last executing test programs:

15m28.366722516s ago: executing program 0 (id=1437):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x7, 0x7ffc0001}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0xac, 0x1, 0xe, 0x7ffffffe}]})

15m27.851826895s ago: executing program 0 (id=1442):
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0xfffffffc, 0x0, r1}, &(0x7f0000000600)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0xacf, 0x78c, 0x8, 0x0, 0x0)
r5 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0)
readv(r5, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)

15m26.504435825s ago: executing program 0 (id=1444):
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa)
syz_clone(0x2004011, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0xf0ffff, 0x2)

15m24.850730258s ago: executing program 0 (id=1449):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$sndctrl(&(0x7f0000000180), 0xb, 0x121841)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f00000001c0)={{0x2, 0x5, 0x7, 0xff, 'syz0\x00', 0xffe0}, 0x1, [0x0, 0x3, 0x8001, 0x0, 0xb1a4, 0xaf8c, 0x6, 0xb, 0x70c, 0x7, 0x5, 0x7, 0xfffffffffffffffa, 0x80000000401, 0x2, 0x2, 0x2, 0x3, 0x6, 0xfffffffffffffffd, 0x9, 0xfffffffffffffffc, 0x1, 0x101, 0x8000000000000001, 0x3, 0x7, 0x0, 0x100000001, 0x8, 0xa, 0x9, 0x6, 0x6, 0xfff, 0x1, 0x4, 0x8, 0xc28a, 0x4, 0x0, 0xa5a, 0x3, 0x400000000, 0x2, 0xffffffff, 0x1, 0x208, 0xa2e, 0x10, 0x4, 0x2, 0xc, 0xfffffffffffffffb, 0x3, 0x5, 0x0, 0x0, 0x3, 0x8, 0x6, 0x6, 0x7fffffff, 0x400, 0x6, 0x8, 0x7, 0x8, 0x3, 0xff, 0x6d6, 0x0, 0x3, 0x7, 0xffffffffffffffbe, 0x60, 0x19, 0x7, 0x101, 0x2, 0xffffffffffffff66, 0x3, 0x1, 0x6, 0x5e, 0xaf, 0x2, 0x0, 0x6, 0x5, 0x3, 0x3, 0xd, 0x7, 0x5b9, 0x2000000, 0x10000000000004, 0x89b7, 0x946, 0x800, 0xffffffffcb5b2d7d, 0x3, 0xc3f, 0x5, 0x4, 0x4fbcc26, 0x3, 0x5, 0x1, 0x7, 0x1, 0x8001, 0xfffffffffffffffe, 0x7, 0x5, 0x89, 0x2, 0xf8b, 0x8, 0x80, 0x4, 0x7, 0xb11, 0xaf, 0x5, 0x1, 0xd, 0xfffffffffffffffa]})
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r2, 0xc0405665, &(0x7f0000000040)={0x50dd, 0x2, 0x7, 0x0, 0x4, 0x1})
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
r4 = syz_clone(0x4000000, &(0x7f00000001c0)="d864efcc1e5b21b666a527fda736a2b0a169e3122f92477fb58714a7c3efc4c9df14869503bd69839c75c85b39c5e74d9ec436deaa58180951146c60db82047d4553e84b1d57290ab3bf047d41897535c299948a0eb867865fee69669f3205667f2bee3d73d0f0c3e25ba2c9a89c5c8834fe0f6d4df3c568444772e88e31a54a0380552f8879dc5f3b52ecf172e0cafe65205cfc602c620dac1c44c2a85c0c6ef086d4315bbbf9500998b5c265466cfb58cf6b1371e85f497e78b36f27badcef3d05d7e4d672fcbf932a845dae03ded99847ebfb519a04a91f159a6bbb7b253cb0c1423119c8c5fc5adc49", 0xeb, &(0x7f0000000000), &(0x7f00000000c0), &(0x7f0000000100)="cc2f899de35006286d156a0b91d9f1683980338fdcbc521a8591e5523850463ef02cda69e698e47321c183d72330c768cd4da5a8641ca2721ec3690b809c")
ptrace$ARCH_SET_GS(0x1e, r4, &(0x7f0000000140), 0x1001)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
clock_gettime(0xa, 0x0)
ioperm(0x7, 0x8000000000000000, 0x2)
mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000042000/0x1000)=nil)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_WPAN_PHY_NETNS(r5, &(0x7f0000000800)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)={0x20, r6, 0x0, 0x70bd2c, 0x25dfdbfe, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x3}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000001)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
r7 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x9c0e, 0x10100}, &(0x7f0000000000)=<r8=>0x0, &(0x7f00000001c0)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r7, 0x2df0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$MSR(&(0x7f00000006c0), 0x3, 0x0)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000080)={0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x0)

15m23.952303552s ago: executing program 0 (id=1451):
syz_open_dev$admmidi(0x0, 0x20, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x1)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r2, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'})
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000540)={[], [{@euid_eq}, {@context={'context', 0x3d, 'staff_u'}}], 0x2f})
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x100, 0x20)
getdents64(r4, &(0x7f0000000100)=""/58, 0x3a)

15m21.529966066s ago: executing program 0 (id=1456):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x51, 0x1, 0x2, "6040a7170200ff0120000000fcff00ff1057e31e940000000000000000aeff00", 0x34343459})
unshare(0x42000000)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r5, {}, 0x2, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r5, 0x8004745a, &(0x7f0000000ac0))
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, 0x0, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@my=0x0})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, &(0x7f0000000180)={@any, 0x2})
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000080)=0x4)

15m6.353071855s ago: executing program 32 (id=1456):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000040)=0x90000)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, 0x0, 0x0)
rseq(&(0x7f0000000240)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000000c0)={0x51, 0x1, 0x2, "6040a7170200ff0120000000fcff00ff1057e31e940000000000000000aeff00", 0x34343459})
unshare(0x42000000)
socket$inet6_udp(0xa, 0x2, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r4, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xa}}, 0x2}}, 0x2e)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r5, {}, 0x2, 0x4}}, 0x26)
ioctl$PPPIOCGL2TPSTATS(r5, 0x8004745a, &(0x7f0000000ac0))
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt$IP_VS_SO_GET_DAEMON(r6, 0x0, 0x487, 0x0, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000240)={@my=0x0})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r0, 0x7b0, &(0x7f0000000180)={@any, 0x2})
r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_DEFER_SETUP(r7, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000080)=0x4)

8m30.791278916s ago: executing program 1 (id=2790):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x1d0) (async)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) (async)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='mountinfo\x00') (async)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0x80000009}) (async)
mount$9p_unix(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x5ba21, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85513, &(0x7f0000000b00)={{0x2, 0x4}, 0x0, [0x400000, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xc6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x800, 0x6, 0x81, 0x4, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf5, 0x0, 0x0, 0xd4e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8838, 0x0, 0x0, 0x4, 0x0, 0x2, 0x0, 0x3, 0x800000000000000, 0x20000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, 0x0, 0x40, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x9]}) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) (async)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e) (async)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(0x0, 0x0) (async)
r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00]) (async)
read$FUSE(r6, &(0x7f0000003440)={0x2020}, 0x2020)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0x3) (async)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)

8m29.8117396s ago: executing program 1 (id=2792):
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
getpid() (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, 0x0, 0x4000014)
socket$l2tp(0x2, 0x2, 0x73)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000000)='smb3\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="050300000000000000000700000008000300", @ANYRES32=0x0, @ANYBLOB="e4d0edabdf8c9b481836bcd1899c21e49bc38a1548245599e4229fa6197d1985e673d589e010387e7af1e057d607edc3132e118f34348e178142619cbb4e0a6e1309339ce4f4f64ffb8358c16415f7a8b3dd1d187706a22a31407506e2d5fca1322064e6c55553f62f0fe7ec35510610fd922a3c951d5295d2adce7d54ab93add6f356f0e04c361eddab9c16870655850ebbcf7a2126d7e3b9a7633079c8ea82bd2f2ee3cf58245ec424ffbde7759d3cfef1bd4ed59b3e17c989cf65c491081f63ff266ef59e6c29c9bde9fb9a9711d27c0106e1f853011590f118a1"], 0x1c}}, 0x20000000) (async)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="050300000000000000000700000008000300", @ANYRES32=0x0, @ANYBLOB="e4d0edabdf8c9b481836bcd1899c21e49bc38a1548245599e4229fa6197d1985e673d589e010387e7af1e057d607edc3132e118f34348e178142619cbb4e0a6e1309339ce4f4f64ffb8358c16415f7a8b3dd1d187706a22a31407506e2d5fca1322064e6c55553f62f0fe7ec35510610fd922a3c951d5295d2adce7d54ab93add6f356f0e04c361eddab9c16870655850ebbcf7a2126d7e3b9a7633079c8ea82bd2f2ee3cf58245ec424ffbde7759d3cfef1bd4ed59b3e17c989cf65c491081f63ff266ef59e6c29c9bde9fb9a9711d27c0106e1f853011590f118a1"], 0x1c}}, 0x20000000)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0606610, 0x0) (async)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0606610, 0x0)
syz_open_procfs(0x0, &(0x7f0000001540)='uid_map\x00')
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000001640)) (async)
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000001640))
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="16000000000000000400000005"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="00000000000000ced72bc4aeac6966007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000100)) (async)
arch_prctl$ARCH_GET_XCOMP_SUPP(0x1021, &(0x7f0000000100))
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r6, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df12c9f7b9a60000000000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4}, &(0x7f0000000040)=0x1c)
syz_usb_connect$rtl8150(0x5, 0x3f, &(0x7f0000000980)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x5b05b05b05b08ce, [{{0x9, 0x2, 0x1}}]}}, 0x0)

8m29.288218251s ago: executing program 1 (id=2795):
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x2}, 0xffffffffffffffff, 0xaae7}}, 0x48)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x2, 0x6}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @loopback, 0x2}, {0xa, 0xfc, 0x7, @remote, 0x3}, r2, 0x7}}, 0x48)

8m28.750831388s ago: executing program 1 (id=2797):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$inet6(0xffffffffffffffff, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="98000000100000010000000004000000000008003554e548b898ca19d4d5c185e9772745bb45e9cbd9c7c4", @ANYRES32=0x0, @ANYBLOB="0000000009000000240012800c0001006d6163766c616e0014000280080001001c00000008000900ffffffff540018800c000180080001000700000044000180"], 0x98}, 0x1, 0x0, 0x0, 0x20040040}, 0x8000)
r2 = syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
connect$bt_l2cap(r3, &(0x7f00000000c0)={0x1f, 0x9, @any, 0x0, 0x2}, 0xe)
write$binfmt_script(r2, &(0x7f0000005e80)={'#! ', './file0'}, 0xb)
socket(0x28, 0x5, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r5 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000180), 0x4)
copy_file_range(r6, &(0x7f0000000080), r5, 0x0, 0xfffffffffffffff8, 0x0)

8m27.964438196s ago: executing program 1 (id=2802):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(&(0x7f0000000500)='ramfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x18, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000730000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0xc3100, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file1/file0/file0\x00', 0x0, 0x18}, 0x18)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000002c0)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r4, {0x1}}, './file0\x00'})

8m26.940006924s ago: executing program 1 (id=2804):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0xb00, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r5, 0x321, 0x70bd2b, 0x25dfdbfc}, 0x14}}, 0x4000000)

8m11.425737104s ago: executing program 33 (id=2804):
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0xb00, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78)
ioctl$EVIOCGPROP(0xffffffffffffffff, 0x40047438, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, r5, 0x321, 0x70bd2b, 0x25dfdbfc}, 0x14}}, 0x4000000)

5m5.540954804s ago: executing program 2 (id=3481):
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000080)={'pimreg1\x00', 0x400})
r2 = socket$netlink(0x10, 0x3, 0xa)
r3 = dup(r2)
r4 = open(&(0x7f0000000040)='./file1\x00', 0x1850c2, 0x14c)
ftruncate(r4, 0x200004)
r5 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
sendfile(r3, r4, 0x0, 0x80001d00c0d1)
syz_usb_connect$cdc_ncm(0x3, 0xb9, 0x0, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_udp_int(r6, 0x11, 0x67, &(0x7f0000000040), 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

5m1.921842178s ago: executing program 2 (id=3491):
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000240)=0xe9, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f00000003c0)=0x6121, 0x4)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="020114003f2918000e3580009f0001140000002f0600ac141430e0000003808a8972bd0b72e41082b1a3d206"], 0xdd12}], 0x1}, 0x10)

5m1.118654705s ago: executing program 2 (id=3494):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYRES64], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00')
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x6)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="0e00010002"], 0x8)

5m1.019856537s ago: executing program 2 (id=3495):
syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000005d0000005d000000020000009e45d13617ee707f00000000000000000100000007001c0002040000040000000200000000000000050000000200000000000012050000"], 0x0, 0x7a, 0x0, 0x0, 0x0, 0x10000}, 0x28)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c000980080002000300000028000280080001"], 0x46}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x7fffffff}}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x14008004)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

4m59.329784654s ago: executing program 2 (id=3501):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
sendmsg$nl_route_sched_retired(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newtaction={0xf0, 0x32, 0x205, 0x70bd2d, 0x25dfdbfc, {}, [{0xc9}]}, 0xf0}, 0x1, 0x0, 0x0, 0x85}, 0x8000)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))
r1 = socket(0x1, 0x3, 0x0)
bind$unix(r1, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
r2 = socket$tipc(0x1e, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
socket$inet_tcp(0x2, 0x1, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x20010, 0xffffffffffffffff, 0x200000)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
r5 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x5)
r6 = dup(r5)
ioctl$SIOCSIFHWADDR(r6, 0x5412, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bind$tipc(r2, &(0x7f0000000000)=@name={0x1e, 0x2, 0x1, {{0x41}, 0x3}}, 0x10)
listen(r2, 0x0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0)

4m56.334000557s ago: executing program 2 (id=3511):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xb2b3}}, &(0x7f00000000c0)='GPL\x00', 0xa, 0x9c, &(0x7f0000001300)=""/156, 0x0, 0xa}, 0x94)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x7, 0x0, 0xa0)
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000300)={0x20, 0x18}, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x1, 0x44, "a61d17f04c7449399baad0c4739868e9cf8fd13cc938ce173b61abdf955293bf31f58e0fe0cc575d97abd0ad796502c3f82f089b4e8f632333e903b08e5005c3ae6e23a8"}, &(0x7f0000000480)={0x20, 0x3, 0x1, 0xa}})
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x3f0, 0x4, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x9, 0x40, 0x4, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x7, 0x1, 0x3, 0xfc, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x7, 0x7f, 0x24}}}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x250, 0x9, 0xf, 0x0, 0x40, 0x7}, 0x26, &(0x7f0000000280)={0x5, 0xf, 0x26, 0x3, [@ssp_cap={0x10, 0x10, 0xa, 0x7, 0x1, 0x975, 0xf, 0x4, [0xc0c0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x4, 0x4, 0xf}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0xf9, 0x6}]}, 0x2, [{0x53, &(0x7f0000000340)=@string={0x53, 0x3, "6fe3b4afa8c2b3b7e1fd446de333a5cc68bf02295570173d30e8b7583f9331f84c674bd7a1c784e983b13b2490b29147e60b3c18b3a84a187f357e48a61152db37c0264f0ae9c4cddd0d6f1cd831e8fb52"}}, {0x28, &(0x7f00000003c0)=@string={0x28, 0x3, "733acf5ef352a6ec8d7378abdf3c2cad85509a524b299129ca3d34e025518020f9aefa637e95"}}]})
ioctl$HIDIOCGUSAGES(r2, 0xd01c4813, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'syztnl1\x00', &(0x7f0000000180)={'syztnl2\x00', <r4=>0x0, 0x2f, 0xb9, 0x2, 0xffffffff, 0x40, @dev={0xfe, 0x80, '\x00', 0xc}, @remote, 0x80, 0x20, 0x0, 0x2}})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0)

4m40.881462622s ago: executing program 34 (id=3511):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x1c, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x2, 0x0, 0x0, 0xb2b3}}, &(0x7f00000000c0)='GPL\x00', 0xa, 0x9c, &(0x7f0000001300)=""/156, 0x0, 0xa}, 0x94)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f000000040b2100000095f5758483"], 0x0}, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x7, 0x0, 0xa0)
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f00000004c0)={0x2c, &(0x7f0000000300)={0x20, 0x18}, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x1, 0x44, "a61d17f04c7449399baad0c4739868e9cf8fd13cc938ce173b61abdf955293bf31f58e0fe0cc575d97abd0ad796502c3f82f089b4e8f632333e903b08e5005c3ae6e23a8"}, &(0x7f0000000480)={0x20, 0x3, 0x1, 0xa}})
syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000140)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0xff, 0x3f0, 0x4, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x9, 0x40, 0x4, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x7, 0x1, 0x3, 0xfc, "", {{{0x9, 0x5, 0x1, 0x2, 0x10, 0x7, 0x7f, 0x24}}}}}]}}]}}, &(0x7f0000000400)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x250, 0x9, 0xf, 0x0, 0x40, 0x7}, 0x26, &(0x7f0000000280)={0x5, 0xf, 0x26, 0x3, [@ssp_cap={0x10, 0x10, 0xa, 0x7, 0x1, 0x975, 0xf, 0x4, [0xc0c0]}, @ext_cap={0x7, 0x10, 0x2, 0x12, 0x4, 0x4, 0xf}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x5, 0xf9, 0x6}]}, 0x2, [{0x53, &(0x7f0000000340)=@string={0x53, 0x3, "6fe3b4afa8c2b3b7e1fd446de333a5cc68bf02295570173d30e8b7583f9331f84c674bd7a1c784e983b13b2490b29147e60b3c18b3a84a187f357e48a61152db37c0264f0ae9c4cddd0d6f1cd831e8fb52"}}, {0x28, &(0x7f00000003c0)=@string={0x28, 0x3, "733acf5ef352a6ec8d7378abdf3c2cad85509a524b299129ca3d34e025518020f9aefa637e95"}}]})
ioctl$HIDIOCGUSAGES(r2, 0xd01c4813, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000000)={'syztnl1\x00', &(0x7f0000000180)={'syztnl2\x00', <r4=>0x0, 0x2f, 0xb9, 0x2, 0xffffffff, 0x40, @dev={0xfe, 0x80, '\x00', 0xc}, @remote, 0x80, 0x20, 0x0, 0x2}})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=@ipv6_newnexthop={0x20, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_OIF={0x8, 0x5, r4}]}, 0x20}}, 0x0)

11.451196147s ago: executing program 5 (id=4511):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000940)={{{@in6, @in6}}, {{}, 0x0, @in=@initdev}}, &(0x7f00000002c0)=0xe8)
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
r5 = eventfd(0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5)
ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90})
r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x20, 0x67, 0x9e, 0x8, 0xc72, 0x14, 0xc776, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x38, 0x0, 0x0, 0x1, 0x28, 0xff}}]}}]}}, 0x0)
syz_usb_control_io$lan78xx(r6, 0x0, &(0x7f0000000600)={0x34, &(0x7f0000000380)={0x20, 0x5, 0x3, "c08f5b"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r6, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xc, &(0x7f00000008c0)=ANY=[@ANYBLOB="180200000400000000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x0, 0xe, 0x0, &(0x7f0000000100)="4f6b3780907c340a944dc93f004f", 0x0, 0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000340)=0x1)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r5, 0xc400941d, &(0x7f0000000380)={0x0, 0x1fffe000000})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x9, &(0x7f0000000000)={0x0, 0xfffffffffffffffe})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000080)={0x0, <r8=>0x0})
prlimit64(r8, 0xc, &(0x7f0000000180)={0x4, 0xd72}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
io_setup(0x2004, &(0x7f0000000680))

10.76953213s ago: executing program 7 (id=4519):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040), 0x2}}, 0x20)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000480)=<r2=>0x0)
quotactl_fd$Q_GETNEXTQUOTA(r0, 0xffffffff80000900, r2, &(0x7f00000004c0))
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000016c0)={0x30, 0x3e, 0x1, 0x80000, 0x3, {0x1}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@nested={0x8, 0x10, 0x0, 0x1, [@nested={0x4, 0x8}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x30}, 0x1, 0x0, 0x0, 0x40000d1}, 0x4008094)
r3 = syz_open_dev$media(&(0x7f0000000180), 0x0, 0x20000)
r4 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000100)={0x80000000, 0x0, &(0x7f0000000200)=[{{<r5=>0x80000000}}]})
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$TCSETSW2(r6, 0x402c542c, &(0x7f0000000140)={0x106, 0x8001, 0xe, 0x3, 0x7, "63ff08000000000010000100000100000000fc", 0x64, 0x1})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x9, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffa}]}, 0x0, 0xd, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000400)={&(0x7f0000000600)={0x154, 0x0, 0x8, 0x70bd2d, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x801b}}, {{@pci={{0x8}, {0x11}}, {0x8}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x5}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x36cb}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}, {0x8, 0xb, 0xc}, {0x6, 0x11, 0x20a4}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x8}, {0x6, 0x11, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x5}, {0x6, 0x11, 0xffff}}]}, 0x154}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
ioctl$MEDIA_IOC_ENUM_LINKS(r4, 0xc0287c02, &(0x7f0000000140)={r5, &(0x7f0000000000)=[{<r9=>0x80000000}], &(0x7f0000000280)})
ioctl$MEDIA_IOC_SETUP_LINK(r3, 0xc0347c03, &(0x7f0000000e80)={{0x80000000, 0x0, 0x5, [0x5, 0x2]}, {r9, 0x0, 0x7, [0x7, 0xfffffffc]}, 0x0, [0x800, 0x7]})

10.308319732s ago: executing program 7 (id=4521):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$swradio(0x0, 0x1, 0x2)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(0xffffffffffffffff, 0x891a, &(0x7f0000001b40)={'bond0\x00', {0x2, 0x4e20, @empty}})
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000080)='./cgroup\x00', &(0x7f0000000040)='hfsplus\x00', 0x2000010, &(0x7f0000000100)='barrier')
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40046f41, &(0x7f0000000440)=0x40000000)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000200))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000100), 0x844801, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000010c0), 0x0, 0x1a7e24)
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000340)=0xe)
writev(0xffffffffffffffff, &(0x7f000009de80), 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e25, @private=0xa010101}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRESHEX=r1], 0x6c}}, 0x0)
r4 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000001040)='memory.events\x00', 0x0, 0x0)

9.042827263s ago: executing program 5 (id=4522):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$sock(r2, &(0x7f00000044c0), 0x4000000000001c0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="2b000400", @ANYRES16=r7, @ANYRES64=r6, @ANYRES32=r5, @ANYBLOB="240033003d5b97f4a289"], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x44180)
recvfrom(r3, &(0x7f00000000c0)=""/57, 0x39, 0x60, 0x0, 0x0)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r8, 0x40047438, &(0x7f0000000180)=""/246)
syz_open_dev$sndctrl(&(0x7f0000000140), 0x7, 0x400)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
r10 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r10, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000180)={'vxcan1\x00', <r11=>0x0})
bind$can_raw(r10, &(0x7f0000000200)={0x1d, r11}, 0x10)
sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0xfffffffe, {0x0, 0x0, 0x0, r11, {0x1}, {0xffff, 0xa}, {0x1, 0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000880)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)

8.979190213s ago: executing program 7 (id=4523):
r0 = epoll_create1(0x80000)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000040)={0x48000008})
r2 = accept$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x1c)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f00000001c0)=@nat={'nat\x00', 0x1b, 0x5, 0x720, 0x0, 0x4a8, 0xffffffff, 0xf0, 0x4a8, 0x650, 0x650, 0xffffffff, 0x650, 0x650, 0x5, &(0x7f0000000140), {[{{@uncond, 0x0, 0xa8, 0xf0}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x2, @ipv6=@private2, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, @gre_key=0x7963, @gre_key=0x9}}}, {{@ipv6={@private2, @remote, [0x0, 0xffffff00, 0xff, 0xffffffff], [0x0, 0xff000000], 'ipvlan0\x00', 'wg0\x00', {0xff}, {}, 0xc, 0x4, 0x6, 0x50}, 0x0, 0x100, 0x148, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d6], 0x400, 0x2, 0x2}}, @common=@ipv6header={{0x28}, {0x80, 0x0, 0x7}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x8, @ipv4=@local, @ipv4=@empty, @port=0x4e20, @port=0x4e24}}}, {{@ipv6={@remote, @private2, [0x0, 0xffffff00, 0xffffff00, 0xffffff00], [0xffffff00, 0xff000000, 0xff, 0xff000000], 'batadv_slave_0\x00', 'pim6reg1\x00', {0xff}, {}, 0x5c, 0x1, 0x5, 0x4c}, 0x0, 0x228, 0x270, 0x0, {}, [@common=@rt={{0x138}, {0x3, [0x1, 0x4], 0x7, 0x8, 0x5, [@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x18}}, @local, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @dev={0xfe, 0x80, '\x00', 0x34}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @local, @mcast2, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, @dev={0xfe, 0x80, '\x00', 0x3b}, @dev={0xfe, 0x80, '\x00', 0x35}, @ipv4={'\x00', '\xff\xff', @remote}, @local, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2], 0x4}}, @common=@hbh={{0x48}, {0xd, 0x1, 0x0, [0x7fff, 0xf, 0xfff, 0x4, 0x2, 0x1, 0x8e93, 0x5, 0x8001, 0x9, 0xd, 0xd, 0x401, 0x4, 0x6, 0x8000], 0xe}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv6=@empty, @ipv6=@empty, @port=0x4e21, @port=0x4e23}}}, {{@ipv6={@empty, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0xff000000, 0x0, 0xff, 0xff], [0xff, 0xff, 0xffffff00, 0xff], 'veth0_to_bridge\x00', 'veth1_to_bond\x00', {0xff}, {0xff}, 0x8, 0x5, 0x2, 0x44}, 0x0, 0x160, 0x1a8, 0x0, {}, [@common=@srh1={{0x90}, {0x3b, 0xa, 0x0, 0x1, 0x4, @local, @dev={0xfe, 0x80, '\x00', 0x25}, @loopback, [0x0, 0x0, 0xff, 0xffffffff], [0xff, 0x0, 0xffffff00, 0xffffff00], [0x7f800000, 0x0, 0xff, 0xff000000], 0x811, 0x34f1}}, @common=@eui64={{0x28}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x10, @ipv6=@dev={0xfe, 0x80, '\x00', 0x18}, @ipv6=@empty, @port=0x4e20, @gre_key=0xb}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x780)
read$msr(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
r4 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000000c0)={&(0x7f0000000a00)=@generic={0xa, "8ab77fa26849ff26650042e2dacd300062e2adacd2737d00ad6f9fa9f3d7145e15dd9d6d2e19d211220900ad5def53b911ba5b9da13641f9826d7012a749f54b901ee80ea6132ca6e88c776553e1833052ca376304313c4b37780136a4b8385702000000000000000f2d00000000000100"}, 0x80, 0x0}, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000940)='cgroup.events\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x4000)
sendmsg$NFT_BATCH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a5c000000060a090400000000000000000200fffe0900020073797a32000000000000010073797a3100000000340004801c0001800a0001006d617463680000002000028005000300000000000b000100736f636b657400000800024000000001140000001100010000000000000000000300000a11574f9d144b0941670946c4724569c4be054a3a8096d73ece01a61de7e9e45c57afaef17e5334c03b87bf05"], 0x84}, 0x1, 0x0, 0x0, 0x24044800}, 0x0)
read$msr(r5, &(0x7f0000034000)=""/102392, 0x18ff8)
socket(0x8, 0x4, 0x0)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x1000, @remote, 0x40}, 0x8)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@local, 0x0, 0x1, 0x5, 0x1, 0xa, 0x0, 0x52a9db93b5641c77}, {0xbd1, 0x0, 0x3, 0x4, 0x0, 0x0, 0x1}, {0x81, 0x2, 0x3}, 0x2000000, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x16}}, 0x8000, 0x33}, 0x0, @in6=@empty, 0x0, 0x2, 0x3, 0x4, 0x0, 0x0, 0x7}}, 0xe8)
r8 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r8, &(0x7f0000000000)={0x20000000})

7.714154245s ago: executing program 4 (id=4526):
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x2, 0x0)
sendmsg$SMC_PNETID_GET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r3, &(0x7f0000000180)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000900)=ANY=[@ANYBLOB="8c0000001000370400"/20, @ANYRES32=r4, @ANYBLOB="00000000000000006c0012800e00010069703665727370616e000000580002801400060020010000000000000000000000000002050016000100000014000700fc020000000000000000000000000000040012"], 0x8c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000580)=@gettfilter={0xffffff0b, 0x2e, 0x10, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xfff1, 0x4}, {0xe, 0xffe0}, {0x4, 0xf}}, [{0x0, 0xb, 0x81}]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x20000049)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=@newtfilter={0x2bc, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x14, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0xfff3, 0x10}}, @TCA_FLOW_KEYS={0x8, 0x1, 0x17575}]}}, @filter_kind_options=@f_u32={{0x8}, {0x1c, 0x2, [@TCA_U32_HASH={0x8, 0x2, 0x40}, @TCA_U32_HASH={0x8, 0x2, 0x2}, @TCA_U32_HASH={0x8, 0x2, 0x9}]}}, @TCA_CHAIN={0x8, 0xb, 0x3}, @filter_kind_options=@f_bpf={{0x8}, {0x214, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x4}, @TCA_BPF_NAME={0xc, 0x7, './file0\x00'}, @TCA_BPF_FLAGS={0x8, 0x8, 0xf}, @TCA_BPF_ACT={0x1c0, 0x1, [@m_gact={0x1bc, 0x1, 0x0, 0x0, {{0x9}, {0xb8, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0xc, 0x3, {0x1, 0x17a5, 0x2}}, @TCA_GACT_PARMS={0x18, 0x2, {0x4, 0x9, 0x0, 0xc, 0x9}}, @TCA_GACT_PARMS={0x18, 0x2, {0x3, 0xd5, 0x5, 0x5, 0xa3e}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb7, 0x176d, 0x0, 0x4, 0xc3}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x1586, 0xffffffffffffffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0xd43, 0x0, 0x20000000, 0x0, 0x4}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0xbf4, 0x6}}, @TCA_GACT_PARMS={0x18, 0x2, {0x8, 0x800, 0x2, 0x8, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x2248, 0x1}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x819, 0x4}}]}, {0xda, 0x6, "e64c379aef7153b8caff7557074412f2e119ee8e5c3d844a2632e9eb136b334ac8a5b3c6914e04fe46185863d3edaa9e24978758febf5438d84151eee445f1c2ed2d6eff978eb9e832091d1b2c70a6a87412a2e8c67447a32b096ea47d2c9ea5f1ecedb67c3a4b6a179d4d65e229697d1725f3fe90747debf989bb1cf205538fdb4732b830e69335f635e962ae4764359e94f23c971701edff305ed1c40f45defe5c243c7a0874fa722e2ddd9c220b7398b11ac4c00cdbe5b1630ed4dbd61640966594d8c04ace0e623914af05221ef803105573fba7"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x3}}}}]}, @TCA_BPF_CLASSID={0x8, 0x3, {0x9, 0xe}}, @TCA_BPF_CLASSID={0x8, 0x3, {0xfff2}}, @TCA_BPF_OPS={{0x6, 0x4, 0x3}, {0x1c, 0x5, [{0x101, 0xcb, 0x5, 0x4}, {0x431, 0x81, 0x9}, {0x80, 0x4, 0xf5, 0xffff0000}]}}]}}, @filter_kind_options=@f_flow={{0x9}, {0x24, 0x2, [@TCA_FLOW_RSHIFT={0x8, 0x4, 0x5}, @TCA_FLOW_RSHIFT={0x8, 0x4, 0x10}, @TCA_FLOW_PERTURB={0x8, 0xc, 0x34c}, @TCA_FLOW_ADDEND={0x8, 0x5, 0x80000001}]}}]}, 0x2bc}}, 0x4000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
setresuid(0xee01, 0xee00, 0x0)
r6 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0xd555, 0x1, 0x4, 0xb9}, &(0x7f0000010080), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r6, 0x0, &(0x7f0000001700)=[{&(0x7f0000000040)=""/36, 0x24}, {0x0}], 0x2)
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x10, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000540)=[{0x0}], 0x0, 0x1}, 0x20)
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setrlimit(0x1, &(0x7f0000000000))
add_key(&(0x7f00000013c0)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000100)='[', 0xfe95, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_io_uring_setup(0x8d0, &(0x7f0000000640)={0x0, 0x0, 0x3010, 0x0, 0x4}, &(0x7f0000000040)=<r8=>0x0, &(0x7f0000000080)=<r9=>0x0)
bind$unix(r1, &(0x7f0000000480)=@file={0x1, './file0\x00'}, 0x6e)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0x1ffffe}, &(0x7f0000000100)=<r10=>0x0, &(0x7f00000001c0)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x34da17d3caf523c0})
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0)
syz_io_uring_submit(r8, r11, &(0x7f0000000000)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000240)="4fdda8724d72db4d2c4d5b716976697534bc497b705a235cb1a68e439cb7a528e052da3471a9989edbe914a7a37022fdcce0214044ec9bd2edb1e2a4dfc81f59f4d2d52f28c8825b97e597ad7b504cc3e67d8b37f473d0004d35f53ab54837b54ec5b2815f8cf39d70718c4faa1c52bc02541cce0fa41be48abc9f49432c74608acba653da4dd2c47b54be38847abb36fbd895c8e9a071fa9e068de9289a637a5d860be1a99948369b3ef3539724b8cfb279", 0x7fff, 0x0, 0x0, {0x0, r12}})

7.692219966s ago: executing program 7 (id=4527):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x48d, 0xce50, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x40, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x1, 0x0, 0x1, {0x22, 0xa0}}}}]}}]}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) (async)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84) (async)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000001c0)={<r4=>0x0, 0xb0, "6d171b17ba9ed94e99659afb5684a2dfa9ddd098a407a60d6d997bc156a63472fb3991847fb590163b2c5639223ac366ca94a9a0877517a7ffc0d44dfdd6af8330d10be9b46c77ac392a02f4ee98d6d0f81d8da8d43ab216b25aa1cc86c7d8596cc19ce0f8728518936cb06b16a8b651401d6732d34661c588aa4e05a604bd41efaa3d6d17d393465825b662674ee2513db6f354212d36b470e7a31cc2069033e1f4b2f0bd51d3a176345e4d7222b7b6"}, &(0x7f00000000c0)=0xb8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r3, 0x84, 0x76, &(0x7f0000000100)={r4, 0x3}, 0x8)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) (async)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1) (async)
prctl$PR_SET_IO_FLUSHER(0x43, 0x0) (async)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xb, &(0x7f0000000140)=ANY=[@ANYRES8=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='kfree\x00', r5}, 0x18) (async)
r6 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x2d41, 0x0)
flock(r6, 0x5)
flock(r6, 0x5) (async)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r7, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) (async)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
tkill(0x0, 0xb) (async)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000840)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="200da0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

6.294591468s ago: executing program 4 (id=4530):
syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000005d0000005d000000020000009e45d13617ee707f00000000000000000100000007001c000204000004000000020000000000000005000000020000000000001205000000060000000200000f010000000200000037dd00000200000001"], 0x0, 0x7a, 0x0, 0x0, 0x0, 0x10000}, 0x28)
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c000980080002000300000028000280080001"], 0x46}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0x44, 0x30, 0x51b, 0x0, 0x0, {}, [{0x30, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0x44}}, 0x14008004)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f0000000000140001"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

6.228275174s ago: executing program 3 (id=4531):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'vlan0\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x1000000, &(0x7f0000000140)={0x11, 0x8848, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

6.201371007s ago: executing program 3 (id=4532):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f00004f4000/0x18000)=nil, &(0x7f0000000480)=[@text64={0x40, &(0x7f0000000380)="f0470fb19e00480000c4a1fd64f464430f0dddc4c10df286b500000066baf80cb855d4af8cef66bafc0cec2e653667ad66b8c1008ee8c4012a51ac87d27293d242d24f0a66baf80cb88a2b1680ef66bafc0c66ed", 0x54}], 0x1, 0x60, &(0x7f00000004c0)=[@dstype3={0x7, 0x5}], 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x60, 0x0)
mount$afs(0x0, &(0x7f0000002840)='./file0\x00', &(0x7f0000002880), 0x700, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
setrlimit(0x7, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={0x0}, 0x18)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0e000000046be37f2fd4e124000000040000000300", @ANYRES32, @ANYBLOB='\x00'/15], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000007c0)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x3, 0x8, &(0x7f0000000900)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000009500000000000000a2ab1c1ff0a4fd8f4562ee28927be2d78c1033deb9e0f24263a4c94b01ad2f91de754763613670cc803da81e57a422e14dcf7a5abd5be0cc0d2cef2cca8c90ea5f4bbc07c8389a96e56bb1cd6701c441760aede2ce75e532c21ade6ff0ad0d7f19d997c0350056163e6625cbf4f0a189b4b148961d140b739667957c8a3165271f5d5a04c8bd61fc561bf14f26212e030511908c29730258ad057d8df19fcacef8a2008a9ae0e447fb20e314ef9bc1f0387071c87e55"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r4, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8, &(0x7f0000000380)=[0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r5=>0x0, 0xc3, &(0x7f00000008c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000440), &(0x7f0000000640), 0x8, 0x2e, 0x8, 0x8, &(0x7f0000000400)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x3, 0x8, &(0x7f0000000bc0)=ANY=[@ANYBLOB="180000000000000000000000feff", @ANYBLOB], &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r3}, 0x0, &(0x7f0000000080)=r4}, 0x20)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r6, &(0x7f0000000280)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @default, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40)
eventfd(0x8)
bpf$MAP_CREATE(0x0, &(0x7f0000001280)=ANY=[@ANYBLOB="1c00"], 0x50)

6.170452736s ago: executing program 5 (id=4533):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r1, &(0x7f00000002c0)={0x11, 0xf5, 0x0, 0x1, 0x1, 0x6, @multicast}, 0x14)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000080)=0x14)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="1c0000f5"], 0xfdef)

5.891797703s ago: executing program 6 (id=4535):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000580)=ANY=[@ANYBLOB="b800000019000100000000000000000020010000000000fdff00000000ac1414aa00000000010000000000000000000005000000000a000000000000007339bb29a54fac4dac772b8946068d997dce2962feacd472d32113e4ba3b8d0731b1213be1f8e8478b5150e2f2ddf4b771f9b7beab4abc7f085bcafdb9c2895da257bb79cb7e2fc34e930cb020f9e09cbc974dbe2a4dcc34e858604936604fb286fbbe65dea590bf2ee9c57244d6f78a8adabef2f0882a03277d0b71323b23", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a0000000000000000000000804000000000000000000800"/112], 0xb8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000001107300000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x16, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = fsopen(&(0x7f0000000440)='ubifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x89f1, &(0x7f0000000400)={'ip6gre0\x00', &(0x7f0000000700)=@ethtool_per_queue_op={0x4b, 0xf, [0x2000f68f, 0x8, 0x9, 0x10001ff, 0x8, 0x4, 0xe97, 0x4, 0x6, 0xecbf, 0xff, 0x101, 0x7, 0x203, 0x3d, 0x5e, 0x1000, 0x1, 0xf557, 0x2, 0x5, 0x9b5, 0xce, 0x2, 0x3, 0xe52f, 0xaa8, 0x80000000, 0x1, 0xe9c4, 0xcd8, 0x6c, 0x6, 0x67a, 0xd, 0x7, 0x7d, 0x6, 0x6, 0x3da, 0x3, 0xfffffffc, 0xfd2, 0x6, 0x8, 0x800, 0xfffff801, 0x2b, 0xa, 0x0, 0x6, 0x3, 0x5, 0x0, 0x6, 0x8, 0x23, 0xff, 0x3, 0x10, 0x3, 0xffffffff, 0x6, 0x6000004, 0xd1, 0xf, 0x4, 0xa, 0x0, 0xb67a, 0x80000000, 0xf, 0x3, 0x5, 0x2, 0x0, 0xdb4bf975, 0x9, 0xd, 0x2000004, 0x2, 0x0, 0xd, 0x6, 0x3, 0x0, 0x10, 0x1, 0xfffffffc, 0x9, 0x7ff, 0x7, 0x2, 0x4, 0x37, 0xb, 0x4, 0x1, 0x9, 0x6, 0x7fff, 0x1, 0x704, 0x33e4, 0x401, 0x5, 0x7fff, 0x8, 0x100, 0x3, 0xfffffffd, 0x2, 0x6, 0x8, 0x9, 0x7, 0x200, 0x9, 0xe, 0x81, 0x0, 0x4, 0x5, 0x5, 0x8, 0x3, 0x1, 0xfffffffa], "354d52859e67242784b2d116258cd674e6f7a8a6a4121e789c83baf4c3a50a398640a4dc2fc81b58dbb571267492b55e6c08c88024448cb2ef70a24171f84c9efbacb6b98c218e44bd5e54b7fcfbb9df68a48f2a788ee358d193c551deed"}})
socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0)

5.750653471s ago: executing program 5 (id=4536):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_MOVE(0x1e, r0, 0xfffffffffffffffe, r0, 0x0)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(0x0, 0x0, 0x0, 0x0, r1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=<r4=>0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x20, 0xc, 0x3, 0x0, 0x0, 0xfffffffd, 0x0})
r6 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0)
ioctl$VIDIOC_TRY_DECODER_CMD(r6, 0xc038563b, &(0x7f0000000080)={0x0, 0x3, @start={0x0, 0x1}})
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0d000000ac864070a0fe7c1285cc494189c0e302", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\x00'/28], 0x50)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0xfffffffffffffdad)
ioctl$VIDIOC_S_SELECTION(r6, 0xc040565f, &(0x7f0000000140)={0x2, 0x3, 0x6, {0x4, 0x4, 0x0, 0x6}})
bind$bt_sco(0xffffffffffffffff, &(0x7f0000000040), 0x8)
listen(0xffffffffffffffff, 0x6)
mount(&(0x7f0000000300)=@loop={'/dev/loop', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000100)='aio\x00', 0x200013, 0x0)
connect$bt_sco(0xffffffffffffffff, 0x0, 0x0)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x0, 0x1}, 0xc)
setsockopt$MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, &(0x7f00000001c0)={{0xa, 0x1, 0x0, @mcast2}, {0xa, 0x0, 0x1, @empty, 0xffbffffe}, 0x0, {[0x9, 0x0, 0x40000001, 0xfffffffd, 0x0, 0x0, 0x0, 0x7]}}, 0x5c)

5.256605818s ago: executing program 4 (id=4537):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000580)=ANY=[@ANYBLOB="b800000019000100000000000000000020010000000000fdff00000000ac1414aa00000000010000000000000000000005000000000a000000000000007339bb29a54fac4dac772b8946068d997dce2962feacd472d32113e4ba3b8d0731b1213be1f8e8478b5150e2f2ddf4b771f9b7beab4abc7f085bcafdb9c2895da257bb79cb7e2fc34e930cb020f9e09cbc974dbe2a4dcc34e858604936604fb286fbbe65dea590bf2ee9c57244d6f78a8adabef2f0882a03277d0b71323b23", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a0000000000000000000000804000000000000000000800"/112], 0xb8}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000001107300000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x16, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000440)='ubifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r5, 0x560a, &(0x7f00000006c0)={0x4, 0x0, 0x0, 0x0, 0x132, 0x3})
mount(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000002280)='vxfs\x00', 0x1000080, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$qrtr(0x2a, 0x2, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x2}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x58}}, 0x0)

4.657782744s ago: executing program 6 (id=4538):
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x23, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011)
sendmsg$kcm(r0, &(0x7f0000000780)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xd}, 0x2}, 0x80, 0x0}, 0xe07e872420dfefca)
r2 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)}], 0x1}, 0x2400c000)

4.368036106s ago: executing program 7 (id=4539):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r2)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
r4 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0x40405514, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getrandom(&(0x7f0000000580)=""/265, 0xffffff3f, 0x3)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r5, 0x227b, &(0x7f00000001c0)=0x2001)
r6 = fcntl$dupfd(r5, 0x0, r5)
readv(r6, &(0x7f0000000000)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1)
write$FUSE_INIT(r6, &(0x7f0000000080)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x81, 0x21004040, 0x5, 0xd65b, 0x1, 0x1850c00, 0x0, 0x0, 0x40, 0xa}}, 0x50)
r7 = memfd_create(0x0, 0x1d)
sendmsg$NFC_CMD_DEV_UP(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, r3, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}}, 0x0)
sendmsg$NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x400, 0x70bd2d, 0x25dfdbff}, 0x14}}, 0x40080)
r8 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010007000009040600010300000009210000000122080009058155427503c4713e85c0e5063f3ebe5140cd04e4eb4ce208c72d58872f3d6fc3b970cbb637efc88b09a801ab35ea2a251d7bd02da23ec29ac60fd7604c3db84756e6ca173f62e57de331b2d8b7864bffc8451b2605ed967657b8587529b3bddd5131bc46b946ae63e8edaec56e2a76a0b5ba47edef68190767724dba94997ecd11fc0cd29556534da8739e20b370a576578aa4d43ee9cccca4b4bc71b4fbb64e3d0997acf0532fbfbc", @ANYRES64=r0, @ANYRES32=r4, @ANYRESDEC=r1, @ANYRESHEX=r0, @ANYRESDEC=r7, @ANYRES16=r4], 0x0)
syz_usb_control_io$hid(r8, 0x0, 0x0)
syz_usb_control_io$hid(r8, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a2"], 0x0}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/fscreate\x00')

4.336394504s ago: executing program 4 (id=4540):
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x40000)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x6, @private1={0xfc, 0x1, '\x00', 0x1}, 0x7}, 0x1c)
listen(r0, 0xfffffffc)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
io_setup(0x8, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r2=>0x0)
io_pgetevents(r2, 0x2, 0x2, &(0x7f00000000c0)=[{}, {}], &(0x7f0000000700)={0x77359400}, 0x0)
r3 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close(r3)
io_submit(r2, 0x3, &(0x7f0000000400)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x6, 0x4, r1, &(0x7f0000000200)="b89c3023982439702f98b31f688ca14f6706083e66483a1b19033104621367ee9873d6e93cc1560946f45c12c1c7896254b68d47fd1d8360021c482b5e6293449dad0bc8a1875c6244d3b2402249e88b4775cac62160b12d7ed12645d6b54cc3f0e73533c99d455ae2959135b10ba1cf916b8948f5497b43d93cc073be4885bf0f32fd020aa5ee9899772cd93a203a3b4bcca588ce331bed7d069d0a07e03d0c8677e9e7f1ef715cbe05e19f5c47c3787e79a754dbab6fd87a77695f74991a8659433088449c6aed8efaf49a308d86ba1c9f385d1307622b228f3624537f503531f7b740bc", 0xe5, 0x1ff, 0x0, 0x1}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x8001, r1, &(0x7f0000000140)="20af", 0x2, 0xffff, 0x0, 0x1, r3}, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000300)="f89a64a3f4c5a8870ae09ebf555e62473e120d5846549f4a3a34ed915bc7b7257514a3c9717551880c0430a44579dc4dcf447d173b91ea4b7f08b42389cdada81fdb5ea3837d1277020d8dbe3e3331bfc17e872e56bdc79099fc71c0", 0x5c, 0x4e8, 0x0, 0x2, r3}])
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000003c0)=[@text32={0x20, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008e04"])
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)

3.993274465s ago: executing program 6 (id=4541):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000080)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r0})
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000980)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "c4a8bb72"}]}}, 0x0}, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
getsockopt(0xffffffffffffffff, 0x200000000114, 0x2713, 0x0, &(0x7f00000000c0))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x12, 0x0, 0x0)
r3 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_CTL(r3, 0x4805, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000002c0)={0x0, 0x6, 0x2e, "b6c1173c7d1664741bcdd10dbdb2cd7015e090580fd6ab5d072bd00127120646a1c4521f67a1f38dc143f529e503"}, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x20, 0x0, 0x4, {0x10, 0x40}}, 0x0, 0x0, &(0x7f0000000500)={0x40, 0xb, 0x2, "36d5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
add_key$keyring(&(0x7f0000000000), &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, r1)

3.484167646s ago: executing program 3 (id=4542):
socket$inet_tcp(0x2, 0x1, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000001300)=ANY=[@ANYBLOB="1a0800050000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0xffffffffffffffff, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x1000003fffffff}, 0x60)
socket$inet6_udp(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x10}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x4003, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x405)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000348000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="0f001eafb1f40f001d260f01c83e670f0666b9630900000f32da9c0d5067f3f08141000b002ea7d94508", 0x2a}], 0x1, 0x24, &(0x7f00000001c0)=[@cstype0={0x4, 0x3}, @dstype3={0x7, 0x6}], 0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x0)
readv(r3, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/79, 0x4f}], 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x8e383, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r5 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r5, 0x0, 0x0)
bind$nfc_llcp(r4, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee602ec4802a04ea7cdcd151bb2cd9893bc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec275000386e7d95f0669b740a5418d69d0", 0x1000000000003f}, 0x60)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000200)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x4040801}, 0x20008840)
getpid()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r6 = socket$inet(0x2, 0x1, 0x0)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000f07000)=[{0x6}]}, 0x10)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

3.359574305s ago: executing program 5 (id=4543):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, r3)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x70}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x20000080)
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
stat(&(0x7f0000000140)='./file0\x00', 0x0)
lsetxattr$security_capability(&(0x7f0000000180)='./file0\x00', &(0x7f0000000200), &(0x7f00000002c0)=@v3={0x3000000, [{0x2, 0x9}, {0x3, 0x3ff}]}, 0x18, 0x1)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0)

2.602270258s ago: executing program 4 (id=4544):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x50)
syz_open_dev$vim2m(&(0x7f0000002c80), 0x0, 0x2)
r1 = openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000100), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000210018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r3, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000, 0x0, 0x0, 0x2)

2.508091064s ago: executing program 3 (id=4545):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x64)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100))
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r4 = dup3(r3, r2, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x0, 0x1000000, 0x0, 0x2, 0x0, &(0x7f0000000280)="f880"})
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0})

2.449338259s ago: executing program 4 (id=4546):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000101c1b0c1c0000000000010902240001000080000d04000001030001000921000000012205000905810300021e000081ce8b11f8d86039dc9c9298588cf1628eae5a266731cd51f78dab08684d98997de84e096a52a5"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000180)={0x20, 0xe, 0xa, {0xa, 0xb, "9799387af9dd7231"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2.228392086s ago: executing program 5 (id=4547):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000300)={{0x12, 0x1, 0x310, 0xd1, 0xce, 0x8c, 0x10, 0x45e, 0x721, 0x42fb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x2a, 0x8, 0x90, 0xcd, [{{0x9, 0x4, 0xd6, 0xcc, 0x0, 0xe, 0x1, 0x0, 0x5, [@uac_as={[@format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xfff3, 0x1000, 0x73}]}]}}]}}]}}, &(0x7f0000000a80)={0x0, 0x0, 0x0, 0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000280)={0x6498, {0x8, 0x0, 0x5, 0x7, 0x3, 0x4}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'lo\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
syz_emit_ethernet(0x66, &(0x7f0000000040)={@link_local, @local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @empty}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x8000000}}}}}}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
select(0x0, 0x0, &(0x7f00000000c0)={0x3, 0x1, 0xff, 0xfffffffffffffe5e, 0x4, 0x5, 0x6, 0x9}, &(0x7f00000001c0)={0x9, 0xffffffff, 0x8, 0x2fdd64c9, 0x10001, 0x6, 0x7ff, 0x20000}, &(0x7f0000000240)={0x77359400})
r6 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r6, &(0x7f0000000040)={0x1f, @none, 0x2}, 0xa)

1.600227417s ago: executing program 3 (id=4548):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x40, 0x0, 0x2}, 0x10)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x30, 0x0, 0x0, 0xfffff030}, {0x6}]}, 0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x101201, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
r5 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r5, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r5, &(0x7f0000000040)='./file1\x00', r5, &(0x7f0000000180)='./bus\x00', 0x0)
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r6, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2000000, @ioapic={0x0, 0x1, 0x8000, 0x0, 0x0, [{0x6, 0x7, 0xa, '\x00', 0xab}, {0x2, 0x0, 0x4, '\x00', 0x5b}, {0x60, 0x4, 0x8, '\x00', 0xb}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0x1c, 0xc, 0xd, '\x00', 0x43}, {0x4, 0x78, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xbe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x48, '\x00', 0x33}, {0x81, 0xf, 0x57, '\x00', 0x9}, {0x5, 0x4, 0x1, '\x00', 0x6}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0x8}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x6, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd}, {0x8, 0x81, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x1, '\x00', 0xf}, {0x78, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x7, 0xc1, '\x00', 0x7}, {0x5, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x6}, {0xc1, 0xd, 0x3, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
socket$inet6_mptcp(0xa, 0x1, 0x106)
chown(&(0x7f0000000580)='./file0\x00', 0x0, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r7, &(0x7f00000002c0)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1)

1.264038733s ago: executing program 6 (id=4549):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000000380)={&(0x7f0000000000)={0x2, 0x0, @private=0xa010101}, 0x10, 0x0, 0x0, &(0x7f00000007c0)=[@mask_fadd={0x58, 0x114, 0x8, {{0x5, 0xfffffff7}, &(0x7f00000003c0)=0x7fff, 0x0, 0x21, 0x9, 0x97f, 0x4, 0x30, 0x3}}], 0x58}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x403, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1e8f7}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0xd}]}}}, @IFLA_IFNAME={0x14, 0x3, 'macsec0\x00'}]}, 0x50}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r4, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0xda0, 0x0, 0x10}]})

563.251992ms ago: executing program 6 (id=4550):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd7000fbdbdf25050000000c000980080002000300000028000280080001"], 0x46}}, 0x4004)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xa0, 0x30, 0x51b, 0x0, 0x0, {}, [{0x8c, 0x1, [@m_skbmod={0x5c, 0x1, 0x0, 0x0, {{0xb}, {0x30, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x7fffffff}}}, @TCA_SKBMOD_ETYPE={0x6, 0x5, 0x6}]}, {0x4, 0x14}, {0xc}, {0xc, 0x6}}}, @m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa0}}, 0x14008004)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf250801f2800c00180008ac0f"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0)

345.504725ms ago: executing program 6 (id=4551):
syz_genetlink_get_family_id$nl80211(&(0x7f0000003840), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
r3 = dup2(r1, r0)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_OPEN(r3, &(0x7f00000000c0)={0x20, 0x0, r4, {0x0, 0x5}}, 0x20)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
socket$packet(0x11, 0x3, 0x300)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x800001, 0x0)
socket$kcm(0x10, 0x2, 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x3000008, 0x12, 0xffffffffffffffff, 0xabb35000)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = socket$inet6(0xa, 0x805, 0x0)
getsockopt$bt_hci(r6, 0x84, 0x0, &(0x7f0000000080)=""/4076, &(0x7f0000000040)=0xfec)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000300)='kmem_cache_free\x00'}, 0x18)

155.392165ms ago: executing program 3 (id=4552):
write$dsp(0xffffffffffffffff, &(0x7f00000001c0)='\\', 0x1)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket$xdp(0x2c, 0x3, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x10002, 0x1, 0x1})
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
ioctl$vim2m_VIDIOC_STREAMON(r1, 0xc0405626, &(0x7f0000000040)=0x1)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/59, 0x304000, 0x1800, 0x0, 0x3}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x3, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
writev(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
socket(0x5, 0x3, 0xfd7)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000780)=""/102400, 0x19000)
syz_emit_ethernet(0x86, &(0x7f00000001c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff0800450c00780000000000019078ac1e0001ac1414aa03049078030000004700000000000000102f0000ac1414aae0000001440cbb230a01010200000001070b8f7f000001ac1e00010707b664010102441c3100000000137fffffff000033ef0000000000000008020001014408639000000003440409310000"], 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0x3, &(0x7f0000000140)={0x2fd, 0x7e}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x16)
set_mempolicy(0x1, &(0x7f0000000600)=0x8, 0x5)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)

0s ago: executing program 7 (id=4553):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x42)
open_by_handle_at(r1, &(0x7f0000000380)=ANY=[@ANYRES8=r1], 0x40000)
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc04c565d, &(0x7f00000002c0)=@multiplanar_fd={0xc3b4eab, 0xc, 0x4, 0x40, 0x7, {0x77359400}, {0x5, 0x2, 0x7, 0xb, 0x4, 0x3, "f6de8be8"}, 0xac14, 0x4, {0x0}, 0xfffffffe})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x6, 0x88}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
read$nci(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCFLSH(r3, 0x80045438, 0x0)
r4 = syz_open_dev$mouse(&(0x7f0000000240), 0x125c, 0x21c400)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000280)=0xbd)
r5 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x101600, 0x0)
ioctl$COMEDI_DEVCONFIG(r5, 0x40946400, &(0x7f0000000080)={'c6xdigio\x00', [0x7, 0x10, 0x2, 0xa, 0x14001004, 0x0, 0xfffffffc, 0x2, 0xffd, 0x7ffe, 0x3, 0x8, 0x400, 0x2, 0x13, 0x100, 0xffffffa7, 0x9, 0x34d, 0x1e, 0x3ff, 0x9, 0x200, 0xe2df, 0xaa14, 0x1, 0x4, 0x0, 0x8007, 0xf58, 0x7]})
ioctl$COMEDI_INSN(r5, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x80000000})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x7, 0x0, 0x0)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000340)={0x4, {0x966, 0x1, 0x3, 0x9, 0x0, 0x4}})
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f00000010c0)=[0x0, 0x0], 0x0)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000001900), &(0x7f0000000a80)={[&(0x7f00000018c0)='.^*%$\'-\\:\x00\xfb\x12#\x19\t\x99n\x1e\xef,NA\xf3)\xc8\xcd\x9bM\x83\x9d\v\x80\xcbU\xdcV\xe4\xff\xa8\xf1']})
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000180)={0xfb, 0x8, 0x0, "062383a78614d321eb086bebba55db0dfca05613826fffd4ee640ffed6cd68cb", 0x32314d54})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000200)=0x10)

kernel console output (not intermixed with test programs):

d USB device number 103 using dummy_hcd
[ 1239.334860][T10987] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1239.431816][T20417] usb 7-1: config 0 has no interfaces?
[ 1239.440099][T20417] usb 7-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[ 1239.450411][T20417] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1239.600812][T21640] binder: BINDER_SET_CONTEXT_MGR already set
[ 1239.607439][T21640] binder: 21636:21640 ioctl 4018620d 200000004a80 returned -16
[ 1239.886663][T10987] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3
[ 1239.897517][T10987] usb 5-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[ 1239.906635][T10987] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1239.933185][T20417] usb 7-1: config 0 descriptor??
[ 1239.982013][T10987] usb 5-1: config 0 descriptor??
[ 1240.199379][T10987] Bluetooth: Can't get state to change to load ram patch err
[ 1240.224499][T10987] Bluetooth: Loading patch file failed
[ 1240.232052][T10987] ath3k 5-1:0.0: probe with driver ath3k failed with error -121
[ 1241.809348][T21654] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 37748736, id = 0
[ 1241.917293][T21649] pim6reg: entered allmulticast mode
[ 1242.597780][T15500] usb 7-1: USB disconnect, device number 20
[ 1242.870031][T15487] usb 5-1: USB disconnect, device number 103
[ 1243.231210][T21675] tty tty33: ldisc open failed (-12), clearing slot 32
[ 1243.454009][   T30] kauditd_printk_skb: 35 callbacks suppressed
[ 1243.454022][   T30] audit: type=1326 audit(2000001354.702:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1243.483572][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.627263][   T30] audit: type=1326 audit(2000001354.702:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1243.650774][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1243.710889][   T30] audit: type=1326 audit(2000001354.752:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1243.734359][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1244.023944][   T30] audit: type=1326 audit(2000001354.752:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.063975][T17248] Bluetooth: hci5: unexpected event for opcode 0x2027
[ 1244.132865][   T30] audit: type=1326 audit(2000001354.752:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.156240][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1244.253662][   T30] audit: type=1326 audit(2000001354.752:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.336646][   T30] audit: type=1326 audit(2000001354.752:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.366275][T21709] nbd: must specify a device to reconfigure
[ 1244.655015][   T30] audit: type=1326 audit(2000001354.752:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.697625][   T30] audit: type=1326 audit(2000001354.752:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.701698][T15500] libceph: connect (1)[c::]:6789 error -101
[ 1244.743569][   T30] audit: type=1326 audit(2000001354.752:1595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21690 comm="syz.3.3956" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1244.775424][T15500] libceph: mon0 (1)[c::]:6789 connect error
[ 1245.064379][T21719] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1245.459632][T21710] ceph: No mds server is up or the cluster is laggy
[ 1245.468814][T15500] libceph: connect (1)[c::]:6789 error -101
[ 1245.485470][T15500] libceph: mon0 (1)[c::]:6789 connect error
[ 1245.945746][T21731] loop2: detected capacity change from 0 to 7
[ 1245.952439][T21731] Dev loop2: unable to read RDB block 7
[ 1245.958966][T21731]  loop2: AHDI p1 p2
[ 1245.963554][T21731] loop2: partition table partially beyond EOD, truncated
[ 1246.101624][T21736] sctp: [Deprecated]: syz.3.3962 (pid 21736) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1246.101624][T21736] Use struct sctp_sack_info instead
[ 1246.399477][T21731] loop2: p1 size 4244635647 extends beyond EOD, truncated
[ 1246.415888][T21728] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1246.425558][T21737] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[ 1246.451605][ T5952] libceph: connect (1)[c::]:6789 error -101
[ 1246.462830][ T5952] libceph: mon0 (1)[c::]:6789 connect error
[ 1246.553079][T15500] libceph: connect (1)[b::]:6789 error -101
[ 1246.558803][T21728] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1246.567346][T15500] libceph: mon0 (1)[b::]:6789 connect error
[ 1246.702660][T21733] ceph: No mds server is up or the cluster is laggy
[ 1246.736826][T21738] ceph: No mds server is up or the cluster is laggy
[ 1246.781127][T21728] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1246.789070][T21728] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1246.796274][T21728] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1246.836806][T21728] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1246.843748][T21728] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1246.869653][T21728] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1246.878357][T21728] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1246.887623][T10979] libceph: connect (1)[b::]:6789 error -101
[ 1246.894314][T10979] libceph: mon0 (1)[b::]:6789 connect error
[ 1247.024746][T21728] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1247.955403][T10979] usb 5-1: new high-speed USB device number 104 using dummy_hcd
[ 1248.142060][T10979] usb 5-1: Using ep0 maxpacket: 8
[ 1248.153745][T10979] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1248.169671][T10979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1248.229644][T10979] usb 5-1: Product: syz
[ 1248.236655][   T50] Bluetooth: hci4: unexpected event for opcode 0x1002
[ 1248.258905][T10979] usb 5-1: Manufacturer: syz
[ 1248.274823][T10979] usb 5-1: SerialNumber: syz
[ 1248.289588][T10979] usb 5-1: config 0 descriptor??
[ 1248.305518][T10979] gspca_main: se401-2.14.0 probing 047d:5003
[ 1248.490871][   T50] Bluetooth: hci5: command 0x0405 tx timeout
[ 1248.815261][   T50] Bluetooth: hci2: command 0x0406 tx timeout
[ 1248.819848][T17248] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1248.899890][T17248] Bluetooth: hci3: command 0x0406 tx timeout
[ 1248.916623][T10979] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1249.017666][T10979] se401 5-1:0.0: probe with driver se401 failed with error -71
[ 1249.030636][T10979] usb 5-1: USB disconnect, device number 104
[ 1249.209457][T10987] IPVS: starting estimator thread 0...
[ 1249.308677][T21777] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1249.319990][T21774] IPVS: using max 43 ests per chain, 103200 per kthread
[ 1249.660222][   T30] kauditd_printk_skb: 18 callbacks suppressed
[ 1249.660259][   T30] audit: type=1400 audit(2000001360.592:1614): avc:  denied  { create } for  pid=21775 comm="syz.7.3974" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1250.233548][   T30] audit: type=1400 audit(2000001360.592:1615): avc:  denied  { link } for  pid=21775 comm="syz.7.3974" name="file1" dev="ramfs" ino=80149 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=blk_file permissive=1
[ 1251.069849][T17248] Bluetooth: hci5: command 0x0405 tx timeout
[ 1251.069865][   T50] Bluetooth: hci2: command 0x0406 tx timeout
[ 1251.077040][T17248] Bluetooth: hci3: command 0x0406 tx timeout
[ 1251.102353][T21784] validate_nla: 46 callbacks suppressed
[ 1251.102369][T21784] netlink: 'syz.4.3977': attribute type 1 has an invalid length.
[ 1251.117738][T21784] netlink: 176 bytes leftover after parsing attributes in process `syz.4.3977'.
[ 1251.138607][T21784] netlink: 'syz.4.3977': attribute type 1 has an invalid length.
[ 1251.559871][T20417] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[ 1251.628717][   T30] audit: type=1400 audit(2000001362.832:1616): avc:  denied  { map } for  pid=21796 comm="syz.7.3980" path="socket:[80183]" dev="sockfs" ino=80183 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1251.951292][T20417] usb 7-1: config 1 has an invalid descriptor of length 68, skipping remainder of the config
[ 1251.968731][T20417] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1251.990086][T20417] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1252.030257][T20417] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1252.052838][T20417] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1252.085889][T20417] usb 7-1: Product: syz
[ 1252.116283][T20417] usb 7-1: Manufacturer: syz
[ 1252.138241][T21808] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3982'.
[ 1252.147268][T20417] usb 7-1: SerialNumber: syz
[ 1252.228457][T13302] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1252.241008][T13302] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1252.248825][T13302] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1252.259220][T13302] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1252.266916][T13302] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1252.578184][T21793] netlink: 'syz.6.3979': attribute type 10 has an invalid length.
[ 1252.962489][T21816] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1252.993271][T21816] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1253.171103][T21816] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[ 1253.771914][T21830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=24601 sclass=netlink_route_socket pid=21830 comm=syz.3.3985
[ 1253.960810][T20417] cdc_ncm 7-1:1.0: CDC Union missing and no IAD found
[ 1253.967626][T20417] cdc_ncm 7-1:1.0: bind() failure
[ 1253.993133][T20417] usb 7-1: USB disconnect, device number 21
[ 1254.371770][T21790] Bluetooth: hci1: command tx timeout
[ 1254.600235][T15487] usb 5-1: new high-speed USB device number 105 using dummy_hcd
[ 1254.728125][T10987] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 1254.910068][T10987] usb 4-1: Using ep0 maxpacket: 8
[ 1254.965340][T10987] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1255.037075][T10987] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1255.101850][T10987] usb 4-1: Product: syz
[ 1255.135258][T10987] usb 4-1: Manufacturer: syz
[ 1255.165841][T15487] usb 5-1: Using ep0 maxpacket: 32
[ 1255.181867][T10987] usb 4-1: SerialNumber: syz
[ 1255.295853][T10987] usb 4-1: config 0 descriptor??
[ 1255.425617][T10987] gspca_main: se401-2.14.0 probing 047d:5003
[ 1255.677324][T21809] chnl_net:caif_netlink_parms(): no params data found
[ 1255.932578][T15487] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1255.942991][T15487] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0x67, changing to 0x7
[ 1255.954760][T15487] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 253, changing to 11
[ 1255.966179][T15487] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 58047, setting to 1024
[ 1255.977505][T15487] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1255.993801][T15487] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1256.002924][T15487] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1256.019792][T15487] usb 5-1: Product: syz
[ 1256.029961][T15487] usb 5-1: Manufacturer: syz
[ 1256.034565][T15487] usb 5-1: SerialNumber: syz
[ 1256.055271][T15487] imon:imon_find_endpoints: no valid input (IR) endpoint found
[ 1256.070522][T15487] imon 5-1:155.0: unable to initialize intf0, err -19
[ 1256.087487][T15487] imon:imon_probe: failed to initialize context!
[ 1256.105832][T15487] imon 5-1:155.0: unable to register, err -19
[ 1256.333635][T21809] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1256.365252][T10987] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1256.378072][T10987] se401 4-1:0.0: probe with driver se401 failed with error -71
[ 1256.395505][T21809] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1256.410316][T21809] bridge_slave_0: entered allmulticast mode
[ 1256.413156][T21790] Bluetooth: hci1: command tx timeout
[ 1256.417492][T21809] bridge_slave_0: entered promiscuous mode
[ 1256.440209][T21874] netlink: 424 bytes leftover after parsing attributes in process `syz.6.3990'.
[ 1256.476739][T10987] usb 4-1: USB disconnect, device number 118
[ 1256.521670][T21874] bridge_slave_0: left allmulticast mode
[ 1256.527483][T21874] bridge_slave_0: left promiscuous mode
[ 1256.537471][T21874] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1256.555050][T21874] bridge_slave_1: left allmulticast mode
[ 1256.562032][T21874] bridge_slave_1: left promiscuous mode
[ 1256.572278][T21874] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1256.586372][T21874] bond0: (slave bond_slave_0): Releasing backup interface
[ 1256.599181][T21874] bond0: (slave bond_slave_1): Releasing backup interface
[ 1256.623048][T21874] team0: Port device team_slave_0 removed
[ 1256.635624][T21874] team0: Port device team_slave_1 removed
[ 1256.643441][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1256.652702][T21874] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1256.662953][T21874] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1256.672432][T21874] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1256.692899][T21874] bond1: (slave vcan1): Releasing backup interface
[ 1256.699481][T21874] vcan1: left promiscuous mode
[ 1256.716459][T21874] bond2: (slave vcan2): Releasing backup interface
[ 1256.724049][T21874] vcan2: left promiscuous mode
[ 1256.738803][T21809] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1256.754313][T21809] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1256.768857][T21809] bridge_slave_1: entered allmulticast mode
[ 1256.787444][T21809] bridge_slave_1: entered promiscuous mode
[ 1256.884451][T21809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1256.918673][T19421] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1257.224978][   T30] audit: type=1326 audit(2000001368.462:1617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.327156][T10987] usb 5-1: USB disconnect, device number 105
[ 1257.392103][   T30] audit: type=1326 audit(2000001368.472:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=266 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.427895][   T30] audit: type=1326 audit(2000001368.472:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.570481][   T30] audit: type=1326 audit(2000001368.472:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.594440][   T30] audit: type=1326 audit(2000001368.472:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.619343][   T30] audit: type=1326 audit(2000001368.472:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.644054][   T30] audit: type=1326 audit(2000001368.472:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.668057][   T30] audit: type=1326 audit(2000001368.482:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1257.702217][   T30] audit: type=1326 audit(2000001368.492:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1258.462604][   T30] audit: type=1326 audit(2000001368.502:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21882 comm="syz.3.3994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd16ef8ebe9 code=0x7ffc0000
[ 1258.489815][T21790] Bluetooth: hci1: command tx timeout
[ 1258.637247][T19421] dvmrp1 (unregistering): left allmulticast mode
[ 1258.901596][T19421] bond13 (unregistering): (slave bridge2): Releasing active interface
[ 1259.070163][T19421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1259.080323][T19421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1259.089544][T19421] bond0 (unregistering): Released all slaves
[ 1259.209219][T19421] bond1 (unregistering): Released all slaves
[ 1260.243198][T21903] overlay: ./file0 is not a directory
[ 1260.258732][T21911] netlink: 36 bytes leftover after parsing attributes in process `syz.7.4001'.
[ 1260.297314][T21914] netlink: 'syz.6.4002': attribute type 1 has an invalid length.
[ 1260.311762][T21914] netlink: 184 bytes leftover after parsing attributes in process `syz.6.4002'.
[ 1260.321690][T21914] netlink: 'syz.6.4002': attribute type 1 has an invalid length.
[ 1260.347044][T19421] bond2 (unregistering): Released all slaves
[ 1260.494943][T21918] netlink: 'syz.4.4004': attribute type 1 has an invalid length.
[ 1260.503525][T21918] netlink: 144 bytes leftover after parsing attributes in process `syz.4.4004'.
[ 1260.514633][T21918] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4004'.
[ 1260.543863][T19421] bond3 (unregistering): (slave vcan1): Releasing backup interface
[ 1260.551922][T19421] vcan1: left promiscuous mode
[ 1260.557681][T19421] bond3 (unregistering): Released all slaves
[ 1260.579912][T21790] Bluetooth: hci1: command tx timeout
[ 1260.643459][T15490] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[ 1260.666265][T19421] bond4 (unregistering): (slave vcan2): Releasing backup interface
[ 1260.674298][T19421] vcan2: left promiscuous mode
[ 1260.680134][T19421] bond4 (unregistering): Released all slaves
[ 1260.774899][T19421] bond5 (unregistering): (slave vcan3): Releasing backup interface
[ 1260.782966][T19421] vcan3: left promiscuous mode
[ 1260.788579][T19421] bond5 (unregistering): Released all slaves
[ 1260.799908][T15490] usb 7-1: Using ep0 maxpacket: 8
[ 1260.814776][T15490] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1260.824060][T15490] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1260.832603][T15490] usb 7-1: Product: syz
[ 1260.836782][T15490] usb 7-1: Manufacturer: syz
[ 1260.845926][T15490] usb 7-1: SerialNumber: syz
[ 1260.861982][T15490] usb 7-1: config 0 descriptor??
[ 1260.879283][T15490] gspca_main: se401-2.14.0 probing 047d:5003
[ 1260.919448][T19421] bond6 (unregistering): (slave vcan4): Releasing backup interface
[ 1260.927450][T19421] vcan4: left promiscuous mode
[ 1260.934162][T19421] bond6 (unregistering): Released all slaves
[ 1261.037976][T19421] bond7 (unregistering): (slave vcan5): Releasing backup interface
[ 1261.046310][T19421] vcan5: left promiscuous mode
[ 1261.054500][T19421] bond7 (unregistering): Released all slaves
[ 1261.281277][T19421] bond8 (unregistering): (slave vcan6): Releasing backup interface
[ 1261.289258][T19421] vcan6: left promiscuous mode
[ 1261.296744][T19421] bond8 (unregistering): Released all slaves
[ 1261.534057][T15490] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1261.566369][T15490] se401 7-1:0.0: probe with driver se401 failed with error -71
[ 1261.632156][T15490] usb 7-1: USB disconnect, device number 22
[ 1261.828988][T19421] bond9 (unregistering): (slave vcan7): Releasing backup interface
[ 1261.836998][T19421] vcan7: left promiscuous mode
[ 1261.842817][T19421] bond9 (unregistering): Released all slaves
[ 1261.955111][T19421] bond10 (unregistering): (slave vcan8): Releasing backup interface
[ 1261.963303][T19421] vcan8: left promiscuous mode
[ 1261.968999][T19421] bond10 (unregistering): Released all slaves
[ 1262.064511][T19421] bond11 (unregistering): (slave vcan9): Releasing backup interface
[ 1262.072569][T19421] vcan9: left promiscuous mode
[ 1262.078183][T19421] bond11 (unregistering): Released all slaves
[ 1262.224981][T19421] bond12 (unregistering): (slave vcan10): Releasing backup interface
[ 1262.237380][T19421] vcan10: left promiscuous mode
[ 1262.246005][T19421] bond12 (unregistering): Released all slaves
[ 1262.267121][T19421] bond13 (unregistering): Released all slaves
[ 1262.322919][T21809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1262.354838][T21887] bridge_slave_0: left allmulticast mode
[ 1262.360537][T21887] bridge_slave_0: left promiscuous mode
[ 1262.366133][T21887] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1262.725425][T21887] bridge_slave_1: left allmulticast mode
[ 1262.731248][T21887] bridge_slave_1: left promiscuous mode
[ 1262.736870][T21887] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1262.757282][T21887] bond0: (slave bond_slave_0): Releasing backup interface
[ 1262.774459][T21887] bond0: (slave bond_slave_1): Releasing backup interface
[ 1262.786244][T21887] team0: Port device team_slave_0 removed
[ 1262.794739][T21887] team0: Port device team_slave_1 removed
[ 1262.801118][T21887] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1262.808468][T21887] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1262.816362][T21887] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1262.823772][T21887] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1262.985119][T21809] team0: Port device team_slave_0 added
[ 1263.141012][T21809] team0: Port device team_slave_1 added
[ 1263.312440][T21809] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1263.332193][T21809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1263.410375][T21809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1263.482903][T21809] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1263.497546][T21809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1263.533388][T21809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1263.676517][T21809] hsr_slave_0: entered promiscuous mode
[ 1263.687769][T21809] hsr_slave_1: entered promiscuous mode
[ 1263.705705][T21809] debugfs: 'hsr0' already exists in 'hsr'
[ 1263.717472][T21809] Cannot create hsr debugfs directory
[ 1263.748212][T19421] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1263.769447][T19421] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1263.796953][   T30] kauditd_printk_skb: 1 callbacks suppressed
[ 1263.796968][   T30] audit: type=1326 audit(2000001375.042:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1263.848531][   T30] audit: type=1326 audit(2000001375.042:1629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1263.898441][   T30] audit: type=1326 audit(2000001375.042:1630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1263.898501][T21952] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4011'.
[ 1263.924832][   T30] audit: type=1326 audit(2000001375.042:1631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1263.982258][   T30] audit: type=1326 audit(2000001375.042:1632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.006454][   T30] audit: type=1326 audit(2000001375.042:1633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.006497][   T30] audit: type=1326 audit(2000001375.042:1634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.006535][   T30] audit: type=1326 audit(2000001375.042:1635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.006572][   T30] audit: type=1326 audit(2000001375.042:1636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.006609][   T30] audit: type=1326 audit(2000001375.042:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21930 comm="syz.4.4007" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7fc00000
[ 1264.108541][T19421] batadv1 (unregistering): left promiscuous mode
[ 1264.455080][T19421] batadv1 (unregistering): left allmulticast mode
[ 1264.462620][T19421] team0 (unregistering): Port device batadv1 removed
[ 1264.634998][T21970] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4015'.
[ 1265.537727][T21981] 9pnet_fd: Insufficient options for proto=fd
[ 1266.028873][T19421] team0 (unregistering): Port device team_slave_1 removed
[ 1266.084730][T19421] team0 (unregistering): Port device team_slave_0 removed
[ 1266.173916][T21990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1266.182672][T21990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1266.422117][T10979] usb 5-1: new high-speed USB device number 106 using dummy_hcd
[ 1266.430026][T21990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1266.439311][T21990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1266.471260][T21991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1266.481883][T21991] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1266.506938][T21990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1266.519130][T21990] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1266.618095][T10979] usb 5-1: device descriptor read/all, error -71
[ 1267.023919][T15500] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[ 1267.087381][T22007] netlink: 'syz.3.4024': attribute type 1 has an invalid length.
[ 1267.098599][T22007] netlink: 144 bytes leftover after parsing attributes in process `syz.3.4024'.
[ 1267.149578][T22007] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4024'.
[ 1267.189954][T15500] usb 7-1: Using ep0 maxpacket: 16
[ 1267.198981][T15500] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1267.210224][T15500] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1267.236885][T15500] usb 7-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[ 1267.309266][T15500] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1267.349075][T15500] usb 7-1: config 0 descriptor??
[ 1267.814160][T15500] hid-multitouch 0003:1FD2:6007.0054: unknown main item tag 0x6
[ 1267.844480][T15500] hid-multitouch 0003:1FD2:6007.0054: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.6-1/input0
[ 1268.095283][T15500] usb 7-1: USB disconnect, device number 23
[ 1268.148875][T22021] fido_id[22021]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[ 1268.282060][T21809] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1268.332679][T21809] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1268.400196][T21809] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1268.417933][T21809] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1268.674295][T21809] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1268.746855][T21809] 8021q: adding VLAN 0 to HW filter on device team0
[ 1268.803976][T19396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1268.811096][T19396] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1269.172954][T19421] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1269.180102][T19421] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1269.821849][T21809] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1270.127547][T21809] veth0_vlan: entered promiscuous mode
[ 1270.149432][T21809] veth1_vlan: entered promiscuous mode
[ 1270.201252][T21809] veth0_macvtap: entered promiscuous mode
[ 1270.215751][T21809] veth1_macvtap: entered promiscuous mode
[ 1270.258026][T21809] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1270.277788][T21809] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1270.298411][T19393] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1270.367068][T19393] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1270.483422][T19423] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1270.494192][T19423] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1270.649567][T22091] fuse: Unknown parameter '.+Hu§‘µ!È/¢ÙW™׿™ð9çŒ/ü�§ŸÚ{>­íëü‘ÿ�0'
[ 1270.972957][T19419] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.073359][T19419] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1271.525580][T22101] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[ 1271.673503][T19419] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.725042][T19419] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1272.059773][T15487] usb 5-1: new high-speed USB device number 108 using dummy_hcd
[ 1272.370232][T15487] usb 5-1: Using ep0 maxpacket: 16
[ 1272.420219][T22123] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1272.835620][T15487] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1272.848778][T15487] usb 5-1: config 0 has no interface number 0
[ 1272.864417][T15487] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1272.923586][T15487] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1272.979726][T15487] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1272.999594][T15487] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1273.017983][T15487] usb 5-1: Product: syz
[ 1273.030532][T15487] usb 5-1: SerialNumber: syz
[ 1273.081773][T15487] usb 5-1: config 0 descriptor??
[ 1273.101819][T15487] cm109 5-1:0.8: invalid payload size 0, expected 4
[ 1273.121349][T15487] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input93
[ 1273.526219][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1273.747974][T15500] usb 5-1: USB disconnect, device number 108
[ 1274.221473][T15500] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1275.252958][T22148] lo speed is unknown, defaulting to 1000
[ 1275.253181][T22148] lo speed is unknown, defaulting to 1000
[ 1275.277540][T22148] lo speed is unknown, defaulting to 1000
[ 1275.355385][T22148] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[ 1275.940373][T22159] fuse: Bad value for 'fd'
[ 1275.952865][T22148] lo speed is unknown, defaulting to 1000
[ 1275.953574][T22148] lo speed is unknown, defaulting to 1000
[ 1275.963407][T22148] lo speed is unknown, defaulting to 1000
[ 1275.989369][T22148] lo speed is unknown, defaulting to 1000
[ 1276.015468][T22148] lo speed is unknown, defaulting to 1000
[ 1276.022618][T22148] lo speed is unknown, defaulting to 1000
[ 1277.000486][T22163] block nbd0: Attempted send on invalid socket
[ 1277.006699][T22163] I/O error, dev nbd0, sector 521328 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1278.412837][T22190] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[ 1278.646111][T22198] kvm: kvm [22187]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x7
[ 1278.654777][T15500] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 1278.664746][T22198] kvm: kvm [22187]: vcpu2, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x7
[ 1278.873486][T22205] openvswitch: netlink: IP tunnel dst address not specified
[ 1279.438049][T15500] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1279.561083][T15500] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1279.730526][T15500] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1279.850436][T15500] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1279.872325][T15500] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1279.921525][T15500] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1280.033179][T15500] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1280.089265][T15500] usb 4-1: Product: syz
[ 1280.105002][   T30] kauditd_printk_skb: 56 callbacks suppressed
[ 1280.105038][   T30] audit: type=1400 audit(2000001391.352:1694): avc:  denied  { append } for  pid=22208 comm="syz.5.4062" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[ 1280.140934][T15500] usb 4-1: Manufacturer: syz
[ 1280.372824][T15500] cdc_wdm 4-1:1.0: skipping garbage
[ 1280.378050][T15500] cdc_wdm 4-1:1.0: skipping garbage
[ 1280.405256][T15500] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[ 1280.559875][T15500] cdc_wdm 4-1:1.0: Unknown control protocol
[ 1281.140825][T22186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1281.225768][T22186] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1281.243895][T15487] usb 4-1: USB disconnect, device number 119
[ 1281.436960][T22225] binder: BINDER_SET_CONTEXT_MGR already set
[ 1281.443050][T22225] binder: 22220:22225 ioctl 4018620d 200000004a80 returned -16
[ 1282.518288][   T30] audit: type=1400 audit(2000001393.762:1695): avc:  denied  { name_connect } for  pid=22250 comm="syz.5.4072" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1282.539958][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1282.658771][T22256] No source specified
[ 1284.879911][T15500] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[ 1285.057819][T15500] usb 7-1: Using ep0 maxpacket: 16
[ 1285.175975][T15500] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1285.184230][T15500] usb 7-1: config 0 has no interface number 0
[ 1285.250063][T15500] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1285.292528][T15500] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1285.304415][T15500] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1285.317689][T15500] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1285.331508][T15500] usb 7-1: Product: syz
[ 1285.341670][T15500] usb 7-1: SerialNumber: syz
[ 1285.358858][T15500] usb 7-1: config 0 descriptor??
[ 1285.368006][T15500] cm109 7-1:0.8: invalid payload size 0, expected 4
[ 1285.377680][T15500] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input95
[ 1285.637468][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1285.857255][T20417] usb 7-1: USB disconnect, device number 24
[ 1285.886285][T20417] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1286.263395][   T30] audit: type=1400 audit(2000001397.512:1696): avc:  denied  { listen } for  pid=22315 comm="syz.3.4090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1286.283859][   T30] audit: type=1400 audit(2000001397.522:1697): avc:  denied  { open } for  pid=22315 comm="syz.3.4090" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=82568 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1286.308141][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1287.551525][T22338] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1288.104697][T22342] netlink: 216 bytes leftover after parsing attributes in process `syz.3.4096'.
[ 1288.113824][T22342] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4096'.
[ 1288.122866][T22342] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4096'.
[ 1288.293807][T22348] syzkaller1: entered promiscuous mode
[ 1288.303051][T22348] syzkaller1: entered allmulticast mode
[ 1288.326989][T22344] tipc: Started in network mode
[ 1288.357679][T22353] overlayfs: missing 'lowerdir'
[ 1288.409920][T22344] tipc: Node identity , cluster identity 4711
[ 1288.508935][T22344] tipc: Failed to obtain node identity
[ 1288.992650][T22344] tipc: Enabling of bearer <eth:ip6gre0> rejected, failed to enable media
[ 1289.367847][T22366] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4105'.
[ 1289.419983][T20417] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 1289.639879][T20417] usb 4-1: Using ep0 maxpacket: 8
[ 1289.654792][T22377] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4108'.
[ 1289.655844][T20417] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1289.683931][T20417] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1289.693964][T20417] usb 4-1: Product: syz
[ 1289.698237][T20417] usb 4-1: Manufacturer: syz
[ 1289.704653][T20417] usb 4-1: SerialNumber: syz
[ 1289.762470][T20417] usb 4-1: config 0 descriptor??
[ 1289.772080][T20417] gspca_main: se401-2.14.0 probing 047d:5003
[ 1289.890072][T10980] usb 5-1: new full-speed USB device number 109 using dummy_hcd
[ 1290.110387][T10980] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1290.128610][T10980] usb 5-1: not running at top speed; connect to a high speed hub
[ 1290.154654][T10980] usb 5-1: config 5 has an invalid interface number: 246 but max is 0
[ 1290.169568][T10980] usb 5-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[ 1290.335031][T10980] usb 5-1: config 5 has no interface number 0
[ 1290.347696][T10980] usb 5-1: config 5 interface 246 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1290.371921][T10980] usb 5-1: config 5 interface 246 has no altsetting 0
[ 1290.593440][T20417] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1290.768513][T20417] se401 4-1:0.0: probe with driver se401 failed with error -71
[ 1290.775155][T10980] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[ 1290.793265][T10980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1290.801933][T20417] usb 4-1: USB disconnect, device number 120
[ 1290.890474][T10980] usb 5-1: Product: Ñ…
[ 1290.936347][T10980] usb 5-1: SerialNumber: syz
[ 1291.241943][T10980] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[ 1291.292173][T10980] usb 5-1: USB disconnect, device number 109
[ 1291.293334][T19423] usb 5-1: Failed to submit usb control message: -19
[ 1291.349627][T19423] usb 5-1: unable to send the bmi data to the device: -19
[ 1291.395286][T19423] usb 5-1: unable to get target info from device
[ 1291.416172][T19423] usb 5-1: could not get target info (-19)
[ 1291.428731][T19423] usb 5-1: could not probe fw (-19)
[ 1291.738075][T22418] UBIFS error (pid: 22418): cannot open "c:::", error -22
[ 1292.876092][T22421] usb usb8: usbfs: process 22421 (syz.3.4118) did not claim interface 0 before use
[ 1293.200568][T22429] netlink: 'syz.7.4119': attribute type 4 has an invalid length.
[ 1293.857052][T22439] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1294.256308][   T30] audit: type=1400 audit(2000001405.502:1698): avc:  denied  { ioctl } for  pid=22436 comm="syz.4.4125" path="socket:[83434]" dev="sockfs" ino=83434 ioctlcmd=0x4b4e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1294.669813][T10980] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1294.910094][T10980] usb 6-1: Using ep0 maxpacket: 8
[ 1294.951430][T10980] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1294.968404][T10980] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1295.024152][T10980] usb 6-1: Product: syz
[ 1295.043344][T10980] usb 6-1: Manufacturer: syz
[ 1295.048047][T10980] usb 6-1: SerialNumber: syz
[ 1295.158514][T10980] usb 6-1: config 0 descriptor??
[ 1295.191048][T10980] gspca_main: se401-2.14.0 probing 047d:5003
[ 1295.333375][T22464] loop7: detected capacity change from 0 to 7
[ 1295.344903][T21276] Dev loop7: unable to read RDB block 7
[ 1295.350791][T21276]  loop7: unable to read partition table
[ 1295.359089][T21276] loop7: partition table beyond EOD, truncated
[ 1295.366505][T22464] Dev loop7: unable to read RDB block 7
[ 1295.375629][T22464]  loop7: unable to read partition table
[ 1295.386066][T22464] loop7: partition table beyond EOD, truncated
[ 1295.405061][T22464] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1295.456709][T19784] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1295.631530][T19784] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1295.664392][T19784] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1295.711987][T19784] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1295.759787][T10980] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1295.780051][T19784] usb 4-1: config 0 descriptor??
[ 1295.828506][T10980] se401 6-1:0.0: probe with driver se401 failed with error -71
[ 1295.842481][T19784] pwc: Askey VC010 type 2 USB webcam detected.
[ 1295.891722][T10980] usb 6-1: USB disconnect, device number 24
[ 1296.180996][T22479] netlink: 'syz.7.4138': attribute type 1 has an invalid length.
[ 1296.190483][T19784] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1296.199131][T22479] netlink: 228 bytes leftover after parsing attributes in process `syz.7.4138'.
[ 1296.210548][T19784] pwc: recv_control_msg error -32 req 02 val 2700
[ 1296.217550][T19784] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1296.238704][T19784] pwc: recv_control_msg error -32 req 04 val 1000
[ 1296.248396][T19784] pwc: recv_control_msg error -32 req 04 val 1300
[ 1296.255985][T19784] pwc: recv_control_msg error -32 req 04 val 1400
[ 1296.269206][T19784] pwc: recv_control_msg error -32 req 02 val 2000
[ 1296.290945][T19784] pwc: recv_control_msg error -32 req 02 val 2100
[ 1296.305446][T19784] pwc: recv_control_msg error -32 req 04 val 1500
[ 1296.315043][T19784] pwc: recv_control_msg error -32 req 02 val 2500
[ 1296.322416][T19784] pwc: recv_control_msg error -32 req 02 val 2400
[ 1296.329389][T19784] pwc: recv_control_msg error -32 req 02 val 2600
[ 1296.340245][T19784] pwc: recv_control_msg error -32 req 02 val 2900
[ 1296.370355][T15487] usb 5-1: new high-speed USB device number 110 using dummy_hcd
[ 1296.384545][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.395514][T22481] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4139'.
[ 1296.410116][T22484] bridge_slave_1: left allmulticast mode
[ 1296.415884][T22484] bridge_slave_1: left promiscuous mode
[ 1296.423094][T22484] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1296.434879][T22484] bridge_slave_0: left allmulticast mode
[ 1296.450963][T22484] bridge_slave_0: left promiscuous mode
[ 1296.464968][T22484] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1296.466296][T22488] netlink: 'syz.5.4141': attribute type 1 has an invalid length.
[ 1296.480964][T22488] netlink: 176 bytes leftover after parsing attributes in process `syz.5.4141'.
[ 1296.490802][T22488] netlink: 'syz.5.4141': attribute type 1 has an invalid length.
[ 1296.532596][T15487] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1296.545838][T15487] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1296.556759][T15487] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1296.584336][T15487] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1296.597910][T15487] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1296.608815][T15487] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1296.618096][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.618655][T15487] usb 5-1: Product: syz
[ 1296.636792][T15487] usb 5-1: Manufacturer: syz
[ 1296.644468][T15487] usb 5-1: SerialNumber: syz
[ 1296.651552][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.663887][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.674629][T15487] usb 5-1: config 0 descriptor??
[ 1296.685957][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.695233][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1296.704750][T22484] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4140'.
[ 1297.649932][T22495] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[ 1297.676884][T22500] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1297.718030][T22477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1297.729147][T22477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1297.743935][T22477] netlink: 'syz.4.4137': attribute type 1 has an invalid length.
[ 1297.783003][T22477] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1297.832404][T22477] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1298.210088][   T30] audit: type=1400 audit(2000001409.102:1699): avc:  denied  { getopt } for  pid=22490 comm="syz.6.4142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1298.237614][T19784] pwc: recv_control_msg error -71 req 02 val 2800
[ 1298.247401][T19784] pwc: recv_control_msg error -71 req 04 val 1100
[ 1298.495207][T19784] pwc: recv_control_msg error -71 req 04 val 1200
[ 1298.509286][T19784] pwc: Registered as video103.
[ 1298.515953][T19784] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input97
[ 1298.664747][T15487] adutux 5-1:0.0: ADU208  now attached to /dev/usb/adutux0
[ 1298.883735][T19784] usb 4-1: USB disconnect, device number 121
[ 1298.919969][T15487] usb 5-1: USB disconnect, device number 110
[ 1299.439351][T22501] syz.6.4142 (22501): drop_caches: 2
[ 1299.692088][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.382644][T22532] CIFS: VFS: Malformed UNC in devname
[ 1301.360245][   T30] audit: type=1400 audit(2000001412.602:1700): avc:  denied  { remount } for  pid=22546 comm="syz.4.4156" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1302.441891][T15487] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1302.634733][T15487] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1302.682185][T15487] usb 6-1: config 0 interface 0 has no altsetting 0
[ 1302.688814][T15487] usb 6-1: New USB device found, idVendor=044e, idProduct=1215, bcdDevice= 0.00
[ 1302.723806][T15487] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1302.760746][T15487] usb 6-1: config 0 descriptor??
[ 1302.891360][T22575] pimreg: entered allmulticast mode
[ 1302.914098][T22575] pimreg: left allmulticast mode
[ 1304.473583][   T30] audit: type=1400 audit(2000001415.722:1701): avc:  denied  { write } for  pid=22554 comm="syz.5.4159" path="socket:[83946]" dev="sockfs" ino=83946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1304.694889][T22590] openvswitch: netlink: IP tunnel dst address not specified
[ 1306.202408][T15487] usbhid 6-1:0.0: can't add hid device: -71
[ 1306.208403][T15487] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[ 1306.600266][T15487] usb 6-1: USB disconnect, device number 25
[ 1306.709289][T22617] __nla_validate_parse: 26 callbacks suppressed
[ 1306.709301][T22617] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4173'.
[ 1307.407920][T22630] FAULT_INJECTION: forcing a failure.
[ 1307.407920][T22630] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1307.461116][T22630] CPU: 1 UID: 0 PID: 22630 Comm: syz.4.4177 Not tainted syzkaller #0 PREEMPT(full) 
[ 1307.461140][T22630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1307.461151][T22630] Call Trace:
[ 1307.461157][T22630]  <TASK>
[ 1307.461165][T22630]  dump_stack_lvl+0x16c/0x1f0
[ 1307.461192][T22630]  should_fail_ex+0x512/0x640
[ 1307.461219][T22630]  _copy_from_user+0x2e/0xd0
[ 1307.461245][T22630]  copy_msghdr_from_user+0x98/0x160
[ 1307.461269][T22630]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1307.461304][T22630]  ___sys_sendmsg+0xfe/0x1d0
[ 1307.461327][T22630]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1307.461382][T22630]  __sys_sendmsg+0x16d/0x220
[ 1307.461404][T22630]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1307.461442][T22630]  do_syscall_64+0xcd/0x4c0
[ 1307.461466][T22630]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1307.461483][T22630] RIP: 0033:0x7f683e38ebe9
[ 1307.461498][T22630] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1307.461515][T22630] RSP: 002b:00007f683f13a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1307.461532][T22630] RAX: ffffffffffffffda RBX: 00007f683e5c5fa0 RCX: 00007f683e38ebe9
[ 1307.461543][T22630] RDX: 0000000004001000 RSI: 0000200000001a00 RDI: 0000000000000004
[ 1307.461554][T22630] RBP: 00007f683f13a090 R08: 0000000000000000 R09: 0000000000000000
[ 1307.461565][T22630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1307.461574][T22630] R13: 00007f683e5c6038 R14: 00007f683e5c5fa0 R15: 00007ffc1b6f8e58
[ 1307.461599][T22630]  </TASK>
[ 1308.508423][T22644] wireguard0: entered promiscuous mode
[ 1308.534142][T22644] wireguard0: entered allmulticast mode
[ 1309.356832][T22662] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=46608 sclass=netlink_route_socket pid=22662 comm=syz.6.4186
[ 1309.924208][T22679] lo speed is unknown, defaulting to 1000
[ 1310.912635][T22693] FAULT_INJECTION: forcing a failure.
[ 1310.912635][T22693] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1310.925934][T22693] CPU: 0 UID: 0 PID: 22693 Comm: syz.7.4194 Not tainted syzkaller #0 PREEMPT(full) 
[ 1310.925958][T22693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1310.925968][T22693] Call Trace:
[ 1310.925974][T22693]  <TASK>
[ 1310.925981][T22693]  dump_stack_lvl+0x16c/0x1f0
[ 1310.926008][T22693]  should_fail_ex+0x512/0x640
[ 1310.926035][T22693]  _copy_from_iter+0x29f/0x1720
[ 1310.926063][T22693]  ? __alloc_skb+0x200/0x380
[ 1310.926084][T22693]  ? __pfx__copy_from_iter+0x10/0x10
[ 1310.926112][T22693]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1310.926143][T22693]  netlink_sendmsg+0x829/0xdd0
[ 1310.926171][T22693]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1310.926204][T22693]  ____sys_sendmsg+0xa98/0xc70
[ 1310.926231][T22693]  ? copy_msghdr_from_user+0x10a/0x160
[ 1310.926253][T22693]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1310.926292][T22693]  ___sys_sendmsg+0x134/0x1d0
[ 1310.926316][T22693]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1310.926370][T22693]  __sys_sendmsg+0x16d/0x220
[ 1310.926392][T22693]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1310.926431][T22693]  do_syscall_64+0xcd/0x4c0
[ 1310.926456][T22693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1310.926474][T22693] RIP: 0033:0x7fbf7b38ebe9
[ 1310.926488][T22693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1310.926505][T22693] RSP: 002b:00007fbf795d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1310.926522][T22693] RAX: ffffffffffffffda RBX: 00007fbf7b5c6180 RCX: 00007fbf7b38ebe9
[ 1310.926533][T22693] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008
[ 1310.926543][T22693] RBP: 00007fbf795d5090 R08: 0000000000000000 R09: 0000000000000000
[ 1310.926554][T22693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1310.926563][T22693] R13: 00007fbf7b5c6218 R14: 00007fbf7b5c6180 R15: 00007ffd4518f5e8
[ 1310.926588][T22693]  </TASK>
[ 1311.112686][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1311.120852][T22692] fuse: Unknown parameter 'fd0xffffffffffffffff00000000000000000000'
[ 1311.702544][T22698] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4198'.
[ 1311.729007][T22698] 0ªX¹¦À: renamed from caif0
[ 1311.838293][T22698] 0ªX¹¦À: entered allmulticast mode
[ 1311.912739][T22698] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[ 1311.969124][   T30] audit: type=1400 audit(2000001423.212:1702): avc:  denied  { getopt } for  pid=22704 comm="syz.6.4200" lport=47512 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1312.244777][T10987] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1312.777071][T22720] nfs4: Unknown parameter '/dev/comedi3'
[ 1312.874216][T10987] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[ 1312.885116][T10987] usb 6-1: can't read configurations, error -22
[ 1313.545728][T10987] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1313.864826][T10987] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[ 1313.873515][T10987] usb 6-1: can't read configurations, error -22
[ 1313.881287][T10987] usb usb6-port1: attempt power cycle
[ 1313.957634][T22734] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4209'.
[ 1314.590450][T10987] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1314.666924][T10987] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[ 1314.697264][T10987] usb 6-1: can't read configurations, error -22
[ 1314.855294][T10987] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1315.085292][T10987] usb 6-1: device not accepting address 29, error -71
[ 1315.359502][T10987] usb usb6-port1: unable to enumerate USB device
[ 1316.013509][T22759] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2
[ 1316.029105][T22759] netdevsim netdevsim5: Falling back to sysfs fallback for: ./file0
[ 1317.005001][T22775] openvswitch: netlink: IP tunnel dst address not specified
[ 1318.209139][T22789] loop2: detected capacity change from 0 to 7
[ 1318.237655][T22789] Dev loop2: unable to read RDB block 7
[ 1318.243678][T22789]  loop2: AHDI p1 p2 p3
[ 1318.248150][T22789] loop2: partition table partially beyond EOD, truncated
[ 1318.257121][T22789] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1318.264107][T22789] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1318.581337][T22792] netlink: 'syz.5.4225': attribute type 1 has an invalid length.
[ 1319.193088][T22806] netlink: 48 bytes leftover after parsing attributes in process `syz.7.4229'.
[ 1319.605288][T22810] hfsplus: unable to find HFS+ superblock
[ 1321.226792][T22829] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[ 1321.815530][T22836] lo speed is unknown, defaulting to 1000
[ 1321.856279][   T30] audit: type=1326 audit(2000001946.106:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1322.168281][   T30] audit: type=1326 audit(2000001946.136:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.514162][   T30] audit: type=1326 audit(2000001946.146:1705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.610124][T22855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1323.689808][   T30] audit: type=1326 audit(2000001946.146:1706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.714685][   T30] audit: type=1326 audit(2000001946.146:1707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.738627][   T30] audit: type=1326 audit(2000001946.146:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.770120][   T30] audit: type=1326 audit(2000001946.156:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.794114][   T30] audit: type=1326 audit(2000001946.156:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.801011][T22841] loop6: detected capacity change from 0 to 63
[ 1323.817852][   T30] audit: type=1326 audit(2000001946.206:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.847664][   T30] audit: type=1326 audit(2000001946.206:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=22832 comm="syz.4.4236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f683e38ebe9 code=0x7ffc0000
[ 1323.892936][T21276] buffer_io_error: 10 callbacks suppressed
[ 1323.922874][T21276] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1323.946734][T22850] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1323.977320][T22859] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1323.991350][T21276] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1324.636242][T21276] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1324.647088][T21276] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1324.703459][T21276] Buffer I/O error on dev loop6, logical block 0, async page read
[ 1324.992740][T22872] UBIFS error (pid: 22872): cannot open "c:::", error -22
[ 1326.600771][T15487] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[ 1326.852937][T15492] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1326.919748][T15487] usb 6-1: Using ep0 maxpacket: 16
[ 1326.932156][T15487] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1327.754876][T15487] usb 6-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00
[ 1327.864216][T15492] usb 4-1: Using ep0 maxpacket: 16
[ 1327.908964][T22899] netlink: 20 bytes leftover after parsing attributes in process `syz.7.4247'.
[ 1327.943161][T15492] usb 4-1: device descriptor read/all, error -71
[ 1327.955407][T15487] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1327.983818][T22904] netlink: 12 bytes leftover after parsing attributes in process `syz.7.4247'.
[ 1328.008233][T15487] usb 6-1: config 0 descriptor??
[ 1328.021558][T22905] block nbd6: Attempted send on invalid socket
[ 1328.043515][T22905] I/O error, dev nbd6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1328.054681][T22905] block nbd6: Attempted send on invalid socket
[ 1328.061793][T22905] I/O error, dev nbd6, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1328.072148][T22905] Mount JFS Failure: -5
[ 1328.169360][T15487] usb 6-1: can't set config #0, error -71
[ 1328.200665][T15487] usb 6-1: USB disconnect, device number 30
[ 1329.215224][T22926] UBIFS error (pid: 22926): cannot open "c:::", error -22
[ 1330.187560][T22932] netlink: 232 bytes leftover after parsing attributes in process `syz.5.4259'.
[ 1331.078039][T22946] netlink: 'syz.5.4263': attribute type 1 has an invalid length.
[ 1331.097590][T22946] netlink: 184 bytes leftover after parsing attributes in process `syz.5.4263'.
[ 1331.108478][T22946] netlink: 'syz.5.4263': attribute type 1 has an invalid length.
[ 1331.519978][T22952] UBIFS error (pid: 22952): cannot open "c:::", error -22
[ 1332.349831][T15490] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[ 1332.543685][T15490] usb 6-1: Using ep0 maxpacket: 16
[ 1332.672105][T15490] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1332.776720][T15487] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[ 1332.797262][T15490] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1332.924600][T15490] usb 6-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1332.939242][T15490] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1332.949975][T15490] usb 6-1: config 0 descriptor??
[ 1333.047953][T22973] UBIFS error (pid: 22973): cannot open "c:::", error -22
[ 1333.163899][T15487] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1333.481755][T15487] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1333.533261][T15487] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1333.546145][T15487] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1333.560771][T15487] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1333.571713][T15487] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1333.580154][T15487] usb 7-1: Product: syz
[ 1333.584512][T15487] usb 7-1: Manufacturer: syz
[ 1333.589262][T15487] usb 7-1: SerialNumber: syz
[ 1333.599780][T15487] usb 7-1: config 0 descriptor??
[ 1333.722303][T15490] aquacomputer_d5next 0003:0C70:F0B6.0055: hidraw0: USB HID v0.05 Device [HID 0c70:f0b6] on usb-dummy_hcd.5-1/input0
[ 1333.756650][T22981] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4274'.
[ 1333.840779][T10980] usb 5-1: new high-speed USB device number 111 using dummy_hcd
[ 1334.101935][T22964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1334.121201][T22964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1334.136169][T22964] netlink: 'syz.6.4270': attribute type 1 has an invalid length.
[ 1334.172907][T10980] usb 5-1: Using ep0 maxpacket: 8
[ 1334.197324][T22964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1334.198211][T10980] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1334.232891][T15490] usb 6-1: USB disconnect, device number 31
[ 1334.247248][T10980] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1334.289380][T10980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1334.350066][T22964] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1334.350446][T10980] usb 5-1: config 0 descriptor??
[ 1334.425842][T22987] openvswitch: netlink: IP tunnel dst address not specified
[ 1334.438681][T15487] adutux 7-1:0.0: ADU208  now attached to /dev/usb/adutux0
[ 1334.449364][T15487] usb 7-1: USB disconnect, device number 25
[ 1335.240815][T10980] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1335.315664][T22996] netlink: 'syz.5.4278': attribute type 1 has an invalid length.
[ 1335.328101][T10980] usb 5-1: USB disconnect, device number 111
[ 1335.359651][T22996] netlink: 184 bytes leftover after parsing attributes in process `syz.5.4278'.
[ 1335.446183][T22996] netlink: 'syz.5.4278': attribute type 1 has an invalid length.
[ 1335.739766][T10987] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1336.037815][T10987] usb 7-1: Using ep0 maxpacket: 16
[ 1336.046593][T10987] usb 7-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73
[ 1336.060040][T10987] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1336.068031][T10987] usb 7-1: Product: syz
[ 1336.072621][T10987] usb 7-1: Manufacturer: syz
[ 1336.077215][T10987] usb 7-1: SerialNumber: syz
[ 1336.084425][T10987] usb 7-1: config 0 descriptor??
[ 1336.098966][T10987] gspca_main: spca501-2.14.0 probing 0497:c001
[ 1336.375269][T23015] xt_l2tp: missing protocol rule (udp|l2tpip)
[ 1336.539393][T10987] gspca_spca501: reg write: error -71
[ 1336.570496][T10987] spca501 7-1:0.0: Reg write failed for 0x02,0x07,0x05
[ 1336.577420][T10987] spca501 7-1:0.0: probe with driver spca501 failed with error -22
[ 1336.641098][T10987] usb 7-1: USB disconnect, device number 26
[ 1337.482197][T23042] tc_dump_action: action bad kind
[ 1337.618165][T23049] netlink: 'syz.3.4296': attribute type 1 has an invalid length.
[ 1337.638166][T23049] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4296'.
[ 1339.438768][T23078] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1339.755732][T23086] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1340.057352][T23088] overlayfs: failed to resolve './file0': -2
[ 1340.218217][T23093] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1342.647866][T23129] UBIFS error (pid: 23129): cannot open "c:::", error -22
[ 1343.189101][T23132] netlink: 'syz.5.4319': attribute type 2 has an invalid length.
[ 1343.204198][T23132] netlink: 119 bytes leftover after parsing attributes in process `syz.5.4319'.
[ 1343.407463][   T30] kauditd_printk_skb: 13 callbacks suppressed
[ 1343.407483][   T30] audit: type=1400 audit(2000001967.636:1726): avc:  denied  { mount } for  pid=23134 comm="syz.3.4321" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1343.480453][T23135] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=23135 comm=syz.3.4321
[ 1343.760745][   T30] audit: type=1400 audit(2000001968.016:1727): avc:  denied  { unmount } for  pid=18116 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[ 1343.773332][T23139] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4322'.
[ 1344.808699][T23155] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4328'.
[ 1344.817730][T23155] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4328'.
[ 1344.859787][T23155] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4328'.
[ 1344.889373][T23155] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4328'.
[ 1344.904890][T23157] netlink: 'syz.4.4327': attribute type 1 has an invalid length.
[ 1344.912902][T23157] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4327'.
[ 1345.366186][   T30] audit: type=1400 audit(2000001969.616:1728): avc:  denied  { read append } for  pid=23170 comm="syz.7.4331" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1345.474409][T23173] ISOFS: Unable to identify CD-ROM format.
[ 1345.540969][   T30] audit: type=1400 audit(2000001969.616:1729): avc:  denied  { open } for  pid=23170 comm="syz.7.4331" path="/dev/ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1345.695859][T23173] lo speed is unknown, defaulting to 1000
[ 1345.972716][   T30] audit: type=1400 audit(2000001970.226:1730): avc:  denied  { ioctl } for  pid=23177 comm="syz.7.4332" path="socket:[87341]" dev="sockfs" ino=87341 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1347.241928][T15500] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1347.292305][T23192] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4337'.
[ 1348.435630][T15500] usb 7-1: Using ep0 maxpacket: 8
[ 1349.056848][T23201] UBIFS error (pid: 23201): cannot open "c:::", error -22
[ 1349.235440][T15500] usb 7-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1349.253558][T15500] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1349.261576][T15500] usb 7-1: Product: syz
[ 1349.265724][T15500] usb 7-1: Manufacturer: syz
[ 1349.270327][T15500] usb 7-1: SerialNumber: syz
[ 1349.280611][T15500] usb 7-1: config 0 descriptor??
[ 1349.288866][T15500] gspca_main: se401-2.14.0 probing 047d:5003
[ 1349.318552][   T30] audit: type=1400 audit(2000001973.566:1731): avc:  denied  { read write } for  pid=23179 comm="syz.6.4333" name="video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1349.342276][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.645463][   T30] audit: type=1400 audit(2000001973.606:1732): avc:  denied  { open } for  pid=23179 comm="syz.6.4333" path="/dev/video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1349.669136][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.814225][   T30] audit: type=1400 audit(2000001973.606:1733): avc:  denied  { ioctl } for  pid=23179 comm="syz.6.4333" path="/dev/video36" dev="devtmpfs" ino=1044 ioctlcmd=0x565c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1349.839379][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.863541][T23208] I/O error, dev loop5, sector 521328 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1350.425779][T23211] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4341'.
[ 1350.469047][T23183] raw-gadget.0 gadget.6: fail, usb_ep_queue returned -108
[ 1350.589283][T15500] usb 7-1: reset high-speed USB device number 27 using dummy_hcd
[ 1350.905070][T10980] kernel write not supported for file /snd/midiC2D0 (pid: 10980 comm: kworker/0:10)
[ 1351.052962][T23226] netlink: 31 bytes leftover after parsing attributes in process `syz.6.4346'.
[ 1351.093397][T23222] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1351.302550][T23226] netlink: 52 bytes leftover after parsing attributes in process `syz.6.4346'.
[ 1351.321590][T15487] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1351.950941][T23235] UBIFS error (pid: 23235): cannot open "c:::", error -22
[ 1352.809561][T15500] gspca_se401: read req failed req 0x06 error -19
[ 1352.824920][T15487] usb 4-1: Using ep0 maxpacket: 16
[ 1352.839827][ T1214] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[ 1352.852006][T15487] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1352.870013][T15487] usb 4-1: config 0 has no interface number 0
[ 1352.886360][T15487] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1352.902214][T15487] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1352.913751][T15487] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1352.938076][T15487] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1352.946661][T15487] usb 4-1: Product: syz
[ 1352.955987][T15500] usb 7-1: USB disconnect, device number 27
[ 1353.008914][T15487] usb 4-1: SerialNumber: syz
[ 1353.042908][ T1214] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1353.060320][T15487] usb 4-1: config 0 descriptor??
[ 1353.184668][ T1214] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1353.195451][ T1214] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1353.209643][T15487] cm109 4-1:0.8: invalid payload size 0, expected 4
[ 1353.220307][T15487] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input99
[ 1353.232892][ T1214] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1353.242622][ T1214] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1353.253229][ T1214] usb 6-1: Product: syz
[ 1353.257412][ T1214] usb 6-1: Manufacturer: syz
[ 1353.284541][ T1214] usb 6-1: SerialNumber: syz
[ 1353.317512][T23248] UBIFS error (pid: 23248): cannot open "c:::", error -22
[ 1353.684417][ T1214] hub 6-1:1.0: bad descriptor, ignoring hub
[ 1353.743002][    C1] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1353.760221][ T1214] hub 6-1:1.0: probe with driver hub failed with error -5
[ 1353.946714][    C0] cm109_urb_ctl_callback: 3 callbacks suppressed
[ 1353.946735][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.961086][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.968204][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.975326][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.982507][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.989595][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1353.996919][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1354.004057][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1354.011172][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1354.018264][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1354.025276][T10980] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1354.033776][T15500] usb 4-1: USB disconnect, device number 124
[ 1354.039810][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1354.113346][T15500] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1354.229781][T10980] usb 7-1: Using ep0 maxpacket: 8
[ 1354.263352][T10980] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1354.302443][ T1214] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1354.310727][T10980] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1354.808122][T10980] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1354.920549][ T1214] usb 6-1: USB disconnect, device number 32
[ 1354.943248][ T1214] usblp0: removed
[ 1354.977990][T10980] usb 7-1: config 0 descriptor??
[ 1355.204732][T10980] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1356.746213][T19784] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[ 1356.775832][T23276] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4357'.
[ 1356.900342][T19784] usb 6-1: Using ep0 maxpacket: 8
[ 1357.070272][T19784] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[ 1357.079352][T19784] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.121530][T19784] usb 6-1: Product: syz
[ 1357.125709][T19784] usb 6-1: Manufacturer: syz
[ 1357.138281][T15487] usb 7-1: USB disconnect, device number 28
[ 1357.444140][T19784] usb 6-1: SerialNumber: syz
[ 1357.686010][T23300] netlink: 4400 bytes leftover after parsing attributes in process `syz.7.4360'.
[ 1357.790329][T23302] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4363'.
[ 1357.820443][T19784] usb 6-1: config 0 descriptor??
[ 1358.012465][T19784] gspca_main: se401-2.14.0 probing 047d:5003
[ 1358.557052][T23295] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1358.563218][T23295] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1358.575512][T23295] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1358.586908][T23295] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1358.594557][T23295] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1358.602621][T23295] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1358.683135][T23295] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1358.706774][T19784] gspca_se401: write req failed req 0x57 val 0x00 error -71
[ 1358.718564][T19784] se401 6-1:0.0: probe with driver se401 failed with error -71
[ 1358.787736][T19784] usb 6-1: USB disconnect, device number 33
[ 1358.949863][T15487] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[ 1359.039511][T23323] netlink: 'syz.7.4366': attribute type 1 has an invalid length.
[ 1359.063334][T23323] netlink: 224 bytes leftover after parsing attributes in process `syz.7.4366'.
[ 1359.120037][T15487] usb 7-1: Using ep0 maxpacket: 16
[ 1359.137363][T23296] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4362'.
[ 1359.171306][T23296] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1359.189445][T23296] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1359.197576][T15500] usb 5-1: new high-speed USB device number 112 using dummy_hcd
[ 1359.363532][T15500] usb 5-1: Using ep0 maxpacket: 16
[ 1359.385996][T15500] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[ 1359.398823][T15500] usb 5-1: config 0 has no interface number 0
[ 1359.408872][T15500] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1359.447559][T15500] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1359.461197][T21790] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1359.466127][T15500] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1359.541086][T23333] netlink: 12 bytes leftover after parsing attributes in process `syz.5.4367'.
[ 1359.806227][T15500] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1359.825763][T15500] usb 5-1: Product: syz
[ 1359.833524][T15500] usb 5-1: SerialNumber: syz
[ 1359.848695][T15500] usb 5-1: config 0 descriptor??
[ 1359.888719][T15500] cm109 5-1:0.8: invalid payload size 0, expected 4
[ 1359.907029][T15500] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input100
[ 1360.096307][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1360.319508][    C0] cm109_urb_ctl_callback: 7 callbacks suppressed
[ 1360.319531][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.333159][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.340398][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.347512][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.354714][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.363956][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.371069][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.378179][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.385395][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.394099][    C0] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1360.661331][T21790] Bluetooth: hci2: command 0x0406 tx timeout
[ 1360.669745][T13302] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1360.675790][T17248] Bluetooth: hci4: command 0x0405 tx timeout
[ 1360.681879][T17248] Bluetooth: hci3: command 0x0406 tx timeout
[ 1360.697920][T15500] usb 5-1: USB disconnect, device number 112
[ 1360.697964][    C0] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1360.758276][T15500] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1360.785750][T15487] usb 7-1: unable to get BOS descriptor or descriptor too short
[ 1360.866808][T15487] usb 7-1: unable to read config index 0 descriptor/start: -71
[ 1360.878617][T15487] usb 7-1: can't read configurations, error -71
[ 1361.077139][T23352] Bluetooth: MGMT ver 1.23
[ 1361.133732][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.740019][T13302] Bluetooth: hci4: command 0x0405 tx timeout
[ 1362.748768][   T50] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1362.833303][T23376] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4378'.
[ 1363.673883][T23397] FAULT_INJECTION: forcing a failure.
[ 1363.673883][T23397] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1363.687077][T23397] CPU: 0 UID: 0 PID: 23397 Comm: syz.4.4383 Not tainted syzkaller #0 PREEMPT(full) 
[ 1363.687168][T23397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1363.687176][T23397] Call Trace:
[ 1363.687182][T23397]  <TASK>
[ 1363.687187][T23397]  dump_stack_lvl+0x16c/0x1f0
[ 1363.687205][T23397]  should_fail_ex+0x512/0x640
[ 1363.687224][T23397]  _copy_to_user+0x32/0xd0
[ 1363.687241][T23397]  simple_read_from_buffer+0xcb/0x170
[ 1363.687255][T23397]  proc_fail_nth_read+0x197/0x240
[ 1363.687268][T23397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1363.687282][T23397]  ? rw_verify_area+0xcf/0x6c0
[ 1363.687298][T23397]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1363.687310][T23397]  vfs_read+0x1e4/0xcf0
[ 1363.687322][T23397]  ? __pfx___mutex_lock+0x10/0x10
[ 1363.687337][T23397]  ? __pfx_vfs_read+0x10/0x10
[ 1363.687352][T23397]  ? __fget_files+0x20e/0x3c0
[ 1363.687368][T23397]  ksys_read+0x12a/0x250
[ 1363.687378][T23397]  ? __pfx_ksys_read+0x10/0x10
[ 1363.687389][T23397]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1363.687405][T23397]  do_syscall_64+0xcd/0x4c0
[ 1363.687420][T23397]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.687431][T23397] RIP: 0033:0x7f683e38d5fc
[ 1363.687441][T23397] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1363.687451][T23397] RSP: 002b:00007f683c5f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1363.687462][T23397] RAX: ffffffffffffffda RBX: 00007f683e5c6090 RCX: 00007f683e38d5fc
[ 1363.687469][T23397] RDX: 000000000000000f RSI: 00007f683c5f60a0 RDI: 0000000000000008
[ 1363.687475][T23397] RBP: 00007f683c5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1363.687482][T23397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1363.687488][T23397] R13: 00007f683e5c6128 R14: 00007f683e5c6090 R15: 00007ffc1b6f8e58
[ 1363.687502][T23397]  </TASK>
[ 1364.849904][   T50] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1364.858272][T13302] Bluetooth: hci4: command 0x0405 tx timeout
[ 1364.979764][T15500] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[ 1365.140561][T15500] usb 7-1: Using ep0 maxpacket: 32
[ 1365.148669][T15500] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1365.163657][T15500] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1365.173777][T15500] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1365.186254][T15500] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1365.252139][T15500] usb 7-1: config 0 descriptor??
[ 1365.265431][T15500] hub 7-1:0.0: USB hub found
[ 1365.813438][T15500] hub 7-1:0.0: 1 port detected
[ 1366.231891][T23424] UBIFS error (pid: 23424): cannot open "c:::", error -22
[ 1366.783694][T15500] hub 7-1:0.0: hub_hub_status failed (err = -71)
[ 1366.811023][T15500] hub 7-1:0.0: config failed, can't get hub status (err -71)
[ 1366.835927][T15500] usbhid 7-1:0.0: can't add hid device: -71
[ 1366.849330][T15500] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1366.888266][T15500] usb 7-1: USB disconnect, device number 31
[ 1368.070278][T23459] netlink: 60 bytes leftover after parsing attributes in process `syz.3.4399'.
[ 1368.100185][T15487] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[ 1368.722236][T23465] UBIFS error (pid: 23465): cannot open "c:::", error -22
[ 1368.750178][T15487] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1369.689981][T15487] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1369.698885][T15487] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1369.708886][T15487] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1369.735291][T15487] usb 6-1: config 0 descriptor??
[ 1369.754384][T15487] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1369.761473][T15487] dvb-usb: bulk message failed: -22 (3/0)
[ 1369.790066][T15487] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1369.804464][T15487] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1369.948971][T15487] usb 6-1: media controller created
[ 1369.980516][T15487] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1370.635738][T15487] dvb-usb: bulk message failed: -22 (6/0)
[ 1370.648958][T15487] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1370.903983][T15487] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input101
[ 1370.987848][T15487] dvb-usb: schedule remote query interval to 150 msecs.
[ 1371.031240][T15487] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1371.195903][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1371.203148][T15487] dvb-usb: error while querying for an remote control event.
[ 1371.370653][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1371.390302][T15487] dvb-usb: error while querying for an remote control event.
[ 1371.579846][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1371.585608][T15487] dvb-usb: error while querying for an remote control event.
[ 1371.664496][T23496] UBIFS error (pid: 23496): cannot open "c:::", error -22
[ 1372.139361][   T30] audit: type=1400 audit(2000001996.356:1734): avc:  denied  { read write } for  pid=23488 comm="syz.3.4405" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1372.219838][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1372.227208][T15487] dvb-usb: error while querying for an remote control event.
[ 1372.370886][   T30] audit: type=1400 audit(2000001996.356:1735): avc:  denied  { open } for  pid=23488 comm="syz.3.4405" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[ 1372.399804][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1372.411282][T15487] dvb-usb: error while querying for an remote control event.
[ 1372.532746][T23507] program syz.4.4409 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1372.589962][T23507] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1372.609882][T15487] dvb-usb: bulk message failed: -22 (1/0)
[ 1372.615617][T15487] dvb-usb: error while querying for an remote control event.
[ 1372.635606][T22975] usb 6-1: USB disconnect, device number 34
[ 1372.843435][T22975] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1372.868865][T23514] comedi: valid board names for 8255 driver are:
[ 1372.938579][T23514]  8255
[ 1372.941514][T23514] comedi: valid board names for vmk80xx driver are:
[ 1372.948125][T23514]  vmk80xx
[ 1372.951170][T23514] comedi: valid board names for usbduxsigma driver are:
[ 1372.958898][T23514]  usbduxsigma
[ 1372.962658][T23514] comedi: valid board names for usbduxfast driver are:
[ 1372.995385][T23514]  usbduxfast
[ 1372.998796][T23514] comedi: valid board names for usbdux driver are:
[ 1373.039145][T23514]  usbdux
[ 1373.085057][T23514] comedi: valid board names for ni6501 driver are:
[ 1373.115965][T23514]  ni6501
[ 1373.129512][T23514] comedi: valid board names for dt9812 driver are:
[ 1373.190926][T23518] openvswitch: netlink: IP tunnel dst address not specified
[ 1373.208429][T23514]  dt9812
[ 1373.211779][T23514] comedi: valid board names for ni_labpc_cs driver are:
[ 1373.218710][T23514]  ni_labpc_cs
[ 1373.429935][ T1214] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1373.585261][T23514] comedi: valid board names for ni_daq_700 driver are:
[ 1373.618638][T23514]  ni_daq_700
[ 1373.626140][T23514] comedi: valid board names for labpc_pci driver are:
[ 1373.640025][T23514]  labpc_pci
[ 1373.643355][T23514] comedi: valid board names for adl_pci9118 driver are:
[ 1373.650609][T23514]  pci9118dg
[ 1373.653849][T23514]  pci9118hg
[ 1373.660130][T23514]  pci9118hr
[ 1373.669971][T23514] comedi: valid board names for 8255_pci driver are:
[ 1373.670369][ T1214] usb 4-1: Using ep0 maxpacket: 16
[ 1373.676722][T23514]  8255_pci
[ 1373.705795][T23514] comedi: valid board names for s526 driver are:
[ 1373.720249][ T1214] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1373.725906][T23514]  s526
[ 1373.742745][ T1214] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1b25, bcdDevice= 0.00
[ 1373.749736][T23514] comedi: valid board names for multiq3 driver are:
[ 1373.763285][T23514]  multiq3
[ 1373.764490][ T1214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1373.777724][T23524] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4415'.
[ 1373.894615][ T1214] usb 4-1: config 0 descriptor??
[ 1373.895654][T23514] comedi: valid board names for pcmuio driver are:
[ 1373.914489][T23514]  pcmuio48
[ 1374.003459][T15487] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[ 1374.011164][T23514]  pcmuio96
[ 1374.011174][T23514] comedi: valid board names for pcmmio driver are:
[ 1374.011184][T23514]  pcmmio
[ 1374.011190][T23514] comedi: valid board names for pcmda12 driver are:
[ 1374.011199][T23514]  pcmda12
[ 1374.011205][T23514] comedi: valid board names for pcmad driver are:
[ 1374.011213][T23514]  pcmad12
[ 1374.011219][T23514]  pcmad16
[ 1374.011225][T23514] comedi: valid board names for ni_labpc driver are:
[ 1374.011234][T23514]  lab-pc-1200
[ 1374.011240][T23514]  lab-pc-1200ai
[ 1374.011247][T23514]  lab-pc+
[ 1374.011254][T23514] comedi: valid board names for atmio16 driver are:
[ 1374.080047][T23514]  atmio16
[ 1374.083270][T23514]  atmio16d
[ 1374.086383][T23514] comedi: valid board names for ni_at_ao driver are:
[ 1374.187739][T15487] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[ 1374.188470][T23514]  at-ao-6
[ 1374.200739][T15487] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1374.208869][T15487] usb 7-1: Product: syz
[ 1374.209180][T23514]  at-ao-10
[ 1374.220419][T15487] usb 7-1: Manufacturer: syz
[ 1374.225287][T15487] usb 7-1: SerialNumber: syz
[ 1374.225341][T23514] comedi: valid board names for ni_at_a2150 driver are:
[ 1374.225353][T23514]  ni_at_a2150
[ 1374.271646][T23514] comedi: valid board names for adq12b driver are:
[ 1374.278228][T23514]  adq12b
[ 1374.286154][T23514] comedi: valid board names for mpc624 driver are:
[ 1374.292867][T23514]  mpc624
[ 1374.312572][T23514] comedi: valid board names for c6xdigio driver are:
[ 1374.319283][T23514]  c6xdigio
[ 1374.324545][T23514] comedi: valid board names for aio_iiro_16 driver are:
[ 1374.335241][T23514]  aio_iiro_16
[ 1374.338610][T23514] comedi: valid board names for aio_aio12_8 driver are:
[ 1374.343666][T23529] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4416'.
[ 1374.357874][T23514]  aio_aio12_8
[ 1374.371217][T23514]  aio_ai12_8
[ 1374.374532][T23514]  aio_ao12_4
[ 1374.377897][T23514] comedi: valid board names for fl512 driver are:
[ 1374.384713][T23514]  fl512
[ 1374.387571][T23514] comedi: valid board names for dmm32at driver are:
[ 1374.394375][T23514]  dmm32at
[ 1374.397404][T23514] comedi: valid board names for dt282x driver are:
[ 1374.404295][T23514]  dt2821
[ 1374.407442][T23514]  dt2821-f
[ 1374.415767][T23514]  dt2821-g
[ 1374.418902][T23514]  dt2823
[ 1374.422863][T23514]  dt2824-pgh
[ 1374.426371][T23514]  dt2824-pgl
[ 1374.432989][T23514]  dt2825
[ 1374.439225][T23514]  dt2827
[ 1374.448399][T23514]  dt2828
[ 1374.455614][T23514]  dt2829
[ 1374.494056][T23514]  dt21-ez
[ 1374.497158][T23514]  dt23-ez
[ 1374.580247][T23514]  dt24-ez
[ 1374.583305][T23514]  dt24-ez-pgl
[ 1374.663823][T23514] comedi: valid board names for dt2817 driver are:
[ 1374.731238][T23531] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1374.783109][T23514]  dt2817
[ 1374.783627][ T1214] hid-corsair-void 0003:1B1C:1B25.0056: unknown main item tag 0x2
[ 1375.103013][T23514] comedi: valid board names for dt2815 driver are:
[ 1375.115122][ T1214] hid-corsair-void 0003:1B1C:1B25.0056: hidraw0: USB HID v0.09 Device [HID 1b1c:1b25] on usb-dummy_hcd.3-1/input0
[ 1375.127819][T23514]  dt2815
[ 1375.137293][T23514] comedi: valid board names for dt2814 driver are:
[ 1375.240074][T23514]  dt2814
[ 1375.243091][T23514] comedi: valid board names for dt2811 driver are:
[ 1375.250268][T23514]  dt2811-pgh
[ 1375.271448][T23514]  dt2811-pgl
[ 1375.279924][T23514] comedi: valid board names for dt2801 driver are:
[ 1375.335753][T23514]  dt2801
[ 1375.338641][   T30] audit: type=1400 audit(2000001999.566:1736): avc:  denied  { write } for  pid=23534 comm="syz.7.4417" path="socket:[88136]" dev="sockfs" ino=88136 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1375.349430][T23514] comedi: valid board names for das6402 driver are:
[ 1375.370761][T23537] dvmrp1: entered allmulticast mode
[ 1375.397839][T23514]  das6402-12
[ 1375.434888][T23514]  das6402-16
[ 1375.442578][T23514] comedi: valid board names for das1800 driver are:
[ 1375.459818][T23514]  das-1701st
[ 1375.468257][T23514]  das-1701st-da
[ 1375.477598][T23514]  das-1702st
[ 1375.481848][T23514]  das-1702st-da
[ 1375.485548][T23514]  das-1702hr
[ 1375.489560][T23514]  das-1702hr-da
[ 1375.494307][T23514]  das-1701ao
[ 1375.497787][T23514]  das-1702ao
[ 1375.501544][T23514]  das-1801st
[ 1375.504891][T23514]  das-1801st-da
[ 1375.508696][T23514]  das-1802st
[ 1375.514151][T23514]  das-1802st-da
[ 1375.517754][T23514]  das-1802hr
[ 1375.524596][T23514]  das-1802hr-da
[ 1375.532746][T23514]  das-1801hc
[ 1375.539961][T23514]  das-1802hc
[ 1375.547981][T23514]  das-1801ao
[ 1375.566305][T23514]  das-1802ao
[ 1375.571391][T23514] comedi: valid board names for das800 driver are:
[ 1375.590845][T23514]  das-800
[ 1375.593923][T23514]  cio-das800
[ 1375.597200][T23514]  das-801
[ 1375.600584][T23514]  cio-das801
[ 1375.603982][T23514]  das-802
[ 1375.607051][T23514]  cio-das802
[ 1375.610722][T23514]  cio-das802/16
[ 1375.614285][T23514] comedi: valid board names for isa-das08 driver are:
[ 1375.621654][T23514]  isa-das08
[ 1375.624857][T23514]  das08-pgm
[ 1375.628093][T23514]  das08-pgh
[ 1375.632499][T23514]  das08-pgl
[ 1375.635927][T23514]  das08-aoh
[ 1375.639140][T23514]  das08-aol
[ 1375.642453][T23514]  das08-aom
[ 1375.645814][T23514]  das08/jr-ao
[ 1375.649189][T23514]  das08jr-16-ao
[ 1375.652848][T23514]  pc104-das08
[ 1375.656220][T23514]  das08jr/16
[ 1375.659489][T23514] comedi: valid board names for das16m1 driver are:
[ 1375.666158][T23514]  das16m1
[ 1375.669199][T23514] comedi: valid board names for dac02 driver are:
[ 1375.675719][T23514]  dac02
[ 1375.678651][T23514] comedi: valid board names for rti802 driver are:
[ 1375.685273][T23514]  rti802
[ 1375.688207][T23514] comedi: valid board names for rti800 driver are:
[ 1375.695527][T23514]  rti800
[ 1375.698499][T23514]  rti815
[ 1375.702743][T23514] comedi: valid board names for pcm3724 driver are:
[ 1375.709470][T23514]  pcm3724
[ 1375.712603][T23514] comedi: valid board names for pcl818 driver are:
[ 1375.719148][T23514]  pcl818l
[ 1375.725468][T23514]  pcl818h
[ 1375.728551][T23514]  pcl818hd
[ 1375.731742][T23514]  pcl818hg
[ 1375.734926][T23514]  pcl818
[ 1375.737971][T23514]  pcl718
[ 1375.741055][T23514]  pcm3718
[ 1375.744078][T23514] comedi: valid board names for pcl816 driver are:
[ 1375.750708][T23514]  pcl816
[ 1375.753660][T23514]  pcl814b
[ 1375.756671][T23514] comedi: valid board names for pcl812 driver are:
[ 1375.763232][T23514]  pcl812
[ 1375.766187][T23514]  pcl812pg
[ 1375.769297][T23514]  acl8112pg
[ 1375.772582][T23514]  acl8112dg
[ 1375.775798][T23514]  acl8112hg
[ 1375.778996][T23514]  a821pgl
[ 1375.782102][T23514]  a821pglnda
[ 1375.785386][T23514]  a821pgh
[ 1375.788407][T23514]  a822pgl
[ 1375.791496][T23514]  a822pgh
[ 1375.794531][T23514]  a823pgl
[ 1375.797548][T23514]  a823pgh
[ 1375.803129][T23514]  pcl813
[ 1375.806125][T23514]  pcl813b
[ 1375.809136][T23514]  acl8113
[ 1375.812404][T23514]  iso813
[ 1375.815358][T23514]  acl8216
[ 1375.818378][T23514]  a826pg
[ 1375.821421][T23514] comedi: valid board names for pcl730 driver are:
[ 1375.827918][T23514]  pcl730
[ 1375.831925][T23514]  iso730
[ 1375.834921][T23514]  acl7130
[ 1375.837955][T23514]  pcm3730
[ 1375.841129][T23514]  pcl725
[ 1375.844096][T23514]  p8r8dio
[ 1375.847106][T23514]  acl7225b
[ 1375.851179][T23514]  p16r16dio
[ 1375.854386][T23514]  pcl733
[ 1375.857308][T23514]  pcl734
[ 1375.861508][T23514]  opmm-1616-xt
[ 1375.865017][T23514]  pearl-mm-p
[ 1375.868292][T23514]  ir104-pbf
[ 1375.871581][T23514] comedi: valid board names for pcl726 driver are:
[ 1375.878094][T23514]  pcl726
[ 1375.881133][T23514]  pcl727
[ 1375.884083][T23514]  pcl728
[ 1375.887017][T23514]  acl6126
[ 1375.890136][T23514]  acl6128
[ 1375.893162][T23514] comedi: valid board names for pcl724 driver are:
[ 1375.899656][T23514]  pcl724
[ 1375.902693][T23514]  pcl722
[ 1375.905630][T23514]  pcl731
[ 1375.908826][T23514]  acl7122
[ 1375.913359][T23514]  acl7124
[ 1375.916411][T23514]  pet48dio
[ 1375.919522][T23514]  pcmio48
[ 1375.923128][T15487] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[ 1375.935079][T23514]  onyx-mm-dio
[ 1375.938896][T23514] comedi: valid board names for pcl711 driver are:
[ 1375.945518][T23514]  pcl711
[ 1375.948455][T23514]  pcl711b
[ 1375.951548][T23514]  acl8112hg
[ 1375.954757][T23514]  acl8112dg
[ 1375.957943][T23514] comedi: valid board names for amplc_pc263 driver are:
[ 1375.966940][T23514]  pc263
[ 1375.969936][T23514] comedi: valid board names for amplc_pc236 driver are:
[ 1375.976866][T23514]  pc36at
[ 1375.979962][T23514] comedi: valid board names for amplc_dio200 driver are:
[ 1375.986982][T23514]  pc212e
[ 1375.990009][T23514]  pc214e
[ 1375.992959][T23514]  pc215e
[ 1375.995902][T23514]  pc218e
[ 1375.998839][T23514]  pc272e
[ 1376.001798][T23514] comedi: valid board names for comedi_parport driver are:
[ 1376.009012][T23514]  comedi_parport
[ 1376.009022][T23514] comedi: valid board names for comedi_test driver are:
[ 1376.009031][T23514]  comedi_test
[ 1376.023148][T23514] comedi: valid board names for comedi_bond driver are:
[ 1376.039456][T23514]  comedi_bond
[ 1376.143010][T15487] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001000. ret = -EPROTO
[ 1376.155684][T15487] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[ 1376.189180][T15487] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[ 1376.216422][T15487] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[ 1376.242200][T15487] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71
[ 1376.257988][T15487] usb 7-1: USB disconnect, device number 32
[ 1376.319269][T23552] netlink: 'syz.5.4424': attribute type 11 has an invalid length.
[ 1376.654140][T23559] UBIFS error (pid: 23559): cannot open "c:::", error -22
[ 1377.081773][T23563] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4425'.
[ 1377.107162][T19420] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1377.309958][T20417] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[ 1377.500417][T20417] usb 7-1: Using ep0 maxpacket: 16
[ 1377.798729][T20417] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1377.837651][T20417] usb 7-1: config 0 has no interface number 0
[ 1377.858954][T20417] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1377.879857][T20417] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1377.901978][T20417] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1377.912070][T20417] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1377.930128][T20417] usb 7-1: Product: syz
[ 1377.940149][T20417] usb 7-1: SerialNumber: syz
[ 1377.948846][T23532] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1377.970048][T20417] usb 7-1: config 0 descriptor??
[ 1377.987197][T20417] cm109 7-1:0.8: invalid payload size 0, expected 4
[ 1378.027390][T15490] hid-corsair-void 0003:1B1C:1B25.0056: failed to request battery (reason: -71)
[ 1378.036582][ T1214] hid-corsair-void 0003:1B1C:1B25.0056: failed to request firmware (reason: -71)
[ 1378.045838][T22975] usb 4-1: USB disconnect, device number 125
[ 1378.075928][T20417] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input102
[ 1378.189918][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1378.358475][T23569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4429'.
[ 1378.382631][T23569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4429'.
[ 1378.402923][    C1] cm109_urb_ctl_callback: 1588 callbacks suppressed
[ 1378.402938][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.417219][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.424409][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.433777][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.440882][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.447995][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.455033][T20417] usb 7-1: USB disconnect, device number 33
[ 1378.455123][    C1] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1378.467909][    C1] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1378.495378][T20417] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1378.603694][T23578] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4433'.
[ 1379.571689][T23595] UBIFS error (pid: 23595): cannot open "c:::", error -22
[ 1379.749844][T22975] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[ 1379.966260][T23591] SELinux:  policydb magic number 0xf847710a does not match expected magic number 0xf97cff8c
[ 1379.984740][T23591] SELinux: failed to load policy
[ 1380.131302][T22975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1380.142429][T22975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1380.152555][T22975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1380.163593][T22975] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1380.198606][T22975] usb 6-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1380.208415][T22975] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.216572][T22975] usb 6-1: Product: syz
[ 1380.220861][T22975] usb 6-1: Manufacturer: syz
[ 1380.225442][T22975] usb 6-1: SerialNumber: syz
[ 1380.240189][T22975] usb 6-1: config 0 descriptor??
[ 1380.329974][T20417] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1380.378063][T23606] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4441'.
[ 1380.509776][ T1214] usb 5-1: new high-speed USB device number 113 using dummy_hcd
[ 1380.643752][T20417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[ 1380.654594][T20417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[ 1380.665474][T20417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[ 1380.676668][T20417] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[ 1380.690519][T20417] usb 4-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[ 1380.699594][T23594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1380.700321][T20417] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.715965][T20417] usb 4-1: Product: syz
[ 1380.720512][T20417] usb 4-1: Manufacturer: syz
[ 1380.725396][T20417] usb 4-1: SerialNumber: syz
[ 1380.742404][T20417] usb 4-1: config 0 descriptor??
[ 1380.756626][T23594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1380.780163][ T1214] usb 5-1: Using ep0 maxpacket: 32
[ 1380.784849][T23594] netlink: 'syz.5.4438': attribute type 1 has an invalid length.
[ 1380.814540][T23594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1380.823999][ T1214] usb 5-1: config 0 has an invalid interface number: 16 but max is 0
[ 1380.824300][T23594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1380.875458][ T1214] usb 5-1: config 0 has no interface number 0
[ 1380.891656][ T1214] usb 5-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[ 1380.919766][ T1214] usb 5-1: config 0 interface 16 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[ 1380.933060][ T1214] usb 5-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[ 1380.948037][T22975] adutux 6-1:0.0: ADU208  now attached to /dev/usb/adutux0
[ 1380.958488][T22975] usb 6-1: USB disconnect, device number 35
[ 1380.961335][T23600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1380.964483][ T1214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1380.995385][ T1214] usb 5-1: Product: syz
[ 1381.003737][T23600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1381.023713][T23600] netlink: 'syz.3.4439': attribute type 1 has an invalid length.
[ 1381.043382][ T1214] usb 5-1: Manufacturer: syz
[ 1381.071580][ T1214] usb 5-1: SerialNumber: syz
[ 1381.143507][T23617] Invalid logical block size (50331648)
[ 1381.413272][ T1214] usb 5-1: config 0 descriptor??
[ 1381.422855][T23600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1381.431573][T23589] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[ 1381.452312][ T1214] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[ 1381.478345][ T1214] usb 5-1: invalid MIDI in EP 0
[ 1381.514968][T23600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1381.660758][T20417] adutux 4-1:0.0: ADU208  now attached to /dev/usb/adutux0
[ 1381.688689][ T1214] snd-usb-audio 5-1:0.16: probe with driver snd-usb-audio failed with error -22
[ 1381.737518][T20417] usb 4-1: USB disconnect, device number 126
[ 1381.753273][ T1214] usb 5-1: USB disconnect, device number 113
[ 1381.812840][T21209] udevd[21209]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1382.441227][T23630] tmpfs: Bad value for 'huge'
[ 1382.519907][T23630] netlink: 'syz.3.4447': attribute type 12 has an invalid length.
[ 1382.527744][T23630] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.4447'.
[ 1383.324889][   T30] audit: type=1400 audit(2000002007.186:1737): avc:  denied  { write } for  pid=23634 comm="syz.6.4448" name="ptp0" dev="devtmpfs" ino=1265 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1383.469254][   T30] audit: type=1400 audit(2000002007.186:1738): avc:  denied  { ioctl } for  pid=23634 comm="syz.6.4448" path="/dev/ptp0" dev="devtmpfs" ino=1265 ioctlcmd=0x3d10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1384.494307][T23681] openvswitch: netlink: Unknown key attributes 1
[ 1386.429930][T22975] usb 5-1: new high-speed USB device number 114 using dummy_hcd
[ 1386.601988][T10980] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[ 1386.665261][T23711] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4461'.
[ 1386.680727][T22975] usb 5-1: Using ep0 maxpacket: 16
[ 1386.932021][T15500] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1387.002721][T22975] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[ 1387.014602][T22975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1387.029884][T10980] usb 7-1: config 0 interface 0 altsetting 7 endpoint 0x1 has invalid maxpacket 512, setting to 64
[ 1387.032375][T22975] usb 5-1: Product: syz
[ 1387.049823][T10980] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1387.068764][T23714] netlink: 'syz.5.4460': attribute type 10 has an invalid length.
[ 1387.076660][T23714] netlink: 2 bytes leftover after parsing attributes in process `syz.5.4460'.
[ 1387.080940][T22975] usb 5-1: Manufacturer: syz
[ 1387.085706][T23714] team0: entered promiscuous mode
[ 1387.091776][T22975] usb 5-1: SerialNumber: syz
[ 1387.105908][T10980] usb 7-1: New USB device found, idVendor=5fc9, idProduct=0061, bcdDevice=e1.d7
[ 1387.120523][T10980] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1387.120559][T23714] team_slave_0: entered promiscuous mode
[ 1387.134694][T10980] usb 7-1: Product: syz
[ 1387.138835][T10980] usb 7-1: Manufacturer: syz
[ 1387.155121][T23714] team_slave_1: entered promiscuous mode
[ 1387.160865][T10980] usb 7-1: SerialNumber: syz
[ 1387.184118][T10980] usb 7-1: config 0 descriptor??
[ 1387.203021][T23714] bridge0: port 3(team0) entered blocking state
[ 1387.209496][T23714] bridge0: port 3(team0) entered disabled state
[ 1387.219987][T23714] team0: entered allmulticast mode
[ 1387.225545][T23714] team_slave_0: entered allmulticast mode
[ 1387.231417][T15500] usb 4-1: Using ep0 maxpacket: 16
[ 1387.236602][T23714] team_slave_1: entered allmulticast mode
[ 1387.247148][T22975] usb 5-1: config 0 descriptor??
[ 1387.342077][T15500] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[ 1387.350174][T15500] usb 4-1: config 0 has no interface number 0
[ 1387.356288][T15500] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1387.367508][T15500] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1387.383891][T15500] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1387.394816][T15500] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1387.404757][T15500] usb 4-1: Product: syz
[ 1387.408907][T15500] usb 4-1: SerialNumber: syz
[ 1387.417312][T23714] bridge0: port 3(team0) entered blocking state
[ 1387.423829][T23714] bridge0: port 3(team0) entered forwarding state
[ 1387.815159][T15500] usb 4-1: config 0 descriptor??
[ 1387.826743][T10980] usb 7-1: USB disconnect, device number 34
[ 1387.836353][T15500] cm109 4-1:0.8: invalid payload size 0, expected 4
[ 1387.846823][T22975] visor 5-1:0.0: Sony Clie 3.5 converter detected
[ 1387.872256][T15500] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input103
[ 1388.029923][T22975] usb 5-1: clie_3_5_startup: get config number failed: -71
[ 1388.054945][T22975] visor 5-1:0.0: probe with driver visor failed with error -71
[ 1388.107330][T23722] FAULT_INJECTION: forcing a failure.
[ 1388.107330][T23722] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1388.126918][T22975] usb 5-1: USB disconnect, device number 114
[ 1388.160639][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1388.169035][T23722] CPU: 1 UID: 0 PID: 23722 Comm: syz.4.4464 Not tainted syzkaller #0 PREEMPT(full) 
[ 1388.169055][T23722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1388.169064][T23722] Call Trace:
[ 1388.169070][T23722]  <TASK>
[ 1388.169076][T23722]  dump_stack_lvl+0x16c/0x1f0
[ 1388.169100][T23722]  should_fail_ex+0x512/0x640
[ 1388.169123][T23722]  _copy_from_user+0x2e/0xd0
[ 1388.169145][T23722]  kstrtouint_from_user+0xd6/0x1d0
[ 1388.169162][T23722]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1388.169178][T23722]  ? __lock_acquire+0xb97/0x1ce0
[ 1388.169212][T23722]  proc_fail_nth_write+0x83/0x220
[ 1388.169232][T23722]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1388.169255][T23722]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1388.169271][T23722]  vfs_write+0x29d/0x11d0
[ 1388.169291][T23722]  ? __pfx___mutex_lock+0x10/0x10
[ 1388.169315][T23722]  ? __pfx_vfs_write+0x10/0x10
[ 1388.169337][T23722]  ? __fget_files+0x20e/0x3c0
[ 1388.169361][T23722]  ksys_write+0x12a/0x250
[ 1388.169376][T23722]  ? __pfx_ksys_write+0x10/0x10
[ 1388.169392][T23722]  ? fdget+0x187/0x210
[ 1388.169412][T23722]  do_syscall_64+0xcd/0x4c0
[ 1388.169436][T23722]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1388.169452][T23722] RIP: 0033:0x7f683e38d69f
[ 1388.169464][T23722] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1388.169478][T23722] RSP: 002b:00007f683c5f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1388.169494][T23722] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f683e38d69f
[ 1388.169504][T23722] RDX: 0000000000000001 RSI: 00007f683c5f60a0 RDI: 0000000000000003
[ 1388.169513][T23722] RBP: 00007f683c5f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1388.169522][T23722] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1388.169531][T23722] R13: 00007f683e5c6128 R14: 00007f683e5c6090 R15: 00007ffc1b6f8e58
[ 1388.169552][T23722]  </TASK>
[ 1388.563555][    C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1388.563829][ T1214] usb 4-1: USB disconnect, device number 127
[ 1388.570522][    C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1388.616059][ T1214] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1388.625938][T23735] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4468'.
[ 1389.135040][   T30] audit: type=1400 audit(2000002013.386:1739): avc:  denied  { map } for  pid=23740 comm="syz.6.4470" path="socket:[88432]" dev="sockfs" ino=88432 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1389.181873][   T30] audit: type=1400 audit(2000002013.386:1740): avc:  denied  { read accept } for  pid=23740 comm="syz.6.4470" path="socket:[88432]" dev="sockfs" ino=88432 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1389.354892][T23747] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4472'.
[ 1391.802718][T23781] netlink: 60 bytes leftover after parsing attributes in process `syz.4.4481'.
[ 1392.427256][T23793] UBIFS error (pid: 23793): cannot open "c:::", error -22
[ 1392.828682][T23797] lo: MTU too low for tipc bearer
[ 1392.849905][T23797] tipc: Enabling of bearer <ib:lo> rejected, failed to enable media
[ 1393.126762][T23802] netlink: 60 bytes leftover after parsing attributes in process `syz.5.4486'.
[ 1394.353650][T23819] Bluetooth: MGMT ver 1.23
[ 1394.361475][T23819] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4485'.
[ 1398.189407][T23869] openvswitch: netlink: IP tunnel dst address not specified
[ 1399.766824][T23888] Bluetooth: MGMT ver 1.23
[ 1399.779429][T23888] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4512'.
[ 1399.877378][T23893] gretap1: entered promiscuous mode
[ 1399.957034][T23896] netlink: 'syz.4.4515': attribute type 1 has an invalid length.
[ 1400.001499][T23896] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4515'.
[ 1400.081028][T20417] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[ 1400.092705][T23899] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4517'.
[ 1400.272822][T20417] usb 6-1: Using ep0 maxpacket: 8
[ 1400.285184][T20417] usb 6-1: config 0 has an invalid interface number: 56 but max is 0
[ 1400.318261][T21276] udevd[21276]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[ 1400.319399][T20417] usb 6-1: config 0 has no interface number 0
[ 1400.349855][T10987] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[ 1400.369073][T20417] usb 6-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=c7.76
[ 1400.389582][T20417] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1400.398290][T20417] usb 6-1: Product: syz
[ 1400.403463][T20417] usb 6-1: Manufacturer: syz
[ 1400.408059][T20417] usb 6-1: SerialNumber: syz
[ 1400.434182][T20417] usb 6-1: config 0 descriptor??
[ 1400.447382][T23910] openvswitch: netlink: IP tunnel dst address not specified
[ 1400.509810][T10987] usb 7-1: Using ep0 maxpacket: 16
[ 1400.556263][T10987] usb 7-1: config 0 has an invalid interface number: 8 but max is 0
[ 1400.687959][T20417] peak_usb 6-1:0.56: PEAK-System PCAN-USB X6 v0 fw v0.0.0 (2 channels)
[ 1400.706318][T10987] usb 7-1: config 0 has no interface number 0
[ 1400.722981][T10987] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1400.789286][T10987] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1400.796795][T23913] tipc: Started in network mode
[ 1400.879255][T23913] tipc: Node identity 621dd4945f44, cluster identity 4711
[ 1400.895525][T10987] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[ 1400.904842][T10987] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[ 1400.926055][T10987] usb 7-1: Product: syz
[ 1400.926077][T20417] peak_usb 6-1:0.56 can0: sending command failure: -8
[ 1400.930683][T10987] usb 7-1: SerialNumber: syz
[ 1400.941076][T20417] peak_usb 6-1:0.56 can0: sending command failure: -8
[ 1400.943679][T23913] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1400.949142][T20417] peak_usb 6-1:0.56 can0: sending command failure: -8
[ 1400.958761][T10987] usb 7-1: config 0 descriptor??
[ 1401.073203][T23913] tipc: Resetting bearer <eth:syzkaller0>
[ 1401.095237][T23921] hfsplus: unable to find HFS+ superblock
[ 1401.095454][T23915] syzkaller0: entered promiscuous mode
[ 1401.106346][T23921] netlink: 76 bytes leftover after parsing attributes in process `syz.7.4521'.
[ 1401.120633][T20417] peak_usb 6-1:0.56: probe with driver peak_usb failed with error -8
[ 1401.130352][T23915] syzkaller0: entered allmulticast mode
[ 1401.133019][T10987] cm109 7-1:0.8: invalid payload size 0, expected 4
[ 1401.182973][T23912] tipc: Resetting bearer <eth:syzkaller0>
[ 1401.302599][T15500] usb 6-1: USB disconnect, device number 36
[ 1401.432519][T10987] input: CM109 USB driver as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.8/input/input104
[ 1401.460134][T23912] tipc: Disabling bearer <eth:syzkaller0>
[ 1401.530989][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90
[ 1401.917748][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.924889][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.932009][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.939082][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.946179][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.953251][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.960332][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.967393][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.974467][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1401.981547][    C0] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71
[ 1402.002688][T10987] usb 7-1: USB disconnect, device number 35
[ 1402.008585][    C0] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[ 1402.040909][T10987] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[ 1402.377564][T23931] netlink: 60 bytes leftover after parsing attributes in process `syz.7.4523'.
[ 1402.414044][   T30] audit: type=1400 audit(2000002026.636:1741): avc:  denied  { connect } for  pid=23933 comm="syz.4.4524" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1403.075810][T23932] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4522'.
[ 1404.022279][T23946] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4526'.
[ 1404.388459][T23954] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1404.839260][T23957] netlink: 'syz.4.4530': attribute type 1 has an invalid length.
[ 1404.854260][T23957] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4530'.
[ 1405.130087][   T30] audit: type=1400 audit(2000002029.376:1742): avc:  denied  { connect } for  pid=23960 comm="syz.3.4532" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1405.430105][T23972] UBIFS error (pid: 23972): cannot open "c:::", error -22
[ 1406.334325][T23980] UBIFS error (pid: 23980): cannot open "c:::", error -22
[ 1407.399819][T23719] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[ 1407.618902][T24001] random: crng reseeded on system resumption
[ 1407.635908][T23719] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1407.663577][T23719] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1407.704563][T23719] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[ 1407.736185][T23719] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1407.783230][T23719] usb 7-1: config 0 descriptor??
[ 1408.546932][T24008] 9pnet_fd: Insufficient options for proto=fd
[ 1408.710341][T23719] cm6533_jd 0003:0D8C:0022.0057: hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.6-1/input0
[ 1408.854228][   T30] audit: type=1400 audit(2000002033.106:1743): avc:  denied  { call } for  pid=24009 comm="syz.3.4545" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1408.874887][   T30] audit: type=1400 audit(2000002033.106:1744): avc:  denied  { transfer } for  pid=24009 comm="syz.3.4545" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1409.042756][T15500] usb 5-1: new full-speed USB device number 115 using dummy_hcd
[ 1409.179887][T23719] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[ 1409.201066][T15500] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1409.211253][T15500] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1409.224216][T15500] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c0c, bcdDevice= 0.00
[ 1409.227196][ T1214] usb 7-1: USB disconnect, device number 36
[ 1409.233302][T15500] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1409.235114][T15500] usb 5-1: config 0 descriptor??
[ 1409.258385][T15500] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[ 1409.329752][T23719] usb 6-1: Using ep0 maxpacket: 16
[ 1409.336340][T23719] usb 6-1: unable to get BOS descriptor or descriptor too short
[ 1409.345149][T23719] usb 6-1: config 42 has an invalid interface number: 214 but max is 0
[ 1409.353447][T23719] usb 6-1: config 42 has no interface number 0
[ 1409.359641][T23719] usb 6-1: config 42 interface 214 has no altsetting 0
[ 1409.368262][T23719] usb 6-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=42.fb
[ 1409.378752][T23719] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1409.389043][T23719] usb 6-1: Product: syz
[ 1409.393247][T23719] usb 6-1: Manufacturer: syz
[ 1409.397853][T23719] usb 6-1: SerialNumber: syz
[ 1409.809475][T24026] atomic_op ffff88805f26b998 conn xmit_atomic 0000000000000000
[ 1410.709290][T24033] netlink: 248 bytes leftover after parsing attributes in process `syz.6.4550'.
[ 1410.815037][T24035] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=24035 comm=syz.6.4551
[ 1411.456034][T24042] comedi comedi3: c6xdigio: I/O port conflict (0x7,3)
[ 1411.494339][T24042] ==================================================================
[ 1411.502418][T24042] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[ 1411.510401][T24042] Read of size 8 at addr ffff88807b8e7030 by task syz.7.4553/24042
[ 1411.518300][T24042] 
[ 1411.520620][T24042] CPU: 0 UID: 0 PID: 24042 Comm: syz.7.4553 Not tainted syzkaller #0 PREEMPT(full) 
[ 1411.520646][T24042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1411.520659][T24042] Call Trace:
[ 1411.520666][T24042]  <TASK>
[ 1411.520674][T24042]  dump_stack_lvl+0x116/0x1f0
[ 1411.520704][T24042]  print_report+0xcd/0x630
[ 1411.520726][T24042]  ? __virt_addr_valid+0x81/0x610
[ 1411.520753][T24042]  ? __phys_addr+0xe8/0x180
[ 1411.520778][T24042]  ? sysfs_remove_file_ns+0x63/0x70
[ 1411.520799][T24042]  kasan_report+0xe0/0x110
[ 1411.520821][T24042]  ? sysfs_remove_file_ns+0x63/0x70
[ 1411.520847][T24042]  sysfs_remove_file_ns+0x63/0x70
[ 1411.520868][T24042]  driver_remove_file+0x4a/0x60
[ 1411.520894][T24042]  bus_remove_driver+0x224/0x2c0
[ 1411.520915][T24042]  driver_unregister+0x76/0xb0
[ 1411.520940][T24042]  comedi_device_detach_locked+0x12f/0xa50
[ 1411.520967][T24042]  comedi_device_detach+0x67/0xb0
[ 1411.520989][T24042]  comedi_device_attach+0x43d/0x900
[ 1411.521015][T24042]  do_devconfig_ioctl+0x1b1/0x710
[ 1411.521042][T24042]  ? __mutex_lock+0x344/0x1060
[ 1411.521072][T24042]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1411.521105][T24042]  ? rcu_is_watching+0x12/0xc0
[ 1411.521127][T24042]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1411.521151][T24042]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1411.521172][T24042]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1411.521198][T24042]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1411.521222][T24042]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1411.521246][T24042]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1411.521268][T24042]  ? do_vfs_ioctl+0x128/0x14f0
[ 1411.521295][T24042]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1411.521322][T24042]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1411.521353][T24042]  ? rcu_is_watching+0x12/0xc0
[ 1411.521374][T24042]  ? irqentry_exit+0x3b/0x90
[ 1411.521396][T24042]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1411.521422][T24042]  ? security_file_ioctl+0x6f/0x240
[ 1411.521449][T24042]  ? __sanitizer_cov_trace_pc+0x56/0x70
[ 1411.521469][T24042]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1411.521490][T24042]  __x64_sys_ioctl+0x18b/0x210
[ 1411.521523][T24042]  do_syscall_64+0xcd/0x4c0
[ 1411.521547][T24042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1411.521566][T24042] RIP: 0033:0x7fbf7b38ebe9
[ 1411.521582][T24042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1411.521600][T24042] RSP: 002b:00007fbf795f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1411.521618][T24042] RAX: ffffffffffffffda RBX: 00007fbf7b5c6090 RCX: 00007fbf7b38ebe9
[ 1411.521631][T24042] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007
[ 1411.521642][T24042] RBP: 00007fbf7b411e19 R08: 0000000000000000 R09: 0000000000000000
[ 1411.521653][T24042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1411.521665][T24042] R13: 00007fbf7b5c6128 R14: 00007fbf7b5c6090 R15: 00007ffd4518f5e8
[ 1411.521683][T24042]  </TASK>
[ 1411.521691][T24042] 
[ 1411.809488][T24042] Allocated by task 23456:
[ 1411.813879][T24042]  kasan_save_stack+0x33/0x60
[ 1411.818537][T24042]  kasan_save_track+0x14/0x30
[ 1411.823209][T24042]  __kasan_kmalloc+0xaa/0xb0
[ 1411.827776][T24042]  __kmalloc_noprof+0x223/0x510
[ 1411.832606][T24042]  security_inode_init_security+0x13f/0x390
[ 1411.838477][T24042]  shmem_symlink+0x135/0x9f0
[ 1411.843045][T24042]  vfs_symlink+0x403/0x680
[ 1411.847444][T24042]  do_symlinkat+0x261/0x310
[ 1411.851927][T24042]  __x64_sys_symlinkat+0x93/0xc0
[ 1411.856846][T24042]  do_syscall_64+0xcd/0x4c0
[ 1411.861331][T24042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1411.867200][T24042] 
[ 1411.869500][T24042] Freed by task 23456:
[ 1411.873538][T24042]  kasan_save_stack+0x33/0x60
[ 1411.878207][T24042]  kasan_save_track+0x14/0x30
[ 1411.882862][T24042]  kasan_save_free_info+0x3b/0x60
[ 1411.887869][T24042]  __kasan_slab_free+0x60/0x70
[ 1411.892611][T24042]  kfree+0x2b4/0x4d0
[ 1411.896489][T24042]  security_inode_init_security+0x2eb/0x390
[ 1411.902357][T24042]  shmem_symlink+0x135/0x9f0
[ 1411.906922][T24042]  vfs_symlink+0x403/0x680
[ 1411.911322][T24042]  do_symlinkat+0x261/0x310
[ 1411.915807][T24042]  __x64_sys_symlinkat+0x93/0xc0
[ 1411.920723][T24042]  do_syscall_64+0xcd/0x4c0
[ 1411.925206][T24042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1411.931073][T24042] 
[ 1411.933374][T24042] The buggy address belongs to the object at ffff88807b8e7000
[ 1411.933374][T24042]  which belongs to the cache kmalloc-256 of size 256
[ 1411.947400][T24042] The buggy address is located 48 bytes inside of
[ 1411.947400][T24042]  freed 256-byte region [ffff88807b8e7000, ffff88807b8e7100)
[ 1411.961087][T24042] 
[ 1411.963389][T24042] The buggy address belongs to the physical page:
[ 1411.969771][T24042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88807b8e6000 pfn:0x7b8e6
[ 1411.979822][T24042] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1411.988294][T24042] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1411.996766][T24042] page_type: f5(slab)
[ 1412.000727][T24042] raw: 00fff00000000240 ffff88801b841b40 ffffea00016b0510 ffffea0001e52990
[ 1412.009288][T24042] raw: ffff88807b8e6000 0000000000100008 00000000f5000000 0000000000000000
[ 1412.017859][T24042] head: 00fff00000000240 ffff88801b841b40 ffffea00016b0510 ffffea0001e52990
[ 1412.026506][T24042] head: ffff88807b8e6000 0000000000100008 00000000f5000000 0000000000000000
[ 1412.035154][T24042] head: 00fff00000000001 ffffea0001ee3981 00000000ffffffff 00000000ffffffff
[ 1412.043801][T24042] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[ 1412.052444][T24042] page dumped because: kasan: bad access detected
[ 1412.058827][T24042] page_owner tracks the page as allocated
[ 1412.064512][T24042] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5836, tgid 5836 (udevd), ts 66814822192, free_ts 66803775118
[ 1412.084459][T24042]  post_alloc_hook+0x1c0/0x230
[ 1412.089226][T24042]  get_page_from_freelist+0x132b/0x38e0
[ 1412.094749][T24042]  __alloc_frozen_pages_noprof+0x261/0x23f0
[ 1412.100619][T24042]  alloc_pages_mpol+0x1fb/0x550
[ 1412.105449][T24042]  new_slab+0x247/0x330
[ 1412.109586][T24042]  ___slab_alloc+0xcf2/0x1750
[ 1412.114244][T24042]  __slab_alloc.constprop.0+0x56/0xb0
[ 1412.119611][T24042]  __kmalloc_noprof+0x2f2/0x510
[ 1412.124438][T24042]  security_inode_init_security+0x13f/0x390
[ 1412.130310][T24042]  shmem_mknod+0x22e/0x450
[ 1412.134706][T24042]  lookup_open.isra.0+0x11d0/0x1580
[ 1412.139899][T24042]  path_openat+0x893/0x2cb0
[ 1412.144379][T24042]  do_filp_open+0x20b/0x470
[ 1412.148858][T24042]  do_sys_openat2+0x11b/0x1d0
[ 1412.153515][T24042]  __x64_sys_openat+0x174/0x210
[ 1412.158350][T24042]  do_syscall_64+0xcd/0x4c0
[ 1412.162832][T24042] page last free pid 5220 tgid 5220 stack trace:
[ 1412.169130][T24042]  __free_frozen_pages+0x7d5/0x10f0
[ 1412.174310][T24042]  __put_partials+0x165/0x1c0
[ 1412.178972][T24042]  qlist_free_all+0x4d/0x120
[ 1412.183541][T24042]  kasan_quarantine_reduce+0x195/0x1e0
[ 1412.188977][T24042]  __kasan_slab_alloc+0x69/0x90
[ 1412.193803][T24042]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[ 1412.199236][T24042]  getname_flags.part.0+0x4c/0x550
[ 1412.204331][T24042]  getname_flags+0x93/0xf0
[ 1412.208721][T24042]  do_sys_openat2+0xb8/0x1d0
[ 1412.213291][T24042]  __x64_sys_openat+0x174/0x210
[ 1412.218123][T24042]  do_syscall_64+0xcd/0x4c0
[ 1412.222608][T24042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1412.228478][T24042] 
[ 1412.230797][T24042] Memory state around the buggy address:
[ 1412.236400][T24042]  ffff88807b8e6f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1412.244437][T24042]  ffff88807b8e6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1412.252473][T24042] >ffff88807b8e7000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1412.260510][T24042]                                      ^
[ 1412.266129][T24042]  ffff88807b8e7080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1412.274163][T24042]  ffff88807b8e7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1412.282197][T24042] ==================================================================
[ 1412.290241][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1412.320605][T24042] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1412.327817][T24042] CPU: 1 UID: 0 PID: 24042 Comm: syz.7.4553 Not tainted syzkaller #0 PREEMPT(full) 
[ 1412.337183][T24042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 1412.347248][T24042] Call Trace:
[ 1412.350507][T24042]  <TASK>
[ 1412.353417][T24042]  dump_stack_lvl+0x3d/0x1f0
[ 1412.357993][T24042]  vpanic+0x6e8/0x7a0
[ 1412.361961][T24042]  ? __pfx_vpanic+0x10/0x10
[ 1412.366454][T24042]  ? sysfs_remove_file_ns+0x63/0x70
[ 1412.371634][T24042]  panic+0xca/0xd0
[ 1412.375342][T24042]  ? __pfx_panic+0x10/0x10
[ 1412.379762][T24042]  ? sysfs_remove_file_ns+0x63/0x70
[ 1412.384953][T24042]  ? preempt_schedule_common+0x44/0xc0
[ 1412.390395][T24042]  ? preempt_schedule_thunk+0x16/0x30
[ 1412.395766][T24042]  check_panic_on_warn+0xab/0xb0
[ 1412.400686][T24042]  end_report+0x107/0x170
[ 1412.404995][T24042]  kasan_report+0xee/0x110
[ 1412.409393][T24042]  ? sysfs_remove_file_ns+0x63/0x70
[ 1412.415007][T24042]  sysfs_remove_file_ns+0x63/0x70
[ 1412.420011][T24042]  driver_remove_file+0x4a/0x60
[ 1412.424850][T24042]  bus_remove_driver+0x224/0x2c0
[ 1412.429771][T24042]  driver_unregister+0x76/0xb0
[ 1412.434548][T24042]  comedi_device_detach_locked+0x12f/0xa50
[ 1412.440339][T24042]  comedi_device_detach+0x67/0xb0
[ 1412.445348][T24042]  comedi_device_attach+0x43d/0x900
[ 1412.450533][T24042]  do_devconfig_ioctl+0x1b1/0x710
[ 1412.455541][T24042]  ? __mutex_lock+0x344/0x1060
[ 1412.460289][T24042]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[ 1412.465824][T24042]  ? rcu_is_watching+0x12/0xc0
[ 1412.470570][T24042]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1412.476359][T24042]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1412.481556][T24042]  ? finish_task_switch.isra.0+0x221/0xc10
[ 1412.487349][T24042]  comedi_unlocked_ioctl+0x165d/0x2f00
[ 1412.492794][T24042]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1412.498581][T24042]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1412.504454][T24042]  ? do_vfs_ioctl+0x128/0x14f0
[ 1412.509211][T24042]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1412.514219][T24042]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1412.521056][T24042]  ? rcu_is_watching+0x12/0xc0
[ 1412.525808][T24042]  ? irqentry_exit+0x3b/0x90
[ 1412.530381][T24042]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1412.535563][T24042]  ? security_file_ioctl+0x6f/0x240
[ 1412.540748][T24042]  ? __sanitizer_cov_trace_pc+0x56/0x70
[ 1412.546278][T24042]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[ 1412.552067][T24042]  __x64_sys_ioctl+0x18b/0x210
[ 1412.556841][T24042]  do_syscall_64+0xcd/0x4c0
[ 1412.561328][T24042]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1412.567199][T24042] RIP: 0033:0x7fbf7b38ebe9
[ 1412.571595][T24042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1412.591180][T24042] RSP: 002b:00007fbf795f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1412.599577][T24042] RAX: ffffffffffffffda RBX: 00007fbf7b5c6090 RCX: 00007fbf7b38ebe9
[ 1412.607541][T24042] RDX: 0000200000000080 RSI: 0000000040946400 RDI: 0000000000000007
[ 1412.615503][T24042] RBP: 00007fbf7b411e19 R08: 0000000000000000 R09: 0000000000000000
[ 1412.623461][T24042] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1412.631412][T24042] R13: 00007fbf7b5c6128 R14: 00007fbf7b5c6090 R15: 00007ffd4518f5e8
[ 1412.639369][T24042]  </TASK>
[ 1412.642560][T24042] Kernel Offset: disabled
[ 1412.646870][T24042] Rebooting in 86400 seconds..