last executing test programs:

17.462952015s ago: executing program 1 (id=2099):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161942, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0xff7ffff7)
r3 = eventfd(0x0)
tkill(0x0, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xdf)
write$binfmt_elf64(r7, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0)
close(r7)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x1000)
fchdir(0xffffffffffffffff)
open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000280)={r2, 0x2000002, 0x2, r3})
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r1, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r2})

16.833124646s ago: executing program 1 (id=2102):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000540)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000780)={0xfc78, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x20, 0x1, 0x1, 0x1}, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="401002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_usb_connect(0x1, 0x7de, &(0x7f00000007c0)={{0x12, 0x1, 0x310, 0x69, 0x5e, 0x4a, 0x10, 0x110a, 0x1150, 0x45a8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7cc, 0x3, 0xa, 0x7, 0x30, 0x81, [{{0x9, 0x4, 0x9a, 0xb, 0x9, 0xf2, 0x77, 0x38, 0xe, [@cdc_ecm={{0x6, 0x24, 0x6, 0x0, 0x0, 's'}, {0x5, 0x24, 0x0, 0x267}, {0xd, 0x24, 0xf, 0x1, 0x8, 0x1c, 0xfffd, 0x8}, [@call_mgmt={0x5, 0x24, 0x1, 0x2, 0x2}, @mdlm={0x15, 0x24, 0x12, 0x66df}]}], [{{0x9, 0x5, 0x0, 0x2, 0x10, 0x6, 0xae, 0x2, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x800}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0x8}]}}, {{0x9, 0x5, 0x0, 0x10, 0x200, 0x4, 0xff, 0x9, [@generic={0xda, 0x4, "69bf232e8003f7b2733923721f25820778c7f9f92c89b5b6842f5d57e965a14cae2a88b2824ec39d0632c5472350e2764ec85afd41b0eaeef360d47ab988731743318629841de2107edc677fdb810646296bf7f426bf723a4df95c8c9adbc4a6011acaf61545db9924729c09d37250b223dadcd0d31539317f563bcc85c6435540c0de249671cc305fefdd92406d01e113ba266c6b397e7d6ddcbcace1dd551d4f037f2e46b13ff4abd557ba9d02796077cbd28f0ddb93d4edcd0e9cc2ca9936286ca2ea0ca562524326393aee5be59b219f3298762c761e"}, @generic={0x59, 0x24, "ddac91023faa694a817bbafc8e31f860cb029246cd831c1f416c55ae5f555a0a7e9a129823bc8282427904b23b1a43ef15c7e1e821765198569d6fe6ceba181e403e9416aca695c0a6b27b5f847fc44999cf5f09da47f5"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x0, 0x8, 0x10, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x3, 0x9, 0x9}, @generic={0x59, 0x6, "16c5dbbb6401be77664d10cbc3920ad486acadca2c3dad41702a684971ec71b61c4242560c9e7f4c6055a0cb770bf1f89eabf876c7b35abc595e8dd4622361e0b21960c34f56329aa0a0e83c7fd9b98cd47d595495301b"}]}}, {{0x9, 0x5, 0x2, 0x10, 0x10, 0x69, 0x5, 0x0, [@generic={0x37, 0x0, "1c2f50b57fbe9b264a21e233f659af00dffb175e247e9285064c9707f17bb081942b082132b08e78db5e463bcd26565e2812b3ff1e"}]}}, {{0x9, 0x5, 0xf, 0x1, 0x40, 0x1, 0xa, 0xb, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x94, 0x3}, @generic={0x9e, 0xb, "d356062409c35ee54bf7a43882cd6c39554c60f17c8c376fbcc65d4a913c1d3d8c369d06211fecc2bfd786042e7eda62e2ee2a48e1c749c35e941e8f4c85719aa12a00b867cae441ac7af715f6d3ff52c132741d5bce679cc9376eff17b810e64570233ff5981d048eef2d1a76268eb38436ec60060df1530b165ba98da20daed9aad1fda13a479a7d921869f18b5c5ddd1a38903319846894e1a460"}]}}, {{0x9, 0x5, 0xd, 0x1, 0x10, 0x5, 0x4d, 0xf, [@generic={0xc, 0xf, "a3b3454ab8bc97aa0c3f"}, @generic={0x48, 0xa, "823bfa4ab2e5979542e55a1326088ebd46eaf1d49176a6d4c9099ac7743fc292a3934210d27331fa66d01164696800c2e31e0c484d95f417ccbee50a4d5bb95f23064dfb13d8"}]}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x6, 0x1, 0x4, [@generic={0x3, 0x2, "df"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x3e, 0xc, 0xf2, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x0, 0x2}]}}, {{0x9, 0x5, 0xf, 0x1, 0x0, 0xd8, 0x51, 0x6d, [@generic={0x2d, 0x21, "50e09fd39dfe098393ac2bd045c80e1678a69093b096dfd19e6a4d29d48e354464e0308176c2aeb37aef25"}]}}]}}, {{0x9, 0x4, 0x31, 0x0, 0xa, 0xbd, 0x1a, 0x21, 0x7, [@hid_hid={0x9, 0x21, 0x7, 0x2, 0x1, {0x22, 0xdc0}}], [{{0x9, 0x5, 0xd, 0x0, 0x10, 0x5, 0x9, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x3, 0x3}]}}, {{0x9, 0x5, 0xe, 0x10, 0x10, 0x6, 0x0, 0x6, [@generic={0xf, 0xe, "9971661a0d7829865ae27434fa"}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0x1}]}}, {{0x9, 0x5, 0xd, 0x4, 0x400, 0x8, 0x5, 0x0, [@generic={0xbd, 0x30, "cfc0dd520d4f0b037ffba286868fe5dd99f554582583874f9eeb550fefc904d06bc6dde613a567d3aa0ad7249355d456ad30e17f88507b3cda0e18cf5d8c24c022d754ef9100af096be350f8c9b2375fadac447cac97431d9f02c152e2c5f5ae46a63e8125d04b106ed7a61c150a22b6e8fff59af4da56435d284de9da61384f0f0e29fbfc33e1bf76bf9c755bc7a2abbbd7044bb896cce592c730e1ef55e865169be61346031bb2fa64421ee0453fa16cd5c72aaef7858b77b580"}]}}, {{0x9, 0x5, 0xc, 0x3, 0x3ff, 0x9, 0x4, 0x2, [@generic={0x89, 0x22, "35f3440c5fe2ca87d25c672f61c18a01bf856ce0ad89f8d917c540505e668f22a751665b02ef82d3724f13d9f17326265ccc9c8a6fd00688c40a78579815cf75b86bb866be259e2470058a152815beacaef63287b115860331db46d96eaadbc8ba7484fe3d9eee9c6c0a4868a738a37dd391a3f7809d6ab4d7f2171eab322dd1e49e35fdcc8d37"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x400, 0xff, 0x8, 0x3, [@generic={0x29, 0x9, "9282e41ad6b41a08ad30d5701cc8c47d60152bde19f37d4a2c878e2de83c5f56495d40aa3ade68"}]}}, {{0x9, 0x5, 0xf, 0x8, 0x8, 0x0, 0x2, 0x0, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x1}]}}, {{0x9, 0x5, 0xf, 0x3, 0x8, 0x8, 0x9, 0xfa, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xaa, 0x3}]}}, {{0x9, 0x5, 0x1, 0x13, 0x10, 0x1, 0x9, 0x4, [@generic={0x45, 0x4, "e5849b7b8fd31b0921ab1d5aaa14733db1e3b1478ca0e9af79799dad9110c6c739f65a8154dcd50210aefb0eea605b8dd1f5c8f9619f0bea982a4acd8ed7047c6bf7bd"}, @generic={0xe2, 0x31, "8d888aa946bda797adc8f8a0b7d50bf423c9e192c71a31c7a0f14e7473de1ba64356c471855774a31a7898fd048e5975606b1329aa2f795d25104bc5a3cb250e4f6adc7a45dcc812067267846fed22fdcef8427a3788b92f34308f49050bd0cf9058bce577a0728f76b24d31bf4304842b3a65d8a3ed819f4a1850476873707ad89d929c6df5186b646e824e8ec3263ffb16987839a6ebd01a906e2c408101fc7660113af5c62cd4cd00715660bbfeeb28ec79973ee38a1be9ea2db5310e5d444c4cc993fb0541878bfd62466a1dfa9d9181d1703fd93b52824d1565f327d111"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x10, 0x7, 0x8, 0x18, [@generic={0x16, 0xa, "006a345c79177cf02f3c976c30065e3be9b52734"}]}}, {{0x9, 0x5, 0xe, 0x8, 0x40, 0x6f, 0xf, 0x64, [@generic={0x48, 0x7, "a0e069783231e806e57acc89d8d6d945324b88e1003b45ec979a5fb57fb313192f5290676009a1ac11ca8931e4bc37d6d8f5ea9e1705df356e1e9a4ee16ce49fb60c383aa7b2"}]}}]}}, {{0x9, 0x4, 0x1e, 0x41, 0x2, 0xf6, 0x8d, 0xc0, 0x7f, [@hid_hid={0x9, 0x21, 0x1, 0xcb, 0x1, {0x22, 0x779}}], [{{0x9, 0x5, 0x2, 0x0, 0x8, 0x7, 0x4, 0x7, [@generic={0x1d, 0x21, "d3c67fffb07ac8333f9fcb34aa0125106637bed5ba439db9f45734"}]}}, {{0x9, 0x5, 0x9, 0x0, 0x468, 0x9a, 0xfb, 0x6, [@generic={0x63, 0x30, "002657995231ac0a1ac07b32eb968fa9897602a5d00e8742f32c06d3a2cdbc3408979ef4f34217cfd9d5ae591263801f03d9e236a9f8dcfcc1a28e827e6145db33601a3058ae7d158a2c71cc87a92ebc2e4d990416b002e4c4c794fabaf4958fce"}]}}]}}]}}]}}, &(0x7f00000001c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x300, 0x5, 0x9, 0x1, 0x20, 0x1}, 0x19, &(0x7f0000000040)={0x5, 0xf, 0x19, 0x4, [@ptm_cap={0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0xb, 0x8a, 0x5d1f, 0x40}, @ptm_cap={0x3}]}, 0x4, [{0x63, &(0x7f0000000080)=@string={0x63, 0x3, "fc37524e44e7831ebaf1cd941bf47450157c38d5105a83881b511c75c780c5f243db083428301c413a12627c09754ffcb88428e32776fe3e9839de1713f1e31d4a711c4ac839f5531b1e201e4fff4ae2a0dbd7b8cc7e889740968cff83a4e169e2"}}, {0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x1007}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x438}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x406}}]})
syz_usb_control_io$hid(r2, &(0x7f0000000440)={0x24, &(0x7f0000000280)={0x40, 0xc, 0x56, {0x56, 0x21, "174d25c870cbb559b5d31a2875d74c5e6f0761b78f95ae2da700a361aef6dabc08806f0a05a0cadb8ab27292357038a89b8f33f85cb266318487e628ef65aa12950b61678e271fd3ac4c893164003507418221b5"}}, &(0x7f0000000300)={0x0, 0x3, 0x7c, @string={0x7c, 0x3, "0800e702aa57aae4b554f3a339508f693818b42369c5a97733ca0084a4f624490291e0d1d92226529d0d53fa3856d6545558ea0aec0f4bb1241d8e03a3da2b4512d1e78db28ad8ec3c30839787291401b02f676ef52962bcc2d24941e429591b2f656dda22c23884d85defaa3dde646e881939024a550947d78e"}}, &(0x7f00000003c0)={0x0, 0x22, 0x10, {[@main=@item_012={0x1, 0x0, 0xa, 'M'}, @main=@item_012={0x1, 0x0, 0xb, "e4"}, @main=@item_4={0x3, 0x0, 0x8, "1168bc3c"}, @local=@item_012={0x0, 0x2, 0x3}, @local=@item_012={0x2, 0x2, 0x0, "af9b"}, @global=@item_012={0x1, 0x1, 0x9, 'Q'}, @local=@item_012={0x0, 0x2, 0x7}]}}, &(0x7f0000000400)={0x0, 0x21, 0x9, {0x9, 0x21, 0x2f2, 0x4, 0x1, {0x22, 0xbf6}}}}, &(0x7f0000000680)={0x2c, &(0x7f0000000fc0)={0x0, 0xe, 0xea, "2d9cdea603d23161c044e708052bc848e0bc8ee75e2931b6a2520e916465c41a6560f00036405910aaa57c36bd1550435cc194b839b86acd4b495ecea88252d224f46aab029a2d50a8312cbfab02036ef241cd949a141864ef4b6c8a068eaacd88cbba3ff2e3f09226f5563c8654997f3a4daa714a3ad80ff647161d8df4ddc5ab98edc3d9dec327e915b798bcc75761ee2705d6667a03bb79463bac5504fe81a7588cbe1284addb78e442cd1329fe6d864b8b365e21b640a73facf54a84a07d9160428a2da9f64fec110f521eed90b8f93bb7a1006bf7dd2bc3c28d127a1b4cc0007d2544a42e9a5875"}, &(0x7f0000000480)={0x0, 0xa, 0x1, 0xda}, &(0x7f00000004c0)={0x0, 0x8, 0x1, 0x82}, &(0x7f0000000600)={0x20, 0x1, 0x4a, "43d8a6c1f5752563f7a21a78b7a4db0e9a099aa79eae03e89e7c4b5ca9c40ee4c95f2ee1575829de8a6b766c36073cb123896dc1a890cbef86b7ab49dee5b3f00d4bdc309fbdd9834557"}, &(0x7f0000000500)={0x20, 0x3, 0x1, 0x9}})
ioctl$EVIOCGMASK(r1, 0x5b03, 0x0)
syz_usb_disconnect(r0)

13.762587687s ago: executing program 1 (id=2111):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/softnet_stat\x00')
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, 0x0, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
socket$netlink(0x10, 0x3, 0x15)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r1, 0x0, 0x5004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000004c0)={'syz0\x00', {0x7, 0x3, 0x1, 0x9}, 0x7, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x6, 0x5, 0x10000, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x3, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x5, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0x9, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0x5, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x9, 0x1, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x6, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0x8, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x4, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xfffffffa, 0x7, 0x9, 0x6, 0x4, 0x5, 0xa3, 0x3, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x2, 0xd21e, 0x9, 0x13, 0x0, 0x2, 0xfff, 0x6, 0x100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x7, 0x0, 0x11, 0x3, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x2, 0x10001, 0x1, 0x0, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x40, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0xffffb027, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b81000085"], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
preadv(r0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/65, 0x41}], 0x1, 0x1ef, 0x0) (fail_nth: 2)

13.349135588s ago: executing program 0 (id=2114):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
readv(r4, &(0x7f0000000800)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r5)
mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x245059, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
connect$qrtr(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
preadv(r2, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x70, 0x0, 0x400, 0xc, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1b}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

12.589858996s ago: executing program 2 (id=2115):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
clock_nanosleep(0x2, 0xfffffdfc, &(0x7f0000000080)={0x0, 0x989680}, 0x0)
r0 = gettid()
timer_create(0x2, &(0x7f0000000040)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000044000))
r1 = epoll_create1(0x0)
r2 = fcntl$dupfd(r1, 0x2, 0xffffffffffffffff)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
io_setup(0xff, &(0x7f0000000200)=<r4=>0x0)
io_submit(r4, 0x2, &(0x7f0000019500)=[0x0, &(0x7f00000194c0)={0x0, 0x0, 0x0, 0x2, 0x6d, r2, &(0x7f0000019400)="6c24a70b2eb33f3efcef371efb341c81b42c62dc5ef35158f2246c763aece08f5ef4721b15f68c2a72c73aa8ae3d5a28020c945a21acf1602d8d421b0dbd6ee72a57773370c1c7369e963f3f1b3d4e9571295549965d15cf4af4ddd625396ff6318ac59c53e0ce90ac75f3d8f8a9fb106125c3b0e253e4adc4f29ead18951b17773aba5d9f9e1fa0d2b68b6212e62b4b7de15223667f626e8c4647f244", 0x9d, 0x413b456d, 0x0, 0x1, r2}])
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x40}, 0x100)
sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="650100001b"], 0x188}}, 0x0)
epoll_create1(0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000100))
ioctl$KVM_RUN(r8, 0xae80, 0x0)

12.160953649s ago: executing program 3 (id=2116):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0xb0, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac}, 0x0, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x40, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x2b, 0x2, "6378e4330e4ea2640e2e49b2ba433a591e7d5290009f1d6677d43317ce57d5593df804f415ecb3"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xd, 0x3, "529bdcaa7665512aee"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb0}}, 0x0)

11.679593717s ago: executing program 4 (id=2117):
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000680)={'erspan0\x00', <r0=>0x0, 0x1, 0x10, 0x2, 0x100, {{0xa, 0x4, 0x1, 0x0, 0x28, 0x67, 0x0, 0xff, 0x29, 0x0, @empty, @remote, {[@generic={0x89, 0x2}, @noop, @end, @timestamp_addr={0x44, 0xc, 0x3e, 0x1, 0x3, [{@multicast1, 0x4}]}, @timestamp_addr={0x44, 0x4, 0x24}]}}}}})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="0e00000004000000040000000500000000000000", @ANYBLOB="4d3e54c5792efdaf04c99dcebaf3213fffddbd718c01f8051673ed313271477527acde1ae5738a39da04d1499db95dc22c8f4d1dc381f03a52f151743e867ff0cf005692c10bfc13bf4053d6dc45c3a7f94d3fffbace42379ebb23328e975a254abe83dc7b82fb06f65c98eb69c94e5f9d02714c76fcc63357aab2b6ca2ba535924110175c5d76510ca86ef08890ff433fa53ebe0a055e815a472767467b8be8141ab856a463e725e89479fb73b036ffac1d6634cb912ef3343f97a519df2a9444566ff3209d1710c5bc4cb2efdd3f51f249fde0531de88b71fbdee8030bcea8c8c414aeba7d", @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES64=r0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000eebc9ed700e5dbf265fe336201012e9c102bf2b533c647d74424e2cdd4b6a0b7b08511cb86883b392f1b40099bbc186f4317860cc673fed90e093e3bc25bea6d18cc83f5d049978340be8931edbfc5123b54b9e02c64b3a8705fad7ea20e52dc36704d331931e3fc34ca6d987d5db5cceef86bc338f22e026092eef6827c45c77d9ff2182cf5d5e599892b84e9a1d47d3c3eaeaaa527bcce177819afcc191aa92a"], 0x50)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r1}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x14, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x1e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r2}, 0x10)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$pptp(0x18, 0x1, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, &(0x7f0000000080)=@x86={0x7c, 0x3, 0xf5, 0x0, 0x1, 0x7e, 0xcb, 0x10, 0x2, 0x5, 0xb, 0xb, 0x0, 0x10003, 0x7, 0xff, 0x6, 0x5, 0x12, '\x00', 0x1, 0x80000001})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = syz_open_dev$vbi(&(0x7f0000002680), 0x1, 0x2)
ioctl$VIDIOC_G_PARM(r8, 0xc0cc5615, &(0x7f00000028c0)={0x7, @raw_data="aed16f177b85cc5a977e22d2b485898fac605cb781869370ba561d1a6c2387201aa9fcd8c6bd71922a0a79542efef3368ead229628d21b941ad1887f3ea8fbf80fae365c88c5bf2e2ccb2cd6f75c6819b60485d8fa2c31d3199abc0514f265e3f0d40fce52e11000894b51b9b2d4251b1b726aabb3ca7367b53d52a066a5cbf3a59817c87924157c6a34c0cb742979a27896fdb98f6ebed75e3e05c2e856350bb36739d5e63a5f3b4d506eeb722b56b02defce9212b6d161e4d7f19e40d1e65edd7f68a192452281"})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
kcmp$KCMP_EPOLL_TFD(r4, r4, 0x7, r3, &(0x7f00000003c0)={r3, r9, 0x1})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000002180)=ANY=[], 0x0, 0x2d}, 0x28)

11.649906215s ago: executing program 0 (id=2118):
connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x5, 0x0, 0x2, 0x0, 0x0, 0x100000000, 0x800, 0x0, 0xffffffff}, 0x0)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x478)
r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$AUTOFS_IOC_FAIL(r3, 0x4c80, 0x7000000)
shmget$private(0x0, 0x1000, 0x401, &(0x7f000005c000/0x1000)=nil)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340))
r4 = socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000003f01f00810000007f00000001000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000300"/28], 0x48)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000200)={0x28, 0x0, 0xffffffff, @my=0x0}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x2b, &(0x7f0000000040)=0x6, 0x4)
mount$fuse(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYRESHEX=r4, @ANYBLOB="87ebf209e067e7d9257741ddd50ecb98c9761a85befb3daefd81d85fa351bf50ee39ba40b9c2f74bfe063d656e7992c3e6ecd70257c4225076e8525dac37510b85cb60126eb16ba2e2dd429ba0a728ba01a1148bd739c34e0817dfd16892c3fc53270987341c55a044a2ac5d2bf7f32ac67c345aee2a3227bb625c57906e2f79f324f352d3f098face0ddf3e0d84487f07ea3e031327a66f572637aca1efc2180db7340f16465e0d70a6ad3c0d677787589d63d62f7e66b2d68b9e01f337adad378c9d57910e8807d320f8256281d5dc637f7856bb529d0ef4b25707812cfbc705070476d9e83ff4095ac5106997a7255776b20be38373f89d94abd0839a3e211f3183", @ANYRES16, @ANYRESHEX, @ANYBLOB="0b67726f75805642927df8fcde013b1d83fdda357606d1a039c0d81e912a39ee26868d1e31e5bbfafd00526c57577a194657612984d7aa077c17c76909011bf84bc30323eb877d450173a574b0f30045af63fcf05ff2efae1103a28eefc67faade3697513156108b26666dea6f3462e70691e53092d2d64bb40e7e9cd5c87afe941ba623adf7e5e9f264ee7d136ec30ffe2c00457935107357467d412ccb7222654e", @ANYRESDEC=r2, @ANYBLOB=',audit,\x00'])
syz_open_dev$sndctrl(&(0x7f0000000e00), 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/power/resume', 0x149a82, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x56, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000100505a1a4400000000101090244000101000000090400001602020000052406000005240000000d240f01000000000000000000090581034000000000090582020000000000090503024002"], 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0)

11.598423131s ago: executing program 3 (id=2119):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000100)=@buf)
r1 = open(&(0x7f0000000040)='./bus\x00', 0x240, 0x0)
r2 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r2, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r1], 0x2b)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000000)={'bridge0\x00', &(0x7f0000000040)=@ethtool_drvinfo={0x3, "2c9bf624d607a5a9e2843fe8ae6632d02ffd8f9dd4c5e64fc65ac033b7a87c1f", "1c1e66c29869bf688917a2ed3835dc1d9e81b84960aca558453c4565abe3dcd8", "d1157590637541abeca20b9ca73977b269091c8aca21e3a616010dc44053ec09", "0f83ee263df12a6401579dcd55e31d69df95ecfcd41b0b75ef367a2297d352fc", "eef1d2fa3c932f1f8ebfc1874010684213066050ad07a2af725a1cc11d7e0bd6", "ce579275bc602e7bd0597b59", 0xa, 0xfffffffd, 0x1c, 0x3, 0x6}})
ioctl$VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045613, &(0x7f0000000180)=0xe6)
syz_usb_connect(0x0, 0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000055bed40020000000000000003010902380002000000060904c700010e0101000300d009050a000000000000090400000101be2600090500000000000000080b"], 0x0)

10.623149524s ago: executing program 2 (id=2120):
socket$rxrpc(0x21, 0x2, 0x2)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f0000001800)=ANY=[], 0xf)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r4, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x240048c1)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r4, 0x1, 0x3e, &(0x7f0000000100)=r5, 0x4)
sendmsg$inet(r4, &(0x7f0000000040)={0x0, 0xeafbff3, &(0x7f0000000000)=[{&(0x7f0000000300)="b8", 0xfffffdef}], 0x1, 0x0, 0x0, 0x10000000}, 0x52cc)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller1\x00', 0x7101})
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xd, 0xfffffffb, 0x7ffeffff}}}}]}, 0x44}}, 0x20040084)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400dc}, 0x4000080)
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)

10.466805569s ago: executing program 4 (id=2121):
r0 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmmsg(r0, &(0x7f0000000000), 0x0, 0x0)
r1 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r2 = fsmount(r1, 0x0, 0x3)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x6000)
setresuid(0xee01, r3, r3)
r4 = openat$cgroup(r2, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000050, 0x0, 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r7 = accept(r6, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x200c80, &(0x7f0000000300)={[{@xattr}, {@noprefix}, {@name}, {@xattr}], [{@dont_hash}, {@appraise_type}, {@dont_appraise}, {@obj_type={'obj_type', 0x3d, '@).-%-(^^%.'}}, {@audit}]})
sendmmsg$alg(r7, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_clone3(&(0x7f0000000080)={0x201800000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58)

10.284032499s ago: executing program 1 (id=2122):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xfbf216bc5f0ffc40, 0x0)
mbind(&(0x7f0000670000/0x1000)=nil, 0x1000, 0x8000, 0x0, 0xec5, 0x1)
syz_emit_vhci(&(0x7f0000019200)=ANY=[@ANYBLOB="040e44117d0c004d6b870320fa349d37bb08113bd13619c1b820b0f45e16c86c7583726b2153d2b3e39f0de79dec99d0262a2ac9a7d3bcc4e161077a9ee1d5389c6323de1a3f7b"], 0x47)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x82, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r0, 0x540a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000037c0026a300fc80a72601"], 0x26c0}}, 0x4010)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_virt_wifi\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000030400000000fedbdf2500007400", @ANYRES32=r3, @ANYBLOB="00080000075005001c0012800b00010062726964676500652e3f85f1de34af0002000000"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x4000000, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000b00)=0x6)
r6 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000100)=0x9)
userfaultfd(0x802)
syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x2, 0x40000004, 0x2, 0x40001, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0xfffffffe, 0x24, 0x6a, 0x81, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e57, 0x4, 0x2000e26, 0x7, 0x1, 0x4087, 0x0, 0x4]})

9.067886524s ago: executing program 4 (id=2123):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340), 0xfbf216bc5f0ffc40, 0x0)
mbind(&(0x7f0000670000/0x1000)=nil, 0x1000, 0x8000, 0x0, 0xec5, 0x1)
syz_emit_vhci(&(0x7f0000019200)=ANY=[@ANYBLOB="040e44117d0c004d6b870320fa349d37bb08113bd13619c1b820b0f45e16c86c7583726b2153d2b3e39f0de79dec99d0262a2ac9a7d3bcc4e161077a9ee1d5389c6323de1a3f7b"], 0x47)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000003c0), 0x82, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TCXONC(r0, 0x540a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c0260000410007010000000007000000037c0026a300fc80a72601"], 0x26c0}}, 0x4010)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_virt_wifi\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000030400000000fedbdf2500007400", @ANYRES32=r3, @ANYBLOB="00080000075005001c0012800b00010062726964676500652e3f85f1de34af0002000000"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000180), 0x4000000, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r5, 0xc0045516, &(0x7f0000000b00)=0x6)
r6 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r6, 0xc0044dff, &(0x7f0000000100)=0x9)
userfaultfd(0x802)
syz_open_dev$loop(&(0x7f0000000100), 0xd79, 0x0)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, &(0x7f00000000c0)={'pcmmio\x00', [0x4f27, 0x2, 0x40000004, 0x2, 0x40001, 0x5, 0x4, 0x7, 0x54c6cff3, 0xfd, 0x2, 0x1, 0x1, 0xfffffffe, 0x24, 0x6a, 0x81, 0x7f, 0x3, 0x40000003, 0x89, 0xcaa3, 0x0, 0x20001e57, 0x4, 0x2000e26, 0x7, 0x1, 0x4087, 0x0, 0x4]})

8.93547859s ago: executing program 2 (id=2124):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = gettid()
process_vm_readv(r3, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x62}, {&(0x7f0000001200)=""/4096, 0x100a}], 0x2, &(0x7f00000011c0)=[{0xfffffffffffffffc, 0x19000}], 0x1, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xae, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0xfffffffd, 0x0, 0xfffffffc], [0x1, 0x0, 0x0, 0x20000]})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080))
close_range(r1, 0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, 0x0, &(0x7f0000000340)='./file0\x00', r0)
bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1}}, 0x18)
bind(r0, 0x0, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
r5 = accept$alg(r4, 0x0, 0x0)
accept(r5, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
r6 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xd, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0xffffff5b, &(0x7f0000000180)=[{&(0x7f0000000040)="c00e020023000b05d25a806f8c6394f90224fc6028000e000a73e300053582c137153e370248018000f01700d1bd", 0x33fe0}, {&(0x7f00000000c0)="e65966d9188ad11c012b2b38e5b00bc32907f017da962d06fe5aedef2e9220d4f9cdc48bfa555f3a02197a06246ef88735d933ca7aa32166c0f169455365b3d0e25e2384ec85eb0dc60de5f5eafcbbb7163bd36ea1cb3d8f30b0bae3ae2c434a991afb2369e33b33f11c393b88b2296923b775053bd19596e8cc6953d7984f021ac62f3315c748e2070c322aa5f7bb6f23b79d5dcf67d6d944a57f1c098fd31ced16dbee99df3587371789ac2701ee296eb48c047980d330dd39b74b"}], 0x1}, 0x0)

8.901857543s ago: executing program 1 (id=2125):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x3, &(0x7f0000000300)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0xa, 0xb1, &(0x7f0000000140)=""/177, 0x41100, 0xb, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x20, 0x4, 0x44, 0x0, 0x0, 0x1}, [@FRA_SRC={0x8, 0x2, @private=0xa010101}]}, 0x24}, 0x1, 0x0, 0x0, 0x40001}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}, 0x20, 0x0, 0x0)
clock_gettime(0x5, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB], 0x28}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x8000000004)
r7 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
bind$llc(r7, &(0x7f0000000000)={0x1a, 0x2, 0x3, 0x0, 0x3, 0xf, @broadcast}, 0x10)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2e, 0x0, "6248bc9c8095fdfb8d639d954a0649542709e9baf27860bd22292b501f2c28d45a71ec3fa8539e7223c278d70126314aca030d71da9dcb99d1d087f250685685db59cf6de9c2a0496da59a4fcf3d9ceb"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @mcast1}}, 0x0, 0x0, 0x27, 0x0, "a58fc096f80633b333145c32b45013f5547000229e90bfdd2cbb775085438751fa41b217c492169b0cb51256adc3e5baedfa65fd3c4429b247e9dc51c16f89c5a42145bb09f23ab88b0bd564fd44893a"}, 0xd8)
socket$inet_tcp(0x2, 0x1, 0x0)
writev(r6, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b0009008000", 0x2c}], 0x1)

7.491042794s ago: executing program 1 (id=2126):
writev(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$igmp(0x2, 0x3, 0x2)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f00000004c0)={0x7, 0x800000000000008a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
setrlimit(0x4, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x47a8, &(0x7f00000002c0)={0x0, 0x46b4, 0x80, 0x80000, 0x3c8}, 0x0, 0x0)
ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x20040010)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x7fff, 0x0, 0x1}}, 0x40)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
r3 = eventfd(0x0)
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000540)=""/67, 0x0, 0x4})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/231, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0x73, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000002c0)={0x1, r3})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x800000f}, 0x94)

7.472019336s ago: executing program 4 (id=2127):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, 0x0, &(0x7f0000000340)='./file0\x00', r0)
bind$can_j1939(0xffffffffffffffff, &(0x7f00000000c0)={0x1d, 0x0, 0x0, {0x0, 0x1}}, 0x18)
bind(r0, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xd, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(0x0, 0x2, 0x141101)
syz_io_uring_setup(0x239, 0x0, 0x0, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xffffff5b, &(0x7f0000000180)=[{&(0x7f0000000040)="c00e020023000b05d25a806f8c6394f90224fc6028000e000a73e300053582c137153e370248018000f01700d1bd", 0x33fe0}, {&(0x7f00000000c0)="e65966d9188ad11c012b2b38e5b00bc32907f017da962d06fe5aedef2e9220d4f9cdc48bfa555f3a02197a06246ef88735d933ca7aa32166c0f169455365b3d0e25e2384ec85eb0dc60de5f5eafcbbb7163bd36ea1cb3d8f30b0bae3ae2c434a991afb2369e33b33f11c393b88b2296923b775053bd19596e8cc6953d7984f021ac62f3315c748e2070c322aa5f7bb6f23b79d5dcf67d6d944a57f1c098fd31ced16dbee99df3587371789ac2701ee296eb48c047980d330dd39b74b"}], 0x1}, 0x0)

4.810567384s ago: executing program 2 (id=2128):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
quotactl_fd$Q_GETNEXTQUOTA(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
readv(r4, &(0x7f0000000800)=[{&(0x7f0000000340)=""/48, 0x30}], 0x1)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
r5 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r5)
mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x245059, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
connect$qrtr(0xffffffffffffffff, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
preadv(r2, &(0x7f00000026c0)=[{&(0x7f0000000240)=""/4088, 0xff8}], 0x1, 0x15f, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x1}}}]}, 0x38}}, 0x0)
sendmsg$MPTCP_PM_CMD_SUBFLOW_DESTROY(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x70, 0x0, 0x400, 0xc, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_ADDR_REMOTE={0x30, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x1}, @MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1b}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x3}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)

4.805916735s ago: executing program 3 (id=2129):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file1', [{0x20, '\t\t '}]}, 0xf)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)

4.606632684s ago: executing program 3 (id=2130):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[@ANYBLOB="e625e5e1479260f9ffff44f308060401080006040001aaaaaaaaaaaae0000002bbbb0800000000852734ab446f6b7f1d840000"], 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r2 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080)=0x80000003)
socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x44, 0x10, 0x801, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42004}, [@IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_FLAGS={0x8, 0x3, 0x19}, @IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x44}}, 0x0)
r4 = dup2(r2, r2)
read$FUSE(r4, &(0x7f00000063c0)={0x2020}, 0x2020)
syz_usb_connect(0x1, 0x2d, 0x0, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, 0x0)
socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x4000)

3.25129377s ago: executing program 4 (id=2131):
add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_register$IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000000)={0x5}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
openat$6lowpan_control(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
openat$cuse(0xffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
listen(r0, 0x9)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = epoll_create1(0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/wakeup_count', 0x141800, 0x20)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000200)={0xa000000a})
socket(0x27, 0x5, 0x10000)
finit_module(r3, 0x0, 0x3)
pipe2$watch_queue(0x0, 0x80)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)

2.759804864s ago: executing program 0 (id=2132):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi2\x00', 0x2400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000300)={'pcl812\x00', [0x8001, 0x4, 0x1, 0x0, 0x0, 0xcc7, 0x8, 0x80, 0x1, 0xff, 0x2, 0x1, 0x8, 0x20002, 0x6, 0xced8, 0x1, 0xffffffff, 0x44, 0x40000000, 0x89, 0xa, 0xf27, 0x6, 0x101, 0x8, 0x1000005, 0x6, 0x8, 0x10001, 0xfffffff4]})

2.61334225s ago: executing program 0 (id=2133):
r0 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmmsg(r0, &(0x7f0000000000), 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x3)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x6000)
setresuid(0xee01, r2, r2)
r3 = openat$cgroup(r1, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4000050, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r6 = accept(r5, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x200c80, &(0x7f0000000300)={[{@xattr}, {@noprefix}, {@name}, {@xattr}], [{@dont_hash}, {@appraise_type}, {@dont_appraise}, {@obj_type={'obj_type', 0x3d, '@).-%-(^^%.'}}, {@audit}]})
sendmmsg$alg(r6, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
syz_clone3(&(0x7f0000000080)={0x201800000, 0x0, 0x0, 0x0, {0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, {r3}}, 0x58)

2.612170986s ago: executing program 2 (id=2134):
fchdir(0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x28, r4, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1f}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x28}, 0x1, 0xff07}, 0x2000000)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r3, &(0x7f0000000200)={0x0, 0x1f, &(0x7f00000001c0)={&(0x7f00000004c0)={0x14, r4, 0x1, 0x70bd2c, 0x25dfdbfb}, 0x14}}, 0x800)

1.434522353s ago: executing program 3 (id=2135):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x1, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1}, 0x0, 0x40000000})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='xprtrdma_frwr_sgerr\x00', 0xffffffffffffffff, 0x0, 0x6}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000000), 0x2, 0x101102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x5cc}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000080)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, 0xffffffffffffffff, 0x0, r2})
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000001c0)=<r5=>0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000280)={'ip6_vti0\x00', 0x0, 0x4, 0x0, 0x3, 0x5, 0x12, @mcast2, @private0, 0x0, 0x8007, 0x100, 0x5}})
read$FUSE(0xffffffffffffffff, &(0x7f0000002d40)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80021}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[], 0x1074}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000041)
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000340)={0x800, 0x0, {r5}, {r6}, 0x5, 0x5})
io_uring_enter(r2, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r8=>0x0})
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x10040, 0x8f})
r9 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$GIO_UNIMAP(r9, 0x4b66, &(0x7f0000000000)={0xfffffc64, 0x0})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
mlock2(&(0x7f0000549000/0x1000)=nil, 0x1000, 0x0)
syz_clone(0x8800400, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r10=>0x0})
sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010000104280100"/20, @ANYRES32=r8, @ANYBLOB="0380000000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r10], 0x44}, 0x1, 0x0, 0x0, 0x240008d4}, 0x4054)

1.308147524s ago: executing program 0 (id=2136):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0xb0, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x39, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac}, 0x0, @random=0x4, 0x0, @val={0x0, 0x6, @default_ibss_ssid}, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @val={0x71, 0x7, {0x1, 0x1, 0x0, 0x1, 0x1, 0xf0, 0x8}}, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x40, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x2b, 0x2, "6378e4330e4ea2640e2e49b2ba433a591e7d5290009f1d6677d43317ce57d5593df804f415ecb3"}, @NL80211_FTM_RESP_ATTR_CIVICLOC={0xd, 0x3, "529bdcaa7665512aee"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0xb0}}, 0x0)

407.071266ms ago: executing program 2 (id=2137):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioprio_set$pid(0x2, 0x0, 0x6000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xe, &(0x7f00000001c0))
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x1, 0x34008935, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x5, 0x9, 0x8, 0x6, 0x6}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_route(0x10, 0x3, 0x0)
lsetxattr(0x0, &(0x7f0000000000)=@known='security.apparmor\x00', 0x0, 0x0, 0x1)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={0x0, 0x20, &(0x7f0000000200)={&(0x7f0000002f40)=ANY=[@ANYBLOB="40000000210a010900000000000000000a0000010900020073797a31000000000900010073797a31"], 0x40}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

380.85808ms ago: executing program 3 (id=2138):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x40008004)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000000)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f00007df000/0x4000)=nil, 0x4000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x1e15000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r4, &(0x7f0000000780)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f0000002d80)=[{{&(0x7f0000000400)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000000840)}, 0x8}, {{&(0x7f0000000900)=@alg, 0x80, &(0x7f00000009c0)=[{&(0x7f0000000980)=""/29, 0x1d}], 0x1}, 0x1}, {{&(0x7f0000000a00)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}}}, 0x80, &(0x7f0000000c40), 0x0, &(0x7f0000000b00)=""/36, 0x24}, 0x400006}, {{&(0x7f0000000cc0)=@ax25={{0x3, @netrom}, [@default, @null, @remote, @netrom, @remote, @default, @remote, @default]}, 0x80, &(0x7f0000001180)=[{&(0x7f0000000300)=""/31, 0x1f}, {&(0x7f0000000d80)=""/132, 0x84}, {&(0x7f0000000e40)=""/249, 0xf9}, {&(0x7f0000000f40)=""/131, 0x83}, {&(0x7f0000000240)=""/30, 0x1e}, {&(0x7f0000001040)}, {&(0x7f0000001600)=""/4096, 0x1000}, {&(0x7f0000001080)=""/225, 0xe1}], 0x8}, 0x80}, {{&(0x7f0000001200)=@nl=@unspec, 0x80, &(0x7f0000002700)=[{&(0x7f0000001280)=""/175, 0xaf}, {&(0x7f0000001340)=""/84, 0x54}, {&(0x7f00000013c0)=""/200, 0xc8}, {&(0x7f0000000480)=""/259, 0x103}, {&(0x7f0000000680)=""/201, 0xc9}], 0x5, &(0x7f0000002780)=""/213, 0xd5}, 0x7}, {{&(0x7f0000002880)=@ax25={{0x3, @rose}, [@rose, @null, @netrom, @bcast, @netrom, @netrom, @null]}, 0x80, &(0x7f0000002b80)=[{&(0x7f0000002900)=""/174, 0xae}, {&(0x7f00000005c0)=""/98, 0x62}, {&(0x7f0000002a40)=""/162, 0xa2}, {&(0x7f0000000800)=""/34, 0x22}, {&(0x7f0000002b00)=""/57, 0x39}], 0x5}, 0xc}, {{&(0x7f0000002c00)=@can, 0x80, &(0x7f0000002d40)=[{&(0x7f0000002c80)=""/163, 0xa3}], 0x1}, 0x7ff}], 0x7, 0x10001, 0x0)
keyctl$restrict_keyring(0x1d, 0x0, &(0x7f0000000340)='pkcs7_test\x00', &(0x7f00000003c0)='^#\xa0,\x00')
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), 0xffffffffffffffff)
r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$6lowpan_control(r6, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYRESDEC=r2], 0x50)
r7 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)

30.2381ms ago: executing program 4 (id=2139):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0xfefb, &(0x7f0000000240)=0xfffffffffffffffc)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$wireguard(&(0x7f00000003c0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)={0x498, r4, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x44c, 0x8, 0x0, 0x1, [{0x9c, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x50, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "491bc0be1dc1f88092e741a88b64f6dd9218ad21b44b472e44f1d0807ee6675c"}]}, {0x360, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x9, 0x7, @empty, 0x3}}, @WGPEER_A_ALLOWEDIPS={0x318, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x2c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}]}]}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @b}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x498}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2)
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, &(0x7f0000000000)={[{}]})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)

0s ago: executing program 0 (id=2140):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x161942, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd(0xff7ffff7)
r3 = eventfd(0x0)
tkill(0x0, 0x12)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xdf)
write$binfmt_elf64(r7, &(0x7f0000000980)=ANY=[@ANYBLOB="7f454c4600000006010000000000000003003e000000000003000000000000004000000000000000980100000000000002000000000038000200000002000000000000600300000008000000000000000d00000000000000ed08000000000000f0ffffffffffffff0000000000000000080000000000000003000000cff5ffff800300000000000001000000000000000500000000000000ff"], 0x5b0)
close(r7)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, 0x1000)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000280)={r2, 0x2000002, 0x2, r3})
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r1, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r3, 0x0, 0x2, r2})

kernel console output (not intermixed with test programs):

7.102435][T12331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  647.102441][T12331] Call Trace:
[  647.102445][T12331]  <TASK>
[  647.102450][T12331]  dump_stack_lvl+0x16c/0x1f0
[  647.102470][T12331]  should_fail_ex+0x512/0x640
[  647.102483][T12331]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  647.102501][T12331]  should_failslab+0xc2/0x120
[  647.102514][T12331]  kmem_cache_alloc_noprof+0x75/0x6e0
[  647.102530][T12331]  ? taskstats_exit+0x654/0xbe0
[  647.102545][T12331]  ? taskstats_exit+0x654/0xbe0
[  647.102557][T12331]  ? acct_update_integrals+0x2ce/0x4a0
[  647.102569][T12331]  taskstats_exit+0x654/0xbe0
[  647.102583][T12331]  ? __pfx_taskstats_exit+0x10/0x10
[  647.102597][T12331]  ? exit_signals+0x38e/0xb40
[  647.102612][T12331]  do_exit+0x5dc/0x2bf0
[  647.102630][T12331]  ? __pfx_do_exit+0x10/0x10
[  647.102645][T12331]  ? do_raw_spin_lock+0x12c/0x2b0
[  647.102657][T12331]  ? find_held_lock+0x2b/0x80
[  647.102672][T12331]  do_group_exit+0xd3/0x2a0
[  647.102688][T12331]  get_signal+0x2671/0x26d0
[  647.102706][T12331]  ? __pfx_get_signal+0x10/0x10
[  647.102720][T12331]  ? _copy_from_user+0x59/0xd0
[  647.102735][T12331]  arch_do_signal_or_restart+0x8f/0x7c0
[  647.102750][T12331]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  647.102767][T12331]  ? __pfx___x64_sys_clock_nanosleep+0x10/0x10
[  647.102785][T12331]  exit_to_user_mode_loop+0x85/0x130
[  647.102797][T12331]  do_syscall_64+0x426/0xfa0
[  647.102815][T12331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.102825][T12331] RIP: 0033:0x7fc8e078efc9
[  647.102835][T12331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.102845][T12331] RSP: 002b:00007fc8e167f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6
[  647.102855][T12331] RAX: fffffffffffffdfc RBX: 00007fc8e09e6090 RCX: 00007fc8e078efc9
[  647.102862][T12331] RDX: 0000200000000040 RSI: 0000000000000000 RDI: 0000000000000002
[  647.102869][T12331] RBP: 00007fc8e167f090 R08: 0000000000000000 R09: 0000000000000000
[  647.102875][T12331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.102881][T12331] R13: 00007fc8e09e6128 R14: 00007fc8e09e6090 R15: 00007ffdca6389c8
[  647.102895][T12331]  </TASK>
[  647.170147][T12334] FAULT_INJECTION: forcing a failure.
[  647.170147][T12334] name failslab, interval 1, probability 0, space 0, times 0
[  647.172671][    C1] vkms_vblank_simulate: vblank timer overrun
[  647.352157][T12334] CPU: 0 UID: 0 PID: 12334 Comm: syz.3.1748 Not tainted syzkaller #0 PREEMPT(full) 
[  647.352173][T12334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  647.352180][T12334] Call Trace:
[  647.352185][T12334]  <TASK>
[  647.352190][T12334]  dump_stack_lvl+0x16c/0x1f0
[  647.352210][T12334]  should_fail_ex+0x512/0x640
[  647.352223][T12334]  ? __kmalloc_cache_node_noprof+0x62/0x7a0
[  647.352236][T12334]  should_failslab+0xc2/0x120
[  647.352250][T12334]  __kmalloc_cache_node_noprof+0x75/0x7a0
[  647.352260][T12334]  ? __get_vm_area_node+0x101/0x330
[  647.352272][T12334]  ? up_write+0x1b2/0x520
[  647.352286][T12334]  ? __get_vm_area_node+0x101/0x330
[  647.352297][T12334]  __get_vm_area_node+0x101/0x330
[  647.352311][T12334]  __vmalloc_node_range_noprof+0x271/0x1480
[  647.352325][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.352339][T12334]  ? find_held_lock+0x2b/0x80
[  647.352375][T12334]  ? avc_has_perm_noaudit+0x117/0x3b0
[  647.352391][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.352406][T12334]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  647.352423][T12334]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  647.352449][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.352468][T12334]  __vmalloc_node_noprof+0xad/0xf0
[  647.352483][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.352496][T12334]  bpf_prog_alloc_no_stats+0x58/0x610
[  647.352508][T12334]  ? security_capable+0x7e/0x260
[  647.352525][T12334]  bpf_prog_alloc+0x3b/0x230
[  647.352536][T12334]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  647.352551][T12334]  bpf_prog_load+0x1c28/0x2850
[  647.352569][T12334]  ? __pfx_bpf_prog_load+0x10/0x10
[  647.352586][T12334]  ? avc_has_perm_noaudit+0x149/0x3b0
[  647.352603][T12334]  ? avc_has_perm+0x144/0x1f0
[  647.352624][T12334]  ? selinux_bpf+0xde/0x130
[  647.352638][T12334]  ? bpf_lsm_bpf+0x9/0x10
[  647.352650][T12334]  __sys_bpf+0x3e72/0x4980
[  647.352668][T12334]  ? __pfx___sys_bpf+0x10/0x10
[  647.352684][T12334]  ? find_held_lock+0x2b/0x80
[  647.352699][T12334]  ? find_held_lock+0x2b/0x80
[  647.352715][T12334]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  647.352733][T12334]  ? fput+0x9b/0xd0
[  647.352746][T12334]  ? ksys_write+0x1ac/0x250
[  647.352756][T12334]  ? __pfx_ksys_write+0x10/0x10
[  647.352768][T12334]  __x64_sys_bpf+0x78/0xc0
[  647.352784][T12334]  ? lockdep_hardirqs_on+0x7c/0x110
[  647.352799][T12334]  do_syscall_64+0xcd/0xfa0
[  647.352817][T12334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.352828][T12334] RIP: 0033:0x7f1c2978efc9
[  647.352838][T12334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.352848][T12334] RSP: 002b:00007f1c279f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  647.352858][T12334] RAX: ffffffffffffffda RBX: 00007f1c299e6180 RCX: 00007f1c2978efc9
[  647.352865][T12334] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  647.352871][T12334] RBP: 00007f1c279f6090 R08: 0000000000000000 R09: 0000000000000000
[  647.352878][T12334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.352884][T12334] R13: 00007f1c299e6218 R14: 00007f1c299e6180 R15: 00007ffd3751a488
[  647.352897][T12334]  </TASK>
[  647.352904][T12334] syz.3.1748: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  647.677352][T12334] CPU: 0 UID: 0 PID: 12334 Comm: syz.3.1748 Not tainted syzkaller #0 PREEMPT(full) 
[  647.677366][T12334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  647.677373][T12334] Call Trace:
[  647.677378][T12334]  <TASK>
[  647.677383][T12334]  dump_stack_lvl+0x16c/0x1f0
[  647.677403][T12334]  warn_alloc+0x248/0x3a0
[  647.677420][T12334]  ? __pfx_warn_alloc+0x10/0x10
[  647.677435][T12334]  ? rcu_is_watching+0x12/0xc0
[  647.677449][T12334]  ? trace_kmalloc+0x2b/0xd0
[  647.677460][T12334]  ? __get_vm_area_node+0x101/0x330
[  647.677472][T12334]  ? up_write+0x1b2/0x520
[  647.677485][T12334]  ? __kasan_kmalloc+0x8a/0xb0
[  647.677496][T12334]  ? __get_vm_area_node+0x208/0x330
[  647.677511][T12334]  __vmalloc_node_range_noprof+0xaf5/0x1480
[  647.677526][T12334]  ? find_held_lock+0x2b/0x80
[  647.677540][T12334]  ? avc_has_perm_noaudit+0x117/0x3b0
[  647.677557][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.677573][T12334]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  647.677587][T12334]  ? __pfx_cred_has_capability.isra.0+0x10/0x10
[  647.677603][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.677615][T12334]  __vmalloc_node_noprof+0xad/0xf0
[  647.677632][T12334]  ? bpf_prog_alloc_no_stats+0x58/0x610
[  647.677646][T12334]  bpf_prog_alloc_no_stats+0x58/0x610
[  647.677658][T12334]  ? security_capable+0x7e/0x260
[  647.677676][T12334]  bpf_prog_alloc+0x3b/0x230
[  647.677687][T12334]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  647.677701][T12334]  bpf_prog_load+0x1c28/0x2850
[  647.677720][T12334]  ? __pfx_bpf_prog_load+0x10/0x10
[  647.677737][T12334]  ? avc_has_perm_noaudit+0x149/0x3b0
[  647.677753][T12334]  ? avc_has_perm+0x144/0x1f0
[  647.677773][T12334]  ? selinux_bpf+0xde/0x130
[  647.677787][T12334]  ? bpf_lsm_bpf+0x9/0x10
[  647.677800][T12334]  __sys_bpf+0x3e72/0x4980
[  647.677818][T12334]  ? __pfx___sys_bpf+0x10/0x10
[  647.677833][T12334]  ? find_held_lock+0x2b/0x80
[  647.677848][T12334]  ? find_held_lock+0x2b/0x80
[  647.677865][T12334]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  647.677883][T12334]  ? fput+0x9b/0xd0
[  647.677896][T12334]  ? ksys_write+0x1ac/0x250
[  647.677905][T12334]  ? __pfx_ksys_write+0x10/0x10
[  647.677917][T12334]  __x64_sys_bpf+0x78/0xc0
[  647.677933][T12334]  ? lockdep_hardirqs_on+0x7c/0x110
[  647.677949][T12334]  do_syscall_64+0xcd/0xfa0
[  647.677966][T12334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  647.677977][T12334] RIP: 0033:0x7f1c2978efc9
[  647.677987][T12334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  647.677997][T12334] RSP: 002b:00007f1c279f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  647.678007][T12334] RAX: ffffffffffffffda RBX: 00007f1c299e6180 RCX: 00007f1c2978efc9
[  647.678013][T12334] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005
[  647.678020][T12334] RBP: 00007f1c279f6090 R08: 0000000000000000 R09: 0000000000000000
[  647.678025][T12334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.678032][T12334] R13: 00007f1c299e6218 R14: 00007f1c299e6180 R15: 00007ffd3751a488
[  647.678046][T12334]  </TASK>
[  647.678049][T12334] Mem-Info:
[  647.980949][T12334] active_anon:34284 inactive_anon:0 isolated_anon:0
[  647.980949][T12334]  active_file:12230 inactive_file:51082 isolated_file:0
[  647.980949][T12334]  unevictable:768 dirty:300 writeback:13
[  647.980949][T12334]  slab_reclaimable:11993 slab_unreclaimable:101663
[  647.980949][T12334]  mapped:40502 shmem:22499 pagetables:1363
[  647.980949][T12334]  sec_pagetables:0 bounce:0
[  647.980949][T12334]  kernel_misc_reclaimable:0
[  647.980949][T12334]  free:1265307 free_pcp:16792 free_cma:0
[  648.026689][T12334] Node 0 active_anon:137136kB inactive_anon:0kB active_file:48920kB inactive_file:204128kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:162008kB dirty:1200kB writeback:52kB shmem:88460kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12340kB pagetables:5332kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  648.058757][T12334] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:120kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  648.088533][T12334] Node 0 DMA free:15328kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB
[  648.137236][T12334] lowmem_reserve[]: 0 2485 2487 2487 2487
[  648.143021][T12334] Node 0 DMA32 free:1154896kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:137460kB inactive_anon:0kB active_file:48920kB inactive_file:204128kB unevictable:1536kB writepending:1168kB zspages:0kB present:3129332kB managed:2544868kB mlocked:0kB bounce:0kB free_pcp:50924kB local_pcp:19996kB free_cma:0kB
[  648.176722][T12334] lowmem_reserve[]: 0 0 1 1 1
[  648.213809][T12334] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  648.243588][T12334] lowmem_reserve[]: 0 0 0 0 0
[  648.248331][T12334] Node 1 Normal free:3890940kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:15984kB local_pcp:9248kB free_cma:0kB
[  648.280524][T12334] lowmem_reserve[]: 0 0 0 0 0
[  648.285221][T12334] Node 0 DMA: 0*4kB 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15328kB
[  648.299261][T12334] Node 0 DMA32: 14*4kB (UE) 391*8kB (UM) 218*16kB (UME) 546*32kB (UM) 169*64kB (UE) 30*128kB (UME) 30*256kB (UME) 5*512kB (UME) 22*1024kB (UM) 15*2048kB (UME) 257*4096kB (UM) = 1154960kB
[  648.317695][T12334] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  648.329214][T12334] Node 1 Normal: 231*4kB (UME) 56*8kB (UME) 48*16kB (UME) 159*32kB (UME) 53*64kB (UME) 11*128kB (UME) 8*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (M) = 3890940kB
[  648.347482][T12334] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  648.357014][T12334] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  648.366289][T12334] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  648.375825][T12334] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  648.385091][T12334] 85807 total pagecache pages
[  648.389792][T12334] 0 pages in swap cache
[  648.393922][T12334] Free swap  = 124996kB
[  648.398073][T12334] Total swap = 124996kB
[  648.402313][T12334] 2097051 pages RAM
[  648.406104][T12334] 0 pages HighMem/MovableOnly
[  648.410775][T12334] 428744 pages reserved
[  648.414908][T12334] 0 pages cma reserved
[  649.164140][   T42] usb 1-1: USB disconnect, device number 39
[  649.697487][ T5927] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  650.017501][ T5927] usb 3-1: Using ep0 maxpacket: 16
[  650.057500][ T5927] usb 3-1: config 5 has an invalid interface number: 168 but max is 0
[  650.617332][ T5927] usb 3-1: config 5 has no interface number 0
[  650.628957][ T5927] usb 3-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B
[  650.680001][ T5927] usb 3-1: config 5 interface 168 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 1024
[  650.775953][ T5927] usb 3-1: config 5 interface 168 altsetting 7 has an endpoint descriptor with address 0x23, changing to 0x3
[  650.787842][ T5927] usb 3-1: config 5 interface 168 altsetting 7 endpoint 0x3 has invalid wMaxPacketSize 0
[  650.805233][ T5927] usb 3-1: config 5 interface 168 altsetting 7 bulk endpoint 0x3 has invalid maxpacket 0
[  650.932291][ T5927] usb 3-1: config 5 interface 168 has no altsetting 0
[  651.407270][ T5927] usb 3-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58
[  651.416344][ T5927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.432180][ T5927] usb 3-1: Product: syz
[  651.437925][ T5927] usb 3-1: Manufacturer: syz
[  651.447302][ T5927] usb 3-1: SerialNumber: syz
[  651.606425][T12358] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1757'.
[  652.419635][ T5927] usb 3-1: can't set config #5, error -71
[  652.447496][ T5927] usb 3-1: USB disconnect, device number 38
[  653.197213][   T42] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  653.264167][T12384] overlayfs: missing 'lowerdir'
[  653.347201][   T42] usb 3-1: Using ep0 maxpacket: 16
[  653.359650][   T42] usb 3-1: config 0 has an invalid interface number: 2 but max is 0
[  653.368549][   T42] usb 3-1: config 0 has no interface number 0
[  653.387699][   T42] usb 3-1: config 0 interface 2 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  653.526260][   T42] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice=19.02
[  653.547375][   T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.555601][   T42] usb 3-1: Product: syz
[  653.559855][   T42] usb 3-1: Manufacturer: syz
[  653.565437][   T42] usb 3-1: SerialNumber: syz
[  653.576312][   T42] usb 3-1: config 0 descriptor??
[  653.591575][   T42] appletouch 3-1:0.2: Could not find int-in endpoint
[  653.608428][   T42] appletouch 3-1:0.2: probe with driver appletouch failed with error -5
[  653.628826][   T42] usbhid 3-1:0.2: couldn't find an input interrupt endpoint
[  653.687453][ T5870] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  653.948894][   T42] usb 3-1: USB disconnect, device number 39
[  653.982561][T12396] overlayfs: failed to resolve './file1': -2
[  654.120472][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  654.385007][T12403] overlayfs: overlapping lowerdir path
[  654.658217][ T5870] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  654.792196][ T5870] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  654.833135][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  654.971101][ T5877] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  655.027830][ T5870] usb 4-1: SerialNumber: syz
[  655.238029][T12413] binder: 12410:12413 ioctl 0 200000000040 returned -22
[  655.248038][T12413] FAULT_INJECTION: forcing a failure.
[  655.248038][T12413] name failslab, interval 1, probability 0, space 0, times 0
[  655.260706][T12413] CPU: 1 UID: 0 PID: 12413 Comm: syz.2.1772 Not tainted syzkaller #0 PREEMPT(full) 
[  655.260730][T12413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  655.260741][T12413] Call Trace:
[  655.260749][T12413]  <TASK>
[  655.260756][T12413]  dump_stack_lvl+0x16c/0x1f0
[  655.260788][T12413]  should_fail_ex+0x512/0x640
[  655.260808][T12413]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  655.260839][T12413]  should_failslab+0xc2/0x120
[  655.260861][T12413]  kmem_cache_alloc_node_noprof+0x78/0x770
[  655.260887][T12413]  ? __alloc_skb+0x2b2/0x380
[  655.260914][T12413]  ? __alloc_skb+0x2b2/0x380
[  655.260933][T12413]  __alloc_skb+0x2b2/0x380
[  655.260954][T12413]  ? __pfx___alloc_skb+0x10/0x10
[  655.260974][T12413]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  655.261006][T12413]  pfkey_sendmsg+0x165/0x850
[  655.261040][T12413]  ____sys_sendmsg+0xa98/0xc70
[  655.261059][T12413]  ? copy_msghdr_from_user+0x10a/0x160
[  655.261082][T12413]  ? __pfx_____sys_sendmsg+0x10/0x10
[  655.261103][T12413]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  655.261128][T12413]  ? lockdep_hardirqs_on+0x7c/0x110
[  655.261154][T12413]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  655.261183][T12413]  ___sys_sendmsg+0x134/0x1d0
[  655.261209][T12413]  ? __pfx____sys_sendmsg+0x10/0x10
[  655.261230][T12413]  ? __lock_acquire+0x622/0x1c90
[  655.261309][T12413]  __sys_sendmsg+0x16d/0x220
[  655.261331][T12413]  ? __pfx___sys_sendmsg+0x10/0x10
[  655.261368][T12413]  do_syscall_64+0xcd/0xfa0
[  655.261396][T12413]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  655.261414][T12413] RIP: 0033:0x7fb8d278efc9
[  655.261429][T12413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  655.261446][T12413] RSP: 002b:00007fb8d368f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  655.261464][T12413] RAX: ffffffffffffffda RBX: 00007fb8d29e6090 RCX: 00007fb8d278efc9
[  655.261475][T12413] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000008
[  655.261485][T12413] RBP: 00007fb8d368f090 R08: 0000000000000000 R09: 0000000000000000
[  655.261496][T12413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  655.261506][T12413] R13: 00007fb8d29e6128 R14: 00007fb8d29e6090 R15: 00007ffd6a0d5e48
[  655.261532][T12413]  </TASK>
[  655.490048][    C1] vkms_vblank_simulate: vblank timer overrun
[  656.145668][ T5870] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  656.156371][ T5877] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  656.189746][ T5877] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  656.290853][ T5930] usb 4-1: USB disconnect, device number 44
[  656.378586][   T30] audit: type=1400 audit(1762140035.253:576): avc:  denied  { relabelfrom } for  pid=12414 comm="syz.3.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  656.426947][   T30] audit: type=1400 audit(1762140035.253:577): avc:  denied  { relabelto } for  pid=12414 comm="syz.3.1773" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  656.511819][T12421] binder: 12417:12421 ioctl 0 200000000040 returned -22
[  657.557218][ T5927] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  658.002812][ T5877] usb 1-1: string descriptor 0 read error: -71
[  658.009511][ T5877] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  658.018787][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  658.037283][ T5921] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  658.039827][ T5877] usb 1-1: can't set config #1, error -71
[  658.056214][ T5877] usb 1-1: USB disconnect, device number 40
[  658.057180][ T5927] usb 3-1: Using ep0 maxpacket: 16
[  658.083181][ T5927] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  658.107291][ T5927] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  658.127026][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  658.148287][ T5927] usb 3-1: config 0 descriptor??
[  658.153369][ T5930] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  658.198938][ T5921] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  658.217258][ T5921] usb 5-1: config 0 has no interface number 1
[  658.234417][ T5921] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  658.255131][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  658.267651][ T5921] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  658.276916][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  658.285774][ T5921] usb 5-1: SerialNumber: syz
[  658.298119][ T5921] usb 5-1: config 0 descriptor??
[  658.358458][T12435] overlayfs: missing 'lowerdir'
[  658.493704][ T5921] uvcvideo 5-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  658.502531][ T5921] uvcvideo 5-1:0.199: No valid video chain found.
[  658.752940][ T1671] IPVS: starting estimator thread 0...
[  659.007480][ T5930] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  659.026787][ T5927] usbhid 3-1:0.0: can't add hid device: -71
[  659.034031][T12441] IPVS: using max 47 ests per chain, 112800 per kthread
[  659.057363][ T5930] usb 4-1: config 0 has no interface number 1
[  659.073884][ T5927] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  659.088025][ T5930] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  659.122997][ T5927] usb 3-1: USB disconnect, device number 40
[  659.135878][ T5930] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  659.165048][ T5877] usb 5-1: USB disconnect, device number 44
[  659.179114][ T5930] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  659.195285][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  659.221916][ T5930] usb 4-1: SerialNumber: syz
[  659.238576][ T5930] usb 4-1: config 0 descriptor??
[  659.246699][T12445] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  659.273415][ T5930] uvcvideo 4-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  659.288992][ T5930] uvcvideo 4-1:0.199: No valid video chain found.
[  659.674229][ T5930] usb 4-1: USB disconnect, device number 45
[  659.734452][T12452] binder: 12446:12452 ioctl 0 200000000040 returned -22
[  661.108984][ T5877] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  661.356263][T12465] FAULT_INJECTION: forcing a failure.
[  661.356263][T12465] name failslab, interval 1, probability 0, space 0, times 0
[  661.438111][T12465] CPU: 1 UID: 0 PID: 12465 Comm: syz.2.1786 Not tainted syzkaller #0 PREEMPT(full) 
[  661.438137][T12465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  661.438147][T12465] Call Trace:
[  661.438154][T12465]  <TASK>
[  661.438162][T12465]  dump_stack_lvl+0x16c/0x1f0
[  661.438196][T12465]  should_fail_ex+0x512/0x640
[  661.438217][T12465]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  661.438247][T12465]  should_failslab+0xc2/0x120
[  661.438268][T12465]  kmem_cache_alloc_node_noprof+0x78/0x770
[  661.438293][T12465]  ? __alloc_skb+0x2b2/0x380
[  661.438319][T12465]  ? __alloc_skb+0x2b2/0x380
[  661.438337][T12465]  ? __pfx_netlink_insert+0x10/0x10
[  661.438360][T12465]  __alloc_skb+0x2b2/0x380
[  661.438380][T12465]  ? __pfx___alloc_skb+0x10/0x10
[  661.438401][T12465]  ? netlink_autobind.isra.0+0x158/0x370
[  661.438432][T12465]  netlink_alloc_large_skb+0x69/0x140
[  661.438458][T12465]  netlink_sendmsg+0x698/0xdd0
[  661.438488][T12465]  ? __pfx_netlink_sendmsg+0x10/0x10
[  661.438528][T12465]  ____sys_sendmsg+0xa98/0xc70
[  661.438546][T12465]  ? copy_msghdr_from_user+0x10a/0x160
[  661.438568][T12465]  ? __pfx_____sys_sendmsg+0x10/0x10
[  661.438597][T12465]  ___sys_sendmsg+0x134/0x1d0
[  661.438622][T12465]  ? __pfx____sys_sendmsg+0x10/0x10
[  661.438642][T12465]  ? __lock_acquire+0x622/0x1c90
[  661.438702][T12465]  __sys_sendmsg+0x16d/0x220
[  661.438726][T12465]  ? __pfx___sys_sendmsg+0x10/0x10
[  661.438766][T12465]  do_syscall_64+0xcd/0xfa0
[  661.438795][T12465]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.438813][T12465] RIP: 0033:0x7fb8d278efc9
[  661.438828][T12465] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  661.438845][T12465] RSP: 002b:00007fb8d36b0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  661.438864][T12465] RAX: ffffffffffffffda RBX: 00007fb8d29e5fa0 RCX: 00007fb8d278efc9
[  661.438876][T12465] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[  661.438887][T12465] RBP: 00007fb8d36b0090 R08: 0000000000000000 R09: 0000000000000000
[  661.438897][T12465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  661.438907][T12465] R13: 00007fb8d29e6038 R14: 00007fb8d29e5fa0 R15: 00007ffd6a0d5e48
[  661.438933][T12465]  </TASK>
[  661.668034][    C1] vkms_vblank_simulate: vblank timer overrun
[  661.707346][   T60] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  661.727317][   T60] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  661.776055][ T5877] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  661.785921][ T5877] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  661.837724][ T5877] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  661.846785][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  661.854781][ T5877] usb 5-1: SerialNumber: syz
[  661.862790][ T5877] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  662.009227][   T42] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  662.278384][   T42] usb 1-1: Using ep0 maxpacket: 16
[  662.299016][   T42] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[  662.311494][   T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024
[  662.337306][   T42] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024
[  662.367172][   T42] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 188
[  662.389202][   T42] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  662.404860][   T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  662.421739][   T42] usb 1-1: Product: syz
[  662.430955][   T42] usb 1-1: Manufacturer: syz
[  662.439978][   T42] usb 1-1: SerialNumber: syz
[  662.453045][   T42] usb 1-1: config 0 descriptor??
[  662.462957][T12471] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  662.478940][T12471] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  662.528377][   T42] mcba_usb 1-1:0.0: Microchip CAN BUS Analyzer connected
[  662.535537][    C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71)
[  662.535590][    C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71)
[  662.560763][T12481] netlink: 'syz.1.1790': attribute type 1 has an invalid length.
[  662.595260][T12481] bond1: entered promiscuous mode
[  662.609500][T12481] 8021q: adding VLAN 0 to HW filter on device bond1
[  662.643085][T12483] 8021q: adding VLAN 0 to HW filter on device bond1
[  662.657901][T12483] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  662.725078][T12483] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  662.743594][T12483] bond1: (slave vcan1): making interface the new active one
[  662.754216][T12483] vcan1: entered promiscuous mode
[  662.812650][T12471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  662.837833][T12481] overlayfs: failed lookup in lower (newroot/327, name='file0', err=-40): overlapping layers
[  662.856980][T12483] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  662.860398][T12471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  662.895987][T12485] overlayfs: failed lookup in lower (newroot/327, name='bus', err=-40): overlapping layers
[  663.424213][   T42] usb 1-1: USB disconnect, device number 41
[  663.448717][   T42] mcba_usb 1-1:0.0 can0: device disconnected
[  664.292699][ T5921] usb 5-1: USB disconnect, device number 45
[  665.787353][ T5930] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  666.800746][ T5930] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  666.827248][ T5930] usb 4-1: config 0 has no interface number 1
[  666.837262][ T5930] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  666.877261][ T5930] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  666.924526][ T5930] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  667.528776][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  667.567259][ T5930] usb 4-1: SerialNumber: syz
[  667.614086][ T5930] usb 4-1: config 0 descriptor??
[  667.690388][T12567] FAULT_INJECTION: forcing a failure.
[  667.690388][T12567] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  667.717336][ T5930] usb 4-1: can't set config #0, error -71
[  667.746295][ T5930] usb 4-1: USB disconnect, device number 46
[  667.785797][T12567] CPU: 0 UID: 0 PID: 12567 Comm: syz.4.1806 Not tainted syzkaller #0 PREEMPT(full) 
[  667.785820][T12567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  667.785830][T12567] Call Trace:
[  667.785835][T12567]  <TASK>
[  667.785842][T12567]  dump_stack_lvl+0x16c/0x1f0
[  667.785871][T12567]  should_fail_ex+0x512/0x640
[  667.785894][T12567]  _copy_from_iter+0x29f/0x1720
[  667.785921][T12567]  ? __pfx__copy_from_iter+0x10/0x10
[  667.785941][T12567]  ? rcu_is_watching+0x12/0xc0
[  667.785961][T12567]  ? trace_kmalloc+0x2b/0xd0
[  667.785978][T12567]  ? __kmalloc_noprof+0x34f/0x880
[  667.786000][T12567]  ? kernfs_fop_write_iter+0x237/0x570
[  667.786023][T12567]  kernfs_fop_write_iter+0x19a/0x570
[  667.786043][T12567]  vfs_write+0x7d3/0x11d0
[  667.786061][T12567]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  667.786079][T12567]  ? __pfx___mutex_lock+0x10/0x10
[  667.786095][T12567]  ? __pfx_vfs_write+0x10/0x10
[  667.786129][T12567]  ksys_write+0x12a/0x250
[  667.786145][T12567]  ? __pfx_ksys_write+0x10/0x10
[  667.786170][T12567]  do_syscall_64+0xcd/0xfa0
[  667.786197][T12567]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.786215][T12567] RIP: 0033:0x7fac3c18efc9
[  667.786238][T12567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  667.786255][T12567] RSP: 002b:00007fac3a3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  667.786273][T12567] RAX: ffffffffffffffda RBX: 00007fac3c3e5fa0 RCX: 00007fac3c18efc9
[  667.786284][T12567] RDX: 000000000000000a RSI: 0000200000000140 RDI: 0000000000000004
[  667.786295][T12567] RBP: 00007fac3a3f6090 R08: 0000000000000000 R09: 0000000000000000
[  667.786304][T12567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.786314][T12567] R13: 00007fac3c3e6038 R14: 00007fac3c3e5fa0 R15: 00007ffd0987e2e8
[  667.786338][T12567]  </TASK>
[  668.837233][ T5921] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  669.538530][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  669.557203][ T5921] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  669.588399][ T5921] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  669.614943][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  670.039508][ T5921] usb 3-1: SerialNumber: syz
[  670.070674][ T5921] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  670.697934][T12603] ieee802154 phy1 wpan1: encryption failed: -22
[  670.850961][   T30] audit: type=1400 audit(1762140049.583:578): avc:  denied  { write } for  pid=12601 comm="syz.4.1815" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  671.455386][T12603] orangefs_mount: mount request failed with -4
[  671.532254][   T30] audit: type=1400 audit(1762140050.393:579): avc:  denied  { write } for  pid=12608 comm="syz.0.1816" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  671.864981][T12616] FAULT_INJECTION: forcing a failure.
[  671.864981][T12616] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  671.888465][T12616] CPU: 0 UID: 0 PID: 12616 Comm: syz.0.1818 Not tainted syzkaller #0 PREEMPT(full) 
[  671.888491][T12616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  671.888500][T12616] Call Trace:
[  671.888505][T12616]  <TASK>
[  671.888513][T12616]  dump_stack_lvl+0x16c/0x1f0
[  671.888544][T12616]  should_fail_ex+0x512/0x640
[  671.888567][T12616]  _copy_from_iter+0x29f/0x1720
[  671.888594][T12616]  ? __pfx__copy_from_iter+0x10/0x10
[  671.888615][T12616]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  671.888644][T12616]  copy_page_from_iter+0xde/0x180
[  671.888665][T12616]  tun_build_skb.constprop.0+0x2e8/0x1510
[  671.888686][T12616]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  671.888701][T12616]  ? unwind_get_return_address+0x59/0xa0
[  671.888715][T12616]  ? arch_stack_walk+0xa6/0x100
[  671.888735][T12616]  ? _kstrtoull+0x145/0x200
[  671.888753][T12616]  tun_get_user+0x149c/0x3cc0
[  671.888774][T12616]  ? __pfx_tun_get_user+0x10/0x10
[  671.888789][T12616]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  671.888808][T12616]  ? find_held_lock+0x2b/0x80
[  671.888822][T12616]  ? tun_get+0x191/0x370
[  671.888838][T12616]  tun_chr_write_iter+0xdc/0x210
[  671.888854][T12616]  vfs_write+0x7d3/0x11d0
[  671.888866][T12616]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  671.888882][T12616]  ? __pfx_vfs_write+0x10/0x10
[  671.888890][T12616]  ? find_held_lock+0x2b/0x80
[  671.888912][T12616]  ksys_write+0x12a/0x250
[  671.888921][T12616]  ? __pfx_ksys_write+0x10/0x10
[  671.888935][T12616]  do_syscall_64+0xcd/0xfa0
[  671.888952][T12616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.888963][T12616] RIP: 0033:0x7fa075f8da7f
[  671.888973][T12616] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  671.888984][T12616] RSP: 002b:00007fa076d96000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  671.888994][T12616] RAX: ffffffffffffffda RBX: 00007fa0761e5fa0 RCX: 00007fa075f8da7f
[  671.889001][T12616] RDX: 000000000000004a RSI: 0000200000000000 RDI: 00000000000000c8
[  671.889007][T12616] RBP: 00007fa076d96090 R08: 0000000000000000 R09: 0000000000000000
[  671.889013][T12616] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  671.889020][T12616] R13: 00007fa0761e6038 R14: 00007fa0761e5fa0 R15: 00007ffe6caee0b8
[  671.889034][T12616]  </TASK>
[  672.178769][ T5930] usb 3-1: USB disconnect, device number 41
[  672.559289][T12629] overlayfs: missing 'lowerdir'
[  673.340223][   T30] audit: type=1400 audit(1762140052.223:580): avc:  denied  { connect } for  pid=12627 comm="syz.1.1823" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  673.370123][   T42] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  673.767980][T12640] overlayfs: missing 'lowerdir'
[  674.246697][ T5134] Bluetooth: hci5: command 0xfc11 tx timeout
[  674.256238][T11903] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  674.461599][   T42] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  674.492681][T12643] FAULT_INJECTION: forcing a failure.
[  674.492681][T12643] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  674.505950][   T42] usb 5-1: config 0 has no interface number 1
[  674.515641][T12643] CPU: 1 UID: 0 PID: 12643 Comm: syz.3.1826 Not tainted syzkaller #0 PREEMPT(full) 
[  674.515666][T12643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  674.515676][T12643] Call Trace:
[  674.515682][T12643]  <TASK>
[  674.515690][T12643]  dump_stack_lvl+0x16c/0x1f0
[  674.515720][T12643]  should_fail_ex+0x512/0x640
[  674.515742][T12643]  _copy_to_user+0x32/0xd0
[  674.515764][T12643]  simple_read_from_buffer+0xcb/0x170
[  674.515791][T12643]  proc_fail_nth_read+0x197/0x240
[  674.515812][T12643]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  674.515833][T12643]  ? rw_verify_area+0xcf/0x6c0
[  674.515855][T12643]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  674.515874][T12643]  vfs_read+0x1e4/0xcf0
[  674.515893][T12643]  ? __pfx_vfs_read+0x10/0x10
[  674.515906][T12643]  ? irqentry_exit+0x3b/0x90
[  674.515921][T12643]  ? lockdep_hardirqs_on+0x7c/0x110
[  674.515945][T12643]  ksys_read+0x12a/0x250
[  674.515955][T12643]  ? __pfx_ksys_read+0x10/0x10
[  674.515964][T12643]  ? __sys_bpf+0x175/0x4980
[  674.515984][T12643]  do_syscall_64+0xcd/0xfa0
[  674.516001][T12643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  674.516013][T12643] RIP: 0033:0x7f1c2978d9dc
[  674.516022][T12643] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  674.516032][T12643] RSP: 002b:00007f1c2a575030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  674.516043][T12643] RAX: ffffffffffffffda RBX: 00007f1c299e5fa0 RCX: 00007f1c2978d9dc
[  674.516049][T12643] RDX: 000000000000000f RSI: 00007f1c2a5750a0 RDI: 0000000000000004
[  674.516056][T12643] RBP: 00007f1c2a575090 R08: 0000000000000000 R09: 0000000000000000
[  674.516062][T12643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  674.516067][T12643] R13: 00007f1c299e6038 R14: 00007f1c299e5fa0 R15: 00007ffd3751a488
[  674.516082][T12643]  </TASK>
[  674.916538][   T42] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  674.949825][   T42] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  675.049437][   T42] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  675.119363][   T42] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  675.315340][   T42] usb 5-1: SerialNumber: syz
[  675.345910][   T42] usb 5-1: config 0 descriptor??
[  675.468881][   T42] usb 5-1: can't set config #0, error -71
[  675.489298][   T42] usb 5-1: USB disconnect, device number 46
[  677.085770][T12659] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1831'.
[  677.445625][T12674] overlayfs: missing 'lowerdir'
[  677.540238][T12669] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1833'.
[  678.187529][   T42] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  678.647315][   T42] usb 5-1: Using ep0 maxpacket: 8
[  678.778618][   T42] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  678.792901][   T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  678.802773][   T42] usb 5-1: Product: syz
[  678.812044][   T42] usb 5-1: Manufacturer: syz
[  678.823196][   T42] usb 5-1: SerialNumber: syz
[  678.841941][   T42] usb 5-1: config 0 descriptor??
[  678.918476][   T42] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  679.127335][ T5930] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  679.907231][ T5930] usb 1-1: Using ep0 maxpacket: 8
[  679.919256][ T5930] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  679.932676][ T5930] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  679.943451][ T5930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.956341][ T5930] usb 1-1: Product: syz
[  679.963763][ T5930] usb 1-1: Manufacturer: syz
[  679.973115][ T5930] usb 1-1: SerialNumber: syz
[  679.980362][ T5930] usb 1-1: config 0 descriptor??
[  679.999054][ T5930] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  680.177258][ T5930] usb 1-1: setting power ON
[  680.188789][ T5930] dvb-usb: bulk message failed: -22 (2/0)
[  680.249360][ T5930] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  680.260855][ T5930] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  680.281755][ T5930] usb 1-1: media controller created
[  680.341269][ T5930] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  680.351455][T12714] capability: warning: `syz.2.1844' uses 32-bit capabilities (legacy support in use)
[  680.432963][ T5930] usb 1-1: selecting invalid altsetting 6
[  681.398412][ T5930] usb 1-1: digital interface selection failed (-22)
[  681.405841][ T5930] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  681.417260][ T5930] usb 1-1: setting power OFF
[  681.421963][ T5930] dvb-usb: bulk message failed: -22 (2/0)
[  681.427957][ T5930] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  681.437540][ T5930] (NULL device *): no alternate interface
[  681.890183][T12722] overlayfs: missing 'lowerdir'
[  681.925612][ T5877] usb 5-1: USB disconnect, device number 47
[  682.464099][ T5930] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  683.452924][ T5930] usb 1-1: USB disconnect, device number 42
[  684.097349][ T5930] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  684.318470][T12756] binder_alloc: 12754: binder_alloc_buf size 69424 failed, no address space
[  684.350935][T12756] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288)
[  684.478899][ T5930] usb 2-1: config 0 has an invalid interface number: 199 but max is 1
[  684.498130][ T5930] usb 2-1: config 0 has no interface number 1
[  684.504262][ T5930] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  684.542860][ T5930] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  684.583184][ T5930] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  684.596785][ T5930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  684.606045][ T5930] usb 2-1: SerialNumber: syz
[  684.745982][ T5921] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  684.797380][ T5877] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  684.799640][ T5930] usb 2-1: config 0 descriptor??
[  684.932488][ T5930] uvcvideo 2-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  684.947216][ T5930] uvcvideo 2-1:0.199: No valid video chain found.
[  685.007229][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  685.028803][ T5921] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  685.040304][ T5921] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  685.087323][ T5877] usb 4-1: Using ep0 maxpacket: 8
[  685.097240][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.100381][ T5877] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  685.117757][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.125773][ T5877] usb 4-1: Product: syz
[  685.205427][T12775] overlayfs: missing 'lowerdir'
[  685.567212][ T5921] usb 1-1: Product: syz
[  685.572540][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.577209][ T5921] usb 1-1: Manufacturer: syz
[  685.587224][ T5921] usb 1-1: SerialNumber: syz
[  685.597591][   T42] usb 2-1: USB disconnect, device number 32
[  685.606424][ T5921] usb 1-1: config 0 descriptor??
[  685.618940][ T5921] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  685.627258][ T5877] usb 4-1: Manufacturer: syz
[  685.632996][ T5877] usb 4-1: SerialNumber: syz
[  685.648285][ T5921] usb 1-1: setting power ON
[  685.656805][ T5877] usb 4-1: config 0 descriptor??
[  685.665188][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  685.667926][ T5877] gspca_main: se401-2.14.0 probing 047d:5003
[  685.708635][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  685.727695][ T5921] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  685.736213][ T5921] usb 1-1: media controller created
[  685.752147][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  685.803913][ T5921] usb 1-1: selecting invalid altsetting 6
[  685.817238][ T5921] usb 1-1: digital interface selection failed (-22)
[  685.823906][ T5921] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  685.823927][T12765] dvb-usb: bulk message failed: -22 (3/0)
[  685.839037][T12765] dvb-usb: bulk message failed: -22 (3/0)
[  685.915979][ T5921] usb 1-1: setting power OFF
[  685.920900][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  685.926657][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  685.936062][ T5921] (NULL device *): no alternate interface
[  686.558114][ T5877] usb 4-1: reset high-speed USB device number 47 using dummy_hcd
[  687.094666][T12782] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1862'.
[  687.167531][ T5877] usb 4-1: device descriptor read/64, error -71
[  687.437477][ T5877] usb 4-1: reset high-speed USB device number 47 using dummy_hcd
[  687.687188][ T5877] usb 4-1: device descriptor read/64, error -71
[  687.809855][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  687.870774][ T5921] usb 1-1: USB disconnect, device number 43
[  688.024049][   T42] libceph: connect (1)[c::]:6789 error -101
[  688.035468][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  688.139503][T12798] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1866'.
[  688.346396][   T42] libceph: connect (1)[c::]:6789 error -101
[  688.370635][   T42] libceph: mon0 (1)[c::]:6789 connect error
[  688.375348][T12802] ceph: No mds server is up or the cluster is laggy
[  688.854051][ T5877] gspca_se401: read req failed req 0x06 error -19
[  688.883265][ T5877] usb 4-1: USB disconnect, device number 47
[  690.184614][   T30] audit: type=1800 audit(1762140069.053:581): pid=12821 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.4.1870" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  690.517189][ T5921] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  690.717368][ T5921] usb 4-1: Using ep0 maxpacket: 8
[  690.748296][ T5921] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  690.758320][ T5921] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  690.794497][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  690.827199][ T5921] usb 4-1: Product: syz
[  690.831391][ T5921] usb 4-1: Manufacturer: syz
[  690.897184][ T5921] usb 4-1: SerialNumber: syz
[  690.923170][ T5921] usb 4-1: config 0 descriptor??
[  690.959276][ T5921] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  690.987820][ T5921] usb 4-1: setting power ON
[  690.992361][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  691.043035][ T5921] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  691.067716][ T5921] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  691.153682][T12842] dvb-usb: bulk message failed: -22 (3/0)
[  691.187979][T12842] dvb-usb: bulk message failed: -22 (3/0)
[  691.201019][ T5921] usb 4-1: media controller created
[  692.028597][ T5921] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  692.186869][ T5921] usb 4-1: selecting invalid altsetting 6
[  692.212480][ T5921] usb 4-1: digital interface selection failed (-22)
[  692.228375][ T5921] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  692.569602][ T5921] usb 4-1: setting power OFF
[  692.574301][ T5921] dvb-usb: bulk message failed: -22 (2/0)
[  692.580683][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  692.594283][ T5921] (NULL device *): no alternate interface
[  692.618295][ T5927] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  692.788583][ T5927] usb 5-1: Using ep0 maxpacket: 32
[  692.807085][ T5927] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  692.813556][ T5863] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  693.051765][T12872] netlink: 165 bytes leftover after parsing attributes in process `syz.0.1883'.
[  693.284198][ T5921] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  693.294336][ T5927] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  693.308788][ T5927] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  693.482488][ T5921] usb 4-1: USB disconnect, device number 48
[  693.488834][ T5927] usb 5-1: Product: syz
[  693.492974][ T5927] usb 5-1: Manufacturer: syz
[  693.501237][ T5927] usb 5-1: SerialNumber: syz
[  693.518616][ T5927] usb 5-1: config 0 descriptor??
[  693.524320][T12862] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  693.689172][   T30] audit: type=1400 audit(1762140072.533:582): avc:  denied  { block_suspend } for  pid=12876 comm="syz.3.1884" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  693.710581][    C1] vkms_vblank_simulate: vblank timer overrun
[  693.914162][ T5927] hub 5-1:0.0: bad descriptor, ignoring hub
[  693.920877][ T5927] hub 5-1:0.0: probe with driver hub failed with error -5
[  693.946168][ T5863] usb 2-1: config 0 has an invalid interface number: 199 but max is 1
[  693.982259][ T5863] usb 2-1: config 0 has no interface number 1
[  694.013494][T12883] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  694.035411][   T30] audit: type=1400 audit(1762140072.883:583): avc:  denied  { bind } for  pid=12879 comm="syz.2.1885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  694.056890][ T9115] Bluetooth: hci5: Frame reassembly failed (-84)
[  694.065381][ T5863] usb 2-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  694.076028][ T5863] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  694.088439][ T5863] usb 2-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  694.097747][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  694.106840][ T5863] usb 2-1: SerialNumber: syz
[  694.118174][ T5863] usb 2-1: config 0 descriptor??
[  694.129624][ T5863] uvcvideo 2-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  694.207514][ T5877] usb 5-1: USB disconnect, device number 48
[  694.220934][ T5863] uvcvideo 2-1:0.199: No valid video chain found.
[  694.378532][T12862] 9pnet_fd: Insufficient options for proto=fd
[  694.676588][T12893] loop6: detected capacity change from 0 to 524287999
[  694.689333][T12893] buffer_io_error: 5 callbacks suppressed
[  694.689365][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.704597][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.713153][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.721630][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.755577][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.764205][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.772691][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.781072][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.789787][T12893] ldm_validate_partition_table(): Disk read failed.
[  694.796869][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.806496][T12893] Buffer I/O error on dev loop6, logical block 0, async page read
[  694.815724][T12893] Dev loop6: unable to read RDB block 0
[  694.824108][T12893]  loop6: unable to read partition table
[  694.830741][T12893] loop_reread_partitions: partition scan of loop6 (3Ÿ¾x³˜CÖ

) failed (rc=-5)
[  695.550316][ T5991] ldm_validate_partition_table(): Disk read failed.
[  695.677304][ T5991] Dev loop6: unable to read RDB block 0
[  695.686701][ T5991]  loop6: unable to read partition table
[  695.696902][ T5877] usb 2-1: USB disconnect, device number 33
[  696.449432][T11903] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  697.427282][ T5927] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  697.498327][T12928] fuse: Unknown parameter 'fd0x0000000000000006'
[  697.547298][   T42] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  697.597640][ T5927] usb 1-1: Using ep0 maxpacket: 8
[  697.634590][ T5927] usb 1-1: config 162 has an invalid interface number: 97 but max is 0
[  697.666456][ T5927] usb 1-1: config 162 has an invalid descriptor of length 0, skipping remainder of the config
[  697.695372][ T5927] usb 1-1: config 162 has no interface number 0
[  697.708602][   T42] usb 2-1: Using ep0 maxpacket: 8
[  697.803410][   T42] usb 2-1: config index 0 descriptor too short (expected 30, got 18)
[  697.805305][ T5927] usb 1-1: config 162 interface 97 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  697.833224][ T5927] usb 1-1: config 162 interface 97 has no altsetting 0
[  697.836108][   T42] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  697.842117][ T5927] usb 1-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  698.324816][ T5927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.332908][ T5927] usb 1-1: Product: syz
[  698.338122][ T5927] usb 1-1: Manufacturer: syz
[  698.346484][ T5927] usb 1-1: SerialNumber: syz
[  698.359490][   T42] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  698.393275][   T42] usb 2-1: Product: syz
[  698.399552][   T42] usb 2-1: Manufacturer: syz
[  698.410074][   T42] usb 2-1: SerialNumber: syz
[  698.430771][   T42] usb 2-1: config 0 descriptor??
[  698.449761][   T42] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  698.458674][   T42] usb 2-1: setting power ON
[  698.463297][   T42] dvb-usb: bulk message failed: -22 (2/0)
[  698.473636][   T42] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  698.485063][   T42] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  698.495164][   T42] usb 2-1: media controller created
[  698.615770][ T5927] metro_usb 1-1:162.97: required endpoints missing
[  698.621733][   T42] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  698.727789][T12917] dvb-usb: bulk message failed: -22 (3/0)
[  698.899457][T12917] dvb-usb: bulk message failed: -22 (3/0)
[  698.932214][ T5927] usb 1-1: USB disconnect, device number 44
[  699.026637][   T42] usb 2-1: selecting invalid altsetting 6
[  699.049039][   T42] usb 2-1: digital interface selection failed (-22)
[  699.257267][   T42] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  699.267735][   T42] usb 2-1: setting power OFF
[  699.274570][   T42] dvb-usb: bulk message failed: -22 (2/0)
[  699.283963][   T42] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  699.297621][   T42] (NULL device *): no alternate interface
[  699.567268][ T5863] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  699.729843][ T5863] usb 3-1: config 0 has an invalid interface number: 199 but max is 1
[  699.741450][ T5863] usb 3-1: config 0 has no interface number 1
[  699.753606][ T5863] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  699.764410][ T5863] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  699.776825][ T5863] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  699.786285][ T5863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  699.794972][ T5863] usb 3-1: SerialNumber: syz
[  699.811527][ T5863] usb 3-1: config 0 descriptor??
[  699.823378][ T5863] uvcvideo 3-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  699.833123][ T5863] uvcvideo 3-1:0.199: No valid video chain found.
[  700.088404][ T5863] usb 3-1: USB disconnect, device number 42
[  700.493274][   T42] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  700.518694][   T42] usb 2-1: USB disconnect, device number 34
[  700.927292][ T5863] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  701.057529][ T5877] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  701.462793][T12974] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1914'.
[  701.487438][ T5863] usb 3-1: Using ep0 maxpacket: 32
[  701.496385][ T5863] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  701.509832][ T5863] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  701.519201][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  701.528201][ T5863] usb 3-1: Product: syz
[  701.532553][ T5863] usb 3-1: Manufacturer: syz
[  701.538373][ T5863] usb 3-1: SerialNumber: syz
[  701.547628][ T5863] usb 3-1: config 0 descriptor??
[  701.559078][T12962] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  701.567226][ T5877] usb 4-1: Using ep0 maxpacket: 32
[  701.568375][ T5863] hub 3-1:0.0: bad descriptor, ignoring hub
[  701.578569][ T5863] hub 3-1:0.0: probe with driver hub failed with error -5
[  701.580056][ T5877] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  701.678130][ T5877] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  701.687932][ T5877] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  701.730731][ T5877] usb 4-1: Product: syz
[  701.748720][ T5877] usb 4-1: Manufacturer: syz
[  701.764960][ T5877] usb 4-1: SerialNumber: syz
[  701.783962][ T5877] usb 4-1: config 0 descriptor??
[  701.801015][T12958] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  701.818843][ T5877] hub 4-1:0.0: bad descriptor, ignoring hub
[  701.835528][ T5877] hub 4-1:0.0: probe with driver hub failed with error -5
[  701.871293][ T5877] chaoskey 4-1:0.0: Unable to register with hwrng
[  701.905967][T12982] fuse: Unknown parameter 'fd0x0000000000000006'
[  701.977565][ T5863] usb 3-1: USB disconnect, device number 43
[  702.173406][T12962] 9pnet_fd: Insufficient options for proto=fd
[  702.650807][ T5877] usb 4-1: USB disconnect, device number 49
[  702.751871][T12958] 9pnet_fd: Insufficient options for proto=fd
[  703.299187][ T5863] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  703.477212][ T5863] usb 4-1: Using ep0 maxpacket: 8
[  703.483574][ T5863] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  703.494185][ T5863] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  703.503685][ T5863] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  703.512098][ T5863] usb 4-1: Product: syz
[  703.520228][ T5863] usb 4-1: Manufacturer: syz
[  703.527050][ T5863] usb 4-1: SerialNumber: syz
[  703.546758][ T5863] usb 4-1: config 0 descriptor??
[  703.605520][T13005] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  703.921120][ T5863] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  703.929920][ T5863] usb 4-1: setting power ON
[  703.934453][ T5863] dvb-usb: bulk message failed: -22 (2/0)
[  703.959858][ T5863] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  703.970720][ T5863] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  703.985773][ T5863] usb 4-1: media controller created
[  704.493348][ T5863] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  704.560299][T12992] dvb-usb: bulk message failed: -22 (3/0)
[  704.566030][T12992] dvb-usb: bulk message failed: -22 (3/0)
[  704.592776][ T5863] usb 4-1: selecting invalid altsetting 6
[  704.707259][ T5863] usb 4-1: digital interface selection failed (-22)
[  705.185034][ T5863] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  705.196182][ T5863] usb 4-1: setting power OFF
[  705.223632][ T5863] dvb-usb: bulk message failed: -22 (2/0)
[  705.266091][ T5863] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  705.486642][ T5863] (NULL device *): no alternate interface
[  706.244264][ T5863] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  706.903280][ T5863] usb 4-1: USB disconnect, device number 50
[  707.757186][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  707.924211][    T9] usb 2-1: Using ep0 maxpacket: 32
[  707.928809][T13051] FAULT_INJECTION: forcing a failure.
[  707.928809][T13051] name failslab, interval 1, probability 0, space 0, times 0
[  707.935601][    T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  707.952333][T13051] CPU: 1 UID: 0 PID: 13051 Comm: syz.0.1934 Not tainted syzkaller #0 PREEMPT(full) 
[  707.952357][T13051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  707.952367][T13051] Call Trace:
[  707.952373][T13051]  <TASK>
[  707.952381][T13051]  dump_stack_lvl+0x16c/0x1f0
[  707.952413][T13051]  should_fail_ex+0x512/0x640
[  707.952434][T13051]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  707.952464][T13051]  should_failslab+0xc2/0x120
[  707.952485][T13051]  kmem_cache_alloc_node_noprof+0x78/0x770
[  707.952511][T13051]  ? __alloc_skb+0x2b2/0x380
[  707.952537][T13051]  ? __alloc_skb+0x2b2/0x380
[  707.952555][T13051]  ? __pfx_avc_has_perm+0x10/0x10
[  707.952577][T13051]  __alloc_skb+0x2b2/0x380
[  707.952597][T13051]  ? __pfx___alloc_skb+0x10/0x10
[  707.952617][T13051]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  707.952634][T13051]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  707.952659][T13051]  netlink_alloc_large_skb+0x69/0x140
[  707.952685][T13051]  netlink_sendmsg+0x698/0xdd0
[  707.952714][T13051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  707.952747][T13051]  ____sys_sendmsg+0xa98/0xc70
[  707.952766][T13051]  ? copy_msghdr_from_user+0x10a/0x160
[  707.952788][T13051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  707.952815][T13051]  ___sys_sendmsg+0x134/0x1d0
[  707.952840][T13051]  ? __pfx____sys_sendmsg+0x10/0x10
[  707.952860][T13051]  ? __lock_acquire+0x622/0x1c90
[  707.952918][T13051]  __sys_sendmsg+0x16d/0x220
[  707.952940][T13051]  ? __pfx___sys_sendmsg+0x10/0x10
[  707.952979][T13051]  do_syscall_64+0xcd/0xfa0
[  707.953008][T13051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  707.953026][T13051] RIP: 0033:0x7fa075f8efc9
[  707.953041][T13051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  707.953058][T13051] RSP: 002b:00007fa076d96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  707.953075][T13051] RAX: ffffffffffffffda RBX: 00007fa0761e5fa0 RCX: 00007fa075f8efc9
[  707.953087][T13051] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  707.953098][T13051] RBP: 00007fa076d96090 R08: 0000000000000000 R09: 0000000000000000
[  707.953108][T13051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  707.953118][T13051] R13: 00007fa0761e6038 R14: 00007fa0761e5fa0 R15: 00007ffe6caee0b8
[  707.953143][T13051]  </TASK>
[  708.268781][    T9] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  708.354490][T13055] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1935'.
[  708.473767][    T9] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  708.597231][    T9] usb 2-1: Product: syz
[  708.607178][    T9] usb 2-1: Manufacturer: syz
[  708.617487][    T9] usb 2-1: SerialNumber: syz
[  708.632723][    T9] usb 2-1: config 0 descriptor??
[  708.661046][T13038] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  708.674406][    T9] hub 2-1:0.0: bad descriptor, ignoring hub
[  708.693969][    T9] hub 2-1:0.0: probe with driver hub failed with error -5
[  708.728949][   T30] audit: type=1400 audit(1762140087.613:584): avc:  denied  { write } for  pid=13059 comm="syz.0.1937" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  708.837464][T13058] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1936'.
[  709.137749][ T5921] usb 2-1: USB disconnect, device number 35
[  710.541981][ T5927] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  710.878410][   T30] audit: type=1800 audit(1762140089.763:585): pid=13086 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.1942" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  710.899621][    C0] vkms_vblank_simulate: vblank timer overrun
[  710.961481][   T30] audit: type=1400 audit(1762140089.843:586): avc:  denied  { bind } for  pid=13087 comm="syz.3.1944" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  710.997190][ T5927] usb 3-1: Using ep0 maxpacket: 8
[  711.023272][ T5927] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  711.054426][ T5927] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  711.092582][ T5927] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  711.253762][T13095] netlink: 165 bytes leftover after parsing attributes in process `syz.3.1946'.
[  711.416992][ T5927] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  711.485164][   T30] audit: type=1400 audit(1762140090.333:587): avc:  denied  { mounton } for  pid=13097 comm="syz.1.1947" path="/proc/1283/cgroup" dev="proc" ino=43087 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  711.520644][T13101] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13101 comm=syz.1.1947
[  711.611228][ T5921] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  711.619377][ T5927] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  711.632315][ T5927] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  711.777318][ T5921] usb 5-1: Using ep0 maxpacket: 16
[  711.785279][ T5921] usb 5-1: config 5 has an invalid interface number: 19 but max is 0
[  711.794210][ T5921] usb 5-1: config 5 has an invalid descriptor of length 206, skipping remainder of the config
[  711.814711][ T5921] usb 5-1: config 5 has no interface number 0
[  711.835482][ T5921] usb 5-1: config 5 interface 19 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  711.878181][ T5927] usb 3-1: GET_CAPABILITIES returned 0
[  711.900892][ T5921] usb 5-1: config 5 interface 19 has no altsetting 0
[  711.907998][ T5927] usbtmc 3-1:16.0: can't read capabilities
[  711.931844][ T5921] usb 5-1: New USB device found, idVendor=0b05, idProduct=420f, bcdDevice= b.bd
[  711.987347][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.019560][ T5921] usb 5-1: Product: syz
[  712.023759][ T5921] usb 5-1: Manufacturer: syz
[  712.218849][T13114] 9pnet_virtio: no channels available for device syz
[  712.249975][T13114] SQUASHFS error: Failed to read block 0x0: -5
[  712.586210][ T5921] usb 5-1: SerialNumber: syz
[  712.906196][T13092] bridge0: port 3(team0) entered disabled state
[  713.949520][ T5820] usb 3-1: USB disconnect, device number 44
[  713.950063][T13092] bridge_slave_0: left allmulticast mode
[  714.011936][T13092] bridge_slave_0: left promiscuous mode
[  714.027631][T13092] bridge0: port 1(bridge_slave_0) entered disabled state
[  714.200063][T13131] netlink: 165 bytes leftover after parsing attributes in process `syz.1.1950'.
[  714.213947][T13092] bridge_slave_1: left allmulticast mode
[  714.344578][T13143] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  714.581270][T13092] bridge_slave_1: left promiscuous mode
[  714.597956][T13092] bridge0: port 2(bridge_slave_1) entered disabled state
[  715.017518][T13143] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  715.049123][T13092] bond0: (slave bond_slave_0): Releasing backup interface
[  715.124669][T13092] bond0: (slave bond_slave_1): Releasing backup interface
[  715.143316][T13092] team_slave_0: left promiscuous mode
[  715.207516][T13092] team_slave_0: left allmulticast mode
[  715.251038][T13092] team0: Port device team_slave_0 removed
[  715.258447][T13092] team_slave_1: left promiscuous mode
[  715.263993][T13092] team_slave_1: left allmulticast mode
[  715.322656][T13092] team0: Port device team_slave_1 removed
[  715.329583][T13092] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  715.337057][T13092] batman_adv: batadv0: Removing interface: batadv_slave_0
[  715.390205][T13092] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  715.399474][T13092] batman_adv: batadv0: Removing interface: batadv_slave_1
[  715.436097][T13156] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  715.797629][T13092] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  715.970232][ T5921] usb 5-1: USB disconnect, device number 49
[  716.017595][    T9] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  716.461161][    T9] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  716.487361][    T9] usb 4-1: config 0 has no interface number 1
[  716.494823][    T9] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  716.527991][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  716.627201][ T5921] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  716.716735][T13179] 9pnet_virtio: no channels available for device syz
[  716.729877][T13179] FAULT_INJECTION: forcing a failure.
[  716.729877][T13179] name failslab, interval 1, probability 0, space 0, times 0
[  716.742811][T13179] CPU: 1 UID: 0 PID: 13179 Comm: syz.0.1957 Not tainted syzkaller #0 PREEMPT(full) 
[  716.742835][T13179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  716.742845][T13179] Call Trace:
[  716.742852][T13179]  <TASK>
[  716.742858][T13179]  dump_stack_lvl+0x16c/0x1f0
[  716.742888][T13179]  should_fail_ex+0x512/0x640
[  716.742908][T13179]  ? __kmalloc_cache_noprof+0x5f/0x780
[  716.742942][T13179]  should_failslab+0xc2/0x120
[  716.742964][T13179]  __kmalloc_cache_noprof+0x72/0x780
[  716.742989][T13179]  ? alloc_super+0x52/0xb60
[  716.743019][T13179]  ? alloc_super+0x52/0xb60
[  716.743043][T13179]  ? __pfx_super_s_dev_test+0x10/0x10
[  716.743065][T13179]  alloc_super+0x52/0xb60
[  716.743089][T13179]  ? sget_fc+0xd3/0xc20
[  716.743107][T13179]  ? __pfx_super_s_dev_test+0x10/0x10
[  716.743130][T13179]  sget_fc+0x116/0xc20
[  716.743146][T13179]  ? __pfx_super_s_dev_set+0x10/0x10
[  716.743170][T13179]  get_tree_bdev_flags+0x1ba/0x620
[  716.743186][T13179]  ? __pfx_squashfs_fill_super+0x10/0x10
[  716.743208][T13179]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  716.743231][T13179]  ? bpf_lsm_capable+0x9/0x10
[  716.743250][T13179]  ? security_capable+0x7e/0x260
[  716.743278][T13179]  vfs_get_tree+0x8e/0x340
[  716.743301][T13179]  vfs_cmd_create+0xd7/0x2a0
[  716.743326][T13179]  __do_sys_fsconfig+0x7b8/0xbe0
[  716.743352][T13179]  ? __pfx___do_sys_fsconfig+0x10/0x10
[  716.743388][T13179]  do_syscall_64+0xcd/0xfa0
[  716.743416][T13179]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.743433][T13179] RIP: 0033:0x7fa075f8efc9
[  716.743449][T13179] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.743466][T13179] RSP: 002b:00007fa076d54038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[  716.743483][T13179] RAX: ffffffffffffffda RBX: 00007fa0761e6180 RCX: 00007fa075f8efc9
[  716.743495][T13179] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006
[  716.743505][T13179] RBP: 00007fa076d54090 R08: 0000000000000000 R09: 0000000000000000
[  716.743515][T13179] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.743526][T13179] R13: 00007fa0761e6218 R14: 00007fa0761e6180 R15: 00007ffe6caee0b8
[  716.743551][T13179]  </TASK>
[  716.924662][    T9] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  717.608393][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  717.616654][    T9] usb 4-1: SerialNumber: syz
[  717.621447][ T5921] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  717.655831][ T5921] usb 5-1: config 0 has no interface number 1
[  717.663284][    T9] usb 4-1: config 0 descriptor??
[  717.687042][ T5921] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  717.819556][    T9] uvcvideo 4-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  717.852546][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  718.377167][    T9] uvcvideo 4-1:0.199: No valid video chain found.
[  718.432853][ T5921] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  718.445379][    T9] usb 4-1: USB disconnect, device number 51
[  718.509566][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  718.526131][ T5921] usb 5-1: SerialNumber: syz
[  718.537715][ T5921] usb 5-1: config 0 descriptor??
[  718.601828][ T5921] uvcvideo 5-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  718.641049][ T5921] uvcvideo 5-1:0.199: No valid video chain found.
[  718.661287][T13196] gfs2: gfs2 mount does not exist
[  718.884052][T13201] netlink: 165 bytes leftover after parsing attributes in process `syz.2.1964'.
[  719.206127][ T5820] usb 5-1: USB disconnect, device number 50
[  719.560527][ T5877] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  719.577696][T13214] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  719.592100][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  719.727217][ T5877] usb 1-1: device descriptor read/64, error -32
[  719.968985][ T5877] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  720.200058][ T5820] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  720.227245][ T5877] usb 1-1: Using ep0 maxpacket: 16
[  720.393376][ T5820] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  720.545513][ T5877] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  720.685052][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  720.696345][ T5877] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  720.707894][ T5877] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  720.717831][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  720.727527][ T5877] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 64
[  720.737329][ T5820] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  720.750269][ T5877] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  720.766219][ T5820] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  721.006111][T13245] overlayfs: overlapping lowerdir path
[  721.448229][ T5820] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  721.456290][ T5820] usb 2-1: Manufacturer: syz
[  721.506064][ T5820] usb 2-1: config 0 descriptor??
[  721.518057][ T5877] usb 1-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40
[  721.552307][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  721.576392][ T5877] usb 1-1: SerialNumber: syz
[  721.588512][T13209] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  721.599334][ T5877] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  721.623404][ T5877] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12
[  722.539711][ T5820] rc_core: IR keymap rc-hauppauge not found
[  722.552816][ T5820] Registered IR keymap rc-empty
[  722.565809][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.617227][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.641613][ T5820] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  722.789592][ T5820] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input21
[  722.836354][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.869591][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.907310][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.952596][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  722.972045][    T9] usb 1-1: USB disconnect, device number 46
[  722.988899][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.049586][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.412251][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.487237][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.563000][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.617371][ T5820] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  723.660149][ T5820] mceusb 2-1:0.0: Registered  with mce emulator interface version 1
[  723.674808][ T5820] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  723.688404][ T5820] usb 2-1: USB disconnect, device number 36
[  724.083410][T13282] netlink: 165 bytes leftover after parsing attributes in process `syz.4.1978'.
[  724.431844][T13296] overlayfs: missing 'lowerdir'
[  724.747339][ T5921] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  724.876859][ T5820] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  724.992082][T13310] FAULT_INJECTION: forcing a failure.
[  724.992082][T13310] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  725.005564][T13310] CPU: 1 UID: 0 PID: 13310 Comm: syz.3.1983 Not tainted syzkaller #0 PREEMPT(full) 
[  725.005589][T13310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  725.005600][T13310] Call Trace:
[  725.005607][T13310]  <TASK>
[  725.005614][T13310]  dump_stack_lvl+0x16c/0x1f0
[  725.005644][T13310]  should_fail_ex+0x512/0x640
[  725.005669][T13310]  _copy_to_user+0x32/0xd0
[  725.005693][T13310]  simple_read_from_buffer+0xcb/0x170
[  725.005723][T13310]  proc_fail_nth_read+0x197/0x240
[  725.005745][T13310]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  725.005772][T13310]  ? rw_verify_area+0xcf/0x6c0
[  725.005797][T13310]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  725.005817][T13310]  vfs_read+0x1e4/0xcf0
[  725.005837][T13310]  ? __pfx___mutex_lock+0x10/0x10
[  725.005854][T13310]  ? __pfx_vfs_read+0x10/0x10
[  725.005886][T13310]  ? __fget_files+0x20e/0x3c0
[  725.005911][T13310]  ksys_read+0x12a/0x250
[  725.005927][T13310]  ? __pfx_ksys_read+0x10/0x10
[  725.005951][T13310]  do_syscall_64+0xcd/0xfa0
[  725.005980][T13310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  725.005998][T13310] RIP: 0033:0x7f1c2978d9dc
[  725.006013][T13310] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  725.006029][T13310] RSP: 002b:00007f1c279f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  725.006047][T13310] RAX: ffffffffffffffda RBX: 00007f1c299e6180 RCX: 00007f1c2978d9dc
[  725.006058][T13310] RDX: 000000000000000f RSI: 00007f1c279f60a0 RDI: 0000000000000007
[  725.006068][T13310] RBP: 00007f1c279f6090 R08: 0000000000000000 R09: 0000000000000000
[  725.006078][T13310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  725.006088][T13310] R13: 00007f1c299e6218 R14: 00007f1c299e6180 R15: 00007ffd3751a488
[  725.006113][T13310]  </TASK>
[  725.240928][ T5820] usb 1-1: Using ep0 maxpacket: 8
[  725.247858][ T5820] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  725.258240][ T5820] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  725.267511][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  725.289096][ T5820] usb 1-1: Product: syz
[  725.293296][ T5820] usb 1-1: Manufacturer: syz
[  725.298029][ T5820] usb 1-1: SerialNumber: syz
[  725.306895][ T5820] usb 1-1: config 0 descriptor??
[  725.314223][ T5820] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  725.322943][ T5820] usb 1-1: setting power ON
[  725.327834][ T5820] dvb-usb: bulk message failed: -22 (2/0)
[  725.335846][ T5820] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  725.345801][ T5820] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  725.354298][ T5820] usb 1-1: media controller created
[  725.370209][ T5820] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  725.387801][ T5820] usb 1-1: selecting invalid altsetting 6
[  725.393659][ T5820] usb 1-1: digital interface selection failed (-22)
[  725.400873][ T5820] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  725.412757][ T5820] usb 1-1: setting power OFF
[  725.417922][ T5820] dvb-usb: bulk message failed: -22 (2/0)
[  725.423825][ T5820] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  725.433210][ T5820] (NULL device *): no alternate interface
[  725.455954][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  725.464388][ T5820] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  725.523170][ T5921] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  726.318919][ T5921] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  726.329062][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  726.337073][ T5921] usb 3-1: SerialNumber: syz
[  726.534566][ T5921] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  727.707224][ T5820] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  727.743929][ T5921] usb 3-1: USB disconnect, device number 45
[  728.112153][ T5820] usb 4-1: Using ep0 maxpacket: 8
[  728.119851][ T5820] usb 4-1: config 162 has an invalid interface number: 97 but max is 0
[  728.157714][    T9] usb 1-1: USB disconnect, device number 47
[  728.284150][ T5820] usb 4-1: config 162 has no interface number 0
[  728.395013][ T5820] usb 4-1: config 162 interface 97 altsetting 1 has an invalid descriptor for endpoint zero, skipping
[  728.533699][ T5820] usb 4-1: config 162 interface 97 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  728.556456][ T5820] usb 4-1: config 162 interface 97 has no altsetting 0
[  728.566300][ T5820] usb 4-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  728.576760][ T5820] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.711543][ T5820] usb 4-1: Product: syz
[  728.721608][ T5820] usb 4-1: Manufacturer: syz
[  728.736449][ T5820] usb 4-1: SerialNumber: syz
[  728.958866][ T5820] metro_usb 4-1:162.97: required endpoints missing
[  729.267181][ T5820] usb 4-1: USB disconnect, device number 52
[  729.775287][   T30] audit: type=1400 audit(1762140108.653:588): avc:  denied  { setopt } for  pid=13375 comm="syz.3.2005" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  729.784023][T13377] FAULT_INJECTION: forcing a failure.
[  729.784023][T13377] name failslab, interval 1, probability 0, space 0, times 0
[  729.884205][T13377] CPU: 0 UID: 0 PID: 13377 Comm: syz.3.2005 Not tainted syzkaller #0 PREEMPT(full) 
[  729.884222][T13377] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  729.884229][T13377] Call Trace:
[  729.884233][T13377]  <TASK>
[  729.884238][T13377]  dump_stack_lvl+0x16c/0x1f0
[  729.884259][T13377]  should_fail_ex+0x512/0x640
[  729.884272][T13377]  ? __kmalloc_noprof+0xca/0x880
[  729.884289][T13377]  should_failslab+0xc2/0x120
[  729.884301][T13377]  __kmalloc_noprof+0xdd/0x880
[  729.884315][T13377]  ? find_held_lock+0x2b/0x80
[  729.884329][T13377]  ? rds_message_alloc+0x42/0x230
[  729.884342][T13377]  ? rds_message_alloc+0x42/0x230
[  729.884351][T13377]  rds_message_alloc+0x42/0x230
[  729.884360][T13377]  rds_sendmsg+0xb54/0x31f0
[  729.884371][T13377]  ? __pfx_avc_has_perm+0x10/0x10
[  729.884385][T13377]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  729.884407][T13377]  ? __pfx_rds_sendmsg+0x10/0x10
[  729.884420][T13377]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  729.884436][T13377]  ? __import_iovec+0x1dd/0x650
[  729.884450][T13377]  ? __might_fault+0x13b/0x190
[  729.884469][T13377]  ? ____sys_sendmsg+0xa98/0xc70
[  729.884479][T13377]  ____sys_sendmsg+0xa98/0xc70
[  729.884489][T13377]  ? copy_msghdr_from_user+0x10a/0x160
[  729.884504][T13377]  ? __pfx_____sys_sendmsg+0x10/0x10
[  729.884520][T13377]  ___sys_sendmsg+0x134/0x1d0
[  729.884534][T13377]  ? __pfx____sys_sendmsg+0x10/0x10
[  729.884547][T13377]  ? __lock_acquire+0x622/0x1c90
[  729.884579][T13377]  __sys_sendmsg+0x16d/0x220
[  729.884594][T13377]  ? __pfx___sys_sendmsg+0x10/0x10
[  729.884617][T13377]  do_syscall_64+0xcd/0xfa0
[  729.884634][T13377]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  729.884645][T13377] RIP: 0033:0x7f1c2978efc9
[  729.884655][T13377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  729.884665][T13377] RSP: 002b:00007f1c2a554038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  729.884676][T13377] RAX: ffffffffffffffda RBX: 00007f1c299e6090 RCX: 00007f1c2978efc9
[  729.884683][T13377] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000009
[  729.884689][T13377] RBP: 00007f1c2a554090 R08: 0000000000000000 R09: 0000000000000000
[  729.884695][T13377] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  729.884701][T13377] R13: 00007f1c299e6128 R14: 00007f1c299e6090 R15: 00007ffd3751a488
[  729.884715][T13377]  </TASK>
[  730.247192][    T9] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  730.413607][    T9] usb 3-1: Using ep0 maxpacket: 8
[  730.421150][    T9] usb 3-1: config index 0 descriptor too short (expected 30, got 18)
[  730.431831][    T9] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  730.441221][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  730.449986][    T9] usb 3-1: Product: syz
[  730.457413][    T9] usb 3-1: Manufacturer: syz
[  730.462071][    T9] usb 3-1: SerialNumber: syz
[  730.492037][    T9] usb 3-1: config 0 descriptor??
[  730.503954][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  730.537236][    T9] usb 3-1: setting power ON
[  730.544094][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  730.557700][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  730.579183][    T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  730.587724][    T9] usb 3-1: media controller created
[  730.628639][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  730.694781][    T9] usb 3-1: selecting invalid altsetting 6
[  730.717271][    T9] usb 3-1: digital interface selection failed (-22)
[  730.732259][T13382] dvb-usb: bulk message failed: -22 (3/0)
[  730.738128][T13382] dvb-usb: bulk message failed: -22 (3/0)
[  730.744242][    T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  731.511384][    T9] usb 3-1: setting power OFF
[  731.545045][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  731.608029][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  731.647703][    T9] (NULL device *): no alternate interface
[  731.837166][ T5930] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  732.079245][ T5930] usb 4-1: Using ep0 maxpacket: 16
[  732.487369][T13395] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2010'.
[  732.773698][ T5930] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  732.806279][ T5930] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  732.831563][ T5930] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  732.837258][   T30] audit: type=1400 audit(1762140111.683:589): avc:  denied  { bind } for  pid=13402 comm="syz.4.2012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  732.841517][ T5930] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  732.870690][ T5930] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  732.886230][ T5930] usb 4-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40
[  732.895558][ T5930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  732.903685][ T5930] usb 4-1: SerialNumber: syz
[  732.913641][   T30] audit: type=1400 audit(1762140111.703:590): avc:  denied  { listen } for  pid=13402 comm="syz.4.2012" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  732.951579][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  732.992329][T13389] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  733.046120][T13404] lo speed is unknown, defaulting to 1000
[  733.117454][    T9] usb 3-1: USB disconnect, device number 46
[  733.148804][ T5930] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  733.159143][ T5930] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12
[  734.447606][    T9] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  734.568133][T13423] FAULT_INJECTION: forcing a failure.
[  734.568133][T13423] name failslab, interval 1, probability 0, space 0, times 0
[  734.595870][T13423] CPU: 0 UID: 0 PID: 13423 Comm: syz.1.2013 Not tainted syzkaller #0 PREEMPT(full) 
[  734.595895][T13423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  734.595906][T13423] Call Trace:
[  734.595913][T13423]  <TASK>
[  734.595921][T13423]  dump_stack_lvl+0x16c/0x1f0
[  734.595951][T13423]  should_fail_ex+0x512/0x640
[  734.595971][T13423]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  734.596001][T13423]  should_failslab+0xc2/0x120
[  734.596023][T13423]  kmem_cache_alloc_node_noprof+0x78/0x770
[  734.596047][T13423]  ? __alloc_skb+0x2b2/0x380
[  734.596073][T13423]  ? __alloc_skb+0x2b2/0x380
[  734.596091][T13423]  __alloc_skb+0x2b2/0x380
[  734.596111][T13423]  ? __pfx___alloc_skb+0x10/0x10
[  734.596130][T13423]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  734.596162][T13423]  pfkey_sendmsg+0x165/0x850
[  734.596193][T13423]  ____sys_sendmsg+0xa98/0xc70
[  734.596211][T13423]  ? copy_msghdr_from_user+0x10a/0x160
[  734.596233][T13423]  ? __pfx_____sys_sendmsg+0x10/0x10
[  734.596262][T13423]  ___sys_sendmsg+0x134/0x1d0
[  734.596285][T13423]  ? __pfx____sys_sendmsg+0x10/0x10
[  734.596305][T13423]  ? __lock_acquire+0x622/0x1c90
[  734.596363][T13423]  __sys_sendmsg+0x16d/0x220
[  734.596387][T13423]  ? __pfx___sys_sendmsg+0x10/0x10
[  734.596426][T13423]  do_syscall_64+0xcd/0xfa0
[  734.596454][T13423]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  734.596472][T13423] RIP: 0033:0x7fc8e078efc9
[  734.596487][T13423] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  734.596503][T13423] RSP: 002b:00007fc8e165e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  734.596521][T13423] RAX: ffffffffffffffda RBX: 00007fc8e09e6180 RCX: 00007fc8e078efc9
[  734.596532][T13423] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000005
[  734.596543][T13423] RBP: 00007fc8e165e090 R08: 0000000000000000 R09: 0000000000000000
[  734.596553][T13423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  734.596563][T13423] R13: 00007fc8e09e6218 R14: 00007fc8e09e6180 R15: 00007ffdca6389c8
[  734.596587][T13423]  </TASK>
[  734.830711][    T9] usb 5-1: Using ep0 maxpacket: 8
[  734.837825][    T9] usb 5-1: config 162 has an invalid interface number: 97 but max is 0
[  734.846079][    T9] usb 5-1: config 162 has no interface number 0
[  734.852389][    T9] usb 5-1: config 162 interface 97 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  734.862410][    T9] usb 5-1: config 162 interface 97 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  734.875450][    T9] usb 5-1: config 162 interface 97 has no altsetting 0
[  734.886364][    T9] usb 5-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  734.895693][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.904013][    T9] usb 5-1: Product: syz
[  734.908230][    T9] usb 5-1: Manufacturer: syz
[  734.912814][    T9] usb 5-1: SerialNumber: syz
[  735.262831][    T9] metro_usb 5-1:162.97: required endpoints missing
[  735.281598][    T9] usb 5-1: USB disconnect, device number 51
[  735.335539][ T5877] usb 4-1: USB disconnect, device number 53
[  735.988920][T13435] FAULT_INJECTION: forcing a failure.
[  735.988920][T13435] name failslab, interval 1, probability 0, space 0, times 0
[  736.086812][T13435] CPU: 0 UID: 0 PID: 13435 Comm: syz.0.2019 Not tainted syzkaller #0 PREEMPT(full) 
[  736.086837][T13435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  736.086849][T13435] Call Trace:
[  736.086855][T13435]  <TASK>
[  736.086862][T13435]  dump_stack_lvl+0x16c/0x1f0
[  736.086894][T13435]  should_fail_ex+0x512/0x640
[  736.086914][T13435]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  736.086945][T13435]  should_failslab+0xc2/0x120
[  736.086966][T13435]  kmem_cache_alloc_node_noprof+0x78/0x770
[  736.086992][T13435]  ? __alloc_skb+0x2b2/0x380
[  736.087018][T13435]  ? __alloc_skb+0x2b2/0x380
[  736.087042][T13435]  ? __pfx_netlink_insert+0x10/0x10
[  736.087064][T13435]  __alloc_skb+0x2b2/0x380
[  736.087085][T13435]  ? __pfx___alloc_skb+0x10/0x10
[  736.087104][T13435]  ? netlink_autobind.isra.0+0x158/0x370
[  736.087132][T13435]  netlink_alloc_large_skb+0x69/0x140
[  736.087157][T13435]  netlink_sendmsg+0x698/0xdd0
[  736.087186][T13435]  ? __pfx_netlink_sendmsg+0x10/0x10
[  736.087220][T13435]  ____sys_sendmsg+0xa98/0xc70
[  736.087238][T13435]  ? copy_msghdr_from_user+0x10a/0x160
[  736.087259][T13435]  ? __pfx_____sys_sendmsg+0x10/0x10
[  736.087288][T13435]  ___sys_sendmsg+0x134/0x1d0
[  736.087312][T13435]  ? __pfx____sys_sendmsg+0x10/0x10
[  736.087332][T13435]  ? __lock_acquire+0x622/0x1c90
[  736.087397][T13435]  __sys_sendmsg+0x16d/0x220
[  736.087419][T13435]  ? __pfx___sys_sendmsg+0x10/0x10
[  736.087458][T13435]  do_syscall_64+0xcd/0xfa0
[  736.087486][T13435]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.087504][T13435] RIP: 0033:0x7fa075f8efc9
[  736.087519][T13435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.087536][T13435] RSP: 002b:00007fa076d96038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  736.087552][T13435] RAX: ffffffffffffffda RBX: 00007fa0761e5fa0 RCX: 00007fa075f8efc9
[  736.087563][T13435] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  736.087574][T13435] RBP: 00007fa076d96090 R08: 0000000000000000 R09: 0000000000000000
[  736.087584][T13435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.087593][T13435] R13: 00007fa0761e6038 R14: 00007fa0761e5fa0 R15: 00007ffe6caee0b8
[  736.087619][T13435]  </TASK>
[  736.795658][    T9] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  738.222808][    T9] usb 5-1: config 0 has an invalid interface number: 199 but max is 1
[  738.231193][    T9] usb 5-1: config 0 has no interface number 1
[  738.332679][    T9] usb 5-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  738.348546][T13456] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  738.371972][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  738.835935][    T9] usb 5-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  738.845236][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  738.853251][    T9] usb 5-1: SerialNumber: syz
[  738.888302][    T9] usb 5-1: config 0 descriptor??
[  738.900104][    T9] uvcvideo 5-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  738.911059][   T30] audit: type=1400 audit(1762140117.743:591): avc:  denied  { create } for  pid=13454 comm="syz.3.2026" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  738.942171][    T9] uvcvideo 5-1:0.199: No valid video chain found.
[  739.088831][   T30] audit: type=1400 audit(1762140117.753:592): avc:  denied  { link } for  pid=13454 comm="syz.3.2026" name="file1" dev="ramfs" ino=44298 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  739.722352][   T30] audit: type=1400 audit(1762140117.753:593): avc:  denied  { rename } for  pid=13454 comm="syz.3.2026" name="file1" dev="overlay" ino=44298 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  739.908135][   T30] audit: type=1400 audit(1762140117.753:594): avc:  denied  { unlink } for  pid=13454 comm="syz.3.2026" name="file0" dev="overlay" ino=44298 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  739.967372][ T5877] usb 5-1: USB disconnect, device number 52
[  739.974884][   T30] audit: type=1400 audit(1762140117.753:595): avc:  denied  { setattr } for  pid=13454 comm="syz.3.2026" name="#56" dev="tmpfs" ino=2158 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[  740.135518][   T30] audit: type=1400 audit(1762140117.863:596): avc:  denied  { unmount } for  pid=5819 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  740.850181][T13480] overlayfs: missing 'lowerdir'
[  741.197392][    T9] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  741.274592][T13487] overlayfs: overlapping lowerdir path
[  742.019798][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  742.127341][T13495] xt_connbytes: Forcing CT accounting to be enabled
[  742.457244][ T5870] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  742.501230][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  742.547987][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  742.627622][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  742.690800][ T5870] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  742.727971][    T9] usb 5-1: SerialNumber: syz
[  742.907234][   T30] audit: type=1400 audit(1762140121.713:597): avc:  denied  { ioctl } for  pid=13497 comm="syz.3.2035" path="socket:[44508]" dev="sockfs" ino=44508 ioctlcmd=0x891b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  742.990752][    T9] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  743.008157][ T5870] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  743.041769][ T5870] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  743.119348][ T5870] usb 2-1: New USB device found, idVendor=7125, idProduct=a4a1, bcdDevice= 0.40
[  743.166239][ T5870] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.282344][T13515] RDS: rds_bind could not find a transport for ::ffff:10.1.1.0, load rds_tcp or rds_rdma?
[  743.292625][ T5870] usb 2-1: Product: syz
[  743.310290][ T5870] usb 2-1: Manufacturer: syz
[  743.315027][ T5870] usb 2-1: SerialNumber: syz
[  743.688158][    T9] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  743.867242][    T9] usb 4-1: Using ep0 maxpacket: 32
[  743.881544][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  743.909226][    T9] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  743.928894][    T9] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  743.952757][    T9] usb 4-1: Product: syz
[  743.964753][    T9] usb 4-1: Manufacturer: syz
[  743.978776][    T9] usb 4-1: SerialNumber: syz
[  743.993485][    T9] usb 4-1: config 0 descriptor??
[  744.087734][T13514] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  744.131994][    T9] hub 4-1:0.0: bad descriptor, ignoring hub
[  744.257862][    T9] hub 4-1:0.0: probe with driver hub failed with error -5
[  744.345026][ T5930] usb 5-1: USB disconnect, device number 53
[  744.390868][ T5921] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  744.556497][    T9] usb 4-1: USB disconnect, device number 54
[  744.567969][T13514] 9pnet_fd: Insufficient options for proto=fd
[  744.637266][ T5921] usb 1-1: Using ep0 maxpacket: 8
[  744.665684][T13528] overlayfs: overlapping lowerdir path
[  744.770353][ T5921] usb 1-1: config 162 has an invalid interface number: 97 but max is 0
[  744.824070][ T5921] usb 1-1: config 162 has no interface number 0
[  745.052766][ T5921] usb 1-1: config 162 interface 97 altsetting 1 endpoint 0x85 has invalid wMaxPacketSize 0
[  745.109948][ T5820] usb 2-1: USB disconnect, device number 37
[  745.140149][ T5921] usb 1-1: config 162 interface 97 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  745.182246][ T5921] usb 1-1: config 162 interface 97 has no altsetting 0
[  745.196851][ T5921] usb 1-1: New USB device found, idVendor=0c2e, idProduct=0700, bcdDevice=e1.3b
[  745.206489][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  745.215023][ T5921] usb 1-1: Product: syz
[  745.219608][ T5921] usb 1-1: Manufacturer: syz
[  745.224351][ T5921] usb 1-1: SerialNumber: syz
[  745.931065][ T5921] metro_usb 1-1:162.97: required endpoints missing
[  745.943891][ T5921] usb 1-1: USB disconnect, device number 48
[  745.968908][   T30] audit: type=1400 audit(1762140124.853:598): avc:  denied  { ioctl } for  pid=13541 comm="syz.1.2046" path="socket:[44568]" dev="sockfs" ino=44568 ioctlcmd=0x8901 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  745.993593][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.113517][   T30] audit: type=1400 audit(1762140124.973:599): avc:  denied  { ioctl } for  pid=13541 comm="syz.1.2046" path="socket:[44572]" dev="sockfs" ino=44572 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  746.819493][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  750.301127][T13591] FAULT_INJECTION: forcing a failure.
[  750.301127][T13591] name failslab, interval 1, probability 0, space 0, times 0
[  750.372531][T13591] CPU: 1 UID: 0 PID: 13591 Comm: syz.3.2059 Not tainted syzkaller #0 PREEMPT(full) 
[  750.372563][T13591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  750.372574][T13591] Call Trace:
[  750.372581][T13591]  <TASK>
[  750.372589][T13591]  dump_stack_lvl+0x16c/0x1f0
[  750.372622][T13591]  should_fail_ex+0x512/0x640
[  750.372646][T13591]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  750.372676][T13591]  should_failslab+0xc2/0x120
[  750.372697][T13591]  kmem_cache_alloc_noprof+0x75/0x6e0
[  750.372723][T13591]  ? vm_area_dup+0x27/0x8d0
[  750.372754][T13591]  ? vm_area_dup+0x27/0x8d0
[  750.372777][T13591]  vm_area_dup+0x27/0x8d0
[  750.372803][T13591]  __split_vma+0x18e/0x1070
[  750.372833][T13591]  ? __pfx___split_vma+0x10/0x10
[  750.372857][T13591]  ? mas_prev_setup.constprop.0+0xb6/0x9d0
[  750.372894][T13591]  ? can_vma_merge_right+0xa5/0x530
[  750.372923][T13591]  vma_modify+0x16dc/0x2030
[  750.372957][T13591]  ? __pfx_vma_modify+0x10/0x10
[  750.372991][T13591]  vma_modify_policy+0x219/0x2d0
[  750.373019][T13591]  ? __pfx_vma_modify_policy+0x10/0x10
[  750.373060][T13591]  ? find_held_lock+0x2b/0x80
[  750.373089][T13591]  mbind_range+0x175/0x570
[  750.373118][T13591]  __do_sys_set_mempolicy_home_node+0x44c/0x770
[  750.373152][T13591]  ? __pfx___do_sys_set_mempolicy_home_node+0x10/0x10
[  750.373201][T13591]  do_syscall_64+0xcd/0xfa0
[  750.373231][T13591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  750.373249][T13591] RIP: 0033:0x7f1c2978efc9
[  750.373264][T13591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  750.373281][T13591] RSP: 002b:00007f1c2a575038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c2
[  750.373298][T13591] RAX: ffffffffffffffda RBX: 00007f1c299e5fa0 RCX: 00007f1c2978efc9
[  750.373310][T13591] RDX: 0000000000000000 RSI: 0000000000001000 RDI: 0000200000fff000
[  750.373321][T13591] RBP: 00007f1c2a575090 R08: 0000000000000000 R09: 0000000000000000
[  750.373331][T13591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  750.373342][T13591] R13: 00007f1c299e6038 R14: 00007f1c299e5fa0 R15: 00007ffd3751a488
[  750.373369][T13591]  </TASK>
[  750.764602][T13608] Bluetooth: MGMT ver 1.23
[  750.777195][   T30] audit: type=1400 audit(1762140129.653:600): avc:  denied  { read } for  pid=13597 comm="syz.3.2063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  753.425078][T13621] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  754.046024][   T30] audit: type=1400 audit(1762140132.293:601): avc:  denied  { getopt } for  pid=13617 comm="syz.2.2066" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  754.220562][T13625] netlink: 165 bytes leftover after parsing attributes in process `syz.0.2067'.
[  755.724349][ T5921] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  755.997197][ T5921] usb 3-1: config 0 has an invalid interface number: 199 but max is 1
[  756.005395][ T5921] usb 3-1: config 0 has no interface number 1
[  756.037176][ T5921] usb 3-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  756.287210][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  756.330219][ T5921] usb 3-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  756.347189][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  756.359501][ T5921] usb 3-1: SerialNumber: syz
[  756.370948][ T5921] usb 3-1: config 0 descriptor??
[  756.389844][ T5921] uvcvideo 3-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  756.432747][ T5921] uvcvideo 3-1:0.199: No valid video chain found.
[  756.602693][ T5921] usb 3-1: USB disconnect, device number 47
[  756.628244][   T30] audit: type=1326 audit(1762140135.483:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13647 comm="syz.0.2073" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa075f8efc9 code=0x0
[  757.799096][   T30] audit: type=1400 audit(1762140136.663:603): avc:  denied  { name_bind } for  pid=13651 comm="syz.1.2075" src=65530 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=rawip_socket permissive=1
[  760.066028][T13676] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13676 comm=syz.4.2080
[  760.267534][    T9] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  761.547636][    T9] usb 3-1: Using ep0 maxpacket: 16
[  762.048526][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  762.075153][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  762.085058][    T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  762.119767][    T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  763.272937][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  763.507252][ T5930] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  764.111455][ T5820] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  764.217187][ T5930] usb 1-1: Using ep0 maxpacket: 8
[  764.373591][ T5930] usb 1-1: config 4 has an invalid interface number: 65 but max is 0
[  764.478008][ T5930] usb 1-1: config 4 has no interface number 0
[  764.487472][    T9] usb 3-1: string descriptor 0 read error: -71
[  764.499667][ T5930] usb 1-1: config 4 interface 65 has no altsetting 0
[  764.528111][    T9] usb 3-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40
[  764.542909][ T5930] usb 1-1: New USB device found, idVendor=0ace, idProduct=1611, bcdDevice=2c.3d
[  764.557250][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  764.570891][ T5930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  764.582936][    T9] usb 3-1: can't set config #1, error -71
[  764.591445][ T5930] usb 1-1: Product: syz
[  764.608483][ T5930] usb 1-1: Manufacturer: syz
[  764.615254][    T9] usb 3-1: USB disconnect, device number 48
[  764.625612][ T5930] usb 1-1: SerialNumber: syz
[  765.361875][   T30] audit: type=1400 audit(1762140144.223:604): avc:  denied  { name_connect } for  pid=13695 comm="syz.2.2087" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  766.418258][ T5930] cdc_acm 1-1:4.65: Zero length descriptor references
[  766.455734][ T5930] cdc_acm 1-1:4.65: probe with driver cdc_acm failed with error -22
[  766.839084][T13723] FAULT_INJECTION: forcing a failure.
[  766.839084][T13723] name failslab, interval 1, probability 0, space 0, times 0
[  766.851930][T13723] CPU: 1 UID: 0 PID: 13723 Comm: syz.0.2092 Not tainted syzkaller #0 PREEMPT(full) 
[  766.851955][T13723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  766.851966][T13723] Call Trace:
[  766.851973][T13723]  <TASK>
[  766.851980][T13723]  dump_stack_lvl+0x16c/0x1f0
[  766.852013][T13723]  should_fail_ex+0x512/0x640
[  766.852035][T13723]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  766.852066][T13723]  should_failslab+0xc2/0x120
[  766.852087][T13723]  kmem_cache_alloc_node_noprof+0x78/0x770
[  766.852114][T13723]  ? __alloc_skb+0x2b2/0x380
[  766.852142][T13723]  ? __alloc_skb+0x2b2/0x380
[  766.852161][T13723]  ? __pfx_netlink_insert+0x10/0x10
[  766.852185][T13723]  __alloc_skb+0x2b2/0x380
[  766.852206][T13723]  ? __pfx___alloc_skb+0x10/0x10
[  766.852228][T13723]  ? netlink_autobind.isra.0+0x158/0x370
[  766.852261][T13723]  netlink_alloc_large_skb+0x69/0x140
[  766.852288][T13723]  netlink_sendmsg+0x698/0xdd0
[  766.852319][T13723]  ? __pfx_netlink_sendmsg+0x10/0x10
[  766.852355][T13723]  ____sys_sendmsg+0xa98/0xc70
[  766.852374][T13723]  ? copy_msghdr_from_user+0x10a/0x160
[  766.852397][T13723]  ? __pfx_____sys_sendmsg+0x10/0x10
[  766.852426][T13723]  ___sys_sendmsg+0x134/0x1d0
[  766.852452][T13723]  ? __pfx____sys_sendmsg+0x10/0x10
[  766.852478][T13723]  ? __lock_acquire+0x622/0x1c90
[  766.852539][T13723]  __sys_sendmsg+0x16d/0x220
[  766.852563][T13723]  ? __pfx___sys_sendmsg+0x10/0x10
[  766.852604][T13723]  do_syscall_64+0xcd/0xfa0
[  766.852633][T13723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.852652][T13723] RIP: 0033:0x7fa075f8efc9
[  766.852667][T13723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  766.852684][T13723] RSP: 002b:00007fa076d75038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  766.852702][T13723] RAX: ffffffffffffffda RBX: 00007fa0761e6090 RCX: 00007fa075f8efc9
[  766.852713][T13723] RDX: 0000000000000000 RSI: 0000200000004340 RDI: 0000000000000004
[  766.852724][T13723] RBP: 00007fa076d75090 R08: 0000000000000000 R09: 0000000000000000
[  766.852733][T13723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.852744][T13723] R13: 00007fa0761e6128 R14: 00007fa0761e6090 R15: 00007ffe6caee0b8
[  766.852769][T13723]  </TASK>
[  766.852816][   T30] audit: type=1400 audit(1762140145.723:605): avc:  denied  { accept } for  pid=13720 comm="syz.0.2092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  767.105303][    C1] vkms_vblank_simulate: vblank timer overrun
[  767.338870][ T5930] usb 1-1: USB disconnect, device number 49
[  767.571900][T13731] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2095'.
[  768.698889][T13754] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13754 comm=syz.0.2101
[  769.312616][ T5930] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  769.327231][ T5820] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  769.477553][ T5930] usb 3-1: Using ep0 maxpacket: 32
[  769.487212][ T5930] usb 3-1: config 0 has an invalid interface number: 136 but max is 0
[  769.495623][ T5930] usb 3-1: config 0 has no interface number 0
[  769.506963][ T5930] usb 3-1: New USB device found, idVendor=06a5, idProduct=d001, bcdDevice=fe.bb
[  769.507138][ T5820] usb 2-1: Using ep0 maxpacket: 8
[  769.516377][ T5930] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  769.523169][ T5820] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  769.529476][ T5930] usb 3-1: Product: syz
[  769.538353][ T5820] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  769.541963][ T5930] usb 3-1: Manufacturer: syz
[  769.541983][ T5930] usb 3-1: SerialNumber: syz
[  769.548679][ T5930] usb 3-1: config 0 descriptor??
[  769.552441][ T5820] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  769.560071][ T5930] gspca_main: nw80x-2.14.0 probing 06a5:d001
[  769.561222][ T5820] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  769.591738][ T5820] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  769.604844][ T5877] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  769.607502][ T5863] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  769.612593][ T5820] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  769.631066][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.767477][ T5863] usb 1-1: Using ep0 maxpacket: 8
[  769.779580][ T5863] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  769.783001][ T5877] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  769.796625][ T5877] usb 4-1: config 0 has no interface number 1
[  769.801505][ T5863] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  769.804820][ T5877] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  769.823206][ T5877] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  769.827847][ T5863] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  769.836682][ T5877] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  769.843872][ T5863] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  769.863171][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  769.863198][ T5877] usb 4-1: SerialNumber: syz
[  769.868839][ T5820] usb 2-1: usb_control_msg returned -32
[  769.873715][T13765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2105'.
[  769.877311][ T5877] usb 4-1: config 0 descriptor??
[  769.898455][ T5820] usbtmc 2-1:16.0: can't read capabilities
[  769.901492][ T5863] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  769.921656][ T5863] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  769.928344][ T5877] uvcvideo 4-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  769.931351][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.946681][ T5877] uvcvideo 4-1:0.199: No valid video chain found.
[  770.166453][ T5863] usb 1-1: usb_control_msg returned -32
[  770.173359][ T5863] usbtmc 1-1:16.0: can't read capabilities
[  770.196810][    T9] usb 4-1: USB disconnect, device number 56
[  770.205248][T13744] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2098'.
[  770.222510][ T5930] gspca_nw80x: reg_w err -71
[  770.717003][ T5930] nw80x 3-1:0.136: probe with driver nw80x failed with error -71
[  770.734009][ T5930] usb 3-1: USB disconnect, device number 49
[  771.093525][T13778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  771.141018][T13778] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  771.203703][T13778] usbtmc 2-1:16.0: usb_control_msg returned -71
[  771.204598][ T5820] usb 2-1: USB disconnect, device number 38
[  771.397221][ T5930] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  771.452975][T13785] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  771.459522][T13785] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  771.478776][T13785] vhci_hcd vhci_hcd.0: Device attached
[  771.569145][ T5930] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  771.579249][ T5930] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  771.624499][ T5930] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  771.687557][T13787] vhci_hcd: connection closed
[  771.691488][ T9114] vhci_hcd: stop threads
[  771.720038][ T9114] vhci_hcd: release socket
[  771.724683][ T9114] vhci_hcd: disconnect device
[  771.729400][ T5930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  771.740170][ T5930] usb 5-1: SerialNumber: syz
[  771.757204][ T5927] usb 40-1: enqueue for inactive port 0
[  771.770648][ T5930] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  772.260409][ T5927] usb usb40-port1: attempt power cycle
[  772.388114][ T5921] usb 1-1: USB disconnect, device number 50
[  772.957584][T13799] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  772.964138][T13799] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  772.983358][T13807] FAULT_INJECTION: forcing a failure.
[  772.983358][T13807] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  773.152195][T13807] CPU: 1 UID: 0 PID: 13807 Comm: syz.1.2111 Not tainted syzkaller #0 PREEMPT(full) 
[  773.152220][T13807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  773.152230][T13807] Call Trace:
[  773.152236][T13807]  <TASK>
[  773.152243][T13807]  dump_stack_lvl+0x16c/0x1f0
[  773.152272][T13807]  should_fail_ex+0x512/0x640
[  773.152296][T13807]  _copy_to_user+0x32/0xd0
[  773.152318][T13807]  simple_read_from_buffer+0xcb/0x170
[  773.152347][T13807]  proc_fail_nth_read+0x197/0x240
[  773.152368][T13807]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  773.152390][T13807]  ? rw_verify_area+0xcf/0x6c0
[  773.152420][T13807]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  773.152437][T13807]  vfs_read+0x1e4/0xcf0
[  773.152457][T13807]  ? __pfx___mutex_lock+0x10/0x10
[  773.152472][T13807]  ? __pfx_vfs_read+0x10/0x10
[  773.152493][T13807]  ? __fget_files+0x20e/0x3c0
[  773.152518][T13807]  ksys_read+0x12a/0x250
[  773.152535][T13807]  ? __pfx_ksys_read+0x10/0x10
[  773.152559][T13807]  do_syscall_64+0xcd/0xfa0
[  773.152589][T13807]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  773.152606][T13807] RIP: 0033:0x7fc8e078d9dc
[  773.152620][T13807] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  773.152636][T13807] RSP: 002b:00007fc8e165e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  773.152654][T13807] RAX: ffffffffffffffda RBX: 00007fc8e09e6180 RCX: 00007fc8e078d9dc
[  773.152665][T13807] RDX: 000000000000000f RSI: 00007fc8e165e0a0 RDI: 000000000000000d
[  773.152676][T13807] RBP: 00007fc8e165e090 R08: 0000000000000000 R09: 0000000000000000
[  773.152686][T13807] R10: 00000000000001ef R11: 0000000000000246 R12: 0000000000000001
[  773.152700][T13807] R13: 00007fc8e09e6218 R14: 00007fc8e09e6180 R15: 00007ffdca6389c8
[  773.152723][T13807]  </TASK>
[  773.157245][T13808] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13808 comm=syz.0.2114
[  773.227324][T13799] vhci_hcd vhci_hcd.0: Device attached
[  773.295131][ T5927] usb usb40-port1: unable to enumerate USB device
[  773.714049][T13813] netlink: 165 bytes leftover after parsing attributes in process `syz.2.2115'.
[  773.847515][ T5877] usb 36-1: SetAddress Request (2) to port 0
[  773.893602][ T5877] usb 36-1: new SuperSpeed USB device number 2 using vhci_hcd
[  774.060756][ T5863] usb 5-1: USB disconnect, device number 54
[  774.158565][T13820] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  775.127182][ T5927] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  775.286721][T13802] vhci_hcd: connection reset by peer
[  775.292498][ T1101] vhci_hcd: stop threads
[  775.296864][ T1101] vhci_hcd: release socket
[  775.304825][ T1101] vhci_hcd: disconnect device
[  775.307284][ T5863] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  775.332551][ T5927] usb 4-1: config 0 has an invalid interface number: 199 but max is 1
[  775.476630][ T5927] usb 4-1: config 0 has no interface number 1
[  776.042886][ T5927] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  776.052864][ T5927] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  776.677287][ T5863] usb 1-1: Using ep0 maxpacket: 16
[  776.688224][T13836] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2122'.
[  776.804305][ T5927] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00
[  776.872943][ T5863] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  776.887841][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  777.285308][ T5927] usb 4-1: SerialNumber: syz
[  777.290023][ T5863] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  777.955926][T13850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2123'.
[  778.267612][ T5863] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  778.279388][ T5863] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576
[  778.289448][ T5863] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  778.307992][ T5927] usb 4-1: config 0 descriptor??
[  778.317364][ T5927] uvcvideo 4-1:0.199: Found UVC 0.00 device <unnamed> (0002:0000)
[  778.328271][ T5927] uvcvideo 4-1:0.199: No valid video chain found.
[  779.446568][ T5877] usb 36-1: device descriptor read/8, error -110
[  780.353883][T13855] netlink: 134788 bytes leftover after parsing attributes in process `syz.4.2127'.
[  780.873643][ T5927] usb 4-1: USB disconnect, device number 57
[  781.414494][ T5877] usb usb36-port1: attempt power cycle
[  782.678519][T13864] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=13864 comm=syz.2.2128
[  782.929023][ T5863] usb 1-1: string descriptor 0 read error: -71
[  782.935813][ T5863] usb 1-1: New USB device found, idVendor=0505, idProduct=a4a1, bcdDevice= 0.40
[  782.954931][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  782.980370][ T5863] usb 1-1: can't set config #1, error -71
[  782.995758][ T5863] usb 1-1: USB disconnect, device number 51
[  783.079823][ T5877] usb usb36-port1: unable to enumerate USB device
[  784.275070][   T30] audit: type=1400 audit(1762140162.383:606): avc:  denied  { module_load } for  pid=13865 comm="syz.4.2131" path="/sys/power/wakeup_count" dev="sysfs" ino=1413 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  785.799880][T13900] ==================================================================
[  785.807954][T13900] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[  785.815916][T13900] Read of size 8 at addr ffff888057aa3230 by task syz.3.2138/13900
[  785.823798][T13900] 
[  785.826111][T13900] CPU: 1 UID: 0 PID: 13900 Comm: syz.3.2138 Not tainted syzkaller #0 PREEMPT(full) 
[  785.826125][T13900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  785.826132][T13900] Call Trace:
[  785.826137][T13900]  <TASK>
[  785.826141][T13900]  dump_stack_lvl+0x116/0x1f0
[  785.826162][T13900]  print_report+0xcd/0x630
[  785.826175][T13900]  ? __virt_addr_valid+0x81/0x610
[  785.826192][T13900]  ? __phys_addr+0xe8/0x180
[  785.826207][T13900]  ? sysfs_remove_file_ns+0x63/0x70
[  785.826220][T13900]  kasan_report+0xe0/0x110
[  785.826232][T13900]  ? sysfs_remove_file_ns+0x63/0x70
[  785.826245][T13900]  sysfs_remove_file_ns+0x63/0x70
[  785.826256][T13900]  driver_remove_file+0x4a/0x60
[  785.826270][T13900]  bus_remove_driver+0x224/0x2c0
[  785.826286][T13900]  driver_unregister+0x76/0xb0
[  785.826298][T13900]  comedi_device_detach_locked+0x12f/0xa50
[  785.826314][T13900]  do_devconfig_ioctl+0x555/0x710
[  785.826329][T13900]  ? __mutex_lock+0x1c5/0x1060
[  785.826345][T13900]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  785.826365][T13900]  ? find_held_lock+0x2b/0x80
[  785.826380][T13900]  comedi_unlocked_ioctl+0x165d/0x2f00
[  785.826393][T13900]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  785.826405][T13900]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  785.826420][T13900]  ? do_vfs_ioctl+0x128/0x14f0
[  785.826435][T13900]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  785.826451][T13900]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  785.826467][T13900]  ? hook_file_ioctl_common+0x145/0x410
[  785.826484][T13900]  ? selinux_file_ioctl+0x180/0x270
[  785.826495][T13900]  ? selinux_file_ioctl+0xb4/0x270
[  785.826506][T13900]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  785.826517][T13900]  __x64_sys_ioctl+0x18e/0x210
[  785.826533][T13900]  do_syscall_64+0xcd/0xfa0
[  785.826549][T13900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  785.826561][T13900] RIP: 0033:0x7f1c2978efc9
[  785.826571][T13900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  785.826582][T13900] RSP: 002b:00007f1c2a554038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  785.826593][T13900] RAX: ffffffffffffffda RBX: 00007f1c299e6090 RCX: 00007f1c2978efc9
[  785.826600][T13900] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 000000000000000b
[  785.826607][T13900] RBP: 00007f1c29811f91 R08: 0000000000000000 R09: 0000000000000000
[  785.826613][T13900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  785.826620][T13900] R13: 00007f1c299e6128 R14: 00007f1c299e6090 R15: 00007ffd3751a488
[  785.826631][T13900]  </TASK>
[  785.826634][T13900] 
[  786.078025][T13900] Allocated by task 6054:
[  786.082324][T13900]  kasan_save_stack+0x33/0x60
[  786.086978][T13900]  kasan_save_track+0x14/0x30
[  786.091626][T13900]  __kasan_kmalloc+0xaa/0xb0
[  786.096191][T13900]  bus_add_driver+0x92/0x690
[  786.100765][T13900]  driver_register+0x15c/0x4b0
[  786.105515][T13900]  c6xdigio_attach+0xa3/0x4b0
[  786.110178][T13900]  comedi_device_attach+0x3b3/0x900
[  786.115363][T13900]  do_devconfig_ioctl+0x1b1/0x710
[  786.120365][T13900]  comedi_unlocked_ioctl+0x165d/0x2f00
[  786.125796][T13900]  __x64_sys_ioctl+0x18e/0x210
[  786.130545][T13900]  do_syscall_64+0xcd/0xfa0
[  786.135042][T13900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.140905][T13900] 
[  786.143200][T13900] Freed by task 13621:
[  786.147235][T13900]  kasan_save_stack+0x33/0x60
[  786.151886][T13900]  kasan_save_track+0x14/0x30
[  786.156628][T13900]  __kasan_save_free_info+0x3b/0x60
[  786.161801][T13900]  __kasan_slab_free+0x5f/0x80
[  786.166548][T13900]  kfree+0x2b8/0x6d0
[  786.170415][T13900]  kobject_put+0x1e7/0x5a0
[  786.174812][T13900]  bus_remove_driver+0x16e/0x2c0
[  786.179727][T13900]  driver_unregister+0x76/0xb0
[  786.184471][T13900]  comedi_device_detach_locked+0x12f/0xa50
[  786.190291][T13900]  do_devconfig_ioctl+0x555/0x710
[  786.195387][T13900]  comedi_unlocked_ioctl+0x165d/0x2f00
[  786.200816][T13900]  __x64_sys_ioctl+0x18e/0x210
[  786.205562][T13900]  do_syscall_64+0xcd/0xfa0
[  786.210064][T13900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.215931][T13900] 
[  786.218237][T13900] The buggy address belongs to the object at ffff888057aa3200
[  786.218237][T13900]  which belongs to the cache kmalloc-256 of size 256
[  786.232272][T13900] The buggy address is located 48 bytes inside of
[  786.232272][T13900]  freed 256-byte region [ffff888057aa3200, ffff888057aa3300)
[  786.245958][T13900] 
[  786.248349][T13900] The buggy address belongs to the physical page:
[  786.254744][T13900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888057aa3200 pfn:0x57aa2
[  786.264782][T13900] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  786.273256][T13900] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[  786.281733][T13900] page_type: f5(slab)
[  786.285702][T13900] raw: 00fff00000000240 ffff88813ffa6b40 ffffea0001e8a810 ffffea0000b2c410
[  786.294305][T13900] raw: ffff888057aa3200 000000000010000a 00000000f5000000 0000000000000000
[  786.302859][T13900] head: 00fff00000000240 ffff88813ffa6b40 ffffea0001e8a810 ffffea0000b2c410
[  786.311501][T13900] head: ffff888057aa3200 000000000010000a 00000000f5000000 0000000000000000
[  786.320162][T13900] head: 00fff00000000001 ffffea00015ea881 00000000ffffffff 00000000ffffffff
[  786.328812][T13900] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  786.337450][T13900] page dumped because: kasan: bad access detected
[  786.343836][T13900] page_owner tracks the page as allocated
[  786.349526][T13900] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5811, tgid 5811 (syz-executor), ts 61859745963, free_ts 15600792773
[  786.370871][T13900]  post_alloc_hook+0x1c0/0x230
[  786.375613][T13900]  get_page_from_freelist+0x10a3/0x3a30
[  786.381136][T13900]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  786.387015][T13900]  alloc_pages_mpol+0x1fb/0x550
[  786.391838][T13900]  new_slab+0x24a/0x360
[  786.395981][T13900]  ___slab_alloc+0xdae/0x1a60
[  786.400630][T13900]  __slab_alloc.constprop.0+0x63/0x110
[  786.406063][T13900]  __kmalloc_cache_noprof+0x477/0x780
[  786.411410][T13900]  ____ip_mc_inc_group+0x403/0x10f0
[  786.416596][T13900]  ip_mc_up+0x154/0x3b0
[  786.420727][T13900]  inetdev_event+0xafb/0x18a0
[  786.425373][T13900]  notifier_call_chain+0xbc/0x410
[  786.430371][T13900]  call_netdevice_notifiers_info+0xbe/0x140
[  786.436239][T13900]  __dev_notify_flags+0x12c/0x2e0
[  786.441242][T13900]  netif_change_flags+0x108/0x160
[  786.446252][T13900]  do_setlink.constprop.0+0xb53/0x4380
[  786.451697][T13900] page last free pid 1 tgid 1 stack trace:
[  786.457474][T13900]  __free_frozen_pages+0x7df/0x1160
[  786.462657][T13900]  free_contig_range+0x183/0x4b0
[  786.467578][T13900]  destroy_args+0xb69/0x12e0
[  786.472153][T13900]  debug_vm_pgtable+0x1a32/0x3640
[  786.477150][T13900]  do_one_initcall+0x123/0x6e0
[  786.481890][T13900]  kernel_init_freeable+0x5c8/0x920
[  786.487062][T13900]  kernel_init+0x1c/0x2b0
[  786.491378][T13900]  ret_from_fork+0x675/0x7d0
[  786.495953][T13900]  ret_from_fork_asm+0x1a/0x30
[  786.500695][T13900] 
[  786.502994][T13900] Memory state around the buggy address:
[  786.508594][T13900]  ffff888057aa3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  786.516640][T13900]  ffff888057aa3180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  786.524674][T13900] >ffff888057aa3200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  786.532704][T13900]                                      ^
[  786.538308][T13900]  ffff888057aa3280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  786.546355][T13900]  ffff888057aa3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  786.554384][T13900] ==================================================================
[  786.563306][T13900] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  786.570498][T13900] CPU: 1 UID: 0 PID: 13900 Comm: syz.3.2138 Not tainted syzkaller #0 PREEMPT(full) 
[  786.579856][T13900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  786.589891][T13900] Call Trace:
[  786.593146][T13900]  <TASK>
[  786.596053][T13900]  dump_stack_lvl+0x3d/0x1f0
[  786.600624][T13900]  vpanic+0x640/0x6f0
[  786.604597][T13900]  panic+0xca/0xd0
[  786.608297][T13900]  ? __pfx_panic+0x10/0x10
[  786.612699][T13900]  check_panic_on_warn+0xab/0xb0
[  786.617613][T13900]  end_report+0x107/0x170
[  786.621928][T13900]  kasan_report+0xee/0x110
[  786.626317][T13900]  ? sysfs_remove_file_ns+0x63/0x70
[  786.631496][T13900]  sysfs_remove_file_ns+0x63/0x70
[  786.636504][T13900]  driver_remove_file+0x4a/0x60
[  786.641336][T13900]  bus_remove_driver+0x224/0x2c0
[  786.646254][T13900]  driver_unregister+0x76/0xb0
[  786.650988][T13900]  comedi_device_detach_locked+0x12f/0xa50
[  786.656769][T13900]  do_devconfig_ioctl+0x555/0x710
[  786.661767][T13900]  ? __mutex_lock+0x1c5/0x1060
[  786.666513][T13900]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  786.672035][T13900]  ? find_held_lock+0x2b/0x80
[  786.676687][T13900]  comedi_unlocked_ioctl+0x165d/0x2f00
[  786.682116][T13900]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  786.687904][T13900]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  786.693772][T13900]  ? do_vfs_ioctl+0x128/0x14f0
[  786.698509][T13900]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  786.703505][T13900]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  786.710413][T13900]  ? hook_file_ioctl_common+0x145/0x410
[  786.715931][T13900]  ? selinux_file_ioctl+0x180/0x270
[  786.721110][T13900]  ? selinux_file_ioctl+0xb4/0x270
[  786.726192][T13900]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  786.731967][T13900]  __x64_sys_ioctl+0x18e/0x210
[  786.736715][T13900]  do_syscall_64+0xcd/0xfa0
[  786.741194][T13900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  786.747059][T13900] RIP: 0033:0x7f1c2978efc9
[  786.751454][T13900] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  786.771034][T13900] RSP: 002b:00007f1c2a554038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  786.779416][T13900] RAX: ffffffffffffffda RBX: 00007f1c299e6090 RCX: 00007f1c2978efc9
[  786.787358][T13900] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 000000000000000b
[  786.795315][T13900] RBP: 00007f1c29811f91 R08: 0000000000000000 R09: 0000000000000000
[  786.803261][T13900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  786.811205][T13900] R13: 00007f1c299e6128 R14: 00007f1c299e6090 R15: 00007ffd3751a488
[  786.819158][T13900]  </TASK>
[  786.822402][T13900] Kernel Offset: disabled
[  786.826697][T13900] Rebooting in 86400 seconds..