last executing test programs:

9m27.160599803s ago: executing program 4 (id=421):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f000001aa40)=""/102400, 0x19000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/meminfo\x00', 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x387442, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff})
io_uring_enter(0xffffffffffffffff, 0x46f3, 0x0, 0x0, 0x0, 0x0)
write(r1, &(0x7f0000000200)='~', 0x1)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x6, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f00000008c0)={0xc0})

9m26.625756622s ago: executing program 4 (id=425):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x2, 0x82002)
ioctl$VIDIOC_G_STD(r0, 0x80085617, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0x400}, 0x18)
mount$bpf(0x0, 0x0, 0x0, 0x120c060, 0x0)
recvmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000001fc0)=""/4096, 0x1000}], 0x1}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000680)=@base={0xa, 0x16, 0xb4, 0x3}, 0x50)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c2000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000004440)=@base={0x5, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r6, 0x2, 0x1}, 0x48)

9m25.593187447s ago: executing program 4 (id=433):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r0, 0x0, 0xb, 0x0, &(0x7f00000000c0)="ff07000000000000ab5bec", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

9m23.991269603s ago: executing program 4 (id=436):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe)
sendmmsg$sock(r0, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r0, 0x1)

9m23.308809549s ago: executing program 4 (id=438):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r3, 0x107, 0x17, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x5}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_ECN={0x8, 0xa, 0x1}]}}]}, 0x44}}, 0x400c4)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0, <r7=>0x0], &(0x7f0000000540), 0x0, 0x2, 0x0, 0x0, r6})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r8, 0x0, 0x80, &(0x7f0000000d00)=@nat={'nat\x00', 0x19, 0x7fffffe, 0x90, [0x200000000c40, 0x0, 0x0, 0x200000000c70, 0x200000000ca0], 0x0, 0x0, 0x0}, 0x108)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r5, 0xc01064ab, &(0x7f0000000e00)={0x1, r7, r6})
sendmmsg$inet6(r0, &(0x7f00000033c0)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x4, @local, 0x4}, 0x1c, &(0x7f0000000140), 0x0, &(0x7f00000005c0)=[@hopopts_2292={{0x20, 0x29, 0x36, {0x2b, 0x0, '\x00', [@jumbo={0xc2, 0x4, 0x4}]}}}, @rthdrdstopts={{0x40, 0x29, 0x37, {0x6, 0x5, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @jumbo={0xc2, 0x4, 0x800}, @ra={0x5, 0x2, 0xfbff}]}}}, @rthdr_2292={{0x88, 0x29, 0x39, {0x8, 0xe, 0x0, 0xfb, 0x0, [@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @rand_addr=' \x01\x00', @mcast1, @private0, @mcast2, @private2, @private1]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x33, 0x0, '\x00', [@pad1]}}}, @rthdr_2292={{0x58, 0x29, 0x39, {0x5a, 0x8, 0x1, 0x74, 0x0, [@remote, @local, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}]}}}, @rthdr={{0x98, 0x29, 0x39, {0x1d, 0x10, 0x1, 0x7, 0x0, [@rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private1, @remote, @mcast2, @mcast1, @empty, @empty]}}}], 0x210}}, {{&(0x7f00000001c0)={0xa, 0x4e24, 0x6, @empty, 0xfffffff9}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000200)="444b15dc7299d0250d725cf1b04cf577b8a49acfe47415b45e892ffd0c22c52c196ab91ede5f2732ed82121a584b6457ebe6de302f790a71ccd489a5bad102d47ffa1fda5617da61c8c35aa21c9441fb9c2b83f8af3ba22dd16bb02c0c66a746ce60a4ad74ca366fcae5b15a0ae2eb17fb123cf41e96f266ee81c497f380d688", 0x80}, {&(0x7f0000000300)="a77bc0f9dc29278a92547230f66cb0d7305461c4bb6b8f67540e137ba8c7a464976faa75d3fe187cb237fb8350e008c60cf2e1d4110e6b56fcd1dc910d6da2247fe2f011503eebc69eb2cc6df358950cb050e4887ef1c0922893", 0x5a}, {&(0x7f0000000440)="c031ee26aa14d7dc00741d1fe679d0c1ac280fbb5410d52d73407f416eeff83db040b49538355b7d8b514fab2d675e1bb69f2ed220f876369954a2aeaad3c3ca25d444ebd965d36c091c7dc99acf2f8027f2e099c614b3fd6663d0e93e93c5e934043df7a47a2f08d747b0", 0x6b}, {&(0x7f00000004c0)="4237e6c48bda9e6b1ce17708e893d6a49231b94dc9efe79094f2316e9754fe2d3b53fbe2191d2f2b173732c2e04e1da5d915f93ed237d6574a37343a41219c7bc088dbf682fc4e39813fa8075d6cac069fbec9f0d444d9656d69057f5da3b35c3ccec13cb21330978f7c33cd7e5b973ed8edf09d0d2cb98371e949bc4e17c243db6870f457f7", 0x86}, {&(0x7f0000000800)="9af56f12b87e80359e4fa437b968bd3826145c12beffd074d64ba92607c6087da510b90f0a98faeb0b746ef057ffc28390476b359d708800c217caccaae7922e5d64242a4363396c8521ee9886b7e89df5f29b91882d16ab7ea35bee099d7b26b20df23916f12aa0810c2600fd63d5bf8f304184705c159f3090d068b78bc84f76b330e4754206078682fba1fd73", 0x8e}, {&(0x7f0000000280)="53d3fa99e0cb1b4bd6541dae64fc45f27c606ba376c45954bdb401f77c575e04b944dd389a82fdc5fcd7", 0x2a}], 0x6}}, {{&(0x7f0000000940)={0xa, 0x4e20, 0x3, @private2={0xfc, 0x2, '\x00', 0x1}, 0xffff7fff}, 0x1c, &(0x7f0000001d80)=[{&(0x7f0000000980)="3fd4b6ac6a0a5ba30a2e65e926dd67075a61e528893e8356d4002c922bc2ace95f6b0d53429799cb0f3dca9bd3b828e9b8c27f01662aae77a24f27d58b1b2d78a3b67cb020d17a783c7ab04195b13bdc7bbd8d6b47051b4acc133a7ae239d3d491fc9e67077a01966e653b4aae9bf8e36c482bc3dc10d02cc41b2d9ee86b3f678eb684c4251ef6826baf9182981d755826272a", 0x93}, {&(0x7f0000000a40)="c2eb4daa1be1550d380332cfb083f25f54534f704565a1ece745dbc703db11dda022bd26b0cdc1f6eaa42a7ef681a56ca495401f1a3ff61337694e0ff92a0673a64581479e4ec70c2f54c568892e1ccc606b31c939ce137ce0e9a15fbdcecd8235d636050ed66f45300a1252eb97801e931fbc89b33cd013146ec4ae6c0aab9745ae9fed47831952f49e391c413346", 0x8f}, {&(0x7f0000000b00)}, {&(0x7f0000000b40)="6368830de41e99ad2ef0be5821a705c0c7ea0c3a6891bf1fecae6dca6d4193236caff189967e23141f637d0d4839782dc3722d41b710493ce80385dd093a6a21663465aabd1d4e4ab52a4a566a0662bd3379bb2993d8dc5ae3415d466f7c6953e707a5a3667beac842c3f593cdcd15d59849a19a1a69e03735aa197bce5fbb9a73e01791c94a9d054ef47b5f176b1a3cef4d341b44aafff1473e4b492643acbe3785aa93e097c6107eaebc1722389c0d23dc7239ea7741480f1b31142851a7489bb19dcbbf8507edfa8b326b90fc0132f05a", 0xd2}, {&(0x7f0000000c40)="9dd1433311d48abc5832a60c4addd55a5ee54c84774b39def610a661a0cd5806eb251a0f816ff19a6b53ee3fff70b1f9577ef97acec82bdc962781d414494d24f0db79a9228f0e98a5a3d799db13a7846b946a99ed9c7006568d7ca6ec2b84c86a34cf7e2abe2017779f6154a1d9349b19f572c52687dbb10967fc4d29e14f0a282ba28d4cc41665a8d1fe90eca1a4e15558ddc10ef0d5e8bfa43fde03341e471cf79be8133d6dcf487e576b4a847d15d8f64b7e3ac56447e19a367cacb4ec23c5e8050cc9f511cd7da664eb8a4617888dd5c3ce570f780e41714aa7a2c51122961b8a359da53e83d1c91fa64051cb6012a252679edd1c61d26d899da9eaa0fe8e368ae059e085bb014267d3dd4220a71ea0ad5510b1f648e209ff6802348200d95467f2f01be17afe104f9d74d837a715e44f218327b472e10aa2b64c2fc57662e1ad15462e345da5cff69450f432ee83aeaa462b5866449eb37946de0b1db9d6562ceab780bc2c8f09c94cba009a4977d63f7a156f6dbf05bf227aa696776eb85b28b8f33e212bc4dbcb65d136c56da4d659934ba5e6be6b6898e89d260936a175448b2fd85d167be210eecf8cca9c6a3017ff652086a7477541c9998b3c8d5f14df4f0418ce9fb203016be257720972109e30571f60172f3adadea6b4daef64e8b8042b9d7ff4789459524d462b8c0d5e5e4d2b30720b98a7626847da6c344049d7fd8119ab7c1d6de169b53bb3ea9c94847e5bb9f7f0d53d31b508f887cba710e7eca05ad73af4a1408512961419c6ead216ae073d19170b332c0fadc2aee85ef46b52974f061a29a6535317ee4b7e50db3848b2be315fd7c050701d4bcfc0c7e2bc1bb614bf7645c0c324b4667b9e23dba336f15fb23d356b6a191307856e91e6c0ea060ad913f4fe22eb5890ceecb2d5f7811f1ab75345afe0af1e5ab6491d7f7c23593e8b61420273fb44aa75cb0b0f31289fdfb4a3f789fc1a545535d139ae42be8638fd46a9c9e3a2cd275683d1d906d6e0cad706af502a4c31619a34159deaf56e8509e82ecac67f4a96304841a9c7f400863e98b7735c866b8d4784a847718b9800ba8af013acedc5f0442b8bc812c2e5618d1754ea8e1ea15f78d3a2a04e746d8674973a28bcfb1f8014a06adf3ffb186919ac3f48e34a23b8aa35512070bbec8b0fe336b1737dda0dd5503bc693486ff92274a3c74f3df3167d8109303418cd6dbf73c6ab9d9290c46a706d1cf36d12fef7c876adc2f8a6b540d00615cbbf176b5dc28dd3df4251ba1d6abeb26ae79f79ebe3b5aa4b52b1cff2b099c81b25b57dc08649da00d5e10cde64f464abd4899edc3fdb89e17f19fd80ccf7f6c7b2e5cc6fbe6d4443fcb49ecc0c11b4c4b22b463ebc692470791a3ce0b1ab89cd45f70b8eb3d2142160119e06708ea8e98fdb2cf171811668ec898138a58ccdd9a052160220a8a643e95108f7789ca7ad92113f4830cbb9ac382a5350590bdbcc2a9184139018bfcce590aad18871d3f76ed584b6af7218cf71d50fe4fd596e0add7a0ce1ae0591952976b0c609939f4ba02ef824b6469ef94ee90f4d1e283847acf4eb178f550d7c8bf0deb21106888bed0fbe43fda57bb396195b6c7b5859bd4d454cf29809fcbf590dc07b2aa31cc4d3fd318269f6b9e28c05ffa27b5e29050137a693158909fe6241fc4d428bd210cee4e6dc9847994a1d20b1cda646b08061e9481521ff9ead95e6959ca4a79b2cb8129709a529d85e56043a0d5ef2d19fcbbc045a32bb8c10c809e8299286a30aed5faf5ed463b3c43fbbc8e823f00bcb42ce678e3473f412ac96ff4d43b5bef5787f06bafaa9a5c0983e86da3127de6533cb0f86f1faae5c7a6080d6213312b2acf4698bc2e1420bfd472bdfe6265cc865f3de6de47939981a07055826a620630b63b8a59921621801b7be346e50052be4a0e98214caf28bbf3f2e3ad9e63afb2d0e82026b7ae32b1dea69b254b254fcf87484567d266177d3162efcd75a9755d5b65ef931e1ed47e212b8f5cd4b13d7b05e0d15b91b6a36bd99da4fde41f17274fb591b36dcd946f278be7d5672c0eade3ba359a343e42cdbe28b213ac33a1e925fe0118bcec297544a2665a2ba725b4324705a9678081aaf1021a4cb115cb93f44a8e710dd06dec197fc99c35aa2c8c06a1f36a7af6388a54c9a2ddd889bdf55e1aaa669bd54742baa17cb443a7c71da45eec5283eeca275360b92ebe6eb90917a09cbf0166a2876b6403282ab0157aab8831c5ed703a31d9c4d9c6e8f0feca492e550effbe225229b40abe4f47fc0b52266d94e3f654b690aae36d116fd973c23e9194ece762bb6138f8746b4b2648cb222131b2b46c9bcc8bcf12427aac2d27d2b33c995f5d34de3fb2b55466574d0e2980dfec37716bd93d8c1886c96b306a882c45b5715b820cce7f87716899e676013e97044586437d12bd084defeaefa9c7ea1ff1ff77a46374e067994808763df51781a878e1ba414c65108bf7e465975a7d950505a951faeb39c03f4175ef0e5d8bd7119dc691fbde43e24956a70aca747b77d41fa81a9571941748d08fcc89ef6cba6086bea5ac047bc72e0663583724f93ee009d42a6b0436a85bc85b64c95d53c877c2633315fdfd2b925b6eeb65916587f119b435ee584718c795b52ba0b2019c3e30d8ebc21e88460a3eaf840bcdd6082f300fd89f0e5e05daf7c31634baada14fd2af08b36e9b0bb58665f59f53de5f55d374311e7a8a31781ef0fb6b1eb10ad022d0fdb523b22d276a970d88988312e60db78cd7bc847128d977a54f02b978e4ee3d4f84f07c0dfb212b7ade9627f63546f754ea0847f83d8dbf6237ff3fcc76196ca917533266011ea563ec2d8835907ce712e5c09949c1b972fa5668a60f4ba86182efafe91def5678b5a4a000f9a4a60cee2de3b3bb1e57f48ac5001eafb626ed56334785404aeac9a5ba9af819a689fbf358025ea76e53baa5af3cde60bf71b4c53c7540e7be275c4fbf47de5198e5ae7cb2df8a22d5bee7659d68fbe07e299418ff91261f92759b03365b28ad718583939d4ec2dbedd14c53d2e81069e6f9676339582d0c649400dac6d179bf17e25a1a7cc696c5cbcaf1117dc119cbcf80154df5e841632266d93a29b01da0c8f2750ab1bfe1f1652375f933e62d67193ac45837cb2995d0f25d49e3d0a7965047999e787d74d7592169e69cffd7daaaa1e2c3e0a92a8a72d9bad744eb3bc91bd34e3ae8da0896cc686ba38d7cfd646d01e8c04061e920133cf9dd7272ae6b80973a7e516f376a86794ceeb6d347153f3ae98a00daebf19b0937ae52bf10009f2ddb40db23af2e985351079ad22ca09288444d3fcd22ea9f52b942001cd1d36668c3bfb06645803924066aad3b2eefef5f77aa4af6c1d3897cc9a1da08e0d0001644398a93a87ef0223224e293158924203b2f981905f0d251297378cc270073cb23c2677ff088d4cff8da381a99f1717b25701879e229112aa666a2e3491ae583b603a64d010908e79289fc2b5c5bd191ee471939f5fc3004a771b709fe5ca72913535695c1049da41882049181e7790f505d0d13892a5dcf16f94a7b4f2dbe1ed2f14e6aeaa29973d515f5f5f60bebfcc0f36e9af730015365f43c108fe372249ec07cc4d312099ae248d03beb8349bde6bf7ecd7d228ba1f41b84eec98c5c369fc38248d3298f4a6b6f9d927b8619fbd6e2941d89b03d3db74d251307cd2d899b2a1dd906e494024d1fbaa62c2d8bd7ebb35fa98424e6b1e9bb0aae34c385fc4da58e0ea1e02b7e078ea1e8a896f6ed7c87711fe3f359c9d7fcbfeabcbc1310138321f6c064549d06c8b0472cd67228806047b867aea0311fb812066c22d72ff7d85f929cb7d7f89043cfaec3b74479acb594dc6c938ea3eac8d514d8cde155358b85ec15e3cd7c588a69d763e5560e8c5cab83a235989e8edf538e4099c9d329dd1393d944e55ed094ba64371ebdc36cd8d98fce0d1972bdfed60396bf0e60f772b3509c5c53874ca9ea5977a92e367cd68ba66ab40456d4c62987d24bdae35c6f3ce3a4d653f598811b5cc9742e3efa707cbcd355f33a21b05ac96b87595836bfbcacb44618a8d144ba228764cf0649eb9bf6f91a219defcf825901acc4c6463d1287141aae2390909e41c3640e6f764e707a004ce9631c6a3dc1f937c4d22e47bb203e7c56bac172ceec8b5f44576d535054d15fc71def06e5822a833f45e840d69d48a0d2b6abbcf340e65b825eca42df21762634a1aa7a4ca07ec3dd88b337594d4b6cc5c0d8dd6beaadfcfe1c84cda48bece834f6ffd15690e7e7a079d0f3ccac1c76f59168b6e9fd7fc214ef43324705bcfa6f9bb58378037f1ca263c71325da98d6e4ac0caa2a226f7840fca810bcb94ccc510b0903a3d8b62ed24199d36c5cab08682ce8e967ab6f4b4b3b305972b61e02957aeee2fc6a8a8792f13048db575f6cc9c85017a640d547842a5b955ab3dcb5a98e9d0d654a1609996dd6c6b06f08f2b503d6cffb7dec5b5aab85b50a8fb9afcc924f258f67ce1faa9e33089753938f8754c2b9fca9580333abc4c25544e07baa0df7e695c6a9a8e8ef817b2c67497562042d99bd01bfb66b2af937ea5ab22f52bc71a66b28147c47dff44841711191944c305c52f54775b14a0024473d40a5269dbd98c828a6b11d11afb6c464f031853bcfa01883675a0030da18ac344abcb805498abd462046f20cc7a2d4e3cd94e2ffef75223bcab3964f296bef827e278adf74d1cef2e040dd86883e0cc29d1a38b99562eb17be0c2d6e9e45670e824396e6fc4c67b845391e650843ed4bfb0351760fa9473379384affda09c8a96478ef77c7262b3cffe3b88b9d0ee5e700203cf6287766dcf334301644627d1b231d4989d9f047cdc9b73eb71ab2a8af561d9565236a8248dbec5e950eafb56aa986c9a9052d736830b15b6a6b716f198b09147b52b2191d3b78bf22db1d7215716b0341c3bfe2ceae748ca1680bcefe756052f35d0ff82e8c12dbbe1e74c241cdfb04b0a66e1e5c3d1c47df91bb5485a9975fe8008c754387fb187a65000b95b4b74f6432a5324316a6afe871b0a5e4d52d7353c23cdba391a295bc5f96c44b09f2369d6a2c25910f984c497672a93aef43e853bcd0cc6cffee6d52442cc9e9bac201288aebf3c30f6e860e526ae1738587d50f9dd639e77a6a2861a74f59aa366a9f06f977acc6502bac1212ffe461805914ec21e1588ab540d050ac59b832b3613b3609dc401d0bc575d9e9b0bf18138b3a327331aba71904f27f008d68b6a1fb8874482fc50cc07eed8eedda0714c7635f29c0bb6e48afc4dbb70fb6354bcf3487a178b7fc2f26d4d685f98b8c8b08266eea11bf2dcf1a09200266629b889e32029218dc67c64e36a11ec6a5c855d1455fd76aa317665f60b80ca1f6f034f143a547de96431efc60da99e59167450b26bb6cfdefa6e20971d199205c0b680437e9e50a2d54e01fe9729a049117d5ecae4e66e9cd116d06b0e24c7dcdbff9d015d1a5ec7509631e0cf01d090891ba2b3ffdc0d8a36f6b2d0f9f6026fe9f3c304d9d1e9a4b2c5a3e6c76e0047c23173f295a7e8c2bb36779f66ac58e027262890b2889cde0e448db82c7689ea91c554cfc1ac0a8e4f40e193924141f50cf415bba72368edae9f0e03779fac2fdd963b9f371882d8f534e451b6ec798b6836b8db6eb165febf86e2c584078c5f5ad357c0c3ab028ef94ef6356eb2ae86696bfa851b048da598cf78658c03ac51f01f1962", 0x1000}, {&(0x7f0000001c40)="cab1543b2accbbfce8c1071ecaafe64f4ee0b5817badb238e11008b3e15cef809e7b38e87ab93a5b767a6e8a01e788f1ce0ae5566862339a4ff5a80d8572b36e5025be102fba7910ed6e2d5d0e15ef4d4f8195e895e907407c24359812ffde22", 0x60}, {&(0x7f0000001cc0)="15e3687551d14ae46717aa430661ae68611ccf80110cce37459a3a15f5b75eece0cc428c676d8c73d1975c6c4aaa1bcb30fb64fe148273d61a6615ee56a8a4dd42738e51b955892d7175e24a5bcacb7f37c9f37767f00c454c930ca001cb8c2645b0899114a1c981fce590a7b0fca45a369e13d81b78d1803b4a2930d07a866adaf0cb8fcc28e285", 0x88}], 0x7}}, {{&(0x7f0000001e00)={0xa, 0x4e24, 0x2020, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c, &(0x7f0000003240)=[{&(0x7f0000001e40)="f45c1a7e5b2a03bb999c590e7d53bd4bf106326bb1ce361dae9b35cdfcfc5c737bff616da536e318d2133e2bf1f1ef88a4e4abfb86e8698999c4077e8c2eaf944035cd8aa17a40a6e46d72cc42b20b8c9a7fc6e68bf315b327af7f734ad2677cc887560b4e238d07ce67459b97d3cd7a2101cfceff7e366286d2c34e7ac4", 0x7e}, {&(0x7f0000001ec0)="ca0560ea78f6e3d678eaea3db57eca091cc1ec373e202bdaef8111d7778174b5a63fd6be11745ee242712ce07151efd491c17d5030c0f5e750e4d0492664f645b3912f0c0d1e8ad9d7d23d74918d78696b331cfa9c4a6bb8439efa10eed3c50fdfbe13220767557a5eed3754cc167fb19808715c9d8ed5025aae8ea64bd19131e6476e0dd76738ace91818fb76ea6c57ea90fed012167d4601d312e9ec052249b08c153136d6c27c086f8c8dbfa75e02754e57a314e8929f", 0xb8}, {&(0x7f0000001f80)="b10cf57d2d3cb3236012ec15da8ae320e1c6a10f5ef28908b46e353c8ea5749097f1995bda7b34476138a64d9437b83255a6c2e71b43bf3f", 0x38}, {&(0x7f0000001fc0)="e87d49d5d09c7e5bbf482ce7263761b1d1b17b7ad1d4ec77a7dbde89158fa5f206d045a547f952a4cc1a8ab1a981214660a8fe251a24d756a39ad12f55ba2787c62f2c27d8438bb4585082fa229a20b0d102b587296a843c5aada39f72fc", 0x5e}, {&(0x7f0000002040)="f7654aa3d5d0fed822843763185e9b5fee2c1ab86126dc296eb4bc0187b15820aa048b5eac361671497d183f3b5015f6c50f9ffb21b3ebd25dbd0d8d1e97697bd9766b15fe8b1d9b69fb45c79de3ea31f517810f5c131dd59dd01b6605fdc5a3ea5f8e79f601e2f125913e5aa53721364d172722e6da502e258e4614ebed8ff898b7e522f2", 0x85}, {&(0x7f0000002100)="6c7871e432b729ced9e8b4f2e3543d8a610de6e616985654e9ca04b42eb11a3de77cb165756a2030fbbb75c6c18c06ffa4f3286e0fa0ea4b95b8fa06ff8480b8dca9682a90cf4cd7734211e7fa05df3e4ce0713d9d97d46e10277270ec8c541e2af1dc7d78472e562d75c8beac1105d65a2051f9a1d08237a3c50401eea310f524b2038aebf23270fee1508758549a07f4e4716fa23989754f703ef230e29b92d0ad8a7b13fc103a621b306cd0fe26ea030bfa686ffb45fc47a9dfe92186a93086efec1a9b3d214252abb3dfa68b0386079d183f64e84ea275931192fd30d92cb45ce33e6d6d524001d896e3450d8094892d039bf7340c2490fca6ce6db76c81146dfc54eb52253be2b1d0e099dd399b80fd7741f6493470d0adfa9ddee976863bed22181ced5bd25c58569273d60f1cb236d355795dfcbf6d7af426d3b709343c58168981fbb6c5d579d9dccca094deab66b11d99c60cda7de8d3a8d99460bab98028d37643e569a5c95ac716ae746f62ea306385d630ac9f0345653d08d04d024247895b52a133b21d96d8ee654becd3aec8932fddf903b5a32949dafd20b592a68ef390e99a3173758a62c986853564ff0245a29ac240678af474f78456776dfd2d948920cc47b2ced34a6e5de056d42562e86935c318a79d4f89afa563260b3f00319dff473ccf8f4c73b9da5947e0715d6befc68dfc448d37421a5b7fca11a26d3eeb0d2ad23330f7c782598ac93e22fb1beb54cefeb14dc6ce6cb678a297c6c41425e17b2a8851bc57b0fbbf145756542815e2904632ead14d9356c735aef190788c9b944ad7959cda0123e52fc2836c027610f34e7cba9ccca8113600571c4ae4d4c395e6c331dab6fd161fc1c7a0673f6bcc97ce34aa7d897831ec5beb1350a5cda5072b6714ca07f1430875412ab0562a469d37ecad23965d6e1d28953cd959637cb56c46c78b244fb93c6c9503e32b8a6557aa59e6e576ef1da5b026417d7b8cd0f0f0b52f48a085fd5bb198bef7cf650b576f0db6d0c1ed7e530509d8b04dda9ca5c1faf824a8dd4aac580b7caea36a277497ad0d817d55546d2af46bed7067ff00f01874f90740404683d60c0bdc39310a717b1219194e2c8910b92a3c96590c9721aa652c6d5a703c803fb00528fc7384f0be9ae4ba87892874703a95c2956822911ec8ce175a14ea5163b18d88ac98bf24467d640a926ea4fa9dbfd757549b4cd6ff4c9b35a9e1acb6fecf5e412d09336593beceb8a0749d5aafeab9842cc69ff4278a3cf160884e9f91bf69c903ca6474a65c3b9dbffa7844cd57b43151e00b73b0c589f036f14dc98e4659721f6f563254197064b8af74f5edbed7596f70cffd74b4adfc25638d079b56a40351bc7c90f3fb9485a8554a5df3df485322073f0a8da48fbf27396a26b3d26be02bd39f5b652441ffa6feff3efe99703e8d0459e80c376f4b04da89d12af7b08f0b293f687a0ce9f18c97b8b38104a194fd0679bc404f5c87772f825e361b12a5cb1c253fbefaefdb12be9748bf40e1a32744b0537f0a0d9d95e1d108e5cda684882365671e550be872d9dffcf4d0f07995d76af2543e45e6631c37e21c98dbc2ac229afe23c51b08eb2284447cc2e48322a934bbb750157fb45f88f4b10313cf67bc0cd1dff9d7d04828bdfc902238f56497143c0a43373dc1a52a3bc839592a42452f882e4c9232016df2a5e5d82b2e36b5561a632fd06d7bd7713c9655fd4225063f03a7f23e252d11bf791bebfc71a859e8e4a4be0285c9b1ca8b88a3357299c03e2bb7b13aec2e4561ff628d2bce5ce040e522f14891b9e26b9542e2c4fba4e4afb3cef1ae5f69a98bb012a8723d60fb1af497c3ad6eeee748507278d306a05576867211114a05ca358c37e668ed4271de1f37e3a2cc25be16a2c56de44bcb9cdb5d60018862f2020cc674d33e0d8389137ddc185c4c29b95cb508ffad2aaaa048e6056e589412ed2cf10d592f34ce444345645032757828a2c4f482ebe0f7a699f2559c0a9d09dcd3f82f46c5a937894d2b9aad1031e5327920ae1eaae58e23bc5bb96e4dc9ab66a0c7fa9f91aec68e1b2fd5c9823c14ae24f175441a5937691bead832e770e1183220264fd92909c5fa668de4e49ead7cb0513885b4ff3c0dce8f41e05bc28042f698e33cd58752a533eff140a171de7c0eef46bbff4b3eb31295ff925601402dd85853193b346b73e223677beed3c2f6b12607b7abc4fadd8b0ef02c4956c439443b2fbaccf50edf5f032b01d038836ff1e95fa3c794c0e2cc444479e248cb25fd143b35ac71502484e794d04c8c3d7cd437bd25624937c2f18e8ac509e8e4e16cddb9aa94aa31235c893662f5d0c3954b620c1ffffb51f483023f532c45330f706105d5261325a7f919fd62399f7fdae5b9c6d5cb4ecc9cf16c80a595830bc42f6df19f9740bcf916119afe55b0e5e348bd60d6613ed1608d3ff4f0d26e5e98f2a1b359c73c026b25d23aeeb19ccf690ce4233a1e40e51696d95f65b52cc66b794173717a19965149d8d2781d1d67aa7dbed23d6717cc822d613c8372a3ded121f4c771e9360195cd76c4cf00d1d9b1696ead505b613aaa768a16a5a11be4816fcd110328541de3c230ccf3b213078fc5cddf652c66b54c0b16b565eefe7ee46f54768b71237401c7ef358c0a9b2b36ba3ff700315056ffd853d9422fb536c82ce6df3062c34551b789513733f8d02c31de568db134ffa7aace9a47acfb9af8228249750c416d2f13bae5e22051034ab235cfe921f1af00055a1a85c42ba28ba0598c05e24ed7e01acd84ddf2be3c687a386d9eca42e005e01b7ff292679d12d456168f0a308215a5f18f27664a96015de6239f3abee39b5e7a6e448cba78a3623b2be9e356ca334130876f979a5f408b285f1e56093d53ac02461f41c8830872785d63ec2ea6e8b1022bbebf865203c29738e1ca219f1c7fa6a8ac3fe1e90cd290be877a65263511046efa444f9895d2a852c6026561eb72031028b53355fd27a90ab4ec7f0be83cfc5757d7cc7a8cd4b51076d7b0d78796c7828c8e4ac9038f0d5832349cc438233fcec716f1abe8ee339d8af55da1d060a7b69b8ef731146861982282bf145fabd5d06b80306b8ce181251009cd2339745734c82beb77005fee6b7b5b711634e89a2a671201a776c25d7eef4e1a11c96fa5928ec6d6a0a84634e20249fb663c8f167d75c256fde975e075158b5b240617e544bc6c9a5a076362bc4ab25f66dcb45bdda8e30b945d5c2810f638b0f3bb9fc2d61df3a25f8eae7dc7f75e1303536446019cd027abccc5d24ebfa2bd8e3328a6f3fd2c1e1f44a476f0001ecd8dc4eeb9955a480f4bf5f0f5caddc75f7cbd0f706923260aba11d64619cddf99b6abc4447c2e451dddd2bbf9e772ccb901394a7880cafab69e9c819c26faacd845a5fe5b96825d68fc32723d5eb4946f473bc23ae570e3fb731bb60037c6de124063012c9a68ae9586f7e248c6c488370c1f75603bbe69fe15dae0580d97347eceeb29a9e43e645621313f56ef9cccb171ee87c1dd591c49cad45da28ee1b3946bc953c1dcc5869603d1869dc1933649a2100b295e2a715d4e206cbf568256f88b38c1fdc7640e70e40c3d334cdd3b62606c37cfe0a1d4859735b7e92df34510910d8824a0c9db2f0bd9c61b1b91393f18e36ee33993046e3a8022db6159f025d23424b8cd5948c3207c2bc8152bbf0169eb3f5dfd2115c1b2ad311bdfae339293beee96e000be854a463936646fd71dec62ad0b64bdf6c8254f4b195dd3a073a1b23c753640514db96033b97ef11b4bf4c44ba707d6644674cec330c4d819bba5593f313429bf7b9045c308c6392c40feb3671154509b0493ada0ecfdb2449420481ccdb7128be38be98ff0cee4480c0565b2ab3573892d59b13e9888233991ea952e5688f34bc832b908fa2d833f5464cb71095c6abcb8ab6c321fbf44534ba84de5dc94df5adce930a192cf5f507932ff90f5c6f24f857143fba8aea74e519748076136f3a37cfc5a9336d87c0d57d901b21ab2669f7cd8510ea91d648c9f7ca7f9ec59fbea0157b06198f1edb5152cea1a69743af3a2ca84dfe812c88b26de1e461c06e12daa1e0fd64212175f264d3380c5b3d3a31d13f8c3002dc383da7050a9afa735e5a294eb229ad8ff902fa7ca582f73635e70925dd724ba9cbea910e37de00150e6af3c64c48d0d8c389678b4caa9555a347a8c678cdcd6a6d3e2ebc3f8e340996d79d74ea7875eca6b45cd6ac09c97b2c829800c85b6ea7abc8db103c1492d93db865fcbee9c4c1d9381ccadcf13c66ceebee4e8b93fc10c9680b765f80c720b0043af8db4f9e4487b5f6a1eae219afede70b6ca89af2a04dd1f655ba975342a4871b6b199ea457b58c0401f09e4bb533d6e5059fd21188b1079212dc28fdf39fda34d5feed03d54ae2faf88d15817ca593921c46fb71b48e5404dede7e1cd82abd8af07b72bc54d2beb9215ed27beda67c4dfd6f804355827f134d657218e8f03aff7da14df9266029cbddf34e243aba31f22b6c784f3c9256364cc822689bb267fedbd25ec4f799e27944f407b021611985d6e80a43c401ecb54674baaaa13df7ec0c59df04cadc3c04499ce5da1376193c92268045bff3d0df809e0f7dde9ff828ab3c603a706c6b152fdaac91f91da4f5522fbb27566d838da0bde033d86e77f04a7f08079ed4c95331f774c5c0d0f93f1507ab2ab28dd9ca787eb663326e2695946bb57937211e3851706dfe8bd57a222f449220e7e0c42556e7592d8061c6f2759542aa457e0754492361efa9cf1a90f807eae1490a0567d9564663772a6426ac3563f166bc21740dee3add41d071d1babaf66d2149fc2339977241b6257631f720dd08142af01f2e7f00a882d0cdc00068432431e067f44b7cc8ddd2dadfbcf844fb871a8de514d7e35f6617d5ef003cca637b5da9f7d45db6c465c2fc030a834b093bc9c666cfed52cff7e4d31f37783c6cbb3cf873311ee48759286d9f67eebbc4004eb2ee4d75039535a3c5991df61d7819f66b0d694d0deac19064117b41ab0093eadfc50eca4b5345d710074e69084c7264ccf38582c02b8e5ca87e6e298d7d97c166eaa0768248318fc506276defca6d15000c3e746603472c343b76d1091953fa100d8ef24813cfec7c40057e09815363bd797db3d9ea92afbdfa037c47962f78fef0a742bb6ff6415e25d0df3738143f48b2773e95317d71d8fbdceb595f4e12bd4dfe23d7e327858d0a8bc1c93255c91bbd02eb476d04385d1593befd6c187f14eb607150fe3583766cfbf3f3b6a0056e92c3e356003780d550ef7baf86b85e0c5329233032a21c3f4a006a038e5ebe38d9b4256f6ba8f82fc29ce8c625932b66c441345d08c2135a6fcad456fb009294f92b05977c20f80bb474f054e26fa3e8e4526d54be1c32b9f9f8534beed495d7950b7384f5f483df0c03a8481d174e90d14d12689a4ef475e51084a9d33d8b92366b4e75f016c187eda153de2a4ad970153c1921080c64c1398d969c307fb18dadae4ce28bec2e646c9a84860110383d00bb75389fbb6398ed1f0b176258bd42c97926091ea25467f3ba4c84a06f455d8103f7ac83cd42fbfb2b218d8a373ee6e2a4d57d0563894c7f7011047387c3c07006365d3716d342ee0dab99eea512748cb4c6b7c4755ff7ad092167e52d6c26e290a21e33520802a71b9a720cb8024a3f9cc0a571e8c782714121471b9289ae5808232607ee89b5efd2f52bea6", 0x1000}, {&(0x7f0000003100)="b0fcdfd3aeb9ce307680fcfee058e87a9c11e650d83f6d71be14f53c03019abbd421921ba710835b47d435c87a89b0c97725e437ce", 0x35}, {&(0x7f0000003140)="6744004f34a1fb1d1e031a9c1c2ac93ddc3cc58ba11e079efbb7ed3bba3dc6a95d3cedbe820a5d6e95239f3e2a860863c7", 0x31}, {&(0x7f0000003180)="02b4f768c77f99038530c25a2d5a2c0f875ed3bb2838ba0b6fc63e1f7169c88bf23cf97f3300b6e4aae675a9f61aa16e1c57f418bf57a0ae3a0018e62dc244ad174573c75e4ecf94cf1efd951fd899267d7454d4e23d010efd6c4cd565a5541c967a4132bcf7026ae05d375d87c30697c24761", 0x73}, {&(0x7f0000003200)="5e39bb52b03df8264e9c02f7550385374b3c", 0x12}], 0xa, &(0x7f0000003300)=[@rthdr={{0x38, 0x29, 0x39, {0x33, 0x4, 0x2, 0x3, 0x0, [@private1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}}}, @dstopts={{0x28, 0x29, 0x37, {0x0, 0x1, '\x00', [@calipso={0x7, 0x8, {0x3, 0x0, 0x40, 0x1}}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xfffffbff}}, @pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @loopback}, r4}}}], 0xa0}}], 0x4, 0x40)
chdir(&(0x7f0000000080)='./file1\x00')
r9 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000580)='tracefs\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r9, 0x40049366, &(0x7f0000000180))

9m22.624611742s ago: executing program 4 (id=442):
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
socket$netlink(0x10, 0x3, 0x0)
socket(0x840000000002, 0x3, 0x100)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

9m7.545078789s ago: executing program 32 (id=442):
syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
socket$netlink(0x10, 0x3, 0x0)
socket(0x840000000002, 0x3, 0x100)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)

5m9.414767005s ago: executing program 0 (id=1377):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000c00000/0x400000)=nil)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={0x0}, 0x18)
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000025000100fffff000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

5m6.617386256s ago: executing program 0 (id=1385):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000800)=ANY=[@ANYBLOB="9feb010018000000000000000200000002"], 0x0, 0x1a, 0x0, 0x6, 0x5}, 0x28)
r3 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents64(r3, &(0x7f0000000080)=""/147, 0x93)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
lseek(r5, 0x2004, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000fffffff50100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000240)={0x48})

5m5.649318226s ago: executing program 0 (id=1391):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2}, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_open_dev$MSR(&(0x7f0000000000), 0x8, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff0000000002000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0xc1)
syz_emit_ethernet(0x9c, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, r5)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r5, &(0x7f0000002540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040004}, 0x40)
r6 = open$dir(&(0x7f0000000200)='./file0\x00', 0x10000, 0x8)
symlinkat(&(0x7f00000000c0)='./file0\x00', r6, &(0x7f0000000240)='./file0\x00')
r7 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4(r7, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0)
recvmmsg(r8, &(0x7f0000001f80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000380)=""/223, 0xdf}, {&(0x7f0000000480)=""/59, 0x3b}, {&(0x7f00000004c0)=""/254, 0xfe}, {&(0x7f00000005c0)=""/4096, 0x1000}], 0x4}, 0x2000000}, {{&(0x7f0000001600)=@nl=@proc, 0x80, &(0x7f0000001840)=[{&(0x7f0000001680)=""/60, 0x3c}, {&(0x7f00000016c0)=""/209, 0xd1}, {&(0x7f00000017c0)=""/75, 0x4b}], 0x3, &(0x7f0000001880)=""/209, 0xd1}, 0x9}, {{0x0, 0x0, &(0x7f00000020c0)=[{&(0x7f0000001980)=""/148, 0x94}, {&(0x7f0000001a40)=""/212, 0xd4}], 0x2, &(0x7f0000001b80)=""/151, 0x97}, 0xa}, {{&(0x7f0000001c40)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000001cc0)=""/111, 0x6f}, {&(0x7f0000001d40)=""/233, 0xe9}, {&(0x7f0000001e40)=""/179, 0xb3}], 0x3, &(0x7f0000001f40)=""/31, 0x1f}, 0x8}], 0x5, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xffe)
r9 = dup(0xffffffffffffffff)
fallocate(r9, 0x10, 0x0, 0xbc9)
ioctl$VIDIOC_S_MODULATOR(r9, 0x40445637, &(0x7f0000000300)={0x3, "65ddda41ffd5876b95f6ef5f76256739d8af5c474ceec3fad5f0f73c493b6b85", 0x400, 0x0, 0x2230000, 0x8, 0x3})
syz_init_net_socket$ax25(0x3, 0x3, 0xc3)
setsockopt$sock_timeval(r5, 0x1, 0x14, 0x0, 0x0)

5m5.350496941s ago: executing program 0 (id=1392):
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x40)
r0 = accept$unix(0xffffffffffffffff, &(0x7f0000000100)=@abs, &(0x7f0000000040)=0x6e)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r1, 0x0)
mount$tmpfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[])
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x200048cc)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
recvmmsg(r0, &(0x7f000000b9c0)=[{{&(0x7f0000000180)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f0000001640)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000000200)=""/64, 0x40}, {&(0x7f00000013c0)=""/167, 0xa7}, {&(0x7f0000001480)=""/154, 0x9a}, {&(0x7f0000000240)=""/57, 0x39}, {&(0x7f0000000300)=""/112, 0x70}, {&(0x7f0000001540)=""/213, 0xd5}], 0x7, &(0x7f0000000280)=""/29, 0x1d}, 0x1ff}, {{&(0x7f00000016c0)=@can, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001740)=""/3, 0x3}, {&(0x7f0000001780)=""/71, 0x47}, {&(0x7f0000001800)=""/125, 0x7d}, {&(0x7f0000001880)=""/143, 0x8f}, {&(0x7f0000001940)=""/228, 0xe4}, {&(0x7f0000001a40)=""/246, 0xf6}, {&(0x7f0000001b40)=""/47, 0x2f}, {&(0x7f0000001b80)=""/12, 0xc}], 0x8, &(0x7f0000001c40)=""/4096, 0x1000}, 0xffff}, {{&(0x7f0000002c40)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f00000042c0)=[{&(0x7f0000002cc0)=""/4096, 0x1000}, {&(0x7f0000003cc0)=""/222, 0xde}, {&(0x7f0000003dc0)=""/155, 0x9b}, {&(0x7f0000003e80)=""/190, 0xbe}, {&(0x7f0000003f40)=""/112, 0x70}, {&(0x7f0000003fc0)=""/86, 0x56}, {&(0x7f0000004040)=""/143, 0x8f}, {&(0x7f0000004100)=""/191, 0xbf}, {&(0x7f00000041c0)=""/119, 0x77}, {&(0x7f0000004240)=""/72, 0x48}], 0xa}, 0xf40}, {{0x0, 0x0, &(0x7f00000043c0)=[{&(0x7f0000004380)=""/38, 0x26}], 0x1, &(0x7f0000004400)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000005400)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x80, &(0x7f0000006900)=[{&(0x7f0000005480)=""/30, 0x1e}, {&(0x7f00000054c0)=""/224, 0xe0}, {&(0x7f00000055c0)=""/130, 0x82}, {&(0x7f0000005680)=""/4096, 0x1000}, {&(0x7f0000006680)=""/163, 0xa3}, {&(0x7f0000006740)=""/146, 0x92}, {&(0x7f0000006800)=""/232, 0xe8}], 0x7, &(0x7f0000006980)=""/4096, 0x1000}, 0x7}, {{&(0x7f0000007980)=@nl, 0x80, &(0x7f0000007c40)=[{&(0x7f0000007a00)=""/166, 0xa6}, {&(0x7f0000007ac0)=""/239, 0xef}, {&(0x7f0000007bc0)=""/104, 0x68}], 0x3, &(0x7f0000007c80)=""/34, 0x22}, 0x2}, {{&(0x7f0000007cc0)=@nl=@unspec, 0x80, &(0x7f0000008000)=[{&(0x7f0000007d40)=""/10, 0xa}, {&(0x7f0000007d80)=""/147, 0x93}, {&(0x7f0000007e40)=""/170, 0xaa}, {&(0x7f0000007f00)=""/221, 0xdd}], 0x4}, 0x4}, {{&(0x7f0000008040)=@ethernet, 0x80, &(0x7f0000009440)=[{&(0x7f00000080c0)=""/5, 0x5}, {&(0x7f0000008100)=""/232, 0xe8}, {&(0x7f0000008200)=""/191, 0xbf}, {&(0x7f00000082c0)=""/141, 0x8d}, {&(0x7f0000008380)=""/4096, 0x1000}, {&(0x7f0000009380)=""/16, 0x10}, {&(0x7f00000093c0)=""/91, 0x5b}], 0x7, &(0x7f00000094c0)=""/216, 0xd8}, 0x4}, {{&(0x7f00000095c0)=@x25, 0x80, &(0x7f0000009700)=[{&(0x7f0000009640)=""/71, 0x47}, {&(0x7f00000096c0)=""/37, 0x25}], 0x2, &(0x7f0000009740)=""/4096, 0x1000}, 0x4}, {{&(0x7f000000a740)=@in6, 0x80, &(0x7f000000b900)=[{&(0x7f000000a7c0)=""/195, 0xc3}, {&(0x7f000000a8c0)=""/4096, 0x1000}, {&(0x7f000000b8c0)}], 0x3, &(0x7f000000b940)=""/111, 0x6f}, 0x8}], 0xa, 0x90, &(0x7f000000bc40)={0x77359400})
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0)
write$cgroup_int(r2, &(0x7f0000000080)=0x3, 0x12)
chdir(&(0x7f0000000080)='./file0\x00')
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000900)='T', 0x1}], 0x1}, 0x41)
recvmsg(r3, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000340)="dee3", 0x2}], 0x1}, 0x400c805)
recvmsg(r3, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x22100)
fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000380)={{0x12, 0x1, 0x220, 0x60, 0xfd, 0x51, 0x8, 0xbfd, 0x10d, 0x6f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x7, 0x55, 0xe0, 0x1, [{{0x9, 0x4, 0x1f, 0xfe, 0x1, 0x4f, 0x90, 0x75, 0x5c, [], [{{0x9, 0x5, 0x7, 0x7, 0x0, 0x2, 0x9, 0x5}}]}}]}}]}}, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0})

5m3.477130043s ago: executing program 0 (id=1399):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = fanotify_init(0x4, 0x400)
fanotify_mark(r1, 0x40, 0x0, r0, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000280)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f60"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x4a243)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

5m1.575949154s ago: executing program 0 (id=1409):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) (fail_nth: 8)

4m45.795160267s ago: executing program 33 (id=1409):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x201, 0x2002)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) (fail_nth: 8)

10.732613893s ago: executing program 5 (id=2468):
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
request_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='abcdefghijklmnop', 0x0)
request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x2982, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
dup3(r0, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000400500010006200000050005000a00000005000400000000000900020073797a310000000011000300686173683a69702c6d61726b"], 0x4c}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)={0x4c, 0x9, 0x6, 0x201, 0x0, 0x0, {0x5, 0x0, 0xffff}, [@IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @local}}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}}, 0x4000080) (fail_nth: 5)

9.491527041s ago: executing program 6 (id=2473):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x34, 0x34, 0x6, [@var={0x4, 0x0, 0x0, 0xe, 0x4}, @func_proto={0x0, 0x0, 0x0, 0xd, 0xfffff}, @ptr, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x52, 0x0, 0x1}, 0x28)

9.169322163s ago: executing program 6 (id=2474):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x6)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f00000001c0)=@bpq0, 0x10)
setsockopt$ax25_SO_BINDTODEVICE(r0, 0x101, 0x19, &(0x7f00000000c0)=@rose={'rose', 0x0}, 0x10)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000140)={0x4c, 0x0, &(0x7f0000000580)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000180)={@flat=@weak_handle={0x77682a85, 0x1, 0x1}, @flat=@handle={0x73682a85, 0xb}, @fda={0x66646185, 0x1, 0x1, 0x2c}}, &(0x7f0000000240)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
open(&(0x7f0000000280)='.\x00', 0x80, 0x28)
r6 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setsig(r6, 0xa, 0x21)
fcntl$setlease(r6, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)

9.138971507s ago: executing program 5 (id=2475):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x4, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @btf_id={0x18, 0x2, 0x3, 0x0, 0x2}], &(0x7f0000000300)='syzkaller\x00', 0x4, 0xb9, &(0x7f0000000440)=""/185, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x3, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000600)='f2fs_filemap_fault\x00', r0, 0x0, 0x3e3f}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_buf(r4, 0x29, 0x6, &(0x7f0000000180)="1000000000000000010000000c000000", 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000900)={&(0x7f0000000800)=ANY=[@ANYBLOB="9feb010018000000000000000200000002"], 0x0, 0x1a, 0x0, 0x6, 0x5}, 0x28)
r5 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r5, &(0x7f0000000000)=""/42, 0x2a)
getdents64(r5, &(0x7f0000000080)=""/147, 0x93)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00')
renameat2(r7, &(0x7f0000000d00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r7, &(0x7f0000000040)='./file1\x00', 0x5)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800"], 0x4c}, 0x1, 0x0, 0x2000000}, 0xc050)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r8})

8.17276899s ago: executing program 5 (id=2477):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x5a, 0x0, 0x0)
r0 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7fffffff, 0x200000000000008a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
writev(r0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_READ(r5, 0xc008551a, &(0x7f0000000240)={0x1, 0x8, [0x0, 0x0]})
r6 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1", 0x55}], 0x2}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)

5.957001515s ago: executing program 3 (id=2480):
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, &(0x7f00000000c0)={{@host}, @host, 0x0, 0x0, 0x1, 0x4})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = fsopen(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
recvfrom$inet(0xffffffffffffffff, 0x0, 0x0, 0x80, &(0x7f0000000380)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, 0x0)
fsmount(r0, 0x1, 0x2)
r1 = socket$kcm(0x21, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000ac0)="ee", 0xfffffe5e}], 0x1, &(0x7f0000001a00)=ANY=[@ANYBLOB="180000000000000010010000010000007d95df16a39b1a6c900000000000000701000000040500002b24ec10064b6f2f000000fb718aef932f3889d1fdda5b57000000860f5878c37ffe36e1165814d435be5b317c6c8189587d2f97879f07a515bb7c169f46933d9338f4ab04834e6f618988ab013f40afe403041323110f62055394412158e7a3adb148d641aa40d4ab077fe34232aa8b31851466d0998a61d7da0c86d70000001010"], 0x10b8}, 0x8000)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)

5.921439806s ago: executing program 6 (id=2481):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000480)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x4e24, 0xffffffff, @dev={0xfe, 0x80, '\x00', 0x3a}, 0x17}}, 0x24)
listen(r1, 0x0)
readv(0xffffffffffffffff, &(0x7f00000005c0)=[{&(0x7f0000000000)=""/231, 0xe7}, {0x0}], 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x6, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000bc00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008001000b704000000000400850000003300000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x1, 0x4}, 0x0)
r4 = socket$inet6(0xa, 0x5, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000100)=ANY=[@ANYRES16=r4], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xb}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000340)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
prctl$PR_SCHED_CORE(0x3e, 0x0, r6, 0x1, 0x0)
connect$unix(r7, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$packet(0x11, 0x3, 0x300)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r3, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_dest={0x18, 0x114, 0x2, {0x5, 0x3}}], 0x18}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r2, 0x5, 0xe, 0x0, &(0x7f00000003c0)="6121eed4ed2b01e841acde1a0000", 0x0, 0x29d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6}, 0x50)

5.801806016s ago: executing program 2 (id=2482):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x84, @dev={0xac, 0x14, 0x14, 0x2d}, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000c80)=@raw={'raw\x00', 0x3c1, 0x3, 0x4c0, 0x2e0, 0x940c, 0x3002, 0x2e0, 0x2c0, 0x3f0, 0x3d8, 0x3d8, 0x3f0, 0x3d8, 0x3, 0x0, {[{{@uncond, 0x0, 0x298, 0x2e0, 0x4001, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x4001, 0x1, 0x3, 'syz0\x00'}}, @common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x2, 0x0, 'syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@loopback, 'virt_wifi0\x00'}}}, {{@uncond, 0x0, 0xd0, 0x110, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x1, 0xbe, {0x565159d7}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x520)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x7, 0x5, 0x77}, {@private=0xa010101, 0x4e23, 0x1, 0xcd, 0x12d5f, 0x3}}, 0x44)

4.855136684s ago: executing program 3 (id=2483):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCMSET(r0, 0x5418, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
socket$packet(0x11, 0x3, 0x300)
r2 = socket(0x2b, 0x80801, 0x1)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x3c1, 0x3, 0x320, 0x140, 0x5c, 0x160, 0x140, 0x3e0, 0x250, 0x228, 0x25a, 0x250, 0x228, 0x4, 0x0, {[{{@ipv6={@remote, @dev, [], [], 'veth0_to_batadv\x00', 'wg1\x00', {}, {0x222cecdb0fb5a62a}, 0x3a}, 0x5002, 0xf8, 0x140, 0x52020000, {0x0, 0x6802000000000000}, [@common=@icmp6={{0x28}, {0x0, "d176"}}, @common=@unspec=@state={{0x28}, {0xfffffffd}}]}, @unspec=@CT0={0x48}}, {{@ipv6={@local, @private2, [0x0, 0x0, 0x0, 0x40000], [0xff], 'veth1_to_hsr\x00', 'dummy0\x00', {}, {}, 0x88}, 0x0, 0xa8, 0x110}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'snmp\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x380)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
listen(r2, 0x9)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r2, 0x0, 0x40000)
close_range(r1, 0xffffffffffffffff, 0x0)

4.759581068s ago: executing program 6 (id=2484):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = syz_open_dev$audion(&(0x7f0000000080), 0x3, 0x10000)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0x5}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000084)
r5 = socket(0x2, 0x80805, 0x0)
getsockname$packet(r5, 0x0, &(0x7f00000002c0))
io_uring_register$IORING_REGISTER_PROBE(0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x0, 0x0, 0x0, '\x00', [{}, {}]}, 0x2)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x40)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)=@newtfilter={0x3c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xb, 0xfff3}, {}, {0x7, 0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0xc, 0x2, [@TCA_BASIC_CLASSID={0x8, 0x1, {0x6, 0xe}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

4.649532813s ago: executing program 3 (id=2485):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80080)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x1000, 0x8, '9P2000.u'}, 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x80, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}}, 0x50)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYRES64=r2], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
r4 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x13, 0x14, "1271a2ab78fce00d9668dda1af1ea89d62b7080a01000000000300008a03000000000000000000ffffff7f00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c1265400000000000ecff00", [0x0, 0x4]}})
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(r6, 0x7, &(0x7f0000000080)=0xcfa)
r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/crypto\x00', 0x0, 0x0)
ioctl$LOOP_CHANGE_FD(r4, 0x4c06, r7)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000003800)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB='\"K'])
inotify_init1(0x80000)

4.641268848s ago: executing program 1 (id=2486):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002ec0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e01f3440cee51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cad32b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337602d3e5a815232f5e16c1b30c3a6abc85018e5ff2c91018afc9ffc2cc788bee1b47683db012469398685211dfbbae3e2ed0a50e7393bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d300006aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7af22e30d46a9d26d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977fb536a9caab37d9ac4cfc1c7b400000000000007ffc826b956ba859ac8e3c177b91bd7d5e41ff83ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d000069a16203a967c1bbe09315c29877a308bcc87dc3addb08142bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8240000e3428d2129369ee1b85af9ffffff0d0df414b315f651c8412392191fa83ee830548f11be359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92000000000f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb74d4ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905de328c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a978ee56c83a3466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342e0eaf6f330e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea95ec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf81700cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be3827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f969369de47422604e2fc5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293b6c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b612272d40f522d8c98c879aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbe71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd46dbd61627a2e0a74b5e6aefb7eee403502734137ff47a57f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a125e3af1130d66a7b66837ae7e7123dde7404a067ad0a6a2d6bec9411b61cad4121be3c72ff3a04713042253d438e7becf8120de3895b8ce974958bde39cb8da3427a2e9e2de936431e67fed5ab5684db07de39083d8948cc4c8a2608100000000000000000000aecb8b0b7941088f971ce17427eec32a012295cc0cdd32955176b6ad5a4bb953e58ccfa9428f452cfb5a48a9fda26db3985c8be3c2f99827da074825b01c4a3a71fb59d5798100000000000000c76b05a45d2dd8c20d971e2f3e4369168f5cb83d6ff3a18733fec726034fbfa95624135bee374414b2c8c61f52357a520efd6a10aff244bc8a62ed367981fb4d5d77f7bc093958ff46527499957da4934cd4b370cf76f72dd05fa80cdfb68c836fd81be7a58532e041a87f9222f157610a4bcdc05b2a55308c8e7568b90f7a338557e816a16972aea79dff5becefa6f9c5ce6c58fb38da9e7532dc53cfdc2e789b76f7d32aca1bfea2aa62621b78dded30fc07171866bf3d552900000000a32dda61eeda1750e157c2d569b9d08f583c0ee28daec2e8bb85f3c8e91c4448096ee953def18dc73e55cb30f9cd069d8780b00eaba382f0c3ae391c30a5f1b0f36dd0c2193b791995d2890327a10d7abac76d1202f72e97f0105184d7aaaab8d3e29c9a8d263f076b55cf53c5bb9c0662a3d19a6722d7f83ae4331d3256f90af0857788b380ccc3b266c418e66d1d756d5df6423dd0cea67bc235d3776d22270fc19301ead09f156893e9"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000000702"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r3}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000632f77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0x24, 0x60000000}, 0x2c)
ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
r5 = getpgid(0x0)
r6 = syz_pidfd_open(r5, 0x0)
pidfd_send_signal(r6, 0x21, 0x0, 0x4)
close(r4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440))
ioctl$SIOCSIFHWADDR(r4, 0x8b04, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@newtaction={0x80, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x6c, 0x1, [@m_tunnel_key={0x68, 0x1, 0x0, 0x0, {{0xf}, {0x38, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0xd, @multicast1}, @TCA_TUNNEL_KEY_NO_CSUM={0x5, 0xa, 0x1}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x80}}, 0x0)
mremap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000003000/0x2000)=nil)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x10c, &(0x7f0000000140), 0x0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x3, &(0x7f0000000040)=@framed={{0x6, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0xb8}, [], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r8 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r8, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = syz_open_dev$vcsu(&(0x7f0000000000), 0x2, 0x100)
sendmsg$nl_route(r7, &(0x7f0000000580)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)=@ipv6_newroute={0x24, 0x18, 0x200, 0x70bd2a, 0x25dfdbfc, {0xa, 0x10, 0x10, 0xf9, 0xfd, 0x2, 0xff, 0x4, 0x1400}, [@RTA_PRIORITY={0x8, 0x6, 0x89}]}, 0x24}}, 0x8)
preadv(r9, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/2, 0x2}], 0x1, 0x7, 0x8)

4.556388427s ago: executing program 6 (id=2487):
r0 = syz_usb_connect(0x0, 0x202, &(0x7f0000000780)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, 0x0, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x402}, 0x0)
sendmsg$IPSET_CMD_CREATE(r2, 0x0, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000240)={@local, 0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000080)={{@local}, @local, 0x0, 0x0, 0x2})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f00000000c0)={{@host}, @host, 0x0, 0x0, 0x1, 0x4})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, &(0x7f0000000000)={{@my=0x1}, @my=0x1, 0x0, 0x0, 0x421})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x401, 0x1000, 0xffffffff, {}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_BRIDGE={0x4}]}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}]}, 0x3c}}, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mkdir(&(0x7f0000000940)='./file0\x00', 0x5b)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@ocfs2={0xc}, &(0x7f00000000c0), 0x1200)
sendmsg$nl_route(r6, 0x0, 0x0)
execve(&(0x7f0000000440)='./file0\x00', &(0x7f0000000500)={[&(0x7f0000000480)='vcan\x00', &(0x7f00000004c0)='\x00']}, &(0x7f0000000800)={[&(0x7f0000000580)='!{!*-^\':#.\x00', &(0x7f00000005c0)='vcan\x00', &(0x7f0000000600)='vcan\x00', &(0x7f0000000640)='vcan\x00', &(0x7f0000000680)='\x00', &(0x7f00000006c0)='.{-{^-\'}]\x00', &(0x7f0000000700)='vcan\x00', &(0x7f0000000740)='\xd8P@@#@%!\x00', &(0x7f00000007c0)='vcan\x00']})
r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000880), 0x200000, 0x0)
ioctl$SNDCTL_DSP_SPEED(r7, 0xc0045002, &(0x7f00000008c0))
syz_usb_control_io$printer(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000180)={0x4e7c11f140d514fd, 0x8, 0xa7, {0xa7, 0x23, "024c26f14604fa2d2ce1b9728f43e54a46a93213ccfe0527097f405a71eeb58fc2c1f538ce5ab16ac15706a12d84211cf834d385840f3262614bdc8dee471286a4eef1a6a791baf924825ac0d0e53472ba6d3de2a6f3ab82aa8a30f20dd5ff4cfa848811c75b0a357d9354f7173e254b078303d62d4ec93706f9ec88c0dc682654284b2b633b85fa65c4a75b14730cf25a9c59b64ab85e054466dd74694bc8251e3e5b105d"}}, &(0x7f0000000040)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x44a}}}, &(0x7f00000003c0)={0x34, &(0x7f0000000100)={0x0, 0xd, 0x25, "2c6e9b18a6edb9591a89a0de43245b43bbffc6d70101a7e1c0f6409e8673ac61934ed8168e"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x5f}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x6}, &(0x7f00000002c0)={0x20, 0x0, 0x5f, {0x5d, "aad1bd951b9b5a2598773964fafd497e8719a49c068fd8c5886146fe84099d1bef067b29e1457c2c85b6fcb59fabfa9adcb7dbd5d891237e2ebce7701b8796726d8ea1c340747056f1a08e58d8d5a75fc561c39c1524e515a88d89809f"}}, &(0x7f0000000900)={0x20, 0x1, 0x1, 0x8}, &(0x7f0000000380)={0x20, 0x0, 0x1}})

4.500995885s ago: executing program 3 (id=2488):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x200000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = getpid()
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd632e82ba068e8e1572ef2eb414ba5fccfc3c03e64df6a9cc3936c604aa2c0e2ec7b777475023f29b146af003472ce146a5ff997ba53c51026c0096154f9280a34bbf21d66f57a250b5397766122fc86950ce5252e96868cd04df54764cf2082153d6cedd8aaf9700c734aa4a1cb33a2e0a13c5687be4de327511bff9816d13c3219dac1c1535f10243db6f96960ea6a621f5e1b7babbedf0a6bf0cf74123d2e78d01be2b048883a2459eec630fb0293d28d9799fd3a792caff693fd9f002f14c43fb5a1051cc686b7f114d7927eed559bdf2e8ddea3e61d5d942b63fe90230b2e1948fc563ef94d437281671d2fe5032d2a091fa842b0af2e116ba"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r4, 0xe0, &(0x7f0000000580)={0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x14, 0x0, 0x0, 0x0}}, 0x5e)
r7 = getpgid(r3)
r8 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="0300000004000000040000000a0000", @ANYRES32=0x1, @ANYBLOB="5bd000"/20, @ANYRES32=r6, @ANYRES32, @ANYBLOB="020000000400000100000000000000000000ebffffffffffffff0000"], 0x50)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r3, r7, 0x7, r8, &(0x7f0000000280)={r9, r4, 0xf319})
r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840)={r5}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r10, 0x2f00020b, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xae5b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r11 = syz_open_dev$vcsn(&(0x7f0000000000), 0x80000001, 0x2000)
ioctl$VHOST_NET_SET_BACKEND(r11, 0x4008af30, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="180000002400010300000000000000000100"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
r12 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$cgroup_devices(r12, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
r13 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$get_persistent(0x16, 0x0, r13)
syz_open_dev$vim2m(0x0, 0x5, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

4.460469908s ago: executing program 1 (id=2489):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800060000950000000300"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$unix(0x1, 0x2, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_netdev_private(0xffffffffffffffff, 0x8914, &(0x7f0000000000))
syz_init_net_socket$x25(0x9, 0x5, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, 0x0, 0x24044884)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r6)
socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) (fail_nth: 3)

4.159005154s ago: executing program 2 (id=2490):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, &(0x7f00000001c0)='.\n#)|.\x02\xd8\b\xb2f\xcd\x04\xb9\xc7\x9d\xb2a\r\xd7\xef\xc5\x112s\x88\x06\x13o\xd6w\xbf\xfa\xd5?\xa3\'\xca%\xd0\x8fKAq\x89f\xbb\x9dC\xd6\xea\xa8\xc2z\xbfe\xadSb3L)Hy\xfao\b\xa4\xb6\xff\xff\xff\xff\xff\xff\xff\xf7\xc7\xa4\xdcY\x9aM\x90\xa4\x05\xa8\xec\xf3\xa4h\x11\x19\x87E$\n://\xf3\x96\xaf\x1c8\b\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495/\x00d\xd2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xb7\x1e\xf7Ys#m\xd40\xceP\xdc\x15FI>\x01\xfa\x15\x93\x9a&\xb4):\xc7?\x8d\x8e\x02\xc6\xf61\xbd\xbcBq\xba\xc6\x8e\x89\x15UTaf\xfc\x89\xab\x19\xd7\x82\x16\x94m\x0e\xb7$\x8c\xd76K\xdc\xd1;\\QPh@$\x06F\x81\xc9\xf8\xf8H\xb2\x85\xa8Cl\xa6\xcd\xb5\xf0\xd0\x1f\'\xc30]\xad7\x1eZA7\x89\xf5\x81b\r\xc1\x7f[\x84y\xac\x12\xaa\xa2-t\x16>V\xfc\xbf\xdb\xe4\x9a\x9eE^\x90oe\xc0\xd9\xc68\x0f\xd4\xcdKC\xadp\xba\xaa\xab\'\x1cRO\x89\x17i\x88\"\x8dQI\xed\x1d\xe1v\xe6&\xd3\x14\xe92\xca\x9dBe\\\x8f\xff\x9b\xc7Sd!\xf8(Z\xd42\xa2\xcdjjBP\xae3\xbd\xec\x8a\x8f:\xeb1\x1cK\xf2\x04s\b\xcb\xa9\x17\x8529\xd7`\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xa4C\x81\xc8iy\xc4\xf7\x7f\x90\xf80\x18jT\xd45\xde\b\x88\xc9Xw\xe9\xf4\xa4\x94Q\x03s/\xac\xd4\xb7o\x99\xf5\xdb\xf9\x99,+\b\x17\xe4\xf4r}\xda\xf5\x12\x16\xb6g\x00\'(\x02[\xef\x03\x90W% \xe6b\xa2\\\x86\xac\xdax\x997AOJ=\x1f\x00\xe1/\n\xael\x15\xcfR\v\x0e\xbc!\xe8\x1cV-`\xf0$\xa6a \x93PV\x8dm@\x9c', 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000480)=ANY=[@ANYBLOB="1800000007140100000032c83a1100000500"], 0x18}, 0x1, 0x0, 0xffffffffffffff9e, 0x801}, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000140), 0x50080, 0x0)
r5 = userfaultfd(0x80001)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
r6 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r6, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000})
r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
socket$nl_route(0x10, 0x3, 0x0)

4.025409778s ago: executing program 5 (id=2491):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e24, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x4ac2d78a}}, 0x0, 0x0, 0x3f, 0x0, "ee8b0e650926a96ecc136e7fb980e989db9e8bf9b93129488f651a8de213eb94cd46e19d9c65a018444a131f4da58ae36556dd38ea6c029607462029add09240005c6776267517308a3d40aa1c788df6"}, 0xd8)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffd}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f00000001c0)=@gcm_256={{0x304}, "6ae04425ace3f60c", "acba84f0a6731f234db1cc7f3f382ad796bd667cb12ea99509873931d2873103", "0f9dafb4", "ec3fff9afd96e6c0"}, 0x38)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000140)=0x1)
r4 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x20}}, 0x0)
socket$packet(0x11, 0x2, 0x300)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="080000000400000004000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x13, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="1809000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.994154066s ago: executing program 1 (id=2492):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)=ANY=[@ANYRES8, @ANYRESHEX, @ANYRES16, @ANYRES64, @ANYRES8, @ANYRES8, @ANYRESHEX], 0x50)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x6c03, 0x0)
flock(r1, 0x5)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x12a)
renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', r0, &(0x7f00000004c0)='./file0\x00', 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r3 = gettid()
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r4, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r5, 0x0)
read$msr(0xffffffffffffffff, &(0x7f00000002c0)=""/198, 0xc6)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$CEC_ADAP_S_PHYS_ADDR(r1, 0x40026102, &(0x7f0000000180))
pipe(&(0x7f00000001c0)={<r6=>0xffffffffffffffff})
readv(r6, &(0x7f0000002a40)=[{&(0x7f00000007c0)=""/4096, 0x1000}], 0x1)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x141000)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r2, 0xc1105511, &(0x7f0000000140)={0x400005, 0x0, 0x0, 0x0, 'syz0\x00', 0x99})
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

2.980941108s ago: executing program 2 (id=2493):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d40)={0x30, r2, 0x1, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TX_RATES={0x4}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x6, 0x1, [0x48, 0x9]}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x20044085}, 0x4044000)
socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000002c0)={'ip_vti0\x00', &(0x7f0000000240)={'erspan0\x00', <r4=>0x0, 0x40, 0x7, 0xfffffff3, 0x3, {{0xa, 0x4, 0x0, 0x12, 0x28, 0x67, 0x0, 0x8, 0x29, 0x0, @multicast2, @rand_addr=0x64010101, {[@rr={0x7, 0x13, 0x61, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @empty]}]}}}}})
bind$packet(0xffffffffffffffff, &(0x7f0000000300)={0x11, 0xf7, r4, 0x1, 0x5}, 0x14)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, r2, 0x300, 0x70bd29, 0x25dfdbff, {{}, {@void, @void}}, [@crypto_settings=[@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x20, {0x6, 0xb, 0x8747, 0x8}}}, @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x4}, @NL80211_ATTR_VHT_CAPABILITY_MASK={0x10, 0xb0, {0x3, {0x0, 0x39ad, 0x5, 0x7}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x4004000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb0100180000000000000084000000840000000400998680c0255f8422000c020000000000000009000084050000000100000001000000020000000100000024000000ffffffff0b00000004000000060000000f00000003000000ff0f00000a0000000400000004007b4a4ab09d352f00000a00000005000000f8ffffff0f0000005a000000020000000500000004000000230000000a0000000500000005"], 0x0, 0xa0}, 0x28)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8f9, 0x9f94, &(0x7f00000007c0))
rt_sigpending(0x0, 0x0)

2.879927494s ago: executing program 2 (id=2494):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="8c0000000906010200000000000000000200ffff0800094000ffde390900020073797a310000000005000100070000005c0008801c0007801800018014"], 0x8c}, 0x1, 0x0, 0x0, 0x10000182}, 0x4000080)
syz_emit_ethernet(0x4e, &(0x7f0000000280)={@local, @empty, @void, {@ipv6={0x86dd, @generic={0x9, 0x6, "cf3ea0", 0x18, 0x3c, 0x0, @private2, @mcast2, {[@routing={0x2f, 0x2, 0x1, 0x3, 0x0, [@private1]}]}}}}}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x101)

2.798265963s ago: executing program 5 (id=2495):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)=ANY=[@ANYBLOB="74010000", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000004000480080002000100000008000100000000000400088048010c8054000b800800090000000000080009000000000008000a00fffe"], 0x174}}, 0x0)

2.681381298s ago: executing program 2 (id=2496):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x7, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x12, 0x0, 0x0, 0x10, 0x8}, 0x94)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0xfffffffffffffff5, 0x0, {0x0, 0x2, 0xfffffffffffffffe, 0x0, 0x0, 0x0, {0x100040, 0x3, 0x0, 0xffff, 0x20, 0xffffffffffffffff, 0x0, 0x0, 0x11e, 0x6000, 0x8, 0x0, 0x0, 0x902}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x710c01, 0x127, 0x2e}, 0x4a)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000002100)=ANY=[@ANYBLOB="b0000000000000001659ec0889419429aa5db97288b0f8a87ea8e66d9a8b"], 0xb0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
pipe2$9p(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80000)
write$P9_RVERSION(r4, &(0x7f0000000040)={0x15, 0x65, 0xffff, 0x4, 0x8, '9P2000.u'}, 0x15)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000000)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000040)=ANY=[@ANYRES64=r1], 0x10)
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r5, 0xc05064a7, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',posixacl'])

2.65542113s ago: executing program 5 (id=2497):
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000940)={{{@in=@dev, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000a40)=0xe8)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000a80)=<r1=>0x0)
setreuid(r0, r1)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000040260933334000000000010902240001000000000904000001030100000921000000012201000905810308"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0xe, "bf29f405"}]}}, 0x0}, 0x0)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000080)={0x60, 0xf}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x4, 0x4, 0x1}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000100)={r4, 0x58, &(0x7f0000000080)={0x0, <r5=>0x0}}, 0x10)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000140)={r5}, 0xc)
bpf$BPF_GET_PROG_INFO(0x4, &(0x7f0000000000)={r6, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, 0xfffffffffffffcbf, 0x0}}, 0x10)
r7 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000b00)={{0x3, @rose}, [@rose, @rose, @netrom, @null, @netrom, @null, @rose, @netrom]}, &(0x7f0000000b80)=0x48, 0x80000)
close(r7)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000000440)={0x14, &(0x7f0000000ac0)={0x21, 0x9, 0x29, {0x29, 0x7, "a26ac7abf7f484c60000008006b4ffff52ee8037ba0900f1a10050f2b3c81356a2ca3d7c04301d"}}, 0x0}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$sock_int(r8, 0x1, 0xa, &(0x7f0000000000)=0x18, 0x4)
syz_usb_control_io(r2, &(0x7f00000001c0)={0x2c, &(0x7f0000000040)={0x40, 0xa, 0x4d, {0x4d, 0xf, "99d3e0752963b4716da470255c51f2400fb1699a5dbd1d05bd89c3ca7895d33ac33d8b3c4ad02f534a39fc49a5a39ff010b58cf036db5686a6a3bab712eb74326402345b7d0ae523e4634c"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42c}}, &(0x7f0000000100)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000140)={0x20, 0x29, 0xf, {0xf, 0x29, 0x7, 0x1, 0x10, 0x5, "fd3e43e5", "51e94ae9"}}, &(0x7f0000000180)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xf0, 0x10, 0x3, 0x9, 0xfc, 0x1e43, 0x1}}}, &(0x7f0000000880)={0x84, &(0x7f0000000480)={0x40, 0x3, 0xa6, "9ff15d07187a0e874a128290aefffa84824ea27179d7b9b46b41bc28d2558e1886e4a5d9ae49281e8fec3da027b042f07448df061d06580a74bb847c139ee578610ef6d88c2af31a197773271af96fb991c9925dea8262bb289a5224d30e56f0b89125b31f936c160d0bd76ac9789a05121b05c2e9b98ea72d95162f07457e16f94a94383eb0282c847f900a900327061d4b90f9b08d25dcd81898056797a34e71bca96267ff"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0xed}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000400)={0x20, 0x0, 0x4, {0x0, 0x2}}, &(0x7f0000000540)={0x20, 0x0, 0x8, {0x1c00, 0x20, [0x0]}}, &(0x7f00000005c0)={0x40, 0x7, 0x2, 0x8}, &(0x7f0000000600)={0x40, 0x9, 0x1, 0x81}, &(0x7f0000000640)={0x40, 0xb, 0x2, "141c"}, &(0x7f0000000680)={0x40, 0xf, 0x2, 0x8}, &(0x7f00000006c0)={0x40, 0x13, 0x6, @link_local}, &(0x7f0000000700)={0x40, 0x17, 0x6, @remote}, &(0x7f0000000740)={0x40, 0x19, 0x2, 'Qf'}, &(0x7f0000000780)={0x40, 0x1a, 0x2, 0xa000}, &(0x7f00000007c0)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000800)={0x40, 0x1e, 0x1, 0xf6}, &(0x7f0000000840)={0x40, 0x21, 0x1, 0x3}})
syz_usb_ep_write(r2, 0x81, 0xffffff75, &(0x7f00000002c0)="b9425b44651dd23241963599000000110000004a16941ff5f4b4f1f0add7fcf2b877fceafffffffffff1ffdf4cd9f5d3969890522c77157d88010000003a5bd5531d459dffff03000000000091ff000000e8f5b3371da3635b8b4fa637135800001f65e4b436aa9e50bc0f19b7d3372ff9ebcede1fb5e9428f54d5d1f0cc752cf246a5d2da34a5aa97dc14a469c3dd3e26b41c356484e46fd66e3f2c7807e8773eed7b94fa099ab84feadec2ea95f65bba452eae5b0900f98a979a88c517a2dc360a00237723e2f467af706ea17226296b3a10a351cb47aba2c6b836c90679b4dd859ddc9e4800448aab0000000000000d75f34bb50d8d7084")

2.648136426s ago: executing program 3 (id=2498):
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000c00000/0x400000)=nil)
ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000280)=""/198)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mkdir(0x0, 0x0)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getpid()
r3 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r3, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="1400000025000100fe000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

2.517219597s ago: executing program 2 (id=2499):
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6, 0x0, 0x7fff, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5dd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9d, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x3, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x500000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xd3e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0xfffffffd, 0x0, 0x4, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0xc41, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff951d, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x5, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x2, 0x76e, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x31c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xc, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x6, 0x3ff, 0x0, 0x0, 0x0, 0x4, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x45d0852c, 0xffffffff, 0x4, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0xd, 0x0, 0x0, 0x0, 0xfffffffe, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0xfffffffc, 0x6, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd0000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x400, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400, 0xd})
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r3, 0xffffffffffffffff, 0x0)
r4 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0)
msgsnd(0x0, 0x0, 0x401, 0x800)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x52, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x1, 0x0)
add_key$user(0x0, 0x0, 0x0, 0xffffffd6, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write(r4, 0x81, 0x19, &(0x7f0000000100)="e358dbdec7846432bd6d50ae425eb177107e24a13746350853")
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000180)={@local, 0x1})
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000000)={@hyper, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r6, 0x7a5, &(0x7f0000000100)={{@local}, 0x1, 0x0, 0x40})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)

1.111641168s ago: executing program 1 (id=2500):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_DEAUTHENTICATE(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)={0x124, 0x0, 0xfc5, 0x70bd2a, 0x0, {{0x11}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0x108, 0x2a, [@perr={0x84, 0x102, {0xd, 0x10, [{{}, @device_a, 0x72d8, @void, 0x24}, {{}, @broadcast, 0xe9, @void, 0x36}, {{}, @device_a, 0x6, @void, 0x33}, {{}, @device_a, 0x4, @void, 0x37}, {{0x0, 0x1}, @device_b, 0x7fff, @value=@device_b, 0x28}, {{}, @device_b, 0x6d6e, @void, 0x18}, {{0x0, 0x1}, @device_a, 0x0, @value=@broadcast, 0xa}, {{0x0, 0x1}, @broadcast, 0x0, @value, 0x1e}, {{0x0, 0x1}, @device_b, 0x2, @value, 0x6}, {{0x0, 0x1}, @broadcast, 0x5b10, @value, 0xe}, {{0x0, 0x1}, @device_b, 0x3, @value=@device_b, 0x3a}, {{0x0, 0x1}, @device_a, 0x2, @value=@broadcast, 0xfffe}, {{0x0, 0x1}, @device_a, 0x8, @value=@broadcast, 0x7}, {{}, @broadcast, 0x4, @void, 0x3c}, {{}, @device_b, 0x5, @void, 0x20}, {{}, @device_a, 0x81, @void, 0xe}]}}]}]}, 0x124}, 0x1, 0x0, 0x0, 0x4804}, 0x0)
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)={0xa8, 0x0, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xc76c}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xfffffffb}], @chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x10, 0xcd, [0x76bf, 0x6, 0x7, 0x2, 0xa, 0xfff9]}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x19}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0xae}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x24}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x2}], @NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x7803a792df16aefb}, 0x200088c0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, 'o'}, @NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)

1.002632627s ago: executing program 1 (id=2501):
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000120021030000000009bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r3, &(0x7f00000077c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2040, 0x0)

17.193762ms ago: executing program 1 (id=2502):
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newtclass={0x490, 0x28, 0x100, 0x70bd2d, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0x1, 0xffff}, {0xfff1, 0x4}, {0xe, 0xffff}}, [@tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_prio={0x9}, @TCA_RATE={0x6, 0x5, {0x7, 0xa}}, @tclass_kind_options=@c_htb={{0x8}, {0x43c, 0x2, [@TCA_HTB_CTAB={0x404, 0x3, [0xf7, 0x22, 0x4, 0x3, 0x4, 0x1, 0x8000, 0xfffffe00, 0x0, 0x8001, 0xffff, 0x7fff, 0xc0, 0x43, 0x4, 0xdc, 0x6, 0xffe000, 0x7, 0x0, 0xf4, 0x0, 0xb8, 0x7a0, 0x5, 0x7, 0x48, 0x1, 0x8, 0x10, 0x6, 0x80000000, 0x2, 0x5998, 0xf, 0x8, 0xb2ab, 0x5, 0xa, 0x4, 0x9, 0xffffffff, 0x2, 0x7fff, 0x5, 0x3, 0x81, 0x7, 0x9, 0x7, 0x9, 0x8, 0x2, 0x4, 0xbb, 0x4db, 0x9, 0xa7f, 0x1, 0x9, 0x9, 0x360c08de, 0x1, 0x8fab, 0x1, 0x37, 0xc, 0x3ff, 0xff, 0x1000, 0x6, 0x4, 0x3, 0x9, 0xd5d0, 0x0, 0xfffffffd, 0x7ff, 0x6, 0x0, 0x9, 0x9, 0x8, 0x9, 0xb, 0x80000000, 0x6, 0x7, 0x9, 0x9, 0xa, 0x0, 0x3, 0xff, 0x8, 0x7, 0x3, 0x5, 0x1, 0x101, 0xf37, 0x8, 0x6, 0x9, 0x8b0f, 0x4, 0x7, 0xff, 0x4, 0x9, 0x9, 0x615aca59, 0x7f, 0x9, 0x7, 0x9, 0x1000, 0x400, 0x5, 0x0, 0x2, 0x9, 0x4, 0x3ff, 0x3, 0xc89, 0x2, 0x40, 0x80000001, 0x4, 0x8000, 0x100, 0x5, 0x1, 0x4, 0x1ff, 0x8d, 0x9, 0xffffffff, 0x8ba, 0x4, 0x7, 0x3, 0x4, 0x3, 0x3, 0xa, 0x0, 0x7f, 0x2, 0x2, 0x4, 0x2, 0x4, 0x5, 0x101, 0xe, 0x0, 0x0, 0x1, 0x3, 0x7, 0x7, 0x5, 0x9, 0x1, 0x5, 0x4, 0x400, 0x7, 0xfffffff1, 0x6, 0x4, 0xe20e, 0x7, 0x5, 0xff, 0x7, 0x7fff, 0x4, 0x7, 0x3, 0x2, 0x5, 0x1, 0x67, 0x9, 0x8, 0x81, 0x7, 0x7, 0x0, 0x7fff, 0x9, 0x4, 0x1ae6, 0xc, 0x10, 0x81, 0x1, 0x2, 0x800, 0x4, 0x3, 0x80, 0x9, 0x5, 0x5, 0x4, 0x157, 0x9, 0xffffffff, 0x3, 0x3, 0x8, 0x6, 0xdc, 0x2, 0x1, 0x100, 0xfffffff7, 0xe, 0x3, 0x8, 0x1, 0x7, 0x5, 0x2, 0x9, 0x80000001, 0x7f, 0xfffffff7, 0x0, 0x9, 0x1, 0x0, 0x8, 0x1, 0x9, 0x101, 0x6, 0x1, 0x9, 0x100, 0x5, 0x80000000, 0x6, 0x5, 0x80, 0x9, 0x200, 0x6, 0xffff1dac, 0xb86, 0x4, 0x2]}, @TCA_HTB_PARMS={0x30, 0x1, {{0xfc, 0x0, 0x401, 0x800, 0x7, 0x9}, {0x3, 0x0, 0x1, 0x1, 0xfffb, 0x4}, 0x56, 0xd, 0x9, 0x800, 0xffffe060}}, @TCA_HTB_OFFLOAD={0x4}]}}, @TCA_RATE={0x6, 0x5, {0x4e, 0x4}}]}, 0x490}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000f00)='/sys/power/pm_print_times', 0x1a1081, 0x0)
pwritev(r2, &(0x7f00000001c0)=[{&(0x7f0000000000)='2', 0x1}], 0x1, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
r3 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000400620180100000000000109022400010000000009040000010300000009210000000122070009058103"], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0xa, "2d8bf548"}, @main=@item_012={0x1, 0x0, 0xa, 'P'}]}}, 0x0}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000014c0)=@newtfilter={0x38, 0x2c, 0x605, 0x70bd29, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0xc, 0x2, [@TCA_FW_CLASSID={0x8, 0x1, {0xfff2, 0xfff1}}]}}]}, 0x38}}, 0x20004084)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
r5 = syz_create_resource$binfmt(&(0x7f0000000040)='./file0\x00')
openat$binfmt(0xffffffffffffff9c, r5, 0x41, 0x1ff)

16.506589ms ago: executing program 3 (id=2503):
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x11, 0xc0}, [@ldst={0x5}], {0x95, 0x0, 0x74}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f00000000c0)={<r7=>0x0, 0x6}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000180)={r7, 0x1}, &(0x7f0000000300)=0x8)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="2400000010000108000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="0042000080a0040004002b80"], 0x24}, 0x1, 0x0, 0x7000000}, 0x0)
close(0xffffffffffffffff)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = dup(r8)
ioctl$TCSETSF(r9, 0x5404, &(0x7f0000000000)={0x0, 0xfffffffb, 0x0, 0x515f3157, 0x14, "78e1141009f593233bce41f20613341f43d21f"})
r10 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newlink={0x34, 0x10, 0x421, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2240}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}]}, 0x34}}, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
setresuid(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

0s ago: executing program 6 (id=2504):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
epoll_create(0xcbcc)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r3)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000300)='ns/net\x00')
r4 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r5 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000005c0)={r5, 0x0, 0x24, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0xa)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.stat\x00', 0x275a, 0x0)
r7 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8)
move_mount(r6, 0x0, r7, 0x0, 0x154)

kernel console output (not intermixed with test programs):

as 1 interface, different from the descriptor's value: 13
[  573.935119][    T9] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 192, using maximum allowed: 30
[  573.949226][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 192
[  573.992047][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  574.001561][    T9] usb 3-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  574.004293][ T5945] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  574.017658][ T5945] gspca_zc3xx 7-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  574.029135][ T5945] usb 7-1: USB disconnect, device number 4
[  574.029598][    T9] usb 3-1: Product: syz
[  574.063466][    T9] usb 3-1: Manufacturer: syz
[  574.069128][    T9] usb 3-1: SerialNumber: syz
[  574.077962][    T9] usb 3-1: config 0 descriptor??
[  574.241809][ T5883] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  574.253940][ T5883] gspca_zc3xx 2-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  574.502402][ T5883] usb 2-1: USB disconnect, device number 21
[  574.613300][    T9] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  574.697864][    T9] gspca_zc3xx: reg_w_i err -71
[  574.756979][T12725] binder: 12721:12725 ioctl c0306201 0 returned -14
[  575.571811][    T9] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  575.578174][    T9] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  575.604439][    T9] usb 3-1: USB disconnect, device number 25
[  576.112868][T12740] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1852'.
[  577.167996][T12745] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1852'.
[  581.085060][T12790] FAULT_INJECTION: forcing a failure.
[  581.085060][T12790] name failslab, interval 1, probability 0, space 0, times 0
[  581.105348][T12790] CPU: 0 UID: 0 PID: 12790 Comm: syz.5.1864 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  581.105373][T12790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  581.105382][T12790] Call Trace:
[  581.105387][T12790]  <TASK>
[  581.105392][T12790]  dump_stack_lvl+0x16c/0x1f0
[  581.105413][T12790]  should_fail_ex+0x512/0x640
[  581.105430][T12790]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  581.105447][T12790]  should_failslab+0xc2/0x120
[  581.105458][T12790]  __kmalloc_cache_noprof+0x6a/0x3e0
[  581.105472][T12790]  ? binder_transaction+0xc65/0x9af0
[  581.105488][T12790]  binder_transaction+0xc65/0x9af0
[  581.105509][T12790]  ? kasan_save_stack+0x42/0x60
[  581.105523][T12790]  ? kasan_save_stack+0x33/0x60
[  581.105538][T12790]  ? kasan_save_track+0x14/0x30
[  581.105552][T12790]  ? __kasan_kmalloc+0xaa/0xb0
[  581.105566][T12790]  ? binder_inc_ref_for_node+0x302/0x10f0
[  581.105578][T12790]  ? binder_thread_write+0x31d9/0x4e70
[  581.105590][T12790]  ? binder_ioctl+0x26a7/0x72c0
[  581.105600][T12790]  ? __x64_sys_ioctl+0x18e/0x210
[  581.105614][T12790]  ? do_syscall_64+0xcd/0x4c0
[  581.105623][T12790]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.105637][T12790]  ? __pfx_binder_transaction+0x10/0x10
[  581.105653][T12790]  ? __lock_acquire+0xb8a/0x1c90
[  581.105668][T12790]  ? binder_debug+0xde/0x1a0
[  581.105677][T12790]  ? __pfx_binder_debug+0x10/0x10
[  581.105688][T12790]  ? __lock_acquire+0xb8a/0x1c90
[  581.105705][T12790]  ? find_held_lock+0x2b/0x80
[  581.105717][T12790]  ? __might_fault+0xe3/0x190
[  581.105733][T12790]  ? __might_fault+0xe3/0x190
[  581.105747][T12790]  ? __might_fault+0x13b/0x190
[  581.105767][T12790]  binder_thread_write+0x1417/0x4e70
[  581.105785][T12790]  ? __pfx_binder_thread_write+0x10/0x10
[  581.105798][T12790]  ? binder_debug+0xde/0x1a0
[  581.105812][T12790]  ? find_held_lock+0x2b/0x80
[  581.105825][T12790]  ? __might_fault+0xe3/0x190
[  581.105839][T12790]  ? __might_fault+0x13b/0x190
[  581.105859][T12790]  binder_ioctl+0x26a7/0x72c0
[  581.105876][T12790]  ? tomoyo_path_number_perm+0x18d/0x580
[  581.105894][T12790]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  581.105910][T12790]  ? __pfx_binder_ioctl+0x10/0x10
[  581.105929][T12790]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  581.105951][T12790]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  581.105962][T12790]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  581.105973][T12790]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  581.105988][T12790]  ? hook_file_ioctl_common+0x145/0x410
[  581.106004][T12790]  ? selinux_file_ioctl+0x180/0x270
[  581.106014][T12790]  ? selinux_file_ioctl+0xb4/0x270
[  581.106024][T12790]  ? __pfx_binder_ioctl+0x10/0x10
[  581.106037][T12790]  __x64_sys_ioctl+0x18e/0x210
[  581.106052][T12790]  do_syscall_64+0xcd/0x4c0
[  581.106063][T12790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.106073][T12790] RIP: 0033:0x7ff16378e9a9
[  581.106082][T12790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.106093][T12790] RSP: 002b:00007ff1615f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  581.106104][T12790] RAX: ffffffffffffffda RBX: 00007ff1639b5fa0 RCX: 00007ff16378e9a9
[  581.106110][T12790] RDX: 0000200000000480 RSI: 00000000c0306201 RDI: 0000000000000004
[  581.106116][T12790] RBP: 00007ff1615f6090 R08: 0000000000000000 R09: 0000000000000000
[  581.106123][T12790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.106129][T12790] R13: 0000000000000000 R14: 00007ff1639b5fa0 R15: 00007ffced70e108
[  581.106142][T12790]  </TASK>
[  581.976847][T12803] FAULT_INJECTION: forcing a failure.
[  581.976847][T12803] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  582.025624][T12803] CPU: 1 UID: 0 PID: 12803 Comm: syz.3.1868 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  582.025651][T12803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  582.025661][T12803] Call Trace:
[  582.025668][T12803]  <TASK>
[  582.025675][T12803]  dump_stack_lvl+0x16c/0x1f0
[  582.025709][T12803]  should_fail_ex+0x512/0x640
[  582.025740][T12803]  _copy_from_iter+0x29f/0x16f0
[  582.025770][T12803]  ? __pfx__copy_from_iter+0x10/0x10
[  582.025787][T12803]  ? _copy_from_iter+0x15d/0x16f0
[  582.025814][T12803]  skb_copy_datagram_from_iter+0x124/0x740
[  582.025842][T12803]  ? __pfx__kstrtoull+0x10/0x10
[  582.025864][T12803]  ? iov_iter_advance+0x7d/0x6c0
[  582.025888][T12803]  tun_get_user+0x17ac/0x3b80
[  582.025932][T12803]  ? __pfx_tun_get_user+0x10/0x10
[  582.025949][T12803]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  582.025988][T12803]  ? find_held_lock+0x2b/0x80
[  582.026011][T12803]  ? tun_get+0x191/0x370
[  582.026035][T12803]  tun_chr_write_iter+0xdc/0x210
[  582.026056][T12803]  vfs_write+0x6c4/0x1150
[  582.026083][T12803]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  582.026105][T12803]  ? __pfx_vfs_write+0x10/0x10
[  582.026128][T12803]  ? find_held_lock+0x2b/0x80
[  582.026165][T12803]  ksys_write+0x12a/0x250
[  582.026190][T12803]  ? __pfx_ksys_write+0x10/0x10
[  582.026222][T12803]  do_syscall_64+0xcd/0x4c0
[  582.026247][T12803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.026265][T12803] RIP: 0033:0x7f5281d8e9a9
[  582.026280][T12803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.026297][T12803] RSP: 002b:00007f5282c93038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  582.026315][T12803] RAX: ffffffffffffffda RBX: 00007f5281fb5fa0 RCX: 00007f5281d8e9a9
[  582.026327][T12803] RDX: 000000000000fd6c RSI: 0000200000000280 RDI: 0000000000000004
[  582.026345][T12803] RBP: 00007f5282c93090 R08: 0000000000000000 R09: 0000000000000000
[  582.026355][T12803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.026365][T12803] R13: 0000000000000000 R14: 00007f5281fb5fa0 R15: 00007ffe51636898
[  582.026388][T12803]  </TASK>
[  582.885239][T12820] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  583.297323][T12819] binder: BINDER_SET_CONTEXT_MGR already set
[  583.316682][T12819] binder: 12817:12819 ioctl 4018620d 200000000040 returned -16
[  584.396025][T12843] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1880'.
[  585.167812][T12853] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[  585.174352][T12853] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  585.212182][T12853] vhci_hcd vhci_hcd.0: Device attached
[  585.337680][   T30] audit: type=1400 audit(1753283865.922:2472): avc:  denied  { ioctl } for  pid=12852 comm="syz.6.1883" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9208 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  585.367289][T12854] vhci_hcd: connection closed
[  585.391162][   T36] vhci_hcd: stop threads
[  585.412946][   T36] vhci_hcd: release socket
[  585.420402][   T36] vhci_hcd: disconnect device
[  587.627296][T12904] netlink: 'syz.3.1895': attribute type 33 has an invalid length.
[  587.661672][T12904] netlink: 152 bytes leftover after parsing attributes in process `syz.3.1895'.
[  587.720571][T12904] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1895'.
[  588.096635][T12916] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  588.156154][T12919] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  588.222606][T12919] CIFS mount error: No usable UNC path provided in device string!
[  588.222606][T12919] 
[  588.252038][T12919] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  588.358892][T12919] CIFS mount error: No usable UNC path provided in device string!
[  588.358892][T12919] 
[  588.373962][T12919] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  588.393551][T12921] dlm: no locking on control device
[  588.960711][T12921] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1901'.
[  589.759062][T12944] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  589.863746][T12944] netlink: 'syz.6.1906': attribute type 1 has an invalid length.
[  590.094721][   T51] Bluetooth: hci4: link tx timeout
[  590.101728][   T51] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  590.112132][   T51] Bluetooth: hci4: link tx timeout
[  590.117286][   T51] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  590.127330][ T5841] Bluetooth: hci4: link tx timeout
[  590.133053][ T5841] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa
[  590.140756][ T5841] Bluetooth: hci4: link tx timeout
[  590.146302][ T5841] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  590.276108][T12953] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  590.308918][T12953] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1908'.
[  590.343920][T12953] macsec0: entered promiscuous mode
[  590.349902][T12953] macsec1: entered allmulticast mode
[  590.355347][T12953] macsec0: entered allmulticast mode
[  590.368186][T12953] veth1_macvtap: entered allmulticast mode
[  591.933690][T12968] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  592.246981][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  593.401142][T12976] netlink: 'syz.2.1912': attribute type 1 has an invalid length.
[  593.447348][T12976] netlink: 180 bytes leftover after parsing attributes in process `syz.2.1912'.
[  594.361737][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  594.469890][T12992] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1917'.
[  595.271527][   T30] audit: type=1400 audit(1753283875.802:2473): avc:  denied  { create } for  pid=12988 comm="syz.6.1916" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[  595.477086][   T30] audit: type=1400 audit(1753283875.802:2474): avc:  denied  { sys_admin } for  pid=12988 comm="syz.6.1916" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[  595.498229][    C1] vkms_vblank_simulate: vblank timer overrun
[  595.801383][T12988] sctp: sctp_transport_update_pmtu: Reported pmtu 216 too low, using default minimum of 512
[  595.934563][T13010] syz.5.1923 (13010): /proc/13007/oom_adj is deprecated, please use /proc/13007/oom_score_adj instead.
[  596.578034][T13010] can: request_module (can-proto-3) failed.
[  597.326628][T13021] input: syz0 as /devices/virtual/input/input31
[  599.403330][T13044] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  599.423294][T13049] uprobe: syz.3.1933:13049 failed to unregister, leaking uprobe
[  599.743730][T13057] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  600.428809][T13063] netlink: 'syz.3.1936': attribute type 21 has an invalid length.
[  600.437129][T13063] netlink: 'syz.3.1936': attribute type 6 has an invalid length.
[  600.444969][T13063] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1936'.
[  600.984684][   T30] audit: type=1326 audit(1753283881.572:2475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  600.989999][T13066] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1937'.
[  601.018117][   T30] audit: type=1326 audit(1753283881.572:2476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.301536][   T30] audit: type=1326 audit(1753283881.572:2477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.325373][   T30] audit: type=1326 audit(1753283881.572:2478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.381566][   T30] audit: type=1326 audit(1753283881.572:2479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.412125][   T30] audit: type=1326 audit(1753283881.572:2480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.438134][   T30] audit: type=1326 audit(1753283881.572:2481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.590493][   T30] audit: type=1326 audit(1753283881.572:2482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.791604][   T30] audit: type=1326 audit(1753283881.572:2483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.841623][    T9] usb 2-1: new full-speed USB device number 22 using dummy_hcd
[  601.880400][   T30] audit: type=1326 audit(1753283881.572:2484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13065 comm="syz.1.1937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  601.971685][ T5883] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  602.034242][    T9] usb 2-1: config 0 has an invalid descriptor of length 44, skipping remainder of the config
[  602.044741][    T9] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x7B, changing to 0xB
[  602.064426][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 50343, setting to 64
[  602.094506][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  602.133348][ T5883] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  602.147522][ T5883] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  602.159220][    T9] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  602.177211][    T9] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  602.191661][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  602.199874][    T9] usb 2-1: Manufacturer: syz
[  602.206807][ T5883] usb 4-1: config 0 descriptor??
[  602.219681][    T9] usb 2-1: config 0 descriptor??
[  602.239197][T13072] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  602.463826][ T5945] usb 2-1: USB disconnect, device number 22
[  602.831167][ T5883] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor
[  602.854344][ T5883] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001B/input/input32
[  602.962410][ T5883] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  603.058403][T13103] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1949'.
[  603.134248][T13105] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1950'.
[  603.991439][T13120] uprobe: syz.6.1953:13120 failed to unregister, leaking uprobe
[  604.521934][ T5883] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  604.828896][ T5883] usb 2-1: Using ep0 maxpacket: 8
[  604.934954][ T5883] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  604.948041][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  604.978618][ T2146] usb 4-1: USB disconnect, device number 30
[  605.817426][ T5883] usb 2-1: Product: syz
[  605.851557][ T2146] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  605.856287][ T5883] usb 2-1: Manufacturer: syz
[  606.403197][ T5883] usb 2-1: SerialNumber: syz
[  606.453320][ T5883] usb 2-1: config 0 descriptor??
[  606.498315][ T2146] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  606.552072][ T2146] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  606.561197][ T2146] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  606.631335][ T2146] gspca_main: stv0680-2.14.0 probing 041e:4007
[  607.151622][ T5883] usb read operation failed. (-71)
[  607.195230][ T5883] usb write operation failed. (-71)
[  607.204374][ T5883] usb write operation failed. (-71)
[  607.209983][ T5883] usb write operation failed. (-71)
[  607.215344][ T5883] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in cold state
[  607.236387][ T5883] usb 2-1: Direct firmware load for dvb-usb-terratec-h7-az6007.fw failed with error -2
[  607.289333][T13159] netlink: 244 bytes leftover after parsing attributes in process `syz.5.1966'.
[  607.291229][ T5883] usb 2-1: Falling back to sysfs fallback for: dvb-usb-terratec-h7-az6007.fw
[  607.316999][T13159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1966'.
[  607.320544][T13163] overlayfs: upper fs does not support tmpfile.
[  607.327950][T13159] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1966'.
[  607.416333][T13159] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1966'.
[  607.722669][ T2146] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  607.731573][   T43] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  607.882883][   T43] usb 6-1: Using ep0 maxpacket: 32
[  607.895254][   T43] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  607.905326][   T43] usb 6-1: config 0 has no interface number 0
[  607.917127][T13170] binder: BINDER_SET_CONTEXT_MGR already set
[  607.923759][T13170] binder: 13169:13170 ioctl 4018620d 200000000040 returned -16
[  607.933608][   T43] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  607.943381][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  607.961697][ T2146] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  607.969984][   T43] usb 6-1: Product: syz
[  607.981986][   T43] usb 6-1: Manufacturer: syz
[  607.986659][   T43] usb 6-1: SerialNumber: syz
[  607.996082][ T2146] stv0680 4-1:4.0: last error: 44,  command = 0x6e
[  608.023311][ T2146] usb 4-1: USB disconnect, device number 31
[  608.050454][   T43] usb 6-1: config 0 descriptor??
[  608.281937][   T43] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  608.292148][   T43] usb 6-1: selecting invalid altsetting 1
[  608.298310][   T43] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  608.441040][   T43] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  608.453364][   T43] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  608.463358][   T43] usb 6-1: media controller created
[  608.593042][T13182] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  608.942467][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  609.006703][T13185] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  609.021368][T13185] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1974'.
[  609.044929][   T43] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  609.060451][   T43] zl10353_read_register: readreg error (reg=127, ret==-71)
[  609.082123][   T43] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  609.225825][   T43] usb 6-1: USB disconnect, device number 31
[  611.421962][   T30] kauditd_printk_skb: 54 callbacks suppressed
[  611.421978][   T30] audit: type=1400 audit(1753283891.582:2539): avc:  denied  { ioctl } for  pid=13214 comm="syz.3.1984" path="/dev/cachefiles" dev="devtmpfs" ino=4 ioctlcmd=0x6103 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  611.598563][T13222] binder: Binderfs stats mode cannot be changed during a remount
[  611.607632][   T30] audit: type=1400 audit(1753283892.182:2540): avc:  denied  { remount } for  pid=13221 comm="syz.2.1986" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  612.493800][   T30] audit: type=1400 audit(1753283893.022:2541): avc:  denied  { lock } for  pid=13225 comm="syz.5.1988" path="socket:[36982]" dev="sockfs" ino=36982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  613.314868][T13231] kernel profiling enabled (shift: 9)
[  614.347780][   T30] audit: type=1400 audit(1753283894.882:2542): avc:  denied  { setopt } for  pid=13234 comm="syz.2.1990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  615.361687][   T10] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  616.011756][   T10] usb 4-1: Using ep0 maxpacket: 16
[  616.035004][   T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  616.053067][   T10] usb 4-1: config 0 has no interface number 0
[  616.063562][   T10] usb 4-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  616.072894][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  616.080947][   T10] usb 4-1: Product: syz
[  616.085618][   T10] usb 4-1: Manufacturer: syz
[  616.090258][   T10] usb 4-1: SerialNumber: syz
[  616.097641][   T10] usb 4-1: config 0 descriptor??
[  616.106705][   T10] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  617.111759][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  617.164359][T13280] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  617.307333][T13279] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2000'.
[  617.411052][T13283] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  618.150041][   T10] usb 4-1: USB disconnect, device number 32
[  618.246280][T13299] netlink: 'syz.5.2006': attribute type 13 has an invalid length.
[  618.895390][   T30] audit: type=1326 audit(1753283899.482:2543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  618.927822][T13305] netlink: 116 bytes leftover after parsing attributes in process `syz.6.2009'.
[  618.928256][   T30] audit: type=1326 audit(1753283899.482:2544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  618.989197][   T30] audit: type=1326 audit(1753283899.502:2545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.013733][   T30] audit: type=1326 audit(1753283899.502:2546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.037573][   T30] audit: type=1326 audit(1753283899.512:2547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.061132][ T5910] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  619.074902][   T30] audit: type=1326 audit(1753283899.512:2548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.231746][   T30] audit: type=1326 audit(1753283899.512:2549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.308112][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  619.453891][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  619.557633][T13319] mac80211_hwsim hwsim3 syzkaller0: left promiscuous mode
[  619.564863][T13319] mac80211_hwsim hwsim3 syzkaller0: left allmulticast mode
[  619.590430][   T30] audit: type=1326 audit(1753283899.512:2550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.615313][ T5910] usb 6-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  619.651569][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  619.684358][ T5910] usb 6-1: config 0 descriptor??
[  619.719644][   T30] audit: type=1326 audit(1753283899.512:2551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  619.771947][   T30] audit: type=1326 audit(1753283899.512:2552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13304 comm="syz.6.2009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  620.019750][T13329] bad cache= option: no%e
[  620.019750][T13329] 
[  620.027115][T13329] CIFS: VFS: bad cache= option: no%e
[  620.389244][T13333] 9pnet_fd: Insufficient options for proto=fd
[  621.140021][ T5910] usbhid 6-1:0.0: can't add hid device: -71
[  621.148941][ T5910] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  621.183073][ T5910] usb 6-1: USB disconnect, device number 32
[  621.940043][T13338] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  621.964347][T13338] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2016'.
[  622.076810][T13354] netlink: 100 bytes leftover after parsing attributes in process `syz.6.2021'.
[  623.711448][T13352] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2020'.
[  623.886117][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  623.902881][T13371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2026'.
[  623.962608][T13371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2026'.
[  624.127159][T13378] dummy0 speed is unknown, defaulting to 1000
[  624.455612][T13386] netlink: 'syz.6.2030': attribute type 13 has an invalid length.
[  625.191565][   T24] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  625.653921][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  625.691800][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  625.723490][   T24] usb 7-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  625.751699][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  625.776195][T13395] overlay: Unknown parameter 'obj_type'
[  625.870167][   T24] usb 7-1: config 0 descriptor??
[  628.123643][   T43] IPVS: starting estimator thread 0...
[  628.212959][T13423] IPVS: using max 73 ests per chain, 175200 per kthread
[  628.237286][   T24] usbhid 7-1:0.0: can't add hid device: -71
[  628.244474][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  628.291947][   T24] usb 7-1: USB disconnect, device number 5
[  630.252599][   T51] Bluetooth: hci4: command 0x0406 tx timeout
[  630.557258][T13451] input: syz0 as /devices/virtual/input/input33
[  630.700436][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  630.700452][   T30] audit: type=1326 audit(1753283911.282:2567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13457 comm="syz.2.2048" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9037b8e9a9 code=0x0
[  630.821616][   T10] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  630.861601][ T5910] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  630.973272][   T10] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  630.998340][   T10] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  631.002187][T13464] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2051'.
[  631.016545][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.047364][ T5910] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  631.062047][   T10] gspca_main: stv0680-2.14.0 probing 041e:4007
[  631.070035][ T5910] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  631.098800][ T5910] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  631.131705][ T5910] gspca_main: stv0680-2.14.0 probing 041e:4007
[  632.318720][ T5910] stv0680 6-1:4.0: STV(e): camera ping failed!!
[  632.656983][   T10] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110
[  632.671798][   T10] stv0680 7-1:4.0: STV(e): camera ping failed!!
[  632.695508][   T10] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[  632.753709][   T10] stv0680 7-1:4.0: last error: 0,  command = 0x0
[  632.761292][ T5910] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  632.801527][ T5910] stv0680 6-1:4.0: last error: 44,  command = 0x6e
[  632.832129][ T5910] usb 6-1: USB disconnect, device number 33
[  632.896209][T13494] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2057'.
[  632.905914][T13494] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2057'.
[  633.018966][   T30] audit: type=1326 audit(1753283913.602:2568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  633.034998][T13497] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2059'.
[  633.051728][   T30] audit: type=1326 audit(1753283913.602:2569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  633.051776][   T30] audit: type=1326 audit(1753283913.602:2570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  633.051814][   T30] audit: type=1326 audit(1753283913.602:2571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  633.929094][   T30] audit: type=1326 audit(1753283913.602:2572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  633.952586][    C0] vkms_vblank_simulate: vblank timer overrun
[  634.024367][T13504] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2060'.
[  634.047558][ T5910] usb 7-1: USB disconnect, device number 6
[  634.064076][   T30] audit: type=1326 audit(1753283913.602:2573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  634.090129][T13504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2060'.
[  634.133471][T13504] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  634.142390][T13504] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  634.151549][T13504] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  634.160989][T13504] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  634.172749][   T30] audit: type=1326 audit(1753283913.602:2574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  634.197160][   T30] audit: type=1326 audit(1753283913.602:2575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  634.252270][   T30] audit: type=1326 audit(1753283913.602:2576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13496 comm="syz.3.2059" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5281d8e9a9 code=0x7ffc0000
[  635.216815][T13529] sysfs: cannot create duplicate filename '/class/ieee80211/!寿$ûÌÌULÙvy¸ÚØ¢
…D£øUDŒw˜}�zR3âëp(@Ož>ÆÀ–PÛç'
[  635.228859][T13529] CPU: 1 UID: 0 PID: 13529 Comm: syz.2.2068 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  635.228876][T13529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  635.228884][T13529] Call Trace:
[  635.228892][T13529]  <TASK>
[  635.228898][T13529]  dump_stack_lvl+0x16c/0x1f0
[  635.228922][T13529]  sysfs_warn_dup+0x7f/0xa0
[  635.228941][T13529]  sysfs_do_create_link_sd+0x124/0x140
[  635.228954][T13529]  sysfs_create_link+0x61/0xc0
[  635.228965][T13529]  device_add+0x62c/0x1a70
[  635.228981][T13529]  ? __pfx_device_add+0x10/0x10
[  635.228993][T13529]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  635.229009][T13529]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  635.229024][T13529]  wiphy_register+0x1c9c/0x2850
[  635.229038][T13529]  ? netdev_run_todo+0x864/0x1320
[  635.229051][T13529]  ? __dev_printk+0x270/0x270
[  635.229070][T13529]  ? __pfx_wiphy_register+0x10/0x10
[  635.229091][T13529]  ieee80211_register_hw+0x24ac/0x4140
[  635.229110][T13529]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  635.229125][T13529]  ? find_held_lock+0x2b/0x80
[  635.229139][T13529]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  635.229152][T13529]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  635.229166][T13529]  ? __hrtimer_setup+0x176/0x280
[  635.229182][T13529]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  635.229209][T13529]  ? trace_kmalloc+0x2b/0xd0
[  635.229222][T13529]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  635.229240][T13529]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  635.229257][T13529]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  635.229275][T13529]  ? __asan_memcpy+0x3c/0x60
[  635.229292][T13529]  hwsim_new_radio_nl+0xb51/0x12c0
[  635.229311][T13529]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  635.229332][T13529]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  635.229348][T13529]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  635.229367][T13529]  genl_family_rcv_msg_doit+0x206/0x2f0
[  635.229382][T13529]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  635.229402][T13529]  ? bpf_lsm_capable+0x9/0x10
[  635.229421][T13529]  ? security_capable+0x7e/0x260
[  635.229440][T13529]  ? ns_capable+0xd7/0x110
[  635.229462][T13529]  genl_rcv_msg+0x55c/0x800
[  635.229488][T13529]  ? __pfx_genl_rcv_msg+0x10/0x10
[  635.229511][T13529]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  635.229535][T13529]  ? __lock_acquire+0x622/0x1c90
[  635.229547][T13529]  netlink_rcv_skb+0x155/0x420
[  635.229561][T13529]  ? __pfx_genl_rcv_msg+0x10/0x10
[  635.229576][T13529]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  635.229595][T13529]  ? netlink_deliver_tap+0x1ae/0xd30
[  635.229606][T13529]  ? is_vmalloc_addr+0x86/0xa0
[  635.229624][T13529]  genl_rcv+0x28/0x40
[  635.229636][T13529]  netlink_unicast+0x58d/0x850
[  635.229651][T13529]  ? __pfx_netlink_unicast+0x10/0x10
[  635.229670][T13529]  netlink_sendmsg+0x8d1/0xdd0
[  635.229685][T13529]  ? __pfx_netlink_sendmsg+0x10/0x10
[  635.229703][T13529]  ____sys_sendmsg+0xa95/0xc70
[  635.229717][T13529]  ? copy_msghdr_from_user+0x10a/0x160
[  635.229735][T13529]  ? __pfx_____sys_sendmsg+0x10/0x10
[  635.229752][T13529]  ? __pfx_futex_wake_mark+0x10/0x10
[  635.229765][T13529]  ___sys_sendmsg+0x134/0x1d0
[  635.229784][T13529]  ? __pfx____sys_sendmsg+0x10/0x10
[  635.229800][T13529]  ? __lock_acquire+0x622/0x1c90
[  635.229828][T13529]  __sys_sendmsg+0x16d/0x220
[  635.229838][T13529]  ? __pfx___sys_sendmsg+0x10/0x10
[  635.229848][T13529]  ? __x64_sys_futex+0x1e0/0x4c0
[  635.229873][T13529]  do_syscall_64+0xcd/0x4c0
[  635.229885][T13529]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.229896][T13529] RIP: 0033:0x7f9037b8e9a9
[  635.229906][T13529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  635.229917][T13529] RSP: 002b:00007f9038a2f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  635.229929][T13529] RAX: ffffffffffffffda RBX: 00007f9037db5fa0 RCX: 00007f9037b8e9a9
[  635.229935][T13529] RDX: 0000000020004840 RSI: 0000200000000040 RDI: 0000000000000004
[  635.229942][T13529] RBP: 00007f9037c10d69 R08: 0000000000000000 R09: 0000000000000000
[  635.229948][T13529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  635.229954][T13529] R13: 0000000000000000 R14: 00007f9037db5fa0 R15: 00007ffd8f941998
[  635.229969][T13529]  </TASK>
[  636.102354][ T5910] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  636.273239][T13507] CUSE: unknown device info "ÿ
"
[  636.278235][T13507] CUSE: zero length info key specified
[  636.396951][ T5910] usb 3-1: Using ep0 maxpacket: 32
[  636.420954][ T5910] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  636.443319][ T5910] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  636.453000][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  636.461234][ T5910] usb 3-1: Product: syz
[  636.473553][ T5910] usb 3-1: Manufacturer: syz
[  636.478190][ T5910] usb 3-1: SerialNumber: syz
[  636.496480][ T5910] usb 3-1: config 0 descriptor??
[  636.503471][T13533] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  636.716103][T13555] input: syz0 as /devices/virtual/input/input34
[  637.403877][T13564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  637.412745][T13564] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  637.424839][ T5910] usb 3-1: USB disconnect, device number 26
[  637.588095][T13567] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  637.621650][T13567] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  637.664102][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  637.664117][   T30] audit: type=1400 audit(1753283918.252:2592): avc:  denied  { ioctl } for  pid=13565 comm="syz.3.2079" path="socket:[37670]" dev="sockfs" ino=37670 ioctlcmd=0x3b85 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  638.751598][ T2146] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  639.292014][ T2146] usb 3-1: Using ep0 maxpacket: 8
[  639.505477][ T2146] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 13
[  639.608596][ T2146] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 192, using maximum allowed: 30
[  639.655399][ T2146] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 192
[  640.144040][ T2146] usb 3-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  640.241968][ T2146] usb 3-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  640.250326][ T2146] usb 3-1: Product: syz
[  640.266268][ T2146] usb 3-1: Manufacturer: syz
[  640.402960][ T2146] usb 3-1: SerialNumber: syz
[  640.816088][ T2146] usb 3-1: config 0 descriptor??
[  641.150199][T13596] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  641.598532][ T2146] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  641.626979][ T2146] gspca_zc3xx: reg_w_i err -71
[  642.465636][ T2146] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  642.500279][ T2146] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  642.546121][ T2146] usb 3-1: USB disconnect, device number 27
[  642.665812][   T30] audit: type=1400 audit(1753283923.242:2593): avc:  denied  { ioctl } for  pid=13614 comm="syz.5.2094" path="/dev/ptyqf" dev="devtmpfs" ino=134 ioctlcmd=0x5418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  642.787651][T13617] xt_CT: No such helper "snmp"
[  642.945982][T13630] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer.
[  643.633541][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  643.784012][T13647] input: syz0 as /devices/virtual/input/input35
[  644.314193][   T24] usb 7-1: Using ep0 maxpacket: 16
[  644.326166][   T24] usb 7-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  644.358774][   T24] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  644.391606][   T24] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  644.418719][   T24] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  644.448435][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  644.472071][   T24] usb 7-1: Product: syz
[  644.476380][   T24] usb 7-1: Manufacturer: syz
[  644.481083][   T24] usb 7-1: SerialNumber: syz
[  644.846376][T13660] binder: BINDER_SET_CONTEXT_MGR already set
[  644.852622][T13660] binder: 13656:13660 ioctl 4018620d 200000000040 returned -16
[  645.305858][   T24] usb 7-1: 0:2 : does not exist
[  645.884237][T13638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  645.915662][T13638] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.938638][   T24] usb 7-1: 1:0: failed to get current value for ch 0 (-22)
[  647.101900][   T24] usb 7-1: USB disconnect, device number 7
[  647.660755][   T30] audit: type=1400 audit(1753283927.722:2594): avc:  denied  { read } for  pid=13678 comm="syz.3.2109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  647.695629][T13680] netlink: 'syz.3.2109': attribute type 12 has an invalid length.
[  647.743485][ T6216] udevd[6216]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  648.568450][T13700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2115'.
[  649.940935][T13714] binder: 13709:13714 ioctl 4058534c 200000000200 returned -22
[  650.185535][   T30] audit: type=1400 audit(1753283930.562:2595): avc:  denied  { ioctl } for  pid=13709 comm="syz.6.2118" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x9418 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  650.307067][   T30] audit: type=1400 audit(1753283930.602:2596): avc:  denied  { read } for  pid=13709 comm="syz.6.2118" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  650.335167][   T30] audit: type=1400 audit(1753283930.612:2597): avc:  denied  { open } for  pid=13709 comm="syz.6.2118" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  650.543152][T13720] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  650.571353][T13720] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2120'.
[  650.751725][T13714] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  650.770401][T13714] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  650.855775][T13714] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  650.888532][T13714] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  651.060592][T13714] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  651.097799][T13714] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  651.129756][T13714] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  651.146417][   T30] audit: type=1400 audit(1753283931.732:2598): avc:  denied  { write } for  pid=13722 comm="syz.3.2122" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  651.179595][T13714] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  651.186043][T13717] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2119'.
[  651.276355][T13727] futex_wake_op: syz.2.2121 tries to shift op by -1; fix this program
[  651.758947][T13737] dummy0 speed is unknown, defaulting to 1000
[  651.791791][T13734] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(15)
[  651.798429][T13734] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  651.863955][T13742] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(18)
[  651.870592][T13742] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  651.882236][T13734] vhci_hcd vhci_hcd.0: Device attached
[  651.922677][T13734] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  651.948604][T13742] vhci_hcd vhci_hcd.0: Device attached
[  651.948645][T13734] vhci_hcd vhci_hcd.0: pdev(1) rhport(3) sockfd(22)
[  651.960703][T13734] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  651.969820][T13734] vhci_hcd vhci_hcd.0: Device attached
[  651.989775][T13734] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(24)
[  651.996390][T13734] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  652.060740][T13734] vhci_hcd vhci_hcd.0: Device attached
[  652.081242][T13742] vhci_hcd vhci_hcd.0: pdev(1) rhport(4) sockfd(20)
[  652.087868][T13742] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  652.103663][T13754] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  652.133411][T13742] vhci_hcd vhci_hcd.0: Device attached
[  652.141581][ T5910] usb 35-1: new low-speed USB device number 2 using vhci_hcd
[  652.166141][T13734] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  652.264153][T13754] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2128'.
[  652.365131][T13751] vhci_hcd: connection closed
[  652.365368][T13749] vhci_hcd: connection closed
[  652.366670][T13738] vhci_hcd: connection reset by peer
[  652.370344][T13743] vhci_hcd: connection closed
[  652.375087][   T12] vhci_hcd: stop threads
[  652.396305][T13755] vhci_hcd: connection closed
[  652.421528][   T12] vhci_hcd: release socket
[  652.449458][   T12] vhci_hcd: disconnect device
[  652.464664][   T12] vhci_hcd: stop threads
[  652.469045][   T12] vhci_hcd: release socket
[  652.475273][   T12] vhci_hcd: disconnect device
[  652.480364][   T12] vhci_hcd: stop threads
[  652.486076][   T12] vhci_hcd: release socket
[  652.490638][   T12] vhci_hcd: disconnect device
[  652.500839][   T12] vhci_hcd: stop threads
[  652.510610][   T12] vhci_hcd: release socket
[  652.515462][   T12] vhci_hcd: disconnect device
[  652.521185][   T12] vhci_hcd: stop threads
[  652.538615][   T12] vhci_hcd: release socket
[  652.545960][   T12] vhci_hcd: disconnect device
[  652.660421][T13765] ipvlan2: entered promiscuous mode
[  652.665804][   T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  652.675467][T13765] ipvlan2: entered allmulticast mode
[  652.680867][T13765] batadv0: entered allmulticast mode
[  652.687586][T13765] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  652.761759][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  652.824151][   T10] usb 3-1: config 0 has an invalid interface number: 50 but max is 0
[  652.832923][   T10] usb 3-1: config 0 has no interface number 0
[  652.839624][   T10] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  652.856187][   T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  652.865536][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  652.895972][   T10] usb 3-1: Product: syz
[  652.904158][   T10] usb 3-1: Manufacturer: syz
[  652.915323][   T10] usb 3-1: SerialNumber: syz
[  652.921682][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  652.944064][   T10] usb 3-1: config 0 descriptor??
[  652.969107][   T10] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0
[  653.083063][ T5841] Bluetooth: hci3: command 0x0406 tx timeout
[  653.200980][ T5841] Bluetooth: hci5: command 0x0406 tx timeout
[  653.211754][   T24] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  653.325976][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  653.396008][    C0] yurex 3-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8
[  653.402575][T13772] netlink: 'syz.1.2133': attribute type 21 has an invalid length.
[  653.413274][T13772] netlink: 'syz.1.2133': attribute type 6 has an invalid length.
[  653.421027][T13772] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2133'.
[  653.491911][   T24] usb 7-1: device descriptor read/64, error -71
[  653.585087][T13775] uprobe: syz.3.2134:13775 failed to unregister, leaking uprobe
[  653.733408][   T24] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  654.581417][   T24] usb 7-1: device descriptor read/64, error -71
[  654.841984][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  655.003491][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  655.018785][   T24] usb usb7-port1: attempt power cycle
[  655.161682][ T5841] Bluetooth: hci3: command 0x0406 tx timeout
[  655.311576][    T9] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  655.371688][   T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  655.393191][   T24] usb 7-1: device descriptor read/8, error -71
[  655.463506][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  655.466408][   T43] usb 3-1: USB disconnect, device number 28
[  655.483407][   T43] yurex 3-1:0.50: USB YUREX #0 now disconnected
[  655.500970][    T9] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  655.523251][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  655.539922][    T9] usb 4-1: config 0 descriptor??
[  655.707123][   T24] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  655.732131][   T24] usb 7-1: device descriptor read/8, error -71
[  655.786523][    T9] usbhid 4-1:0.0: can't add hid device: -71
[  655.822243][    T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  655.978823][    T9] usb 4-1: USB disconnect, device number 33
[  656.321706][   T24] usb usb7-port1: unable to enumerate USB device
[  656.388332][   T30] audit: type=1400 audit(1753283936.972:2599): avc:  denied  { read } for  pid=13803 comm="syz.6.2142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  656.542342][    T9] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  656.627857][   T30] audit: type=1400 audit(1753283937.212:2600): avc:  denied  { listen } for  pid=13814 comm="syz.1.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  656.791814][   T43] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  656.802546][   T30] audit: type=1400 audit(1753283937.382:2601): avc:  denied  { view } for  pid=13814 comm="syz.1.2145" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  656.855271][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  656.882217][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  656.901905][    T9] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  656.982259][   T43] usb 3-1: Using ep0 maxpacket: 16
[  657.019657][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  657.038362][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  657.038975][   T43] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  657.048553][    T9] usb 4-1: config 0 descriptor??
[  657.061544][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  657.081054][   T43] usb 3-1: Product: syz
[  657.090422][   T43] usb 3-1: Manufacturer: syz
[  657.108572][   T43] usb 3-1: SerialNumber: syz
[  657.124309][   T43] usb 3-1: config 0 descriptor??
[  657.178493][   T43] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  657.242262][   T43] em28xx 3-1:0.0: DVB interface 0 found: bulk
[  657.324771][ T5910] vhci_hcd: vhci_device speed not set
[  657.871935][    T9] plantronics 0003:047F:FFFF.001C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  658.101385][   T43] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[  658.470460][    C1] plantronics 0003:047F:FFFF.001C: hid_field_extract() called with n (132) > 32! (fido_id)
[  658.488365][   T43] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  658.498396][   T43] em28xx 3-1:0.0: board has no eeprom
[  658.581648][   T43] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  658.589913][   T43] em28xx 3-1:0.0: dvb set to bulk mode.
[  658.604338][   T24] em28xx 3-1:0.0: Binding DVB extension
[  658.658036][   T43] usb 3-1: USB disconnect, device number 29
[  658.716918][   T43] em28xx 3-1:0.0: Disconnecting em28xx
[  658.816416][    T9] usb 4-1: USB disconnect, device number 34
[  658.825322][   T24] em28xx 3-1:0.0: Registering input extension
[  658.860809][   T43] em28xx 3-1:0.0: Closing input extension
[  658.950385][   T43] em28xx 3-1:0.0: Freeing device
[  659.043158][ T5944] usb usb36-port1: attempt power cycle
[  659.240061][T13848] uprobe: syz.1.2155:13848 failed to unregister, leaking uprobe
[  659.548114][ T5910] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  659.773227][ T5910] usb 3-1: Using ep0 maxpacket: 16
[  659.792417][ T5944] usb usb36-port1: unable to enumerate USB device
[  659.861707][ T5910] usb 3-1: config 0 has an invalid interface number: 126 but max is 0
[  659.931642][ T5910] usb 3-1: config 0 has an invalid descriptor of length 116, skipping remainder of the config
[  659.984916][ T5910] usb 3-1: config 0 has no interface number 0
[  660.032575][ T5910] usb 3-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87
[  660.075797][ T5910] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024
[  660.114476][ T5910] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64
[  660.155845][ T5910] usb 3-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid maxpacket 29797, setting to 1024
[  660.256182][ T5910] usb 3-1: config 0 interface 126 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  660.290360][ T5910] usb 3-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[  660.321555][ T5910] usb 3-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88
[  660.359086][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.503735][ T5910] usb 3-1: config 0 descriptor??
[  660.568617][T13854] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  660.655837][T13854] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  660.789760][ T5910] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  662.159025][   T24] usb 3-1: USB disconnect, device number 30
[  662.445461][T13893] loop6: detected capacity change from 0 to 8388607
[  662.454516][T13893] buffer_io_error: 7 callbacks suppressed
[  662.460333][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.469343][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.478227][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.487275][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.496301][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.505729][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.514686][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.524340][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.532906][T13893] ldm_validate_partition_table(): Disk read failed.
[  662.540065][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.548956][T13893] Buffer I/O error on dev loop6, logical block 0, async page read
[  662.558936][T13893] Dev loop6: unable to read RDB block 0
[  662.568292][T13893]  loop6: unable to read partition table
[  662.575774][T13893] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  662.817314][ T5200] ldm_validate_partition_table(): Disk read failed.
[  662.835392][ T5200] Dev loop6: unable to read RDB block 0
[  662.841361][ T5200]  loop6: unable to read partition table
[  664.663550][   T30] audit: type=1400 audit(1753283945.122:2602): avc:  denied  { accept } for  pid=13915 comm="syz.6.2172" laddr=172.20.20.170 lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  665.105635][T13926] FAULT_INJECTION: forcing a failure.
[  665.105635][T13926] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  665.161664][T13926] CPU: 0 UID: 0 PID: 13926 Comm: syz.2.2175 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  665.161694][T13926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  665.161705][T13926] Call Trace:
[  665.161711][T13926]  <TASK>
[  665.161718][T13926]  dump_stack_lvl+0x16c/0x1f0
[  665.161751][T13926]  should_fail_ex+0x512/0x640
[  665.161783][T13926]  _copy_to_user+0x32/0xd0
[  665.161807][T13926]  simple_read_from_buffer+0xcb/0x170
[  665.161836][T13926]  proc_fail_nth_read+0x197/0x270
[  665.161864][T13926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  665.161891][T13926]  ? rw_verify_area+0xcf/0x680
[  665.161913][T13926]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  665.161939][T13926]  vfs_read+0x1e1/0xc60
[  665.161968][T13926]  ? __pfx___mutex_lock+0x10/0x10
[  665.161987][T13926]  ? __pfx_vfs_read+0x10/0x10
[  665.162019][T13926]  ? __fget_files+0x20e/0x3c0
[  665.162043][T13926]  ksys_read+0x12a/0x250
[  665.162069][T13926]  ? __pfx_ksys_read+0x10/0x10
[  665.162102][T13926]  do_syscall_64+0xcd/0x4c0
[  665.162122][T13926]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.162140][T13926] RIP: 0033:0x7f9037b8d3bc
[  665.162155][T13926] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  665.162173][T13926] RSP: 002b:00007f9038a2f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  665.162192][T13926] RAX: ffffffffffffffda RBX: 00007f9037db5fa0 RCX: 00007f9037b8d3bc
[  665.162204][T13926] RDX: 000000000000000f RSI: 00007f9038a2f0a0 RDI: 0000000000000004
[  665.162214][T13926] RBP: 00007f9038a2f090 R08: 0000000000000000 R09: 0000000000000000
[  665.162224][T13926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.162234][T13926] R13: 0000000000000000 R14: 00007f9037db5fa0 R15: 00007ffd8f941998
[  665.162258][T13926]  </TASK>
[  666.868239][T13934] could not allocate digest TFM handle hmac(sha1-avx2)
[  667.785731][T13952] xt_CT: No such helper "netbios-ns"
[  668.543471][   T30] audit: type=1326 audit(1753283949.132:2603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  668.568355][T13964] netlink: 116 bytes leftover after parsing attributes in process `syz.1.2183'.
[  668.840032][   T30] audit: type=1326 audit(1753283949.132:2604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.092953][   T30] audit: type=1326 audit(1753283949.132:2605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.226101][   T30] audit: type=1326 audit(1753283949.132:2606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.250294][   T30] audit: type=1326 audit(1753283949.132:2607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.294310][   T30] audit: type=1326 audit(1753283949.132:2608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.769342][   T30] audit: type=1326 audit(1753283949.132:2609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  669.802142][   T30] audit: type=1326 audit(1753283949.132:2610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.008668][   T30] audit: type=1326 audit(1753283949.132:2611): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.050128][ T5883] usb 2-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use <kernel_dir>/scripts/get_dvb_firmware to get the firmware
[  670.219816][   T30] audit: type=1326 audit(1753283949.132:2612): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.381154][ T5883] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -110
[  670.395725][ T5883] usb 2-1: USB disconnect, device number 23
[  670.406322][   T30] audit: type=1326 audit(1753283949.132:2613): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.429704][    C0] vkms_vblank_simulate: vblank timer overrun
[  670.582889][   T30] audit: type=1326 audit(1753283949.132:2614): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.889399][   T30] audit: type=1326 audit(1753283949.132:2615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  670.912810][    C0] vkms_vblank_simulate: vblank timer overrun
[  671.074557][   T30] audit: type=1326 audit(1753283949.132:2616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  671.101853][   T30] audit: type=1326 audit(1753283949.132:2617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  671.127089][   T30] audit: type=1326 audit(1753283949.162:2618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13963 comm="syz.1.2183" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2b0b98e9a9 code=0x7ffc0000
[  671.175868][ T5841] Bluetooth: hci2: unexpected event for opcode 0x0c26
[  671.257361][T13997] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2195'.
[  671.946230][T14010] netlink: 'syz.5.2199': attribute type 1 has an invalid length.
[  673.111530][ T2146] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  673.210674][T14025] bridge0: entered allmulticast mode
[  673.308337][T14027] netlink: 'syz.6.2202': attribute type 21 has an invalid length.
[  673.361591][ T2146] usb 2-1: Using ep0 maxpacket: 32
[  673.373058][ T2146] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  673.966052][ T2146] usb 2-1: config 0 has no interface number 0
[  673.972776][T14027] netlink: 'syz.6.2202': attribute type 6 has an invalid length.
[  673.980528][T14027] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2202'.
[  674.034710][ T2146] usb 2-1: config 0 interface 12 has no altsetting 0
[  674.063588][ T2146] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  674.073048][ T2146] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  674.081123][ T2146] usb 2-1: Product: syz
[  674.111513][ T2146] usb 2-1: Manufacturer: syz
[  674.116184][ T2146] usb 2-1: SerialNumber: syz
[  674.198038][ T2146] usb 2-1: config 0 descriptor??
[  674.641652][T14039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2206'.
[  675.109682][ T2146] f81534 2-1:0.12: f81534_set_register: reg: 1002 data: 0 failed: -71
[  675.142311][ T2146] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71
[  675.157236][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  675.157252][   T30] audit: type=1400 audit(1753283955.744:2656): avc:  denied  { append } for  pid=14044 comm="syz.6.2208" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  675.190311][ T2146] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  675.221650][ T2146] f81534 2-1:0.12: probe with driver f81534 failed with error -71
[  675.335205][ T2146] usb 2-1: USB disconnect, device number 24
[  675.450153][T14049] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  675.463545][T14053] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  676.287586][   T30] audit: type=1326 audit(1753283956.874:2657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14064 comm="syz.5.2214" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff16378e9a9 code=0x0
[  676.521571][ T2146] usb 2-1: new low-speed USB device number 25 using dummy_hcd
[  677.062537][ T2146] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  677.072111][ T2146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  677.085929][ T2146] usb 2-1: config 0 descriptor??
[  677.238911][T14084] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  677.730153][T14097] vivid-003: disconnect
[  677.735711][T14097] futex_wake_op: syz.6.2223 tries to shift op by -1; fix this program
[  677.810070][T14099] lo speed is unknown, defaulting to 1000
[  677.816006][T14099] lo speed is unknown, defaulting to 1000
[  677.822214][T14099] lo speed is unknown, defaulting to 1000
[  677.833859][T14099] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  677.853012][T14099] lo speed is unknown, defaulting to 1000
[  677.859701][T14099] lo speed is unknown, defaulting to 1000
[  677.866407][T14099] lo speed is unknown, defaulting to 1000
[  677.874037][T14099] lo speed is unknown, defaulting to 1000
[  677.880833][T14099] lo speed is unknown, defaulting to 1000
[  677.887358][T14099] lo speed is unknown, defaulting to 1000
[  678.302688][T14107] tmpfs: Unknown parameter 'usrquoÀîPþlock_hardlimit'
[  678.620600][T14095] vivid-003: reconnect
[  680.559784][T14133] fuse: Bad value for 'fd'
[  680.761839][   T43] usb 7-1: new full-speed USB device number 12 using dummy_hcd
[  681.077463][T14140] binder: BINDER_SET_CONTEXT_MGR already set
[  681.111675][T14140] binder: 14139:14140 ioctl 4018620d 200000000040 returned -16
[  681.183457][ T2146] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  681.199166][ T2146] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[  681.234379][   T43] usb 7-1: config 127 has an invalid interface number: 218 but max is 0
[  681.709158][   T43] usb 7-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  681.722777][   T43] usb 7-1: config 127 has no interface number 0
[  681.730556][   T43] usb 7-1: config 127 interface 218 altsetting 2 endpoint 0x3 has invalid wMaxPacketSize 0
[  681.740752][   T43] usb 7-1: config 127 interface 218 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  681.756790][ T2146] asix 2-1:0.0: probe with driver asix failed with error -71
[  681.785153][ T2146] usb 2-1: USB disconnect, device number 25
[  681.791187][   T43] usb 7-1: config 127 interface 218 has no altsetting 0
[  681.818531][   T43] usb 7-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice= 3.5c
[  681.860687][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  682.106275][   T43] usb 7-1: Product: syz
[  682.161959][   T43] usb 7-1: Manufacturer: syz
[  682.173545][   T43] usb 7-1: SerialNumber: syz
[  682.229412][   T30] audit: type=1400 audit(1753283962.814:2658): avc:  denied  { getopt } for  pid=14151 comm="syz.5.2235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  682.250489][T14152] netlink: 755 bytes leftover after parsing attributes in process `syz.5.2235'.
[  682.413405][T14131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  682.422158][T14131] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  682.495099][T14158] trusted_key: encrypted_key: insufficient parameters specified
[  682.847835][T14158] process 'syz.3.2237' launched './file0' with NULL argv: empty string added
[  682.940529][   T43] etas_es58x 7-1:127.218: Starting syz syz (Serial Number syz)
[  682.964700][   T30] audit: type=1400 audit(1753283963.454:2659): avc:  denied  { execute_no_trans } for  pid=14153 comm="syz.3.2237" path="/440/file0" dev="tmpfs" ino=2373 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  683.008981][   T43] etas_es58x 7-1:127.218: could not retrieve the product info string
[  683.218179][   T43] usb 7-1: USB disconnect, device number 12
[  683.269194][   T43] etas_es58x 7-1:127.218: Disconnecting syz syz
[  683.501798][ T5883] usb 4-1: new full-speed USB device number 35 using dummy_hcd
[  683.733147][ T5883] usb 4-1: config 0 has an invalid interface number: 133 but max is 0
[  683.741351][ T5883] usb 4-1: config 0 has no interface number 0
[  683.889446][ T5883] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d
[  683.900715][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  683.913206][ T5883] usb 4-1: Product: syz
[  683.917379][ T5883] usb 4-1: Manufacturer: syz
[  683.942210][ T5883] usb 4-1: SerialNumber: syz
[  683.988097][ T5883] usb 4-1: config 0 descriptor??
[  684.411779][ T5883] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected
[  684.542303][ T5883] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81
[  684.563820][ T5883] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1
[  684.574307][ T5883] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2
[  684.647433][ T5883] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  684.918002][T14167] xt_hashlimit: overflow, try lower: 18446744073709551615/7
[  684.961677][   T24] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  685.207955][T14196] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2245'.
[  685.382307][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  685.470819][   T24] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  685.539533][   T24] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  685.583524][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  685.633121][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  685.743084][   T30] audit: type=1326 audit(1753283966.334:2660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  685.771739][T14206] netlink: 116 bytes leftover after parsing attributes in process `syz.6.2248'.
[  685.858326][   T30] audit: type=1326 audit(1753283966.364:2661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.293723][   T30] audit: type=1326 audit(1753283966.364:2662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.350962][   T30] audit: type=1326 audit(1753283966.364:2663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.379870][T14216] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  686.385849][   T30] audit: type=1326 audit(1753283966.364:2664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.454006][ T2146] usb 4-1: USB disconnect, device number 35
[  686.498524][ T2146] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  686.558342][T14216] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2250'.
[  686.565234][ T2146] keyspan 4-1:0.133: device disconnected
[  686.683414][   T24] stv0680 3-1:4.0: STV(e): camera ping failed!!
[  686.697203][   T30] audit: type=1326 audit(1753283966.364:2665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.761002][T14223] overlay: Unknown parameter 'smackfsroot'
[  686.796587][   T30] audit: type=1326 audit(1753283966.364:2666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.912437][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  686.920629][   T24] stv0680 3-1:4.0: last error: 44,  command = 0x6e
[  686.952348][   T30] audit: type=1326 audit(1753283966.364:2667): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=14205 comm="syz.6.2248" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5748d8e9a9 code=0x7ffc0000
[  686.998468][T14220] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2251'.
[  687.014643][   T24] usb 3-1: USB disconnect, device number 31
[  687.263802][T14226] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2252'.
[  687.267043][T14227] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2252'.
[  687.862583][T14234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2255'.
[  687.901013][T14234] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2255'.
[  688.181143][T14252] tipc: Resetting bearer <eth:team0>
[  688.546655][T14252] /dev/nullb0: Can't open blockdev
[  689.069815][T14254] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2262'.
[  690.226627][   T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  690.404440][   T24] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  690.455854][   T24] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  690.477263][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  690.558302][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  691.329328][T14288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2272'.
[  691.742069][   T24] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  691.801544][ T5910] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  692.011541][ T5910] usb 6-1: Using ep0 maxpacket: 8
[  692.149798][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  692.470204][T14296] input: syz1 as /devices/virtual/input/input38
[  692.485167][   T24] stv0680 4-1:4.0: last error: 44,  command = 0x6e
[  692.551949][ T5910] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  692.572773][ T5910] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  692.590037][ T5910] usb 6-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  692.599156][ T5910] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.607157][ T5910] usb 6-1: Product: syz
[  692.611324][ T5910] usb 6-1: Manufacturer: syz
[  692.618425][ T5910] usb 6-1: SerialNumber: syz
[  692.630614][   T24] usb 4-1: USB disconnect, device number 36
[  692.668826][ T5910] usb 6-1: config 0 descriptor??
[  694.253305][T14282] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2271'.
[  694.304682][ T5910] usb 6-1: USB disconnect, device number 34
[  694.366265][T14318] FAULT_INJECTION: forcing a failure.
[  694.366265][T14318] name failslab, interval 1, probability 0, space 0, times 0
[  694.411037][T14318] CPU: 0 UID: 0 PID: 14318 Comm: syz.2.2282 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  694.411065][T14318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  694.411074][T14318] Call Trace:
[  694.411079][T14318]  <TASK>
[  694.411085][T14318]  dump_stack_lvl+0x16c/0x1f0
[  694.411118][T14318]  should_fail_ex+0x512/0x640
[  694.411143][T14318]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  694.411172][T14318]  should_failslab+0xc2/0x120
[  694.411189][T14318]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  694.411215][T14318]  ? ovl_mount_dir+0x26/0x1f0
[  694.411239][T14318]  kstrdup+0x53/0x100
[  694.411265][T14318]  ovl_mount_dir+0x26/0x1f0
[  694.411287][T14318]  ovl_parse_param+0x10ae/0x1570
[  694.411307][T14318]  ? selinux_fs_context_parse_param+0xd8/0x130
[  694.411334][T14318]  ? __pfx_ovl_parse_param+0x10/0x10
[  694.411355][T14318]  ? trace_kmalloc+0x2b/0xd0
[  694.411370][T14318]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  694.411404][T14318]  ? static_key_count+0x5a/0x70
[  694.411428][T14318]  ? __pfx_ovl_parse_param+0x10/0x10
[  694.411450][T14318]  vfs_parse_fs_param+0x20b/0x3c0
[  694.411469][T14318]  vfs_parse_fs_string+0xe9/0x150
[  694.411486][T14318]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[  694.411513][T14318]  ? ovl_next_opt+0x143/0x1c0
[  694.411533][T14318]  ? __pfx_ovl_next_opt+0x10/0x10
[  694.411552][T14318]  vfs_parse_monolithic_sep+0x16f/0x1f0
[  694.411571][T14318]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[  694.411590][T14318]  ? alloc_fs_context+0x59b/0x9c0
[  694.411612][T14318]  path_mount+0x13cd/0x2020
[  694.411633][T14318]  ? kmem_cache_free+0x2d1/0x4d0
[  694.411657][T14318]  ? __pfx_path_mount+0x10/0x10
[  694.411679][T14318]  ? putname+0x154/0x1a0
[  694.411701][T14318]  __x64_sys_mount+0x28d/0x310
[  694.411720][T14318]  ? __pfx___x64_sys_mount+0x10/0x10
[  694.411746][T14318]  do_syscall_64+0xcd/0x4c0
[  694.411765][T14318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  694.411782][T14318] RIP: 0033:0x7f9037b8e9a9
[  694.411796][T14318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  694.411812][T14318] RSP: 002b:00007f9038a2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  694.411829][T14318] RAX: ffffffffffffffda RBX: 00007f9037db5fa0 RCX: 00007f9037b8e9a9
[  694.411840][T14318] RDX: 0000200000000080 RSI: 0000200000000040 RDI: 0000000000000000
[  694.411850][T14318] RBP: 00007f9038a2f090 R08: 00002000000005c0 R09: 0000000000000000
[  694.411859][T14318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  694.411870][T14318] R13: 0000000000000000 R14: 00007f9037db5fa0 R15: 00007ffd8f941998
[  694.411892][T14318]  </TASK>
[  694.515337][T14325] bridge0: entered allmulticast mode
[  695.183820][T14332] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2286'.
[  695.248117][T14332] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2286'.
[  695.305167][T14332] netlink: 64130 bytes leftover after parsing attributes in process `syz.1.2286'.
[  695.401599][ T5910] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  695.713864][ T5910] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  695.724087][ T5910] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  695.739358][ T5910] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  695.776765][ T5910] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  695.786181][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  695.816537][ T5910] usb 3-1: Product: syz
[  695.826664][ T5910] usb 3-1: Manufacturer: syz
[  695.862114][ T5910] usb 3-1: SerialNumber: syz
[  695.866972][T14341] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2289'.
[  695.887557][ T5910] usb 3-1: config 0 descriptor??
[  695.911355][T14329] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  695.923132][T14329] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  695.931004][ T5910] usb 3-1: ucan: probing device on interface #0
[  696.164236][T14351] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2292'.
[  696.929277][ T5910] ucan 3-1:0.0 can0: registered device
[  697.188235][ T5910] ucan 3-1:0.0 can0: firmware string: unknown
[  697.198011][ T5910] usb 3-1: USB disconnect, device number 32
[  697.331406][T14370] Lens A: =================  START STATUS  =================
[  697.339748][T14370] Lens A: Focus, Absolute: 0
[  697.344769][T14370] Lens A: ==================  END STATUS  ==================
[  698.503590][   T30] kauditd_printk_skb: 21 callbacks suppressed
[  698.503607][   T30] audit: type=1400 audit(1753283979.094:2689): avc:  denied  { audit_write } for  pid=14381 comm="syz.3.2302" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  698.540526][T14384] program syz.5.2303 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  698.591374][   T30] audit: type=1400 audit(1753283979.124:2690): avc:  denied  { name_bind 0x1000000 } for  pid=14381 comm="syz.3.2302" path="socket:[41096]" dev="sockfs" ino=41096 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  698.900718][T14391] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=640 (1280 ns) > initial count (34 ns). Using initial count to start timer.
[  701.441578][T14415] FAULT_INJECTION: forcing a failure.
[  701.441578][T14415] name failslab, interval 1, probability 0, space 0, times 0
[  701.454918][T14415] CPU: 0 UID: 0 PID: 14415 Comm: syz.5.2310 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  701.454939][T14415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  701.454946][T14415] Call Trace:
[  701.454950][T14415]  <TASK>
[  701.454954][T14415]  dump_stack_lvl+0x16c/0x1f0
[  701.454975][T14415]  should_fail_ex+0x512/0x640
[  701.454992][T14415]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  701.455008][T14415]  should_failslab+0xc2/0x120
[  701.455019][T14415]  __kmalloc_cache_noprof+0x6a/0x3e0
[  701.455034][T14415]  ? fuse_get_tree+0xbe/0x640
[  701.455048][T14415]  fuse_get_tree+0xbe/0x640
[  701.455058][T14415]  ? security_capable+0x7e/0x260
[  701.455074][T14415]  vfs_get_tree+0x8b/0x340
[  701.455088][T14415]  path_mount+0x1414/0x2020
[  701.455100][T14415]  ? kmem_cache_free+0x2d1/0x4d0
[  701.455115][T14415]  ? __pfx_path_mount+0x10/0x10
[  701.455128][T14415]  ? putname+0x154/0x1a0
[  701.455143][T14415]  __x64_sys_mount+0x28d/0x310
[  701.455155][T14415]  ? __pfx___x64_sys_mount+0x10/0x10
[  701.455171][T14415]  do_syscall_64+0xcd/0x4c0
[  701.455182][T14415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  701.455193][T14415] RIP: 0033:0x7ff16378e9a9
[  701.455203][T14415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  701.455213][T14415] RSP: 002b:00007ff1615d5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  701.455224][T14415] RAX: ffffffffffffffda RBX: 00007ff1639b6080 RCX: 00007ff16378e9a9
[  701.455230][T14415] RDX: 0000200000000540 RSI: 0000200000000040 RDI: 0000200000000000
[  701.455237][T14415] RBP: 00007ff1615d5090 R08: 0000000000000000 R09: 0000000000000000
[  701.455243][T14415] R10: 0000000001004040 R11: 0000000000000246 R12: 0000000000000002
[  701.455249][T14415] R13: 0000000000000001 R14: 00007ff1639b6080 R15: 00007ffced70e108
[  701.455262][T14415]  </TASK>
[  701.751997][T14416] bridge0: entered promiscuous mode
[  701.757338][T14416] bridge0: entered allmulticast mode
[  702.767766][T14428] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2316'.
[  703.901646][T14450] kAFS: unparsable volume name
[  703.907007][T14450] Scaler: =================  START STATUS  =================
[  703.914466][T14450] Scaler: ==================  END STATUS  ==================
[  703.938019][T14450] netlink: 'syz.3.2321': attribute type 7 has an invalid length.
[  704.077984][T14450] netlink: 'syz.3.2321': attribute type 8 has an invalid length.
[  705.086523][T14442] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  705.093787][T14442] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  707.398407][T14539] ipvlan3: entered promiscuous mode
[  707.407665][T14539] ipvlan3: entered allmulticast mode
[  707.417829][T14539] batadv0: entered allmulticast mode
[  707.463665][T14539] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  708.245080][T14547] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2333'.
[  708.274846][T14547] netlink: 196 bytes leftover after parsing attributes in process `syz.1.2333'.
[  708.300061][T14547] netlink: 19 bytes leftover after parsing attributes in process `syz.1.2333'.
[  708.659543][T14563] tipc: Can't bind to reserved service type 0
[  709.364999][T14571] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2339'.
[  709.374354][T14571] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2339'.
[  709.439606][ T2146] Process accounting resumed
[  709.722618][    T9] usb 6-1: new low-speed USB device number 35 using dummy_hcd
[  709.911524][    T9] usb 6-1: device descriptor read/64, error -71
[  710.356764][T14580] input: syz0 as /devices/virtual/input/input39
[  710.549704][    T9] usb 6-1: new low-speed USB device number 36 using dummy_hcd
[  710.596443][T14588] x_tables: duplicate underflow at hook 2
[  711.131547][    T9] usb 6-1: device descriptor read/64, error -71
[  711.241932][    T9] usb usb6-port1: attempt power cycle
[  711.347401][   T30] audit: type=1400 audit(1753283991.934:2691): avc:  denied  { getopt } for  pid=14599 comm="syz.1.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  711.606229][    T9] usb 6-1: new low-speed USB device number 37 using dummy_hcd
[  711.769164][    T9] usb 6-1: device descriptor read/8, error -71
[  711.871702][ T5910] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  712.131038][ T5910] usb 3-1: Using ep0 maxpacket: 32
[  712.160689][   T30] audit: type=1400 audit(1753283992.144:2692): avc:  denied  { map } for  pid=14599 comm="syz.1.2349" path="/dev/video3" dev="devtmpfs" ino=934 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  712.201684][ T5910] usb 3-1: config 0 has an invalid interface number: 149 but max is 0
[  712.213252][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  712.230641][ T5910] usb 3-1: config 0 has no interface number 0
[  712.241997][ T5910] usb 3-1: config 0 interface 149 has no altsetting 0
[  712.256103][ T5910] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea71, bcdDevice=7f.f1
[  712.299392][ T5910] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.358375][ T5910] usb 3-1: Product: syz
[  712.363249][ T5910] usb 3-1: Manufacturer: syz
[  712.398769][ T5910] usb 3-1: SerialNumber: syz
[  712.547882][ T5910] usb 3-1: config 0 descriptor??
[  712.583644][ T5910] cp210x 3-1:0.149: cp210x converter detected
[  712.789977][ T5910] usb 3-1: cp210x converter now attached to ttyUSB0
[  713.284480][T14623] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2358'.
[  713.963541][T14650] netlink: 'syz.3.2367': attribute type 13 has an invalid length.
[  714.095370][T14654] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  714.444807][T14657] netlink: 'syz.6.2369': attribute type 33 has an invalid length.
[  714.452811][T14657] netlink: 152 bytes leftover after parsing attributes in process `syz.6.2369'.
[  714.468396][T14657] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2369'.
[  714.697390][ T5910] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  715.013541][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  715.036047][    T9] usb 3-1: USB disconnect, device number 33
[  715.045406][ T5910] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  715.076032][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  715.100038][ T5910] usb 4-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  715.114669][    T9] cp210x 3-1:0.149: device disconnected
[  715.127454][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.145064][ T5910] usb 4-1: config 0 descriptor??
[  715.208173][T14675] FAULT_INJECTION: forcing a failure.
[  715.208173][T14675] name failslab, interval 1, probability 0, space 0, times 0
[  715.221771][T14675] CPU: 0 UID: 0 PID: 14675 Comm: syz.6.2376 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  715.221793][T14675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  715.221802][T14675] Call Trace:
[  715.221806][T14675]  <TASK>
[  715.221815][T14675]  dump_stack_lvl+0x16c/0x1f0
[  715.221844][T14675]  should_fail_ex+0x512/0x640
[  715.221868][T14675]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  715.221892][T14675]  should_failslab+0xc2/0x120
[  715.221906][T14675]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  715.221928][T14675]  ? mas_alloc_nodes+0x18b/0x8b0
[  715.221951][T14675]  mas_alloc_nodes+0x18b/0x8b0
[  715.221976][T14675]  mas_node_count_gfp+0x105/0x130
[  715.221998][T14675]  mas_preallocate+0x7e0/0xde0
[  715.222012][T14675]  ? __memcg_slab_post_alloc_hook+0x3f2/0x960
[  715.222032][T14675]  ? __pfx_mas_preallocate+0x10/0x10
[  715.222056][T14675]  ? anon_vma_name+0x75/0x100
[  715.222075][T14675]  __split_vma+0x34a/0x1070
[  715.222099][T14675]  ? __pfx___split_vma+0x10/0x10
[  715.222116][T14675]  ? mas_next_slot+0x12d3/0x21b0
[  715.222144][T14675]  vms_gather_munmap_vmas+0x392/0x1310
[  715.222168][T14675]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  715.222191][T14675]  ? mas_walk+0x6a6/0x910
[  715.222220][T14675]  __mmap_region+0x3c7/0x25e0
[  715.222244][T14675]  ? __pfx___mmap_region+0x10/0x10
[  715.222273][T14675]  ? __lock_acquire+0x622/0x1c90
[  715.222290][T14675]  ? kernel_text_address+0x8d/0x100
[  715.222310][T14675]  ? __kernel_text_address+0xd/0x40
[  715.222331][T14675]  ? find_held_lock+0x2b/0x80
[  715.222349][T14675]  ? avc_has_perm_noaudit+0x117/0x3b0
[  715.222399][T14675]  ? mm_get_unmapped_area+0x95/0xe0
[  715.222422][T14675]  mmap_region+0x1ab/0x3f0
[  715.222442][T14675]  ? __get_unmapped_area+0x267/0x440
[  715.222461][T14675]  do_mmap+0xa3e/0x1210
[  715.222481][T14675]  ? __pfx_do_mmap+0x10/0x10
[  715.222497][T14675]  ? __pfx_down_write_killable+0x10/0x10
[  715.222518][T14675]  vm_mmap_pgoff+0x281/0x450
[  715.222537][T14675]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  715.222556][T14675]  ? __fget_files+0x20e/0x3c0
[  715.222573][T14675]  ksys_mmap_pgoff+0x32c/0x5c0
[  715.222588][T14675]  ? __pfx_ksys_write+0x10/0x10
[  715.222611][T14675]  __x64_sys_mmap+0x125/0x190
[  715.222635][T14675]  do_syscall_64+0xcd/0x4c0
[  715.222651][T14675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.222665][T14675] RIP: 0033:0x7f5748d8e9a9
[  715.222677][T14675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.222690][T14675] RSP: 002b:00007f5749b59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  715.222704][T14675] RAX: ffffffffffffffda RBX: 00007f5748fb5fa0 RCX: 00007f5748d8e9a9
[  715.222713][T14675] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  715.222722][T14675] RBP: 00007f5749b59090 R08: 0000000000000004 R09: 0000000000000000
[  715.222730][T14675] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  715.222739][T14675] R13: 0000000000000000 R14: 00007f5748fb5fa0 R15: 00007ffc6b244bf8
[  715.222758][T14675]  </TASK>
[  715.517751][    C0] vkms_vblank_simulate: vblank timer overrun
[  715.711739][    T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  715.934714][    T9] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  715.991312][ T5910] hid-led 0003:1D34:0004.001D: unknown main item tag 0x0
[  716.005788][T14680] loop6: detected capacity change from 0 to 524287487
[  716.013143][T14680] buffer_io_error: 24 callbacks suppressed
[  716.013157][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.027724][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.036171][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.044372][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.046639][    T9] usb 3-1: config 0 descriptor??
[  716.053866][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.053964][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054051][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054155][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054230][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054285][T14680] ldm_validate_partition_table(): Disk read failed.
[  716.054359][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054432][T14680] Buffer I/O error on dev loop6, logical block 0, async page read
[  716.054611][T14680] Dev loop6: unable to read RDB block 0
[  716.054972][T14680]  loop6: unable to read partition table
[  716.055140][T14680] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  716.177504][ T5910] hid-led 0003:1D34:0004.001D: probe with driver hid-led failed with error -71
[  716.193093][ T5910] usb 4-1: USB disconnect, device number 37
[  716.219175][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  716.227133][T14674] uprobe: syz.6.2376:14674 failed to unregister, leaking uprobe
[  716.442573][    T9] gspca_cpia1: usb_control_msg 05, error -71
[  716.460219][    T9] gspca_cpia1: usb_control_msg 01, error -71
[  716.472951][    T9] cpia1 3-1:0.0: only firmware version 1 is supported (got: 0)
[  716.541896][    T9] usb 3-1: USB disconnect, device number 34
[  716.910076][T14692] uprobe: syz.5.2379:14692 failed to unregister, leaking uprobe
[  717.338723][T14708] input: syz1 as /devices/virtual/input/input40
[  717.855313][T14714] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT
[  717.873544][T14714] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2384'.
[  717.971625][   T24] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  718.217103][   T24] usb 4-1: Using ep0 maxpacket: 8
[  718.302929][   T24] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[  718.329899][   T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  718.346288][   T24] usb 4-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  718.561577][ T2146] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  718.966824][   T24] usb 4-1: Product: syz
[  718.971578][   T24] usb 4-1: Manufacturer: syz
[  718.976260][   T24] usb 4-1: SerialNumber: syz
[  718.983959][   T24] usb 4-1: config 0 descriptor??
[  719.009835][   T24] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  719.224021][ T2146] usb 2-1: device descriptor read/64, error -71
[  719.380716][T14738] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  719.826596][   T24] gspca_zc3xx: reg_w_i err -71
[  719.835479][T14741] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2391'.
[  719.975719][ T2146] usb 2-1: new full-speed USB device number 27 using dummy_hcd
[  720.124843][T14746] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2393'.
[  720.173358][ T2146] usb 2-1: device descriptor read/64, error -71
[  720.337396][ T2146] usb usb2-port1: attempt power cycle
[  720.423330][   T24] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  720.429736][   T24] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  720.588293][T14756] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2395'.
[  720.791702][ T2146] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  720.837787][T14758] netlink: 'syz.3.2396': attribute type 4 has an invalid length.
[  720.845731][T14758] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2396'.
[  720.861637][T14758] : renamed from bond0
[  721.097507][   T24] usb 4-1: USB disconnect, device number 38
[  721.156874][ T2146] usb 2-1: device descriptor read/8, error -71
[  721.440069][T14767] dummy0 speed is unknown, defaulting to 1000
[  721.526660][T14767] lo speed is unknown, defaulting to 1000
[  721.558369][   T30] audit: type=1400 audit(1753284002.124:2693): avc:  denied  { getopt } for  pid=14769 comm="syz.3.2402" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  721.655431][ T2146] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  721.755120][ T5910] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  721.802832][ T2146] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  721.815772][ T2146] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  721.825412][ T2146] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  721.840617][ T5841] Bluetooth: hci4: unexpected event for opcode 0x1005
[  722.327784][ T2146] usb 2-1: config 0 descriptor??
[  722.421255][ T5910] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  722.539215][ T5910] usb 3-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  722.555086][ T5910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  722.570596][ T5910] gspca_main: stv0680-2.14.0 probing 041e:4007
[  722.778033][ T2146] keytouch 0003:0926:3333.001E: fixing up Keytouch IEC report descriptor
[  722.852776][ T2146] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001E/input/input41
[  722.992515][ T5944] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  723.173348][ T2146] keytouch 0003:0926:3333.001E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  723.261521][ T5944] usb 7-1: Using ep0 maxpacket: 8
[  723.359069][T14791] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2408'.
[  723.631778][ T5944] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 13
[  723.649444][ T5910] stv0680 3-1:4.0: STV(e): camera ping failed!!
[  723.658423][ T5944] usb 7-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  723.668065][ T5944] usb 7-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[  723.677505][ T5944] usb 7-1: Product: syz
[  723.683968][ T5944] usb 7-1: Manufacturer: syz
[  723.688637][ T5944] usb 7-1: SerialNumber: syz
[  723.698336][ T5944] usb 7-1: config 0 descriptor??
[  723.706507][ T5944] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  723.941550][ T5883] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  724.161691][ T5910] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -110
[  724.170537][ T5910] stv0680 3-1:4.0: last error: 44,  command = 0x6e
[  724.228135][ T5944] gspca_zc3xx: reg_w_i err -71
[  725.191820][   T30] audit: type=1400 audit(1753284004.484:2694): avc:  denied  { write } for  pid=14766 comm="syz.1.2401" path="socket:[41766]" dev="sockfs" ino=41766 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  725.249633][ T5910] usb 2-1: USB disconnect, device number 29
[  725.331805][ T5883] usb 6-1: config 0 has no interfaces?
[  725.337473][ T5883] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  725.361128][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  725.389085][    T9] usb 3-1: USB disconnect, device number 35
[  725.460953][ T5883] usb 6-1: config 0 descriptor??
[  725.691659][   T24] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  725.781541][ T5944] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  726.087617][ T2146] usb 6-1: USB disconnect, device number 39
[  726.101619][ T5944] gspca_zc3xx 7-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  726.157507][ T5944] usb 7-1: USB disconnect, device number 13
[  726.162490][   T24] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  726.235828][   T24] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  726.260054][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  726.297862][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  726.336963][T14821] overlayfs: missing 'lowerdir'
[  726.535771][T14818] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12)
[  726.542413][T14818] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  726.550465][T14818] vhci_hcd vhci_hcd.0: Device attached
[  726.821606][ T5944] usb 37-1: new high-speed USB device number 2 using vhci_hcd
[  727.105934][T14825] vhci_hcd: connection reset by peer
[  727.113135][T14498] vhci_hcd: stop threads
[  727.170385][T14498] vhci_hcd: release socket
[  727.227823][T14498] vhci_hcd: disconnect device
[  727.638082][   T24] stv0680 4-1:4.0: STV(e): camera ping failed!!
[  727.724001][T14833] dummy0: entered promiscuous mode
[  727.746719][T14833] dummy0: left promiscuous mode
[  727.853375][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  727.864849][T14837] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2420'.
[  727.958267][   T24] stv0680 4-1:4.0: last error: 0,  command = 0x0
[  728.103796][   T24] usb 4-1: USB disconnect, device number 39
[  728.939862][T14845] syz.6.2423: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  728.956965][T14845] CPU: 0 UID: 0 PID: 14845 Comm: syz.6.2423 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  728.956992][T14845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  728.957003][T14845] Call Trace:
[  728.957009][T14845]  <TASK>
[  728.957017][T14845]  dump_stack_lvl+0x16c/0x1f0
[  728.957052][T14845]  warn_alloc+0x248/0x3a0
[  728.957083][T14845]  ? __pfx_warn_alloc+0x10/0x10
[  728.957110][T14845]  ? __pfx_stack_trace_save+0x10/0x10
[  728.957136][T14845]  ? stack_depot_save_flags+0x28/0xa40
[  728.957172][T14845]  ? kasan_save_stack+0x42/0x60
[  728.957198][T14845]  ? kasan_save_stack+0x33/0x60
[  728.957231][T14845]  ? kasan_save_track+0x14/0x30
[  728.957258][T14845]  ? xskq_create+0x52/0x1d0
[  728.957282][T14845]  ? xsk_setsockopt+0x640/0x840
[  728.957305][T14845]  ? do_sock_setsockopt+0xf3/0x1d0
[  728.957328][T14845]  ? xskq_create+0xfb/0x1d0
[  728.957355][T14845]  __vmalloc_node_range_noprof+0xff5/0x14b0
[  728.957389][T14845]  ? xskq_create+0xfb/0x1d0
[  728.957421][T14845]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  728.957454][T14845]  ? xskq_create+0xfb/0x1d0
[  728.957480][T14845]  vmalloc_user_noprof+0x9e/0xe0
[  728.957504][T14845]  ? xskq_create+0xfb/0x1d0
[  728.957530][T14845]  xskq_create+0xfb/0x1d0
[  728.957559][T14845]  xsk_setsockopt+0x640/0x840
[  728.957585][T14845]  ? __pfx_xsk_setsockopt+0x10/0x10
[  728.957610][T14845]  ? find_held_lock+0x2b/0x80
[  728.957638][T14845]  ? selinux_socket_setsockopt+0x6a/0x80
[  728.957667][T14845]  ? __pfx_xsk_setsockopt+0x10/0x10
[  728.957694][T14845]  do_sock_setsockopt+0xf3/0x1d0
[  728.957718][T14845]  __sys_setsockopt+0x1a0/0x230
[  728.957752][T14845]  __x64_sys_setsockopt+0xbd/0x160
[  728.957778][T14845]  ? do_syscall_64+0x91/0x4c0
[  728.957796][T14845]  ? lockdep_hardirqs_on+0x7c/0x110
[  728.957824][T14845]  do_syscall_64+0xcd/0x4c0
[  728.957842][T14845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  728.957860][T14845] RIP: 0033:0x7f5748d8e9a9
[  728.957877][T14845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  728.957895][T14845] RSP: 002b:00007f5749b38038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  728.957913][T14845] RAX: ffffffffffffffda RBX: 00007f5748fb6080 RCX: 00007f5748d8e9a9
[  728.957926][T14845] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  728.957937][T14845] RBP: 00007f5748e10d69 R08: 0000000000000004 R09: 0000000000000000
[  728.957948][T14845] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  728.957959][T14845] R13: 0000000000000000 R14: 00007f5748fb6080 R15: 00007ffc6b244bf8
[  728.957983][T14845]  </TASK>
[  729.222318][T14845] Mem-Info:
[  729.225570][T14845] active_anon:18898 inactive_anon:0 isolated_anon:0
[  729.225570][T14845]  active_file:13831 inactive_file:5390 isolated_file:0
[  729.225570][T14845]  unevictable:768 dirty:329 writeback:0
[  729.225570][T14845]  slab_reclaimable:11920 slab_unreclaimable:105760
[  729.225570][T14845]  mapped:38033 shmem:7115 pagetables:1566
[  729.225570][T14845]  sec_pagetables:0 bounce:0
[  729.225570][T14845]  kernel_misc_reclaimable:0
[  729.225570][T14845]  free:1311489 free_pcp:17858 free_cma:0
[  729.271200][T14845] Node 0 active_anon:75592kB inactive_anon:0kB active_file:55324kB inactive_file:21428kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:152132kB dirty:1316kB writeback:0kB shmem:26924kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13448kB pagetables:6152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  729.611640][T14845] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:112kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  729.631503][   T24] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  729.643259][    C0] vkms_vblank_simulate: vblank timer overrun
[  729.784635][T14851] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2424'.
[  729.799738][T14851] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2424'.
[  729.841947][T14845] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  729.920047][T14845] lowmem_reserve[]: 0 2480 2482 2482 2482
[  729.954927][T14845] Node 0 DMA32 free:1360936kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:63916kB inactive_anon:0kB active_file:55192kB inactive_file:20384kB unevictable:1536kB writepending:1316kB present:3129332kB managed:2540184kB mlocked:0kB bounce:0kB free_pcp:41688kB local_pcp:28004kB free_cma:0kB
[  729.997496][T14845] lowmem_reserve[]: 0 0 1 1 1
[  730.002727][   T24] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  730.013382][   T24] usb 6-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  730.023900][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.201503][    T9] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  730.973594][    T9] usb 3-1: config 0 has an invalid descriptor of length 44, skipping remainder of the config
[  731.016034][T14845] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:176kB inactive_anon:0kB active_file:132kB inactive_file:1044kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB
[  731.136477][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  731.194063][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50343, setting to 64
[  731.206980][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  731.337536][    T9] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  731.346639][    T9] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  731.354694][    T9] usb 3-1: Manufacturer: syz
[  731.354956][T14845] lowmem_reserve[]: 0 0 0 0 0
[  731.366817][    T9] usb 3-1: config 0 descriptor??
[  731.374466][T14857] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  731.391947][T14845] Node 1 Normal free:3890908kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:22700kB local_pcp:9100kB free_cma:0kB
[  731.423228][    C0] vkms_vblank_simulate: vblank timer overrun
[  731.460613][T14845] lowmem_reserve[]: 0 0 0 0 0
[  731.467679][T14845] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  731.485759][T14845] Node 0 DMA32: 2002*4kB (UME) 1208*8kB (UME) 279*16kB (UME) 458*32kB (UME) 143*64kB (UME) 95*128kB (ME) 48*256kB (ME) 26*512kB (UM) 31*1024kB (UM) 9*2048kB (M) 300*4096kB (M) = 1362680kB
[  731.505610][T14845] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  731.517480][T14845] Node 1 Normal: 203*4kB (UME) 66*8kB (UME) 40*16kB (UME) 73*32kB (UME) 30*64kB (UME) 7*128kB (UME) 5*256kB (UME) 5*512kB (UME) 1*1024kB (M) 2*2048kB (UE) 946*4096kB (M) = 3890908kB
[  731.537523][T14845] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  731.547902][T14845] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  731.559054][T14870] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2429'.
[  731.569286][T14845] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  731.579243][T14845] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  731.588863][T14845] 23468 total pagecache pages
[  731.593789][T14845] 0 pages in swap cache
[  731.597970][T14845] Free swap  = 124996kB
[  731.604336][T14845] Total swap = 124996kB
[  731.609482][T14845] 2097051 pages RAM
[  731.613435][T14845] 0 pages HighMem/MovableOnly
[  731.618240][T14845] 430027 pages reserved
[  731.622712][T14845] 0 pages cma reserved
[  731.948402][    T9] usb 3-1: USB disconnect, device number 36
[  731.954516][ T5944] vhci_hcd: vhci_device speed not set
[  732.283101][   T24] stv0680 6-1:4.0: STV(e): camera ping failed!!
[  732.408801][T14881] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2433'.
[  732.739104][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  732.834251][   T24] stv0680 6-1:4.0: last error: 44,  command = 0x6e
[  732.861740][   T24] usb 6-1: USB disconnect, device number 40
[  733.348917][T14896] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2438'.
[  734.351884][T14904] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2442'.
[  734.567349][T14906] netlink: 696 bytes leftover after parsing attributes in process `syz.5.2441'.
[  736.563982][T14927] binder: 14926:14927 ioctl 8903 200000000140 returned -22
[  736.754415][T14931] input: syz0 as /devices/virtual/input/input42
[  737.776004][T14943] genirq: Flags mismatch irq 4. 00200000 (pcl818) vs. 00200080 (ttyS0)
[  738.643424][T14955] bridge2: entered promiscuous mode
[  738.648711][T14955] bridge2: entered allmulticast mode
[  739.443939][T14962] Option 'f’þóeFy%*;ÝùïšË' to dns_resolver key: bad/missing value
[  739.536322][T14969] netlink: 'syz.1.2463': attribute type 13 has an invalid length.
[  740.131718][   T43] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  741.148260][T14984] input: syz0 as /devices/virtual/input/input43
[  741.578790][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  741.592268][   T43] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  741.602153][   T43] usb 2-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  741.677135][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  741.696273][   T43] usb 2-1: config 0 descriptor??
[  742.121181][   T30] audit: type=1400 audit(1753284022.704:2695): avc:  denied  { accept } for  pid=14990 comm="syz.6.2469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  742.125814][   T43] hid-led 0003:1D34:0004.001F: unknown main item tag 0x0
[  742.658977][   T43] hid-led 0003:1D34:0004.001F: probe with driver hid-led failed with error -71
[  742.680061][   T43] usb 2-1: USB disconnect, device number 30
[  742.710337][   T30] audit: type=1400 audit(1753284022.894:2696): avc:  denied  { bind } for  pid=14990 comm="syz.6.2469" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  742.872907][T14987] FAULT_INJECTION: forcing a failure.
[  742.872907][T14987] name failslab, interval 1, probability 0, space 0, times 0
[  742.954923][T14987] CPU: 0 UID: 0 PID: 14987 Comm: syz.5.2468 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  742.954957][T14987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  742.954967][T14987] Call Trace:
[  742.954972][T14987]  <TASK>
[  742.954977][T14987]  dump_stack_lvl+0x16c/0x1f0
[  742.955009][T14987]  should_fail_ex+0x512/0x640
[  742.955040][T14987]  should_failslab+0xc2/0x120
[  742.955057][T14987]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  742.955085][T14987]  ? skb_clone+0x190/0x3f0
[  742.955106][T14987]  skb_clone+0x190/0x3f0
[  742.955123][T14987]  netlink_deliver_tap+0xabd/0xd30
[  742.955148][T14987]  netlink_unicast+0x62f/0x850
[  742.955170][T14987]  ? __pfx_netlink_unicast+0x10/0x10
[  742.955197][T14987]  netlink_sendmsg+0x8d1/0xdd0
[  742.955221][T14987]  ? __pfx_netlink_sendmsg+0x10/0x10
[  742.955251][T14987]  ____sys_sendmsg+0xa95/0xc70
[  742.955272][T14987]  ? copy_msghdr_from_user+0x10a/0x160
[  742.955298][T14987]  ? __pfx_____sys_sendmsg+0x10/0x10
[  742.955331][T14987]  ___sys_sendmsg+0x134/0x1d0
[  742.955360][T14987]  ? __pfx____sys_sendmsg+0x10/0x10
[  742.955384][T14987]  ? __lock_acquire+0x622/0x1c90
[  742.955429][T14987]  __sys_sendmsg+0x16d/0x220
[  742.955446][T14987]  ? __pfx___sys_sendmsg+0x10/0x10
[  742.955479][T14987]  do_syscall_64+0xcd/0x4c0
[  742.955498][T14987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.955515][T14987] RIP: 0033:0x7ff16378e9a9
[  742.955530][T14987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.955546][T14987] RSP: 002b:00007ff1615f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  742.955563][T14987] RAX: ffffffffffffffda RBX: 00007ff1639b5fa0 RCX: 00007ff16378e9a9
[  742.955574][T14987] RDX: 0000000004000080 RSI: 00002000000002c0 RDI: 0000000000000007
[  742.955584][T14987] RBP: 00007ff1615f6090 R08: 0000000000000000 R09: 0000000000000000
[  742.955595][T14987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.955604][T14987] R13: 0000000000000000 R14: 00007ff1639b5fa0 R15: 00007ffced70e108
[  742.955627][T14987]  </TASK>
[  743.254031][T15003] binder: 15002:15003 ioctl 4018620d 0 returned -22
[  745.875103][T15036] input: syz0 as /devices/virtual/input/input44
[  746.543912][T15023] dummy0 speed is unknown, defaulting to 1000
[  746.620152][T15023] lo speed is unknown, defaulting to 1000
[  746.764878][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  747.605540][T15052] xt_CT: No such helper "snmp"
[  747.844222][T15060] 9pnet_fd: Insufficient options for proto=fd
[  747.849735][T15062] netlink: 'syz.1.2486': attribute type 13 has an invalid length.
[  747.979278][T15066] FAULT_INJECTION: forcing a failure.
[  747.979278][T15066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.992612][T15066] CPU: 1 UID: 0 PID: 15066 Comm: syz.1.2489 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  747.992636][T15066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  747.992646][T15066] Call Trace:
[  747.992652][T15066]  <TASK>
[  747.992659][T15066]  dump_stack_lvl+0x16c/0x1f0
[  747.992691][T15066]  should_fail_ex+0x512/0x640
[  747.992723][T15066]  _copy_from_user+0x2e/0xd0
[  747.992742][T15066]  get_user_ifreq+0xf1/0x250
[  747.992763][T15066]  inet_ioctl+0x37e/0x3f0
[  747.992787][T15066]  ? __pfx_inet_ioctl+0x10/0x10
[  747.992829][T15066]  ? tomoyo_path_number_perm+0x18d/0x580
[  747.992859][T15066]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  747.992881][T15066]  sock_do_ioctl+0x115/0x280
[  747.992902][T15066]  ? __pfx_sock_do_ioctl+0x10/0x10
[  747.992927][T15066]  ? ioctl_has_perm.constprop.0.isra.0+0x379/0x540
[  747.992944][T15066]  ? ioctl_has_perm.constprop.0.isra.0+0x383/0x540
[  747.992963][T15066]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  747.992985][T15066]  sock_ioctl+0x227/0x6b0
[  747.993008][T15066]  ? __pfx_sock_ioctl+0x10/0x10
[  747.993027][T15066]  ? hook_file_ioctl_common+0x145/0x410
[  747.993055][T15066]  ? selinux_file_ioctl+0x180/0x270
[  747.993071][T15066]  ? selinux_file_ioctl+0xb4/0x270
[  747.993088][T15066]  ? __pfx_sock_ioctl+0x10/0x10
[  747.993111][T15066]  __x64_sys_ioctl+0x18e/0x210
[  747.993137][T15066]  do_syscall_64+0xcd/0x4c0
[  747.993157][T15066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.993175][T15066] RIP: 0033:0x7f2b0b98e9a9
[  747.993194][T15066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.993211][T15066] RSP: 002b:00007f2b0c7be038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  747.993228][T15066] RAX: ffffffffffffffda RBX: 00007f2b0bbb5fa0 RCX: 00007f2b0b98e9a9
[  747.993239][T15066] RDX: 0000200000002280 RSI: 0000000000008914 RDI: 000000000000000a
[  747.993249][T15066] RBP: 00007f2b0c7be090 R08: 0000000000000000 R09: 0000000000000000
[  747.993259][T15066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  747.993269][T15066] R13: 0000000000000000 R14: 00007f2b0bbb5fa0 R15: 00007ffddab9cdf8
[  747.993293][T15066]  </TASK>
[  748.653609][   T24] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  749.500931][T15073] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2488'.
[  749.552839][   T24] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  749.572178][   T24] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  749.623655][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  749.668544][   T24] gspca_main: stv0680-2.14.0 probing 041e:4007
[  749.690719][T15088] netlink: 240 bytes leftover after parsing attributes in process `syz.5.2495'.
[  749.717300][T15088] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2495'.
[  750.111442][   T43] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  750.994792][   T24] stv0680 7-1:4.0: STV(e): camera ping failed!!
[  751.098916][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  751.110315][   T43] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  751.129173][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  751.317439][   T43] usb 6-1: config 0 descriptor??
[  751.359180][   T24] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  751.370269][   T24] stv0680 7-1:4.0: last error: 44,  command = 0x6e
[  751.393456][   T24] usb 7-1: USB disconnect, device number 14
[  751.999289][   T43] keytouch 0003:0926:3333.0020: fixing up Keytouch IEC report descriptor
[  752.021189][   T43] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0020/input/input45
[  752.042332][ T5944] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  752.139680][   T43] keytouch 0003:0926:3333.0020: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0
[  752.208096][ T5944] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  752.219083][T15093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  752.238543][ T5944] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  752.255065][T15093] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  752.269387][ T5944] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  752.373500][ T5944] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  752.400952][ T5944] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  752.425491][ T5944] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  752.461048][ T5944] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  752.475000][ T5944] usb 3-1: Product: syz
[  752.624684][ T5944] usb 3-1: Manufacturer: syz
[  752.634382][ T5944] cdc_wdm 3-1:1.0: skipping garbage
[  752.641699][ T5944] cdc_wdm 3-1:1.0: skipping garbage
[  752.657953][ T5944] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  752.663936][ T5944] cdc_wdm 3-1:1.0: Unknown control protocol
[  752.764757][T15114] geneve2: entered allmulticast mode
[  752.890307][    T9] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  753.007446][   T30] audit: type=1400 audit(1753284033.584:2697): avc:  denied  { read write } for  pid=15097 comm="syz.2.2499" name="cdc-wdm0" dev="devtmpfs" ino=3677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  753.036342][T14149] 
[  753.036353][T14149] ======================================================
[  753.036359][T14149] WARNING: possible circular locking dependency detected
[  753.036367][T14149] 6.16.0-rc7-syzkaller #0 Not tainted
[  753.036376][T14149] ------------------------------------------------------
[  753.036382][T14149] kworker/1:3/14149 is trying to acquire lock:
[  753.036391][T14149] ffff88801b8990b8 (&buf->lock){+.+.}-{4:4}, at: tty_buffer_flush+0x72/0x310
[  753.036433][T14149] 
[  753.036433][T14149] but task is already holding lock:
[  753.036438][T14149] ffffffff8e5b27c0 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310
[  753.036477][T14149] 
[  753.036477][T14149] which lock already depends on the new lock.
[  753.036477][T14149] 
[  753.036482][T14149] 
[  753.036482][T14149] the existing dependency chain (in reverse order) is:
[  753.036487][T14149] 
[  753.036487][T14149] -> #2 (console_lock){+.+.}-{0:0}:
[  753.036508][T14149]        console_lock+0x7a/0xa0
[  753.036528][T14149]        con_flush_chars+0x5e/0x80
[  753.036536][    C0] cdc_wdm 3-1:1.0: unknown notification 88 received: index 33991 len 12900
[  753.036552][T14149]        n_tty_write+0xc5c/0x1160
[  753.036571][T14149]        file_tty_write.constprop.0+0x501/0x9b0
[  753.036587][T14149]        vfs_write+0x6c4/0x1150
[  753.036610][T14149]        ksys_write+0x12a/0x250
[  753.036631][T14149]        do_syscall_64+0xcd/0x4c0
[  753.036646][T14149]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.036662][T14149] 
[  753.036662][T14149] -> #1 (&tty->termios_rwsem){++++}-{4:4}:
[  753.036684][T14149]        down_write+0x92/0x200
[  753.036701][T14149]        n_tty_flush_buffer+0x25/0x1b0
[  753.036719][T14149]        tty_buffer_flush+0x239/0x310
[  753.036732][T14149]        tty_ldisc_flush+0x64/0xe0
[  753.036754][T14149]        tty_port_close_start+0x337/0x540
[  753.036769][T14149]        tty_port_close+0x26/0x160
[  753.036785][T14149]        uart_close+0x7b/0x220
[  753.036804][T14149]        tty_release+0x3af/0x1430
[  753.036818][T14149]        __fput+0x3ff/0xb70
[  753.036833][T14149]        task_work_run+0x14d/0x240
[  753.036849][T14149]        exit_to_user_mode_loop+0xeb/0x110
[  753.036875][T14149]        do_syscall_64+0x3f6/0x4c0
[  753.036889][T14149]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.036905][T14149] 
[  753.036905][T14149] -> #0 (&buf->lock){+.+.}-{4:4}:
[  753.036926][T14149]        __lock_acquire+0x126f/0x1c90
[  753.036940][T14149]        lock_acquire+0x179/0x350
[  753.036957][T14149]        __mutex_lock+0x199/0xb90
[  753.036969][T14149]        tty_buffer_flush+0x72/0x310
[  753.036980][T14149]        tty_ldisc_flush+0x64/0xe0
[  753.036994][T14149]        __do_SAK+0x6de/0x880
[  753.037004][T14149]        vc_SAK+0x7f/0x310
[  753.037016][T14149]        process_one_work+0x9cf/0x1b70
[  753.037031][T14149]        worker_thread+0x6c8/0xf10
[  753.037046][T14149]        kthread+0x3c5/0x780
[  753.037059][T14149]        ret_from_fork+0x5d4/0x6f0
[  753.037081][T14149]        ret_from_fork_asm+0x1a/0x30
[  753.037098][T14149] 
[  753.037098][T14149] other info that might help us debug this:
[  753.037098][T14149] 
[  753.037103][T14149] Chain exists of:
[  753.037103][T14149]   &buf->lock --> &tty->termios_rwsem --> console_lock
[  753.037103][T14149] 
[  753.037124][T14149]  Possible unsafe locking scenario:
[  753.037124][T14149] 
[  753.037127][T14149]        CPU0                    CPU1
[  753.037130][T14149]        ----                    ----
[  753.037133][T14149]   lock(console_lock);
[  753.037140][T14149]                                lock(&tty->termios_rwsem);
[  753.037147][T14149]                                lock(console_lock);
[  753.037155][T14149]   lock(&buf->lock);
[  753.037162][T14149] 
[  753.037162][T14149]  *** DEADLOCK ***
[  753.037162][T14149] 
[  753.037164][T14149] 4 locks held by kworker/1:3/14149:
[  753.037171][T14149]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  753.037211][T14149]  #1: ffffc90003467d10 ((work_completion)(&vc_cons[currcons].SAK_work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  753.037250][T14149]  #2: ffffffff8e5b27c0 (console_lock){+.+.}-{0:0}, at: vc_SAK+0x13/0x310
[  753.037277][T14149]  #3: ffff888079de40a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_flush+0x1c/0xe0
[  753.037306][T14149] 
[  753.037306][T14149] stack backtrace:
[  753.037313][T14149] CPU: 1 UID: 0 PID: 14149 Comm: kworker/1:3 Not tainted 6.16.0-rc7-syzkaller #0 PREEMPT(full) 
[  753.037333][T14149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  753.037344][T14149] Workqueue: events vc_SAK
[  753.037363][T14149] Call Trace:
[  753.037368][T14149]  <TASK>
[  753.037374][T14149]  dump_stack_lvl+0x116/0x1f0
[  753.037398][T14149]  print_circular_bug+0x275/0x350
[  753.037414][T14149]  check_noncircular+0x14c/0x170
[  753.037432][T14149]  __lock_acquire+0x126f/0x1c90
[  753.037443][T14149]  lock_acquire+0x179/0x350
[  753.037452][T14149]  ? tty_buffer_flush+0x72/0x310
[  753.037464][T14149]  ? __pfx___might_resched+0x10/0x10
[  753.037487][T14149]  __mutex_lock+0x199/0xb90
[  753.037500][T14149]  ? tty_buffer_flush+0x72/0x310
[  753.037514][T14149]  ? add_lock_to_list+0x9d/0x130
[  753.037534][T14149]  ? tty_buffer_flush+0x72/0x310
[  753.037545][T14149]  ? __pfx___mutex_lock+0x10/0x10
[  753.037557][T14149]  ? tty_buffer_flush+0x72/0x310
[  753.037566][T14149]  tty_buffer_flush+0x72/0x310
[  753.037577][T14149]  tty_ldisc_flush+0x64/0xe0
[  753.037592][T14149]  __do_SAK+0x6de/0x880
[  753.037604][T14149]  ? mark_held_locks+0x49/0x80
[  753.037629][T14149]  vc_SAK+0x7f/0x310
[  753.037647][T14149]  process_one_work+0x9cf/0x1b70
[  753.037665][T14149]  ? __pfx_hash_ipmac6_gc+0x10/0x10
[  753.037686][T14149]  ? __pfx_process_one_work+0x10/0x10
[  753.037698][T14149]  ? assign_work+0x1a0/0x250
[  753.037708][T14149]  worker_thread+0x6c8/0xf10
[  753.037721][T14149]  ? __kthread_parkme+0x19e/0x250
[  753.037735][T14149]  ? __pfx_worker_thread+0x10/0x10
[  753.037748][T14149]  kthread+0x3c5/0x780
[  753.037763][T14149]  ? __pfx_kthread+0x10/0x10
[  753.037777][T14149]  ? rcu_is_watching+0x12/0xc0
[  753.037796][T14149]  ? __pfx_kthread+0x10/0x10
[  753.037811][T14149]  ret_from_fork+0x5d4/0x6f0
[  753.037829][T14149]  ? __pfx_kthread+0x10/0x10
[  753.037839][T14149]  ret_from_fork_asm+0x1a/0x30
[  753.037852][T14149]  </TASK>
[  753.054669][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  753.054699][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  753.054787][    T9] usb 2-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00
[  753.054830][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.075522][    T9] usb 2-1: config 0 descriptor??
[  753.094757][   T30] audit: type=1400 audit(1753284033.584:2698): avc:  denied  { open } for  pid=15097 comm="syz.2.2499" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3677 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  753.174954][T14149] tty tty1: SAK: killed process 15108 (syz.3.2503): by fd#10
[  753.175000][T14149] tty tty1: SAK: killed process 15109 (syz.3.2503): by fd#10
[  753.175015][T14149] tty tty1: SAK: killed process 15112 (syz.3.2503): by fd#10
[  753.175044][T14149] tty tty1: SAK: killed process 15114 (syz.3.2503): by fd#10
[  753.514961][    T9] hkems 0003:2006:0118.0021: unbalanced collection at end of report description
[  753.517076][    T9] hkems 0003:2006:0118.0021: parse failed
[  753.517277][    T9] hkems 0003:2006:0118.0021: probe with driver hkems failed with error -22
[  753.750138][    T9] usb 2-1: USB disconnect, device number 31
[  753.906079][ T5883] usb 3-1: USB disconnect, device number 37
[  754.301062][T14149] usb 6-1: USB disconnect, device number 41