fb/0x550
[  343.904557][T13338]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  343.904576][T13338]  folio_alloc_mpol_noprof+0x36/0x2f0
[  343.904594][T13338]  vma_alloc_folio_noprof+0xed/0x1e0
[  343.904611][T13338]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  343.904626][T13338]  ? find_held_lock+0x2b/0x80
[  343.904639][T13338]  ? __handle_mm_fault+0x1092/0x5490
[  343.904653][T13338]  __handle_mm_fault+0x2f21/0x5490
[  343.904668][T13338]  ? __pfx___handle_mm_fault+0x10/0x10
[  343.904681][T13338]  ? __pte_offset_map_lock+0x174/0x310
[  343.904697][T13338]  ? find_held_lock+0x2b/0x80
[  343.904708][T13338]  ? find_held_lock+0x2b/0x80
[  343.904724][T13338]  ? follow_page_pte+0x3af/0x14c0
[  343.904737][T13338]  handle_mm_fault+0x589/0xd10
[  343.904752][T13338]  __get_user_pages+0x589/0x3b80
[  343.904767][T13338]  ? __pfx___get_user_pages+0x10/0x10
[  343.904776][T13338]  ? is_bpf_text_address+0x8a/0x1a0
[  343.904790][T13338]  ? __pfx_down_read_killable+0x10/0x10
[  343.904801][T13338]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  343.904816][T13338]  ? is_bpf_text_address+0x94/0x1a0
[  343.904830][T13338]  __gup_longterm_locked+0x5e7/0x1840
[  343.904862][T13338]  ? __pfx___gup_longterm_locked+0x10/0x10
[  343.904877][T13338]  ? sanity_check_pinned_pages+0x23/0x1200
[  343.904897][T13338]  gup_fast_fallback+0x1ab3/0x29e0
[  343.904908][T13338]  ? __lock_acquire+0x622/0x1c90
[  343.904931][T13338]  ? __pfx_gup_fast_fallback+0x10/0x10
[  343.904944][T13338]  ? find_held_lock+0x2b/0x80
[  343.904957][T13338]  ? is_bpf_text_address+0x8a/0x1a0
[  343.904968][T13338]  ? bpf_ksym_find+0x127/0x1c0
[  343.904984][T13338]  pin_user_pages_fast+0xa7/0xf0
[  343.904994][T13338]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  343.905004][T13338]  ? __kernel_text_address+0xd/0x40
[  343.905015][T13338]  ? unwind_get_return_address+0x59/0xa0
[  343.905031][T13338]  ? arch_stack_walk+0xa6/0x100
[  343.905044][T13338]  pfn_reader_user_pin+0xcd0/0x10b0
[  343.905061][T13338]  ? stack_trace_save+0x8e/0xc0
[  343.905075][T13338]  ? __pfx_pfn_reader_user_pin+0x10/0x10
[  343.905088][T13338]  ? stack_depot_save_flags+0x28/0xa40
[  343.905102][T13338]  ? interval_tree_iter_first+0x1a5/0x250
[  343.905120][T13338]  iopt_pages_fill_xarray+0x3b5/0xa20
[  343.905136][T13338]  ? iopt_area_add_access+0x1b0/0x380
[  343.905153][T13338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.905166][T13338]  ? __pfx_iopt_pages_fill_xarray+0x10/0x10
[  343.905200][T13338]  iopt_area_add_access+0x1d3/0x380
[  343.905219][T13338]  iommufd_access_pin_pages+0x632/0xa00
[  343.905240][T13338]  ? __pfx_iommufd_access_pin_pages+0x10/0x10
[  343.905257][T13338]  ? iommufd_test+0x469e/0x6140
[  343.905272][T13338]  iommufd_test+0x4704/0x6140
[  343.905287][T13338]  ? __pfx_iommufd_test+0x10/0x10
[  343.905300][T13338]  ? find_held_lock+0x2b/0x80
[  343.905312][T13338]  ? __might_fault+0xe3/0x190
[  343.905324][T13338]  ? __might_fault+0xe3/0x190
[  343.905336][T13338]  ? __might_fault+0x13b/0x190
[  343.905354][T13338]  iommufd_fops_ioctl+0x33f/0x4e0
[  343.905373][T13338]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  343.905389][T13338]  ? hook_file_ioctl_common+0x145/0x410
[  343.905409][T13338]  ? selinux_file_ioctl+0x180/0x270
[  343.905423][T13338]  ? selinux_file_ioctl+0xb4/0x270
[  343.905438][T13338]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  343.905452][T13338]  __x64_sys_ioctl+0x18b/0x210
[  343.905468][T13338]  do_syscall_64+0xcd/0x4c0
[  343.905485][T13338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.905495][T13338] RIP: 0033:0x7f1f31f8e929
[  343.905505][T13338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.905515][T13338] RSP: 002b:00007f1f32d0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  343.905525][T13338] RAX: ffffffffffffffda RBX: 00007f1f321b5fa0 RCX: 00007f1f31f8e929
[  343.905532][T13338] RDX: 0000200000000400 RSI: 0000000000003ba0 RDI: 0000000000000003
[  343.905538][T13338] RBP: 00007f1f32d0f090 R08: 0000000000000000 R09: 0000000000000000
[  343.905544][T13338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  343.905550][T13338] R13: 0000000000000000 R14: 00007f1f321b5fa0 R15: 00007ffc1ae509a8
[  343.905564][T13338]  </TASK>
[  343.958776][T13341] fuse: Bad value for 'fd'
[  343.959836][    C3] vkms_vblank_simulate: vblank timer overrun
[  344.119695][ T5943] Bluetooth: hci3: command 0x0c1a tx timeout
[  344.124706][   T29] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  344.126939][   T29] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  344.152486][   T29] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN NOPTI
[  344.156149][   T29] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f]
[  344.158703][   T29] CPU: 1 UID: 0 PID: 29 Comm: kworker/1:0 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  344.163599][   T29] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  344.167004][   T29] Workqueue: events rfkill_op_handler
[  344.169004][   T29] RIP: 0010:klist_put+0x4d/0x1b0
[  344.170806][   T29] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac 20 0d
[  344.176685][   T29] RSP: 0018:ffffc90000687870 EFLAGS: 00010202
[  344.178439][   T29] RAX: dffffc0000000000 RBX: ffff888036eb8c60 RCX: 0000000000000000
[  344.180678][   T29] RDX: 000000000000000b RSI: ffffffff8b765035 RDI: 0000000000000058
[  344.182884][   T29] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff21162fc
[  344.185053][   T29] R10: ffffffff908b17e3 R11: 0000000000000001 R12: 0000000000000000
[  344.187196][   T29] R13: 0000000000000001 R14: 1ffff920000d0f16 R15: ffffffff908b17a0
[  344.189359][   T29] FS:  0000000000000000(0000) GS:ffff8880d6852000(0000) knlGS:0000000000000000
[  344.191858][   T29] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  344.193900][   T29] CR2: 000000110c3f6dba CR3: 000000002b03a000 CR4: 0000000000352ef0
[  344.196655][   T29] Call Trace:
[  344.197888][   T29]  <TASK>
[  344.198942][   T29]  klist_remove+0x13f/0x2e0
[  344.200657][   T29]  ? kobject_move+0x15d/0x260
[  344.202197][   T29]  ? __pfx_klist_remove+0x10/0x10
[  344.203623][   T29]  ? __pfx_kobject_move+0x10/0x10
[  344.205035][   T29]  ? get_device_parent+0x1ed/0x4e0
[  344.206427][   T29]  device_move+0x12d/0x10d0
[  344.207743][   T29]  hci_conn_del_sysfs+0x81/0x180
[  344.209273][   T29]  hci_conn_del+0x566/0xdc0
[  344.210937][   T29]  hci_conn_hash_flush+0x186/0x260
[  344.212379][   T29]  hci_dev_close_sync+0x602/0x11d0
[  344.213830][   T29]  ? __pfx_bt_err+0x10/0x10
[  344.215090][   T29]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  344.216686][   T29]  ? do_raw_spin_lock+0x12c/0x2b0
[  344.218376][   T29]  hci_dev_do_close+0x2e/0x90
[  344.219793][   T29]  hci_rfkill_set_block+0x225/0x360
[  344.221290][   T29]  ? lockdep_hardirqs_on+0x7c/0x110
[  344.222762][   T29]  ? __pfx_hci_rfkill_set_block+0x10/0x10
[  344.224638][   T29]  rfkill_set_block+0x1fe/0x550
[  344.226043][   T29]  rfkill_epo+0x8e/0x1d0
[  344.227241][   T29]  rfkill_op_handler+0x262/0x280
[  344.228941][   T29]  process_one_work+0x9cf/0x1b70
[  344.230586][   T29]  ? __pfx_process_one_work+0x10/0x10
[  344.232113][   T29]  ? assign_work+0x1a0/0x250
[  344.233438][   T29]  worker_thread+0x6c8/0xf10
[  344.234760][   T29]  ? __pfx_worker_thread+0x10/0x10
[  344.236216][   T29]  kthread+0x3c2/0x780
[  344.237339][   T29]  ? __pfx_kthread+0x10/0x10
[  344.238755][   T29]  ? rcu_is_watching+0x12/0xc0
[  344.240090][   T29]  ? __pfx_kthread+0x10/0x10
[  344.241364][   T29]  ret_from_fork+0x5d4/0x6f0
[  344.242619][   T29]  ? __pfx_kthread+0x10/0x10
[  344.243864][   T29]  ret_from_fork_asm+0x1a/0x30
[  344.245160][   T29]  </TASK>
[  344.246008][   T29] Modules linked in:
[  344.247397][   T29] ---[ end trace 0000000000000000 ]---
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  344.265937][   T29] RIP: 0010:klist_put+0x4d/0x1b0
[  344.267383][   T29] Code: c1 ea 03 80 3c 02 00 0f 85 5f 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b 23 49 83 e4 fe 49 8d 7c 24 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 2e 01 00 00 4c 89 e7 4d 8b 74 24 58 e8 ac 20 0d
[  344.279286][   T29] RSP: 0018:ffffc90000687870 EFLAGS: 00010202
[  344.281558][   T29] RAX: dffffc0000000000 RBX: ffff888036eb8c60 RCX: 0000000000000000
[  344.283801][   T29] RDX: 000000000000000b RSI: ffffffff8b765035 RDI: 0000000000000058
[  344.286012][   T29] RBP: 0000000000000001 R08: 0000000000000000 R09: fffffbfff21162fc
[  344.288265][   T29] R10: ffffffff908b17e3 R11: 0000000000000001 R12: 0000000000000000
[  344.290548][   T29] R13: 0000000000000001 R14: 1ffff920000d0f16 R15: ffffffff908b17a0
[  344.295398][   T29] FS:  0000000000000000(0000) GS:ffff8880d6852000(0000) knlGS:0000000000000000
[  344.297964][   T29] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  344.300651][   T29] CR2: 0000560de02dab08 CR3: 000000002ff1b000 CR4: 0000000000352ef0
[  344.302878][   T29] Kernel panic - not syncing: Fatal exception
[  344.305244][   T29] Kernel Offset: disabled
[  344.306465][   T29] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:55:21  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000046 RBX=0000000000047378 RCX=ffffffff81c3f04f RDX=0000000000000000
RSI=ffffffff8c157ce0 RDI=ffffffff8223135a RBP=ffff8880474fb780 RSP=ffffc900007efaa0
R8 =0000000000000000 R9 =0000000000000000 R10=ffffffff90a81057 R11=0000000000002c00
R12=ffff88801b8428c0 R13=0000000000000200 R14=ffff8880474fb780 R15=ffff8880474fb800
RIP=ffffffff822312e7 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6752000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000200000003000 CR3=000000003356b000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000feffc200 Opmask01=0000000003fe0000 Opmask02=0000000003ffffff Opmask03=0000000001041000
Opmask04=0000000000000040 Opmask05=00000000004007ff Opmask06=0000000007ffe7ff Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 44455a494c414954 494e495f43455355
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ef431b75b0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055ef431a20a0
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f51af5f1b20
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ff00000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffff00 ffff00000000ff00
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 73730c22dc2c6813 73730c22dc2c6813
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 7373737373737322 7373269c30687344
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3070656e622f7465 6e2f3030323a3369 63682f336963682f 68746f6f7465756c
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000003070 656e622f74656e2f 6c6175747269762f 736563697665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6963682f68746f6f 7465756c622f6c61 75747269762f7365 63697665642f7379
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000041 0000000000000037 3170306d656d702f 306d656d702f6b63
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3464303130307038 303631763a627375 0000000000000041 362f6400305f7972
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 446e693231706931 3063736946466369 3936706441396373 6445316364383846
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 3464303130306931 303631693a466369 0000000000000041 362f310030383846
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 00005551431a1b20 00005551001a5630 0000000000000021 00004e4f431a4552
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00004d51001a3030 0000000000000021 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 282b2e2fdf37342d 280bbfbf23243324 26312033fc040f18 1317140d080b0412
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 343133bffc121104 1214041204110814 100411bffc040f18 1317140d080b0412
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 4141414141414141 4141414141414141 4141414141414141 4141414141414141
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a 1a1a1a1a1a1a1a1a
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2020202020202020 2020202020202020 2020202020202020 2020202020202020
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff855bffa5 RDI=ffffffff9b088320 RBP=ffffffff9b0882e0 RSP=ffffc900006871e0
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=552031203a555043
R12=0000000000000000 R13=0000000000000020 R14=ffffffff9b0882e0 R15=ffffffff855bff40
RIP=ffffffff855bffcf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6852000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c3f6dba CR3=000000002b03a000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582cbe950
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582cbb079 0000555582cbae10
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582ce4200 0000555582ce4110
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000555582cb5df4 0000555582cb5df0
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000001df8a
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 c71000080149b200 786d74702f766564 2f01ffffffffffff ffffeb080780030c
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0031656c69662f2e 01ffffffffffffff ffef080280030004 0000080007800401
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0141ce000ca40010 86033d6466060810 8003001000028004 01c70800060140b4
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0e80031080042b9c 82a810000fffffff ffffff040fffffff ffffff040010000a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 010680041880a4cd c808000100000008 0606010fb4001000 0010000004060042
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 d2002e01ffffffff fffffffffb080003 1080040010000180 040e80040fffffff
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffff040a0141ae 0073666f74756101 ffffffffffffffff f108018003003165
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c69662f2e01ffff ffffffffffffef08 0e80031080042b9c 82a810000fffffff
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 03028c020027ec03 02020027ea030000 0000000000000000 00000001ffffffff
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=0000000000000000 RBX=0000000000000000 RCX=ffffffff822e9faf RDX=ffff88802595a440
RSI=0000000000000000 RDI=0000000000000000 RBP=ffff88807ffd64e0 RSP=ffffc900037f7738
R8 =0000000000000007 R9 =0000000000000000 R10=0000000000000008 R11=0000000000007c79
R12=0000000000000001 R13=0000000000000008 R14=dffffc0000000000 R15=0000000000000000
RIP=ffffffff81bc1be8 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c01300
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c01300
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880d6952000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000110c37f9b8 CR3=0000000049296000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=000000000000000e 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000001000000 Opmask01=0000000001000003 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffc69b127b0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007fa010a11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000008a 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000008181
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000000000008a 0000000000000000 0000000000000000 0000000000008181
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000000 RBX=ffff88806a5420a0 RCX=ffffffff81b001fd RDX=ffff88805042a440
RSI=ffffffff81b001d9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90003987690
R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001
R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100d4a8415 R15=ffff88806a73b580
RIP=ffffffff81b001db RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00005555715cc500 ffffffff 00c00000
GS =0000 ffff8880d6a52000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00007f2b198e56c0 CR3=00000000464a1000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000008000100 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffec0563ba0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11b12
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11b1f
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11b19
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11b2d
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11bb3
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f2b18c11c91
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000