last executing test programs:

7.969822493s ago: executing program 2 (id=1696):
r0 = gettid()
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f00000000c0)=0x4, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90)
r8 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r8, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}})
io_uring_enter(r5, 0x5b43, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r2, 0x0)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000000)={0x9, 0x30, 0x5, 0x8000, 0x4, 0x1})
recvmmsg(r9, &(0x7f0000004400), 0x0, 0x160, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$kcm(0x29, 0x5, 0x0)
splice(r11, 0x0, r10, 0x0, 0x20000004, 0x0)
tkill(r0, 0x7)

7.499878698s ago: executing program 1 (id=1697):
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c672217010000000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000000c0)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x40001}, 0x1)
recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
openat(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)

7.154511739s ago: executing program 0 (id=1699):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_ADD_DEV(r1, 0x5000940a, &(0x7f0000000300)={{}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="08001efb3e6f0000", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0c", 0x44, 0x20000000, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}})
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r4 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r5)
socket$tipc(0x1e, 0x2, 0x0)

6.375184029s ago: executing program 1 (id=1700):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_ADD_DEV(r1, 0x5000940a, &(0x7f0000000300)={{r0}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"})
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec", 0x43, 0x20000000, 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000000feffffff18010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000710000009500000000000000e5b541e7d710e42548414f85e499a6a48015bcc2bc01203b15eb1f166eeb68bf17810b826b383c5e7163de481e2a21aabaacd31fbf1f2451dff45c817a64829713f8d95fd384dc52e14de9364ed376e196226c7aac7f1fb5644db8468ee437b221074989587df9adecb6c234f4b0a664912cb7d4d9d14bb3b0bf78dbfc07d1bd1e43bf3a44d659774212af6ed16a4c8f7aceb622bc545693247fcdc720d0f6a6ab8d24d53c473be816df9a12314c75d1ff77f669c775bf67a4aca794c40e20ad483c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r5 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r6)
socket$tipc(0x1e, 0x2, 0x0)

5.586324247s ago: executing program 3 (id=1702):
r0 = socket(0x2, 0x2, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='xdp_devmap_xmit\x00', r2}, 0xfffffffffffffe13)
ioctl$SNDCTL_DSP_GETISPACE(0xffffffffffffffff, 0x8010500d, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r7=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000700)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, r7}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @remote}, {0xa, 0x0, 0x0, @local}, r7}}, 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='{}//#\x00', &(0x7f0000000080)=')*!-}).\x00', 0x0)
setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYBLOB="06"], 0x2, 0x0)

5.419728876s ago: executing program 0 (id=1703):
r0 = gettid()
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f00000000c0)=0x4, 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90)
r8 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r8, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}})
io_uring_enter(r5, 0x5b43, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r2, 0x0)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000000)={0x9, 0x30, 0x5, 0x8000, 0x4, 0x1})
recvmmsg(r9, &(0x7f0000004400), 0x0, 0x160, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$kcm(0x29, 0x5, 0x0)
splice(r11, 0x0, r10, 0x0, 0x20000004, 0x0)
tkill(r0, 0x7)

4.740045096s ago: executing program 1 (id=1704):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x18}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
getpeername(0xffffffffffffffff, 0x0, &(0x7f00000002c0))
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[@ANYBLOB="000a01000000"], 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r5, 0x80015b12, 0x0)
read$char_usb(r4, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket(0x1e, 0x5, 0x0)

4.692552722s ago: executing program 2 (id=1705):
syz_open_dev$media(0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c672217010000000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000000c0)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x40001}, 0x1)
recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
openat(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)

4.381251943s ago: executing program 3 (id=1706):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
migrate_pages(0x0, 0xfc, &(0x7f0000000200)=0x8000000000000001, &(0x7f0000000240)=0x1)
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
sendto$inet(0xffffffffffffffff, &(0x7f0000001740)="cb", 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0), 0x4)
socket$inet(0x2, 0x800, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)

4.191769702s ago: executing program 0 (id=1707):
socket$nl_route(0x10, 0x3, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, &(0x7f0000000040)={0x8, 0xfe73})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000480))
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000800)={'syz1\x00', {0x0, 0x0, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x45c)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r1 = getpid()
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET_CTRZERO(r2, &(0x7f0000003f00)={0x0, 0x0, &(0x7f0000003ec0)={&(0x7f0000003e80)={0x14, 0x2, 0x7, 0x3}, 0x14}}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000500)='tlb_flush\x00', r3}, 0x10)
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58)
accept4(r4, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000001c0)=r6, 0x4)
write$binfmt_misc(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="3a00030007"], 0xd)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r9, @ANYBLOB="24005a8020000180040004000000000014000500000000000000000000000000000000005052e3d35afb33bd5b430a03218dfef7d0e5b1580ca737ba50d7acb1780a5379c0f440978cbef7b56fa8fbd0bcc92a"], 0x40}}, 0x0)
socket$alg(0x26, 0x5, 0x0)

4.129373107s ago: executing program 1 (id=1708):
r0 = memfd_secret(0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0xb, &(0x7f0000000340)=ANY=[@ANYRES64=r0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0xfffffffffffffe12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6(0xa, 0x3, 0x7)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x26e1, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x5, 0x4, 0x800}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000380)={0xd, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
r2 = getpgid(0xffffffffffffffff)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
shutdown(r1, 0x2)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r5, 0x0)
r6 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES64=r4, @ANYRES8, @ANYRESHEX=r6], 0x22)
r7 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, 0x0, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000003e40)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3f305067}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "9c"}]}, @NFT_MSG_DELFLOWTABLE={0x48, 0x18, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_FLOWTABLE_HOOK={0x1c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfb41}, @NFTA_FLOWTABLE_HOOK_NUM={0x8}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xed}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xd62}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xe8}}, 0x0)
socket(0x0, 0x0, 0x0)
ptrace$getenv(0x4201, r2, 0x4, &(0x7f0000000180))

3.63993912s ago: executing program 2 (id=1709):
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
epoll_create1(0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec85"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
ftruncate(0xffffffffffffffff, 0x0)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40)
sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]})
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]})

3.478350386s ago: executing program 3 (id=1710):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), 0x0, &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil})
ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140))
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)

3.451182093s ago: executing program 0 (id=1711):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = getpid()
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r2, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_ADD_DEV(r2, 0x5000940a, &(0x7f0000000300)={{}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"})
sched_setscheduler(r1, 0x0, &(0x7f0000000200)=0x4)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r3, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r3, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000080)="08001efb3e6f0000", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0c", 0x44, 0x20000000, 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(0xffffffffffffffff, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}})
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r5 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r6)
socket$tipc(0x1e, 0x2, 0x0)

2.569939545s ago: executing program 3 (id=1712):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r1, &(0x7f0000000300)="ab", 0x34000, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
ioctl$BTRFS_IOC_ADD_DEV(r1, 0x5000940a, &(0x7f0000000300)={{r0}, "61fcc0d029bb3f7143155aa66c4690d2f5bb102883b7510cdb61103e04cf30bc7f624e2c1ba531204309fd1dd125ae72bad3feebaed5e8f2625de0ad9529e3e37e1e574b2e1c5904311259864ebb1d2ecd4a240b9b87c1fe6583d52a64e95d7d85775e2ad1386a66dcfa592939753fa9c2bc3343718cb3df357f3c1df41713a3c39ecce6237a39a6638bba5efcceabb2fc9ccb84b257d058cdfbcf288a2c2b142bc998cc148e34f1d5893e95423b9af95e5d841b0b75ead35165f1e0d72a68e08fd21478a10264c3737879a92de5832b4f2af73be0b2a0a07e75432f3a1bdc7d4dac6638f021f7d30a0b16298971026331fa412b4e339b2bd84921f6ab77a81d0eb5c424f6ed0ea72248ad2b49d1bc08519a055a80ef6e643880efaa2f892bbf8c94ccf90a6594356db4adb28c18fa82db3ec98b346fe448a237fd642257fd374e5b0c700a4f5445d1c96b67cb1f1e66f444d39f344dac58bb2a7e0f054d7ed56dd9a7ea8785494af6bf6d486390e6fbd2670ea6f7669bf7ee435c2e80a2b1c157e5c243046a6e4292b0c57f692b91dcddcd64f92136a96c32e9130abd594ec50c18f9df0a43add62622d85f0ab07f3aae8a4e96a3fef31648306c220519e3cb6b3865a7c88ce0fcc9e240324d2aa9a3d651b5ba5350feb91a1f1aa5b297f1f24c6c5ac72772bb6e8826d201f0c820896d7aeba95115166fef927863d11da1c8115c3de777fed87e80747b89008da724ac85fa674302bc19fd49fc7de8fe9b6998b5498b57e9d29520887a8d598b008275062a450a4b0830f58d022bd9be6c7747120b567af7ae4080fd42f9ba75368872df576d3cbd081e093ee0fc1957747f63b514fd5b73beef6d16d0ea56961f73917d012ba2d99225ab07fd7217944d665e21932a4c2886de00ec602e532e156c9555d07019ed5dd1a0735d5ba94c0e0ffb351993157b3bda7e8b6f62c5db871b0f31239467cc41125afc4d3c49682d05b10cb51fcf0d64cf11a159a59844c3a5879e7cd7347c6b157c0600344a60cd6c41a338d8358df76245d57e17745d49ed8e17f00c1ef8ca8969584f5d2e1bdc4b530546ff378506ebf92e27bb9f6b1600269577495c62d229e3715553b3696d36f7c1fd9b69a7c6309276f22a636b29eb938ff0293ef889510a63b8b4a936084d2edc3e1a67011f133c0cb78c9cdb219d72883d5a8915228689a2f3ee706392443d36044e5b4b652b67b76a29ced560c61a681095edc9d8f7705dc000738156ac085d770c90370fffd959b98a8a121629a427adc89a30702816fd508385506563c7a1c6dbc06e322e9a0bdb287ac7b30354ced54de0c2d3f604fd9a75af43b1f4f5b71cab1ab11638d1c844b0cd3063ff6cc0b3ac866b0453136ecfd94849061a8b4ae28142a2befec641866960db3dab39a59d5a0fdef9294c59df3b70c223560688f7fa50cccef1ac41b7590dae568bd6a19beafe2a9c4e1b65502cd4833781398c3d40d53d5f9c0c23a4a37d5c0c4488ac7c51ec6860e150ad1ca4c1555d7657ed56189bfa661278dd65a97dcac075c71a868f307d710fa5b46f88a93ea332f9af70b5596194a2fb052bf37b18873fc9389d47511864637463355227693ef87b63f4677ebf5ff980eaeb198b7404ccb332a381589968048ddc849349f68a5e3bb07e27bf4870f02558f70bf8bcd9d7431f0f0299c98c3b6c7a08f480ee4716b969cb30c19fb1410dd5e7f00ccfb74272f6e2be84acd6c23fcf3a5b441a96c22100ebffd50c4a043f749c23085db69b6f5bbbfb6e9f735f72249c2fb66feb38e05339b2d64ab978b4bcbba417f7de33872a1c5ec792de28edf97e01c23bb308978cc16bf763faadf0750ae8719828be1fb66471bc4152dba20c58ef044ac94de8c184b1dfe4cba5b6cec490010b42ec8d47fa75106683cf6ac73a93c55915137b0e1abd1536696a3dcd6f0ff4bf3fcac871f8cc182c8b77145159de5de94f7e00c7d407ee1748f7d9668d99bd5155d2876c8d32600810695c389f945094c133a8f24d0a8378aca4104568216e6a94fce6790b073de2cff9921947686e8b00170e476d6a4dfef4f4f3d7a4d6cae0b4617fc9feb8fa9996229fcdd65b72627bc09fe90373f594acb01bf95ac46e5b433ae9cec9852f463560028ff722746dc07d3d36377c69a0cd0e6a4d4d17f769723f07b5a01975a941bd754f316ae8c8ecd3eaa3d53710decab0f031a94b31263b20c94b3947d6fcb60d1bbf4f533278b3b3090237a6147b40191d2976b8ca41f603f3851c9490d90e17ff950a35532561497585424a41de572f11222148421be5ecb517f818e8b18585cf8efa44922b41785606b1ce0977c8979ab8f4d63b692ed82b7c19c1704ff898a4f60a4fee1bc7acc0de84292dc61b8947c2e21c5e100a894e2e827d88f487525880ce1160129d8eac572f6469d185cbffbe0dc380f5caca50ab8fbe83b26169582829cb4009d830c573317d785992170d8ae761cf772e2ff3436b5c0c5e983a8ca08ca3bbf8b97feb67f589cd9f365bb8fa9af0de4e45049c4c38d045f6dc3a897242cd053e7f2ca8d3e661b927eb4e925d403e3aa00a5ecacd625ae3e6a00a7f2b8dee65c7e85c21b44a0e542001f682b8e357b0e814230fc4fda54588dab23eb9592c27b57ad6562c38f2de4951c3d4ba3a212d3158e87392e309dc200745288f23e383f5247c787782f07be25e75fada776bdcbbea612eba776e0f5c526ba4f2a7f82105b7169ab02df8a63cf5ae6669860c5a310854f3ba54948fb19585508156a7767424859768ec97b4f15ec520c790c2d1a0dd66ffa4234790f448991c589c6aacd074cb9124b37ed5cba93bcfe6c2e71c95db609d53a6918689c3ef50ac1e37f691abd721414eeed4b902a97ff4c2fb0e4ff4a0f9f66f326b9d99c9740062087bde65534c0ab685ce3aeacf112d480daeba9ffef5a78ce0fa50498a1b69b8b3a0b560aa48ce4058ee9096bc04daf0fb49a802d12aeb3a7a548a80048679da57c57166515946416645139644ff8bd050969af5818cf646ad9c1f06c712052522ea1904438c49c9f4e7a7d0f876d2db550abf16edc8b2bf58ec32f07a35492da9e48f6ff46365618ce94f756f941aab723a1708aa9bb644bed1b454f444709eda31bb7a7dd936049673e7e0a7a871c998c35b61da9c9080d44839762e531a0b23ee1318336cb1732cbe598be252112ed8d4daa89f48aae624cdcd634d31da35b002e3419b3f217cd357a1120ab132c97d48001af906a3bed6e35b0b5a2a4d06230eacdda0f7285bd803f168988781c3e3fe46a8b5ffdbc8393830a442f83af9881687eb65722725043a8d67561403ca882bcfe454eeb42a4cb687ca235d917dabf30327ed391f74081a8be539fe2169b8a50a75039d9117875c214d20b74259d68e15c69d547358ffd4876e992453445fc3f478cf10efa4adda88b1502403c1411df21b37a212c11379ed29723318a0de92f8b27fb9600ba614c302b329ed47d228b4ee5ed7d3a82207237728ae7e92cc0b8aa4ed0fbd3fe1b67b2c0936cc554c8de7d8da511f80fcb7a7ae7109ca86e8dfd97447eee41f838911c430d5fa0a50dd8bf1424f76a38c60c27ccab6b8e790e20b38355693b60b84ed27628b07d940f16d85b261f33a73c841212c22bb10d7c3eb12dd451a70eccc4c8a85f124ec6fb372123adab3599e05e16c7428bb22151ef2e788b819b9ab8dfd7cb703333bc119d6a706953ca2fe05b8314a181f8d8cfae8a320e4a852e0a5b4555a39612ae5970b5ec10d5417e6c147f15f4e004f07912e14bc45e153524f1d128a02dc07e515239fc19d5147933d7144b62a14ff0bea1fc44522dc8d159efaf2b0ec0d70664ff9490bc6fac750baab08023ffa3ddd6d1d367b551e8045420dea8a2ed4a17ce510cd3137d9b127888674a2dc1221600ca3d5a18c10786d2fa722e4bb36746a774ecdd8ad507008d3fe81594b806c4468e6368cf994347440b5b7c03b5592194b5c89126b5b292af36594d0d4559f9c9c52472242e2c783ac3f6f74462ddeffebdc1f7f8eb9472f45582fdd9620fdc04a5b125ae5c1d7276c692e9e4e5e6b24f95f8e26aa34ed104d9f082de9ccb083c134d0ada95413855a11135b981e439b38d8899b493f8155d10e4cdddcfc44282b40c15e9dd68e4f166589ea9a4788668f7d9387e46ae58de0b774268dcd6532b4fa788d75c79efd1b0894a247a8bff20e110dfe6597e5a7a18433f0d155c61570c5fce79ddd81247207ccbf4498d1ccf334bb8beead1e55ccb0a70ede723364715edfde20db868caf39d698a69d533e5227db78b34d24f15b581a55fc5c1407622ace8739b8f684ccd5b2aa47925395f956450d60a2b73b97b8dd663fcd219ea3f04a99d0ab3cdfa61f6fcb9c2aa22d84752d9841c3de7e2a5bb0783fcc15bed860230e63ad3cd0400a8804d7a070db4b3b9e62d0884d38eae833e55635ee4d303194e4ba604072fe75029335c30da1f047e631a0e4c7dbc77b3d3516a8f606874bb5cfb6ba2b4ea25c933e02c86cf79b3e7a9c12f775933082d9b2a5bc5da75877054ca09d16738b5c6e7759c88e7e095b000dca18c6a4b64c52acc1d434badbb232f1a7b7778a5bf7de6d51fc3a5e21cf860a3bb5c3436b64661abf94a063fa07f1016c41006d72df3ba9ebe557498810207d30686ec4fdf4ef00aca5a83d5e176dfd554163c2eb4d0806626cc26400ac3694810109b02fd4d7f1a48570c1b330d29b2be1e7f94882430b3ae14907ae7122817282d2c4661ac24cddbe8aaed15a16b9a8b9310d264c3f6bafb4368d0ca638d15ed3b50fcfc164d38543e5d9c182c897f604fd8eeda1a96f3be94f3aaab944003fe38b33d89245d7e8d460a9f4386929146867741b37f08463f5a7e1e3a6ca4488fde971a7d1392a5eff88b753ad98605de91ee1fd5f20281111e15606e69db0818dad6413938a58440a4c50b3d909a962de9e20b6c9a8eacb05706c92644d7c31280d4998a8d4ba6a9525669ee22d24e1ca04daa9f54e006248fa2fe08e8ed56b52cfe125e705c87750170c43019e9545ce6589cc929637a96c98b74f6b15d3943ae805461f3dda5b29823229fd93d47103257cb8fb941c8a765163f56ebbc0484936b4aaf090217e6e46ba668e50435df80e82fe3db368e931fcddd5acd2ca07cdab8c6640a13cc7c4bc99b8db2d728a545782e4826cab66d9d8df30068f2939ad3f9547cb07e93c5c87f32bf55214ab7bc33152475de2018a02e41e22d0abedf2e792d0cbb0305079b3804106b42df1c4ce2a7b2fd510cbcfdad4f3f10f68e8ab2208ca3145775eff5f11889bca5811c1ffabd91526bf1b52ac3d97990baa8e29ba669bf3ffbe93c20cf7b7483303365d76afa52ce6d783d68dc0a4197e3f1b575e355d83a8f3bcbff052a6e6da2f7282c55a3e935f5f9106cf2168430e69ae0b721cd61f3f580bdd267369825dbc8b0cc444fc258d8fd79688a302b008ce89354791e01f1654b02ad94c6be66f280249b7a993e59a7b06d6b7cfcb860b80abcbbc0c76ee3e600e926e5bf443aa270b6a8f96d96f4604a98a28bc45ee6faf7394058756bc741131d79a8b0f02a1bb0b20a788178ad742cb866436644d76c5967d402a4c14933ba08c39d33f34db79641e000dde0f3760e48707c0277ad81200a7d49decdf035b54b0a89c56bc88066de63910aa74a08161ad3a09cbcd9b0a3c9cf5d73e1fec0f947bfba07501c31f12f59ed59d8b7863"})
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$inet(0x2, 0x2, 0x1)
setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0)
sendmsg$inet(r2, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000000100)=[{0x0}], 0x1, 0x0, 0x0, 0xe0000000}, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec", 0x43, 0x20000000, 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90b, 0xf4c, '\x00', @p_u16=&(0x7f00000000c0)}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000001300)=ANY=[@ANYBLOB="180000000000000000000000feffffff18010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000500000085000000710000009500000000000000e5b541e7d710e42548414f85e499a6a48015bcc2bc01203b15eb1f166eeb68bf17810b826b383c5e7163de481e2a21aabaacd31fbf1f2451dff45c817a64829713f8d95fd384dc52e14de9364ed376e196226c7aac7f1fb5644db8468ee437b221074989587df9adecb6c234f4b0a664912cb7d4d9d14bb3b0bf78dbfc07d1bd1e43bf3a44d659774212af6ed16a4c8f7aceb622bc545693247fcdc720d0f6a6ab8d24d53c473be816df9a12314c75d1ff77f669c775bf67a4aca794c40e20ad483c"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x52, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1000}, 0x4)
r5 = socket$kcm(0x10, 0x0, 0x0)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x5865}, 0x0)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r6)
socket$tipc(0x1e, 0x2, 0x0)

2.411820819s ago: executing program 2 (id=1713):
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
epoll_create1(0x0)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
ftruncate(0xffffffffffffffff, 0x0)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40)
sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]})
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000)
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]})

2.110796554s ago: executing program 0 (id=1714):
r0 = socket(0x2, 0x2, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000080), 0x0, 0x44000)
ioctl$NBD_SET_SOCK(r1, 0xab00, r0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000d40), 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x9}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$SNDCTL_DSP_GETISPACE(0xffffffffffffffff, 0x8010500d, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000003c0)={<r7=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000700)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast2={0xff, 0x5}}, r7}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000340)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @remote}, {0xa, 0x0, 0x0, @local}, r7}}, 0x48)
close_range(r5, 0xffffffffffffffff, 0x0)
creat(&(0x7f00000002c0)='./bus\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000040)='{}//#\x00', &(0x7f0000000080)=')*!-}).\x00', 0x0)
setxattr$security_ima(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000380)=ANY=[@ANYBLOB="06"], 0x2, 0x0)

1.322932971s ago: executing program 1 (id=1715):
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x4048c40)
sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]})
r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000)
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]})

1.187414376s ago: executing program 3 (id=1716):
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000300)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond0\x00'})
socket$nl_route(0x10, 0x3, 0x0)
r2 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
getpeername(0xffffffffffffffff, 0x0, &(0x7f00000002c0))
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200)=ANY=[@ANYBLOB="000a01000000"], 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r5, 0x80015b12, 0x0)
read$char_usb(r4, 0x0, 0x0)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
socket(0x1e, 0x5, 0x0)

1.089707935s ago: executing program 2 (id=1717):
syz_open_dev$media(0x0, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB="2c672217010000000000", @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00'}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001240)=[{&(0x7f00000000c0)='\x00\x00', 0x2}], 0x1, 0x0, 0x0, 0x40001}, 0x1)
recvmsg(r2, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x2)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r0, 0x0, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)
openat(r4, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)

1.029804017s ago: executing program 0 (id=1718):
r0 = memfd_secret(0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x12, 0xb, &(0x7f0000000340)=ANY=[@ANYRES64=r0], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, r0, 0x0, 0x0, 0xfffffffffffffe12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$inet6(0xa, 0x3, 0x7)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x26e1, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x5, 0x4, 0x800}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000380)={0xd, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
r3 = getpgid(0xffffffffffffffff)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
shutdown(r2, 0x2)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r6, 0x0)
r7 = openat$6lowpan_control(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r7, &(0x7f0000000080)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x15)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYRES64=r5, @ANYRES8=r1, @ANYRESHEX=r7], 0x22)
r8 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000140)={0x0, 0xa, 0x2})
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="0405"], 0x7)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, 0x0, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000003e40)={{0x14}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3f305067}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "9c"}]}, @NFT_MSG_DELFLOWTABLE={0x40, 0x18, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x9}, [@NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xfb41}]}, @NFTA_FLOWTABLE_HANDLE={0xc, 0x5, 0x1, 0x0, 0x3}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0x1}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xed}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0xd62}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14}}, 0xe0}}, 0x0)
socket(0x0, 0x0, 0x0)
ptrace$getenv(0x4201, r3, 0x4, &(0x7f0000000180))

639.491478ms ago: executing program 3 (id=1719):
r0 = gettid()
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f00000000c0), 0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r3}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = getpid()
socket$nl_route(0x10, 0x3, 0x0)
process_vm_readv(r4, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r5 = syz_io_uring_setup(0x182e, &(0x7f0000000300)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r5, 0x16, &(0x7f0000000000)={&(0x7f0000001000)={[{0x0}, {0x0}, {0x0}, {0x0}]}, 0x4}, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000a40)=ANY=[@ANYBLOB="b70200000d000000bfa300000000000005000000000000007a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065060400010000050404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000496cf27fb6d2c643db7e2d5fb4b0936cdf827fb43a431ca711fcd0cdfa146ed3d09a6175037958e27106e225b7937f02008b5e5a076d83923dd29c034055b67d5b310efcfa89147a7fb0a93d035f2f206d2ef831ab7ea0c34f17e3ad6eecbb622003b538dfd8e012e79578e51bc53099e90f4580d7be3e8c254a5cba117cbdb9cd38bdb2ca8e050000003a14817ac61e4dd11183a13477bf7e060e3670ef0e6a9f65f1328d6704902cbe7bc04b82d2789cb132b8667c214733a18c8b6619f28d996d60a17e3c184b751c51160100000000000080148b9a31ee8dc8b544f3c4a532e60a0ac346dfebd31a08060000000200000000000000334d83239dd20100008000000000d858e8327ef01fb6c86acac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e957bc73ddc4eabba08a406f99f7b1e1ad828267d4eadd3964663e085354133f7130856f756436303767d2e24f29e5dad9796edb697a6ea0183babc190ae2ebf8aad34732181feb28cb0bae7c34dc5e7c805210600000000000000c3dec04b25df45d4f71ab158c36657b7218baa07a99bd50499ccc421ace5e845885efb5b9964e4beba3da8223fe5308e4e65ee93e107000000f8ddebf70132a4d01776839b8eccf707882042e716df9b57b290c661d4e85031086197bcc5cb0e221a0c34323c129102b6ff0100002e88a1940b3c02ed9c92d6f64b1282dc51bb0015982730711c599e1c72ffa11ed8be1a6830d7507005154c46bd3ca96318c570f0721fc7aa2a5836ba99fe1f86468694f22cdf550ef091a78098534f0d973059594119d06d5ea9a8d0857382ec6e2a071474cfc12346e47ad97f4ead7cf70a9d1cdac944779dc08a705414888700a30e2366c6a06b3367a389ca39059787790017b0689a173db9c24db65c1e00015c1d093dab18fd0699fe3304000000323e9c707fe81436b024c2574980397bc49d70c060d57bc88fbe3bbaa058b040362ab926150763fb099408885afc2bf9a46a076b7babfcddeff8c35030669ea69f5e4be1b8e0d6697e97186f9ae97d5670dba6623279f73db9dec75070cd9ab0fda6b069ef6d2857ca3e4e6068f1bf710d133d541da86e0477e4a6cc999dc21c3ef408e6b178e7c9f274d7fafc8d757d33dfa35aa2b2ff7f9a7d365e63845f3e1092f8dde8af3904ea0f4b82649b83ed4fa0f873339c4cadecc13219ba7518aa4f7db34ead13484742067ab743c1d82a5687f2ed690000010000000000000000000000000000000000000099d4fa0000000000003f0ecdc7c82e72919c91d2039afe17e95edef8ba72205beff7771bcb293747b88486cacee403000000a2919a4b09e168e4e4d5ff2ed893f2e314679fa69fc7e0cf761f91b18725704a01c56009a9f748e5aaf30a10bd8c409b1870c1f75e26b45264e3d3f8e0048e55ae289c2f884d0766cddc76eb7f601110ff39053c262279f4ef00fbdb8c328615a9ec84f27a9f3938ae736138b8c1ec220c1540bf3d162dc1c27fa30f0dc60b9f257db5d1c7ed2efce676a93110904d5e055af44664b53c764d61443f73552195c7ccfbf9f03c44432eaa3b7501d4239354da8de21eada75d3a3afb2c76ff0700007976694b6a0f0e946766f57544ff52cef0dd811bec4e3c0a30f2d7d19d26d201721b8eded3bc475958dd498ee2b2d6146e33fc0de1dc2e0516ac565ddb1d4ae89e671282a2d3066ac968c7d7d7db195f255b1b4a85eb9ee0a3b68c9e209756623adf685dd715d68ed1274b4d5502f512493af8f98c615cac3666c58f785c3f758be352a71871d5c081197d37980e4f4e26b5476fb20407ff7098b7174bef66fa03a99b5c0c20b378065fac4ef9ac2d0d804b9400000060e5d3f1749f6aecf69ba83a71caa9bdddc679f1b826f74b6563a4be1fd82b73c8c2bc65f63982"], 0x0}, 0x90)
r8 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000001c0)=@IORING_OP_RECVMSG={0xa, 0x20, 0x0, r8, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}})
io_uring_enter(r5, 0x5b43, 0x0, 0x0, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000001, 0x10012, r2, 0x0)
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x0, 0x1)
ioctl$EVIOCSABS2F(0xffffffffffffffff, 0x401845ef, &(0x7f0000000000)={0x9, 0x30, 0x5, 0x8000, 0x4, 0x1})
recvmmsg(r9, &(0x7f0000004400), 0x0, 0x160, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = socket$kcm(0x29, 0x5, 0x0)
splice(r11, 0x0, r10, 0x0, 0x20000004, 0x0)
tkill(r0, 0x7)

512.544156ms ago: executing program 1 (id=1720):
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
epoll_create1(0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r0, 0x7005)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
ftruncate(0xffffffffffffffff, 0x0)
r2 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x404401c}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f000000be00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="10000000000000002a981e730beeb73a860000000007400000ff2400973341f8378d4470251516a6ac3e578d9d2e60f512c76b6c23d9458579f9000000000000000000ff698a12c130dfbff89415ee90c62e2efe83fb39f86d1db2ff222b164dedfddf2490382cbff47fd9933defa0e9a7a4d76cdda2ee38c37ebf1fbd11f908ae2a64d186ab3471b38575af5ce5c9e9159327e3afdf56239b32775b6b9cb185e6492f6e86b64244bd0000000000000000000000002e26c99c44c09c19bda6"], 0x10}}], 0x1, 0x81)
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0xfffffdef, 0x0, 0x0, 0x0, 0x0, 0x10}, 0xfffffdef}], 0x4000095, 0x401eb94)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0]})
r4 = creat(&(0x7f0000000280)='./file0\x00', 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x4000)
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x0, 0x0, 0x7]})

0s ago: executing program 2 (id=1721):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket(0x200000100000011, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="78226e6f65786163638173733d616e792c63616368653d66736361"])
chdir(&(0x7f0000000280)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000440)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x420001, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x400141042, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x14b042, 0x0)
pwritev2(r3, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5405, 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
writev(r5, &(0x7f0000000400)=[{&(0x7f0000000000)="aefdda9d240e00005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000040)="aa1d484e240003000000f7c08bfcd111fbdf23ea32db0e8f21d5bc27bd8063067a0689fff2a41cfbf0e9", 0x2a}], 0x2)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000a58000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000000000000014d564b00000000af"])
ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000002580)=""/107})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x2001, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000004a150112790001020301090224000101000000090400000003010000092100000001220000090581030000000000"], 0x0)

kernel console output (not intermixed with test programs):

db1e, bcdDevice=61.23
[  188.349096][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  188.570402][ T5378] usb 5-1: GET_CAPABILITIES returned 0
[  188.599804][ T5378] usbtmc 5-1:16.0: can't read capabilities
[  188.951340][ T7746] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  188.962485][ T7766] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90
[  188.993481][ T5378] usb 5-1: USB disconnect, device number 13
[  190.901205][   T30] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  191.111195][   T30] usb 5-1: Using ep0 maxpacket: 8
[  191.128625][   T30] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  191.132495][   T30] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  191.136930][   T30] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  191.142445][   T30] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  191.150298][   T30] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  191.156086][   T30] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  191.160192][   T30] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.387602][   T30] usb 5-1: GET_CAPABILITIES returned 0
[  191.389690][   T30] usbtmc 5-1:16.0: can't read capabilities
[  191.757409][ T7802] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  191.766103][ T7817] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90
[  191.772399][    T8] usb 5-1: USB disconnect, device number 14
[  193.392538][ T7845] ieee802154 phy0 wpan0: encryption failed: -22
[  193.476128][ T7853] input: syz1 as /devices/virtual/input/input37
[  194.721242][    T8] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  194.787845][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[  194.792624][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[  194.931343][    T8] usb 7-1: Using ep0 maxpacket: 8
[  194.954652][    T8] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  194.964817][    T8] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  194.978430][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  194.988624][    T8] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  195.004158][    T8] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  195.018469][    T8] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  195.028354][    T8] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.243327][    T8] usb 7-1: GET_CAPABILITIES returned 0
[  195.253306][    T8] usbtmc 7-1:16.0: can't read capabilities
[  195.629239][ T7865] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  195.636103][ T7882] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -90
[  195.646171][    T8] usb 7-1: USB disconnect, device number 2
[  196.443920][ T7895] input: syz1 as /devices/virtual/input/input38
[  196.464558][ T7897] fuse: Unknown parameter 'g"
'
[  197.765651][ T7912] random: crng reseeded on system resumption
[  198.726933][ T7925] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  198.771662][ T7927] 9pnet_virtio: no channels available for device syz
[  198.907866][ T7927] random: crng reseeded on system resumption
[  200.596105][ T7956] ieee802154 phy0 wpan0: encryption failed: -22
[  200.688647][ T7971] raw_sendmsg: syz.0.705 forgot to set AF_INET. Fix it!
[  200.692100][   T25] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  200.894652][   T25] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  200.899567][   T25] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  200.906076][   T25] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  200.914066][   T25] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  200.918268][   T25] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  200.922580][   T25] usb 6-1: Manufacturer: syz
[  200.927193][   T25] usb 6-1: config 0 descriptor??
[  200.933229][   T25] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  201.125240][ T7982] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  201.736025][ T7989] FAULT_INJECTION: forcing a failure.
[  201.736025][ T7989] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  201.747282][ T7989] CPU: 3 UID: 0 PID: 7989 Comm: syz.2.710 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  201.752154][ T7989] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  201.756443][ T7989] Call Trace:
[  201.757855][ T7989]  <TASK>
[  201.759091][ T7989]  dump_stack_lvl+0x16c/0x1f0
[  201.761245][ T7989]  should_fail_ex+0x497/0x5b0
[  201.763342][ T7989]  _copy_to_user+0x30/0xc0
[  201.765413][ T7989]  simple_read_from_buffer+0xd0/0x160
[  201.767716][ T7989]  proc_fail_nth_read+0x1b0/0x290
[  201.769626][ T7989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  201.771748][ T7989]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  201.774505][ T7989]  vfs_read+0x1d4/0xbd0
[  201.776643][ T7989]  ? __fdget_pos+0xeb/0x180
[  201.778614][ T7989]  ? __pfx_vfs_read+0x10/0x10
[  201.780829][ T7989]  ? __pfx___mutex_lock+0x10/0x10
[  201.783189][ T7989]  ? __fget_files+0x256/0x400
[  201.785227][ T7989]  ksys_read+0x12f/0x260
[  201.787194][ T7989]  ? __pfx_ksys_read+0x10/0x10
[  201.789272][ T7989]  do_syscall_64+0xcd/0x250
[  201.791225][ T7989]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.794064][ T7989] RIP: 0033:0x7f5dfff7643c
[  201.796010][ T7989] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  201.803743][ T7989] RSP: 002b:00007f5e00d54040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  201.807085][ T7989] RAX: ffffffffffffffda RBX: 00007f5e00105f80 RCX: 00007f5dfff7643c
[  201.810147][ T7989] RDX: 000000000000000f RSI: 00007f5e00d540b0 RDI: 0000000000000005
[  201.813204][ T7989] RBP: 00007f5e00d540a0 R08: 0000000000000000 R09: 0000000000000000
[  201.816526][ T7989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  201.820176][ T7989] R13: 000000000000000b R14: 00007f5e00105f80 R15: 00007ffdc93e5728
[  201.823804][ T7989]  </TASK>
[  201.825333][    C3] vkms_vblank_simulate: vblank timer overrun
[  202.041824][   T39] audit: type=1400 audit(1722636323.297:346): avc:  denied  { read } for  pid=7993 comm="syz.2.712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  202.454695][ T7999] FAULT_INJECTION: forcing a failure.
[  202.454695][ T7999] name failslab, interval 1, probability 0, space 0, times 0
[  202.460432][ T7999] CPU: 3 UID: 0 PID: 7999 Comm: syz.0.713 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  202.465195][ T7999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  202.469837][ T7999] Call Trace:
[  202.471350][ T7999]  <TASK>
[  202.472688][ T7999]  dump_stack_lvl+0x16c/0x1f0
[  202.474822][ T7999]  should_fail_ex+0x497/0x5b0
[  202.476975][ T7999]  should_failslab+0xc2/0x120
[  202.479001][ T7999]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  202.481534][ T7999]  ? skb_clone+0x190/0x3f0
[  202.483551][ T7999]  skb_clone+0x190/0x3f0
[  202.485460][ T7999]  netlink_deliver_tap+0xab3/0xd90
[  202.487740][ T7999]  netlink_unicast+0x606/0x830
[  202.489872][ T7999]  ? __pfx_netlink_unicast+0x10/0x10
[  202.492123][ T7999]  netlink_sendmsg+0x8b8/0xd70
[  202.494249][ T7999]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.496712][ T7999]  ? __import_iovec+0x1fd/0x6e0
[  202.498843][ T7999]  ____sys_sendmsg+0xab5/0xc90
[  202.501000][ T7999]  ? copy_msghdr_from_user+0x10b/0x160
[  202.503492][ T7999]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.505808][ T7999]  ? find_held_lock+0x2d/0x110
[  202.507962][ T7999]  ? __pfx___lock_acquire+0x10/0x10
[  202.510277][ T7999]  ___sys_sendmsg+0x135/0x1e0
[  202.512501][ T7999]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.514828][ T7999]  ? ksys_write+0x21c/0x260
[  202.516830][ T7999]  ? __fget_light+0x173/0x210
[  202.518978][ T7999]  __sys_sendmsg+0x117/0x1f0
[  202.521059][ T7999]  ? __pfx___sys_sendmsg+0x10/0x10
[  202.523449][ T7999]  do_syscall_64+0xcd/0x250
[  202.525487][ T7999]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.528120][ T7999] RIP: 0033:0x7f8e785779f9
[  202.530116][ T7999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.538598][ T7999] RSP: 002b:00007f8e79384048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  202.542424][ T7999] RAX: ffffffffffffffda RBX: 00007f8e78705f80 RCX: 00007f8e785779f9
[  202.545868][ T7999] RDX: 0000000000000000 RSI: 0000000020004340 RDI: 0000000000000003
[  202.549151][ T7999] RBP: 00007f8e793840a0 R08: 0000000000000000 R09: 0000000000000000
[  202.552654][ T7999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.556111][ T7999] R13: 000000000000000b R14: 00007f8e78705f80 R15: 00007fffbd48fbd8
[  202.559602][ T7999]  </TASK>
[  202.561143][    C3] vkms_vblank_simulate: vblank timer overrun
[  202.567661][ T1422] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  202.618054][ T8001] random: crng reseeded on system resumption
[  202.755104][ T1422] usb 7-1: Using ep0 maxpacket: 32
[  202.759483][ T1422] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  202.763686][ T1422] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  202.767238][ T1422] usb 7-1: config 0 has an invalid descriptor of length 14, skipping remainder of the config
[  202.772588][ T1422] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  202.776782][ T1422] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 224, changing to 7
[  202.781532][ T1422] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 32776, setting to 1024
[  202.785953][ T1422] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  202.793000][ T1422] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  202.797417][ T1422] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.806136][ T1422] usb 7-1: config 0 descriptor??
[  203.016442][   T30] usb 7-1: USB disconnect, device number 3
[  203.477317][   T10] usb 6-1: USB disconnect, device number 15
[  203.631338][   T30] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  203.875598][ T8016] ieee802154 phy0 wpan0: encryption failed: -22
[  204.041299][   T30] usb 7-1: Using ep0 maxpacket: 32
[  204.048659][   T30] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  204.054031][   T30] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  204.058553][   T30] usb 7-1: config 0 has an invalid descriptor of length 14, skipping remainder of the config
[  204.063657][   T30] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  204.068111][   T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 224, changing to 7
[  204.073490][   T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 32776, setting to 1024
[  204.080860][   T30] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  204.086729][   T30] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  204.091003][   T30] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.097699][   T30] usb 7-1: config 0 descriptor??
[  204.258727][ T8029] random: crng reseeded on system resumption
[  204.438363][ T8037] 9pnet_virtio: no channels available for device syz
[  204.555546][ T8037] random: crng reseeded on system resumption
[  205.501242][   T25] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  205.672627][ T8050] ieee802154 phy0 wpan0: encryption failed: -22
[  205.683541][   T25] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.687254][   T25] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  205.690460][   T25] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  205.694115][   T25] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  205.697474][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.712955][   T25] hub 5-1:1.0: bad descriptor, ignoring hub
[  205.715172][   T25] hub 5-1:1.0: probe with driver hub failed with error -5
[  205.718231][   T25] cdc_wdm 5-1:1.0: skipping garbage
[  205.720195][   T25] cdc_wdm 5-1:1.0: skipping garbage
[  205.722626][   T25] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  205.776017][   T25] usb 7-1: USB disconnect, device number 4
[  206.043058][    T8] usb 5-1: USB disconnect, device number 15
[  206.127342][ T8046] netlink: 8 bytes leftover after parsing attributes in process `syz.0.725'.
[  206.191230][   T25] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  206.211505][ T8046] hsr_slave_0: left promiscuous mode
[  206.225336][ T8046] hsr_slave_1: left promiscuous mode
[  206.395114][   T25] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  206.400064][   T25] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  206.404703][   T25] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  206.412030][   T25] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  206.416132][   T25] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  206.419748][   T25] usb 7-1: Manufacturer: syz
[  206.424262][   T25] usb 7-1: config 0 descriptor??
[  206.429844][   T25] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  206.531434][  T832] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  206.589725][ T8067] fuse: Unknown parameter 'g"
'
[  206.691230][  T832] usb 5-1: device descriptor read/64, error -71
[  206.961366][  T832] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  207.111220][  T832] usb 5-1: device descriptor read/64, error -71
[  207.232423][  T832] usb usb5-port1: attempt power cycle
[  207.651599][  T832] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  207.684768][  T832] usb 5-1: device descriptor read/8, error -71
[  207.962254][  T832] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  207.992045][  T832] usb 5-1: device descriptor read/8, error -71
[  208.122967][  T832] usb usb5-port1: unable to enumerate USB device
[  208.431013][    C3] vkms_vblank_simulate: vblank timer overrun
[  208.836270][   T57] usb 7-1: USB disconnect, device number 5
[  209.179087][ T8113] random: crng reseeded on system resumption
[  209.285192][ T8107] ieee802154 phy0 wpan0: encryption failed: -22
[  209.484831][   T39] audit: type=1400 audit(1722636330.747:347): avc:  denied  { mount } for  pid=8117 comm="syz.2.743" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  209.515970][   T39] audit: type=1400 audit(1722636330.777:348): avc:  denied  { mounton } for  pid=8117 comm="syz.2.743" path="/184/file0/file0" dev="bpf" ino=24675 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  209.527213][   T39] audit: type=1400 audit(1722636330.777:349): avc:  denied  { mount } for  pid=8117 comm="syz.2.743" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  209.550791][   T39] audit: type=1400 audit(1722636330.807:350): avc:  denied  { unmount } for  pid=5342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  209.560014][   T39] audit: type=1400 audit(1722636330.817:351): avc:  denied  { unmount } for  pid=5342 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  209.720424][    C3] vkms_vblank_simulate: vblank timer overrun
[  209.793989][   T39] audit: type=1400 audit(1722636331.057:352): avc:  denied  { read write } for  pid=8126 comm="syz.2.746" name="mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  209.804567][   T39] audit: type=1400 audit(1722636331.067:353): avc:  denied  { open } for  pid=8126 comm="syz.2.746" path="/dev/input/mice" dev="devtmpfs" ino=862 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  210.321256][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  210.527877][   T10] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  210.552602][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  210.558119][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  210.634541][   T10] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  210.649472][   T10] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  210.653430][   T10] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  210.656604][   T10] usb 7-1: Manufacturer: syz
[  210.666650][   T10] usb 7-1: config 0 descriptor??
[  210.957095][ T8146] random: crng reseeded on system resumption
[  211.096995][   T10] usbhid 7-1:0.0: can't add hid device: -71
[  211.099921][   T10] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  211.111401][   T10] usb 7-1: USB disconnect, device number 6
[  211.921304][   T25] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  212.135407][   T25] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  212.139501][ T8173] FAULT_INJECTION: forcing a failure.
[  212.139501][ T8173] name failslab, interval 1, probability 0, space 0, times 0
[  212.161316][   T25] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  212.165405][ T8173] CPU: 0 UID: 0 PID: 8173 Comm: syz.1.760 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  212.178081][ T8173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  212.182796][ T8173] Call Trace:
[  212.184176][ T8173]  <TASK>
[  212.185400][ T8173]  dump_stack_lvl+0x16c/0x1f0
[  212.187333][ T8173]  should_fail_ex+0x497/0x5b0
[  212.189613][ T8173]  ? fs_reclaim_acquire+0xae/0x160
[  212.192123][ T8173]  should_failslab+0xc2/0x120
[  212.194259][ T8173]  __kmalloc_noprof+0xcb/0x400
[  212.196431][ T8173]  ? __pfx_lock_acquire+0x10/0x10
[  212.198717][ T8173]  tomoyo_realpath_from_path+0xb9/0x720
[  212.201592][ T8173]  ? tomoyo_profile+0x47/0x60
[  212.203723][ T8173]  tomoyo_path_number_perm+0x245/0x590
[  212.206402][ T8173]  ? tomoyo_path_number_perm+0x232/0x590
[  212.208903][ T8173]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  212.211669][ T8173]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  212.214514][ T8173]  ? __fget_files+0x256/0x400
[  212.216796][ T8173]  security_file_ioctl+0x75/0xc0
[  212.219291][ T8173]  __x64_sys_ioctl+0xbb/0x220
[  212.221487][ T8173]  do_syscall_64+0xcd/0x250
[  212.223628][ T8173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.226530][ T8173] RIP: 0033:0x7f6b829779f9
[  212.228803][ T8173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.238046][ T8173] RSP: 002b:00007f6b83796048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  212.241842][ T8173] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b829779f9
[  212.245515][ T8173] RDX: 0000000000000000 RSI: 000000004024700a RDI: 0000000000000003
[  212.249204][ T8173] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  212.252491][ T8173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  212.255785][ T8173] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  212.259310][ T8173]  </TASK>
[  212.261601][ T8173] ERROR: Out of memory at tomoyo_realpath_from_path.
[  212.261597][   T25] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  212.268547][   T25] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  212.277033][   T25] usb 7-1: Manufacturer: syz
[  212.285416][   T25] usb 7-1: config 0 descriptor??
[  212.296001][   T25] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  212.381026][ T8174] ieee802154 phy0 wpan0: encryption failed: -22
[  213.450045][   T39] audit: type=1400 audit(1722636334.707:354): avc:  denied  { connect } for  pid=8196 comm="syz.3.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  213.509891][   T39] audit: type=1400 audit(1722636334.767:355): avc:  denied  { connect } for  pid=8196 comm="syz.3.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  213.559885][   T39] audit: type=1400 audit(1722636334.817:356): avc:  denied  { write } for  pid=8196 comm="syz.3.765" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  213.831552][ T1422] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  214.023484][ T1422] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  214.029125][ T1422] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  214.033028][ T1422] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.040067][ T1422] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  214.049297][ T1422] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  214.053630][ T1422] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  214.057324][ T1422] usb 6-1: Manufacturer: syz
[  214.062117][ T1422] usb 6-1: config 0 descriptor??
[  214.212910][ T8207] ieee802154 phy0 wpan0: encryption failed: -22
[  214.345702][ T8213] fuse: Unknown parameter 'g"
'
[  214.475336][ T1422] usbhid 6-1:0.0: can't add hid device: -71
[  214.478268][ T1422] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  214.483895][ T1422] usb 6-1: USB disconnect, device number 16
[  214.696691][   T25] usb 7-1: USB disconnect, device number 7
[  214.768690][ T8219] overlayfs: failed to resolve './file0/file0': -2
[  215.056866][    T8] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  215.241636][    T8] usb 8-1: Using ep0 maxpacket: 32
[  215.257718][    T8] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[  215.264690][    T8] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  215.289054][    T8] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  215.295894][    T8] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  215.301675][    T8] usb 8-1: config 0 interface 0 has no altsetting 0
[  215.312332][    T8] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  215.317034][    T8] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  215.321092][    T8] usb 8-1: Product: syz
[  215.323201][    T8] usb 8-1: Manufacturer: syz
[  215.325406][    T8] usb 8-1: SerialNumber: syz
[  215.336745][    T8] usb 8-1: config 0 descriptor??
[  215.347427][   T39] audit: type=1400 audit(1722636336.607:357): avc:  denied  { bind } for  pid=8230 comm="syz.0.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  215.348582][    T8] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  215.351920][ T8231] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  215.359121][   T39] audit: type=1400 audit(1722636336.617:358): avc:  denied  { connect } for  pid=8230 comm="syz.0.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  215.364300][    T8] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  215.450726][   T39] audit: type=1400 audit(1722636336.707:359): avc:  denied  { unlink } for  pid=8233 comm="syz.1.777" name="#1" dev="tmpfs" ino=1128 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  215.459679][   T39] audit: type=1400 audit(1722636336.717:360): avc:  denied  { mount } for  pid=8233 comm="syz.1.777" name="/" dev="overlay" ino=1122 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  215.474728][   T39] audit: type=1804 audit(1722636336.727:361): pid=8234 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.777" name="/newroot/203/bus/bus" dev="overlay" ino=1130 res=1 errno=0
[  215.487601][ T8234] evm: overlay not supported
[  215.494444][   T39] audit: type=1400 audit(1722636336.757:362): avc:  denied  { sys_module } for  pid=8233 comm="syz.1.777" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  215.495469][ T8234] Invalid ELF header magic: != ELF
[  215.503704][   T39] audit: type=1400 audit(1722636336.757:363): avc:  denied  { module_load } for  pid=8233 comm="syz.1.777" path="/203/bus/bus" dev="overlay" ino=1130 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1
[  215.527888][   T39] audit: type=1400 audit(1722636336.787:364): avc:  denied  { write } for  pid=8230 comm="syz.0.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  215.558379][    T8] usb 8-1: USB disconnect, device number 8
[  215.558476][    C1] ldusb 8-1:0.0: usb_submit_urb failed (-19)
[  215.592236][    T8] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  216.791318][   T58] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  216.973206][   T58] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  216.978888][   T58] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  216.990117][   T58] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  216.993801][   T58] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  216.999561][   T58] usb 7-1: Manufacturer: syz
[  217.005551][   T58] usb 7-1: config 0 descriptor??
[  217.014225][   T58] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  217.072921][ T8266] random: crng reseeded on system resumption
[  218.838596][   T39] audit: type=1400 audit(1722636340.097:365): avc:  denied  { ioctl } for  pid=8294 comm="syz.0.791" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=24040 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  219.501409][    T8] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  219.529195][   T10] usb 7-1: USB disconnect, device number 8
[  219.692820][    T8] usb 8-1: Using ep0 maxpacket: 8
[  219.699290][    T8] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  219.704287][    T8] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  219.709138][    T8] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  219.715468][    T8] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  219.720878][    T8] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  219.727149][    T8] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  219.731731][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.823087][ T8314] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  219.956784][    T8] usb 8-1: GET_CAPABILITIES returned 0
[  219.959956][    T8] usbtmc 8-1:16.0: can't read capabilities
[  220.323972][ T8306] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  220.329334][ T8323] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90
[  220.335342][ T5378] usb 8-1: USB disconnect, device number 9
[  220.976851][ T8332] fuse: Unknown parameter 'g"
'
[  221.451360][   T58] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  221.686601][   T58] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  221.698925][   T58] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 253
[  221.736420][   T58] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  221.744069][   T58] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  221.747749][   T58] usb 7-1: Manufacturer: syz
[  221.756388][   T58] usb 7-1: config 0 descriptor??
[  221.774419][   T58] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  224.181001][   T30] usb 7-1: USB disconnect, device number 9
[  224.222484][   T39] audit: type=1400 audit(1722636345.477:366): avc:  denied  { bind } for  pid=8394 comm="syz.2.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  224.233947][   T39] audit: type=1400 audit(1722636345.477:367): avc:  denied  { setopt } for  pid=8394 comm="syz.2.814" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  224.244558][   T39] audit: type=1400 audit(1722636345.477:368): avc:  denied  { mount } for  pid=8394 comm="syz.2.814" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  224.567230][ T8396] netlink: 'syz.2.814': attribute type 4 has an invalid length.
[  225.091919][ T5378] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  225.293149][ T5378] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  225.297959][ T5378] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  225.303368][ T5378] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  225.307766][ T5378] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  225.314401][ T5378] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  225.318484][ T5378] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  225.321991][ T5378] usb 8-1: Manufacturer: syz
[  225.327212][ T5378] usb 8-1: config 0 descriptor??
[  225.759773][ T5378] usbhid 8-1:0.0: can't add hid device: -71
[  225.763002][ T5378] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  225.769455][ T5378] usb 8-1: USB disconnect, device number 10
[  226.254442][ T8427] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  226.271275][   T30] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  226.488117][   T30] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  226.497825][   T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.510739][   T30] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  226.518476][   T30] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  226.524112][   T30] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  226.528410][   T30] usb 7-1: Manufacturer: syz
[  226.534045][   T30] usb 7-1: config 0 descriptor??
[  226.549331][   T30] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  228.217379][ T8455] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  228.592478][ T8457] random: crng reseeded on system resumption
[  229.019516][   T30] usb 7-1: USB disconnect, device number 10
[  230.042647][ T8484] random: crng reseeded on system resumption
[  230.092905][   T10] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  230.304635][   T10] usb 7-1: Using ep0 maxpacket: 8
[  230.310099][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  230.314344][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  230.319143][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  230.325508][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  230.329925][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  230.337543][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  230.341267][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.555768][   T10] usb 7-1: GET_CAPABILITIES returned 0
[  230.559796][   T10] usbtmc 7-1:16.0: can't read capabilities
[  230.926773][ T8481] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  230.930549][ T8492] usbtmc 7-1:16.0: send_request_dev_dep_msg_in returned -90
[  230.936567][ T5377] usb 7-1: USB disconnect, device number 11
[  231.765661][   T30] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  231.976131][   T30] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  231.994044][   T30] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.998024][   T30] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  232.018043][   T30] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  232.022046][   T30] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  232.025587][   T30] usb 7-1: Manufacturer: syz
[  232.038952][   T30] usb 7-1: config 0 descriptor??
[  232.052266][   T30] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  233.429765][   T39] audit: type=1400 audit(1722636354.687:369): avc:  denied  { read } for  pid=8529 comm="syz.1.851" name="sg1" dev="devtmpfs" ino=713 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  233.498300][   T39] audit: type=1400 audit(1722636354.757:370): avc:  denied  { view } for  pid=8529 comm="syz.1.851" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  233.759443][ T8541] fuse: Unknown parameter 'g"
'
[  234.228432][ T8553] fuse: Unknown parameter 'g"
'
[  234.557392][   T25] usb 7-1: USB disconnect, device number 12
[  235.899522][ T8580] 9pnet_virtio: no channels available for device syz
[  236.010083][ T8578] random: crng reseeded on system resumption
[  237.310975][ T8609] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  237.363902][ T8611] FAULT_INJECTION: forcing a failure.
[  237.363902][ T8611] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  237.369366][ T8611] CPU: 1 UID: 0 PID: 8611 Comm: syz.1.867 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  237.373161][ T8611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  237.377941][ T8611] Call Trace:
[  237.379453][ T8611]  <TASK>
[  237.380807][ T8611]  dump_stack_lvl+0x16c/0x1f0
[  237.382981][ T8611]  should_fail_ex+0x497/0x5b0
[  237.385370][ T8611]  _copy_to_user+0x30/0xc0
[  237.387405][ T8611]  simple_read_from_buffer+0xd0/0x160
[  237.389831][ T8611]  proc_fail_nth_read+0x1b0/0x290
[  237.392089][ T8611]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  237.394628][ T8611]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  237.397124][ T8611]  vfs_read+0x1d4/0xbd0
[  237.399024][ T8611]  ? __fdget_pos+0xeb/0x180
[  237.400836][ T8611]  ? __pfx_vfs_read+0x10/0x10
[  237.402973][ T8611]  ? __pfx___mutex_lock+0x10/0x10
[  237.405245][ T8611]  ? __fget_files+0x256/0x400
[  237.407408][ T8611]  ksys_read+0x12f/0x260
[  237.409297][ T8611]  ? __pfx_ksys_read+0x10/0x10
[  237.411450][ T8611]  do_syscall_64+0xcd/0x250
[  237.413265][ T8611]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  237.415774][ T8611] RIP: 0033:0x7f6b8297643c
[  237.417807][ T8611] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48
[  237.426064][ T8611] RSP: 002b:00007f6b83796040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  237.429801][ T8611] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b8297643c
[  237.433305][ T8611] RDX: 000000000000000f RSI: 00007f6b837960b0 RDI: 0000000000000004
[  237.436802][ T8611] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  237.440302][ T8611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  237.444140][ T8611] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  237.447297][ T8611]  </TASK>
[  237.524189][   T39] audit: type=1400 audit(1722636358.787:371): avc:  denied  { create } for  pid=8612 comm="syz.0.868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  237.533055][   T39] audit: type=1400 audit(1722636358.787:372): avc:  denied  { write } for  pid=8612 comm="syz.0.868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  237.642135][   T39] audit: type=1400 audit(1722636358.907:373): avc:  denied  { map } for  pid=8612 comm="syz.0.868" path="/dev/hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  237.667659][   T39] audit: type=1400 audit(1722636358.907:374): avc:  denied  { execute } for  pid=8612 comm="syz.0.868" path="/dev/hpet" dev="devtmpfs" ino=632 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  237.703644][   T39] audit: type=1400 audit(1722636358.917:375): avc:  denied  { map } for  pid=8612 comm="syz.0.868" path="socket:[26662]" dev="sockfs" ino=26662 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  237.740013][   T39] audit: type=1400 audit(1722636358.927:376): avc:  denied  { read } for  pid=8612 comm="syz.0.868" path="socket:[26662]" dev="sockfs" ino=26662 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  237.754081][   T39] audit: type=1400 audit(1722636358.957:377): avc:  denied  { execute } for  pid=8612 comm="syz.0.868" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=27688 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  237.768367][   T39] audit: type=1400 audit(1722636358.967:378): avc:  denied  { setattr } for  pid=8612 comm="syz.0.868" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  238.534911][ T8631] random: crng reseeded on system resumption
[  239.821724][ T8636] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  239.825674][ T8636] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  240.878120][   T39] kauditd_printk_skb: 1 callbacks suppressed
[  240.878131][   T39] audit: type=1400 audit(1722636362.137:380): avc:  denied  { mounton } for  pid=8658 comm="syz.1.879" path="/231/bus" dev="tmpfs" ino=1286 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  241.361242][ T5377] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  241.561287][ T5377] usb 5-1: Using ep0 maxpacket: 8
[  241.570058][ T5377] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  241.579422][ T5377] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  241.585112][ T5377] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  241.589137][ T5377] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  241.597576][ T5377] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  241.604636][ T5377] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  241.608227][ T5377] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.691401][   T39] audit: type=1400 audit(1722636362.957:381): avc:  denied  { unmount } for  pid=5333 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  241.827542][ T5377] usb 5-1: GET_CAPABILITIES returned 0
[  241.829802][ T5377] usbtmc 5-1:16.0: can't read capabilities
[  242.805601][ T8684] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  243.257392][ T8689] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  243.496706][ T8680] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  243.500382][ T8680] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  245.526456][ T8712] random: crng reseeded on system resumption
[  246.322689][ T8719] fuse: Unknown parameter 'g"
'
[  247.112947][ T8662] usbtmc 5-1:16.0: stb usb_control_msg returned -110
[  247.118610][ T8677] usbtmc 5-1:16.0: send_request_dev_dep_msg_in returned -90
[  247.138072][ T5378] usb 5-1: USB disconnect, device number 20
[  248.077412][ T8744] random: crng reseeded on system resumption
[  248.960613][ T8757] ieee802154 phy0 wpan0: encryption failed: -22
[  249.181502][ T8766] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  249.465819][ T8769] fuse: Unknown parameter 'g"
'
[  250.602508][ T8780] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  251.221677][ T8786] random: crng reseeded on system resumption
[  252.951225][   T25] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  252.965305][ T8815] random: crng reseeded on system resumption
[  253.151247][   T25] usb 6-1: Using ep0 maxpacket: 8
[  253.156666][   T25] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  253.165907][   T25] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  253.173136][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  253.178398][   T25] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  253.187404][   T25] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  253.193584][   T25] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  253.198090][   T25] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.410677][   T25] usb 6-1: GET_CAPABILITIES returned 0
[  253.414964][   T25] usbtmc 6-1:16.0: can't read capabilities
[  253.736402][ T8813] usbtmc 6-1:16.0: stb usb_control_msg returned -32
[  253.743438][   T25] usb 6-1: USB disconnect, device number 17
[  256.225072][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[  256.228499][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[  256.851224][ T5378] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  257.031213][ T5378] usb 5-1: Using ep0 maxpacket: 8
[  257.036441][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  257.039879][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  257.047601][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  257.051973][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  257.056108][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  257.062420][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  257.068968][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.279335][ T5378] usb 5-1: GET_CAPABILITIES returned 0
[  257.281547][ T5378] usbtmc 5-1:16.0: can't read capabilities
[  258.726021][ T8913] random: crng reseeded on system resumption
[  259.577599][    T8] usb 5-1: USB disconnect, device number 21
[  259.716435][ T8935] fuse: Unknown parameter 'g"
'
[  259.878340][ T8930] ieee802154 phy0 wpan0: encryption failed: -22
[  260.088557][ T8942] random: crng reseeded on system resumption
[  263.686762][ T8992] random: crng reseeded on system resumption
[  264.666276][ T9013] 9pnet_fd: Insufficient options for proto=fd
[  265.320408][ T9025] fuse: Unknown parameter 'g"
'
[  265.901326][ T5377] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  266.093781][ T5377] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  266.098390][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  266.103600][ T5377] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  266.107930][ T5377] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  266.116130][ T5377] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  266.120169][ T5377] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  266.124233][ T5377] usb 8-1: Manufacturer: syz
[  266.133702][ T5377] usb 8-1: config 0 descriptor??
[  266.384516][ T9037] random: crng reseeded on system resumption
[  266.601493][ T5377] usbhid 8-1:0.0: can't add hid device: -71
[  266.604206][ T5377] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  266.613828][ T5377] usb 8-1: USB disconnect, device number 11
[  267.094050][   T39] audit: type=1400 audit(1722636388.357:382): avc:  denied  { setopt } for  pid=9047 comm="syz.1.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  267.108462][   T39] audit: type=1400 audit(1722636388.357:383): avc:  denied  { bind } for  pid=9047 comm="syz.1.978" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  267.392605][ T9055] fuse: Unknown parameter 'g"
'
[  267.421322][ T5378] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  267.611358][ T5378] usb 8-1: Using ep0 maxpacket: 8
[  267.625206][ T5378] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  267.641307][ T5378] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  267.646913][ T5378] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  267.657500][ T5378] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  267.669706][ T5378] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  267.682065][ T5378] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  267.685895][ T5378] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.959787][ T5378] usb 8-1: GET_CAPABILITIES returned 0
[  267.962472][ T5378] usbtmc 8-1:16.0: can't read capabilities
[  269.294745][ T9085] FAULT_INJECTION: forcing a failure.
[  269.294745][ T9085] name failslab, interval 1, probability 0, space 0, times 0
[  269.299848][ T9085] CPU: 2 UID: 0 PID: 9085 Comm: syz.1.987 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  269.304265][ T9085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  269.308558][ T9085] Call Trace:
[  269.310047][ T9085]  <TASK>
[  269.311368][ T9085]  dump_stack_lvl+0x16c/0x1f0
[  269.313456][ T9085]  should_fail_ex+0x497/0x5b0
[  269.315538][ T9085]  ? fs_reclaim_acquire+0xae/0x160
[  269.317610][ T9085]  should_failslab+0xc2/0x120
[  269.319546][ T9085]  __kmalloc_noprof+0xcb/0x400
[  269.321647][ T9085]  ? __pfx_lock_acquire+0x10/0x10
[  269.323856][ T9085]  tomoyo_realpath_from_path+0xb9/0x720
[  269.326259][ T9085]  ? tomoyo_profile+0x47/0x60
[  269.328332][ T9085]  tomoyo_path_number_perm+0x245/0x590
[  269.330719][ T9085]  ? tomoyo_path_number_perm+0x232/0x590
[  269.333158][ T9085]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  269.335776][ T9085]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  269.338409][ T9085]  ? __fget_files+0x256/0x400
[  269.340488][ T9085]  security_file_ioctl+0x75/0xc0
[  269.342701][ T9085]  __x64_sys_ioctl+0xbb/0x220
[  269.344715][ T9085]  do_syscall_64+0xcd/0x250
[  269.346659][ T9085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.349252][ T9085] RIP: 0033:0x7f6b829779f9
[  269.351213][ T9085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  269.359472][ T9085] RSP: 002b:00007f6b83796048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  269.363081][ T9085] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b829779f9
[  269.366503][ T9085] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  269.369906][ T9085] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  269.373334][ T9085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  269.376618][ T9085] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  269.379753][ T9085]  </TASK>
[  269.383706][ T9085] ERROR: Out of memory at tomoyo_realpath_from_path.
[  270.622851][ T9105] ieee802154 phy0 wpan0: encryption failed: -22
[  272.431679][ T9129] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  273.084243][   T39] audit: type=1400 audit(1722636394.347:384): avc:  denied  { execute } for  pid=9135 comm="syz.0.1000" path="/dev/audio1" dev="devtmpfs" ino=1133 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  273.182716][ T9050] usbtmc 8-1:16.0: stb usb_control_msg returned -110
[  273.204483][ T9070] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90
[  273.253762][ T5377] usb 8-1: USB disconnect, device number 12
[  274.048600][ T9159] ieee802154 phy0 wpan0: encryption failed: -22
[  274.368615][ T9172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.383713][ T9172] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  274.397840][   T39] audit: type=1400 audit(1722636395.657:385): avc:  denied  { mount } for  pid=9171 comm="syz.3.1007" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  274.893122][  T832] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  275.082040][  T832] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  275.086900][  T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.094982][  T832] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  275.100655][  T832] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  275.114532][  T832] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  275.118314][  T832] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  275.126527][  T832] usb 7-1: Manufacturer: syz
[  275.133061][  T832] usb 7-1: config 0 descriptor??
[  275.210147][ T9186] fuse: Unknown parameter 'g"
'
[  275.322322][   T39] audit: type=1400 audit(1722636396.587:386): avc:  denied  { create } for  pid=9187 comm="syz.0.1012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  275.335790][   T39] audit: type=1400 audit(1722636396.597:387): avc:  denied  { ioctl } for  pid=9187 comm="syz.0.1012" path="socket:[29720]" dev="sockfs" ino=29720 ioctlcmd=0x89e9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  275.381653][   T39] audit: type=1400 audit(1722636396.647:388): avc:  denied  { create } for  pid=9187 comm="syz.0.1012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  275.554183][  T832] usbhid 7-1:0.0: can't add hid device: -71
[  275.556859][  T832] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  275.568837][  T832] usb 7-1: USB disconnect, device number 13
[  275.928428][ T9196] ieee802154 phy0 wpan0: encryption failed: -22
[  276.921739][    T8] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  277.120201][    T8] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  277.125615][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.129587][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.133773][    T8] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  277.158929][    T8] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  277.164060][    T8] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  277.169034][    T8] usb 6-1: Manufacturer: syz
[  277.183515][    T8] usb 6-1: config 0 descriptor??
[  277.638690][    T8] usbhid 6-1:0.0: can't add hid device: -71
[  277.642322][    T8] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  277.648504][    T8] usb 6-1: USB disconnect, device number 18
[  277.784156][ T9228] fuse: Unknown parameter 'g"
'
[  278.360285][ T9236] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  278.754384][ T9241] random: crng reseeded on system resumption
[  278.991430][  T832] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  279.181224][  T832] usb 7-1: Using ep0 maxpacket: 8
[  279.185581][  T832] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  279.191010][  T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  279.201538][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  279.210078][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  279.218767][  T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  279.224940][  T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  279.229333][  T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.444525][  T832] usb 7-1: GET_CAPABILITIES returned 0
[  279.446939][  T832] usbtmc 7-1:16.0: can't read capabilities
[  280.651381][ T9267] fuse: Unknown parameter 'g"
'
[  281.537250][ T9279] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  281.716858][ T5378] usb 7-1: USB disconnect, device number 14
[  283.909933][ T9313] fuse: Unknown parameter 'g"
'
[  284.301360][  T832] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  284.446864][ T9325] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  284.501309][  T832] usb 6-1: Using ep0 maxpacket: 8
[  284.507307][  T832] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  284.510239][  T832] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  284.514604][  T832] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  284.518908][  T832] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  284.523539][  T832] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  284.528465][  T832] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  284.532685][  T832] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.776542][  T832] usb 6-1: GET_CAPABILITIES returned 0
[  284.779103][  T832] usbtmc 6-1:16.0: can't read capabilities
[  285.134608][    C0] vkms_vblank_simulate: vblank timer overrun
[  286.161266][ T5378] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  286.341272][ T5378] usb 7-1: Using ep0 maxpacket: 8
[  286.345092][ T5378] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  286.348494][ T5378] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  286.353040][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  286.358044][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  286.362488][ T5378] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  286.368217][ T5378] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  286.372259][ T5378] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.589951][ T5378] usb 7-1: GET_CAPABILITIES returned 0
[  286.592646][ T5378] usbtmc 7-1:16.0: can't read capabilities
[  286.798036][ T9344] usbtmc 6-1:16.0: send_request_dev_dep_msg_in returned -90
[  287.064956][ T5378] usb 6-1: USB disconnect, device number 19
[  287.348919][ T9357] ieee802154 phy0 wpan0: encryption failed: -22
[  287.716766][ T9359] fuse: Unknown parameter 'g"
'
[  288.221795][ T9367] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  288.894927][ T5377] usb 7-1: USB disconnect, device number 15
[  289.381299][ T5377] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  289.641229][ T5377] usb 7-1: Using ep0 maxpacket: 8
[  289.646279][ T5377] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  289.651254][ T5377] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  289.655334][ T5377] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  289.661596][ T5377] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  289.666313][ T5377] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  289.673147][ T5377] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  289.679094][ T5377] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.301438][ T5377] usb 7-1: GET_CAPABILITIES returned 0
[  290.304123][ T5377] usbtmc 7-1:16.0: can't read capabilities
[  290.536142][   T39] audit: type=1400 audit(1722636411.797:389): avc:  denied  { connect } for  pid=9391 comm="syz.0.1067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  290.657129][   T39] audit: type=1400 audit(1722636411.917:390): avc:  denied  { search } for  pid=5049 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  290.681319][   T39] audit: type=1400 audit(1722636411.917:391): avc:  denied  { read } for  pid=5049 comm="dhcpcd" name="n71" dev="tmpfs" ino=5457 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  290.714439][   T39] audit: type=1400 audit(1722636411.917:392): avc:  denied  { open } for  pid=5049 comm="dhcpcd" path="/run/udev/data/n71" dev="tmpfs" ino=5457 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  290.728296][   T39] audit: type=1400 audit(1722636411.917:393): avc:  denied  { getattr } for  pid=5049 comm="dhcpcd" path="/run/udev/data/n71" dev="tmpfs" ino=5457 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  290.866874][ T9401] fuse: Unknown parameter 'g"
'
[  291.540266][ T9405] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  291.972610][  T832] usb 7-1: USB disconnect, device number 16
[  292.306671][ T9419] netlink: 'syz.1.1074': attribute type 10 has an invalid length.
[  292.335666][ T9419] 8021q: adding VLAN 0 to HW filter on device team0
[  292.341690][ T9419] bond0: (slave team0): Enslaving as an active interface with an up link
[  292.345782][ T9417] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1075'.
[  292.380604][ T9419] netlink: 'syz.1.1074': attribute type 10 has an invalid length.
[  294.247600][ T9457] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1084'.
[  294.498363][ T9462] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  295.368554][ T9476] ieee802154 phy0 wpan0: encryption failed: -22
[  295.756710][   T39] audit: type=1400 audit(1722636417.017:394): avc:  denied  { read write } for  pid=9477 comm="syz.1.1090" name="raw-gadget" dev="devtmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  295.766451][   T39] audit: type=1400 audit(1722636417.017:395): avc:  denied  { open } for  pid=9477 comm="syz.1.1090" path="/dev/raw-gadget" dev="devtmpfs" ino=763 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  295.778354][   T39] audit: type=1400 audit(1722636417.017:396): avc:  denied  { ioctl } for  pid=9477 comm="syz.1.1090" path="/dev/raw-gadget" dev="devtmpfs" ino=763 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  296.041224][  T832] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  296.193342][ T9492] team_slave_0: entered promiscuous mode
[  296.196599][ T9492] team_slave_1: entered promiscuous mode
[  296.230750][  T832] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  296.239645][  T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.262396][  T832] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.267057][  T832] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  296.276739][  T832] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  296.280802][  T832] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  296.284302][  T832] usb 6-1: Manufacturer: syz
[  296.288318][  T832] usb 6-1: config 0 descriptor??
[  296.750420][  T832] usbhid 6-1:0.0: can't add hid device: -71
[  296.752972][  T832] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  296.757907][  T832] usb 6-1: USB disconnect, device number 20
[  297.398462][  T832] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  297.452596][   T39] audit: type=1400 audit(1722636418.717:397): avc:  denied  { bind } for  pid=9502 comm="syz.1.1098" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  297.601391][  T832] usb 7-1: Using ep0 maxpacket: 8
[  297.606261][  T832] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  297.610231][  T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  297.615380][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  297.619370][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  297.626893][  T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  297.661203][  T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  297.665372][  T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.785643][ T9510] FAULT_INJECTION: forcing a failure.
[  297.785643][ T9510] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.791560][ T9510] CPU: 2 UID: 0 PID: 9510 Comm: syz.1.1100 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  297.796061][ T9510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  297.800544][ T9510] Call Trace:
[  297.801996][ T9510]  <TASK>
[  297.803373][ T9510]  dump_stack_lvl+0x16c/0x1f0
[  297.805511][ T9510]  should_fail_ex+0x497/0x5b0
[  297.807602][ T9510]  _copy_from_user+0x30/0xf0
[  297.809570][ T9510]  add_rule_path_beneath+0xad/0x510
[  297.811727][ T9510]  ? __fget_files+0x256/0x400
[  297.813650][ T9510]  ? __pfx_add_rule_path_beneath+0x10/0x10
[  297.816086][ T9510]  ? fput+0x32/0x390
[  297.817570][ T9510]  __x64_sys_landlock_add_rule+0x19f/0x230
[  297.819759][ T9510]  do_syscall_64+0xcd/0x250
[  297.821466][ T9510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.824155][ T9510] RIP: 0033:0x7f6b829779f9
[  297.826072][ T9510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.835102][ T9510] RSP: 002b:00007f6b83796048 EFLAGS: 00000246 ORIG_RAX: 00000000000001bd
[  297.838732][ T9510] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b829779f9
[  297.842057][ T9510] RDX: 0000000020000140 RSI: 0000000000000001 RDI: 0000000000000004
[  297.845446][ T9510] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  297.848933][ T9510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.852448][ T9510] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  297.857820][ T9510]  </TASK>
[  297.886323][  T832] usb 7-1: usb_control_msg returned -32
[  297.891048][  T832] usbtmc 7-1:16.0: can't read capabilities
[  297.898123][  T832] usb 7-1: USB disconnect, device number 17
[  297.925607][ T9512] FAULT_INJECTION: forcing a failure.
[  297.925607][ T9512] name failslab, interval 1, probability 0, space 0, times 0
[  297.932271][ T9512] CPU: 3 UID: 0 PID: 9512 Comm: syz.1.1101 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  297.937443][ T9512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  297.943119][ T9512] Call Trace:
[  297.944802][ T9512]  <TASK>
[  297.946552][ T9512]  dump_stack_lvl+0x16c/0x1f0
[  297.949035][ T9512]  should_fail_ex+0x497/0x5b0
[  297.951449][ T9512]  ? fs_reclaim_acquire+0xae/0x160
[  297.953680][ T9512]  should_failslab+0xc2/0x120
[  297.955658][ T9512]  kmem_cache_alloc_node_noprof+0x71/0x310
[  297.958113][ T9512]  ? __alloc_skb+0x2b1/0x380
[  297.960116][ T9512]  __alloc_skb+0x2b1/0x380
[  297.962496][ T9512]  ? __pfx___alloc_skb+0x10/0x10
[  297.965036][ T9512]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  297.967506][ T9512]  netlink_alloc_large_skb+0x69/0x130
[  297.970131][ T9512]  netlink_sendmsg+0x689/0xd70
[  297.972364][ T9512]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.974582][ T9512]  ? __import_iovec+0x1fd/0x6e0
[  297.976700][ T9512]  ____sys_sendmsg+0xab5/0xc90
[  297.979432][ T9512]  ? copy_msghdr_from_user+0x10b/0x160
[  297.982395][ T9512]  ? __pfx_____sys_sendmsg+0x10/0x10
[  297.985616][ T9512]  ? find_held_lock+0x2d/0x110
[  297.988129][ T9512]  ? __pfx___lock_acquire+0x10/0x10
[  297.990859][ T9512]  ___sys_sendmsg+0x135/0x1e0
[  297.992843][ T9512]  ? __pfx____sys_sendmsg+0x10/0x10
[  297.995040][ T9512]  ? ksys_write+0x21c/0x260
[  297.996854][ T9512]  ? __fget_light+0x173/0x210
[  297.998668][ T9512]  __sys_sendmsg+0x117/0x1f0
[  298.000540][ T9512]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.008515][ T9512]  do_syscall_64+0xcd/0x250
[  298.011715][ T9512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.017069][ T9512] RIP: 0033:0x7f6b829779f9
[  298.020260][ T9512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.030509][ T9512] RSP: 002b:00007f6b83796048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.034234][ T9512] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b829779f9
[  298.038200][ T9512] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  298.041545][ T9512] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  298.045313][ T9512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.049085][ T9512] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  298.052732][ T9512]  </TASK>
[  298.106875][ T9518] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1102'.
[  298.173536][ T9523] overlayfs: failed to resolve './file0': -2
[  299.647583][ T9542] =======================================================
[  299.647583][ T9542] WARNING: The mand mount option has been deprecated and
[  299.647583][ T9542]          and is ignored by this kernel. Remove the mand
[  299.647583][ T9542]          option from the mount to silence this warning.
[  299.647583][ T9542] =======================================================
[  299.665765][   T39] audit: type=1400 audit(1722636420.907:398): avc:  denied  { remount } for  pid=9541 comm="syz.2.1111" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  299.970775][ T9544] random: crng reseeded on system resumption
[  301.261407][ T5378] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  301.451300][ T5378] usb 7-1: Using ep0 maxpacket: 8
[  301.463887][ T5378] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  301.467259][ T5378] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  301.471490][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  301.475850][ T5378] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  301.480324][ T5378] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  301.486792][ T5378] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  301.489816][ T5378] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.569210][   T39] audit: type=1400 audit(1722636422.827:399): avc:  denied  { read } for  pid=9571 comm="syz.1.1119" dev="sockfs" ino=31141 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  301.708741][ T5378] usb 7-1: usb_control_msg returned -32
[  301.711893][ T5378] usbtmc 7-1:16.0: can't read capabilities
[  301.728959][ T5378] usb 7-1: USB disconnect, device number 18
[  302.226812][ T9581] ieee802154 phy0 wpan0: encryption failed: -22
[  302.589505][ T9593] random: crng reseeded on system resumption
[  303.208288][   T39] audit: type=1400 audit(1722636424.467:400): avc:  denied  { read } for  pid=9595 comm="syz.0.1124" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  303.236506][ T9596] netlink: 'syz.0.1124': attribute type 5 has an invalid length.
[  303.425643][ T9601] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  303.624363][  T832] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  303.826651][  T832] usb 7-1: Using ep0 maxpacket: 8
[  303.841894][  T832] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  303.844861][  T832] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  303.848142][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  303.851932][  T832] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  303.855579][  T832] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  303.860480][  T832] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  303.870134][  T832] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.134554][  T832] usb 7-1: GET_CAPABILITIES returned 0
[  304.137566][  T832] usbtmc 7-1:16.0: can't read capabilities
[  304.367859][ T9600] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  304.375032][    T8] usb 7-1: USB disconnect, device number 19
[  304.392150][ T9618] FAULT_INJECTION: forcing a failure.
[  304.392150][ T9618] name failslab, interval 1, probability 0, space 0, times 0
[  304.397784][ T9618] CPU: 3 UID: 0 PID: 9618 Comm: syz.3.1131 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  304.402349][ T9618] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  304.407104][ T9618] Call Trace:
[  304.408605][ T9618]  <TASK>
[  304.409921][ T9618]  dump_stack_lvl+0x16c/0x1f0
[  304.412120][ T9618]  should_fail_ex+0x497/0x5b0
[  304.414154][ T9618]  ? fs_reclaim_acquire+0xae/0x160
[  304.416455][ T9618]  should_failslab+0xc2/0x120
[  304.418527][ T9618]  __kmalloc_noprof+0xcb/0x400
[  304.420675][ T9618]  ? d_absolute_path+0x137/0x1b0
[  304.422947][ T9618]  tomoyo_encode2+0x100/0x3e0
[  304.425110][ T9618]  tomoyo_encode+0x29/0x50
[  304.427176][ T9618]  tomoyo_realpath_from_path+0x19d/0x720
[  304.429664][ T9618]  tomoyo_path_number_perm+0x245/0x590
[  304.432092][ T9618]  ? tomoyo_path_number_perm+0x232/0x590
[  304.434693][ T9618]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  304.437562][ T9618]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  304.440390][ T9618]  ? __fget_files+0x256/0x400
[  304.443416][ T9618]  security_file_ioctl+0x75/0xc0
[  304.445703][ T9618]  __x64_sys_ioctl+0xbb/0x220
[  304.447899][ T9618]  do_syscall_64+0xcd/0x250
[  304.449861][ T9618]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  304.452701][ T9618] RIP: 0033:0x7fa94bb779f9
[  304.454969][ T9618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  304.465264][ T9618] RSP: 002b:00007fa94c9d2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  304.468949][ T9618] RAX: ffffffffffffffda RBX: 00007fa94bd05f80 RCX: 00007fa94bb779f9
[  304.472315][ T9618] RDX: 0000000020000040 RSI: 00000000c1105518 RDI: 0000000000000003
[  304.475804][ T9618] RBP: 00007fa94c9d20a0 R08: 0000000000000000 R09: 0000000000000000
[  304.479408][ T9618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  304.483045][ T9618] R13: 000000000000000b R14: 00007fa94bd05f80 R15: 00007fff8d227428
[  304.486469][ T9618]  </TASK>
[  304.491068][ T9618] ERROR: Out of memory at tomoyo_realpath_from_path.
[  304.785284][ T9623] random: crng reseeded on system resumption
[  305.222748][    C0] vkms_vblank_simulate: vblank timer overrun
[  305.247756][    C0] vkms_vblank_simulate: vblank timer overrun
[  306.387454][ T9640] 9pnet_virtio: no channels available for device syz
[  306.400238][ T9635] random: crng reseeded on system resumption
[  307.302535][ T9653] 9pnet_virtio: no channels available for device syz
[  307.408524][ T9653] random: crng reseeded on system resumption
[  307.632037][    C0] vkms_vblank_simulate: vblank timer overrun
[  308.253565][ T9666] ieee802154 phy0 wpan0: encryption failed: -22
[  308.261266][ T5377] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  308.461273][ T5377] usb 6-1: Using ep0 maxpacket: 8
[  308.490108][ T5377] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  308.493440][ T5377] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  308.497382][ T5377] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  308.501094][ T5377] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  308.505498][ T5377] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  308.511238][ T5377] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  308.514977][ T5377] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.751097][ T5377] usb 6-1: GET_CAPABILITIES returned 0
[  308.757025][ T5377] usbtmc 6-1:16.0: can't read capabilities
[  309.013272][ T9661] usbtmc 6-1:16.0: stb usb_control_msg returned -32
[  309.042371][  T832] usb 6-1: USB disconnect, device number 21
[  309.100153][ T9676] devtmpfs: Too few inodes for current use
[  309.101455][   T39] audit: type=1400 audit(1722636430.357:401): avc:  denied  { remount } for  pid=9675 comm="syz.0.1146" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  310.684198][   T39] audit: type=1400 audit(1722636431.927:402): avc:  denied  { write } for  pid=9698 comm="syz.3.1153" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  310.684684][ T9699] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  310.724358][ T9699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1153'.
[  311.019960][ T9705] random: crng reseeded on system resumption
[  311.650989][ T9721] FAULT_INJECTION: forcing a failure.
[  311.650989][ T9721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  311.655775][ T9721] CPU: 1 UID: 0 PID: 9721 Comm: syz.1.1159 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  311.659704][ T9721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  311.663392][ T9721] Call Trace:
[  311.664565][ T9721]  <TASK>
[  311.665601][ T9721]  dump_stack_lvl+0x16c/0x1f0
[  311.667717][ T9721]  should_fail_ex+0x497/0x5b0
[  311.669489][ T9721]  strncpy_from_user+0x38/0x320
[  311.671225][ T9721]  setxattr_copy+0x8a/0x200
[  311.672891][ T9721]  path_setxattr+0xfc/0x280
[  311.674865][ T9721]  ? __pfx_path_setxattr+0x10/0x10
[  311.676860][ T9721]  ? __pfx_lock_release+0x10/0x10
[  311.678598][ T9721]  ? fput+0x32/0x390
[  311.679936][ T9721]  ? ksys_write+0x1ab/0x260
[  311.681712][ T9721]  ? __pfx_ksys_write+0x10/0x10
[  311.683809][ T9721]  __x64_sys_setxattr+0xc4/0x160
[  311.685527][ T9721]  ? do_syscall_64+0x91/0x250
[  311.687265][ T9721]  ? lockdep_hardirqs_on+0x7c/0x110
[  311.689326][ T9721]  do_syscall_64+0xcd/0x250
[  311.690950][ T9721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.693412][ T9721] RIP: 0033:0x7f6b829779f9
[  311.695334][ T9721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.703053][ T9721] RSP: 002b:00007f6b83796048 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  311.706613][ T9721] RAX: ffffffffffffffda RBX: 00007f6b82b05f80 RCX: 00007f6b829779f9
[  311.709998][ T9721] RDX: 0000000020000380 RSI: 0000000020000000 RDI: 00000000200001c0
[  311.713496][ T9721] RBP: 00007f6b837960a0 R08: 0000000000000000 R09: 0000000000000000
[  311.716747][ T9721] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  311.719524][ T9721] R13: 000000000000000b R14: 00007f6b82b05f80 R15: 00007ffeb2213c08
[  311.722416][ T9721]  </TASK>
[  311.945798][ T9727] block nbd0: shutting down sockets
[  312.568834][ T9732] ieee802154 phy0 wpan0: encryption failed: -22
[  312.575818][   T39] audit: type=1400 audit(1722636433.837:403): avc:  denied  { execute } for  pid=9739 comm="syz.3.1165" path="/310/cpu.stat" dev="tmpfs" ino=1726 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  313.486190][ T9757] FAULT_INJECTION: forcing a failure.
[  313.486190][ T9757] name failslab, interval 1, probability 0, space 0, times 0
[  313.491395][ T9757] CPU: 3 UID: 0 PID: 9757 Comm: syz.0.1169 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  313.495855][ T9757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  313.499932][ T9757] Call Trace:
[  313.501333][ T9757]  <TASK>
[  313.502625][ T9757]  dump_stack_lvl+0x16c/0x1f0
[  313.504641][ T9757]  should_fail_ex+0x497/0x5b0
[  313.506635][ T9757]  ? fs_reclaim_acquire+0xae/0x160
[  313.508770][ T9757]  should_failslab+0xc2/0x120
[  313.510889][ T9757]  kmem_cache_alloc_node_noprof+0x71/0x310
[  313.513470][ T9757]  ? __alloc_skb+0x2b1/0x380
[  313.515567][ T9757]  __alloc_skb+0x2b1/0x380
[  313.517392][ T9757]  ? __pfx___alloc_skb+0x10/0x10
[  313.519537][ T9757]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  313.522082][ T9757]  netlink_alloc_large_skb+0x69/0x130
[  313.524462][ T9757]  netlink_sendmsg+0x689/0xd70
[  313.526521][ T9757]  ? __pfx_netlink_sendmsg+0x10/0x10
[  313.528803][ T9757]  ? __import_iovec+0x1fd/0x6e0
[  313.530935][ T9757]  ____sys_sendmsg+0xab5/0xc90
[  313.532836][ T9757]  ? copy_msghdr_from_user+0x10b/0x160
[  313.534894][ T9757]  ? __pfx_____sys_sendmsg+0x10/0x10
[  313.536871][ T9757]  ? find_held_lock+0x2d/0x110
[  313.539006][ T9757]  ? __pfx___lock_acquire+0x10/0x10
[  313.541328][ T9757]  ___sys_sendmsg+0x135/0x1e0
[  313.543406][ T9757]  ? __pfx____sys_sendmsg+0x10/0x10
[  313.545658][ T9757]  ? ksys_write+0x21c/0x260
[  313.547587][ T9757]  ? __fget_light+0x173/0x210
[  313.549399][ T9757]  __sys_sendmsg+0x117/0x1f0
[  313.551300][ T9757]  ? __pfx___sys_sendmsg+0x10/0x10
[  313.553478][ T9757]  do_syscall_64+0xcd/0x250
[  313.555385][ T9757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.557960][ T9757] RIP: 0033:0x7f8e785779f9
[  313.559760][ T9757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  313.567840][ T9757] RSP: 002b:00007f8e79384048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  313.571578][ T9757] RAX: ffffffffffffffda RBX: 00007f8e78705f80 RCX: 00007f8e785779f9
[  313.574834][ T9757] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000004
[  313.578271][ T9757] RBP: 00007f8e793840a0 R08: 0000000000000000 R09: 0000000000000000
[  313.582035][ T9757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  313.585162][ T9757] R13: 000000000000000b R14: 00007f8e78705f80 R15: 00007fffbd48fbd8
[  313.588059][ T9757]  </TASK>
[  313.763223][ T9767] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1172'.
[  313.846900][ T9767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  314.141493][  T832] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  314.356305][  T832] usb 8-1: not running at top speed; connect to a high speed hub
[  314.361422][  T832] usb 8-1: config 1 interface 0 has no altsetting 0
[  314.367598][  T832] usb 8-1: New USB device found, idVendor=0416, idProduct=c168, bcdDevice= 0.40
[  314.381434][  T832] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.384911][  T832] usb 8-1: Product: syz
[  314.386683][  T832] usb 8-1: Manufacturer: ж
[  314.388571][  T832] usb 8-1: SerialNumber: syz
[  314.581205][ T5378] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  314.616477][   T39] audit: type=1400 audit(1722636435.877:404): avc:  denied  { mount } for  pid=9765 comm="syz.3.1172" name="/" dev="autofs" ino=31700 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  314.626746][   T39] audit: type=1400 audit(1722636435.887:405): avc:  denied  { read } for  pid=9765 comm="syz.3.1172" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  314.648160][   T39] audit: type=1400 audit(1722636435.887:406): avc:  denied  { open } for  pid=9765 comm="syz.3.1172" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  314.664776][  T832] usbhid 8-1:1.0: can't add hid device: -71
[  314.668664][  T832] usbhid 8-1:1.0: probe with driver usbhid failed with error -71
[  314.677782][  T832] usb 8-1: USB disconnect, device number 13
[  314.781215][ T5378] usb 5-1: Using ep0 maxpacket: 8
[  314.789781][ T5378] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  314.798327][ T5378] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  314.806531][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  314.814895][ T5378] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  314.822990][ T5378] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  314.831339][ T5378] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  314.845278][ T5378] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.015171][ T9780] macsec0: entered promiscuous mode
[  315.057592][ T5378] usb 5-1: GET_CAPABILITIES returned 0
[  315.059839][ T5378] usbtmc 5-1:16.0: can't read capabilities
[  315.183687][   T39] audit: type=1400 audit(1722636436.447:407): avc:  denied  { unmount } for  pid=5340 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  315.384392][ T9772] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  315.416945][  T832] usb 5-1: USB disconnect, device number 22
[  316.463559][ T9814] netlink: 134744 bytes leftover after parsing attributes in process `syz.3.1185'.
[  316.876409][ T9819] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=30 sclass=netlink_tcpdiag_socket pid=9819 comm=syz.0.1186
[  317.166058][ T9823] ieee802154 phy0 wpan0: encryption failed: -22
[  317.511701][    T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  317.665729][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[  317.668926][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[  317.714279][    T8] usb 5-1: Using ep0 maxpacket: 8
[  317.718938][    T8] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  317.723180][    T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  317.727510][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  317.758441][    T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  317.764586][    T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  317.780085][    T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  317.784868][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.791483][ T9816] 9pnet_fd: p9_fd_create_tcp (9816): problem connecting socket to 127.0.0.1
[  317.956215][   T39] audit: type=1400 audit(1722636439.217:408): avc:  denied  { write } for  pid=9839 comm="syz.3.1194" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  317.963851][ T9840] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1194'.
[  317.996336][    T8] usb 5-1: GET_CAPABILITIES returned 0
[  317.998749][    T8] usbtmc 5-1:16.0: can't read capabilities
[  318.181214][   T30] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  318.301864][ T9830] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  318.308884][    T8] usb 5-1: USB disconnect, device number 23
[  318.382356][   T30] usb 6-1: Using ep0 maxpacket: 8
[  318.388640][   T30] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  318.393749][   T30] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  318.397961][   T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  318.402847][   T30] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  318.407321][   T30] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  318.414093][   T30] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  318.418132][   T30] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.629627][   T30] usb 6-1: usb_control_msg returned -32
[  318.632173][   T30] usbtmc 6-1:16.0: can't read capabilities
[  318.643739][   T30] usb 6-1: USB disconnect, device number 22
[  319.053873][ T9853] ieee802154 phy0 wpan0: encryption failed: -22
[  319.098804][   T39] audit: type=1400 audit(1722636440.357:409): avc:  denied  { create } for  pid=9862 comm="syz.3.1202" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  319.196745][ T9873] netlink: 'syz.2.1204': attribute type 29 has an invalid length.
[  319.200609][ T9873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1204'.
[  319.216865][ T9873] netlink: 'syz.2.1204': attribute type 29 has an invalid length.
[  319.220411][ T9873] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1204'.
[  319.491252][    T8] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  319.578183][ T9891] FAULT_INJECTION: forcing a failure.
[  319.578183][ T9891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.584357][ T9891] CPU: 3 UID: 0 PID: 9891 Comm: syz.2.1209 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  319.588886][ T9891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  319.593544][ T9891] Call Trace:
[  319.594860][ T9891]  <TASK>
[  319.596055][ T9891]  dump_stack_lvl+0x16c/0x1f0
[  319.598055][ T9891]  should_fail_ex+0x497/0x5b0
[  319.600087][ T9891]  _copy_from_user+0x30/0xf0
[  319.602109][ T9891]  alg_setsockopt+0x77f/0xee0
[  319.604193][ T9891]  ? __pfx_alg_setsockopt+0x10/0x10
[  319.606501][ T9891]  ? selinux_socket_setsockopt+0x6a/0x80
[  319.608988][ T9891]  ? __pfx_alg_setsockopt+0x10/0x10
[  319.611249][ T9891]  do_sock_setsockopt+0x222/0x480
[  319.613494][ T9891]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  319.615899][ T9891]  ? __fget_light+0x173/0x210
[  319.617952][ T9891]  __sys_setsockopt+0x1a4/0x270
[  319.620074][ T9891]  ? __pfx___sys_setsockopt+0x10/0x10
[  319.622387][ T9891]  ? fput+0x32/0x390
[  319.624165][ T9891]  ? ksys_write+0x1ab/0x260
[  319.626183][ T9891]  ? __pfx_ksys_write+0x10/0x10
[  319.628304][ T9891]  __x64_sys_setsockopt+0xbd/0x160
[  319.630557][ T9891]  ? do_syscall_64+0x91/0x250
[  319.632625][ T9891]  ? lockdep_hardirqs_on+0x7c/0x110
[  319.634925][ T9891]  do_syscall_64+0xcd/0x250
[  319.636939][ T9891]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.639472][ T9891] RIP: 0033:0x7f5dfff779f9
[  319.641042][ T9891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.648914][ T9891] RSP: 002b:00007f5e00d54048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  319.651967][ T9891] RAX: ffffffffffffffda RBX: 00007f5e00105f80 RCX: 00007f5dfff779f9
[  319.654883][ T9891] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[  319.657938][ T9891] RBP: 00007f5e00d540a0 R08: 0000000000000000 R09: 0000000000000000
[  319.661409][ T9891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.664799][ T9891] R13: 000000000000000b R14: 00007f5e00105f80 R15: 00007ffdc93e5728
[  319.668191][ T9891]  </TASK>
[  319.676812][    T8] usb 8-1: Using ep0 maxpacket: 8
[  319.681790][    T8] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  319.691809][    T8] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  319.696390][    T8] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  319.701036][    T8] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  319.708340][    T8] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  319.714691][    T8] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  319.719218][    T8] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.960062][    T8] usb 8-1: GET_CAPABILITIES returned 0
[  319.962769][    T8] usbtmc 8-1:16.0: can't read capabilities
[  320.275943][ T9898] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  320.278999][ T9899] usbtmc 8-1:16.0: send_request_dev_dep_msg_in returned -90
[  320.290602][  T832] usb 8-1: USB disconnect, device number 14
[  320.929560][   T39] audit: type=1400 audit(1722636442.187:410): avc:  denied  { name_bind } for  pid=9910 comm="syz.0.1214" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  320.983573][ T9914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9914 comm=syz.0.1214
[  320.990850][ T9914] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  321.021006][ T9909] ieee802154 phy0 wpan0: encryption failed: -22
[  321.132345][ T9919] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  321.578749][ T9928] random: crng reseeded on system resumption
[  322.854391][ T9945] ieee802154 phy0 wpan0: encryption failed: -22
[  323.221598][ T9960] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  324.032252][ T9970] random: crng reseeded on system resumption
[  326.259056][ T9999] random: crng reseeded on system resumption
[  326.520552][T10008] 9pnet_virtio: no channels available for device syz
[  326.735055][T10008] random: crng reseeded on system resumption
[  327.788274][  T832] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  327.991237][  T832] usb 5-1: Using ep0 maxpacket: 8
[  327.997015][  T832] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  328.002847][  T832] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  328.006911][  T832] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  328.010687][  T832] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  328.021399][  T832] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  328.037956][  T832] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  328.048023][  T832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.259677][  T832] usb 5-1: GET_CAPABILITIES returned 0
[  328.262194][  T832] usbtmc 5-1:16.0: can't read capabilities
[  328.567440][T10022] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  328.571878][  T832] usb 5-1: USB disconnect, device number 24
[  328.859903][T10038] FAULT_INJECTION: forcing a failure.
[  328.859903][T10038] name failslab, interval 1, probability 0, space 0, times 0
[  328.866553][T10038] CPU: 3 UID: 0 PID: 10038 Comm: syz.2.1245 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  328.871326][T10038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  328.876124][T10038] Call Trace:
[  328.877644][T10038]  <TASK>
[  328.879137][T10038]  dump_stack_lvl+0x16c/0x1f0
[  328.881515][T10038]  should_fail_ex+0x497/0x5b0
[  328.883673][T10038]  ? fs_reclaim_acquire+0xae/0x160
[  328.885760][T10038]  should_failslab+0xc2/0x120
[  328.887726][T10038]  kmem_cache_alloc_noprof+0x6e/0x2f0
[  328.889994][T10038]  ? prepare_creds+0x2e/0x750
[  328.891973][T10038]  prepare_creds+0x2e/0x750
[  328.893891][T10038]  __sys_setreuid+0x101/0xaf0
[  328.896123][T10038]  do_syscall_64+0xcd/0x250
[  328.898172][T10038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.900770][T10038] RIP: 0033:0x7f5dfff779f9
[  328.902884][T10038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  328.911412][T10038] RSP: 002b:00007f5e00d54048 EFLAGS: 00000246 ORIG_RAX: 0000000000000071
[  328.915128][T10038] RAX: ffffffffffffffda RBX: 00007f5e00105f80 RCX: 00007f5dfff779f9
[  328.918683][T10038] RDX: 0000000000000000 RSI: 000000000000ee01 RDI: 0000000000000000
[  328.922150][T10038] RBP: 00007f5e00d540a0 R08: 0000000000000000 R09: 0000000000000000
[  328.925516][T10038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.928726][T10038] R13: 000000000000000b R14: 00007f5e00105f80 R15: 00007ffdc93e5728
[  328.932011][T10038]  </TASK>
[  330.428148][T10064] random: crng reseeded on system resumption
[  331.161292][  T832] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  331.341316][  T832] usb 8-1: Using ep0 maxpacket: 8
[  331.345479][  T832] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  331.349336][  T832] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  331.356847][  T832] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  331.361347][  T832] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  331.366360][  T832] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  331.372053][  T832] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  331.376166][  T832] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.593903][  T832] usb 8-1: GET_CAPABILITIES returned 0
[  331.596978][  T832] usbtmc 8-1:16.0: can't read capabilities
[  331.915807][T10076] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  331.923596][   T30] usb 8-1: USB disconnect, device number 15
[  331.941298][T10083] random: crng reseeded on system resumption
[  332.685617][T10096] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  334.001037][T10117] random: crng reseeded on system resumption
[  335.241293][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.451274][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.523315][    C0] vkms_vblank_simulate: vblank timer overrun
[  335.571214][    C0] vkms_vblank_simulate: vblank timer overrun
[  338.155878][T10162] random: crng reseeded on system resumption
[  338.264284][   T39] audit: type=1400 audit(1722636459.527:411): avc:  denied  { read write } for  pid=10166 comm="syz.3.1278" name="btrfs-control" dev="devtmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  338.283120][   T39] audit: type=1400 audit(1722636459.537:412): avc:  denied  { open } for  pid=10166 comm="syz.3.1278" path="/dev/btrfs-control" dev="devtmpfs" ino=1152 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  338.474009][   T39] audit: type=1400 audit(1722636459.727:413): avc:  denied  { ioctl } for  pid=10166 comm="syz.3.1278" path="/dev/btrfs-control" dev="devtmpfs" ino=1152 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  339.363408][T10188] block nbd3: shutting down sockets
[  339.371295][   T10] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  339.571396][   T10] usb 7-1: Using ep0 maxpacket: 8
[  339.577560][   T10] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  339.583384][   T10] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  339.589868][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  339.599429][   T10] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  339.603478][   T10] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  339.610154][   T10] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  339.614770][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  339.771739][T10193] fuse: Unknown parameter 'g"
'
[  339.797719][T10194] block nbd0: shutting down sockets
[  339.840374][   T10] usb 7-1: GET_CAPABILITIES returned 0
[  339.843119][   T10] usbtmc 7-1:16.0: can't read capabilities
[  340.150862][T10180] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  340.161631][  T832] usb 7-1: USB disconnect, device number 20
[  340.554934][ T5346] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  340.560701][ T5346] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  340.565699][ T5346] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  340.571577][ T5346] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  340.575350][ T5346] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  340.579928][ T5346] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  340.592827][   T39] audit: type=1400 audit(1722636461.857:414): avc:  denied  { mounton } for  pid=10205 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  340.765109][T10205] chnl_net:caif_netlink_parms(): no params data found
[  341.026011][T10205] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.030556][T10205] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.038569][T10205] bridge_slave_0: entered allmulticast mode
[  341.044680][T10205] bridge_slave_0: entered promiscuous mode
[  341.057764][T10205] bridge0: port 2(bridge_slave_1) entered blocking state
[  341.071372][T10205] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.082541][T10205] bridge_slave_1: entered allmulticast mode
[  341.089277][T10205] bridge_slave_1: entered promiscuous mode
[  341.302366][T10205] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  341.310329][T10205] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  341.495863][T10205] team0: Port device team_slave_0 added
[  341.525186][T10205] team0: Port device team_slave_1 added
[  341.620690][T10205] batman_adv: batadv0: Adding interface: batadv_slave_0
[  341.624304][T10205] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  341.649261][T10205] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  341.659157][T10205] batman_adv: batadv0: Adding interface: batadv_slave_1
[  341.664217][T10205] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  341.681240][T10205] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.084621][T10205] hsr_slave_0: entered promiscuous mode
[  342.085808][T10227] random: crng reseeded on system resumption
[  342.098800][T10205] hsr_slave_1: entered promiscuous mode
[  342.403738][T10205] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.444514][T10236] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  342.511393][T10205] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.618214][T10205] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.623345][ T5338] Bluetooth: hci4: command tx timeout
[  342.713044][T10205] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  342.870798][T10205] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  342.877722][T10205] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  342.883585][T10205] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  342.890823][T10205] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  343.040382][T10205] 8021q: adding VLAN 0 to HW filter on device bond0
[  343.093172][T10205] 8021q: adding VLAN 0 to HW filter on device team0
[  343.107713][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  343.110835][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  343.134027][   T30] bridge0: port 2(bridge_slave_1) entered blocking state
[  343.136431][   T30] bridge0: port 2(bridge_slave_1) entered forwarding state
[  343.407756][T10205] 8021q: adding VLAN 0 to HW filter on device batadv0
[  343.483741][T10205] veth0_vlan: entered promiscuous mode
[  343.507237][T10205] veth1_vlan: entered promiscuous mode
[  343.540856][T10205] veth0_macvtap: entered promiscuous mode
[  343.552862][T10205] veth1_macvtap: entered promiscuous mode
[  343.573819][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.579449][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.584818][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.590256][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.595157][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.600839][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.605938][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  343.612788][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.622968][T10205] batman_adv: batadv0: Interface activated: batadv_slave_0
[  343.636407][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.641940][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.646533][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.652426][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.656819][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.661392][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.665623][T10205] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  343.670157][T10205] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  343.676421][T10205] batman_adv: batadv0: Interface activated: batadv_slave_1
[  343.688999][T10205] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  343.711286][T10205] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  343.715340][T10205] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  343.719044][T10205] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  343.788258][T10261] FAULT_INJECTION: forcing a failure.
[  343.788258][T10261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.795178][T10261] CPU: 3 UID: 0 PID: 10261 Comm: syz.3.1297 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  343.800151][T10261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  343.805284][T10261] Call Trace:
[  343.806616][T10261]  <TASK>
[  343.807767][T10261]  dump_stack_lvl+0x16c/0x1f0
[  343.809616][T10261]  should_fail_ex+0x497/0x5b0
[  343.811473][T10261]  strncpy_from_user+0x38/0x320
[  343.813377][T10261]  getname_flags.part.0+0x8f/0x550
[  343.815426][T10261]  getname_flags+0x93/0xf0
[  343.815450][T10261]  user_path_at+0x24/0x60
[  343.815464][T10261]  __do_sys_move_mount+0x284/0xe40
[  343.815480][T10261]  ? fput+0x32/0x390
[  343.818101][   T76] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.819320][T10261]  ? __pfx___do_sys_move_mount+0x10/0x10
[  343.823303][   T76] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.823913][T10261]  ? ksys_write+0x1ab/0x260
[  343.836406][T10261]  ? __pfx_ksys_write+0x10/0x10
[  343.840497][T10261]  do_syscall_64+0xcd/0x250
[  343.842855][T10261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.845686][T10261] RIP: 0033:0x7fa94bb779f9
[  343.847722][T10261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.855720][T10261] RSP: 002b:00007fa94c9d2048 EFLAGS: 00000246 ORIG_RAX: 00000000000001ad
[  343.857685][   T45] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  343.859248][T10261] RAX: ffffffffffffffda RBX: 00007fa94bd05f80 RCX: 00007fa94bb779f9
[  343.866242][T10261] RDX: ffffffffffffff9c RSI: 0000000020000140 RDI: 0000000000000005
[  343.869433][T10261] RBP: 00007fa94c9d20a0 R08: 0000000000000000 R09: 0000000000000000
[  343.872459][T10261] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000001
[  343.875596][T10261] R13: 000000000000000b R14: 00007fa94bd05f80 R15: 00007fff8d227428
[  343.878673][T10261]  </TASK>
[  343.880195][   T45] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  343.898588][   T39] audit: type=1400 audit(1722636465.157:415): avc:  denied  { mounton } for  pid=10205 comm="syz-executor" path="/syzkaller.kiW2Ci/syz-tmp" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[  344.390147][T10273] random: crng reseeded on system resumption
[  344.841507][ T5338] Bluetooth: hci4: command 0x041b tx timeout
[  345.044382][T10281] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  345.084150][T10276] random: crng reseeded on system resumption
[  345.623332][T10287] random: crng reseeded on system resumption
[  346.862469][ T5338] Bluetooth: hci4: command 0x041b tx timeout
[  347.025109][T10306] ieee802154 phy0 wpan0: encryption failed: -22
[  347.764893][T10328] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.1313' sets config #3
[  347.932080][T10326] random: crng reseeded on system resumption
[  348.961607][ T5501] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  348.965091][ T5346] Bluetooth: hci4: command 0x041b tx timeout
[  349.166126][ T5501] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  349.170909][ T5501] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.176047][ T5501] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.180250][ T5501] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  349.188342][ T5501] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  349.192495][ T5501] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  349.195280][ T5501] usb 5-1: Manufacturer: syz
[  349.203213][ T5501] usb 5-1: config 0 descriptor??
[  349.670700][ T5501] appleir 0003:05AC:8243.0007: unknown main item tag 0x0
[  349.676637][ T5501] appleir 0003:05AC:8243.0007: No inputs registered, leaving
[  349.686428][ T5501] appleir 0003:05AC:8243.0007: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  349.944382][   T25] usb 5-1: USB disconnect, device number 25
[  350.182584][T10361] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  350.253016][T10361] netlink: 'syz.1.1320': attribute type 10 has an invalid length.
[  350.256666][T10361] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  350.279305][T10361] team0: Port device wlan1 added
[  351.021712][ T5346] Bluetooth: hci4: command 0x041b tx timeout
[  352.600880][T10404] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  352.761576][T10401] random: crng reseeded on system resumption
[  355.021576][T10438] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  355.121336][ T5378] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  355.314730][ T5378] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  355.319247][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.325158][ T5378] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.330221][ T5378] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  355.338776][ T5378] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  355.347793][ T5378] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  355.386165][ T5378] usb 6-1: Manufacturer: syz
[  355.402485][ T5378] usb 6-1: config 0 descriptor??
[  355.874754][ T5378] appleir 0003:05AC:8243.0008: unknown main item tag 0x0
[  355.880578][ T5378] appleir 0003:05AC:8243.0008: No inputs registered, leaving
[  355.901231][ T5378] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  356.170465][   T25] usb 6-1: USB disconnect, device number 23
[  357.111371][T10453] ieee802154 phy0 wpan0: encryption failed: -22
[  357.561370][   T25] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  357.722279][    C3] hrtimer: interrupt took 1271622 ns
[  357.761226][   T25] usb 7-1: Using ep0 maxpacket: 8
[  357.766670][   T25] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  357.770285][   T25] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  357.782003][   T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  357.793447][   T25] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  357.799392][   T25] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  357.808054][   T25] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  357.814525][   T25] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.062337][   T25] usb 7-1: GET_CAPABILITIES returned 0
[  358.066924][   T25] usbtmc 7-1:16.0: can't read capabilities
[  358.379318][T10478] usbtmc 7-1:16.0: stb usb_control_msg returned -32
[  358.407471][ T5378] usb 7-1: USB disconnect, device number 21
[  359.608437][T10507] random: crng reseeded on system resumption
[  359.966617][T10514] block nbd3: shutting down sockets
[  360.203545][T10517] random: crng reseeded on system resumption
[  360.587519][T10524] ieee802154 phy0 wpan0: encryption failed: -22
[  362.898992][T10559] block nbd0: shutting down sockets
[  363.723390][T10569] block nbd0: shutting down sockets
[  364.692294][T10584] random: crng reseeded on system resumption
[  365.596909][T10603] block nbd2: shutting down sockets
[  365.793740][T10610] fuse: Unknown parameter 'g"
'
[  367.004337][T10630] block nbd0: shutting down sockets
[  368.231429][T10650] block nbd2: shutting down sockets
[  369.789468][T10665] ieee802154 phy0 wpan0: encryption failed: -22
[  372.122531][T10702] ieee802154 phy0 wpan0: encryption failed: -22
[  372.192499][T10707] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  372.351725][T10714] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  372.799244][T10722] fuse: Unknown parameter 'g"
'
[  373.075630][T10730] block nbd1: shutting down sockets
[  373.949254][    C2] vkms_vblank_simulate: vblank timer overrun
[  375.233480][T10758] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  375.961098][T10771] block nbd1: shutting down sockets
[  377.761988][T10792] random: crng reseeded on system resumption
[  377.779497][T10798] block nbd1: shutting down sockets
[  377.960917][T10796] ieee802154 phy0 wpan0: encryption failed: -22
[  378.657546][T10815] random: crng reseeded on system resumption
[  379.033954][T10827] block nbd2: shutting down sockets
[  379.115256][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[  379.118890][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[  380.465533][    C2] vkms_vblank_simulate: vblank timer overrun
[  380.786520][T10848] random: crng reseeded on system resumption
[  382.018137][T10868] block nbd1: shutting down sockets
[  384.372373][T10900] random: crng reseeded on system resumption
[  384.516454][T10909] 9pnet_virtio: no channels available for device syz
[  384.853281][T10914] block nbd1: shutting down sockets
[  388.165449][T10962] block nbd3: shutting down sockets
[  388.728443][T10966] random: crng reseeded on system resumption
[  389.403025][T10985] ieee802154 phy0 wpan0: encryption failed: -22
[  389.897031][T11003] fuse: Unknown parameter 'g"
'
[  391.690511][T11034] fuse: Bad value for 'fd'
[  395.648659][T11079] fuse: Bad value for 'fd'
[  396.313557][T11088] block nbd1: shutting down sockets
[  397.121990][T11096] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  397.269689][T11102] block nbd2: shutting down sockets
[  397.306520][T11099] random: crng reseeded on system resumption
[  397.963317][T11117] fuse: Bad value for 'fd'
[  398.164980][T11112] ieee802154 phy0 wpan0: encryption failed: -22
[  398.842548][T11131] ieee802154 phy0 wpan0: encryption failed: -22
[  399.185284][T11145] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  399.499879][T11150] block nbd1: shutting down sockets
[  400.065093][T11152] block nbd0: shutting down sockets
[  400.126757][T11156] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  402.630644][T11187] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  403.710984][T11203] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  403.792613][T11202] block nbd2: shutting down sockets
[  406.336891][T11231] block nbd3: shutting down sockets
[  406.571778][T11239] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  406.721330][T11241] ieee802154 phy0 wpan0: encryption failed: -22
[  407.400095][T11251] block nbd2: shutting down sockets
[  408.859274][    C2] vkms_vblank_simulate: vblank timer overrun
[  409.685637][T11291] 9pnet_virtio: no channels available for device syz
[  409.711387][    C2] vkms_vblank_simulate: vblank timer overrun
[  409.838137][T11288] random: crng reseeded on system resumption
[  410.663338][T11302] random: crng reseeded on system resumption
[  411.020577][T11311] fuse: Unknown parameter 'g"
'
[  413.250549][T11344] ieee802154 phy0 wpan0: encryption failed: -22
[  414.326308][T11371] fuse: Unknown parameter 'g"
'
[  414.650992][T11369] ieee802154 phy0 wpan0: encryption failed: -22
[  416.554525][T11413] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  416.714571][T11416] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  416.751227][   T57] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  416.941213][   T57] usb 6-1: Using ep0 maxpacket: 8
[  416.947886][   T57] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  416.965159][   T57] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  416.969315][   T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  416.973827][   T57] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  416.978963][   T57] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  416.984619][   T57] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  416.988292][   T57] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.199320][   T57] usb 6-1: GET_CAPABILITIES returned 0
[  417.205637][   T57] usbtmc 6-1:16.0: can't read capabilities
[  417.536518][T11410] usbtmc 6-1:16.0: stb usb_control_msg returned -32
[  417.561644][ T5374] usb 6-1: USB disconnect, device number 24
[  417.825891][T11417] block nbd2: shutting down sockets
[  417.976351][T11428] fuse: Unknown parameter 'g"
'
[  418.146285][    C2] vkms_vblank_simulate: vblank timer overrun
[  420.453675][T11458] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  420.855867][ T5501] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  421.053424][ T5501] usb 8-1: Using ep0 maxpacket: 8
[  421.060690][ T5501] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  421.069952][ T5501] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  421.078499][ T5501] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  421.086701][ T5501] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  421.095864][ T5501] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  421.103838][ T5501] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  421.107966][ T5501] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.382364][ T5501] usb 8-1: GET_CAPABILITIES returned 0
[  421.384747][ T5501] usbtmc 8-1:16.0: can't read capabilities
[  421.688695][T11461] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  421.696652][   T58] usb 8-1: USB disconnect, device number 16
[  423.377880][T11503] random: crng reseeded on system resumption
[  426.145680][ T5374] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  426.331217][ T5374] usb 5-1: Using ep0 maxpacket: 8
[  426.342475][ T5374] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  426.346020][ T5374] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  426.350212][ T5374] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  426.355214][ T5374] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  426.359458][ T5374] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  426.365130][ T5374] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  426.368999][ T5374] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.421573][T11528] random: crng reseeded on system resumption
[  426.581666][ T5374] usb 5-1: GET_CAPABILITIES returned 0
[  426.584075][ T5374] usbtmc 5-1:16.0: can't read capabilities
[  426.719145][T11533] random: crng reseeded on system resumption
[  426.887774][T11525] usbtmc 5-1:16.0: stb usb_control_msg returned -32
[  426.900231][ T5374] usb 5-1: USB disconnect, device number 26
[  427.426353][T11544] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  427.829644][T11553] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  428.206126][T11559] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  428.793359][    C2] vkms_vblank_simulate: vblank timer overrun
[  430.383512][ T5501] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  430.544554][T11583] random: crng reseeded on system resumption
[  430.561235][ T5501] usb 8-1: Using ep0 maxpacket: 8
[  430.568702][ T5501] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  430.576668][ T5501] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  430.581038][ T5501] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  430.587877][ T5501] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  430.593898][ T5501] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  430.600538][ T5501] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  430.604600][ T5501] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.823141][ T5501] usb 8-1: GET_CAPABILITIES returned 0
[  430.826143][ T5501] usbtmc 8-1:16.0: can't read capabilities
[  431.130969][T11576] usbtmc 8-1:16.0: stb usb_control_msg returned -32
[  431.139444][ T5501] usb 8-1: USB disconnect, device number 17
[  434.177120][T11628] ieee802154 phy0 wpan0: encryption failed: -22
[  436.284248][T11667] fuse: Unknown parameter 'g"
'
[  436.581710][T11669] ieee802154 phy0 wpan0: encryption failed: -22
[  436.731642][T11677] 9pnet_virtio: no channels available for device syz
[  436.813524][T11677] random: crng reseeded on system resumption
[  437.222977][T11682] ieee802154 phy0 wpan0: encryption failed: -22
[  439.002881][T11714] ieee802154 phy0 wpan0: encryption failed: -22
[  439.152541][T11717] ieee802154 phy0 wpan0: encryption failed: -22
[  439.178090][T11725] random: crng reseeded on system resumption
[  439.568889][T11735] random: crng reseeded on system resumption
[  440.214213][T11743] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  440.544423][ T1382] ieee802154 phy0 wpan0: encryption failed: -22
[  440.549050][ T1382] ieee802154 phy1 wpan1: encryption failed: -22
[  441.395507][T11756] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  441.875100][T11758] ieee802154 phy0 wpan0: encryption failed: -22
[  442.292048][T11772] block nbd0: shutting down sockets
[  442.831506][T11775] ieee802154 phy0 wpan0: encryption failed: -22
[  443.306255][T11792] block nbd1: shutting down sockets
[  443.424033][T11793] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  443.535122][T11799] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  444.127531][T11806] block nbd3: shutting down sockets
[  445.349099][T11829] fuse: Unknown parameter 'g"
'
[  445.778706][T11835] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  446.547562][T11852] block nbd2: shutting down sockets
[  447.012605][T11859] block nbd2: shutting down sockets
[  448.725664][T11878] fuse: Unknown parameter 'g"
'
[  448.729935][T11877] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  449.387134][T11891] block nbd0: shutting down sockets
[  449.800757][T11898] fuse: Unknown parameter 'g"
'
[  451.911282][T11916] block nbd3: shutting down sockets
[  453.192000][T11937] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  455.616572][T11966] block nbd0: shutting down sockets
[  457.309788][T11990] 9p: Unknown Cache mode or invalid value fsca
[  457.316463][T11990] 9pnet: Tag 65535 still in use
[  457.319992][    C3] ------------[ cut here ]------------
[  457.323685][    C3] refcount_t: underflow; use-after-free.
[  457.328162][    C3] WARNING: CPU: 3 PID: 11982 at lib/refcount.c:28 refcount_warn_saturate+0x14a/0x210
[  457.336644][    C3] Modules linked in:
[  457.338603][    C3] CPU: 3 UID: 0 PID: 11982 Comm: syz.3.1719 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  457.348676][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  457.353197][    C3] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  457.356052][    C3] Code: ff 89 de e8 b8 f0 07 fd 84 db 0f 85 66 ff ff ff e8 0b f6 07 fd c6 05 2c 0b 79 0b 01 90 48 c7 c7 40 21 b0 8b e8 a7 3c ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 f5 07 fd 0f b6 1d 07 0b 79 0b 31
[  457.364398][    C3] RSP: 0018:ffffc90000908d90 EFLAGS: 00010082
[  457.367079][    C3] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814cc379
[  457.370197][    C3] RDX: ffff888054554880 RSI: ffffffff814cc386 RDI: 0000000000000001
[  457.373358][    C3] RBP: ffff88802fdaa448 R08: 0000000000000001 R09: 0000000000000000
[  457.376605][    C3] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  457.379686][    C3] R13: ffff88802fdaa448 R14: ffff888046d67800 R15: 0000000000000000
[  457.382810][    C3] FS:  00007fa94c9d26c0(0000) GS:ffff88806b300000(0000) knlGS:0000000000000000
[  457.386756][    C3] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  457.389393][    C3] CR2: 0000000020c61000 CR3: 000000005453e000 CR4: 0000000000350ef0
[  457.392931][    C3] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  457.395917][    C3] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  457.399240][    C3] Call Trace:
[  457.400670][    C3]  <IRQ>
[  457.402078][    C3]  ? show_regs+0x8c/0xa0
[  457.404016][    C3]  ? __warn+0xe5/0x3c0
[  457.405826][    C3]  ? __wake_up_klogd.part.0+0x99/0xf0
[  457.408110][    C3]  ? refcount_warn_saturate+0x14a/0x210
[  457.411348][    C3]  ? report_bug+0x3c0/0x580
[  457.413540][    C3]  ? handle_bug+0x3d/0x70
[  457.415427][    C3]  ? exc_invalid_op+0x17/0x50
[  457.417476][    C3]  ? asm_exc_invalid_op+0x1a/0x20
[  457.419561][    C3]  ? __warn_printk+0x199/0x350
[  457.421594][    C3]  ? __warn_printk+0x1a6/0x350
[  457.423712][    C3]  ? refcount_warn_saturate+0x14a/0x210
[  457.426180][    C3]  p9_req_put+0x1f4/0x250
[  457.428093][    C3]  req_done+0x1e7/0x2f0
[  457.429955][    C3]  ? __pfx_req_done+0x10/0x10
[  457.432021][    C3]  ? __pfx_req_done+0x10/0x10
[  457.434169][    C3]  vring_interrupt+0x31b/0x400
[  457.436249][    C3]  ? __pfx_vring_interrupt+0x10/0x10
[  457.438476][    C3]  __handle_irq_event_percpu+0x229/0x7c0
[  457.440912][    C3]  handle_irq_event+0xab/0x1e0
[  457.443114][    C3]  handle_edge_irq+0x263/0xd10
[  457.445566][    C3]  __common_interrupt+0xdf/0x250
[  457.447801][    C3]  common_interrupt+0xab/0xd0
[  457.450056][    C3]  </IRQ>
[  457.451361][    C3]  <TASK>
[  457.452667][    C3]  asm_common_interrupt+0x26/0x40
[  457.454865][    C3] RIP: 0010:flush_tlb_mm_range+0x176/0x330
[  457.457493][    C3] Code: 03 0f b6 14 16 38 d0 7c 08 84 d2 0f 85 72 01 00 00 3b 0d 3d 1b d4 0e 0f 82 f6 00 00 00 65 48 8b 05 ff 3b c5 7e 48 39 c3 74 72 <65> ff 0d c3 e6 c3 7e bf 01 00 00 00 e8 49 b9 1b 00 65 8b 05 ea 3a
[  457.466282][    C3] RSP: 0018:ffffc900032cf490 EFLAGS: 00000206
[  457.469112][    C3] RAX: 000000000000fa93 RBX: ffff88801b2ad580 RCX: 1ffffffff28c5cae
[  457.473080][    C3] RDX: 0000000000000000 RSI: ffffffff8b4cc500 RDI: ffffffff8bb08400
[  457.476941][    C3] RBP: 0000000020c62000 R08: 0000000000000001 R09: fffffbfff28c56d8
[  457.480932][    C3] R10: ffffffff9462b6c7 R11: 0000000000000000 R12: 0000000020c61000
[  457.484807][    C3] R13: ffff88806b33dc80 R14: ffff88801b2ade40 R15: 0000000000000003
[  457.488619][    C3]  ? __pfx_pte_mkwrite+0x10/0x10
[  457.490846][    C3]  ptep_clear_flush+0x136/0x180
[  457.493061][    C3]  do_wp_page+0x1501/0x3430
[  457.495160][    C3]  ? __pfx_lock_acquire+0x10/0x10
[  457.497531][    C3]  ? __pfx_do_wp_page+0x10/0x10
[  457.499925][    C3]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  457.502536][    C3]  __handle_mm_fault+0x2468/0x5660
[  457.504893][    C3]  ? __pfx_mt_find+0x10/0x10
[  457.507350][    C3]  ? find_held_lock+0x2d/0x110
[  457.509651][    C3]  ? __pfx___handle_mm_fault+0x10/0x10
[  457.512086][    C3]  ? find_vma+0xc0/0x140
[  457.513997][    C3]  ? __pfx_find_vma+0x10/0x10
[  457.516108][    C3]  handle_mm_fault+0x44e/0x7b0
[  457.518241][    C3]  ? __pkru_allows_pkey+0x52/0xb0
[  457.520503][    C3]  do_user_addr_fault+0x7a3/0x13f0
[  457.523052][    C3]  exc_page_fault+0x5c/0xc0
[  457.525087][    C3]  asm_exc_page_fault+0x26/0x30
[  457.527289][    C3] RIP: 0010:_copy_to_iter+0x4cd/0x1150
[  457.529703][    C3] Code: 45 e8 47 bc 09 fd 48 8b 4c 24 18 89 ee 48 8b 44 24 28 4c 8d 34 01 4c 89 f7 e8 bf ea 66 fd 0f 01 cb 48 89 e9 4c 89 ff 4c 89 f6 <f3> a4 0f 1f 00 0f 01 ca 48 89 e8 48 29 eb 48 29 c8 48 01 cb 48 01
[  457.538434][    C3] RSP: 0018:ffffc900032cf960 EFLAGS: 00050246
[  457.541161][    C3] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000e80
[  457.544664][    C3] RDX: 0000000000000000 RSI: ffff888013234180 RDI: 0000000020c61000
[  457.548196][    C3] RBP: 0000000000001000 R08: 0000000000000000 R09: ffffed10026469ff
[  457.551741][    C3] R10: ffff888013234fff R11: 0000000000000000 R12: 0000000000c60b80
[  457.555272][    C3] R13: ffffc900032cfd50 R14: ffff888013234000 R15: 0000000020c60e80
[  457.558735][    C3]  ? __pfx__copy_to_iter+0x10/0x10
[  457.560786][    C3]  ? __up_read+0x1fb/0x760
[  457.562575][    C3]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  457.564888][    C3]  ? down_read+0xc9/0x330
[  457.566611][    C3]  ? __pfx___up_read+0x10/0x10
[  457.568520][    C3]  copy_page_to_iter+0xf1/0x180
[  457.570837][    C3]  process_vm_rw_core.constprop.0+0x5c9/0xa10
[  457.573529][    C3]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  457.576539][    C3]  ? copy_iovec_from_user+0x77/0x170
[  457.578651][    C3]  process_vm_rw+0x301/0x360
[  457.580505][    C3]  ? __pfx_process_vm_rw+0x10/0x10
[  457.582546][    C3]  ? find_held_lock+0x2d/0x110
[  457.584453][    C3]  ? xfd_validate_state+0x5d/0x180
[  457.586800][    C3]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  457.589298][    C3]  ? do_syscall_64+0x91/0x250
[  457.591659][    C3]  ? lockdep_hardirqs_on+0x7c/0x110
[  457.594155][    C3]  do_syscall_64+0xcd/0x250
[  457.596298][    C3]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.598914][    C3] RIP: 0033:0x7fa94bb779f9
[  457.600704][    C3] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.610126][    C3] RSP: 002b:00007fa94c9d2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  457.613795][    C3] RAX: ffffffffffffffda RBX: 00007fa94bd05f80 RCX: 00007fa94bb779f9
[  457.616955][    C3] RDX: 0000000000000002 RSI: 0000000020008400 RDI: 00000000000005f5
[  457.620209][    C3] RBP: 00007fa94bbe58ee R08: 0000000000000286 R09: 0000000000000000
[  457.623689][    C3] R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000000
[  457.626886][    C3] R13: 000000000000000b R14: 00007fa94bd05f80 R15: 00007fff8d227428
[  457.630005][    C3]  </TASK>
[  457.631326][    C3] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  457.634341][    C3] CPU: 3 UID: 0 PID: 11982 Comm: syz.3.1719 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0
[  457.638572][    C3] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  457.643399][    C3] Call Trace:
[  457.644848][    C3]  <IRQ>
[  457.646340][    C3]  dump_stack_lvl+0x3d/0x1f0
[  457.648664][    C3]  panic+0x6f5/0x7a0
[  457.650433][    C3]  ? __pfx_panic+0x10/0x10
[  457.652620][    C3]  ? show_trace_log_lvl+0x363/0x500
[  457.655295][    C3]  ? check_panic_on_warn+0x1f/0xb0
[  457.657928][    C3]  ? refcount_warn_saturate+0x14a/0x210
[  457.660592][    C3]  check_panic_on_warn+0xab/0xb0
[  457.663108][    C3]  __warn+0xf1/0x3c0
[  457.664422][    C3]  ? __wake_up_klogd.part.0+0x99/0xf0
[  457.666233][    C3]  ? refcount_warn_saturate+0x14a/0x210
[  457.668442][    C3]  report_bug+0x3c0/0x580
[  457.670372][    C3]  handle_bug+0x3d/0x70
[  457.672215][    C3]  exc_invalid_op+0x17/0x50
[  457.674299][    C3]  asm_exc_invalid_op+0x1a/0x20
[  457.676506][    C3] RIP: 0010:refcount_warn_saturate+0x14a/0x210
[  457.679258][    C3] Code: ff 89 de e8 b8 f0 07 fd 84 db 0f 85 66 ff ff ff e8 0b f6 07 fd c6 05 2c 0b 79 0b 01 90 48 c7 c7 40 21 b0 8b e8 a7 3c ca fc 90 <0f> 0b 90 90 e9 43 ff ff ff e8 e8 f5 07 fd 0f b6 1d 07 0b 79 0b 31
[  457.687793][    C3] RSP: 0018:ffffc90000908d90 EFLAGS: 00010082
[  457.690535][    C3] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff814cc379
[  457.693652][    C3] RDX: ffff888054554880 RSI: ffffffff814cc386 RDI: 0000000000000001
[  457.696775][    C3] RBP: ffff88802fdaa448 R08: 0000000000000001 R09: 0000000000000000
[  457.700419][    C3] R10: 0000000000000000 R11: 0000000000000000 R12: dffffc0000000000
[  457.703845][    C3] R13: ffff88802fdaa448 R14: ffff888046d67800 R15: 0000000000000000
[  457.707231][    C3]  ? __warn_printk+0x199/0x350
[  457.709388][    C3]  ? __warn_printk+0x1a6/0x350
[  457.711504][    C3]  p9_req_put+0x1f4/0x250
[  457.713373][    C3]  req_done+0x1e7/0x2f0
[  457.715048][    C3]  ? __pfx_req_done+0x10/0x10
[  457.716941][    C3]  ? __pfx_req_done+0x10/0x10
[  457.718806][    C3]  vring_interrupt+0x31b/0x400
[  457.720717][    C3]  ? __pfx_vring_interrupt+0x10/0x10
[  457.722792][    C3]  __handle_irq_event_percpu+0x229/0x7c0
[  457.725010][    C3]  handle_irq_event+0xab/0x1e0
[  457.727189][    C3]  handle_edge_irq+0x263/0xd10
[  457.729349][    C3]  __common_interrupt+0xdf/0x250
[  457.731970][    C3]  common_interrupt+0xab/0xd0
[  457.734329][    C3]  </IRQ>
[  457.735708][    C3]  <TASK>
[  457.737238][    C3]  asm_common_interrupt+0x26/0x40
[  457.739533][    C3] RIP: 0010:flush_tlb_mm_range+0x176/0x330
[  457.742201][    C3] Code: 03 0f b6 14 16 38 d0 7c 08 84 d2 0f 85 72 01 00 00 3b 0d 3d 1b d4 0e 0f 82 f6 00 00 00 65 48 8b 05 ff 3b c5 7e 48 39 c3 74 72 <65> ff 0d c3 e6 c3 7e bf 01 00 00 00 e8 49 b9 1b 00 65 8b 05 ea 3a
[  457.750521][    C3] RSP: 0018:ffffc900032cf490 EFLAGS: 00000206
[  457.752782][    C3] RAX: 000000000000fa93 RBX: ffff88801b2ad580 RCX: 1ffffffff28c5cae
[  457.755879][    C3] RDX: 0000000000000000 RSI: ffffffff8b4cc500 RDI: ffffffff8bb08400
[  457.760225][    C3] RBP: 0000000020c62000 R08: 0000000000000001 R09: fffffbfff28c56d8
[  457.767300][    C3] R10: ffffffff9462b6c7 R11: 0000000000000000 R12: 0000000020c61000
[  457.770919][    C3] R13: ffff88806b33dc80 R14: ffff88801b2ade40 R15: 0000000000000003
[  457.774721][    C3]  ? __pfx_pte_mkwrite+0x10/0x10
[  457.777294][    C3]  ptep_clear_flush+0x136/0x180
[  457.780017][    C3]  do_wp_page+0x1501/0x3430
[  457.782407][    C3]  ? __pfx_lock_acquire+0x10/0x10
[  457.784748][    C3]  ? __pfx_do_wp_page+0x10/0x10
[  457.786982][    C3]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  457.789399][    C3]  __handle_mm_fault+0x2468/0x5660
[  457.791693][    C3]  ? __pfx_mt_find+0x10/0x10
[  457.793751][    C3]  ? find_held_lock+0x2d/0x110
[  457.795894][    C3]  ? __pfx___handle_mm_fault+0x10/0x10
[  457.798289][    C3]  ? find_vma+0xc0/0x140
[  457.800197][    C3]  ? __pfx_find_vma+0x10/0x10
[  457.802198][    C3]  handle_mm_fault+0x44e/0x7b0
[  457.804429][    C3]  ? __pkru_allows_pkey+0x52/0xb0
[  457.806777][    C3]  do_user_addr_fault+0x7a3/0x13f0
[  457.809118][    C3]  exc_page_fault+0x5c/0xc0
[  457.811408][    C3]  asm_exc_page_fault+0x26/0x30
[  457.813928][    C3] RIP: 0010:_copy_to_iter+0x4cd/0x1150
[  457.816363][    C3] Code: 45 e8 47 bc 09 fd 48 8b 4c 24 18 89 ee 48 8b 44 24 28 4c 8d 34 01 4c 89 f7 e8 bf ea 66 fd 0f 01 cb 48 89 e9 4c 89 ff 4c 89 f6 <f3> a4 0f 1f 00 0f 01 ca 48 89 e8 48 29 eb 48 29 c8 48 01 cb 48 01
[  457.824923][    C3] RSP: 0018:ffffc900032cf960 EFLAGS: 00050246
[  457.827963][    C3] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000e80
[  457.831982][    C3] RDX: 0000000000000000 RSI: ffff888013234180 RDI: 0000000020c61000
[  457.836021][    C3] RBP: 0000000000001000 R08: 0000000000000000 R09: ffffed10026469ff
[  457.839537][    C3] R10: ffff888013234fff R11: 0000000000000000 R12: 0000000000c60b80
[  457.843174][    C3] R13: ffffc900032cfd50 R14: ffff888013234000 R15: 0000000020c60e80
[  457.846726][    C3]  ? __pfx__copy_to_iter+0x10/0x10
[  457.849113][    C3]  ? __up_read+0x1fb/0x760
[  457.851154][    C3]  ? __pfx_pin_user_pages_remote+0x10/0x10
[  457.853983][    C3]  ? down_read+0xc9/0x330
[  457.855968][    C3]  ? __pfx___up_read+0x10/0x10
[  457.858122][    C3]  copy_page_to_iter+0xf1/0x180
[  457.860477][    C3]  process_vm_rw_core.constprop.0+0x5c9/0xa10
[  457.863697][    C3]  ? __pfx_process_vm_rw_core.constprop.0+0x10/0x10
[  457.866955][    C3]  ? copy_iovec_from_user+0x77/0x170
[  457.869415][    C3]  process_vm_rw+0x301/0x360
[  457.871497][    C3]  ? __pfx_process_vm_rw+0x10/0x10
[  457.873796][    C3]  ? find_held_lock+0x2d/0x110
[  457.876307][    C3]  ? xfd_validate_state+0x5d/0x180
[  457.878721][    C3]  __x64_sys_process_vm_readv+0xe2/0x1c0
[  457.881334][    C3]  ? do_syscall_64+0x91/0x250
[  457.883450][    C3]  ? lockdep_hardirqs_on+0x7c/0x110
[  457.885781][    C3]  do_syscall_64+0xcd/0x250
[  457.887814][    C3]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.890201][    C3] RIP: 0033:0x7fa94bb779f9
[  457.891979][    C3] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.899583][    C3] RSP: 002b:00007fa94c9d2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000136
[  457.903221][    C3] RAX: ffffffffffffffda RBX: 00007fa94bd05f80 RCX: 00007fa94bb779f9
[  457.906738][    C3] RDX: 0000000000000002 RSI: 0000000020008400 RDI: 00000000000005f5
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  457.910254][    C3] RBP: 00007fa94bbe58ee R08: 0000000000000286 R09: 0000000000000000
[  457.913904][    C3] R10: 0000000020008640 R11: 0000000000000246 R12: 0000000000000000
[  457.917298][    C3] R13: 000000000000000b R14: 00007fa94bd05f80 R15: 00007fff8d227428
[  457.921165][    C3]  </TASK>
[  457.923284][    C3] Kernel Offset: disabled
[  457.925250][    C3] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:09:38  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000fe1103 RBX=0000000000000000 RCX=ffffffff8b11c529 RDX=0000000000000000
RSI=ffffffff8b4cc500 RDI=ffffffff8bb08400 RBP=fffffbfff1b52af8 RSP=ffffffff8da07e20
R8 =0000000000000001 R9 =ffffed100d606fd9 R10=ffff88806b037ecb R11=0000000000000000
R12=0000000000000000 R13=ffffffff8da957c0 R14=ffffffff9012b958 R15=0000000000000000
RIP=ffffffff8b11d91f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88806b000000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000206d9000 CR3=0000000053d24000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000040001 Opmask01=0000000000000000 Opmask02=0000000000000fff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307633 ffffffff81307682
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff81307682 ffffffff81307633
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 ffffffff81307633
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe66e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe66f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe66eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe66ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe6785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f9ef2fe6863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff813075ef ffffffff8100a0d8 ffffffff8100a0d8 ffffffff8100a0af
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff820031cc ffffffff8200313b ffffffff00040008 000c00130014000c
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffff82002dc1 ffffffff82002d41 ffffffff82002d0e ffffffff82002cf1
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 a6bd199cc0449cc9 262e000000000000 000000000000bd44 42b6866e2f49e685
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 b19c6b5b77329b23 56dfafe3279315e9 c9e55caf7585b371 34ab86d1642aae08
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 f911bd1fbf7ec338 eea2dd6cd7a4a7e9 a0ef3d93d97ff4bf 2c389024dffded4d
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 162b22ffb21d6df8 39fb83fe2e2ec690 ee1594f8bfdf30c1 128a69ff00000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=dffffc0000000000 RCX=ffffffff869cd918 RDX=ffff888026e20000
RSI=ffffffff869cd787 RDI=ffff88805389eeb0 RBP=ffff8880538db0a0 RSP=ffffc900008b0b10
R8 =0000000000000004 R9 =0000000000000005 R10=0000000000000002 R11=0000000000000000
R12=ffff8880538db338 R13=0000000000000001 R14=0000000000000005 R15=ffff88805389b0a0
RIP=ffffffff869cd7ab RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f9ef3cec6c0 ffffffff 00c00000
GS =0000 ffff88806b100000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000207ff000 CR3=0000000053d24000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000c0fffc00 Opmask01=0000000000000054 Opmask02=00000000000000ff Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000001
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000015 000000000001df8a
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e03cfb4 000055555e03cfb0
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e03b498
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e0b9ecf 000055555e0b7880
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000055555e03bdb4 000055555e03bdb0
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000034323335 00007ffd0e6642b4
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 080a800321800400 1000138004128004 0780040a0128ce61 6373663d65686361
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 632c796e613d7373 8163636178656f6e 2278360821800300 703901ffffffffff
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffff908138003 0030656c69662f2e 01ffffffffffffff ffef08128003007a
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 797301ffffffffff fffffff708078003 001000000401c708 00060127fe003065
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 6c69662f2e01ffff ffffffffffffef08 0003000800061000 04808080a0808080
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 797301ffffffffff fffffff708078003 001000000401c708 00060127fe003065
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 fffffff908138003 0030656c69662f2e 01ffffffffffffff ffef08128003007a
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0103ffffffff0406 80046c10000c1000 0801428c00000000 0003810509000022
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=00000000000c00fc RBX=0000000000000001 RCX=0000000000000830 RDX=0000000000000000
RSI=0000000000000008 RDI=00000000000000fc RBP=ffff88806b23ffd0 RSP=ffffc9000353fbe0
R8 =0000000000000000 R9 =ffffed100d647ffa R10=ffff88806b23ffd7 R11=0000000000000000
R12=ffffffff817e5250 R13=0000000000000002 R14=0000000000000003 R15=ffff88806b23ffc0
RIP=ffffffff813b7f75 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f5e00d546c0 ffffffff 00c00000
GS =0000 ffff88806b200000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000001b313ffff8 CR3=000000005415e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=00000000ffffff00 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe6785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe6863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 2323232323232323 2323232323232323
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 3067732f7665642f
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 1344500c5546470c
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=0000000000000039 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff84fe2765 RDI=ffffffff9519d720 RBP=ffffffff9519d6e0 RSP=ffffc90000908770
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=0000000000000000
R12=0000000000000000 R13=0000000000000039 R14=ffffffff84fe2700 R15=0000000000000000
RIP=ffffffff84fe278f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa94c9d26c0 ffffffff 00c00000
GS =0000 ffff88806b300000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000020c61000 CR3=000000005453e000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000100001 Opmask01=0000000000000000 Opmask02=00000000ffffffef Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007ffdc93e5ab0 0000003000000018
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000001a0000000d0 00000000ffffffff
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66e4
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66f1
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66eb
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe66ff
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe6785
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00007f5dfffe6863
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 000000524f525245
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00524f5252450040
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00e800a800000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000