last executing test programs:

7m32.267221908s ago: executing program 4 (id=262):
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r1 = openat(0xffffffffffffff9c, 0x0, 0x60840, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
recvmsg$unix(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002580)=[{&(0x7f0000000040)=""/50, 0x32}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000001380)=""/4096, 0x1000}, {&(0x7f0000000080)=""/27, 0x1b}, {&(0x7f0000000280)=""/104, 0x68}, {&(0x7f0000000100)=""/32, 0x20}, {&(0x7f0000002380)=""/199, 0xc7}, {&(0x7f0000002480)=""/74, 0x4a}, {&(0x7f0000002500)=""/68, 0x44}], 0x9}, 0x12002)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
fremovexattr(0xffffffffffffffff, &(0x7f00000000c0)=@known='system.posix_acl_access\x00')
r5 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
connect$ax25(r5, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x5}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)

7m30.88787159s ago: executing program 4 (id=268):
r0 = io_uring_setup(0x355b, &(0x7f0000000140)={0x0, 0xe24b, 0x10, 0x5, 0x4000020})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
io_uring_register$IORING_UNREGISTER_EVENTFD(r0, 0x5, 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
timer_settime(0x0, 0x236bd4336e4642df, &(0x7f0000000300)={{}, {0x0, 0xe4c}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000600)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000000680))
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(0xffffffffffffffff, 0xc008551a, 0x0)
socket$rds(0x15, 0x5, 0x0)
socket$kcm(0xa, 0x2, 0x73)
r2 = socket$nl_sock_diag(0x10, 0x3, 0x4)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000003c0)={'ip6gre0\x00', &(0x7f0000000340)={'ip6_vti0\x00', <r3=>0x0, 0x29, 0x5, 0x4, 0x9, 0x32, @remote, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x80, 0x20, 0x5, 0x8}})
sendmsg$TCPDIAG_GETSOCK(r2, &(0x7f0000000640)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000600)={&(0x7f0000000400)={0x1c0, 0x12, 0x2, 0x70bd29, 0x25dfdbfd, {0x25, 0x6, 0xf3, 0xdf, {0x4e23, 0x4e24, [0x6, 0x1, 0x95, 0xffffffff], [0x1ff, 0x9, 0x1], r3, [0x8001, 0x7]}, 0xfffffffd, 0x5}, [@INET_DIAG_REQ_BYTECODE={0xe3, 0x1, "cbae3c5a8944db4993ef020f8daed9f50825b7fab8fc1e23b3955b0f8f607d62f57b3c50654505e9b65d6c013e2285e5043bb574bfd07d16272e2c1a02e21d5da8c2c9538b481e8f4eed12286f46bb9d6eec2bab0a3195b5b00a25b299439a33e6272d08ea13df8284755e11bf4c7fc14182cf994d3ef8cf2f25ded39778959b235e8684ad463f3d990577ea2b45797d7315a9e9aa2f9227a78565589ef757cd0ad5714f653765b4d2fb0c5ab3804d0cc2f2b57817e0199705bf1b2c51db5c4b4d9fab1eabbbdc5c7a8a2a3d3b9ef61893626bfa67b1490e00d7aac6994a55"}, @INET_DIAG_REQ_BYTECODE={0x8e, 0x1, "14ee1752658b7f5e2834a6e1a28d3ed522805a1990ec9e325d4e484ea7494ccf7692df0bfa4a0111a235e6846f345fb32a7f00d40d6ed9d63a2954c867aaf1ca2e77ea060b4f68fb32d897bd950341e7e9b2b313c973a3dc2e8c1c6c69548bd36d2f5cba88ac319d9867e4f96d269f10c950f8a6f15240a3bb9fe0365cc86df1d7189b3c5054716f6a42"}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x20000801}, 0x40080d0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x4)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x89860100, 0x0)
chroot(&(0x7f0000000000)='./file0/../file0\x00')
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r4, 0x2, 0x0)
getdents64(r4, 0x0, 0x22)
fallocate(0xffffffffffffffff, 0x0, 0x9, 0x4)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)

7m29.870325932s ago: executing program 4 (id=270):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x2e00, &(0x7f0000000100)={0x0, 0xc39d, 0x1000, 0x1, 0x28b}, &(0x7f0000000040), &(0x7f0000000000))
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
syz_io_uring_setup(0x79c7, &(0x7f0000000080)={0x0, 0x0, 0x4, 0x0, 0x34e}, 0x0, 0x0)
socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
socket$unix(0x1, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_sock_diag(0x10, 0x3, 0x4)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x15, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5}})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00')
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000980)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x3, 0x0, 0x1}}, 0x2e)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
r4 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
close(r4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x4)
mount$9p_fd(0x0, &(0x7f00000006c0)='./bus\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7472616ef7ffffff6f3d0000000000", @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB="8710662916bc1ae2246d341ea023b18f47f5abd28fd9cc58488ef5e9b9a10a3957207504df3cd9da23f7325ba42773712e5d7aaae57fe26f90a13ddec98041f590ffcbcbd402306aa8910a17796958d456b99200703dca45bbb426a45cbe6d903c104913f6c35ac877029461d121e08695d6e959ca19d6afb7797815e18f562fe0a0fa660fbef1bae4044ea2c51613db08b4328061754fc81d930012ee329328ff7a72b2e967fd02e6d2266f34e01c2977eb8924f550082ce442ed5861de622d8e6f826c2d8cb16b58c0ef7da810ba76b35a846178c4a794abac5383a00490b95594a0ca"])
r6 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[@ANYRES16=r0], 0x0)
syz_usb_control_io$hid(r6, &(0x7f0000001280)={0x24, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_ep_write$ath9k_ep1(0xffffffffffffffff, 0x82, 0xc38, &(0x7f0000000200)=ANY=[])
shutdown(r4, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

7m26.760364102s ago: executing program 4 (id=282):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r3)
sendmsg$NFC_CMD_SE_IO(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="18d1c45a24dd16f4866354cfc094000069", @ANYRES16=r4, @ANYBLOB="01002bbd7000ffdbdf251b000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000040)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, 0x0, 0x24004080)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_window_scaling\x00', 0x1, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000007, 0x1010, r1, 0x2f126000)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r6 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f00005b9000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000280)="b8e21c00000f23c00f21f835020005000f23f8b9c00d0000b8f4ffffffba000000000f302e0f30660f584282c4e17d567cbe29360f21a50f3066baf80cb8f40b7e89ef66bafc0ced260f35660f3882b16b840000", 0x54}], 0x1, 0x64, 0x0, 0x0)
r8 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_restrict_self(r8, 0x0)
landlock_restrict_self(r8, 0x0)
landlock_restrict_self(r8, 0x0)
r9 = fsopen(&(0x7f0000000080)='tmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r9, 0x6, 0x0, 0x0, 0x0)
fsmount(r9, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r9, 0x7, 0x0, 0x0, 0x0)
ioctl$KVM_GET_NESTED_STATE(r7, 0xc080aebe, &(0x7f000000a100)={{0x0, 0x0, 0x80}})

7m24.201094931s ago: executing program 4 (id=293):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0xa0800, 0x0)
close(r2)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000180)={{{@in=@multicast2, @in6=@remote, 0x4e20, 0x1, 0x4e20, 0xfffb, 0x2, 0x20, 0x80, 0x2c}, {0x3, 0xc21b, 0x1, 0x32d00000000000, 0x10, 0xa22b, 0xffffffffffff2eb0, 0x7}, {0x9, 0xb, 0x7fff, 0xfff}, 0x2, 0x6e6bba, 0x0, 0x0, 0x1, 0x3}, {{@in6=@remote, 0x4d2, 0x5e}, 0x2, @in6=@dev={0xfe, 0x80, '\x00', 0x1d}, 0x3501, 0x3, 0x3, 0xa, 0x13, 0x6, 0x6}}, 0xe8)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r6, 0x40086602, &(0x7f0000000040)=0x10)
write$bt_hci(r4, &(0x7f0000000200)=ANY=[@ANYBLOB="0000023f3201", @ANYBLOB="d7bd94d0d907"], 0x138)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000200)={'syzkaller0\x00', @random="e5db029ea53c"})
syz_usb_connect$uac1(0x4, 0x11f, &(0x7f00000002c0)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10d, 0x3, 0x1, 0x6, 0x10, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1, 0x81}, [@output_terminal={0x9, 0x24, 0x3, 0x1, 0x300, 0x1, 0x6, 0xc}, @mixer_unit={0x6, 0x24, 0x4, 0x1, 0x7, "c8"}, @extension_unit={0xa, 0x24, 0x8, 0x5, 0x3, 0xf, "effdbc"}, @feature_unit={0x13, 0x24, 0x6, 0x6, 0x1, 0x6, [0x4, 0x6, 0x1, 0x3, 0x8, 0x6], 0xfe}, @extension_unit={0xc, 0x24, 0x8, 0x4, 0xf, 0x2, "6b45aafebe"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x7, 0x1, 0xb, 0xff, "2614744262af446af1"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x60, 0x2}, @format_type_ii_discrete={0x12, 0x24, 0x2, 0x2, 0x6, 0x200, 0x2, "78100aa7e7f38c25cf"}, @format_type_i_discrete={0xf, 0x24, 0x2, 0x1, 0x9, 0x3, 0x6, 0x6, "765902b9ef2b2e"}, @format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0xef, 0xf59d, 0x0, "fa76"}]}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x4d, 0xe0, 0x3, {0x7, 0x25, 0x1, 0x0, 0x2, 0xd718}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x2, 0x1, 0x81, 0x6, "", '1'}, @as_header={0x7, 0x24, 0x1, 0x9, 0x3, 0x2}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x8, 0x1, 0x7, 0x3, "", "e3e4"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x4, 0x2, 0xc0, 0x80, "fd5b87", "11c6"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x2, 0x2, 0xff, 0x6, "bdc51d"}]}, {{0x9, 0x5, 0x82, 0x9, 0x200, 0x2, 0x6, 0x7, {0x7, 0x25, 0x1, 0x3, 0x3, 0xc}}}}}}}]}}, &(0x7f0000000180)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x201, 0x9, 0x9, 0x92, 0xff, 0x40}, 0x5, &(0x7f00000000c0)={0x5, 0xf, 0x5}, 0x2, [{0xe5, &(0x7f0000000400)=@string={0xe5, 0x3, "90fddffea3342c8f7a5604701c61e93f011608e43ba065307ba679d71ce3f33e085fd5f040eef9d3baf37066716934526a2dad144a67b72c52c5be175ff835355d8e149cc56a2dc2765133dd1c4663c248181aa9410a2d4e41e1564f3321acc3eade895cbcc785e89980c27544c27cc27e47ab6d422f41beae20dbc39f90642622856d9143618480f991d208d360b72f06fd6ad25f22c393e89c77d1939fb31cd15a13da3cdb8efa9c8fa7a43620c9e3f1e9f1f4a04cee8d8d70fce29b3f0512fbf7f51785a0e1faab32cdfa105d0d42b84dcac905e5c4cb8f9d4026f9ce824a8320ab"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x300a}}]})
ioctl$SIOCSIFHWADDR(r2, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})

7m20.873853367s ago: executing program 4 (id=303):
r0 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000001080), 0x2002, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="a53fa0", 0x3}], 0x1)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async, rerun: 32)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x22002, 0x0) (rerun: 32)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1, 0x13caa2, 0x34da93})

7m4.817434059s ago: executing program 32 (id=303):
r0 = socket$pppl2tp(0x18, 0x1, 0x1) (async)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000001080), 0x2002, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f00000000c0)="a53fa0", 0x3}], 0x1)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2}}, 0x2e) (async, rerun: 32)
r2 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x22002, 0x0) (rerun: 32)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r2, 0x3ba0, &(0x7f0000000080)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x1, 0x13caa2, 0x34da93})

4m15.407920224s ago: executing program 2 (id=883):
r0 = socket(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
fsopen(&(0x7f0000000100)='vfat\x00', 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_audit(0x10, 0x3, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x48)
socket$packet(0x11, 0x3, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket(0x2a, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
fsopen(&(0x7f0000000100)='adfs\x00', 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'pimreg0\x00'})
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
getsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f00000000c0)={@multicast1, @empty}, &(0x7f0000000140)=0xc)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

4m15.353014413s ago: executing program 2 (id=884):
openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000002b40), 0x82, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x7, 0x80040)
getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000300), &(0x7f0000000380)=0x80)
r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000480)={{0x0, 0x3, 0x0, 0x3}, 'syz0\x00', 0x10})
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x10000)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r3, 0xc058534f, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_ima(&(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES16=r4], 0xb, 0x1)
sendmsg$IPSET_CMD_DEL(r4, 0x0, 0x80044)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
userfaultfd(0x80001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003840)=[{{&(0x7f00000006c0)={0xa, 0x4e64, 0x0, @remote, 0xa}, 0x1c, &(0x7f0000000240)=[{&(0x7f0000000280)="8000102ebf77", 0x6}], 0x1, &(0x7f0000003500)=ANY=[@ANYBLOB="180000000004000029000000360000000400000000000000"], 0x4f}}], 0x1, 0x240080c4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x1b}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x185)
ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0xee)
close_range(r1, 0xffffffffffffffff, 0x0)
ptrace(0x10, r0)

4m14.814089466s ago: executing program 2 (id=886):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x80042, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
close(0xffffffffffffffff)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRESDEC, @ANYBLOB="00a410"], 0x10)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000280)='>', 0x22fe0}], 0x1}, 0x0)
getpid()
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
preadv(r1, &(0x7f0000000400)=[{0x0, 0x20}, {&(0x7f0000000300)=""/97, 0x61}], 0x2, 0x0, 0x9)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000000)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000400)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000080)={0x4000000})
dup(0xffffffffffffffff)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x8000000000000001, 0x0, 0xc3ad, 0x0, 0x3}, 0x0, 0x0)

4m13.718721101s ago: executing program 2 (id=888):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f0000000040)=0x525a8c3b, 0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000007a00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000380)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r3, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f00000000c0)='.\x00', &(0x7f0000000080)='./file0/../file0\x00', 0x0, 0x80700a, 0x0)
umount2(&(0x7f0000000100)='./file0/file0\x00', 0xb)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r4, @ANYRES32=r2, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r4, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r1}, 0x20)
r5 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r5, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$inet6(r1, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="01", 0xfffffe9c}], 0x1}}], 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x437, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x40c9b, 0x503}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x5, 0x7}, @IFLA_BOND_MIIMON={0x8, 0x3, 0x3}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8851}, 0x40000c8)

4m13.298209904s ago: executing program 2 (id=891):
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38)
io_setup(0x1005, &(0x7f0000001380))
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000100)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0x8)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x13, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000800000000000000000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
syz_io_uring_setup(0x32e9, &(0x7f0000000b80)={0x0, 0x873f, 0x10100}, &(0x7f0000000100), &(0x7f0000000140))

4m11.61664502s ago: executing program 2 (id=897):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
read$alg(r1, &(0x7f0000000040)=""/136, 0x88)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1, 0x3}, &(0x7f00000000c0), &(0x7f0000000040))
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x3f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xd0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r7, &(0x7f0000000080)=[{&(0x7f0000000040)='\x00', 0x1}, {&(0x7f0000000100)="04", 0x1}], 0x2)
r8 = syz_open_procfs(0x0, 0x0)
ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)=<r9=>0x0)
ptrace$setregs(0xf, r9, 0x200, &(0x7f00000000c0)="2be8ccbcc8256953ed6430fec4ee")
preadv(r8, 0x0, 0x0, 0x1, 0x8)

4m11.274865321s ago: executing program 33 (id=897):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
read$alg(r1, &(0x7f0000000040)=""/136, 0x88)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = syz_io_uring_setup(0x110, &(0x7f00000003c0)={0x0, 0xfad6, 0x100, 0x1, 0x3}, &(0x7f00000000c0), &(0x7f0000000040))
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r2, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x3f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x2e}, @printk={@i, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0xd0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
writev(r7, &(0x7f0000000080)=[{&(0x7f0000000040)='\x00', 0x1}, {&(0x7f0000000100)="04", 0x1}], 0x2)
r8 = syz_open_procfs(0x0, 0x0)
ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000000)=<r9=>0x0)
ptrace$setregs(0xf, r9, 0x200, &(0x7f00000000c0)="2be8ccbcc8256953ed6430fec4ee")
preadv(r8, 0x0, 0x0, 0x1, 0x8)

10.787860067s ago: executing program 3 (id=1611):
r0 = socket$inet6(0x10, 0x3, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000780)={0x5}, 0x8)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000500eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000", 0x51}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0xa1ff, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b0001006272696467650000400002800800050001000000060027"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)

10.539796672s ago: executing program 3 (id=1615):
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x10000}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x3)
r3 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x9)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r5)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
ptrace$pokeuser(0x6, r5, 0x358, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f000099b000/0x3000)=nil, 0x3000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[], 0x80}}, 0x44)

9.160976788s ago: executing program 3 (id=1616):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a400000000009000200"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4)

9.151983256s ago: executing program 5 (id=1617):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000240)=0xfffffffd)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000100), 0x50, 0x282040)
ioctl$HIDIOCGRDESCSIZE(r1, 0x80044801, &(0x7f0000000180))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044941, &(0x7f0000000500))
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
gettid()
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FLUSH_PMKSA(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)={0x1c, r4, 0xcff3b002f1a6d49, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x1010)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, 0x0)
ioctl$UI_DEV_CREATE(r2, 0x5501)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000010400000000000000000000ffffa4612b57a7e77b539c363c7333aa9de608d8df042d4623ea58586ecca61cc461c2d7f26c35461e5b709eb0e6cb7ab4d8d2d376c9e4b7122647ee08450148fb77320508", @ANYRES32=0x0, @ANYBLOB="421c00000000000014001280090001007866726d0000000004000280140003007866726d3000"/48], 0x48}}, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r7, 0x0, 0x0, 0x800)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x58240, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60)

8.541293498s ago: executing program 5 (id=1620):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x1, 0x0, 0x0, 'queue1\x00'})
io_setup(0x1, &(0x7f0000000580))
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0xffffff3f, {}, {}, @raw32}], 0xffc8)
r1 = socket(0x9, 0x5, 0x7)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000000c0)={<r2=>0x0, @initdev, @empty}, &(0x7f0000000100)=0xc)
bind$packet(r1, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x4, 0x6, @random="a46dec8f395a"}, 0x14)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000180)={0x92, @time={0x65757100, 0xfffffa}})
syz_emit_ethernet(0x46, &(0x7f00000001c0)={@remote, @broadcast, @val={@void}, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x4, @local, @private0, @local, @rand_addr=' \x01\x00'}}}}, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000500), &(0x7f0000000540)='./file0\x00', 0x8, 0x1)
r3 = syz_open_dev$vcsu(&(0x7f0000000040), 0x6, 0x10000)
syz_open_dev$sg(&(0x7f00000003c0), 0x3, 0x400)
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r3, 0x80585414, &(0x7f0000000480))
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
syz_emit_ethernet(0x61, &(0x7f0000000340)=ANY=[@ANYBLOB="03be6f7d5f49000000000000080503050037b2fd1cf000692d30c62b043c609a7c7401008c00bd46d56f75c230b7fda229f2033dc181df4385ae6f92ca8316c90c2dd4dba03c5ea17617f8cc93a9d83173dd95ff540d2944e0c898678ad90e2827"], &(0x7f0000000240)={0x1, 0x3, [0x633, 0xc6b, 0x8bb, 0x560]})
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'vlan0\x00', <r6=>0x0})
sendto$packet(r5, &(0x7f00000000c0)="3f031c00dce0140006001e0088a8", 0xe, 0x0, &(0x7f0000000540)={0xc9, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r3, 0x84009422, &(0x7f00000005c0)={0x0, 0x0, {}, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007292bd404020305582a80000000109021b0001000000000904000001df7fa9000905", @ANYBLOB="86"], 0x0)
pipe2$9p(&(0x7f00000001c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r10 = dup(r9)
write$FUSE_BMAP(r10, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r10, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r10, &(0x7f00000004c0)={0x18}, 0x18)
write$FUSE_INIT(r10, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x20200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r10}})
bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1, 0x20, &(0x7f00000009c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@map_fd={0x18, 0x0, 0x1, 0x0, r3}, @exit, @map_val={0x18, 0x0, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x6}, @map_val={0x18, 0x6, 0x2, 0x0, r3, 0x0, 0x0, 0x0, 0x4}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @tail_call={{0x18, 0x2, 0x1, 0x0, 0x1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='syzkaller\x00', 0x4, 0x98, &(0x7f0000000ac0)=""/152, 0x40f00, 0xaca5f1ca41649c34, '\x00', r6, @fallback=0x5, r3, 0x8, &(0x7f0000000440)={0x6, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, r10, 0x3, &(0x7f0000000b80)=[r3], &(0x7f0000000bc0)=[{0x0, 0x3, 0x4, 0x1}, {0x4, 0x2, 0xf, 0x1}, {0x3, 0x2, 0x5, 0x3}], 0x10, 0x8, @void, @value}, 0x94)

8.54068847s ago: executing program 1 (id=1621):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000100070000009500000000000000"], &(0x7f0000000300)='GPL\x00', 0x7, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket(0x1, 0x5, 0x0)
setresuid(0x0, 0xee01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x10, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@ldst={0x3, 0x0, 0x3}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x6c)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000200)=0x5)
getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000100)={{{@in6=@mcast2, @in6=@initdev}}, {{@in=@multicast1}, 0x0, @in6=@initdev}}, &(0x7f0000000200)=0xe8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x3}, 0x18)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1000000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="00000000000000c7aa00859d37040e1a8bd30000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/19], 0x48)
socket$kcm(0x29, 0x2, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000080)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000010651fbe347b2c2b00000c00018008000100", @ANYRES8=r5], 0x20}}, 0x0)

7.580257259s ago: executing program 1 (id=1623):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x161280)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000000380)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x80000000, 0x100001, 0x0, 0x0, 0x0, 0x6})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xa0}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'gretap0\x00', &(0x7f0000000300)={'syztnl0\x00', <r5=>0x0, 0x7, 0x7, 0x7, 0x5, {{0x6, 0x4, 0x2, 0x4, 0x18, 0x6c, 0x0, 0x8, 0x2f, 0x0, @broadcast, @multicast1, {[@noop]}}}}})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000440)={r5, 0x1, 0x6, @broadcast}, 0x10)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x28002)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb", @ANYBLOB="4e2e0b89a0"], 0xfdef)

7.259882798s ago: executing program 0 (id=1625):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x51, 0x0, 0x0)
syz_usb_connect(0x0, 0x32e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b04af72024d05a5ea916010203010902"], 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, 0x0)
syz_usb_connect(0x5, 0xf44, &(0x7f0000000440)=ANY=[@ANYBLOB="12011001e4faae403d1ba701bb04010203010902320f04f7071000090418050b6a4a7a0309050a024000030844090502032000dbd90c0725018208fcff0725010008080009050500ff030001021409aab0195f436650d2206faf48932fcb62f72309050e034000b801c70725010309010007250103070200090508010800080302072501800a0800072501817401000905070440000080f009050a00ff030800c909050a1008000001ce0725010203070007250101070200090502080002091001072501022c0c0009050a0410000e0806072501000506008529b89ed7aea74f4f2b0792574878336a140397b61bfa53f9caaacdd64e7d06347aa039dd4ea542e6e5cc01b28337f960d2a586ca4df4f54f66d2b6def55a78c3507f9c083a683b25eef7b8661f3aef3775c119b9a13d1054784e998007229e0f1ee2d16f70cd2f71b565520fb2dca5624e3706a60b7bfac228179f6eb8118f0a679379200905081040008007040725010206ae8f1f24d7791d3dcbf63290a43afdd371a38930b30ca8a86e747e9726d60526d10904ce05105d23630309240600012ebedbcd05240060520d240f0106000000ff0706000406241a03000c04240204052415850007240ab608080a1524120100a317a88b045e4f01a607c0ffcb7e392a0905030040000aac088b31a0a07f9de89ac62613459607438d390322276ea9d3943be2ba6e97e656c928bbe4e9203a435e0f83c7cde0be64cf8df15e2817d72a3647efcf323ec3028376d8d333c63d168198dddeb4119a8fb787f4d5fb1051409b646a8a19cb398e37b52db8349b373d822855d9ae372820e49734be419b1afea18e6161ee9f9bcf05175eeaa14ed625d992c2de090508042000060207072501010403000725018300060009050000ff0303080309050e10ff030507060725010356220009050608000402f9020725018106010009050310ff030505045b24a34d8564f428d5cc2823489b94ed1eee24ef41a552b512a338e14153f4f694fa585bfaf17027feabb768f89a07f7507ec7148a04e292dbf303e46cd23799441c01e5064337a3ca531f5e0184ae26251acb63c8886f2519cce9072501020036000905001008000905087323abd32660e8c99f0797010e9f05616a453479fc3372b78454b5effda1e18cc9c5d4548daeca824a28dfd068d458478e1372bc51d6a99a1cf7e91c34cf719aed7db34f5498c10dbee55340c932035c6153eb99a962a31e7b102c7fe70e044f41156a533ae5e9613f2430f3c529fbde7d6c32072501010009050710000240080c072501400fc7b209050c0c20004002067a23d75189d79bc81255a1dd5245de06c1c87a0f035f53c8d0e914728e27684e2c3607151719501ab849bf28adbf410955efbbb8bcadf049441f5725bbc2ba553ded9b58d28ba9903c9cf59283411be41c7785abf6fd260143b9adef45d2e74ac2a05d65cc3a1afe06293a8e80d76481deaa151a68c95e711e510905060040000103034402ffe705cf3c63c824276d0d33d8752e10ebd4abed0b02154e0bd4a8377bf03c07777e58edb2f36836834436d28ce1a5c07008c168768ed425d0d6094a909f70fe5f03bd0b88664124b085cf79348bbd9beca3bdd2a31e36e364126c27b11c3299ff95e162bb058487da461dc7f238e6005e9362556c6a76bc15390daf89de2223c3ae81533a031e1bef4815f63c4e8d69f799cf9d873f69e7a26497f1268de82de8aa2d468d2436d7f9f36ff3d388ab76e1c349ca9ac8f13f65f56d229f91a392e616b3d7f5e06520da421da6f7cbe160546e22b6bde5ed256711042d876e668f7db07685adfdd86e52c3482a9fa9644befd989a3205011765e5d796b2dc95009050e012000021f01100994d12552df25f28f846d9a016c850725010000000009050000400007020d090508010000e94e0507250181400800090508000004a67b034823fc25dfb18954202a4e324d206663da47e04247b300a5536b0df61a132bbeb04f344dd0450f45f8176769853b06d89e37e590bec36f91c4554b356d2475f642f7c5787f0be5f40905020000040f050109050f00080000250d09046f0f0f7b7d3c0906240600002f05240001040d240f010600000001802005631524120b00a317a88b045e4f01a607c0ffcb7e392a1524120100a317a88b045e4f01a607c0ffcb7e392a09050c0310000507090905870008004076006e0f80eef2d19223c916198f4954164ada9f984a430d939caeefb137070c7a70c0409c7c81e55157beacff787cfb48abce3beb356b5394916bc815301246dc3ef0f2a3da13804c2aa4ccdf15e196731be02e3441ac4bcfe48806fbf04dc4df1c0e2fbd6bc9f76474ca598a61d42e0905011c00040102099e0f77c57a4dcb2ade1df1dc0347dc3a72ecca7e04cf05b1681cbad37de6436219ed469c5eeb668070c408c906092f069f5dfa5b868d3c94e120ea41ab85a59974d7a33111ee76fde3aae13386adb8093fd5f3558f6d23d06a5ce3ac6bf45b198a043fa00db50c3f2e7e681c97bee4fcc2d203abd08cb35eb55c4f08e7a3cb7d6d81fdd9f6a9de93139c6fc9d3e50ad2b6be3912aa8679d306f58448659109058004200000087207250181f6090007250102ffc4aa090500000002800d0709050f10100400090e0905060040000408070725010003f80f09050a0210000840020725010001040009050800000405a701b20cc3a5959857b41be34d9dd065fd347a6a831cdc55c8a806bf27bc2037efb6b0410c4d3f572fc3035ebf111a573fb7ad27778da6c45cbef0704162819047d4c98e0cf2cef5f3f08602e8b99f992a7233411c2f120987cfe700b27a3f06798726f2c68f2618da322744431ca68b710503f056396bf0789a7d3bc9e42cf9cbb0b0174e8e05607dba51915467c9fe869872bd0b156ed2cf7bb8399e70cff5b6b6f20e802615d31012f3a232400603513531a209050200100005021d0905080c4000090c8109050b10000402006fdd23258dac6f1189f4703e2023eeaa85713d62f9d3a0b39a39c46ad8c3d38cacea4e6b0c911535e223ac31845c9808c336d3cb4a9741608bcf2f74aeaa530c070a1adbbe1254575fb6be5051e8dd615455e46d969394d8c98f5804d28ec6a0de9c2b4a1f1ad3e54a83eead2bcbfeae6e876275841caad6e8446c5afa6b026d54c3e040a89d98b4bafb4938b79c5c26731c97a25cf2d7ac4c16f51ab22c79448a3c939bebc17d2019c613a9c479d929040b523da62e9a61134eb5677cf565462334aaacf39930ead10b59db4f71de0a3059647e01f3bdcd832b6db4450e8606d4b1d0eb41a98302bc12c87385b39f205051d50e099fd6fc540db8de8bfb2785712821b2f96821e29a6a5febb29f09c7509818081b223890f3ba81db3e3718423de2c7fe24fd0256e70c88f2e83afe33071ed2c3f59de42497c4836ff80ad6765c03de3f8781c73fbd2816c33be49e64a7edae13d1a29eefb8425e88d04ff0b26fe9a1710905060308000605000725010108e10efb2250e550d9be8c04e1341bfdf5cc2c6b7fbd126386617be796fb4bed57ece11f649b0a0e4294df9a8adaaeccf13161215f11d3e5c1fa819e90678c5ceb2fb63add90c8cb218a1762909dffe4a652b5de63885f473011d80ca7c2e2dfe4dbc408bf63fda4277a97c8de373b9e367e1cc96201ea71926f9ca011efcb656514cf3cbf3251be8820c17dda03829f2f1ace5faeebd8a1d03a9891b253e2006d31f65a988218190610d30504cd0a199f30c9d5c267fcfe65221429cf7e653214c670603f21f0e9c8900e7530e11f52f2c58d9a3eb49bebc92291660a2366dc6edbff1b5ae7deff58fe6ca23d4ec13f0ba90445a88cc1f17e202e724f3e09050104ff050405ff0725010204ad96090506004000020e01f60dd68ca35db5ed0dcab63b4b5615f9db2deca21b2be363ed97ac97642b9f87721c49a6b4d6f2d96c1896cfc07bde8e01057036e53e899f08040d6952c70f49619e958b836fed08220c07cbb9276124da12d6a9ef9b85d78da0f2f726eb933c4b8278cd53f760dac02bd390f390e1a68e39fc418a82b9481b19f3d2040c60732d084863dfc5c20ca34cd019fe8b068b7500445e242f41c9c91885cbc7f57d32508ec5e3e222451780b7d7b3a3b0288da1de15089ac3ed402f181b844399db3c064006a54c5f32905dde6956b4f0fb6075409f37655608407db220876ca422aee82a0323a32348c6839eaf61"], 0x0)
ioctl$KVM_SET_NESTED_STATE(r2, 0x4080aebf, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x4000000)

7.177973936s ago: executing program 3 (id=1626):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0xa4, 0x29, 0x10, 0x70bd28, 0x25dfdbfc, {0x2}, [@generic="d14c74f7e197d48bbbfeb3c2677c86579b2a55970f92093a914044f844a6ed234158b612f2f43f39ca8f67240dbc2fd9d5038c9c0294e91a5d30181c14ede2ad6f3afb23ade827b9ce9a249167b102394e82d59b28144af19c39b707245b28f74012bf378be9231e2a699557c78ece59d04e3101827f6f7095e583341832cf016eb2ff0785f5fb81b5f17663ae"]}, 0xa4}}, 0x10)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x1a9802, 0x0)
listen(r1, 0x4)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000001c0)='[%(!#\\\x00', &(0x7f0000000200)='\x00', 0x0)
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000240)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x4b, 0x50, 0x7, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x2, 0x2, "", {{{0x9, 0x5, 0x1, 0x2, 0x40, 0x1, 0x7f, 0x81}}}}}]}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x201, 0xee, 0xb, 0x3, 0x10, 0xc}, 0x32, &(0x7f00000002c0)={0x5, 0xf, 0x32, 0x4, [@ext_cap={0x7, 0x10, 0x2, 0x10, 0x2, 0xd}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x8, 0x8, 0xf, 0x6, 0x7f}, @ssp_cap={0x18, 0x10, 0xa, 0x0, 0x3, 0x9, 0x7800, 0x7ff, [0x3fc0, 0xff00c0, 0xff000f]}]}, 0x5, [{0x81, &(0x7f0000000300)=@string={0x81, 0x3, "0ac04c758773ebd18df0d0ff289c488753eee6f056ce2609ffb5bf961d71a1367d5f159507cda25c49acd071e7bdd4d6fc8512c9ba4f4705b21d26e19e40e7e365e9766f7fd6a91b1219aa4c1b372bfc72d57f9338ca4b241a62d49cd80d1882eb674d881e905b6a27f22f9858c0aef07711636d152933db76af4d74d10e9b"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x80c}}, {0xd1, &(0x7f0000000400)=@string={0xd1, 0x3, "752b45412ec6c618debd78bdb8b3832eec2981ea49ed62466292a3994b120eeca6a5519a97c797d9184b7563b55dc608eb0d547c121b5b6b2ed5826bca283aefcac37df025465088e43f436762b94499ca785979e6692a7f2c728260f25ee34f954161569e2c40f34076e1cbbd3353318081a3b65fd3c9daa1f3090fbe5c7472d80d55d92710739ef5f6b54e433b7b84bd6308ed84a61d48d93b4dc3df738c08acf61f1580a90f8e3d8d0b07be00ba4d75657b5b1a5efa781ae7dc390ed2cb4f6781d6cfc7126167e5f47f2d72d6bf"}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x40b}}, {0xdb, &(0x7f0000000540)=@string={0xdb, 0x3, "571fc093e4a1d980b262a5d7549b4f88920b23f57792cbc97c1b693bb6e463c86f31b9ef6eaf03e0a373fc3df5954e11c4fea9806e0c6908646fdad53ab28d5b3679eec46f7abd11e0e7a44dede6ca87e0c7f7b67436f1641b8d38540833a875eeb6f30c945fd04eac22037990dccc4d8a4362ebc9da790d3f814fc29eb76478a260dbfd9d3288747d4d9886dd99e16d08827ceac44fd5a07204e0ba15b293a09ea28f31354627cc7ba1fddd20f1edd2c20e9cc6007e222f0e0bc2fef37994da83d36ac8bb0141fe9369f3a8aa988a276e731b45e5af3f98ff"}}]})
ioctl$FIGETBSZ(r0, 0x2, &(0x7f00000006c0))
sendmsg$NFT_BATCH(r1, &(0x7f0000000ac0)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000a80)={&(0x7f0000000740)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_DELCHAIN={0x24, 0x5, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_CHAIN_FLAGS={0x8}, @NFTA_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x3}]}, @NFT_MSG_DELCHAIN={0xb8, 0x5, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_HOOK={0x2c, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'ip_vti0\x00'}, @NFTA_HOOK_DEV={0x14, 0x3, 'xfrm0\x00'}]}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x6}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x4}, @NFTA_CHAIN_COUNTERS={0x4c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_BYTES={0xc}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0x5}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xffff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xffffffff}, @NFTA_COUNTER_BYTES={0xc, 0x1, 0x1, 0x0, 0xd59a}, @NFTA_COUNTER_PACKETS={0xc, 0x2, 0x1, 0x0, 0xfff}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}]}, @NFT_MSG_DELTABLE={0x80, 0x2, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x5}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x2}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x4}]}, @NFT_MSG_NEWSETELEM={0x1c, 0xc, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWTABLE={0xb0, 0x0, 0xa, 0x100, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x5}, @NFTA_TABLE_USERDATA={0x40, 0x6, "bfc277155a859cabbfe6aefe61356a490d476b2e294381c768d8ab56241f84d8e99b3cf1031428e097c80d4cff0909c2c8cf10b3735ed5ab3ca4edbf"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0xe0, 0x6, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x3}, @NFTA_RULE_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0xb8, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0xa}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x42}, @NFTA_MASQ_REG_PROTO_MIN={0x8}, @NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xd}]}}}, {0x28, 0x1, 0x0, 0x1, @connlimit={{0xe}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CONNLIMIT_FLAGS={0x8}, @NFTA_CONNLIMIT_FLAGS={0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @match={{0xa}, @void}}, {0xc, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @void}}, {0x34, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x15}, @NFTA_MASQ_FLAGS={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_MASQ_REG_PROTO_MIN={0x8, 0x2, 0x1, 0x0, 0x16}]}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x330}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000b00), 0x82000, 0x0)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r2, 0x80047210, &(0x7f0000000b40))
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000b80)={0xac73902242537960, @tick=0xdc77, 0xf, {0x5, 0x40}, 0xb, 0x1, 0x6})
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r1, 0x80045400, &(0x7f0000000bc0))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000c00)='./binderfs2/binder0\x00', 0x800, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000c40)={{0x1, 0x1, 0x18, <r4=>r0, {<r5=>r3}}, './file0\x00'})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000c80)={'vcan0\x00', <r6=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000d80)={'sit0\x00', &(0x7f0000000cc0)={'syztnl1\x00', <r7=>r6, 0x7800, 0x20, 0x5, 0x9, {{0x28, 0x4, 0x0, 0x8, 0xa0, 0x66, 0x0, 0x7, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, {[@generic={0x94, 0xd, "7d91ad12d2cca02486b867"}, @timestamp_addr={0x44, 0xc, 0x48, 0x1, 0x7, [{@multicast2, 0x3d}]}, @ra={0x94, 0x4, 0x1}, @generic={0x94, 0x11, "27d1261bde7681e065b98d775deb9a"}, @lsrr={0x83, 0xf, 0x2b, [@empty, @remote, @broadcast]}, @timestamp={0x44, 0xc, 0x60, 0x0, 0x9, [0xb2db, 0x8]}, @rr={0x7, 0x7, 0x43, [@empty]}, @rr={0x7, 0x17, 0x2e, [@rand_addr=0x64010100, @multicast1, @rand_addr=0x64010102, @loopback, @broadcast]}, @rr={0x7, 0x1f, 0x4d, [@multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @remote, @empty, @remote, @empty, @remote]}, @generic={0x44, 0x3, 'b'}]}}}}})
writev(r1, &(0x7f0000000ec0)=[{&(0x7f0000000dc0)="c7f08fd3ed3602b3510b94b58b555e39fdeadb38d479353ed6fd06902fdd33a05ae5fbf2a30fe4cb4bca5030d2ef03030ed6e42873e459879d7f350dedaa3111f2b3b16a79478ece4df82c1dc3f3078bbe268c842654f7fdd88711892d322f288481695d483db2bc943796562229fec72289a49bba3d42d6096a0c421d2a4185cfc65019874d0f7bcd75a562fc75c525135d3dea263c1d022fe47be8c0c5d6e82bd40c9ec8bd0d20b8c723245a68441913d81d9942790bae42f29caf3be69a3b586b23dce5fcc52d75ef8f893f244d7c875b1030a6fb04112855d6cba6ee4ce75e5ec7a165025bd049cb71000994364f637c03d2f4b73eac", 0xf8}], 0x1)
ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f0000000f00)="f2acc527bf957b0c6a14774b1d3132569a32dc590fa3d1f0438537909bf7cc35969550dee0d5de65cc0cc242932fbbe4e80309e5f4cc86c949a595f53c7288377f1a6390f606b1ad83c15e19fb55d889a48c9f1c553cf9ded7d2cdc5d7dbd94e4515409b7ce6b14b946767a1c1fa5ff6babc24e96ab64368c9bfd3b6d4e6f5f95bf5416af243058863b5e670f04d2a3ab8bd81a5c811474611cab438783cdacf97380eeaa3536a3350f74efe471e95d206cfa473dbbe40ec44067c285d89af6425fbf28cb25bb36bd78b5bb7b7803c4af7c373470ddaa81c019c10e79cdbd6ec69a6be2bdf09630ed4730102237984f2278a20ac043217aa46f4b4e12734cffc")
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000001000))
pread64(r5, &(0x7f0000001040)=""/164, 0xa4, 0x1)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000001100)={@ifindex=r7, r4, 0x1b, 0xc, 0x0, @void, @value=r4}, 0x20)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nbd(&(0x7f0000001180), 0xffffffffffffffff)
sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f0000001280)={&(0x7f0000001140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001240)={&(0x7f00000011c0)={0x60, r10, 0x10, 0x70bd26, 0x25dfdbfb, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_BACKEND_IDENTIFIER={0xe, 0xa, 'connlimit\x00'}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x10}, @NBD_ATTR_BACKEND_IDENTIFIER={0x18, 0xa, './binderfs2/binder0\x00'}, @NBD_ATTR_BACKEND_IDENTIFIER={0x9, 0xa, '#&):/'}]}, 0x60}}, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f00000012c0), r1)
write$char_usb(r4, &(0x7f0000001300)="e08f1c693a1c1d4b87c0289174496772667f8190c8c96454d0cc5107", 0x1c)
syz_emit_vhci(&(0x7f0000001340)=@HCI_SCODATA_PKT={0x3, {0x1, 0x63}, "f072a83f4bb485403885d9340782b926b897249f8f098e7c95dc15516b6026469ba95a649a85d8573ce1c3f99c015093fada360a6bc6a6c27de8aa43185934ec77e743eeea099bf043a1d5070f847c3c3a8330bbedc2ff5415ef8e83424473e59cd5d4"}, 0x67)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f00000013c0)={r1, r4})

7.02564012s ago: executing program 1 (id=1627):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0xffffffffffffffff)
ioctl$KVM_SMI(r0, 0xaeb7)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040), 0x9e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000280)='rpcb_register\x00', 0xffffffffffffffff, 0x0, 0x10000d}, 0x18)
munmap(&(0x7f0000004000/0x2000)=nil, 0x2000)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000002000/0x3000)=nil)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
fanotify_init(0x97ef6abe75cd6422, 0x400)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x8001, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x361, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000180)={0x0, <r3=>0x0})
ptrace$poke(0x4, r3, &(0x7f0000000200), 0xa)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000800), 0x8000, 0x0)
r4 = dup(r1)
ioctl$GIO_UNISCRNMAP(r4, 0x43403d0e, &(0x7f0000000080)=""/96)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
recvfrom(r2, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x8882, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r7, 0x7040, 0x0)
read$FUSE(r7, &(0x7f00000040c0)={0x2020}, 0x2020)
r8 = getpgrp(0x0)
fcntl$lock(r1, 0x24, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, r8})
ioctl$TIOCSSOFTCAR(r6, 0x5453, 0x0)

6.311501598s ago: executing program 5 (id=1629):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x1, 0x0, &(0x7f0000000200))
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
memfd_create(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x2)
r1 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='user\x00', &(0x7f00000002c0)='\x00\x00E\x01\x00\x00\f\x01\x00\x00\x00\x00\x00\xc1~\x99l\xb7\xd6\xfc\xebw1hn\x1a\xc5\xef\xec,\xa1\xa0\x12\x1c\x7fn\a\\\xec\xd8\x94oh\x1d\xec\xf5jb\xe5\xb2\xa2e\xfd\x9c\xc4\xd22\x9c\xe97#(/\xb1\xe6\x03\xe1\xaa\x96\x92\x8b4}\xc1L\x1b\x9b\xe6n\x97\xc7\x06\xb2Y\xadQ\xa4c\x1b&\x0e?\xc0\x90\xaf\xb29\xf6>\xe1\xe8}D\f\xc1u\xab]$\x1b\x1bt\xda\x9eA\xd3\x1b\x12A\x82\xd5\xa8@\x1eIw\xb2y2F\xe8\xc7\x03e&\x98\"9\t\xe0\x81Pj\xee&\xae{P\xe8\xceL\xe1\xd1V\xc7\xeaF\xd54\x80\xb6%\xaf\xbbK\x85\x95\xf2\x1bG\xf1\xdaq:\xae\xe22\\~j~\xfe\x83\xbb>\xb0\x9b.\xa4\x95\x0eY\xb8j\xe1M\xf5\xa5\x87`\x04\xab\xf1\xc7[\xda{\r\x95\xa4\xea^\xfc\xa7\x8b\x85\xd1ld\xacK\x8aqd\x1d\xaa\x99\xeb\t|@\xd5p\x1d>+\x0e\xec\xe2\xcd\xdc\x8f\x01\xf7\xabH=z\xa5x\x1b\x9f\x95\xd1\x88k\x85L#\x99^p\x18\x98\xec6\xf69y\x052', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080), &(0x7f0000000480)='oc\xf9\xdf\x15\\1\xd4\x8dts\xaf\x81H\x87\x17\xd2\x8cz\xc5\x85\xde\xa4\xe72\xb4\x8e\xfbt\xca&\x8d\xcc\xe7\x8d \x89pL\xe7\x9a\xd4\x99\xcc\x89\xa4\x88\xe3\xc2\xfe', 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f00000000c0)={"0e00", 0xc5, 0x6, 0x2, 0x1, 0x0, "f700", '\x00\x00G\x00', "050000f2", "fcffffff", ["50d5c2a7c50200ace40000b6", "808e0000000000eb0f00", "0c436d743c97c443084000"]})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_HEADER(r2, &(0x7f0000009300)={0x0, 0x0, &(0x7f00000092c0)={&(0x7f0000009280)={0x14, 0xc, 0x6, 0x3, 0x0, 0x0, {0x7, 0x0, 0x8}}, 0x14}}, 0x404c044)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
fcntl$getown(0xffffffffffffffff, 0x9)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000040)='veth0\x00', 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6(0xa, 0x1, 0x8010000000000084)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}, 0x0, 0x0, 0x4}, &(0x7f0000000080)=0x9c)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r5=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000b00000005001000020000ce00000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r5, @ANYRES32, @ANYBLOB="000000000200"/28], 0x48)

5.881166799s ago: executing program 5 (id=1630):
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000005c0), 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
pselect6(0x40, &(0x7f0000000000)={0x0, 0x100000000000000, 0x8000000000000000, 0x0, 0x77c8, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x9, 0x0, 0x2, 0x7}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x5, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105aba4ecbcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdca9348b3225a40b02ee34b14f37f86ddcf97fef0b913c33cf8e5d1d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0)
ioctl$SG_BLKSECTGET(0xffffffffffffffff, 0x1267, 0x0)
setrlimit(0x7, &(0x7f0000000200)={0x5, 0xb})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/14], 0x48)
socket$kcm(0x2, 0x1000000000000002, 0x0)

5.830124403s ago: executing program 1 (id=1631):
socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file0\x00', 0x281c2, 0x1ac0d83fdca72642) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async, rerun: 64)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
r3 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r4 = openat$selinux_policy(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r4, 0x0) (async, rerun: 64)
write$selinux_load(r3, &(0x7f0000000000)=ANY=[], 0x6000) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
r5 = syz_open_dev$video4linux(&(0x7f0000002d80), 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async, rerun: 32)
getdents(0xffffffffffffffff, &(0x7f0000000140)=""/177, 0xb1) (async, rerun: 32)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r6, r7, 0x0, 0x20000023896) (async, rerun: 64)
close(r6) (rerun: 64)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000002c0), 0x684f80, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') (async, rerun: 32)
pipe(&(0x7f00000007c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}) (rerun: 32)
vmsplice(r9, &(0x7f00000000c0)=[{&(0x7f0000000180)='wi', 0x2}], 0x1, 0x1)
close(r9) (async)
splice(r8, 0x0, r9, 0x0, 0xfffd, 0x0) (async)
sendmsg$SMC_PNETID_ADD(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES8=r5, @ANYRES16=r7, @ANYRESHEX=r7, @ANYRES16=r8, @ANYRESHEX], 0x34}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

5.679450088s ago: executing program 6 (id=1632):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x7, 0x4, 0x4, 0x7ff, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
close(0xffffffffffffffff)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000000c0)={0x1c, r4, 0x62c21a4ade68aba1, 0x70bd28, 0xf000, {{0x32}, {@void, @val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000080)

4.747561288s ago: executing program 1 (id=1633):
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004c000078ac1414000a0101004414050300000000000000000a010101000000008903ce070200"/62, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='\\'], 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = add_key$user(&(0x7f00000002c0), &(0x7f0000000300)={'syz', 0x0}, &(0x7f0000000280)="d25a9850a9d77f10", 0x8, 0xfffffffffffffffe)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005040000000000000000", @ANYBLOB="ebffffffffffffff280012800b00010065"], 0x48}, 0x1, 0x0, 0x0, 0x4000011}, 0x0)
r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x4f2, 0x418, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x81, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xb, {[@main=@item_012={0x0, 0x0, 0xa, "02"}, @global=@item_012={0x0, 0x1, 0x3}, @global=@item_4={0x3, 0x1, 0xa, "a27dd0e2"}]}}, 0x0}, 0x0)
syz_usb_ep_read(r1, 0x4, 0x1000, &(0x7f0000000880)=""/4096)
r2 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r2, 0x29, 0x36, &(0x7f0000000340)=ANY=[], 0x8)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0x2, 0x4, 0x8, 0xd, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@call={0x85, 0x0, 0x0, 0xd0}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r4}, 0x10)
getsockopt$inet6_opts(r2, 0x29, 0x37, 0x0, &(0x7f0000000080))
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, 0x0, r0}, &(0x7f00000000c0)=""/83, 0xfffffffffffffe4f, 0x0)
unshare(0x40600)
syz_clone3(&(0x7f000001a340)={0x40000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20042, 0x0)
add_key$user(&(0x7f0000000080), 0x0, 0x0, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = dup(r6)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x3, 0x0, 0x0, 0x6, 0xa00}]}, {0x0, [0x30, 0x2e]}}, 0x0, 0x28, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r6, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)

4.74527615s ago: executing program 5 (id=1634):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000ac0)=ANY=[@ANYBLOB="000504000000ab"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x2eb4, 0x2000007ff)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r1, 0x3, {0x0, 0xff, 0x1}, 0xfb}, 0x18)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) (async)
syz_usb_control_io$uac1(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000ac0)=ANY=[@ANYBLOB="000504000000ab"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x2eb4, 0x2000007ff) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) (async)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, r1, 0x3, {0x0, 0xff, 0x1}, 0xfb}, 0x18) (async)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) (async)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)

4.271849557s ago: executing program 3 (id=1635):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x3, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000001000000000000fb07000885e1ffff790000009500000000b05600fa6715c7fe58311bdc803b1583ffba3d5c05e4673fbf9353f4c456773090c599858ff710a22e71e0805dfc172ccf9724404f3e283449b2ad529d0b78e40cf3f5db09f8a473c48cfc"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={r0, 0x0, 0xe, 0x0, &(0x7f00000000c0)="e0b9545dd30a3731677b2d0bfa91", 0x0, 0x27cb, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = getpid()
r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000002c0), 0x2441, 0x0)
ioctl$SNDCTL_SEQ_THRESHOLD(r2, 0x4004510d, &(0x7f0000000400)=0xb8e7)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x40000, 0x0, 0x0)
socket(0x11, 0x3, 0x0)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r6 = openat$sndseq(0xffffff9c, &(0x7f0000000040), 0x2)
ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r6, 0x80045301, &(0x7f0000000080))
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000000000000c300000095"], 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x17, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='rxrpc_recvmsg\x00', r0}, 0x18)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='rxrpc_recvmsg\x00', r8}, 0x18)
r9 = socket$kcm(0x21, 0x2, 0x2)
recvmsg$kcm(r9, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
getsockopt$nfc_llcp(r5, 0x118, 0x0, 0x0, 0x0)

4.266651946s ago: executing program 0 (id=1636):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000078000000090a010400000000000000000100fffd08000a400000000009000200"], 0xc0}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4)

4.189473786s ago: executing program 0 (id=1637):
openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x161280)
syz_io_uring_setup(0x6949, &(0x7f0000000080)={0x0, 0x0, 0x40, 0x2, 0x2de}, &(0x7f00000008c0)=<r0=>0x0, &(0x7f0000000000)=<r1=>0x0)
syz_io_uring_submit(r0, r1, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0xa0}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, &(0x7f0000000040)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000340)={'gretap0\x00', &(0x7f0000000300)={'syztnl0\x00', <r6=>0x0, 0x7, 0x7, 0x7, 0x5, {{0x6, 0x4, 0x2, 0x4, 0x18, 0x6c, 0x0, 0x8, 0x2f, 0x0, @broadcast, @multicast1, {[@noop]}}}}})
setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000440)={r6, 0x1, 0x6, @broadcast}, 0x10)
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x28002)
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r8 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r7, &(0x7f0000000040)=ANY=[@ANYBLOB="034886dd0900300003003000000060ce902d9f0c2f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb", @ANYBLOB="4e2e0b89a0"], 0xfdef)

3.947298956s ago: executing program 6 (id=1638):
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000004200)="a28096c80abf3543ecde7564abff5085d2227ebcb0f164ae92706ad0b083a3f469a3efd15b4921e9c3063b98b3082068e7c31950dde842eac55df0f991453cad62a6956b0b6f7b8cf49b506a3060fe1127eca99663ade8efa89ee189acb5f3b92f6bc4c46621c803eed0d0bb5f32384870ed08f89d4f74445762fb99715e083c4c92a8878be19ffacc30d0f2da64f971cd40563163adc15670ecf25cd3ad96138967c4b53ad9d04b5193ab5fb674aa0030a9d703d1baf810ce897f969121f142161919e583c275671b999e7f363891dfdfdf3556d01b86ee29eca8fccbfeaf1771395148706cc6e6be7ce29fc9ffef061b5420950c1a525bf75ad06edec51538d1c5bbc77da72dc90fd9998936fffdda2427e5a68966c7e2208f76304680182ec73007e482f034195712af922db2726195d997708734db9e7825a864be00b2a4f800881fc0363f5e618398454f35b148b4ccb88d418269fac868a8ba4a2d5b4f06a1ac01b5ad158b842e05adca22c7372585bf4ce95560b6c1e021a3ed2ff7bd3b6b3c7734c3b66d7e4c460096312082f89b16baa6e73814aa60925780cd92cd65087e260ec046fc363264366a9df2c849c0644911303946adad544521ceb469a3e193ecc9a7876403fac461a4a70d6193b2451189a5c5120b3535e9edf619108af7f517b58abd3fa7fb1ab832213430d2e6901076fba9c9e1acc6c6f48ff0e419bbc45589745a176f52a7407ad5e3dd49acb31b47862806f47077dda04905e45a80a12cbcd4d2dd9fe66c2d1f99394fed8ec60961cd2dc7115a96ece432fac86d51bebb08b95f447a83792fe80291fca7b298c9043ef2c26f0f7e42798d3f54c84b94c24c76c555d83ecc53b99bb22d71845e5cf21a5ba7fbeffeb6306e1730db14561b950a3f24bcfd78d4ab0d97de8054bb1a6077ae7cca6e45d846d3df82298d07212922742cb0facac3b77edfbab90e9ee2d4f7b0ee9b17bb11ec5e5721340d84cb6bd93428167e69b47759172557acda313c3decdfc6fe9336bfade459f43b39d0f2289f9142db280f4ee668e650e12858c577e12e2b9a57ee66c834be97979bcbe94747fa5d8d0b7d3a9f8f218df1bf960f828429a1efe838616b18faf6629236ddbded43a093efae163228e5c38fd7714743c2fcca47e3382bcfb1ab893fd7377527b4ec43f3fa60ebd338161d8de7cad65b15579e4af258f5fe3a63c2637a15703207029b0899b5427767647baef11e291358e6e54f6f13d3d2ca7a5e7969e04d2733b3b9ab822c69a3cfac097384de5071a9b74a656136d55eb190df08747b509fd610ff62b4950ef71c934fe21a48a4931d3d9458b415f112cee65c660f5490e982341da1c58634b3967ca6f3596d20cc90f508382156e36f16539093240ef5f2aa6a2c0dff2a67df30dcf50bf6e0b82a3d49f2d532a8dde1b3ceefcf0837190b74186090d1c18b59917d7efce1adfb238ef4a7b1d22c4cef09320221de883e97e6882466508de06fcdabad3b741bdca2cff879d57ddda52f42b3dcb8a78cfc05826af7e4ff155960ff8491194f4d321ef195990abaeeefdcb852d1e1e3703f317385a9458b6c2dd9db830f757ec29c9939fc7313e639fe485bc1e41ddaaef3fbf1f7cc527c8fad0d21b8082482caad7bee440e5097665f636c3dfec82f8c98afb6243bc3944939675a594277d278ba4361461f7da52e224e4ce5dee4a467bf6ae9f67b61ac6eb0a440406abac2016eec907e241c57f5f44be47290fd0fef785ff04df3810ccd637b4d97a84bae8486a36f75d872e645fe46625969fc2d1f032c56ed44bd98ea27bd9b6ddc8eb2dc2ec9f90f2f1ca1bd20e37ac58b03c84c872f4ba47310654986641460dfdd531ac62a76ad87b89c103ac5c9c2e7e70c66447b3412d4a1e5cbc30e16939505116c04de33ae054ed366de8d1f971c2de439957a194e22a488f58d7efd46439177f3f3c45a1475927eecd846d3d2e6a2ab5c7f8addd99062c2fc6b272d1f51bb8f22f1b6f8bb3faf8aa85e5eb9abf7df5cf8f26267323808b0833a987989cbe59205e7ad06556e2d1b8a4873ca1cbcbc8d43abc145fd4eb832e7a58ab2c793d003ce7b1850ce45eb7480417a1e9eb9d39a1028a2a04a2aa649c098c4f8eee514db5f6021173bb254b8e22b150b2ca01dc7ff235db46ed78d07f43d1adab13b8445d1b32069eb45f9d389fcf5a3f7d3ebe243c5b1fe17b1f5a3d571b65f21b9e471e818172554dc956749b99cb7a5f303ec480d7194a2ba86e204f06aa1becdddc8c49082c527e7064ac2ad77dc05639d3d2a7778f6943ed6105ebf6f0b9e94fddbe05c236ec000f4d1d4e496b10068211ab68ada4c7f7ac61f5f5ba5f1810d5bbe87ff4f8356af0d3f682baedb0ad8f8488b277421f0a03fc5e3095ee34bc4472d8f17e3f7013cf2f79f5ff3ea4b6bae56d1365a33b09bfa9a496323f7da923b7e29dce4beb81035f13130004c96e56d7ef6ca6c101d20c27a218e623227c33c9e488b17e7ae9ac20da8240501f7b614a1730f164553fe479ef149866e4ea47296814284a3d3eb7cbb294289ffb996e0eb053b9c16e54cf267832e3d360eb196ed51305630223309ea97215628f01ec9d3ea48096418d5e962cac5063460f0a18772ec7ce66d14a1cce14b52c40bbbfafccbf1e76f09e57ff0718048e5b993157a6cf4718826b1e09430413a3596a15c4a620fa8c8e1d1663e5739f9f790ddbb3be0e00187d43717d659242467d8681ac10303346157f894d9037641417010e9654c6a5b22263e73a5a37128f50078a980c30930321aa5c5e7851d5d392ddce3a14a96916fa8421ae6728f37f5de7c3e98feb4babd4e1bd2315d595e209d52748f70adc2284fcdaa6ad880470d2a071f3490aaf3491fb64b4547419e8eccdc491a8921156cb4811ad1e66514a32b0b31b641438881f28c1e6461b4f451938999af671e8c6a5cd0c072a9fe4cdbefe24ca616f3d0a15ac97cca835b1a440e04fa28340c6044176c8ecc8ee0d033d47db8a0aacfa0eabdfa1c9509fc2604008f01cbafeb5bd2b503b809ed672340b9a576593f1ef388391b54b605e7a15bef7b1345627a34fca57738b0f8f4f19eea93c903495274a4425a1a1cc6c4c6e335b631df5185c95b485e4257867b5347a40e4e14dcc560f061fd4fd265137dc68afd548adde778f1330f769acb1ccf5da14ff6992c24e210ea6e6179421881b803393bc6974e37106c5b5b3b5d0b3469f8969bffb7e4ceb2c98e928e74366492d27235ae4c74a2f48511aeeaa53a2beafa7a331b50e454c507af1b63350a5cef35668a5b9325014192277e509561008b3601088f79d42eaa8b1e4ae2000b31749e2b8094312ddb7f3c1cd625ef885c11fa22a66e374b52b3425e0b8016154e1fd8471339e32e7373d63ab646d893fbe09ae07b06074c01401ea76b3c382a9d32f24f93c789964e16bc4206ecd75c10917ab84ffd8d6cdf4cd28fd90375ff28518f8c1a3befc538e1b9e427fb671988d29f2fb2fcd039f4d341c84eb4d7cf600ddaba88bb094e4d87a1419180149f491368e648b69985b05ac39a4ecdd3c5135f3a5c8ad7792dacb6470144bb9e67805a211efb3ec9ccaf8e0901345fb19e4da579e1fbe86a1207f4f13c3436009c2c640b7cf3f8b77ca7bd994bf93308027359c6dd1b7db1e153fc0821968ef36c003b6c73fe890f4de24f5c6458dbaaf3819edeaa91783c3cfc7e773689236248195c7bbd60113f2476fa3687621d668d1728ee433d2f8f4db707345d30f1e52ab87a2a0afd547c6bb06500f59f17facde48f693490e22494b75d11df1a143b85068d143ef6a9bb5937a9df380c8948f1a01e9675e18409edb0f6b9605b68e34632fcce472dc50b90b0f6dcd57931f78e1e8861a0fb62e72b0baad6f9d23c1cfb0f19b25013c8d9fcd786a2f6f79768b5fb398f7b2baa31ce8156d1fc4a46c1c463fdf30360d42aeed2ef11611d0b7f654bb51052fd4dc39328f8ec4c58bbda05e6f1b3c8f6d8adca0268f2410e9a4a7d63b6616006d0e02f6edacc10e5c54fd85f15a8bd7648a293f23d6a699bd9a675250475a73a96d7475e4fabb89fb5e7de5d7a3479aa485c0befc60d0ac4fd5ac6dbecceb06cad86e219fc0ce4720758917811a3215f8d13e413bfb64fc065fc421aede0b56691797dac428c7e463479fa591b9072c309b7533e427c5cc11a1f6cf9a5b995d328d796d874c5b55dfc12a5039b413ce319cf5ba1f355c4e0717d32650b43e18010f37f048731931c52c4f36eb969dda702afe96c2a5241350a67ba2d026946189c5e281293c9a8e2cff3784776f1de78b917101b54e5ab00c045ea15f28a0e3f509962cf8bd3385d85250737eae5c34ece86b86669c13b00308a3b13c0ac3c83ff26fb52a4aa83c1233a9490cb9ca917a056908931751bddb88a62379a713395f0764e4a393faf253a4026d0472270e6036287d56850df1751543484d65b3062155b6300e0024241c59a862ae769c1a9232a2d9fb24705177a09cceb3eefbf9f106f67e01be14cdeb4d2fc7d8661df3e75de5ccd09a7e559f028fb9837c621ea0045b4d1b679067f246339c974631aa7134d4e910efb28d3c48929cef1df7e6c73668762d55086b6c59c36ac90154135fd7ca4e4047dd0aa161fa982d8edf9c0cb9666477e096c55718f6e4742415fefd4f696d1f1ccd6322bc19496ddebd36282a7c707d5b44113e30678e6e33ab7d34be04a59ac614d6a54134490998be02636fa91633d6294781c2b9a54c611c0045cfcfe81f49aa21b29d835cd2047c854486fd8e65a2ebf629f7ced602b9dd107bfde483e5c9b5cbba4a08cdce09920bda9978b7fc2b4a89bf1573a26389e52090fdf5dccf22111dc8c42fd3c8c477092895398086cc22cca665269e193fc650742a361a44b857d258429f701f22e9b7615bc3dab78c1479a41cf8575cdb17169470b347adfc03e03daea3e269725cfc72df5664b9df36d2f2b55013b71133e0b80577a47182511ebb308b6248d457bd2af7b28e77182c305241178c4124ab102771fd5a8c3dacb8775de881301d71587c76bcf0a97a72ad244d0c42fd71aceec32dd48bb5c9a95b391166c832ac5bac8c7cae4d18b3f7d9f2e4782fdf97732e3d51f67bbb57f989ee0d7589dbd0c2a5c63840e914b9d7d720fa120acbffebf816b588b2ccc052e7fa78992e0ea39dd21a122add41195f8e2e1acd777c1a4e8ef4362fef441feb4d9252c6bfbd2742152300a32027776e3341620d3c8d9365e10e81adcca7d87a0e555c98a0353c692557d90ee9be3fbaab766abf93e2462149fd99c92a5fc58d899ee75535cd1fe1386c5ab0b157c2102039d6015258f59cef3f15b951893a30ae839f740402a30b34e7be73796286403c5beb0853d856d83f1b00b48328f56dcb32e1faab08a3435b1482bf18b21c95aefeaafa7fd761c7f28d416fcde06bf7aee5c6e9eb50e55874253ba3f1d0ce2505b4fc7c3fc996bfbb8446bafe84f5bea94bfd7ca5aeaf237fe793b66e5c521d4092e4e1f9bde1dfcfe53fa55005d21cfa833a338fd9792614129336060e10d1911862070761aa20c2902eb7c5a355eff4cf6253d7102a2ca1fead4c53b57d576d104c081310d92797e4e2e8c269d19910d0d4cedf30fa28ba680c00137f83de940624229b6a125ce5233c6cf4a3640b74f58f288dad8451fbe37641c5559a5f3caf1299c8bfb230723652278fe378efd8e459b9da26cffeb58468a6301dbc06d713ba2d8d43d9038f5f2dc8b831ba58a88eeb5b1786b21e398aeeeb7c1f3d6f01d82b3947862fb9e7cbd7da5d04c5fcd34da28d53e2246e3ac1e3a619ad174efa6435eaa0fc94d610799ce0158421dce046306eb5042143daa336d52206b12610ea6389cdda49bf5af1d4ee42ac090a94ae7b7612073f3a5c36a2205eda887f41478f7d20f18667f941f71eebcfa76c1ab28f2a49a3bd56bd3f4e6bd079ab3fe2d94782236e83585a03e52907abaef7456a95d5d3f3d37efdc035dbfd7c41b8ba0af2df8adf1cf24f7ff0beccd3d26bc91caf42314ef7e466f74e19ae0df2e2298fc2f694a7ec134632035585d530e7e19f65c256f001d75382d9825ef741bc213af186377d9ca10d3722354e1897ca5c23ac6a52c9ad0e6b686e1776f7ec65df033e8f4d5db80c1bc354093b319cb70df93d610667675816328c99322f14e636b95f04e6497f139d508b453f53ddb5c289d849fd5407c9bdcefd1642abd46e28cb4e94371bdc606eeb67c9fe17747c68f2d50e82711da4d3edb0eda06f41b7f93fa8fb4d83cf21c79da67000bac2275508217ade1659fa8d24e5f8efb9f4bd21073ebef3d06368eb03fa3cf0d638448bd055ed20d292033ffdba538559c8ff9a2a5c8f83b5c393643d6585d1df994c3be43e72b8f3f53114d2a5f6bcedb573842b23b6a3eb7fca8495bf03bd03fde7b19bd39a16cec49e01f38e671af33cae082d9788e3202799bc466babec2080528d0609c0b731964719093735b4c1e73bd0705637c47516922197c552baeaf3516b5e3bbc2cd1afa3ef8215196ed580d9561092f620b897e98e786a0c7cbb0eedda8063292ba6482497f5f6bb62fb5ab4c97cb7658dc6579718eb97b547fcf47ced1426561af93a15fb4dc6d3d93b868644943c2c94b23b0570bbb81df2666c24f5abccfcdd71e209f3bb43c01d17f9bc8b9af2c26762fc6a741a150b7d1186e4f35175f3c315243e1c11e92c43a1fc492eef5a13c77a81fcf514ebfd0f8e645dae15a07e86b2f01fda065db4505a5eea83cb616f744f6bee731be191c65449c02603556d5a51422cf9c2f19f8d6843e0c1091e0708aa271e91f71c8602b9fa72189e036b7cb6af1569f21269283de94a6d7fe5849fd433d5b719c80419873db0587fc29786cc598d896fb16360bddd2ce12e54d05418f4f5e5f2d7aafe9fcd6268cbe2e9e6329ffb6c67fab8f3ce673028cc06aaa6b857556bba3b44d3fab5b6e875e70a2f3ad4b2ff76f31ead3462d3801ba373b3c2f545e94f57021575e2947f81f53283fc0a5137fd44fa3d074c92de54a0a3465c858f5a7ef08313faddbc3663e4e0167f3cba39612057a7518fbfb031f5ad0f9f75831973ebd733b82e554bf3fdec84e51f65dab6028c6c51366d9d4700fdf255e4c7bd70766e7f2281b3f2a5363f85ce49f9135904d14bcb117ad754c2594dcdca2d30e40ff265b5accfb116f64ed99aad570c4c5a91efdbb984ac651d8721405a0342cf77f448c17a152eabf29e88950558a86d0074e1cefab1eb7c366682f686ee1338737e675ea58eb8b4c86b9f28a6f6e96459f29e3b4dc59ff044c61a0dcc5c31d803e6e98420e446229ccdec3d0f705e92ffe016bb3696373eadab7f35ccf65ab4d9be09a085ce21bbd7c0555376e4d7fe68b5e7a64f48b5127825fb2be598d991f9c1a54bf52713417dcc599e812d85513a537e6eafa738edc972b67e065595d11678449bce6cd3d69800a649b560d0e057c502ca3e72e97820829ecfea801192c3f4e2c8763c095a43ee6fe45fe8730130937668df1d4ee577ada28238be03286481f2d2a004cc4d48856e71fbd64f1a0043a4520ecbbf1b3abdc96b87a27be8495a20542967aa4cd3a44a11502419a083d84e97abfde0901b66dde48388649a0ed6d93b9f20c530e990c7c52370a114d800d6ab3f6687d6bbc105b63738fe05fa6cac98ad6663936bb18cb923264e44312c24c2ce8e642bb73c921012b68a26a70977446b8f15f9d62467d8b356560c183a6bd6cd76ec868c3bd94a595cd7bf996755a508a814980c5e588b275200c45afd900c8c2de329ec2484b0e3ecd7b0960e5e3425881d1ff7f8bd8b20f5cc98ffc3acb77f5e88775a4bd3ab9f9eb027e27d3af55ebdf4eebab48ea911128d668d00fc3f5b5480aa0d9a4af563ba577384448e5425157133d59e1cef3c722f33700bd372825046b1fa5824e405154a3af1440bc2b75acfbd07cf92e8c162587e74b5ab66b1c6aeab3ad5fa3ee91da4900ef30ad04baea326df912517dd96e1696b4a91faa66675978a375e81f25464a1073dc6737af08d7e25956bb31d438548a7da38662d49db812a8cf1d6cc65f5c63879fd9ee7fd2a66ca3fc1a768cb239aab88c87206470b4c60592afeb6d69ed97a8f990155862ba4e22b64804142c131a23792937aa8a8696e165c24d7692a04bb4471b0f0d2507fe7c8618421428fc7a0acc984ca5cc6bacb772e8a717bbaa646f9643275910a6037afaf5a80678d18edda138a4e13d06d04a5d06431eab48738225cf1567e960e765728dc12e91b91c6f2b33dfb6e033aa68c1c2334d24335abc4a7a1df5636dec29091da54d5f5a1fff41e4a35a0c2f04f968f7d78e2f51c73577e2192bb20f289aaba5a175c2ed533855bd9ed9a842ad482136dd5e0cf45eb5e2d31ff62a3be1cf8a94a58316e74f4ab9fc54f3a0bb83beef0f355993bdea2c83e61cdc796bf2564ae51fae616799e8711998cd88d35cd9824452fdd65226174b46792cb87f4dd282e4e6f67eb66da413ad877ed6ce775f7e19bc93f48bb9e5ec04009de3c042aeacf7f4b25ad6b30e017303f64fe07ac79e8744aab6926d117f13513d0469cef335fe1d0d787c2d0b2c031a9521786ac10e9f8b768271680337f2c3262abdccb5d3107c632bf1f74c83ee91f49988222fb080cc8faa9b1a02526d8b6087e0b2354173d29016b3309587c16f057dd812aa63c3169150de81f3af97d082a8f8da4ce4f909ff649821d7f96d97613552e8cc4902e046ecfa329b1d980ff5ece69b8f1615fdff5244f41cec0af924624ae1641ecae5fa26c5fb9006e57100ee71377ced7c255ae17a0845e2ee0287c62c1852f93877f9f86157ca9675d383fff5cd6f2b001ec0136c07cf37f5ace1853122c2baa1092d418e2a490c4a5c8f56b828ce1bafeef4e77f095d6b4ed99d56f66812cb19be540ebe5d52e7eff2d69cbb8477e11514f7e3604bf9999f78c2f1ca6f60a2216b87fa0f25269c425b7d50709b200912b3b7899c95e12d6e9c4dacc19e327721860e0477a53e6793fbb7fb9704a848f395f48c24a6e79b9e1358cc3497251de88b8d3a7b22c6d8af1a7fab81530d9f0cc98f62debb222b54780d89794238532717b447d71b46a60ed481c21db85b590b31720009695ecffd4ef029964e5d5149622233ac013e960a005c924f73ea82c318455546c53d74aa3f7e2ff26aa074c40a55aba8b08027fc19b596eec6c4f89bae39e74b9aad88344f7cc5ad3eefa5095f2ab47222e9a357ecd71c6700ac576025201490d9e446603dfd4bda7617dd500981b2d2ab8c43882a5208494cb3f8ebc720bca8a7cf6c80bd7aaaf89507bb3412ea490a78973f12cc30413e9df1458917ea3d68b438d424c1314bc8d01939c5a5a842438281e62d0c800dee704b2a6cd3e1e4b885a6b26b894a98765fa3308c9e4b87f93625faecdb17c29a27cd243bf6030a67874ec9f2443cf8154261ac2a834c01cbe1f314ee7aa3ca552e1648cf8b42a63f249e3538026e09e44d69dc259adb0d1a0cbccb5a5dd5d0dccc90d023da79d5634188ff060f7e35a5f9d7ad99546824d63975d4452de876093f4e997dc46eedcd80a9eebf5e4f077fbb10c7d9e19a3419e7b845972a3b62613c5404a209b16fa88e0ff49d7b4f21fecc1f773c5b4be61021e0cab8602c6e8257649303aaeafcbb178e7a460ff07f219c46eb6fe5bf8113723e454003bd707767c107daf4255751daaf8decf35262640058924eb6587868b2c08230b317e97396ebc928ba8d274ca0eed0bfcb637676003c64e8c1e1a0420b6c96a44226061ced41b8448382abd2f3d0c472afcde231fbc9ee90c2f1132f8e2391246f95ad93354c7460e20de996ad0f61b13b27646887a637cede90b94b7d8c3130f0fe060e8d955c711a2700b302a75bdeb32a0a6802ea795cb114f5f82a1a381a86bbff88b299e47728b746dff964c94c52b661b9429376b1320b46081426b7c340206dc0da151bf84be2a49e78b6b5938753d2b1be8d9e67c43c5d70e72519f5f90d0500e84ee38f82b191ac4d968b0a37901fd923cb289d585693ac3c3f8a94fca6df45e694e199a9cd0b1bc1fa7394bcc96aae670dca6605a998793b7e067ac410ba631057b8b76fcbe9524df820c02efef1608b743cd2aa6d60d3d8e476fa12d3acc329f8272b087d89471177ed531fec1f9c24a975ca2fcd8c246a33e291a3f00b7f234052067a0059c86762475256bb5e7dac6f121a0925506b18933c6e314915d4b3b2130aafc2483ef22ff8bb7b887565b1bd22fabca22037d8fc9437f675c5313526266f60bb7c7c47f30c7d567ed142ea5ec367c4298328d20e5344f01c0c90cf8a6302f4d84b6ba7495fba314a05ba29b63bb6d458fdb05a4411136958309f418fb178e19aa09ff9e62b29732fb2986c96e738f7a688cb2122dbb8f2ad9a5f28bc49ec0c462413552afee8e403259b55ad6dc334dde7f2d306929dd01f2aa6036cafd41874522689301b81c9e50e86828894140356db0a3317b081ed9d8148c41e77e6bda6287762532b86eb91f5480915680deb8a91fb8656b7f0109064865d2b846af0861f67d3f720d6e306540cd7b68f095ef3690b88ea93fb6a402ff5697597cda83171f159e85307d1a8c01611189bd4eb4f0453ab88d43ae181a562a76902a67c687514079d6f4304d9a7c0fa24b6e86074ea0a9fd8187c120312078f5ebfa674adc0303734bf8f6b5585943706594192ad24c9f7d9794fb83758924f862855ddd50bff58b522c43d73c03289baec628cd693cab93101b1e473b76532510e10f03e86812fea6f2d6f5467dcf29e6d7cf8524f383a0ded3f0951c3ffb171a6b8a6d97b5fa8899a19f1a3d0e934a1d4741076e4394ba225158f697bf7d5651717c6950229a0be22e8120d76a414edbcd03d505264b7ede8272ccbd6dbdcebaf11daf6a652f6f9eb74ba7a3ecc942892891388005ae5d971e4e79d696564906dffd44845b704a9abc2fa5ba1bb69a548423a08044ad6d0e365db7e6bea0f3844a452759716cb98dcf326001ec90c1c343174098cdf47ea2e13341058ca014d2a30e9ba3c526de72a6e387181bf76a278c9cbc518d8c374a3f1d9802a39464a100903dbec16f8f095f5d82d9d09507281e4f7fe0ce4fbeced193902a5f658af2a4c1d0952dabdc6ae5830b6b5a2c3f5b8d33a73665990822e5f4a7ce5366755a1615543bdf78299c71e890e0bedb6ec277b10a389d6a3ba9c037221421279e51ab50fb115de2076cc99444202e88ebd9d0fbe4e60234b7b761495ac6c9e615ddac8176164a88fb6d6cc2b52672c8949afe3efc1e87a598896bc93e421423844fcaafe65af898a015b3bcaf623ebeef9a57155af5278ceb52b995f7ca466d9e18b05e86380679e0257cff6d0c6750078462f2ee4701d6d8289ed848b877cf5918625b7937060d667c11119881c30809056892352c6c53c01e395af6866ea350e6f21fa3db772c1177c759999973b51e11ffc5908", 0x2000, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x0, 0x1000800, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x6700000000000000)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000300)={0x1, 0x2, 0x4, 0xb, 0xc405, 0x4, 0x2, 0xfffffff0, <r0=>0x0}, &(0x7f00000003c0)=0x20)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, &(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYBLOB="000081005560fd428bcdd1ff76f4333f090e886cedec93d9181e012a09bb0f583da33ba5da790b6dc00528111b189b1085242587b9ff0384c4a0f36f8b06da916701cac8450d2cc8eb2431cf0407bfcb316f67293e4cd870afaf588ed8a060480d4af8a698a571cce4902a670d6a44dd3f6075b169ef71e35aeeb5d9bacc3e8b2f9707aaaa"], 0x89)
socket(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_open_dev$sndpcmp(&(0x7f0000000380), 0x1, 0x129641)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
socket$nl_xfrm(0x10, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f00000002c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r4, 0x0, 0x0, 0x4000005)
sched_setscheduler(0x0, 0x1, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000005c0)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="020f08001000000000000000fedbdf250300050000000000020000200000000000000000000000000800120000000200000000000000000006003200080000000000000000000000ffffe0000001fe800000000000000000000000000018030086000020000002004e240a010101000000000000000090f87a600fbe5a69bb67275591cb076597de329346cc6b75df76cb9c782695f423a5bb22bdaff7e142f8fddd0b94d495e2fd1a599ed12bd9c990f0eacc56e04aa486e33d6c5d2a1adb4675ef83b63cd67ecd81333eb184731e116329c5af2e8fcbcadc5c05176b395fbbb15eabddf8be3bffa93404e6102fa9d1e7c91e760b5ae7047cf65528c4a9b2e519490e0f15d9f8fbac2186efba8b3a9df384b819a35dc4ee14fa82f63db9fa1d098efe827040e685ed2c3051324470bf491fa6fc0427c415745fdcff211e139bee14363790e802a491266e06343848fa5b6908b035c906995a35bc48743160ae2bf80f752ff5bf0f8150431b3ae0d51baa7f98abea005296a391c2fe36013c8306122c3abe232c31668b64b05a4c4b1f44e1cbce9fe6bc91a25f57bbec4313617359487879237a1c4dee16895a55b36645475b3cfe176116926973240992a8969d20e4c9f226a1fa7b349667b481269dca703fda7b7796bca7de97712a3fb6a3cd6651b9030a6958b21e459d05ec1889b9c302e08fc763dbabff3eeaf978575caa179ed65c26e49a0a9e1d57d928e437a7bf9ffd42b8ea8f5593217ab28aef"], 0x80}}, 0x40)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010029bd70000400200001000a004e2300000001fe80000000000000000000000000002505000000140002000200fffc0000000000000000000000000d0001007564703a73797a3200000000"], 0x60}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$TIPC_NL_BEARER_ADD(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=ANY=[@ANYBLOB="300000493efaa5bbd7c0fb008aa10a136783f0475b428f2b3703d9d0482ea8d52978c70015194abe2f7a3296a4886c2548c03a660166b490e0605f660eff3e65886965d4787c8d32cb5c826e0ad3bf66cfcec4b16cb574032c4f13f126135adbd335184c30279a031190730333c6f6aba3276aa5a0c66227cf0d202a70fa23ba84dd7c37805e562538e2575b63db0140f36190b59b150ca21ea992f8e0ce5904ef2ede34ff54f300"/177, @ANYRES16=r5, @ANYBLOB="99742bbd7000f7dbdf25150000001c00018008000300030000000e0001006574683a766c616e30000000"], 0x30}, 0x1, 0x0, 0x0, 0x40005}, 0x20000000)
timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
socket$inet(0x2, 0x80000, 0xe)
accept4(r2, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, &(0x7f0000000000)=0x51, 0x800)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)

3.631962488s ago: executing program 0 (id=1639):
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000080000000000000000"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x3, 0x5, 0x6, 0x3, 0x1, {0x400000000001, 0x180, 0x20ff, 0x6, 0x89, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x1}}, {0x0, 0x13}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)

3.127420888s ago: executing program 3 (id=1640):
syz_open_procfs(0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x106}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newlink={0x64, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf, 0x0, 0x0, 0x42a1}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x14, 0x6, @private0}, @IFLA_GRE_REMOTE={0x14, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}]}}}, @IFLA_MTU={0x8, 0x4, 0xb5}]}, 0x64}}, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000480)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @private2}, {0xa, 0x700, 0x0, @local}, r2}}, 0x48)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e220000060005"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

2.382797733s ago: executing program 0 (id=1641):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x800)
ioctl$SG_GET_VERSION_NUM(r2, 0x2284, &(0x7f0000000080))
r3 = dup(r1)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
socket$nl_generic(0x10, 0x3, 0x10)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x801, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r6, 0x89f9, 0x0)
iopl(0x1)
syz_open_procfs(0x0, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r8, 0xae03, 0xa)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}})
ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, 0x0)

2.371624563s ago: executing program 6 (id=1642):
syz_open_pts(0xffffffffffffffff, 0x74a240)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x40100001, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000002c0)={r2, <r3=>0x0, <r4=>0x0, 0x0, 0x0, 0x0, 0x0})
bind$inet6(0xffffffffffffffff, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
socket$inet6_tcp(0xa, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, 0x0, 0x1)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000580)={0x0, 0x0, r3, r4, 0x3, 0x0, 0xffffffff, 0x804, {0xac7c, 0x1, 0x7, 0x69, 0xf4b, 0x2, 0x1f, 0x5, 0x412f, 0xe154, 0x1000, 0x7, 0xb2bf, 0x3, "fe1d00003413000000000000000caa000000090000000000000004b427180010"}})

1.312561085s ago: executing program 6 (id=1643):
r0 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x101240, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000040))
r1 = socket$netlink(0x10, 0x3, 0x9) (async)
bind$packet(r0, &(0x7f0000000080)={0x11, 0xf5, 0x0, 0x1, 0x40, 0x6, @random="b377baa5e274"}, 0x14) (async, rerun: 64)
sendto$inet(r0, &(0x7f00000000c0)="1aec41e410c00324fb6543fb2a2264e204cdc7ce29df95435691a76a881e44b56e4eebaabbaddf6753a0cd82f255aababd9360837c7e8a133c78b0a7d557856241ceeee22c5b16e95ac27f28ba33ea37ba7392e7157c690a90f0d59c303f2075a9e22397b589c1a2daa49fd8ef6136c4379191f66962b75d18605ab999209700ff498d561907720dc12cad3a3463f911513d96c1bb5a98cafd7e92206b5700d6b8eb6f77c337a5d0f6562ee620901944c5715fc463f7c55de6e88214f81ae9922193271957e8ccf46cd8a0adf0fab3e26ad7b9197446", 0xd6, 0x4080, &(0x7f00000001c0)={0x2, 0x4e22, @private=0xa010100}, 0x10) (rerun: 64)
preadv(r1, &(0x7f00000015c0)=[{&(0x7f0000000200)=""/136, 0x88}, {&(0x7f00000002c0)=""/4096, 0x1000}, {&(0x7f00000012c0)=""/89, 0x59}, {&(0x7f0000001340)=""/211, 0xd3}, {&(0x7f0000001440)=""/249, 0xf9}, {&(0x7f0000001540)=""/71, 0x47}], 0x6, 0x1000, 0xc4) (async)
r2 = syz_open_dev$video(&(0x7f0000001640), 0x81a, 0x301042)
clock_gettime(0x0, &(0x7f0000001680)={<r3=>0x0, <r4=>0x0})
ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000016c0)=@mmap={0x5, 0x8, 0x4, 0x10, 0x3ff, {r3, r4/1000+60000}, {0x2, 0x8, 0x2, 0x7f, 0xb, 0x7, "f021a33f"}, 0x8, 0x1, {}, 0xfffffffc, 0x0, r0}) (async)
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000001740)=0x800, 0x2) (async, rerun: 64)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001780)={'vxcan1\x00', <r5=>0x0}) (rerun: 64)
newfstatat(0xffffffffffffff9c, &(0x7f00000017c0)='./file0\x00', &(0x7f0000001800), 0x100) (async)
sendmsg$nl_route_sched(r1, &(0x7f0000001980)={&(0x7f0000001880)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000001940)={&(0x7f00000018c0)=@gettfilter={0x74, 0x2e, 0x20, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r5, {0x0, 0xa}, {0x7, 0x8}, {0x3, 0xf}}, [{0x8, 0xb, 0x5}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x999}, {0x8, 0xb, 0x9}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x7}, {0x8, 0xb, 0x3}, {0x8, 0xb, 0x1}, {0x8, 0xb, 0x4}, {0x8, 0xb, 0x9}]}, 0x74}, 0x1, 0x0, 0x0, 0x8000}, 0x4) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f00000019c0)='./file0\x00', 0x800, 0x72) (async, rerun: 32)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000002b00)={r0, 0x20, &(0x7f0000002ac0)={&(0x7f0000001a00)=""/4096, 0x1000, <r7=>0x0, &(0x7f0000002a00)=""/181, 0xb5}}, 0x10) (rerun: 32)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000002b40)=r7, 0x4) (async)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
syz_io_uring_setup(0x5017, &(0x7f0000002b80)={0x0, 0xb9be, 0x0, 0x3, 0x28e}, &(0x7f0000002c00), &(0x7f0000002c40)) (async)
accept4$unix(r0, &(0x7f0000002c80), &(0x7f0000002d00)=0x6e, 0x800) (async, rerun: 32)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000002d40), &(0x7f0000002d80)=0xc) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002dc0)) (async, rerun: 32)
syz_init_net_socket$llc(0x1a, 0x2, 0x0) (rerun: 32)
getsockopt$bt_BT_DEFER_SETUP(r8, 0x112, 0x7, &(0x7f0000002e00)=0x1, &(0x7f0000002e40)=0x4) (async, rerun: 64)
r9 = syz_clone(0x120000, &(0x7f0000002e80)="38cded6e9e86d76b2c9b996a153a2c33ba256661eb757db4d61c3b345ba2d453b839e58012aa1863ee37c82bcc6b209089240de476d99e4fa131e1094d08cf75e18c6f2e937d1c6441a1916a136c7d554cb00dde36df8f1015a41e672ddb26d6bb58219a8b737d504b706d30fcc349bb2fa85da16c4fccb7fc0c4ccf16e9043f0690ef37bfa42fd32edb47871fb51b2be53c6872f7323e6293cf496e459b457b777756839fb541fdd15fd9ffaae47c475c95e52bd284c474f1495c839a91acc3ee39a9896aea6c8d9f84dd013689a1629ea2306456b665f56c8540929077b66f9d69d2c4fe28f4af140e", 0xea, &(0x7f0000002f80), &(0x7f0000002fc0), &(0x7f0000003000)="502a14e6727afccb7493684ca1f63ffb04be8ba1f801152912fcb1f00a3e1b324f380e9a2e03f22dfcc35ade7580540151bdc8df42df39c2cd2393c78fea3f887379fdc5dcedcfd4535e807a87a1b2bd8b23a1b954e93ed98a541d089570d38c1b17fac8e338092ccf9afd85324a7ffcf6fde33342b8ccbe5442286f39b6986c863d53a7962c9463a2217b0be0d00d56f44215038d95f46a911a04d07bcaf91d0fef0854326938da2b39edb3fc3100a291") (rerun: 64)
prlimit64(r9, 0x0, &(0x7f00000030c0)={0x8f, 0x7}, &(0x7f0000003100)) (async)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000003140)={r6, r5, 0x25, 0x9, @val=@perf_event={0x4}}, 0x18) (async)
ioctl$VIDIOC_G_TUNER(r6, 0xc054561d, &(0x7f0000003180)={0x7ff, "c2f6a25eb8e8dff110f44e27d235a27c3ffdd618bc62c8cb50f4bfe7fff31aea", 0x4, 0x40, 0x5, 0x7fffffff, 0x2, 0x2, 0x80, 0xc})
syz_open_dev$ptys(0xc, 0x3, 0x1) (async)
open_by_handle_at(r0, &(0x7f0000003200)=@GFS2_LARGE_FH_SIZE={0x20, 0x8, {{0x6674, 0x5618, 0x8}, {0x2, 0x9, 0x80, 0x3}}}, 0x6a2200)
ioctl$VHOST_VSOCK_SET_RUNNING(r6, 0x4004af61, &(0x7f0000003240)=0x1)

1.11930777s ago: executing program 6 (id=1644):
socket(0x10, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000340)=@base={0x12, 0x2, 0x8, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map=r1, 0x7, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000780)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum]}}, 0x0, 0x26, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x15, 0x10, 0x4, 0x0, 0x0, 0x1, 0x0, '\x00', 0x0, r2, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r5 = syz_open_dev$vcsa(0x0, 0x1, 0x102)
write$P9_RREMOVE(r5, &(0x7f00000002c0)={0x7, 0x7b, 0x2}, 0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000000)={'netdevsim0\x00', &(0x7f0000000040)=@ethtool_coalesce={0xf, 0x80, 0x10000, 0x6, 0xc6, 0x8001, 0xb28e, 0x46, 0x6, 0x81, 0x6, 0x3, 0x8, 0x8, 0x8000, 0xae, 0x101, 0x2, 0xfff, 0x4d, 0x1000000, 0x1, 0x15b}})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x0)
io_setup(0x281, &(0x7f0000000100))

842.334553ms ago: executing program 0 (id=1645):
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x20, 0x4, 0x1, 0x0, 0x201, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0xffffffff, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x8, 0x4, &(0x7f0000000580)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000180)=0x2, 0x4)
mount$bind(&(0x7f0000000340)='./file1/file0\x00', &(0x7f0000000600)='./file1/file0\x00', &(0x7f0000000440), 0x8854a6, 0x0)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000000)=0x3da, 0x4)
sendto$packet(r1, &(0x7f00000000c0)="3f03fe7f0302140006001e0089e9aaa911d7", 0x12, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x200, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket(0x9, 0x800, 0x2)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x38, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gre={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0x7c}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x904}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000500)='./file1/file0\x00', 0x0, 0x201008, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c000}, 0x0)
sendmsg$NFQNL_MSG_VERDICT(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="20000000010301010000020000000000000000000c0002"], 0x20}}, 0x0)
chdir(0x0)
socket(0x25, 0x3, 0x86f6)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000480)='hpfs\x00', 0x10008, 0x0)
pidfd_getfd(r3, r3, 0x0)

786.351767ms ago: executing program 6 (id=1646):
prctl$PR_GET_TSC(0x19, &(0x7f0000000080))
pipe(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f0000000240)=ANY=[@ANYRES16, @ANYRES32, @ANYRES32], 0x0, 0xfb66, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
r3 = io_uring_setup(0x51d2, &(0x7f0000000400)={0x0, 0x631d, 0x1000, 0x2, 0x402d7})
io_uring_register$IORING_REGISTER_BUFFERS2(r3, 0xf, &(0x7f0000002700)={0x119f, 0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)=""/264, 0xf9}, {&(0x7f00000015c0)=""/4096, 0xd8da7}, {&(0x7f0000002a00)=""/88, 0x8}], 0x0}, 0x20)
close(r2)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x54, 0x1, [@m_tunnel_key={0x50, 0x1, 0x0, 0x0, {{0xf}, {0x20, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xe08, 0x0, 0x2, 0x1, 0x80000000}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x8000)
syz_emit_ethernet(0x6a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000000aaaaaa"], 0x0)
r5 = syz_open_dev$radio(&(0x7f0000000080), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f00000000c0)={0x7f, 0x1, 0x7})
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0)

415.805408ms ago: executing program 5 (id=1647):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mount(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000000)='ubifs\x00', 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socket(0x10, 0x2, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
clock_settime(0x0, &(0x7f0000000100)={0x77359400})
syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x0, 0x10100}, &(0x7f0000000000), 0x0)
syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340), &(0x7f0000000300))
syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

0s ago: executing program 1 (id=1648):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@mcast1, @in=@empty, 0x4e23, 0x4000, 0x4e22, 0xa3e, 0xa, 0x0, 0x30, 0x89, 0x0, 0xee01}, {0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1bd}, {0x1, 0xfffffffffffffffc, 0x0, 0x6}, 0xfffbffff, 0x0, 0x1, 0x1, 0x2}, {{@in=@multicast2, 0x0, 0x6c}, 0x2, @in6=@local, 0x4, 0x1, 0x0, 0x0, 0x0, 0x9}}, 0xe8)
preadv(r0, &(0x7f0000000580)=[{&(0x7f00000000c0)=""/215, 0xd7}, {&(0x7f00000001c0)=""/255, 0xff}, {&(0x7f0000000000)=""/61, 0x3d}, {&(0x7f00000002c0)=""/252, 0xfc}, {&(0x7f0000000500)=""/85, 0x55}], 0x5, 0x0, 0x8)
sendmmsg$inet6(r0, &(0x7f00000090c0)=[{{&(0x7f0000000080)={0xa, 0x4e21, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0xf7ffff7f00000000)

kernel console output (not intermixed with test programs):

.847164][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  458.855329][    C1] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  458.864434][    C1] Buffer I/O error on dev loop2, logical block 0, async page read
[  458.874345][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  458.881269][   T30] audit: type=1400 audit(1750654602.893:867): avc:  denied  { connect } for  pid=10529 comm="syz.5.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  458.883558][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  458.907514][   T30] audit: type=1400 audit(1750654602.893:868): avc:  denied  { load_policy } for  pid=10529 comm="syz.5.1213" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  458.914651][T10533] ldm_validate_partition_table(): Disk read failed.
[  458.946172][T10532] SELinux: failed to load policy
[  458.951348][T10532] SELinux: failed to load policy
[  458.955604][T10537] netlink: 'syz.0.1214': attribute type 1 has an invalid length.
[  458.964081][T10537] netlink: 'syz.0.1214': attribute type 101 has an invalid length.
[  458.964311][T10532] SELinux: failed to load policy
[  458.972226][T10537] netlink: 572 bytes leftover after parsing attributes in process `syz.0.1214'.
[  458.977780][T10532] SELinux: failed to load policy
[  458.996724][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  459.000842][T10539] netlink: 'syz.3.1215': attribute type 1 has an invalid length.
[  459.005967][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  459.013605][T10539] netlink: 'syz.3.1215': attribute type 101 has an invalid length.
[  459.013619][T10539] netlink: 572 bytes leftover after parsing attributes in process `syz.3.1215'.
[  459.014319][T10532] SELinux: failed to load policy
[  459.021855][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  459.032401][T10532] SELinux: failed to load policy
[  459.038558][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  459.040622][    C0] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  459.046506][T10532] SELinux: failed to load policy
[  459.052755][    C0] Buffer I/O error on dev loop2, logical block 0, async page read
[  459.058083][T10532] SELinux: failed to load policy
[  459.074625][T10533] Dev loop2: unable to read RDB block 0
[  459.090619][T10533]  loop2: unable to read partition table
[  459.108017][T10533] loop2: partition table beyond EOD, truncated
[  459.114353][T10533] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  459.134877][ T5930] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  459.155166][T10527] can0 (unregistered): slcan off ptm0.
[  459.295926][ T5930] usb 6-1: Using ep0 maxpacket: 32
[  459.307233][ T5930] usb 6-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88
[  459.319328][ T5930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.499318][T10549] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1215'.
[  459.510754][   T30] audit: type=1400 audit(1750654603.673:869): avc:  denied  { read } for  pid=10544 comm="syz.6.1217" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  460.282646][ T5930] usb 6-1: Product: syz
[  460.289932][   T30] audit: type=1400 audit(1750654603.673:870): avc:  denied  { open } for  pid=10544 comm="syz.6.1217" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  460.311146][ T5930] usb 6-1: Manufacturer: syz
[  460.322857][ T5930] usb 6-1: SerialNumber: syz
[  460.905465][ T5930] usb 6-1: config 0 descriptor??
[  461.358199][ T5930] as10x_usb: device has been detected
[  461.364286][ T5930] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan)
[  461.368937][T10534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.395863][T10534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.476877][T10534] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.598476][T10534] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.833668][ T5930] usb 6-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)...
[  461.932856][ T5930] as10x_usb: error during firmware upload part1
[  461.933619][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  461.933631][   T30] audit: type=1400 audit(1750654606.113:872): avc:  denied  { firmware_load } for  pid=5930 comm="kworker/0:5" path="/lib/firmware/as102_data1_st.hex" dev="sda1" ino=297 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  461.971932][ T5930] Registered device Abilis Systems DVB-Titan
[  461.980875][ T5930] usb 6-1: USB disconnect, device number 36
[  462.058898][ T5930] Unregistered device Abilis Systems DVB-Titan
[  462.060305][ T5930] as10x_usb: device has been disconnected
[  462.255614][   T30] audit: type=1400 audit(1750654606.443:873): avc:  denied  { write } for  pid=10572 comm="syz.0.1226" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  462.257017][T10574] binder_alloc: binder_alloc_mmap_handler: 10572 200000ffd000-200000ffe000 already mapped failed -16
[  462.285450][   T30] audit: type=1400 audit(1750654606.443:874): avc:  denied  { map } for  pid=10572 comm="syz.0.1226" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  462.358836][T10578] binder: BINDER_SET_CONTEXT_MGR already set
[  462.377225][T10578] binder: 10572:10578 ioctl 4018620d 2000000004c0 returned -16
[  462.414440][T10578] binder: BINDER_SET_CONTEXT_MGR already set
[  462.435619][T10573] binder: 10572:10573 unknown command 0
[  462.475328][T10578] binder: 10572:10578 ioctl 4018620d 2000000004c0 returned -16
[  462.494669][   T10] usb 4-1: new full-speed USB device number 38 using dummy_hcd
[  462.499728][T10573] binder: 10572:10573 ioctl c0306201 200000000500 returned -22
[  462.632500][T10586] netlink: 'syz.5.1230': attribute type 1 has an invalid length.
[  462.644771][T10586] netlink: 'syz.5.1230': attribute type 101 has an invalid length.
[  462.654277][T10586] netlink: 572 bytes leftover after parsing attributes in process `syz.5.1230'.
[  462.677460][   T10] usb 4-1: config 1 interface 0 has no altsetting 0
[  462.686577][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.3e
[  462.698888][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  462.741979][   T30] audit: type=1400 audit(1750654606.913:875): avc:  denied  { write } for  pid=10582 comm="syz.6.1229" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  462.771944][   T10] usb 4-1: Product: syz
[  462.968486][T10592] input: syz0 as /devices/virtual/input/input105
[  462.999259][   T10] usb 4-1: Manufacturer: syz
[  463.081212][   T10] usb 4-1: SerialNumber: syz
[  463.086262][   T30] audit: type=1400 audit(1750654607.193:876): avc:  denied  { bind } for  pid=10589 comm="syz.1.1232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  463.105559][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.273560][   T30] audit: type=1400 audit(1750654607.453:877): avc:  denied  { setopt } for  pid=10589 comm="syz.1.1232" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  463.297141][T10592] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1232'.
[  463.319000][T10592] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  463.504009][T10601] netlink: 'syz.1.1235': attribute type 1 has an invalid length.
[  463.512021][T10601] netlink: 'syz.1.1235': attribute type 101 has an invalid length.
[  463.520303][T10601] netlink: 572 bytes leftover after parsing attributes in process `syz.1.1235'.
[  463.702818][   T30] audit: type=1400 audit(1750654607.763:878): avc:  denied  { map } for  pid=10565 comm="syz.3.1224" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  463.711083][T10609] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1234'.
[  463.725841][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.869191][T10612] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1235'.
[  464.699449][   T10] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 38 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  464.715291][   T10] usb 4-1: USB disconnect, device number 38
[  464.741928][   T10] usblp0: removed
[  464.806848][T10620] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1238'.
[  464.840704][T10620] nbd: must specify at least one socket
[  464.945875][T10626] netlink: 'syz.5.1240': attribute type 1 has an invalid length.
[  464.953727][T10626] netlink: 'syz.5.1240': attribute type 101 has an invalid length.
[  464.962126][T10626] netlink: 572 bytes leftover after parsing attributes in process `syz.5.1240'.
[  465.087003][ T5930] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  465.146397][T10629] binder: 10628:10629 ioctl 40046205 0 returned -22
[  465.236530][T10630] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1240'.
[  465.274606][ T5930] usb 1-1: Using ep0 maxpacket: 32
[  465.334566][ T5930] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  465.437169][ T5930] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  465.510876][T10629] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10629 comm=syz.6.1241
[  465.530095][ T5930] usb 1-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  465.579042][ T5930] usb 1-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  465.592852][ T5930] usb 1-1: config 0 interface 0 has no altsetting 0
[  465.612286][ T5930] usb 1-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  465.621767][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  465.646148][ T5930] usb 1-1: config 0 descriptor??
[  465.766666][   T30] audit: type=1400 audit(1750654609.953:879): avc:  denied  { setcheckreqprot } for  pid=10637 comm="syz.1.1243" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  465.924649][   T30] audit: type=1400 audit(1750654610.093:880): avc:  denied  { bind } for  pid=10618 comm="syz.0.1237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  465.974211][ T5930] usbhid 1-1:0.0: can't add hid device: -71
[  465.976312][ T5924] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  465.986523][ T5930] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  466.012534][   T30] audit: type=1400 audit(1750654610.093:881): avc:  denied  { listen } for  pid=10618 comm="syz.0.1237" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  466.017793][ T5930] usb 1-1: USB disconnect, device number 25
[  466.134364][T10646] netlink: set zone limit has 8 unknown bytes
[  466.184656][ T5924] usb 7-1: Using ep0 maxpacket: 32
[  466.191522][ T5924] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  466.205051][   T10] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  466.210300][ T5924] usb 7-1: config 0 interface 0 altsetting 16 has an endpoint descriptor with address 0x9D, changing to 0x8D
[  466.239771][ T5924] usb 7-1: config 0 interface 0 altsetting 16 endpoint 0x8D has invalid wMaxPacketSize 0
[  466.250178][ T5924] usb 7-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  466.282607][ T5924] usb 7-1: config 0 interface 0 has no altsetting 0
[  466.289464][ T5924] usb 7-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 7.00
[  466.301217][ T5924] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  466.354581][   T10] usb 6-1: Using ep0 maxpacket: 32
[  466.414087][ T5924] usb 7-1: config 0 descriptor??
[  467.019237][ T5924] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  467.110062][ T5924] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  467.204206][ T5924] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  467.256132][   T10] usb 6-1: config 0 has an invalid interface number: 35 but max is 0
[  467.266078][   T10] usb 6-1: config 0 has no interface number 0
[  467.275228][   T10] usb 6-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  467.284646][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.288025][ T5924] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  467.292698][   T10] usb 6-1: Product: syz
[  467.305634][   T10] usb 6-1: Manufacturer: syz
[  467.310388][   T10] usb 6-1: SerialNumber: syz
[  467.317356][   T10] usb 6-1: config 0 descriptor??
[  467.325275][   T10] radio-si470x 6-1:0.35: could not find interrupt in endpoint
[  467.332987][   T10] radio-si470x 6-1:0.35: probe with driver radio-si470x failed with error -5
[  467.356071][ T5924] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  467.368549][ T5924] hid-thrustmaster 0003:044F:B65D.000D: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.6-1/input0
[  467.381078][ T5924] hid-thrustmaster 0003:044F:B65D.000D: Unexpected non-int endpoint
[  467.389508][    C1] hid-thrustmaster 0003:044F:B65D.000D: URB to get model id failed with error -71
[  467.409543][ T5924] usb 7-1: USB disconnect, device number 17
[  467.492372][T10655] fido_id[10655]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  467.728238][T10641] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f���_ٮ,��
�<�_e�F��"
[  467.905831][T10641] CUSE: unknown device info "3�ܟ�,��̘�"
[  468.004268][   T10] radio-raremono 6-1:0.35: this is not Thanko's Raremono.
[  468.012131][   T10] usbhid 6-1:0.35: couldn't find an input interrupt endpoint
[  468.022133][T10641] CUSE: unknown device info "J���2SZ�� !e/��������J�+-n��a4����D�|G$��5O~�q	��
[  468.022133][T10641] f����z��X�SA�x��j��T�ǔ��w���xR�ɐQ��(hҏj	p�VdY0��|M?2J��I�v�^
R�@��"
[  468.053209][T10641] CUSE: unknown device info "!To�}ݝ&|L+U��o��ϲ���"��FstV�:׌E�gJ�����<@c�����4�T�M�M|�����"
[  468.066779][T10641] CUSE: DEVNAME unspecified
[  468.284618][ T5924] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  468.361088][T10664] mmap: syz.6.1252 (10664): VmData 25841664 exceed data ulimit 8. Update limits or use boot option ignore_rlimit_data.
[  468.436990][ T5924] usb 1-1: Using ep0 maxpacket: 32
[  468.451336][ T5924] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  468.462825][ T5924] usb 1-1: config 0 has no interface number 0
[  468.472401][ T5924] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  468.481714][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.491409][ T5924] usb 1-1: Product: syz
[  468.495701][ T5924] usb 1-1: Manufacturer: syz
[  468.500337][ T5924] usb 1-1: SerialNumber: syz
[  468.512595][ T5924] usb 1-1: config 0 descriptor??
[  468.520228][ T5924] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  468.533233][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  468.533247][   T30] audit: type=1400 audit(1750654612.723:883): avc:  denied  { mount } for  pid=10668 comm="syz.6.1254" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  468.562918][   T30] audit: type=1400 audit(1750654612.753:884): avc:  denied  { mounton } for  pid=10668 comm="syz.6.1254" path="/65/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  468.573041][T10670] overlay: ./file1 is not a directory
[  468.720884][ T5924] usb 1-1: qt2_setup_urbs - submit read urb failed -8
[  468.727848][ T5924] quatech2 1-1:0.51: probe with driver quatech2 failed with error -8
[  469.144173][T10659] netlink: 'syz.0.1251': attribute type 12 has an invalid length.
[  469.274074][T10659] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.327236][T10659] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.341083][   T30] audit: type=1400 audit(1750654613.523:885): avc:  denied  { unmount } for  pid=9343 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  469.370469][T10659] binder: 10658:10659 ioctl 40046205 0 returned -22
[  469.403350][ T5863] usb 6-1: USB disconnect, device number 37
[  469.572557][   T30] audit: type=1400 audit(1750654613.703:886): avc:  denied  { connect } for  pid=10684 comm="syz.5.1259" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  469.728547][   T30] audit: type=1400 audit(1750654613.903:887): avc:  denied  { append } for  pid=10685 comm="syz.6.1258" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  469.929365][T10693] hpfs: Bad magic ... probably not HPFS
[  472.010041][   T10] usb 1-1: USB disconnect, device number 26
[  472.047914][   T30] audit: type=1400 audit(1750654616.233:888): avc:  denied  { mounton } for  pid=10696 comm="syz.6.1263" path="mnt:[4026532913]" dev="nsfs" ino=4026532913 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  472.490241][ T5924] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  472.527692][   T30] audit: type=1400 audit(1750654616.713:889): avc:  denied  { create } for  pid=10707 comm="syz.0.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  472.548589][ T5863] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  472.657821][ T5924] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  472.668916][ T5924] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  472.707812][   T30] audit: type=1400 audit(1750654616.883:890): avc:  denied  { watch watch_reads } for  pid=10707 comm="syz.0.1266" path="/247" dev="tmpfs" ino=1346 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  472.747713][ T5924] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  472.766984][ T5863] usb 7-1: Using ep0 maxpacket: 32
[  472.781610][ T5924] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.795423][ T5863] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[  472.822528][ T5863] usb 7-1: config 0 has no interface number 0
[  472.843432][ T5924] usb 2-1: config 0 descriptor??
[  472.856637][ T5863] usb 7-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  472.873354][ T5863] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  472.933346][ T5863] usb 7-1: Product: syz
[  472.937642][ T5863] usb 7-1: Manufacturer: syz
[  472.942256][ T5863] usb 7-1: SerialNumber: syz
[  472.949547][ T5863] usb 7-1: config 0 descriptor??
[  472.956352][ T5863] hub 7-1:0.89: bad descriptor, ignoring hub
[  472.962811][ T5863] hub 7-1:0.89: probe with driver hub failed with error -5
[  472.990640][ T5863] option 7-1:0.89: GSM modem (1-port) converter detected
[  473.222727][   T30] audit: type=1400 audit(1750654617.403:891): avc:  denied  { getopt } for  pid=10713 comm="syz.3.1267" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  473.275063][ T5863] usb 7-1: USB disconnect, device number 18
[  473.287236][ T5863] option 7-1:0.89: device disconnected
[  473.510053][ T5924] usbhid 2-1:0.0: can't add hid device: -71
[  473.525644][ T5924] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  473.540221][ T5924] usb 2-1: USB disconnect, device number 38
[  473.998872][T10736] hpfs: Bad magic ... probably not HPFS
[  474.064556][  T917] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  474.859963][T10737] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1274'.
[  475.002549][  T917] usb 6-1: config 0 has no interfaces?
[  475.023036][  T917] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  475.032308][  T917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.042238][  T917] usb 6-1: Product: syz
[  475.046677][  T917] usb 6-1: Manufacturer: syz
[  475.051342][  T917] usb 6-1: SerialNumber: syz
[  475.069589][  T917] usb 6-1: config 0 descriptor??
[  475.306504][ T5876] usb 1-1: new full-speed USB device number 27 using dummy_hcd
[  475.470494][ T5876] usb 1-1: unable to get BOS descriptor or descriptor too short
[  475.520300][   T30] audit: type=1400 audit(1750654619.623:892): avc:  denied  { mount } for  pid=10743 comm="syz.1.1276" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  475.802800][T10730] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.811671][T10730] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.833328][ T5876] usb 1-1: not running at top speed; connect to a high speed hub
[  475.851804][ T5876] usb 1-1: config 2 has an invalid interface number: 135 but max is 0
[  475.860707][ T5876] usb 1-1: config 2 has no interface number 0
[  475.867145][ T5876] usb 1-1: config 2 interface 135 has no altsetting 0
[  475.885043][ T5876] usb 1-1: New USB device found, idVendor=110a, idProduct=1131, bcdDevice=f5.73
[  475.897264][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.921431][   T30] audit: type=1400 audit(1750654620.103:893): avc:  denied  { listen } for  pid=10727 comm="syz.3.1272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  475.970659][ T5876] usb 1-1: Product: syz
[  475.983200][ T5876] usb 1-1: Manufacturer: syz
[  475.995601][ T5876] usb 1-1: SerialNumber: syz
[  476.352740][ T5876] ti_usb_3410_5052 1-1:2.135: required endpoints missing
[  476.404415][T10755] netlink: 'syz.6.1278': attribute type 10 has an invalid length.
[  476.411075][ T5876] usb 1-1: USB disconnect, device number 27
[  476.550994][T10755] veth1_macvtap: left promiscuous mode
[  476.901068][   T30] audit: type=1400 audit(1750654620.943:894): avc:  denied  { link } for  pid=10759 comm="syz.3.1280" name="#4c" dev="tmpfs" ino=1474 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  476.983123][  T917] usb 6-1: USB disconnect, device number 38
[  477.044279][   T30] audit: type=1400 audit(1750654620.943:895): avc:  denied  { rename } for  pid=10759 comm="syz.3.1280" name="#4d" dev="tmpfs" ino=1474 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  477.066670][    C0] vkms_vblank_simulate: vblank timer overrun
[  477.212914][T10766] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1282'.
[  477.230542][   T30] audit: type=1400 audit(1750654621.413:896): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  477.273699][T10770] netlink: 272 bytes leftover after parsing attributes in process `syz.5.1281'.
[  477.292501][   T30] audit: type=1400 audit(1750654621.453:897): avc:  denied  { nlmsg_read } for  pid=10763 comm="syz.5.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  477.398053][   T30] audit: type=1400 audit(1750654621.583:898): avc:  denied  { bind } for  pid=10775 comm="syz.1.1287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  477.594890][  T917] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  478.409961][   T10] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  478.421378][  T917] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  478.441641][  T917] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  478.455737][  T917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  478.467447][  T917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  478.477559][  T917] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  478.505636][  T917] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  478.524671][  T917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  478.546416][  T917] usb 4-1: Product: syz
[  478.551883][  T917] usb 4-1: Manufacturer: syz
[  478.560553][  T917] usb 4-1: SerialNumber: syz
[  478.571277][  T917] usb 4-1: config 0 descriptor??
[  478.583360][  T917] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input107
[  478.593456][   T10] usb 2-1: Using ep0 maxpacket: 8
[  478.601383][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  478.612925][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  478.624331][   T10] usb 2-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00
[  478.626228][ T5924] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  478.633658][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  478.670116][   T10] usb 2-1: config 0 descriptor??
[  478.786292][T10804] FAULT_INJECTION: forcing a failure.
[  478.786292][T10804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.800021][T10804] CPU: 1 UID: 0 PID: 10804 Comm: syz.6.1293 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  478.800046][T10804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  478.800056][T10804] Call Trace:
[  478.800062][T10804]  <TASK>
[  478.800069][T10804]  dump_stack_lvl+0x16c/0x1f0
[  478.800096][T10804]  should_fail_ex+0x512/0x640
[  478.800118][T10804]  _copy_from_iter+0x29f/0x16f0
[  478.800135][T10804]  ? __alloc_skb+0x200/0x380
[  478.800157][T10804]  ? __pfx__copy_from_iter+0x10/0x10
[  478.800181][T10804]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  478.800204][T10804]  netlink_sendmsg+0x829/0xdd0
[  478.800223][T10804]  ? __pfx_netlink_sendmsg+0x10/0x10
[  478.800239][T10804]  ____sys_sendmsg+0xa98/0xc70
[  478.800250][T10804]  ? copy_msghdr_from_user+0x10a/0x160
[  478.800265][T10804]  ? __pfx_____sys_sendmsg+0x10/0x10
[  478.800282][T10804]  ___sys_sendmsg+0x134/0x1d0
[  478.800305][T10804]  ? __pfx____sys_sendmsg+0x10/0x10
[  478.800324][T10804]  ? __lock_acquire+0x622/0x1c90
[  478.800371][T10804]  __sys_sendmsg+0x16d/0x220
[  478.800386][T10804]  ? __pfx___sys_sendmsg+0x10/0x10
[  478.800410][T10804]  do_syscall_64+0xcd/0x4c0
[  478.800432][T10804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.800449][T10804] RIP: 0033:0x7f65a138e929
[  478.800463][T10804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  478.800478][T10804] RSP: 002b:00007f65a2158038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  478.800494][T10804] RAX: ffffffffffffffda RBX: 00007f65a15b5fa0 RCX: 00007f65a138e929
[  478.800505][T10804] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  478.800512][T10804] RBP: 00007f65a2158090 R08: 0000000000000000 R09: 0000000000000000
[  478.800518][T10804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.800524][T10804] R13: 0000000000000000 R14: 00007f65a15b5fa0 R15: 00007ffde07b9d48
[  478.800537][T10804]  </TASK>
[  478.801611][  T917] usb 4-1: USB disconnect, device number 39
[  478.805839][ T5924] usb 1-1: Using ep0 maxpacket: 16
[  479.013249][ T5924] usb 1-1: config 1 has an invalid interface number: 105 but max is 0
[  479.023884][   T30] audit: type=1400 audit(1750654623.213:899): avc:  denied  { create } for  pid=10805 comm="syz.6.1294" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  479.044606][ T5924] usb 1-1: config 1 has no interface number 0
[  479.061093][ T5924] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  479.071506][   T30] audit: type=1400 audit(1750654623.213:900): avc:  denied  { ioctl } for  pid=10805 comm="syz.6.1294" path="socket:[28511]" dev="sockfs" ino=28511 ioctlcmd=0x8b26 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  479.096277][ T5924] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  479.096305][ T5924] usb 1-1: config 1 interface 105 has no altsetting 0
[  479.097975][ T5924] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  479.125929][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.134019][ T5924] usb 1-1: Product: syz
[  479.149450][ T5924] usb 1-1: Manufacturer: syz
[  479.154067][ T5924] usb 1-1: SerialNumber: syz
[  479.168327][T10791] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  479.177852][T10791] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  479.303168][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.326141][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x6
[  479.333158][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x5
[  479.343105][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x4
[  479.352325][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.359907][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.368170][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.386148][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.395610][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.402659][   T10] cherry 0003:046A:0027.000E: unknown main item tag 0x0
[  479.411179][   T10] cherry 0003:046A:0027.000E: unknown global tag 0xd
[  479.425650][   T10] cherry 0003:046A:0027.000E: item 0 4 1 13 parsing failed
[  479.444129][   T10] cherry 0003:046A:0027.000E: probe with driver cherry failed with error -22
[  479.455115][ T5930] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  479.476598][   T30] audit: type=1400 audit(1750654623.653:901): avc:  denied  { lock } for  pid=10816 comm="syz.3.1296" path="socket:[28521]" dev="sockfs" ino=28521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  479.500456][    C0] vkms_vblank_simulate: vblank timer overrun
[  479.618403][T10791] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  479.627340][T10791] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22
[  479.648701][ T5930] usb 7-1: config 0 has an invalid interface number: 101 but max is 0
[  479.676189][ T5930] usb 7-1: config 0 has no interface number 0
[  479.691810][ T5930] usb 7-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14
[  479.736971][ T5930] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.770628][ T5930] usb 7-1: Product: syz
[  479.798922][ T5930] usb 7-1: Manufacturer: syz
[  479.804144][ T5930] usb 7-1: SerialNumber: syz
[  479.828216][ T5930] usb 7-1: config 0 descriptor??
[  479.851161][ T5930] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623
[  480.394731][ T5930] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71
[  480.421936][ T5930] gspca_pac7302 7-1:0.101: probe with driver gspca_pac7302 failed with error -71
[  480.461149][ T5930] usb 7-1: USB disconnect, device number 19
[  480.469984][ T5924] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  480.519415][ T5924] aqc111 1-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  480.583671][ T5924] aqc111 1-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 5e:59:be:d2:fa:13
[  480.634175][ T5924] usb 1-1: USB disconnect, device number 28
[  480.662345][ T5924] aqc111 1-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.0-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  480.745857][ T5924] aqc111 1-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  480.772635][ T5924] aqc111 1-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  480.800372][ T5924] aqc111 1-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  481.079782][ T5924] usb 2-1: USB disconnect, device number 39
[  481.150061][T10855] wg1: entered promiscuous mode
[  481.170268][T10855] wg1: entered allmulticast mode
[  481.310071][T10859] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1298'.
[  481.530750][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  481.530769][   T30] audit: type=1400 audit(1750654625.653:903): avc:  denied  { setopt } for  pid=10860 comm="syz.5.1300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  482.566605][   T30] audit: type=1400 audit(1750654626.753:904): avc:  denied  { shutdown } for  pid=10871 comm="syz.5.1303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  483.364749][ T5924] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  483.515143][ T5924] usb 1-1: device descriptor read/64, error -71
[  483.593771][T10888] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1304'.
[  483.644575][ T5876] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  483.765342][ T5924] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  483.806761][ T5876] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  483.872606][ T5876] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  483.935003][ T5924] usb 1-1: device descriptor read/64, error -71
[  483.954225][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  484.014907][ T5876] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  484.025005][ T5876] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  484.118980][ T5924] usb usb1-port1: attempt power cycle
[  484.147701][ T5876] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  484.193902][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  484.221881][ T5876] usb 6-1: Product: syz
[  484.222748][   T30] audit: type=1400 audit(1750654628.403:905): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  484.249212][ T5876] usb 6-1: Manufacturer: syz
[  484.260648][ T5876] usb 6-1: SerialNumber: syz
[  484.277637][ T5876] usb 6-1: config 0 descriptor??
[  484.291447][ T5876] input: KB Gear Tablet as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input108
[  484.494584][ T5924] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  485.186198][ T5924] usb 1-1: device descriptor read/8, error -71
[  485.201431][   T30] audit: type=1800 audit(1750654628.583:906): pid=10901 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1310" name="bus" dev="overlay" ino=1515 res=0 errno=0
[  485.291253][   T92] usb 6-1: USB disconnect, device number 39
[  485.340044][T10906] netlink: 'syz.3.1312': attribute type 1 has an invalid length.
[  485.349358][T10906] netlink: 'syz.3.1312': attribute type 101 has an invalid length.
[  485.357292][T10906] netlink: 572 bytes leftover after parsing attributes in process `syz.3.1312'.
[  485.448107][ T5924] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  485.758395][T10913] xt_hashlimit: max too large, truncated to 1048576
[  485.783256][ T5924] usb 1-1: device not accepting address 32, error -71
[  485.791090][ T5924] usb usb1-port1: unable to enumerate USB device
[  487.813192][T10928] : entered promiscuous mode
[  488.947265][ T5930] usb 7-1: new full-speed USB device number 20 using dummy_hcd
[  489.726105][ T5930] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  489.736456][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  489.784596][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  489.795960][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  489.807081][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  489.822773][ T5930] usb 7-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  489.832306][ T5930] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  489.840629][ T5930] usb 7-1: Product: syz
[  489.902772][ T5930] usb 7-1: Manufacturer: syz
[  489.934580][ T5930] usb 7-1: SerialNumber: syz
[  490.227928][ T5930] usb 7-1: config 0 descriptor??
[  491.066423][T10954] netlink: 'syz.0.1327': attribute type 1 has an invalid length.
[  491.074281][T10954] netlink: 'syz.0.1327': attribute type 101 has an invalid length.
[  491.082732][T10954] netlink: 572 bytes leftover after parsing attributes in process `syz.0.1327'.
[  491.134778][T10956] netlink: 'syz.1.1326': attribute type 1 has an invalid length.
[  491.142617][T10956] netlink: 'syz.1.1326': attribute type 101 has an invalid length.
[  491.150651][T10956] netlink: 572 bytes leftover after parsing attributes in process `syz.1.1326'.
[  491.161500][ T5930] radio-si470x 7-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  491.168858][ T5930] radio-si470x 7-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  491.448458][T10964] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1326'.
[  491.489720][ T5930] radio-si470x 7-1:0.0: software version 0, hardware version 0
[  491.567706][ T5930] radio-si470x 7-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  491.818199][ T5930] radio-si470x 7-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  494.307125][ T5930] radio-si470x 7-1:0.0: submitting int urb failed (-90)
[  494.630464][ T5930] radio-si470x 7-1:0.0: si470x_set_report: usb_control_msg returned -71
[  494.670213][ T5930] radio-si470x 7-1:0.0: probe with driver radio-si470x failed with error -22
[  494.734290][ T5930] usb 7-1: USB disconnect, device number 20
[  494.845209][   T30] audit: type=1400 audit(1750654639.013:907): avc:  denied  { read } for  pid=10979 comm="syz.5.1334" path="socket:[29358]" dev="sockfs" ino=29358 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  495.910891][  T917] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  496.115021][ T5930] usb 6-1: new low-speed USB device number 40 using dummy_hcd
[  496.604577][  T917] usb 2-1: Using ep0 maxpacket: 32
[  496.631543][  T917] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  496.652209][  T917] usb 2-1: config 0 has no interface number 0
[  496.668614][  T917] usb 2-1: config 0 interface 12 has no altsetting 0
[  496.685217][ T5930] usb 6-1: Invalid ep0 maxpacket: 32
[  496.735464][  T917] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  496.784796][  T917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.930279][ T5930] usb 6-1: new low-speed USB device number 41 using dummy_hcd
[  497.614652][  T917] usb 2-1: Product: syz
[  497.618893][  T917] usb 2-1: Manufacturer: syz
[  497.699760][  T917] usb 2-1: SerialNumber: syz
[  497.794747][ T5930] usb 6-1: Invalid ep0 maxpacket: 32
[  497.924815][   T92] usb 7-1: new full-speed USB device number 21 using dummy_hcd
[  498.069085][T11003] trusted_key: encrypted_key: insufficient parameters specified
[  498.128884][   T92] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  498.306406][   T92] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.340458][ T5930] usb usb6-port1: attempt power cycle
[  498.456154][   T92] usb 7-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  498.598913][   T92] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.792602][   T92] usb 7-1: config 0 descriptor??
[  499.374262][  T917] usb 2-1: config 0 descriptor??
[  499.577920][  T917] usb 2-1: can't set config #0, error -71
[  499.585498][  T917] usb 2-1: USB disconnect, device number 40
[  499.593316][   T92] elan 0003:04F3:0755.000F: unknown main item tag 0x0
[  499.654557][   T92] elan 0003:04F3:0755.000F: unknown main item tag 0x0
[  499.735312][   T92] elan 0003:04F3:0755.000F: failed to start in urb: -90
[  499.764810][   T92] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0
[  499.844592][T11026] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1344'.
[  500.977474][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  500.983869][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  501.420342][   T92] usb 7-1: USB disconnect, device number 21
[  501.719122][   T30] audit: type=1400 audit(1750654645.903:908): avc:  denied  { write } for  pid=11045 comm="syz.6.1352" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  501.849188][T11053] tipc: Started in network mode
[  501.854267][T11053] tipc: Node identity ac14142f, cluster identity 4711
[  501.864193][T11053] tipc: New replicast peer: 0.0.0.0
[  501.871102][T11053] tipc: Enabled bearer <udp:syz2>, priority 10
[  501.881267][T11053] netlink: 'syz.5.1347': attribute type 4 has an invalid length.
[  501.994204][T11050] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00aa
[  502.010410][T11054] xt_hashlimit: max too large, truncated to 1048576
[  502.020772][T11054] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  502.035562][T11053] netlink: 17 bytes leftover after parsing attributes in process `syz.5.1347'.
[  502.355184][T11048] lo speed is unknown, defaulting to 1000
[  502.739076][   T30] audit: type=1400 audit(1750654646.903:909): avc:  denied  { bind } for  pid=11044 comm="syz.3.1350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  502.878372][T11060] hpfs: Bad magic ... probably not HPFS
[  502.984643][   T92] tipc: Node number set to 2886997039
[  503.160607][T11070] netlink: 'syz.6.1356': attribute type 1 has an invalid length.
[  503.168483][T11070] netlink: 'syz.6.1356': attribute type 101 has an invalid length.
[  503.176540][T11070] netlink: 572 bytes leftover after parsing attributes in process `syz.6.1356'.
[  505.014413][T11117] netlink: 'syz.6.1359': attribute type 1 has an invalid length.
[  505.556297][T11122] sp0: Synchronizing with TNC
[  505.838957][T11143] [U] �
[  506.734675][   T30] audit: type=1800 audit(1750654650.483:910): pid=11168 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1365" name="bus" dev="overlay" ino=1500 res=0 errno=0
[  506.789159][ T5930] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[  507.119184][ T5930] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  507.243577][ T5930] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  507.474724][ T5930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  507.685433][ T5930] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  507.825493][ T5930] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  508.045603][ T5930] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  508.074555][ T5930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.082649][ T5930] usb 6-1: Product: syz
[  508.312686][ T5930] usb 6-1: Manufacturer: syz
[  508.339346][ T5930] usb 6-1: SerialNumber: syz
[  508.374959][ T5876] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  508.463349][ T5930] usb 6-1: config 0 descriptor??
[  508.535612][ T5876] usb 4-1: Using ep0 maxpacket: 32
[  508.570848][ T5876] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  508.597412][ T5876] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26335, setting to 1024
[  508.656416][ T5876] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  509.054230][ T5876] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  509.114267][ T5876] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  509.124571][ T5876] usb 4-1: Product: syz
[  509.124591][ T5876] usb 4-1: Manufacturer: syz
[  509.124655][ T5876] usb 4-1: SerialNumber: syz
[  509.274070][T11177] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  509.465623][ T5876] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input110
[  509.631867][ T5930] usb 6-1: can't set config #0, error -71
[  509.764532][    C1] appletouch 4-1:1.0: atp_complete: usb_submit_urb failed with result -1
[  510.156159][ T5930] usb 6-1: USB disconnect, device number 43
[  510.380487][ T5957] usb 4-1: USB disconnect, device number 40
[  510.503676][ T5957] appletouch 4-1:1.0: input: appletouch disconnected
[  510.517999][T11198] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1376'.
[  511.451336][T11204] pimreg: entered allmulticast mode
[  511.513709][T11204] pimreg: left allmulticast mode
[  511.521723][ T5930] usb 7-1: new full-speed USB device number 22 using dummy_hcd
[  512.771688][ T5930] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  512.788192][ T5930] usb 7-1: config 0 has no interfaces?
[  512.793757][ T5930] usb 7-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  512.854918][ T5930] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.870590][ T5930] usb 7-1: config 0 descriptor??
[  512.979813][ T5957] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  513.025423][T11212] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  513.090656][   T30] audit: type=1400 audit(1750654657.273:911): avc:  denied  { ioctl } for  pid=11194 comm="syz.6.1377" path="socket:[30740]" dev="sockfs" ino=30740 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  513.145382][ T5957] usb 4-1: Using ep0 maxpacket: 32
[  513.152097][ T5957] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  513.160548][ T5957] usb 4-1: config 0 has no interface number 0
[  513.167702][ T5957] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  513.189708][ T5957] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  513.207617][ T5957] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  513.221049][ T5957] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.258065][ T5957] usb 4-1: config 0 descriptor??
[  513.727838][T11227] hpfs: Bad magic ... probably not HPFS
[  513.896160][   T30] audit: type=1400 audit(1750654658.063:912): avc:  denied  { bind } for  pid=11208 comm="syz.3.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  513.915538][    C1] vkms_vblank_simulate: vblank timer overrun
[  514.055767][ T5957] uclogic 0003:28BD:0094.0010: pen parameters not found
[  514.062814][ T5957] uclogic 0003:28BD:0094.0010: interface is invalid, ignoring
[  515.614854][   T30] audit: type=1400 audit(1750654658.063:913): avc:  denied  { listen } for  pid=11208 comm="syz.3.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  515.934434][ T5957] usb 4-1: USB disconnect, device number 41
[  515.956228][   T30] audit: type=1400 audit(1750654658.063:914): avc:  denied  { accept } for  pid=11208 comm="syz.3.1379" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  516.023139][T11233] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1384'.
[  516.039629][ T5863] usb 7-1: USB disconnect, device number 22
[  516.952101][   T30] audit: type=1326 audit(1750654661.103:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11232 comm="syz.3.1384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56fe78e929 code=0x0
[  517.887630][   T30] audit: type=1400 audit(1750654661.573:916): avc:  denied  { connect } for  pid=11241 comm="syz.6.1387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  517.910254][   T30] audit: type=1400 audit(1750654661.613:917): avc:  denied  { remount } for  pid=11237 comm="syz.1.1386" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  518.092557][   T30] audit: type=1400 audit(1750654661.633:918): avc:  denied  { read } for  pid=11241 comm="syz.6.1387" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  518.341489][   T30] audit: type=1400 audit(1750654661.633:919): avc:  denied  { open } for  pid=11241 comm="syz.6.1387" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  518.371750][   T30] audit: type=1400 audit(1750654661.643:920): avc:  denied  { ioctl } for  pid=11241 comm="syz.6.1387" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  518.404936][ T5863] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  518.445542][   T30] audit: type=1400 audit(1750654661.723:921): avc:  denied  { write } for  pid=11241 comm="syz.6.1387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  518.496833][T11261] FAULT_INJECTION: forcing a failure.
[  518.496833][T11261] name failslab, interval 1, probability 0, space 0, times 0
[  518.535012][T11261] CPU: 1 UID: 0 PID: 11261 Comm: syz.6.1390 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  518.535036][T11261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  518.535046][T11261] Call Trace:
[  518.535052][T11261]  <TASK>
[  518.535059][T11261]  dump_stack_lvl+0x16c/0x1f0
[  518.535088][T11261]  should_fail_ex+0x512/0x640
[  518.535110][T11261]  should_failslab+0xc2/0x120
[  518.535132][T11261]  __kmalloc_cache_noprof+0x6a/0x3e0
[  518.535152][T11261]  ? sctp_add_bind_addr+0xae/0x3f0
[  518.535184][T11261]  sctp_add_bind_addr+0xae/0x3f0
[  518.535210][T11261]  sctp_copy_local_addr_list+0x39d/0x5a0
[  518.535242][T11261]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  518.535273][T11261]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  518.535295][T11261]  ? sctp_bind_addr_copy+0xe0/0x530
[  518.535319][T11261]  sctp_bind_addr_copy+0xe0/0x530
[  518.535349][T11261]  sctp_connect_new_asoc+0x1d7/0x790
[  518.535371][T11261]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  518.535393][T11261]  ? selinux_sctp_bind_connect+0x112/0x2c0
[  518.535418][T11261]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  518.535448][T11261]  sctp_sendmsg+0x15f9/0x1ee0
[  518.535476][T11261]  ? __pfx_sctp_sendmsg+0x10/0x10
[  518.535502][T11261]  ? __pfx_sock_has_perm+0x10/0x10
[  518.535529][T11261]  ? __import_iovec+0x1dd/0x650
[  518.535555][T11261]  ? __pfx_sctp_sendmsg+0x10/0x10
[  518.535576][T11261]  inet_sendmsg+0x119/0x140
[  518.535599][T11261]  ____sys_sendmsg+0x973/0xc70
[  518.535619][T11261]  ? copy_msghdr_from_user+0x10a/0x160
[  518.535643][T11261]  ? __pfx_____sys_sendmsg+0x10/0x10
[  518.535666][T11261]  ? __pfx__kstrtoull+0x10/0x10
[  518.535689][T11261]  ___sys_sendmsg+0x134/0x1d0
[  518.535714][T11261]  ? __pfx____sys_sendmsg+0x10/0x10
[  518.535750][T11261]  ? find_held_lock+0x2b/0x80
[  518.535788][T11261]  __sys_sendmmsg+0x200/0x420
[  518.535813][T11261]  ? __pfx___sys_sendmmsg+0x10/0x10
[  518.535852][T11261]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  518.535889][T11261]  ? fput+0x70/0xf0
[  518.535913][T11261]  ? ksys_write+0x1ac/0x250
[  518.535933][T11261]  ? __pfx_ksys_write+0x10/0x10
[  518.535957][T11261]  __x64_sys_sendmmsg+0x9c/0x100
[  518.535980][T11261]  ? lockdep_hardirqs_on+0x7c/0x110
[  518.536002][T11261]  do_syscall_64+0xcd/0x4c0
[  518.536027][T11261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.536044][T11261] RIP: 0033:0x7f65a138e929
[  518.536059][T11261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.536076][T11261] RSP: 002b:00007f65a2158038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  518.536092][T11261] RAX: ffffffffffffffda RBX: 00007f65a15b5fa0 RCX: 00007f65a138e929
[  518.536103][T11261] RDX: 0000000000000002 RSI: 0000200000000e40 RDI: 0000000000000003
[  518.536113][T11261] RBP: 00007f65a2158090 R08: 0000000000000000 R09: 0000000000000000
[  518.536123][T11261] R10: 0000000000000844 R11: 0000000000000246 R12: 0000000000000002
[  518.536133][T11261] R13: 0000000000000000 R14: 00007f65a15b5fa0 R15: 00007ffde07b9d48
[  518.536153][T11261]  </TASK>
[  518.871333][ T5863] usb 2-1: device descriptor read/64, error -71
[  519.174550][ T5863] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  519.314840][ T5863] usb 2-1: device descriptor read/64, error -71
[  519.425074][ T5863] usb usb2-port1: attempt power cycle
[  519.742360][ T5957] usb 4-1: new full-speed USB device number 42 using dummy_hcd
[  519.795856][ T5863] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  519.828086][ T5863] usb 2-1: device descriptor read/8, error -71
[  519.946034][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  519.981535][T11292] overlayfs: overlapping lowerdir path
[  520.026706][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  520.062560][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  520.080258][ T5939] usb 7-1: new low-speed USB device number 23 using dummy_hcd
[  520.377736][T11297] netlink: 'syz.1.1400': attribute type 3 has an invalid length.
[  520.385602][ T5957] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  520.385629][ T5957] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  520.398013][ T5957] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  520.457429][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.493911][ T5957] usb 4-1: Product: syz
[  520.504537][ T5939] usb 7-1: device descriptor read/64, error -71
[  520.516529][T11297] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1400'.
[  520.528681][ T5957] usb 4-1: Manufacturer: syz
[  520.533359][ T5957] usb 4-1: SerialNumber: syz
[  520.561396][ T5957] usb 4-1: config 0 descriptor??
[  520.617430][ T5957] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input111
[  520.774894][ T5939] usb 7-1: new low-speed USB device number 24 using dummy_hcd
[  520.802156][   T30] audit: type=1400 audit(1750654664.983:922): avc:  denied  { write } for  pid=11305 comm="syz.5.1402" path="socket:[30315]" dev="sockfs" ino=30315 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  520.802229][T11306] ieee802154 phy0 wpan0: encryption failed: -22
[  520.858860][ T5957] usb 4-1: USB disconnect, device number 42
[  520.914750][ T5939] usb 7-1: device descriptor read/64, error -71
[  521.110262][ T5939] usb usb7-port1: attempt power cycle
[  521.534672][ T5939] usb 7-1: new low-speed USB device number 25 using dummy_hcd
[  521.565184][ T5939] usb 7-1: device descriptor read/8, error -71
[  521.804638][ T5939] usb 7-1: new low-speed USB device number 26 using dummy_hcd
[  521.851424][ T5939] usb 7-1: device descriptor read/8, error -71
[  521.892127][T11320] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1404'.
[  522.135090][ T5939] usb usb7-port1: unable to enumerate USB device
[  522.196206][   T92] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[  522.380957][   T92] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  522.393735][   T92] usb 2-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  522.414116][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.426067][T11331] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1411'.
[  522.435884][T11331] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1411'.
[  522.465561][   T92] usb 2-1: config 0 descriptor??
[  522.634648][ T5939] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  522.709128][T11337] binder: 11336:11337 ioctl 80045503 200000000180 returned -22
[  522.717988][T11335] hub 8-0:1.0: USB hub found
[  522.723596][T11335] hub 8-0:1.0: 1 port detected
[  522.729170][T11337] binder: 11336:11337 ioctl c0306201 2000000003c0 returned -14
[  522.744844][   T30] audit: type=1400 audit(1750654666.923:923): avc:  denied  { call } for  pid=11336 comm="syz.6.1412" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  522.805169][ T5939] usb 4-1: Using ep0 maxpacket: 8
[  522.816314][ T5939] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  522.826963][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.850629][ T5939] pvrusb2: Hardware description: Terratec Grabster AV400
[  522.862159][ T5939] pvrusb2: **********
[  522.871831][ T5939] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  522.887808][ T5939] pvrusb2: Important functionality might not be entirely working.
[  522.896643][ T5939] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  522.922260][ T5939] pvrusb2: **********
[  523.024607][ T5876] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  523.079071][ T2336] pvrusb2: Invalid write control endpoint
[  523.377346][   T30] audit: type=1400 audit(1750654667.553:924): avc:  denied  { name_bind } for  pid=11316 comm="syz.1.1407" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  523.398518][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.640867][T11321] geneve2: entered allmulticast mode
[  523.909266][ T2336] pvrusb2: Invalid write control endpoint
[  523.931886][ T2336] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  523.949820][ T2336] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  523.959628][   T30] audit: type=1400 audit(1750654668.143:925): avc:  denied  { mount } for  pid=11346 comm="syz.5.1417" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  523.961083][T11347] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  523.981944][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.983867][ T2336] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  524.006030][ T5876] usb 7-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  524.020511][ T5876] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  524.033272][ T5876] usb 7-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  524.043909][ T2336] pvrusb2: Device being rendered inoperable
[  524.055119][ T2336] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  524.063062][ T2336] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  524.082616][ T2336] pvrusb2: Attached sub-driver cx25840
[  524.090230][ T2336] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  524.100823][ T2336] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  524.123179][ T5876] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  524.132425][ T5876] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.154564][ T5924] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  524.162843][ T5876] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  524.173367][ T5876] usb 7-1: invalid MIDI out EP 0
[  524.221584][   T30] audit: type=1400 audit(1750654668.403:926): avc:  denied  { unmount } for  pid=7185 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  524.291756][ T5876] snd-usb-audio 7-1:27.0: probe with driver snd-usb-audio failed with error -22
[  524.336823][ T5924] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  524.362349][T11354] binder: BINDER_SET_CONTEXT_MGR already set
[  524.370267][T11354] binder: 11336:11354 ioctl 4018620d 2000000000c0 returned -16
[  524.377990][ T5924] usb 1-1: config 0 has no interfaces?
[  524.424225][ T5924] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  524.452842][ T5924] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.495985][ T5924] usb 1-1: Product: syz
[  524.517227][ T5924] usb 1-1: Manufacturer: syz
[  524.543545][ T5924] usb 1-1: SerialNumber: syz
[  524.649476][ T5924] usb 1-1: config 0 descriptor??
[  524.692563][ T5957] usb 7-1: USB disconnect, device number 27
[  524.959629][T11362] binder: 11358:11362 ioctl c0306201 2000000003c0 returned -22
[  525.037746][ T5924] usb 1-1: USB disconnect, device number 33
[  525.136839][ T5957] usb 2-1: USB disconnect, device number 45
[  525.558804][ T5939] usb 4-1: USB disconnect, device number 43
[  525.682587][   T30] audit: type=1400 audit(1750654669.863:927): avc:  denied  { connect } for  pid=11367 comm="syz.1.1421" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  525.967828][T11371] geneve1: entered allmulticast mode
[  526.035644][ T5876] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  526.322952][T11384] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1425'.
[  526.715485][ T5876] usb 2-1: device descriptor read/64, error -71
[  527.191506][ T5876] usb 2-1: new full-speed USB device number 47 using dummy_hcd
[  527.636047][ T5924] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  527.815753][ T5876] usb 2-1: device descriptor read/64, error -71
[  527.834668][ T5924] usb 7-1: Using ep0 maxpacket: 32
[  527.867520][ T5924] usb 7-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  527.912631][ T5924] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  527.943983][ T5876] usb usb2-port1: attempt power cycle
[  528.041092][ T5924] usb 7-1: config 0 descriptor??
[  528.113812][ T5924] gspca_main: sq930x-2.14.0 probing 041e:403c
[  528.124661][   T30] audit: type=1400 audit(1750654672.313:928): avc:  denied  { append } for  pid=11397 comm="syz.0.1432" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  528.200268][   T30] audit: type=1400 audit(1750654672.383:929): avc:  denied  { write } for  pid=11401 comm="syz.5.1434" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  528.430426][   T30] audit: type=1400 audit(1750654672.613:930): avc:  denied  { accept } for  pid=11385 comm="syz.6.1428" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  528.462861][   T30] audit: type=1400 audit(1750654672.643:931): avc:  denied  { getattr } for  pid=11404 comm="syz.0.1435" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  528.635954][T11413] lo speed is unknown, defaulting to 1000
[  529.174546][ T5876] usb 2-1: new full-speed USB device number 48 using dummy_hcd
[  529.183490][ T5924] gspca_sq930x: reg_r 001f failed -110
[  529.189103][ T5924] sq930x 7-1:0.0: probe with driver sq930x failed with error -110
[  529.239517][ T5876] usb 2-1: device descriptor read/8, error -71
[  529.590984][T11427] FAULT_INJECTION: forcing a failure.
[  529.590984][T11427] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  529.604125][T11427] CPU: 1 UID: 0 PID: 11427 Comm: syz.0.1437 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  529.604150][T11427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  529.604160][T11427] Call Trace:
[  529.604166][T11427]  <TASK>
[  529.604172][T11427]  dump_stack_lvl+0x16c/0x1f0
[  529.604203][T11427]  should_fail_ex+0x512/0x640
[  529.604230][T11427]  _copy_to_user+0x32/0xd0
[  529.604257][T11427]  simple_read_from_buffer+0xcb/0x170
[  529.604282][T11427]  proc_fail_nth_read+0x197/0x270
[  529.604305][T11427]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  529.604328][T11427]  ? rw_verify_area+0xcf/0x680
[  529.604347][T11427]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  529.604368][T11427]  vfs_read+0x1e4/0xc60
[  529.604393][T11427]  ? __pfx___mutex_lock+0x10/0x10
[  529.604418][T11427]  ? __pfx_vfs_read+0x10/0x10
[  529.604447][T11427]  ? __fget_files+0x20e/0x3c0
[  529.604479][T11427]  ksys_read+0x12a/0x250
[  529.604497][T11427]  ? __pfx_ksys_read+0x10/0x10
[  529.604525][T11427]  do_syscall_64+0xcd/0x4c0
[  529.604552][T11427]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  529.604571][T11427] RIP: 0033:0x7f0e0018d33c
[  529.604590][T11427] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  529.604607][T11427] RSP: 002b:00007f0dfdfb4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  529.604624][T11427] RAX: ffffffffffffffda RBX: 00007f0e003b6160 RCX: 00007f0e0018d33c
[  529.604635][T11427] RDX: 000000000000000f RSI: 00007f0dfdfb40a0 RDI: 0000000000000008
[  529.604645][T11427] RBP: 00007f0dfdfb4090 R08: 0000000000000000 R09: 0000000000000000
[  529.604655][T11427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  529.604664][T11427] R13: 0000000000000000 R14: 00007f0e003b6160 R15: 00007ffe28e89618
[  529.604689][T11427]  </TASK>
[  530.474522][ T5876] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  530.615788][   T30] audit: type=1800 audit(1750654674.493:932): pid=11434 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1441" name="bus" dev="overlay" ino=1619 res=0 errno=0
[  531.167268][ T5957] usb 7-1: USB disconnect, device number 28
[  531.175940][ T5876] usb 2-1: Using ep0 maxpacket: 8
[  531.182563][ T5876] usb 2-1: config 1 has an invalid interface number: 128 but max is 1
[  531.194044][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  531.204422][ T5876] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  531.213539][ T5876] usb 2-1: config 1 has no interface number 0
[  531.220611][ T5876] usb 2-1: config 1 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  531.283727][T11440] netlink: 'syz.6.1443': attribute type 1 has an invalid length.
[  531.284399][ T5876] usb 2-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  531.294163][T11440] netlink: 'syz.6.1443': attribute type 101 has an invalid length.
[  531.315113][T11440] netlink: 572 bytes leftover after parsing attributes in process `syz.6.1443'.
[  531.501660][ T5876] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  531.524555][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  531.532577][ T5876] usb 2-1: Product: syz
[  531.806230][ T5876] usb 2-1: Manufacturer: syz
[  531.908712][ T5876] usb 2-1: SerialNumber: syz
[  532.031742][ T5876] cdc_wdm 2-1:1.128: skipping garbage
[  532.049624][ T5876] cdc_wdm 2-1:1.128: cdc-wdm0: USB WDM device
[  532.067252][ T5876] cdc_wdm 2-1:1.128: Unknown control protocol
[  532.117473][T11453] netlink: 'syz.3.1447': attribute type 1 has an invalid length.
[  532.125673][T11453] netlink: 'syz.3.1447': attribute type 101 has an invalid length.
[  532.133682][T11453] netlink: 572 bytes leftover after parsing attributes in process `syz.3.1447'.
[  532.384759][ T5876] usb 2-1: USB disconnect, device number 49
[  532.691433][T11464] sel_write_load: 55 callbacks suppressed
[  532.691445][T11464] SELinux: failed to load policy
[  532.786052][   T30] audit: type=1400 audit(1750654676.943:933): avc:  denied  { watch } for  pid=11457 comm="syz.0.1448" path="/297/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1630 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  533.030062][T11468] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=36 sclass=netlink_tcpdiag_socket pid=11468 comm=syz.6.1450
[  533.064814][   T30] audit: type=1400 audit(1750654676.943:934): avc:  denied  { watch_sb watch_reads } for  pid=11457 comm="syz.0.1448" path="/297/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1630 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  533.189067][T11470] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1452'.
[  533.305863][T11479] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  533.533009][   T30] audit: type=1800 audit(1750654677.713:935): pid=11483 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1455" name="bus" dev="overlay" ino=1179 res=0 errno=0
[  534.520681][T11488] SELinux: failed to load policy
[  534.887896][T11492] fuse: Unknown parameter '�*�I�lt_/ܩ�`�������
�/aȥ�Yy�ֳ��R�u�L�4`�6'
[  535.363628][   T30] audit: type=1400 audit(1750654679.543:936): avc:  denied  { ioctl } for  pid=11496 comm="syz.0.1460" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x63a0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  535.394993][T11493] bond1: entered promiscuous mode
[  535.400097][T11493] bond1: entered allmulticast mode
[  535.433758][T11499] netlink: 'syz.0.1462': attribute type 1 has an invalid length.
[  535.440917][T11493] 8021q: adding VLAN 0 to HW filter on device bond1
[  535.441634][T11499] netlink: 'syz.0.1462': attribute type 101 has an invalid length.
[  535.456137][T11499] netlink: 572 bytes leftover after parsing attributes in process `syz.0.1462'.
[  535.492203][   T30] audit: type=1400 audit(1750654679.673:937): avc:  denied  { setattr } for  pid=11500 comm="syz.5.1459" name="AF_VSOCK" dev="sockfs" ino=30617 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  535.576761][T11510] FAULT_INJECTION: forcing a failure.
[  535.576761][T11510] name failslab, interval 1, probability 0, space 0, times 0
[  535.590297][T11510] CPU: 1 UID: 0 PID: 11510 Comm: syz.3.1464 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  535.590321][T11510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.590332][T11510] Call Trace:
[  535.590337][T11510]  <TASK>
[  535.590344][T11510]  dump_stack_lvl+0x16c/0x1f0
[  535.590376][T11510]  should_fail_ex+0x512/0x640
[  535.590399][T11510]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  535.590425][T11510]  should_failslab+0xc2/0x120
[  535.590451][T11510]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  535.590473][T11510]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  535.590492][T11510]  ? ptlock_alloc+0x1f/0x70
[  535.590515][T11510]  ptlock_alloc+0x1f/0x70
[  535.590534][T11510]  pte_alloc_one+0x82/0x3a0
[  535.590551][T11510]  __pte_alloc+0x6d/0x3c0
[  535.590576][T11510]  ? __pfx___pte_alloc+0x10/0x10
[  535.590600][T11510]  ? __pfx___might_resched+0x10/0x10
[  535.590622][T11510]  ? mfill_atomic_poison+0xd91/0x18e0
[  535.590648][T11510]  ? mm_alloc_pmd+0x2c2/0x470
[  535.590675][T11510]  mfill_atomic_poison+0xe00/0x18e0
[  535.590707][T11510]  ? find_held_lock+0x2b/0x80
[  535.590727][T11510]  ? __might_fault+0xe3/0x190
[  535.590753][T11510]  ? __might_fault+0xe3/0x190
[  535.590773][T11510]  ? __might_fault+0x13b/0x190
[  535.590795][T11510]  ? __pfx_mfill_atomic_poison+0x10/0x10
[  535.590830][T11510]  userfaultfd_ioctl+0x10a7/0x38e0
[  535.590856][T11510]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  535.590874][T11510]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  535.590900][T11510]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  535.590943][T11510]  ? selinux_file_ioctl+0x180/0x270
[  535.590965][T11510]  ? selinux_file_ioctl+0xb4/0x270
[  535.590988][T11510]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  535.591011][T11510]  ? __x64_sys_ioctl+0x18b/0x210
[  535.591030][T11510]  __x64_sys_ioctl+0x18b/0x210
[  535.591052][T11510]  do_syscall_64+0xcd/0x4c0
[  535.591080][T11510]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.591098][T11510] RIP: 0033:0x7f56fe78e929
[  535.591113][T11510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  535.591130][T11510] RSP: 002b:00007f56ff5b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  535.591146][T11510] RAX: ffffffffffffffda RBX: 00007f56fe9b5fa0 RCX: 00007f56fe78e929
[  535.591157][T11510] RDX: 0000200000000080 RSI: 00000000c020aa08 RDI: 0000000000000003
[  535.591168][T11510] RBP: 00007f56ff5b6090 R08: 0000000000000000 R09: 0000000000000000
[  535.591176][T11510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  535.591185][T11510] R13: 0000000000000000 R14: 00007f56fe9b5fa0 R15: 00007ffca94bd3c8
[  535.591208][T11510]  </TASK>
[  535.854519][    C1] vkms_vblank_simulate: vblank timer overrun
[  536.134544][ T5924] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  536.142943][ T5876] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  536.183583][T11516] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1466'.
[  536.199395][T11516] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1466'.
[  536.209338][T11516] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1466'.
[  536.218680][T11516] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1466'.
[  536.316938][ T5876] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  536.332468][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.333299][T11520] FAULT_INJECTION: forcing a failure.
[  536.333299][T11520] name failslab, interval 1, probability 0, space 0, times 0
[  536.349010][ T5924] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  536.355305][T11520] CPU: 0 UID: 0 PID: 11520 Comm: syz.0.1468 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  536.355328][T11520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  536.355337][T11520] Call Trace:
[  536.355343][T11520]  <TASK>
[  536.355348][T11520]  dump_stack_lvl+0x16c/0x1f0
[  536.355375][T11520]  should_fail_ex+0x512/0x640
[  536.355393][T11520]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  536.355413][T11520]  should_failslab+0xc2/0x120
[  536.355434][T11520]  __kmalloc_cache_noprof+0x6a/0x3e0
[  536.355449][T11520]  ? find_held_lock+0x2b/0x80
[  536.355467][T11520]  ? prog_array_map_alloc+0x45/0x2a0
[  536.355487][T11520]  prog_array_map_alloc+0x45/0x2a0
[  536.355503][T11520]  map_create+0x592/0x1db0
[  536.355524][T11520]  ? avc_has_perm+0x11a/0x1c0
[  536.355547][T11520]  ? __pfx_avc_has_perm+0x10/0x10
[  536.355570][T11520]  ? __pfx_map_create+0x10/0x10
[  536.355586][T11520]  ? __might_fault+0xe3/0x190
[  536.355604][T11520]  ? __might_fault+0xe3/0x190
[  536.355620][T11520]  ? __might_fault+0x13b/0x190
[  536.355641][T11520]  ? selinux_bpf+0xde/0x130
[  536.355658][T11520]  __sys_bpf+0x47cc/0x4d80
[  536.355680][T11520]  ? __pfx___sys_bpf+0x10/0x10
[  536.355700][T11520]  ? ksys_write+0x190/0x250
[  536.355721][T11520]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  536.355762][T11520]  ? fput+0x70/0xf0
[  536.355782][T11520]  ? ksys_write+0x1ac/0x250
[  536.355799][T11520]  ? __pfx_ksys_write+0x10/0x10
[  536.355821][T11520]  __x64_sys_bpf+0x78/0xc0
[  536.355841][T11520]  ? lockdep_hardirqs_on+0x7c/0x110
[  536.355860][T11520]  do_syscall_64+0xcd/0x4c0
[  536.355882][T11520]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  536.355898][T11520] RIP: 0033:0x7f0e0018e929
[  536.355910][T11520] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  536.355924][T11520] RSP: 002b:00007f0dfdff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  536.355943][T11520] RAX: ffffffffffffffda RBX: 00007f0e003b5fa0 RCX: 00007f0e0018e929
[  536.355952][T11520] RDX: 0000000000000048 RSI: 0000200000000740 RDI: 0000000000000000
[  536.355961][T11520] RBP: 00007f0dfdff6090 R08: 0000000000000000 R09: 0000000000000000
[  536.355970][T11520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  536.355978][T11520] R13: 0000000000000000 R14: 00007f0e003b5fa0 R15: 00007ffe28e89618
[  536.355999][T11520]  </TASK>
[  536.391423][T11522] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1469'.
[  536.405366][ T5876] usb 4-1: config 0 descriptor??
[  536.622849][ T5924] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.630984][ T5924] usb 2-1: Product: syz
[  536.643033][ T5924] usb 2-1: Manufacturer: syz
[  536.656055][ T5924] usb 2-1: SerialNumber: syz
[  536.721649][ T5924] usb 2-1: config 0 descriptor??
[  537.630042][   T30] audit: type=1800 audit(1750654680.883:938): pid=11526 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1470" name="bus" dev="overlay" ino=1670 res=0 errno=0
[  537.692995][ T5924] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 050
[  537.717281][ T5876] cp210x 4-1:0.0: cp210x converter detected
[  537.933003][   T30] audit: type=1400 audit(1750654682.103:939): avc:  denied  { accept } for  pid=11533 comm="syz.0.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  538.117508][ T5876] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -71
[  538.136432][ T5876] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71
[  538.154693][ T5876] cp210x 4-1:0.0: GPIO initialisation failed: -71
[  538.191142][ T5876] usb 4-1: cp210x converter now attached to ttyUSB0
[  538.245537][ T5876] usb 4-1: USB disconnect, device number 44
[  538.281207][ T5876] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  538.296006][ T5876] cp210x 4-1:0.0: device disconnected
[  538.305277][ T5924] i2c i2c-1: connected i2c-tiny-usb device
[  538.583139][ T5930] usb 2-1: USB disconnect, device number 50
[  538.857501][T11551] input: syz0 as /devices/virtual/input/input114
[  538.860762][T11550] block device autoloading is deprecated and will be removed.
[  539.171019][T11557] binder: BINDER_SET_CONTEXT_MGR already set
[  539.177440][T11557] binder: 11553:11557 ioctl 4018620d 200000000040 returned -16
[  540.522907][   T30] audit: type=1800 audit(1750654683.813:940): pid=11565 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1483" name="bus" dev="overlay" ino=1618 res=0 errno=0
[  540.692796][   T30] audit: type=1400 audit(1750654684.873:941): avc:  denied  { getopt } for  pid=11569 comm="syz.5.1485" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  540.888555][T11571] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1485'.
[  540.909329][T11571] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1485'.
[  541.095225][ T5930] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  541.248182][ T5930] usb 4-1: device descriptor read/64, error -71
[  541.494564][ T5930] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  541.654657][ T5930] usb 4-1: device descriptor read/64, error -71
[  541.754684][  T917] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  541.770780][ T5930] usb usb4-port1: attempt power cycle
[  541.946345][  T917] usb 7-1: Using ep0 maxpacket: 8
[  541.956973][  T917] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  542.080220][  T917] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  542.124757][ T5930] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  542.239445][  T917] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  542.274311][  T917] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  542.297508][ T5930] usb 4-1: device descriptor read/8, error -71
[  542.329105][  T917] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  542.358546][  T917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  542.400592][T11593] nfs: Unknown parameter 'no'
[  542.420022][T11594] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  542.426567][T11594] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  542.444938][T11594] vhci_hcd vhci_hcd.0: Device attached
[  542.594911][  T917] usb 7-1: GET_CAPABILITIES returned 0
[  542.600508][  T917] usbtmc 7-1:16.0: can't read capabilities
[  542.728497][T11600] netlink: 'syz.1.1491': attribute type 4 has an invalid length.
[  542.758712][ T5924] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  543.131426][ T5876] usb 7-1: USB disconnect, device number 29
[  543.191759][   T30] audit: type=1400 audit(1750654687.373:942): avc:  denied  { mount } for  pid=11599 comm="syz.5.1494" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  543.230979][T11595] vhci_hcd: connection reset by peer
[  543.249383][   T59] vhci_hcd: stop threads
[  543.253688][   T59] vhci_hcd: release socket
[  543.289547][   T59] vhci_hcd: disconnect device
[  543.952857][T11626] 9pnet_fd: Insufficient options for proto=fd
[  544.214649][ T5876] usb 2-1: new low-speed USB device number 51 using dummy_hcd
[  544.244700][ T5930] usb 7-1: new full-speed USB device number 30 using dummy_hcd
[  544.382008][ T5876] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 is Bulk; changing to Interrupt
[  544.393090][ T5876] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  544.405250][ T5876] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B is Bulk; changing to Interrupt
[  544.476421][ T5876] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  544.494774][ T5876] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  544.504206][ T5876] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.719163][ T5876] usbtmc 2-1:16.0: bulk endpoints not found
[  544.737612][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  544.753301][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  544.787150][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  544.812504][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  544.907910][ T5930] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  544.923204][ T5930] usb 7-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  544.932428][ T5930] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.953119][ T5930] usb 7-1: Product: syz
[  544.959501][ T5930] usb 7-1: Manufacturer: syz
[  544.964809][ T5930] usb 7-1: SerialNumber: syz
[  544.980062][ T5930] usb 7-1: config 0 descriptor??
[  544.994424][T11645] bridge0: port 1(bridge_slave_0) entered disabled state
[  544.999003][ T5930] input: KB Gear Tablet as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input116
[  545.337953][T11652] xt_hashlimit: size too large, truncated to 1048576
[  546.276660][T11658] xt_HMARK: proto mask must be zero with L3 mode
[  546.799248][T11653] lo speed is unknown, defaulting to 1000
[  547.307882][ T5876] usb 7-1: USB disconnect, device number 30
[  547.313928][   T24] usb 2-1: USB disconnect, device number 51
[  547.844569][ T5924] vhci_hcd: vhci_device speed not set
[  549.578629][ T5930] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  549.738441][ T5930] usb 7-1: Using ep0 maxpacket: 16
[  550.037826][ T5930] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.214887][ T5930] usb 7-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00
[  550.388809][T11709] lo speed is unknown, defaulting to 1000
[  550.947427][   T24] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  551.034125][ T5930] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  551.072537][ T5930] usb 7-1: config 0 descriptor??
[  551.142969][   T24] usb 4-1: Using ep0 maxpacket: 32
[  551.241796][   T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  551.271435][T11715] FAULT_INJECTION: forcing a failure.
[  551.271435][T11715] name failslab, interval 1, probability 0, space 0, times 0
[  551.333144][   T24] usb 4-1: config 0 has no interface number 0
[  551.408028][T11705] netlink: 1 bytes leftover after parsing attributes in process `syz.5.1522'.
[  551.504628][T11715] CPU: 0 UID: 0 PID: 11715 Comm: syz.0.1525 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  551.504653][T11715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  551.504667][T11715] Call Trace:
[  551.504673][T11715]  <TASK>
[  551.504679][T11715]  dump_stack_lvl+0x16c/0x1f0
[  551.504707][T11715]  should_fail_ex+0x512/0x640
[  551.504727][T11715]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  551.504751][T11715]  should_failslab+0xc2/0x120
[  551.504775][T11715]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  551.504796][T11715]  ? __kernfs_new_node+0xd2/0x8e0
[  551.504822][T11715]  __kernfs_new_node+0xd2/0x8e0
[  551.504849][T11715]  ? __pfx___kernfs_new_node+0x10/0x10
[  551.504871][T11715]  ? __pfx___schedule+0x10/0x10
[  551.504899][T11715]  ? find_held_lock+0x2b/0x80
[  551.504922][T11715]  ? kernfs_root+0xee/0x2a0
[  551.504947][T11715]  kernfs_new_node+0x13c/0x1e0
[  551.504966][T11715]  __kernfs_create_file+0x53/0x350
[  551.504987][T11715]  cgroup_addrm_files+0x546/0xc20
[  551.505016][T11715]  ? __pfx_cgroup_addrm_files+0x10/0x10
[  551.505034][T11715]  ? irqentry_exit+0x3b/0x90
[  551.505066][T11715]  ? css_next_child+0xcf/0x2d0
[  551.505083][T11715]  ? css_next_descendant_pre+0x58/0x1a0
[  551.505103][T11715]  css_populate_dir+0x343/0x580
[  551.505129][T11715]  cgroup_mkdir+0x5cb/0x11f0
[  551.505153][T11715]  ? __pfx_cgroup_mkdir+0x10/0x10
[  551.505174][T11715]  kernfs_iop_mkdir+0x10e/0x190
[  551.505196][T11715]  ? bpf_lsm_inode_mkdir+0x9/0x10
[  551.505220][T11715]  vfs_mkdir+0x593/0x8c0
[  551.505249][T11715]  do_mkdirat+0x304/0x3e0
[  551.505274][T11715]  ? __pfx_do_mkdirat+0x10/0x10
[  551.505301][T11715]  ? getname_flags.part.0+0x1c5/0x550
[  551.505321][T11715]  __x64_sys_mkdir+0xef/0x140
[  551.505345][T11715]  do_syscall_64+0xcd/0x4c0
[  551.505373][T11715]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  551.505390][T11715] RIP: 0033:0x7f0e0018e929
[  551.505405][T11715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  551.505421][T11715] RSP: 002b:00007f0dfdff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  551.505438][T11715] RAX: ffffffffffffffda RBX: 00007f0e003b5fa0 RCX: 00007f0e0018e929
[  551.505448][T11715] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000400
[  551.505458][T11715] RBP: 00007f0dfdff6090 R08: 0000000000000000 R09: 0000000000000000
[  551.505468][T11715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  551.505477][T11715] R13: 0000000000000000 R14: 00007f0e003b5fa0 R15: 00007ffe28e89618
[  551.505499][T11715]  </TASK>
[  551.505570][T11715] cgroup: cgroup_addrm_files: failed to add cgroup.procs, err=-12
[  551.524951][T11688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  551.567097][  T917] usb 2-1: new low-speed USB device number 52 using dummy_hcd
[  551.595916][   T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  551.631683][T11688] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  551.797565][    C0] vkms_vblank_simulate: vblank timer overrun
[  551.816140][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  551.824447][   T24] usb 4-1: Product: syz
[  551.828974][   T24] usb 4-1: Manufacturer: syz
[  551.833791][   T24] usb 4-1: SerialNumber: syz
[  551.959729][   T24] usb 4-1: config 0 descriptor??
[  551.996189][   T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  552.168989][ T5930] usbhid 7-1:0.0: can't add hid device: -71
[  552.183161][ T5930] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  552.209107][   T24] usb 4-1: qt2_setup_urbs - submit read urb failed -8
[  552.216172][   T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -8
[  552.233946][ T5930] usb 7-1: USB disconnect, device number 31
[  552.330577][   T30] audit: type=1400 audit(1750654696.433:943): avc:  denied  { write } for  pid=11720 comm="syz.0.1528" path="socket:[32924]" dev="sockfs" ino=32924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  552.430108][T11703] netlink: 'syz.3.1523': attribute type 12 has an invalid length.
[  552.553290][T11726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.600892][T11726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  553.688081][  T917] usb 4-1: USB disconnect, device number 49
[  553.762329][T11738] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1533'.
[  554.222565][T11747] FAULT_INJECTION: forcing a failure.
[  554.222565][T11747] name failslab, interval 1, probability 0, space 0, times 0
[  554.257319][T11747] CPU: 0 UID: 0 PID: 11747 Comm: syz.0.1537 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  554.257347][T11747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  554.257358][T11747] Call Trace:
[  554.257364][T11747]  <TASK>
[  554.257371][T11747]  dump_stack_lvl+0x16c/0x1f0
[  554.257402][T11747]  should_fail_ex+0x512/0x640
[  554.257424][T11747]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  554.257450][T11747]  should_failslab+0xc2/0x120
[  554.257476][T11747]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  554.257499][T11747]  ? ptlock_alloc+0x1f/0x70
[  554.257522][T11747]  ptlock_alloc+0x1f/0x70
[  554.257541][T11747]  pte_alloc_one+0x82/0x3a0
[  554.257558][T11747]  __do_fault+0x320/0x490
[  554.257581][T11747]  ? __pfx_filemap_map_pages+0x10/0x10
[  554.257606][T11747]  __handle_mm_fault+0x374c/0x5490
[  554.257632][T11747]  ? __pfx___handle_mm_fault+0x10/0x10
[  554.257652][T11747]  ? lock_vma_under_rcu+0x47d/0x970
[  554.257671][T11747]  ? lock_vma_under_rcu+0x47d/0x970
[  554.257709][T11747]  handle_mm_fault+0x589/0xd10
[  554.257730][T11747]  ? __pkru_allows_pkey+0x41/0xb0
[  554.257755][T11747]  do_user_addr_fault+0x60c/0x1370
[  554.257782][T11747]  ? rcu_is_watching+0x12/0xc0
[  554.257807][T11747]  exc_page_fault+0x5c/0xb0
[  554.257831][T11747]  asm_exc_page_fault+0x26/0x30
[  554.257849][T11747] RIP: 0033:0x7f0e00157e21
[  554.257863][T11747] Code: 4c 17 f0 c3 0f 1f 44 00 00 48 8b 4c 16 f8 48 8b 36 48 89 37 48 89 4c 17 f8 c3 62 e1 fe 28 6f 54 16 ff 62 e1 fe 28 6f 5c 16 fe <62> e1 fe 28 7f 07 62 e1 fe 28 7f 4f 01 62 e1 fe 28 7f 54 17 ff 62
[  554.257880][T11747] RSP: 002b:00007f0dfdff6028 EFLAGS: 00010283
[  554.257897][T11747] RAX: 0000200000ffb020 RBX: 00007f0e003b5fa0 RCX: 0000000000000048
[  554.257908][T11747] RDX: 0000000000000048 RSI: 0000200000000380 RDI: 0000200000ffb020
[  554.257919][T11747] RBP: 00007f0dfdff6090 R08: 0000000000000048 R09: 0000000000000000
[  554.257933][T11747] R10: 0000200000ffb000 R11: 0000200000000380 R12: 0000000000000002
[  554.257943][T11747] R13: 0000000000000000 R14: 00007f0e003b5fa0 R15: 00007ffe28e89618
[  554.257967][T11747]  </TASK>
[  554.259389][T11747] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[  554.413708][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.544284][   T30] audit: type=1400 audit(1750654698.723:944): avc:  denied  { remove_name } for  pid=11744 comm="syz.6.1536" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  554.567120][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.652040][   T30] audit: type=1400 audit(1750654698.723:945): avc:  denied  { unlink } for  pid=11744 comm="syz.6.1536" name="binder1" dev="binder" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  557.312970][T11758] netlink: 'syz.1.1540': attribute type 1 has an invalid length.
[  557.436495][   T30] audit: type=1400 audit(1750654701.583:946): avc:  denied  { write } for  pid=11760 comm="syz.6.1542" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  557.493066][T11767] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  557.504531][   T30] audit: type=1400 audit(1750654701.673:947): avc:  denied  { append } for  pid=11759 comm="syz.5.1541" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  557.585198][T11767] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  558.028296][   T30] audit: type=1400 audit(1750654702.213:948): avc:  denied  { write } for  pid=11772 comm="syz.5.1546" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  558.074273][   T30] audit: type=1400 audit(1750654702.213:949): avc:  denied  { open } for  pid=11772 comm="syz.5.1546" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  558.110360][   T30] audit: type=1400 audit(1750654702.223:950): avc:  denied  { read } for  pid=11772 comm="syz.5.1546" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  558.132767][   T30] audit: type=1800 audit(1750654702.253:951): pid=11774 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.1546" name="/" dev="9p" ino=2 res=0 errno=0
[  558.157220][   T30] audit: type=1400 audit(1750654702.263:952): avc:  denied  { read } for  pid=11772 comm="syz.5.1546" path="socket:[32111]" dev="sockfs" ino=32111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  558.214553][   T24] usb 1-1: new full-speed USB device number 34 using dummy_hcd
[  558.380130][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  558.393615][   T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  558.441473][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  558.473220][   T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  558.488315][   T24] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  558.735573][ T5876] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  558.948232][   T24] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  558.957923][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.969463][ T5876] usb 6-1: Using ep0 maxpacket: 32
[  558.974835][   T24] usb 1-1: Product: syz
[  558.979312][   T24] usb 1-1: Manufacturer: syz
[  558.984408][   T24] usb 1-1: SerialNumber: syz
[  558.989666][ T5876] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  558.998489][ T5876] usb 6-1: config 0 has no interface number 0
[  559.008280][ T5876] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  559.017634][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.030581][   T24] usb 1-1: config 0 descriptor??
[  559.037733][ T5876] usb 6-1: Product: syz
[  559.042216][ T5876] usb 6-1: Manufacturer: syz
[  559.047091][ T5876] usb 6-1: SerialNumber: syz
[  559.054818][ T5863] usb 4-1: new full-speed USB device number 50 using dummy_hcd
[  559.065253][   T24] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input120
[  559.078377][ T5876] usb 6-1: config 0 descriptor??
[  559.091902][ T5876] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  559.219561][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  559.253209][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  559.263338][T11795] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  559.295515][ T5876] usb 6-1: qt2_setup_urbs - submit read urb failed -8
[  559.304516][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  559.322644][ T5876] quatech2 6-1:0.51: probe with driver quatech2 failed with error -8
[  559.332109][   T24] usb 1-1: USB disconnect, device number 34
[  559.340561][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  559.365997][ T5863] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  559.388845][ T5863] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  559.399141][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  559.414849][ T5863] usb 4-1: Product: syz
[  559.419080][ T5863] usb 4-1: Manufacturer: syz
[  559.423775][ T5863] usb 4-1: SerialNumber: syz
[  559.434060][ T5863] usb 4-1: config 0 descriptor??
[  559.444210][ T5863] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input121
[  559.515033][  T917] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  559.534225][T11783] netlink: 'syz.5.1549': attribute type 12 has an invalid length.
[  559.710097][T11798] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  559.815612][T11798] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  559.848472][ T5863] usb 4-1: USB disconnect, device number 50
[  560.062866][  T917] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  560.548236][  T917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  560.559235][  T917] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  560.569068][  T917] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  560.582054][  T917] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  560.591198][  T917] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.627449][  T917] usb 7-1: config 0 descriptor??
[  560.699978][   T30] audit: type=1800 audit(1750654704.883:953): pid=11804 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.1555" name="bus" dev="overlay" ino=1823 res=0 errno=0
[  560.822078][ T5939] usb 6-1: USB disconnect, device number 44
[  561.231253][  T917] plantronics 0003:047F:FFFF.0012: ignoring exceeding usage max
[  561.246019][  T917] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  561.284066][  T917] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  561.697446][   T30] audit: type=1400 audit(1750654705.873:954): avc:  denied  { write } for  pid=11819 comm="syz.3.1560" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  562.228694][T11830] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1561'.
[  562.284553][ T5876] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  562.423738][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  562.430207][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  562.514528][ T5876] usb 6-1: Using ep0 maxpacket: 8
[  562.530259][ T5876] usb 6-1: config 0 has an invalid interface number: 186 but max is 0
[  562.725639][ T5876] usb 6-1: config 0 has no interface number 0
[  562.747526][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  562.772512][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  562.810684][ T5876] usb 6-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  562.882848][ T5876] usb 6-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  562.921065][ T5876] usb 6-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  562.933263][ T5876] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.959847][ T5876] usb 6-1: Product: syz
[  562.974186][ T5876] usb 6-1: Manufacturer: syz
[  562.988722][ T5876] usb 6-1: SerialNumber: syz
[  563.079585][ T5876] usb 6-1: config 0 descriptor??
[  563.308633][ T5876] iowarrior 6-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior1
[  563.409684][   T30] audit: type=1400 audit(1750654707.593:955): avc:  denied  { bind } for  pid=11835 comm="syz.6.1564" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  563.431617][   T24] usb 7-1: USB disconnect, device number 32
[  563.438059][ T5863] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  563.664641][ T5863] usb 4-1: device descriptor read/64, error -71
[  563.743997][ T5876] usb 6-1: USB disconnect, device number 45
[  563.906947][   T30] audit: type=1400 audit(1750654708.093:956): avc:  denied  { write } for  pid=11838 comm="syz.6.1565" name="usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  563.931934][ T5863] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  563.959220][   T30] audit: type=1400 audit(1750654708.133:957): avc:  denied  { map } for  pid=11838 comm="syz.6.1565" path="/dev/usbmon7" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  564.041661][T11844] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1566'.
[  564.094650][ T5863] usb 4-1: device descriptor read/64, error -71
[  564.170279][T11849] FAULT_INJECTION: forcing a failure.
[  564.170279][T11849] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  564.187644][T11849] CPU: 0 UID: 0 PID: 11849 Comm: syz.1.1568 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  564.187669][T11849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  564.187678][T11849] Call Trace:
[  564.187683][T11849]  <TASK>
[  564.187687][T11849]  dump_stack_lvl+0x16c/0x1f0
[  564.187707][T11849]  should_fail_ex+0x512/0x640
[  564.187723][T11849]  _copy_from_user+0x2e/0xd0
[  564.187738][T11849]  generic_map_update_batch+0x380/0x610
[  564.187757][T11849]  ? __pfx_generic_map_update_batch+0x10/0x10
[  564.187773][T11849]  ? __pfx_generic_map_update_batch+0x10/0x10
[  564.187788][T11849]  bpf_map_do_batch+0x5b1/0x680
[  564.187801][T11849]  __sys_bpf+0x15f3/0x4d80
[  564.187816][T11849]  ? __pfx___sys_bpf+0x10/0x10
[  564.187830][T11849]  ? ksys_write+0x190/0x250
[  564.187846][T11849]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  564.187869][T11849]  ? fput+0x70/0xf0
[  564.187885][T11849]  ? ksys_write+0x1ac/0x250
[  564.187897][T11849]  ? __pfx_ksys_write+0x10/0x10
[  564.187912][T11849]  __x64_sys_bpf+0x78/0xc0
[  564.187929][T11849]  ? lockdep_hardirqs_on+0x7c/0x110
[  564.187944][T11849]  do_syscall_64+0xcd/0x4c0
[  564.187960][T11849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  564.187971][T11849] RIP: 0033:0x7fc370d8e929
[  564.187980][T11849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  564.187991][T11849] RSP: 002b:00007fc371c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  564.188001][T11849] RAX: ffffffffffffffda RBX: 00007fc370fb5fa0 RCX: 00007fc370d8e929
[  564.188008][T11849] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[  564.188015][T11849] RBP: 00007fc371c0e090 R08: 0000000000000000 R09: 0000000000000000
[  564.188021][T11849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  564.188027][T11849] R13: 0000000000000000 R14: 00007fc370fb5fa0 R15: 00007ffcfb6436e8
[  564.188039][T11849]  </TASK>
[  564.381675][    C0] vkms_vblank_simulate: vblank timer overrun
[  564.391992][ T5863] usb usb4-port1: attempt power cycle
[  564.586448][   T30] audit: type=1800 audit(1750654708.773:958): pid=11858 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.1571" name="bus" dev="overlay" ino=1717 res=0 errno=0
[  564.794526][ T5863] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  565.119517][T11862] overlayfs: failed to resolve './file0': -2
[  567.646144][ T5863] usb 4-1: device descriptor read/8, error -71
[  567.744989][T11865] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.1573'.
[  568.034557][   T92] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[  568.207104][T11875] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  568.349136][T11875] bridge: RTM_NEWNEIGH with unconfigured vlan 1 on bridge0
[  568.361264][  T917] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  568.586088][  T917] usb 6-1: Using ep0 maxpacket: 8
[  568.690666][  T917] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 3
[  568.764409][  T917] usb 6-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  568.785252][  T917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.796725][  T917] usb 6-1: Product: syz
[  568.800984][  T917] usb 6-1: Manufacturer: syz
[  568.812628][  T917] usb 6-1: SerialNumber: syz
[  568.820775][  T917] usb 6-1: config 0 descriptor??
[  568.831526][  T917] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  568.880457][   T92] usb 7-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  568.881796][  T917] usb 6-1: setting power ON
[  568.890298][   T92] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  568.907453][   T92] usb 7-1: config 0 descriptor??
[  568.915590][   T92] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  568.930350][  T917] dvb-usb: bulk message failed: -22 (2/0)
[  568.950571][  T917] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  568.994973][  T917] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  569.121220][T11873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.153690][T11869] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1575'.
[  569.171033][T11873] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.191782][  T917] usb 6-1: media controller created
[  569.419416][T11873] dvb-usb: bulk message failed: -22 (3/0)
[  569.434484][T11873] cxusb: i2c rd: len=99 is too big!
[  569.434484][T11873] 
[  569.444380][  T917] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  569.481692][  T917] usb 6-1: selecting invalid altsetting 6
[  569.507496][  T917] usb 6-1: digital interface selection failed (-22)
[  569.519462][  T917] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  569.545859][  T917] usb 6-1: setting power OFF
[  569.552428][   T92] gp8psk: usb in 128 operation failed.
[  569.567264][  T917] dvb-usb: bulk message failed: -22 (2/0)
[  569.576126][   T92] gp8psk: usb in 137 operation failed.
[  569.581527][  T917] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  569.581630][   T92] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  569.601268][  T917] (NULL device *): no alternate interface
[  569.604146][   T92] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  569.633394][   T92] usb 7-1: USB disconnect, device number 33
[  569.666621][  T917] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  569.725423][  T917] usb 6-1: USB disconnect, device number 46
[  570.780825][T11909] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1585'.
[  570.844858][   T30] audit: type=1800 audit(1750654715.003:959): pid=11910 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.1586" name="bus" dev="overlay" ino=1347 res=0 errno=0
[  570.970006][T11912] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1585'.
[  571.838278][T11918] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1587'.
[  571.847371][T11918] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1587'.
[  571.994584][T11922] netlink: 84 bytes leftover after parsing attributes in process `syz.0.1590'.
[  572.144055][T11926] binder: BINDER_SET_CONTEXT_MGR already set
[  572.144120][T11926] binder: 11924:11926 ioctl 4018620d 2000000002c0 returned -16
[  572.483496][T11927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1589'.
[  572.674938][T11935] netlink: 'syz.0.1593': attribute type 2 has an invalid length.
[  572.685487][T11935] netlink: 244 bytes leftover after parsing attributes in process `syz.0.1593'.
[  572.774837][   T30] audit: type=1400 audit(1750654716.953:960): avc:  denied  { ioctl } for  pid=11937 comm="syz.5.1594" path="socket:[32567]" dev="sockfs" ino=32567 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  572.874674][   T30] audit: type=1400 audit(1750654716.953:961): avc:  denied  { bind } for  pid=11937 comm="syz.5.1594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  573.508480][   T30] audit: type=1400 audit(1750654717.663:962): avc:  denied  { unmount } for  pid=7185 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  573.578845][T11948] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1596'.
[  573.696611][T11948] team0: No ports can be present during mode change
[  573.738460][T11949] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1596'.
[  576.460718][T11949] team0 (unregistering): Port device team_slave_1 removed
[  576.487077][T11959] netlink: 'syz.6.1599': attribute type 1 has an invalid length.
[  576.495114][T11959] netlink: 'syz.6.1599': attribute type 101 has an invalid length.
[  576.503041][T11959] netlink: 572 bytes leftover after parsing attributes in process `syz.6.1599'.
[  576.755977][ T5939] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  577.312445][T11966] FAULT_INJECTION: forcing a failure.
[  577.312445][T11966] name failslab, interval 1, probability 0, space 0, times 0
[  577.325991][T11966] CPU: 1 UID: 0 PID: 11966 Comm: syz.1.1601 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  577.326015][T11966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  577.326026][T11966] Call Trace:
[  577.326032][T11966]  <TASK>
[  577.326039][T11966]  dump_stack_lvl+0x16c/0x1f0
[  577.326070][T11966]  should_fail_ex+0x512/0x640
[  577.326093][T11966]  ? __kmalloc_noprof+0xbf/0x510
[  577.326118][T11966]  ? sock_kmalloc+0x111/0x170
[  577.326134][T11966]  should_failslab+0xc2/0x120
[  577.326158][T11966]  __kmalloc_noprof+0xd2/0x510
[  577.326178][T11966]  ? do_raw_spin_lock+0x12c/0x2b0
[  577.326202][T11966]  sock_kmalloc+0x111/0x170
[  577.326221][T11966]  af_alg_alloc_areq+0xbc/0x2e0
[  577.326246][T11966]  skcipher_recvmsg+0x32b/0x1030
[  577.326282][T11966]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  577.326308][T11966]  ? lockdep_hardirqs_on+0x7c/0x110
[  577.326332][T11966]  ? skcipher_check_key.isra.0+0x78/0x1e0
[  577.326357][T11966]  ? __local_bh_enable_ip+0xa4/0x120
[  577.326382][T11966]  skcipher_recvmsg_nokey+0x66/0x90
[  577.326410][T11966]  sock_recvmsg+0x1f9/0x250
[  577.326429][T11966]  __sys_recvfrom+0x203/0x310
[  577.326453][T11966]  ? __pfx___sys_recvfrom+0x10/0x10
[  577.326498][T11966]  ? ksys_write+0x1ac/0x250
[  577.326521][T11966]  ? __pfx_ksys_write+0x10/0x10
[  577.326545][T11966]  __x64_sys_recvfrom+0xe0/0x1c0
[  577.326567][T11966]  ? do_syscall_64+0x91/0x4c0
[  577.326591][T11966]  ? lockdep_hardirqs_on+0x7c/0x110
[  577.326615][T11966]  do_syscall_64+0xcd/0x4c0
[  577.326642][T11966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  577.326660][T11966] RIP: 0033:0x7fc370d8e929
[  577.326675][T11966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  577.326691][T11966] RSP: 002b:00007fc371b83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  577.326708][T11966] RAX: ffffffffffffffda RBX: 00007fc370fb6160 RCX: 00007fc370d8e929
[  577.326720][T11966] RDX: ffffffffffffffbf RSI: 00002000000030c0 RDI: 0000000000000008
[  577.326730][T11966] RBP: 00007fc371b83090 R08: 0000000000000000 R09: ffffffffffffffb5
[  577.326741][T11966] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  577.326751][T11966] R13: 0000000000000001 R14: 00007fc370fb6160 R15: 00007ffcfb6436e8
[  577.326775][T11966]  </TASK>
[  577.881715][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.912711][ T5939] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  578.550865][ T5939] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  578.576376][ T5939] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  578.651028][ T5939] usb 4-1: config 0 descriptor??
[  579.619569][ T5939] usbhid 4-1:0.0: can't add hid device: -32
[  579.619626][ T5939] usbhid 4-1:0.0: probe with driver usbhid failed with error -32
[  579.909040][ T5939] usb 4-1: USB disconnect, device number 55
[  579.927300][   T30] audit: type=1400 audit(1750654724.083:963): avc:  denied  { getopt } for  pid=11993 comm="syz.6.1608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  579.950353][T11994] batman_adv: batadv0: Adding interface: vxlan0
[  579.957286][T11994] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  580.033144][   T30] audit: type=1400 audit(1750654724.183:964): avc:  denied  { write } for  pid=11989 comm="syz.5.1607" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  580.065026][T11994] batman_adv: batadv0: Not using interface vxlan0 (retrying later): interface not active
[  580.568614][T12007] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1611'.
[  580.762052][T12014] netlink: 'syz.5.1614': attribute type 1 has an invalid length.
[  580.772965][T12014] netlink: 'syz.5.1614': attribute type 101 has an invalid length.
[  580.781084][T12014] netlink: 572 bytes leftover after parsing attributes in process `syz.5.1614'.
[  580.936067][T12016] wg2: entered allmulticast mode
[  582.664877][T12027] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1617'.
[  582.850570][   T30] audit: type=1400 audit(1750654727.023:965): avc:  denied  { setattr } for  pid=12029 comm="syz.5.1620" name="seq" dev="devtmpfs" ino=1278 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  582.874023][    C1] vkms_vblank_simulate: vblank timer overrun
[  583.254688][   T24] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  583.552505][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  583.663204][   T24] usb 6-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82
[  583.747308][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.787113][   T24] usb 6-1: config 0 descriptor??
[  583.818819][   T24] smsusb:smsusb_probe: board id=8, interface number 0
[  583.887833][   T24] smsusb:smsusb_probe: Device initialized with return code -19
[  584.065524][T12050] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1616'.
[  584.113873][   T24] usb 6-1: USB disconnect, device number 47
[  584.202862][   T30] audit: type=1400 audit(1750654728.383:966): avc:  denied  { read write } for  pid=12051 comm="syz.3.1626" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  584.226500][    C1] vkms_vblank_simulate: vblank timer overrun
[  584.248511][   T30] audit: type=1400 audit(1750654728.383:967): avc:  denied  { open } for  pid=12051 comm="syz.3.1626" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  584.321888][   T30] audit: type=1400 audit(1750654728.503:968): avc:  denied  { write } for  pid=12054 comm="syz.1.1627" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  584.366984][ T5939] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  584.479641][T12057] netlink: 'syz.6.1628': attribute type 1 has an invalid length.
[  584.487568][T12057] netlink: 'syz.6.1628': attribute type 101 has an invalid length.
[  584.495558][T12057] netlink: 572 bytes leftover after parsing attributes in process `syz.6.1628'.
[  584.506145][ T5863] usb 4-1: new full-speed USB device number 56 using dummy_hcd
[  584.630165][ T5939] usb 1-1: Using ep0 maxpacket: 32
[  584.818804][ T5863] usb 4-1: not running at top speed; connect to a high speed hub
[  584.847628][ T5863] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  584.912318][ T5939] usb 1-1: config 0 has no interfaces?
[  584.913640][ T5863] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  584.968163][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  584.990292][ T5939] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  584.998523][ T5863] usb 4-1: Product: ⭵䅅옮ᣆ뷞뵸뎸⺃⧬䙢鉢馣ቋꖦ驑잗䬘捵嶵ࣆ෫籔ᬒ歛픮殂⣊쏊䘥衐㿤权륢饄磊祙槦缪爬悂廲俣䆕噡Ⲟ癀쯡㎽ㅓ膀뚣퍟༉岾牴ෘဧ鹳亵㭃葻掽Ꚅ䠝㯙썍珟ࢌᔟꦀ踏贽܋¾䶺敵孻帚磺㧜툎俋腧쿖዇条⵿홲
[  585.034226][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.044131][ T5939] usb 1-1: Product: syz
[  585.055785][ T5939] usb 1-1: Manufacturer: syz
[  585.062570][ T5939] usb 1-1: SerialNumber: syz
[  585.359614][ T5863] usb 4-1: Manufacturer: ࠌ
[  585.368733][ T5863] usb 4-1: SerialNumber: Ћ
[  585.369402][ T5939] usb 1-1: config 0 descriptor??
[  585.699067][T12049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.805613][   T30] audit: type=1400 audit(1750654729.953:969): avc:  denied  { ioctl } for  pid=12051 comm="syz.3.1626" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0x534e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  585.872779][T12049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.008553][ T5939] usb 1-1: USB disconnect, device number 35
[  586.167112][   T30] audit: type=1400 audit(1750654729.963:970): avc:  denied  { ioctl } for  pid=12051 comm="syz.3.1626" path="socket:[33655]" dev="sockfs" ino=33655 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  586.354840][ T5863] usb 4-1: USB disconnect, device number 56
[  587.060599][T12085] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1636'.
[  587.070071][ T5939] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  587.381978][   T30] audit: type=1400 audit(1750654731.563:971): avc:  denied  { read } for  pid=12082 comm="syz.3.1635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  587.874507][  T917] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  587.916739][ T5939] usb 2-1: Using ep0 maxpacket: 8
[  587.937728][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  588.137639][   T30] audit: type=1400 audit(1750654732.293:972): avc:  denied  { accept } for  pid=12090 comm="syz.6.1638" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  588.330282][  T917] usb 6-1: Using ep0 maxpacket: 32
[  588.807043][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  588.817017][ T5939] usb 2-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00
[  588.827198][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.835777][  T917] usb 6-1: config 0 has an invalid interface number: 184 but max is 0
[  588.843966][  T917] usb 6-1: config 0 has no interface number 0
[  588.856001][  T917] usb 6-1: config 0 interface 184 has no altsetting 0
[  588.870615][  T917] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  588.880158][  T917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  588.898982][ T5939] usb 2-1: config 0 descriptor??
[  588.934572][  T917] usb 6-1: Product: syz
[  588.969180][  T917] usb 6-1: Manufacturer: syz
[  588.990332][  T917] usb 6-1: SerialNumber: syz
[  589.169346][  T917] usb 6-1: config 0 descriptor??
[  589.599286][ T5939] chicony 0003:04F2:0418.0013: unknown main item tag 0x0
[  589.617075][   T30] audit: type=1400 audit(1750654733.803:973): avc:  denied  { ioctl } for  pid=12103 comm="syz.0.1641" path="/dev/sg0" dev="devtmpfs" ino=761 ioctlcmd=0x2284 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  589.647115][ T5939] chicony 0003:04F2:0418.0013: reserved main item tag 0xe
[  589.656429][  T917] smsc75xx v1.0.0
[  589.734658][ T5939] chicony 0003:04F2:0418.0013: unknown main item tag 0x0
[  589.786250][ T5939] chicony 0003:04F2:0418.0013: unbalanced collection at end of report description
[  589.886026][ T5939] chicony 0003:04F2:0418.0013: Chicony hid parse failed: -22
[  589.926234][ T5939] chicony 0003:04F2:0418.0013: probe with driver chicony failed with error -22
[  590.284155][  T917] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  590.295315][  T917] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  590.513189][T12081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.522560][  T917] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32
[  590.534588][  T917] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32
[  590.536402][T12081] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  590.544192][  T917] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32
[  590.563486][  T917] smsc75xx 6-1:0.184: probe with driver smsc75xx failed with error -32
[  590.760939][T12129] hpfs: Bad magic ... probably not HPFS
[  590.826754][  T917] usb 6-1: USB disconnect, device number 48
[  591.169395][T12131] No source specified
[  591.243636][  T917] usb 2-1: USB disconnect, device number 53
[  623.899808][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  623.906154][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  696.594426][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  696.601393][    C1] rcu: 	0-...!: (0 ticks this GP) idle=c5ac/1/0x4000000000000000 softirq=68198/68198 fqs=0
[  696.612371][    C1] rcu: 	(detected by 1, t=10506 jiffies, g=47053, q=103 ncpus=2)
[  696.620094][    C1] Sending NMI from CPU 1 to CPUs 0:
[  696.620119][    C0] NMI backtrace for cpu 0
[  696.620131][    C0] CPU: 0 UID: 0 PID: 7238 Comm: kworker/u8:18 Not tainted 6.16.0-rc2-syzkaller-00378-gb67ec639010f #0 PREEMPT(full) 
[  696.620148][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  696.620159][    C0] Workqueue: bat_events batadv_nc_worker
[  696.620180][    C0] RIP: 0010:its_return_thunk+0x0/0x10
[  696.620198][    C0] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc <c3> cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 e9 5b fd a8 f5 cc
[  696.620212][    C0] RSP: 0000:ffffc90000007d48 EFLAGS: 00000046
[  696.620222][    C0] RAX: 0000000000000001 RBX: ffff88802fead3c0 RCX: 0000000000000001
[  696.620232][    C0] RDX: 0000000000000000 RSI: ffff888028695300 RDI: ffff88802fead3c0
[  696.620242][    C0] RBP: ffff888028695300 R08: 0000000000000005 R09: 0000000000000000
[  696.620252][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88802feac880
[  696.620261][    C0] R13: ffff88802fead370 R14: 00000000ffffffff R15: 0000000000000002
[  696.620270][    C0] FS:  0000000000000000(0000) GS:ffff888124753000(0000) knlGS:0000000000000000
[  696.620285][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  696.620295][    C0] CR2: 0000000000000000 CR3: 000000007bfb9000 CR4: 00000000003526f0
[  696.620305][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  696.620313][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  696.620322][    C0] Call Trace:
[  696.620328][    C0]  <IRQ>
[  696.620334][    C0]  lock_is_held_type+0xb0/0x150
[  696.620356][    C0]  ? __pfx_advance_sched+0x10/0x10
[  696.620372][    C0]  advance_sched+0x7b1/0xc80
[  696.620388][    C0]  ? find_held_lock+0x2b/0x80
[  696.620406][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  696.620421][    C0]  ? __pfx_advance_sched+0x10/0x10
[  696.620436][    C0]  __hrtimer_run_queues+0x202/0xad0
[  696.620453][    C0]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  696.620468][    C0]  ? read_tsc+0x9/0x20
[  696.620485][    C0]  hrtimer_interrupt+0x397/0x8e0
[  696.620505][    C0]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[  696.620526][    C0]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  696.620544][    C0]  </IRQ>
[  696.620548][    C0]  <TASK>
[  696.620554][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  696.620570][    C0] RIP: 0010:lock_release+0x183/0x2f0
[  696.620589][    C0] Code: 0f c1 05 78 9a 34 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 8d 58 34 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
[  696.620602][    C0] RSP: 0000:ffffc90003327a70 EFLAGS: 00000206
[  696.620613][    C0] RAX: 1511bdbd27c05c00 RBX: ffffffff8e5c4940 RCX: ffffc90003327a7c
[  696.620622][    C0] RDX: 0000000000000002 RSI: ffffffff8ddf4c93 RDI: ffffffff8c157aa0
[  696.620631][    C0] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  696.620640][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b4d4545
[  696.620648][    C0] R13: 0000000000000206 R14: ffff88802feac880 R15: 0000000000000003
[  696.620658][    C0]  ? batadv_nc_process_nc_paths.part.0+0x215/0x3e0
[  696.620681][    C0]  ? __pfx_batadv_nc_sniffed_purge+0x10/0x10
[  696.620697][    C0]  batadv_nc_process_nc_paths.part.0+0x21a/0x3e0
[  696.620718][    C0]  batadv_nc_worker+0xd71/0x1030
[  696.620736][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  696.620753][    C0]  ? lock_acquire+0x62/0x350
[  696.620773][    C0]  ? rcu_is_watching+0x12/0xc0
[  696.620791][    C0]  process_one_work+0x9cc/0x1b70
[  696.620809][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  696.620826][    C0]  ? __pfx_process_one_work+0x10/0x10
[  696.620842][    C0]  ? assign_work+0x1a0/0x250
[  696.620863][    C0]  worker_thread+0x6c8/0xf10
[  696.620887][    C0]  ? __pfx_worker_thread+0x10/0x10
[  696.620900][    C0]  kthread+0x3c2/0x780
[  696.620912][    C0]  ? __pfx_kthread+0x10/0x10
[  696.620925][    C0]  ? rcu_is_watching+0x12/0xc0
[  696.620940][    C0]  ? __pfx_kthread+0x10/0x10
[  696.620952][    C0]  ret_from_fork+0x5d4/0x6f0
[  696.620970][    C0]  ? __pfx_kthread+0x10/0x10
[  696.620983][    C0]  ret_from_fork_asm+0x1a/0x30
[  696.621003][    C0]  </TASK>
[  696.621120][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10505 jiffies! g47053 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  697.034552][    C1] rcu: 	Possible timer handling issue on cpu=0 timer-softirq=37308
[  697.042626][    C1] rcu: rcu_preempt kthread starved for 10506 jiffies! g47053 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
[  697.053995][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  697.063957][    C1] rcu: RCU grace-period kthread stack dump:
[  697.069834][    C1] task:rcu_preempt     state:I stack:28008 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  697.082271][    C1] Call Trace:
[  697.085547][    C1]  <TASK>
[  697.088482][    C1]  __schedule+0x116a/0x5de0
[  697.092995][    C1]  ? __pfx___schedule+0x10/0x10
[  697.097856][    C1]  ? __pfx___schedule+0x10/0x10
[  697.102719][    C1]  ? irqentry_exit+0x3b/0x90
[  697.107309][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  697.112514][    C1]  ? find_held_lock+0x2b/0x80
[  697.117194][    C1]  ? schedule+0x2d7/0x3a0
[  697.121524][    C1]  schedule+0xe7/0x3a0
[  697.125592][    C1]  schedule_timeout+0x123/0x290
[  697.130440][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  697.135811][    C1]  ? __pfx_process_timeout+0x10/0x10
[  697.141097][    C1]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  697.146909][    C1]  ? prepare_to_swait_event+0xf5/0x480
[  697.152374][    C1]  rcu_gp_fqs_loop+0x1ea/0xb00
[  697.157144][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  697.162432][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  697.167632][    C1]  ? __pfx_rcu_gp_init+0x10/0x10
[  697.172571][    C1]  ? rcu_gp_cleanup+0x7c1/0xd90
[  697.177431][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  697.183241][    C1]  rcu_gp_kthread+0x270/0x380
[  697.187924][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  697.193126][    C1]  ? rcu_is_watching+0x12/0xc0
[  697.197888][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  697.203086][    C1]  ? __kthread_parkme+0x19e/0x250
[  697.208120][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  697.213323][    C1]  kthread+0x3c2/0x780
[  697.217385][    C1]  ? __pfx_kthread+0x10/0x10
[  697.221969][    C1]  ? rcu_is_watching+0x12/0xc0
[  697.226732][    C1]  ? __pfx_kthread+0x10/0x10
[  697.231324][    C1]  ret_from_fork+0x5d4/0x6f0
[  697.235917][    C1]  ? __pfx_kthread+0x10/0x10
[  697.240502][    C1]  ret_from_fork_asm+0x1a/0x30
[  697.245271][    C1]  </TASK>