last executing test programs:

3m50.320017164s ago: executing program 3 (id=1356):
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, <r0=>0x0}, &(0x7f0000000380)=0xc)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003b40)={{0x1, 0x1, 0x18, r1, {r0, 0xee00}}, './file0\x00'})
stat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
statx(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x4000, 0x100, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
pipe(&(0x7f00000001c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sync_file_range(r6, 0xff, 0x7, 0xb)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000006c0)={0x0}, 0x1, 0x0, 0x0, 0x4004000}, 0x20000004)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
getsockopt$netrom_NETROM_T4(0xffffffffffffffff, 0x103, 0x4, 0x0, 0x0)
r8 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800010009000000000000000a00000000000000080001000200000004000b"], 0x24}}, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@delnexthop={0x20, 0x69, 0xb, 0x2, 0x0, {}, [{0x8, 0x1, 0x2}]}, 0x20}}, 0x0)
bind$inet(r8, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
sendmsg$xdp(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000240)}, {&(0x7f0000000440)="99a111fb84cf8f9c402349b4fcf1198cc71f87387c150639b887775a4b0a529d8fc13748845cde70892a8a66522b60e0c02d44145da4822a46eb1548856cb3be3b42df6c85f71df61dde6c3b20fc1cd3d94ebf52f2589594932b7e6627a56d076ad0b087375d031ab5b79b1ffbce0d7b90b4de9a48e6879ee18957f062aa6d3deb9ff155a5d6dbc6a6225458a92f96ac419e482ff2f5dbf4d4f82180b54e1005567a0d31a07aff0647e65001beca27e3666f383d4cf5ab11c9c5747f", 0xbc}, {&(0x7f0000000500)="843886155613f9dcbacc23b932b321dfa8ec94bab09e0238cdbf35f709405ac71aaa5ff666fe32cd5273ad3a9679dfb3c5007b887015306552cde762c7ee7a98f990afefb819a941af17b02686e25a6b358582e0be449819961c4fe84bde9b7da8277e18c09d6ae62c3b866031b05c697a88b88cdc8ce359a3532a6912893f4b742a1d154078290de0da5c429a8bdd1e838d4c62dc", 0x95}, {0x0}, {&(0x7f0000000080)}], 0x5, 0x0, 0x0, 0x48010}, 0x0)
ioctl$SNAPSHOT_GET_IMAGE_SIZE(r5, 0x8008330e, &(0x7f0000000740))
sendmsg$IPSET_CMD_FLUSH(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x28000010)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000003c0)={{}, {0x1, 0x2}, [{0x2, 0x0, r0}, {0x2, 0x4, r2}, {0x2, 0x7, 0xffffffffffffffff}], {0x4, 0x1}, [{0x8, 0x2, r3}], {0x10, 0x2}, {0x20, 0x2}}, 0x44, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28)

3m49.931349194s ago: executing program 3 (id=1359):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'tunl0\x00'})
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x7fc, 0x144a7dab3071a517)
ioctl$EVIOCGRAB(r2, 0x40044590, &(0x7f0000000080)=0x2)
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x101101, 0x0)
mount$9p_fd(0x0, &(0x7f0000000100)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000140), 0x21c804, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
write$evdev(r2, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f00002d4000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000b89000/0x2000)=nil)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x40c00)
ioctl$SG_IO(r4, 0x2285, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = io_uring_setup(0x54a0, &(0x7f0000000000)={0x0, 0x70e6, 0x2, 0x2, 0xf2})
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r6, 0x12, 0x0, 0x1000000)
setsockopt$inet_sctp_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000180)={0x7a2a, 0x9}, 0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r5, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x7ff}, 0xfffffffffffffe94)
sendmsg$inet_sctp(r5, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @remote}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x2804c054}, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r5, 0x84, 0x7c, &(0x7f00000001c0)={0x0, 0x6, 0x9}, 0x8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0xf400000000000000)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x1000)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[], 0x0}, 0x94)
r7 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r7, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

3m48.932538371s ago: executing program 3 (id=1363):
syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
migrate_pages(0x0, 0x2, &(0x7f00000002c0)=0x7f, &(0x7f0000000080)=0x9)
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xb, 0x0, {{0x3, 0x1, 0x7ffc, 0x2, 0x6, 0x40, {0x800000001, 0x40180, 0x8020ff, 0x9, 0x89, 0xd614, 0x5, 0x80000041, 0xfffffffe, 0x1000, 0x2, 0x0, 0x0, 0x3fe, 0x1}}, {0x0, 0x1a}}}, 0xa0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r1)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0xa8900, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000b07000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0xfffffffffffffffe)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000240))
syz_clone(0x1080, 0x0, 0x0, 0x0, 0x0, 0x0)
accept$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r7=>0x0})
bind$can_j1939(r6, &(0x7f0000000040)={0x1d, r7, 0x1, {0x1, 0xf0}}, 0x18)
write$bt_hci(r6, 0x0, 0x7)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00'})

3m46.995192692s ago: executing program 3 (id=1371):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
getsockopt$inet6_tcp_buf(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000020000000000000f9ffff0b85000000ae000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000040)='sys_exit\x00', r1}, 0x90)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"])
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TCSETAW(r3, 0x5407, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='debugfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000003c0)='./file0/../file0\x00', 0x0, 0x2040000, 0x0)
chroot(0x0)
pivot_root(&(0x7f0000007b00)='./file0/../file0\x00', &(0x7f0000000280)='./file0\x00')
r5 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000003b80)={0x1fd, 0x0, 0xf000, 0x2000, &(0x7f00000db000/0x2000)=nil})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_GET_PIT2(r5, 0x8070ae9f, &(0x7f0000000300))
openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0xaac00, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

3m46.483533609s ago: executing program 3 (id=1375):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="10000000040000000800000002"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000140)={r0, &(0x7f0000000280)="0f3573", &(0x7f00000000c0)=""/10, 0x2}, 0x20)

3m46.156132442s ago: executing program 3 (id=1377):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe})
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x18603})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
io_uring_setup(0x68af, &(0x7f0000000480)={0x0, 0x0, 0x1880, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, 0x0, 0xfffffffffffffffd)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x401, 0x2800)
sched_setscheduler(r5, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

3m46.01278427s ago: executing program 32 (id=1377):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
preadv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x3, 0x2, 0x2, {0x5, @vbi={0xb5, 0x4, 0x3, 0x0, [0x0, 0x18000000], [0x8200, 0x1]}}, 0xe})
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x10, 0x0, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, "001500"}, 0x0, 0x2, {}, 0x18603})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
io_uring_setup(0x68af, &(0x7f0000000480)={0x0, 0x0, 0x1880, 0x1})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, 0x0, 0xfffffffffffffffd)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r4 = userfaultfd(0x801)
ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x4})
ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f00000000c0), 0x401, 0x2800)
sched_setscheduler(r5, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)

2m48.707436328s ago: executing program 2 (id=1553):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3000000018000100005805b3f70000000ab1"], 0x30}}, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x4c, &(0x7f0000000000)=0xc000000, 0x4)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000001c0)={'bond0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x26, 0x100, 0xffffffff, 0x401, 0x0, 0x1, 0x0, 0x0, 0xb, 0xff, 0x0, 0x8000001f, 0x2, 0x47}})
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x371f82)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x1, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r3, 0x40505412, 0x0)

2m48.572339311s ago: executing program 2 (id=1556):
keyctl$dh_compute(0x17, &(0x7f0000000d80), 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ec0)={'cryptd(blake2b-160)\x00'}}) (fail_nth: 2)

2m47.176079025s ago: executing program 2 (id=1560):
r0 = socket$inet6(0xa, 0x3, 0x3c)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x1c5ed000)
r2 = userfaultfd(0x1)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r2, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2})
bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000008c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={<r4=>0xffffffffffffffff}, 0x2, 0x5}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f00000002c0)=[{0x2b, 0x0, [0xfffffe00, 0x5, 0x5, 0x3, 0x5, 0x400, 0x4, 0x9, 0x2, 0x3, 0x0, 0x987, 0x0, 0xfffffef9, 0x7, 0xa9]}], r4, 0x1, 0x1, 0x48}}, 0x20)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x5000, 0x1, @remote, 0x5}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)=',', 0xffdf}], 0x1)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20310020}, 0xc, &(0x7f0000000180)={&(0x7f0000000900)={0x2b0, 0x0, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x19c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3e, 0x4, {'gcm(aes)\x00', 0x16, "91d466b504e11cd630c279d982495c069cf0c5f0e71e"}}, @TIPC_NLA_NODE_ID={0xc7, 0x3, "1b61b036358145d39234407c0195e0f5ab62bcbda0e27d35c93429d900030eb745534bf2118921303f9cdf605bad01d745c25ea62595568cd3a0d49e1d562c2c263384a9f68476a7d2b3b7ce3ce9e0c7d03e4d1c3b23e4c0a42aa94387561ec486cec685fc8e279cdc26c3c0e87ea7886f3c3e983fd3cf0c5f28cf4fb13c2d421d22fa693129e1d19f70df8ba22c359252c8c04ed233ee493f914340ac436ff06dd811b07b465929a4cde8f21f6f0cb967a85153e2dfb977cbbd2b8719c8f0cbcd630e"}, @TIPC_NLA_NODE_ID={0x89, 0x3, "f66a72adf68c9ca9cfb0ae202160837b6d48fadb87a21a09241732fc149c99aa21541fc3f4267a2907b6be5d260fa08f4d0f6378dd061c678ab054c638f73acb6eaa19bcb417c3835cc85f88b76127b240c69186030979cab116e534f361a44653fffafda2880388ccda03184a210d027923a3f8b4d6f41cddab17fa42905848e2e69e7afb"}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}]}, @TIPC_NLA_NET={0x20, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8000}]}, @TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x1}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x64, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffff01}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x84b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffff001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}]}]}, 0x2b0}, 0x1, 0x0, 0x0, 0x20}, 0xc080)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
io_setup(0x81, &(0x7f0000000400)=<r7=>0x0)
io_submit(r7, 0x1, &(0x7f00000012c0)=[&(0x7f0000001180)={0x0, 0x0, 0x0, 0x0, 0x0, r6, 0x0, 0x0, 0x9}])
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r5, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c00000078de469d0cd1f06ac05489c78a7b5e0f0100000001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x24048001}, 0x4000000)

2m45.912060898s ago: executing program 2 (id=1565):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0xfffc}, 0x8)
sendto$inet6(r0, &(0x7f00000004c0)='W', 0x1, 0x4, &(0x7f0000000100)={0xa, 0x4e24, 0x3, @loopback, 0x8}, 0x1c)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x67ad, 0x8000, 0x8000, 0x67, 0x8000, 0x4, 0xf37c, 0x62}, &(0x7f00000001c0)=0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0)
mremap(&(0x7f00009d1000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00002a0000/0x4000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
ioctl(0xffffffffffffffff, 0x8b20, &(0x7f0000000040))

2m42.75202622s ago: executing program 2 (id=1571):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
move_pages(0x0, 0x3, &(0x7f0000000140)=[&(0x7f0000a0d000/0x3000)=nil, &(0x7f0000a3a000/0x1000)=nil, &(0x7f0000fc7000/0x13000)=nil], 0x0, &(0x7f0000000000), 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0xc}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x5c, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0)
read$msr(r4, &(0x7f0000002240)=""/102400, 0x19000)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$user(&(0x7f0000000080), 0x0, &(0x7f0000000140)="27bb8a6af547da4cad0fbd9a8e46fa06226f81d37635a6", 0x17, r5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x85a, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0xa6, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x0, 0x3}, {0xe, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x40080003}, {0x3, 0x5, 0x80, 0x0, 0xacc8, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffffc, 0x100, 0x4}, {0x8004, 0x80000001, 0xfffffeff, 0x80000df, 0x4, 0x5}, {0x0, 0x80000001, 0x9, 0x7, 0x1000, 0x7}, {0x5, 0x2, 0xfffffffd, 0x9, 0x474, 0x594}, {0x7fffffff, 0x1, 0x8, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x5, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x3, 0x3, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x8, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93e, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff417, 0x1, 0x3ff, 0x9}, {0x4, 0x8, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0xffff, 0x0, 0x3ff, 0x1, 0x400}, {0x1, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0x7, 0x8, 0x3, 0x984}, {0x2, 0xffffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x3, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0xd1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x3, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0xe000000}, {0x4e2, 0x6ae, 0x2, 0x100, 0x5, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x6}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x7fffffff, 0x8, 0x0, 0x1}, {0x2, 0x8, 0x2, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0xf}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x1, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0xfd, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x8, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x85, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x1, 0x8, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x5, 0x8}, {0x100, 0x3ff, 0x0, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x4, 0x1, 0x4, 0x4}, {0x9, 0x381, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x8, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x5, 0x400, 0x8000400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x2000007f, 0x8}, {0x5, 0x25b, 0x0, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0xa, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800000, 0x3, 0x10, 0x5}, {0x7f, 0x7, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff7, 0x5, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x40}, {0x6, 0xd, 0x6, 0xfb0000, 0x1, 0x7}, {0xe0, 0x100, 0x1, 0xb, 0x8, 0x7}, {0xffc, 0x1, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x401, 0x0, 0x4, 0xef}, {0x7, 0x2, 0x200, 0x8, 0x9, 0x2}, {0x54, 0x5, 0xa33f, 0x101, 0x2, 0x10001}, {0x1, 0x4, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x6, 0x5, 0x8, 0xffffffff, 0x405b9, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x9}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0x3, 0x4, 0x7, 0x7}, {0x4, 0x5, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x3, 0x7, 0x97fd, 0xef, 0x202}, {0x2, 0xa, 0x1000, 0x1, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x36b6800}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0xaa82}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0xdd}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x5, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x8}, {0x3, 0x2, 0x2, 0x3, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x70a0, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x402, 0x4, 0x8, 0x5}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x6, 0x1, 0x39d6}, {0x401, 0x7d4, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x0, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0x6, 0x4b64, 0x80000001}, {0x2ad78a25, 0x2, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x8a7, 0x129, 0xc}, {0x7, 0x2, 0x8, 0x3, 0xe01, 0xf933271}, {0x4a3, 0x4, 0x3, 0x514c, 0xf8a, 0x19}], [{0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x4}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x5}, {0x2, 0x1}, {0x6, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4}, {0x6, 0x1}, {0x5, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r3, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
r6 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)

2m40.715615961s ago: executing program 2 (id=1577):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(r2, &(0x7f0000000000)="ec", 0x1, 0x10000, &(0x7f0000000100)={0x23, 0x5, 0xe8, 0x23}, 0x10)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x50009404, &(0x7f0000000140))
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x309, 0x0, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x9, 0x0, &(0x7f0000000d40), 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000240)=[{}, {}, {}, {}, {}]})
sync()
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x6, 0x8}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()

2m25.678290666s ago: executing program 33 (id=1577):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$phonet(0x23, 0x2, 0x1)
sendto$phonet(r2, &(0x7f0000000000)="ec", 0x1, 0x10000, &(0x7f0000000100)={0x23, 0x5, 0xe8, 0x23}, 0x10)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x50009404, &(0x7f0000000140))
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000080)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$MEDIA_IOC_G_TOPOLOGY(0xffffffffffffffff, 0xc0487c04, &(0x7f00000001c0)={0x0, 0x309, 0x0, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x9, 0x0, &(0x7f0000000d40), 0x0, 0x0, 0x0, 0x5, 0x0, &(0x7f0000000240)=[{}, {}, {}, {}, {}]})
sync()
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x6, 0x8}, 0x50)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000001000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(r6, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()
sync()

26.385200352s ago: executing program 6 (id=1998):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdx:De', 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8040}, 0x4004000)
r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x141, 0xf2, 0xc5, 0x96, 0x20, 0x16d0, 0x10b8, 0xde8e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x0, 0x83, 0xec, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0x2, 0x0, 0xa}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000040)={0x84, &(0x7f0000000000)={0x0, 0x16, 0xc, "00004700000040f400bec073"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r4, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000300)={0x0, 0x31, 0x28, "b737c52d8937c56fc53875619e3abad0f1f8930021a7be531c9fe33b823a80a27011ce9d40ada868"}, 0x0, 0x0})
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000980)={<r5=>0xffffffffffffffff})
syz_usb_connect(0x3, 0x34, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000092df5510ac05269289b2010203010902220001"], 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f00000002c0)={'macsec0\x00', @random="0100"})
r6 = creat(&(0x7f0000000580)='./bus\x00', 0x0)
r7 = fanotify_init(0xf00, 0x2)
fanotify_mark(r7, 0x105, 0x8971, r6, 0x0)
readv(r7, &(0x7f0000000280)=[{&(0x7f0000000200), 0x3c}], 0x4c)
rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='./file1\x00')
ioctl$KVM_CREATE_VM(r6, 0xae01, 0xc)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0xb001, 0x4, 0x3f0, 0x208, 0x100, 0x100, 0x2f0, 0x2f0, 0x2f0, 0x7fffffe, 0x0, {[{{@arp={@multicast1, @multicast2, 0x0, 0xffffffff, 0xb, 0x0, {@mac=@link_local, {[0x0, 0xff, 0xff, 0xff]}}, {@empty, {[0x0, 0x0, 0xff, 0xff, 0x0, 0xff]}}, 0x400, 0x2, 0x7, 0x72b7, 0xe1b2, 0x4, 'syzkaller1\x00', 'vlan0\x00', {}, {}, 0x0, 0x200}, 0xc0, 0x110}, @unspec=@ERROR={0x0, 'ERROR\x00', 0x0, "c6fef3747eb94731821ca227fb9b083f78477018d6129c4cda3daa66e2e9"}}, {{@uncond, 0xc0, 0x110}, @unspec=@LED={0x0, 'LED\x00', 0x0, {'syz1\x00', 0x0, 0x800, {0xfffffffffffffffb}}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE3={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x46b)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000000c0)=0x14)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000100)={'erspan0\x00', r8, 0x80, 0x1, 0xe, 0xfaf8, {{0x1e, 0x4, 0x1, 0x14, 0x78, 0x64, 0x0, 0x0, 0x2f, 0x0, @empty, @empty, {[@timestamp_prespec={0x44, 0x34, 0x89, 0x3, 0xb, [{@remote, 0x7}, {@multicast2, 0x1000}, {@multicast2}, {@multicast2, 0x4}, {@local, 0x400}, {@multicast2, 0x8c}]}, @lsrr={0x83, 0x13, 0xa8, [@dev={0xac, 0x14, 0x14, 0x2d}, @broadcast, @multicast2, @multicast2]}, @ssrr={0x89, 0x3, 0xda}, @rr={0x7, 0x17, 0xf6, [@private=0xa010102, @private=0xa010102, @remote, @multicast1, @remote]}]}}}}})
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
syz_emit_ethernet(0x76, &(0x7f0000000100)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @local, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x8, '\x00', [@padn={0x1, 0xffffff84, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)=ANY=[])

23.560259361s ago: executing program 6 (id=2005):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
getpriority(0x2, 0x0)

19.318305344s ago: executing program 6 (id=2020):
mkdir(&(0x7f0000000040)='./bus\x00', 0x49)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000003980)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[], [{@fowner_eq={'fowner', 0x3d, r1}}], 0x2c})
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
bpf$PROG_LOAD(0x4, &(0x7f00000003c0)={0x3, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$tipc(0x1e, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/zoneinfo\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xfff, 0x9, 0xaa, 0xf, 0x80000006, 0xc6}, 0x0, 0x0)

18.45284046s ago: executing program 6 (id=2021):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
getpriority(0x2, 0x0)

16.715980048s ago: executing program 6 (id=2029):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r1, &(0x7f0000000340)=ANY=[], 0xff2e)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0xfc)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), r0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000800)={0x6, 0x4, 0x1a00}, 0x980)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r3=>0x0})
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r4, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000480)={0x20, r2, 0x1, 0x70bd25, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r3}, @NL802154_ATTR_SEC_DEVKEY={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40040}, 0x40004000)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32, @ANYBLOB="00000000000000001c001a800800028008000200080000003e12"], 0x44}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001c000100251d3bd64abd70f9fc51eae72f059300", @ANYRES32=r6, @ANYBLOB="8000ea020a000200aaaaaaaaaa0e0000"], 0x28}, 0x1, 0x0, 0x0, 0x41}, 0x40804)
r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000006a80), 0x1, 0x0)
unshare(0xa000400)
shmget(0x1, 0xffffffffff000, 0x200, &(0x7f0000ffb000/0x3000)=nil)
write$vga_arbiter(r7, &(0x7f00000002c0)=@target={'target ', {'PCI:', '0', ':', '0', ':', '0', '.', '0'}}, 0x13)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000080)={0xffffffffffffffff}, 0x4)
r9 = openat$cgroup(0xffffffffffffffff, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r8, r9, 0x6, 0x0, @void}, 0x10)
r10 = socket(0x10, 0x3, 0x0)
sysfs$2(0x2, 0x2000419, 0x0)
sendmmsg(r10, &(0x7f0000000000), 0x4000000000001f2, 0x0)

15.332163771s ago: executing program 6 (id=2034):
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @private1}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x30}, 0x0) (async)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @private1}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x30}, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[], 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, <r3=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180), 0x943, 0x0)
sync()
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305580000000000000000000008", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e00010069703665727370616e00000014000280060002003000000008000400ffffff1f"], 0x48}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305580000000000000000000008", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e00010069703665727370616e00000014000280060002003000000008000400ffffff1f"], 0x48}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x4, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES32=r4], &(0x7f0000000080)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
socket$kcm(0x11, 0x200000000000002, 0x300) (async)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4) (async)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)

8.351918924s ago: executing program 5 (id=2053):
socket$key(0xf, 0x3, 0x2)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r1, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="0600000004000000ff0f00000900000000000000", @ANYRES32, @ANYBLOB="0100"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x2000}, 0x50)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000)
fsync(r3)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
tkill(r6, 0x12)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r7, 0x0, 0x0}, 0x10)
ioctl$TIOCL_PASTESEL(r3, 0x541c, &(0x7f0000000000))

8.258347478s ago: executing program 4 (id=2055):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x16, 0xc, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
getpriority(0x2, 0x0)

6.50025775s ago: executing program 0 (id=2056):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_POWER(r0, 0x112, 0x9, &(0x7f0000000000)=0x6, 0x1)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r2 = syz_open_dev$radio(&(0x7f0000000140), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205647, 0x0)
r3 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0xb, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff})
sendmmsg$sock(r5, 0x0, 0x0, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x200c02, 0x0)
poll(&(0x7f00000001c0)=[{r0, 0x40}, {r7, 0x62c0}, {r0, 0x4}, {r2, 0x2260}, {r1, 0x4200}, {r5, 0x8057}], 0x6, 0x97)
close(r6)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$video4linux(&(0x7f0000000200), 0xa51, 0x42503)
r8 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r9 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="7472616e733d66642c7262646e993c9c7b21fed7f6503ec9064729c2004481520be53abccd139e8f101f5b54241718a1cc8935bb0ab282a1ec", @ANYRESHEX=r8, @ANYBLOB="2c7766646e6f3d9ae21d27e70a56fbb5d6341f3ba5cbb1b38570100989855fb8ec558e", @ANYRESHEX=r9, @ANYBLOB])
r10 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7}, 0x1c)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x1f, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a80000001801010020206425000000000020ea207b1af8ff85ea1932537effffffb702000008000000b70300000000000085000000b000000095000000000000000000000000000000000000653328e6a773445ec4d248bc71be95cfcd9915bf2fd63985bff18f5ca0fe71d9abf054f5d128f9d5fd3583a7ac41cc493b67"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffd}, 0x39)
listen(r10, 0x0)

6.461584572s ago: executing program 5 (id=2057):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
move_pages(0x0, 0x3, &(0x7f0000000140)=[&(0x7f0000a0d000/0x3000)=nil, &(0x7f0000a3a000/0x1000)=nil, &(0x7f0000fc7000/0x13000)=nil], 0x0, &(0x7f0000000000), 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0xc}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0xa, 0x0)
lsetxattr$system_posix_acl(0x0, 0x0, 0x0, 0x5c, 0x0)
ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, 0x0)
read$msr(r4, &(0x7f0000002240)=""/102400, 0x19000)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$rfkill(0xffffffffffffff9c, 0x0, 0x602, 0x0)
r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$user(0x0, 0x0, &(0x7f0000000140)="27bb8a6af547da4cad0fbd9a8e46fa06226f81d37635a6", 0x17, r5)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0xeb0, 0x30, 0xb, 0x0, 0x0, {}, [{0xe9c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0xe50, 0x2, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{0x5, 0xa, 0x4, 0x1, 0x2000000}, 0x5, 0x1}, [{0x9, 0x80000001, 0x1, 0x630, 0x8, 0x1}, {0xdf, 0x4, 0x5, 0x5, 0x10, 0xe}, {0x1, 0x85a, 0x5, 0xe6db, 0x3, 0xfffffffc}, {0x6, 0x400, 0x9321, 0xa6, 0x6, 0x7}, {0x5, 0x5, 0xffffffc0, 0x0, 0x3}, {0xe, 0xf5, 0x3, 0x9, 0xffffbff8, 0x3}, {0x0, 0x7, 0xfff, 0x2, 0x9163ef6c, 0x40080003}, {0x3, 0x5, 0x80, 0x0, 0xacc8, 0x2}, {0x8001, 0xffb, 0x9, 0xffff, 0xfffffffe, 0x81}, {0x8, 0xfff, 0x6, 0xeb84, 0x8, 0x30c4}, {0x7, 0x9, 0xfffffffc, 0x100, 0x4}, {0x8004, 0x80000001, 0xfffffeff, 0x80000df, 0x4, 0x5}, {0x0, 0x80000001, 0x9, 0x7, 0x1000, 0x7}, {0x5, 0x2, 0xfffffffd, 0x9, 0x474, 0x594}, {0x7fffffff, 0x1, 0x8, 0xfffffff9, 0x6, 0xffffffff}, {0x24, 0x5, 0xf, 0x6, 0x6, 0x8000003}, {0xbb, 0x5, 0x2, 0x310, 0xf}, {0x9b7d, 0x52fc, 0x3, 0x3, 0x48, 0x9}, {0xbd, 0x8, 0x10, 0xe4d, 0x7f, 0x3}, {0x8, 0x8, 0x9, 0x27, 0x2, 0x5}, {0x4, 0x1000, 0x5, 0x6, 0x93e, 0x6}, {0x1, 0x7, 0x0, 0x1, 0xff, 0x3}, {0xb, 0x7f, 0xfffff417, 0x1, 0x3ff, 0x9}, {0x4, 0x8, 0x7, 0xb, 0x8, 0x80004d}, {0x34db, 0xffff, 0x0, 0x3ff, 0x1, 0x400}, {0x1, 0xcb1d, 0x8, 0x1, 0x0, 0x4}, {0x5, 0x3, 0x7, 0x8, 0x3, 0x984}, {0x2, 0xffffffff, 0x3, 0x2, 0x9, 0x40}, {0x7, 0x281, 0x7fffffff, 0x3, 0x3, 0x8}, {0x5, 0x4, 0x1, 0x8, 0x4, 0x2f}, {0x6, 0x3, 0x4, 0xd1a1, 0x9, 0x7}, {0x5, 0x3, 0x8, 0x4, 0x16, 0x2}, {0x8001, 0x87, 0x6, 0x1, 0x3, 0x4}, {0x6, 0x9e4, 0x8b7f, 0x11, 0x3, 0x7}, {0x7, 0x1, 0x800, 0x70f, 0x8001, 0x3}, {0x4, 0x10, 0x6, 0x1, 0x4, 0x22ff}, {0x5, 0x10001, 0x9, 0x0, 0x10001, 0x7}, {0xf85, 0x2e, 0x100, 0x3, 0x100, 0xe60c}, {0x2, 0x5, 0x1, 0xe000000}, {0x4e2, 0x6ae, 0x2, 0x100, 0x5, 0xd}, {0x1, 0xcad, 0xa5, 0x2, 0x4d800, 0x6}, {0x20, 0x7f, 0x33, 0x2, 0x400, 0x4}, {0x4, 0x62e, 0xb, 0x219c, 0x0, 0x5}, {0x0, 0x4, 0x0, 0x1, 0x1, 0x1}, {0x7f, 0x945a, 0x0, 0x0, 0x8, 0x3}, {0xda1, 0x893, 0x2, 0x9, 0xfffffa2e, 0x6}, {0x1, 0xfffffff3, 0x7fffffff, 0x8, 0x0, 0x1}, {0x2, 0x8, 0x2, 0xe, 0x2, 0x2}, {0x6, 0x100, 0xe, 0x10000, 0x5, 0x7}, {0x0, 0x6, 0x7, 0x4, 0xc, 0x800}, {0x8, 0x10000, 0x1, 0x1, 0x7}, {0x7d5, 0x2, 0x4, 0x800, 0xf}, {0x1, 0x5, 0x6, 0x2, 0x8, 0xc}, {0x2, 0x1, 0x3, 0xc, 0x1, 0x2c3}, {0x1000, 0x3, 0xbc, 0x8001, 0xfa, 0x8}, {0x2, 0x3, 0x9, 0x50e, 0x55ac, 0xa5e2}, {0x0, 0x196680, 0xffffff91, 0xfd, 0x3, 0x7}, {0x4, 0x4, 0x2, 0x1, 0x0, 0xe}, {0xfffffff5, 0x8, 0x7023, 0x8, 0x5, 0x851}, {0x3, 0x78, 0x7, 0xa, 0x5dec4cac, 0x6}, {0x4, 0x9, 0x3a, 0x2, 0x8, 0x602}, {0x4, 0x7fffffff, 0x8, 0x8, 0x8, 0xff}, {0x7, 0xfffffff1, 0x2f2c, 0x400, 0x6, 0x6}, {0x10001, 0x81, 0x40, 0x2, 0x85, 0x2}, {0x2, 0x8550, 0x4c, 0x3, 0xfffffffa, 0x736d}, {0x7f, 0x199, 0x5, 0x9, 0x7, 0x2}, {0x7, 0x1, 0x8, 0x7, 0x2, 0x7}, {0x9, 0x3f1, 0x4, 0x5, 0x5, 0x8}, {0x100, 0x3ff, 0x0, 0x7f53, 0x7, 0x1}, {0x3ff, 0xc, 0x4, 0x1, 0x4, 0x4}, {0x9, 0x381, 0xfff, 0x5d7c, 0x0, 0x8001}, {0x8, 0x0, 0x7, 0xfffffffb, 0x3ee, 0x4}, {0xbfffffe, 0x6, 0x101, 0x5, 0x400, 0x8000400}, {0x7fff, 0xb3, 0x2, 0x10000, 0x6, 0x14}, {0x0, 0x1, 0x4c90, 0x4, 0x2000007f, 0x8}, {0x5, 0x25b, 0x0, 0x3, 0x2, 0x2}, {0x29dbdf0, 0xd, 0xfffffffd, 0x7, 0x6, 0x3}, {0x7, 0x1, 0xa, 0x8, 0x5, 0x5}, {0x473, 0x8, 0x2, 0x400, 0x4000000, 0x69b3d6e6}, {0x1, 0xb7bb, 0x22800000, 0x3, 0x10, 0x5}, {0x7f, 0x7, 0x6, 0xffffffff, 0x3, 0x8}, {0xfffffff7, 0x5, 0xa, 0x40, 0x863, 0x2}, {0xb, 0x9, 0xc, 0x3c1, 0x6e, 0x40}, {0x6, 0xd, 0x6, 0xfb0000, 0x1, 0x7}, {0xe0, 0x100, 0x1, 0xb, 0x8, 0x7}, {0xffc, 0x1, 0x0, 0x38, 0x0, 0x9}, {0x82, 0x10, 0x401, 0x0, 0x4, 0xef}, {0x7, 0x2, 0x200, 0x8, 0x9, 0x2}, {0x54, 0x5, 0xa33f, 0x101, 0x2, 0x10001}, {0x1, 0x4, 0x800004, 0x10001, 0x2, 0xce}, {0x4, 0x8, 0x8, 0x3, 0xf, 0x9}, {0x6, 0x5, 0x8, 0xffffffff, 0x405b9, 0x6}, {0x9, 0x0, 0x9, 0x2, 0x9}, {0x0, 0x2, 0xb, 0x7fffffff, 0xfc0, 0x7f1b4893}, {0x4, 0xd, 0x3, 0x4, 0x7, 0x7}, {0x4, 0x5, 0xe, 0x3, 0x3dcb, 0x9}, {0x200, 0x0, 0xe8, 0x1, 0x800000d4, 0x1}, {0xc651, 0x5f83, 0x2, 0x1, 0xd, 0x8}, {0xfff, 0x5, 0x1, 0x0, 0x49, 0x5}, {0x5, 0x3, 0x7, 0x97fd, 0xef, 0x202}, {0x2, 0xa, 0x1000, 0x1, 0x6, 0xe0}, {0x800, 0x4c, 0x7, 0x0, 0xfffffff7, 0x9}, {0x6, 0xffff, 0xffff8001, 0xa, 0xae36, 0x36b6800}, {0xcfb7, 0x0, 0x101, 0x2, 0x1, 0xaa82}, {0x6, 0x800, 0xec3d, 0xffffffff, 0xea5, 0x3}, {0x9, 0x5, 0x2, 0x0, 0x0, 0xdd}, {0x6, 0x6, 0x0, 0x1e9, 0x6, 0x1}, {0x3, 0x7, 0x5, 0x3, 0x400, 0x81}, {0x970, 0x100, 0xb2eb, 0x2, 0x3, 0x9}, {0x3, 0x6, 0x8, 0x7, 0xd, 0x474c}, {0xf, 0x101, 0x9a, 0x1000, 0x2, 0xfffffffc}, {0x3, 0x98e, 0x1a5e666b, 0x10, 0x7, 0x9}, {0xfffffffb, 0x3, 0x3, 0x2ee8000, 0x8}, {0x3, 0x2, 0x2, 0x3, 0x3, 0x2}, {0x7, 0x4, 0x1, 0x7, 0x101, 0xef}, {0x70a0, 0x9, 0x425b597f, 0x1, 0x2, 0x7}, {0x6, 0xc000000, 0x402, 0x4, 0x8, 0x5}, {0x3, 0x6, 0x7, 0xfffffff9, 0x0, 0xffffffff}, {0x7, 0x9, 0x8, 0x0, 0x9, 0xd6}, {0x24, 0x10001, 0x6, 0x1, 0x39d6}, {0x401, 0x7d4, 0x9, 0x8000, 0xffff, 0x7}, {0x6, 0x92e4, 0x130, 0x0, 0x4, 0x9}, {0x0, 0x7fff, 0x7, 0x8001, 0x8, 0x5}, {0x7e, 0x800, 0xfffffff9, 0x6, 0x4b64, 0x80000001}, {0x2ad78a25, 0x2, 0x6, 0x6, 0x4, 0x8}, {0x2, 0x9, 0x0, 0x8a7, 0x129, 0xc}, {0x7, 0x2, 0x8, 0x3, 0xe01, 0xf933271}, {0x4a3, 0x4, 0x3, 0x514c, 0xf8a, 0x19}], [{0x1}, {0x4, 0x1}, {}, {0x1}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x1}, {0x2}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x4}, {}, {0x1, 0x1}, {0x5, 0x1}, {0x5}, {0x3}, {0x5, 0x1}, {}, {0x0, 0x1}, {0x3}, {0x2, 0x1}, {0x4}, {0x5}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x1, 0x1}, {0x4}, {0x1}, {0x3, 0x1}, {0x1}, {0x3}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3}, {0x0, 0x1}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x2}, {0x3, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x5, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x4}, {0x5}, {0x1, 0x1}, {}, {0x3, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x2}, {0x5}, {0x9, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x2}, {0x5}, {0x2, 0x1}, {0x6, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x3, 0x1}, {0x1}, {0x2}, {0x2}, {0x5}, {0x3, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2}, {0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5}, {0x4}, {0x2, 0x1}, {0x3, 0x1}, {0x4}, {0x1}, {0x5, 0x1}, {0x4, 0x1}, {0x3}, {0x3, 0x1}, {0x0, 0x1}, {0x5}, {0x3, 0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x5, 0x1}, {0x3}, {0x4}, {0x5, 0x1}, {0x3, 0x1}, {0x4}, {0x1, 0x1}, {0x4}, {0x6, 0x1}, {0x5, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xeb0}}, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x40}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=@newtfilter={0x8c, 0x2c, 0xd27, 0x30bd25, 0x25df9bfb, {0x0, 0x0, 0x0, r3, {0xd, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x54, 0x2, [@TCA_ROUTE4_ACT={0x50, 0x6, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0xa, 0x5, 0x4, 0x7, 0x8}, 0x39}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x0, 0x3}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x8010}, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
r6 = syz_usb_connect(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)

6.131490189s ago: executing program 4 (id=2058):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x3}, 0xfe}, 0x18)
syz_usb_connect$uac1(0x0, 0xac, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="cfc700000000000004000000ff0000", @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r2)
r3 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='uid_map\x00')
lseek(r4, 0x80, 0x1)
ioctl$TCSBRKP(r3, 0x5425, 0x0)
capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x9, 0x81, 0xffffffff})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$sock_int(r5, 0x1, 0x1, &(0x7f0000000140)=0x7, 0x4)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xf, &(0x7f0000000380))
io_setup(0x7, &(0x7f0000000780)=<r7=>0x0)
io_pgetevents(r7, 0xb, 0x0, 0x0, 0x0, 0x0)
syslog(0x3, &(0x7f0000000200)=""/90, 0x5a)
syz_io_uring_submit(0x0, 0x0, 0x0)
ioctl$TCSETSF(r6, 0x5404, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x40, 0x9e, "7a58beca39ed2d5a99bbc4bff0ebd3e9bd5a8e"})
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

6.036198873s ago: executing program 0 (id=2059):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000040))
socket$inet6_icmp(0xa, 0x2, 0x3a)
set_mempolicy(0x3, &(0x7f0000000100)=0x3, 0x9)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x808000, 0x4, 0x20300, 0xfc, 0x2000000}, 0x1c)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)

5.499636927s ago: executing program 0 (id=2061):
r0 = socket$pppoe(0x18, 0x1, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f00000000c0)={0x18, 0x0, {0x2, @random='<Ixll\\', 'lo\x00'}}, 0x1e)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x2, @empty, 'ip_vti0\x00'}}, 0x1e)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000020000000000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000008c80)=ANY=[@ANYBLOB="2c00000026000506"], 0x2c}}, 0x800)
read$FUSE(0xffffffffffffffff, &(0x7f0000000680)={0x2020}, 0x2020)
getpid()
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r4, 0x84, 0x8, &(0x7f0000000040), &(0x7f0000000080)=0x4)
setsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
write(r5, &(0x7f0000000000)="fc0000001a000700ab092500090007000aab0700a90100001d60369321000100ff0500000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc0003000500000014000027000089fee1434f1e596534d07302ade0bbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201800015b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb00d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a8700"/252, 0xfc)

4.052186324s ago: executing program 1 (id=2064):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x15)
socket(0x18, 0x1, 0x5)
socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth0\x00'})
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0xa, [@restrict={0x6, 0x0, 0x0, 0xb, 0x3}, @type_tag={0xc, 0x0, 0x0, 0x12, 0x2}]}, {0x0, [0x30, 0x2e, 0x4f, 0x61, 0x2e, 0x30, 0x5f, 0x30]}}, &(0x7f00000003c0)=""/104, 0x3a, 0x68, 0x1, 0x10001, 0x10000}, 0x28)
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f00000006c0), 0x109c60, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x18, 0x7, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xd7ed}, [@ldst={0x1, 0x0, 0x0, 0x1, 0x2, 0x100}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x439}, @call={0x85, 0x0, 0x0, 0x83}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0xa3, &(0x7f00000002c0)=""/163, 0x40f00, 0x20, '\x00', 0x0, @fallback=0x2b, r2, 0x8, &(0x7f0000000480)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000004c0)={0x5, 0x0, 0x4, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x6, &(0x7f0000000700)=[0xffffffffffffffff, r3, 0x1], &(0x7f0000000740)=[{0x1, 0x1, 0xa, 0x4}, {0x5, 0x1, 0x4, 0x7}, {0x2, 0x5, 0x7, 0xb}, {0x4, 0x4, 0xd, 0x3}, {0x2, 0x2, 0xc, 0x2}, {0x2, 0x5, 0x9, 0x4}], 0x10, 0x5}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_open_dev$media(&(0x7f0000000380), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(r4, 0xc1007c01, &(0x7f0000000500))
dup(0xffffffffffffffff)

3.931686893s ago: executing program 0 (id=2065):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f001000000000109010000c0050904000b8103000100092100002801220600090581030002020a0d"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='binder\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x18)
getdents64(r1, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
openat$incfs(r1, &(0x7f0000000400)='.log\x00', 0x1c0c0, 0x1c)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x14, 0x0, &(0x7f0000000000))
syz_usb_control_io$hid(r0, 0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r4 = open(&(0x7f00000002c0)='./file0\x00', 0x2000, 0x0)
write$selinux_load(r4, &(0x7f0000000700)={0xf97cff8c, 0x8, 'SE Linux', "b64082e8ff430ed0a8cd05399e445af6bb160ad7b192c89131ab9995b353367772ddda16c988bc0d21a2e6fb42fa100982fa4abb5a41975332f2e2de9f6affba0d0acf759f44fef1e39ac83b73930c2cad5033bfb707bcf9ee8a69674969af6662f1c98468ecea8d566d09a9bd5c0b1d036b7315865d4a6250af2bd08672904582f754087020185e2fb2c00c1521ef82f5058c01ac3741cec76fd63374823d6ef011843b18c12a3be75411fe3e0d9521f6e4631df5241804ca8d87fb150111a28cae63388c86485491fa2a8e85576b22bc2a9cdf00871fab46724372d3e49f6eb7763df51c959c049e30a3facaeceb6f779e7bfc"}, 0x104)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000000000006a0a00ff00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2f01806fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872971c7c77f0979b34e1ad837ff0d10b97163c1d6d0e196bf02f46c7953ab1abda45cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c0ec0cb9bf4e418d076df4c7df0a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346b1004006000000e1ffff8816326d7d25c32aac1c7d5b5be399f6609876b5887437a172fbc02a74135b29194e533583412dff048f0000000000000000b2728a0481e9f0da43bb6cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13caec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad3e328a100000000b515a1000000000000000eb2e9c15b6c8f6198282df27badac8500bc7d202e0990"], &(0x7f0000000340)='GPL\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r5, 0xffff0000, 0xf0, 0xe200, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48)
fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f00000000c0))
syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x6, {[@global=@item_012={0x1, 0x1, 0x8, "1f"}, @main=@item_012={0x2, 0x0, 0x8, 'Q;'}, @local=@item_012={0x0, 0x2, 0x5}]}}, 0x0}, 0x0)

3.641155455s ago: executing program 1 (id=2066):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="400100000000000029000000370000005c04000000000000c910ff0100000000000000000074b25e68cf1aa8d6dac9f941f5d3715973a40000000001000100071000000003027d060092c03cceb98470626b1801f8ff00"], 0x40}}], 0x1, 0x810)
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3b"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.446571122s ago: executing program 1 (id=2067):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000400000000000021f92791d3619334fbc09c4b5b55c2eeca99ec92d7b4f9756046ccbe4c3b9c16502e7f999e546704cdc083e3c49c190e1f263b68caeb5b930f53bca3fb715a321d7b85a8e621"], 0x0, 0x26, 0x0, 0x1}, 0x28)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x200105d0}], 0x1}, 0x1f00)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
madvise(&(0x7f000059e000/0x5000)=nil, 0x5000, 0x9)
sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0xfffffff5, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x89, &(0x7f0000000580), &(0x7f00000005c0)=0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000001840)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, r0, 0x0, 0x0, 0x5d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.26930477s ago: executing program 5 (id=2068):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x16, 0xc, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
getpriority(0x2, 0x0)

2.40009556s ago: executing program 1 (id=2069):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x7c, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x8f, 0xfb, 0x3, 0x40, 0x7, 0x0, 0x2e, 0x19}, {0xeeee0000, 0x5000, 0xa, 0x0, 0x40, 0x5, 0x7d, 0x7f, 0x5, 0x3, 0x3, 0xfc}, {0xdddd1000, 0xffff1000, 0x2, 0x5, 0x3, 0x7, 0x9f, 0x9, 0x1, 0xa7, 0x6, 0x81}, {0x4, 0xeeee0000, 0xb, 0x6, 0x4, 0x42, 0x7, 0xff, 0x8, 0x7, 0xe, 0x8}, {0xeeee0000, 0xdddd1000, 0xb, 0x3, 0x6, 0x7, 0xab, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0x1000, 0x80a0000, 0x10, 0x7, 0xb1, 0x8, 0x8, 0x0, 0x80, 0xf, 0x1, 0xfd}, {0xffff1000, 0xd000, 0xd, 0x5, 0x7, 0x5, 0x7, 0x3, 0x5, 0x81, 0xff, 0x70}, {0x100000, 0xeeee0000, 0xe, 0xc9, 0xf, 0x7, 0x1, 0xd, 0x2, 0xc, 0x7, 0x9}, {0xeeef0000, 0x30}, {0x10000, 0x7}, 0x80000031, 0x0, 0xf000, 0x2024, 0x5, 0x10800, 0x8000c00, [0x6800000000000000, 0x4, 0x5, 0x3]})
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x3, 0x7fff0000}]})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)={0x2, {{0x2, 0x0, @multicast2}}, 0x0, 0x5, [{{0x2, 0x0, @broadcast}}, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x4e20, @private=0xa010102}}, {{0x2, 0x4e24, @multicast1}}, {{0x2, 0x4e20, @broadcast}}]}, 0x30c)
r5 = syz_io_uring_setup(0xef5, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x3a, 0x0, 0x0, 0x10004}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x115840, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000040)={'dummy0\x00'})
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0xc, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81000, 0x1})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)

2.124028947s ago: executing program 5 (id=2070):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000200)=0xffff5149, 0x4)

2.095785909s ago: executing program 1 (id=2071):
mkdir(&(0x7f0000000040)='./bus\x00', 0x49)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000003980)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000200), 0xd4, &(0x7f0000000180)={[], [{@fowner_eq={'fowner', 0x3d, r1}}], 0x2c})
syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
bpf$PROG_LOAD(0x4, &(0x7f00000003c0)={0x3, 0x0, 0x0, &(0x7f0000000780)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$tipc(0x1e, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
openat$procfs(0xffffffffffffff9c, &(0x7f0000001140)='/proc/zoneinfo\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f0000000140)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffd, 0x1000001000, 0x1}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xfff, 0x9, 0xaa, 0xf, 0x80000006, 0xc6}, 0x0, 0x0)

2.039410218s ago: executing program 5 (id=2072):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00'}, 0x18)
r0 = socket$igmp(0x2, 0x3, 0x2)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000002c0)=ANY=[], &(0x7f0000000040)=0x28)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000080)=0xb0000)
r2 = socket$tipc(0x1e, 0x5, 0x0)
getsockname$tipc(r2, &(0x7f0000000100)=@name, &(0x7f0000000140)=0x10)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000000)={@my=0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f00000000c0)={{@any, 0x8}, 0x0, 0xed2d9055c24bc296})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x80a02, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x20000000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
io_uring_setup(0x2756, &(0x7f0000000080)={0x0, 0xffffff7c, 0x100, 0xffffffff, 0x73})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

1.99205642s ago: executing program 4 (id=2073):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="400100000000000029000000370000005c04000000000000c910ff0100000000000000000074b25e68cf1aa8d6dac9f941f5d3715973a40000000001000100071000000003027d060092c03cceb98470626b1801f8ff00"], 0x40}}], 0x1, 0x810)
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800e"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.86038611s ago: executing program 4 (id=2074):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000100)='bbr', 0x3)
sendmmsg$inet(r2, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000880)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f1988536d4b5888807b3aaafaf59f53121782a0a9370dc0feae13c8c2a1dcc8a3122aaa3dcd5b9247a915378e6492e5b94073dcdc87e7c794fb262a7e9ee0b9432f74331c6e9412ac6557c54c6ac72bc24ff70ca2f8ef53773c5cbdf4a583f81fdc8719dbe967b0690a3ed3f314c3e2ceebb3e29d00c2c1053d1e8b32d8a8be1bb9786746e0ee564306c80d7045747165005fa3528b5ac1e35e03b69cb54111dfcebc6d585aacdd57c351ef1aa8050274b122a21b47432f17a0cacfd9524d9cb09029e4daefaea47f8cd5a4f1dee71093ebc076363e14f78dd3b129b4b3ae5a7a085297416f1f1a8aeefa517ed1525ec76469b8b469851cc56c6016d9067dac3de3818856014c98ce8f36dac4d8cdb1f25e3c5de7bdab78066d2418c12e0acde73c05fc80a0658c7fbc52812a8423323a80e8a968e0ace13290fe8f862c1e7233c26f73ca24e5e441dd406e136df3a3996865e0693d955c691c675c3f6191b225d82ea4c6a7b2c1ed690c17768cd2b21ab0ac2ca7673eb9c00d635e146555db84b8a9061c3ca8bbefd2ae2b80f4a09561a098815c1357c4a7bca207121687b851ca19a37a65c6138bf925610ae61f58630a053ee702229bb9448444a5a93ce6cde416fe3f413e41c70a0f0f17fdc912419d09d34156ee0727d498fcd7f54e71f7f8e979ced588320f21114362bc1bebbc21fa8f7cb9bd30605b5509f191f6a11ce68a3c34a09412925eb20941969617e323e06c3761b91efcab55c0ceaebf7a1be845afbb3b2b1ab3bb245bfd0e838c41f952c08540cdff8b6ddba7edf0ba28112b15a3cbea3bac22b2e8b3ca6954cd36aad0e54dbad6a95b63e2118bd39664d2a053f18b7963a72a9ef4bf5ecad4390394953b194b34", 0x2fb}], 0x1}}, {{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000001040)="cc5a4dbac0affd0a979c63ea8352d608a51fc8625318716ddf62b7752be4540c4ac7d344c53a3ad28313abc2437b60b03c0e587cafcf9a435bf90c618351f70a828238fdf90bc5d36c7d614b82552649954e0185662defd28f78449f073bad544f586136c5076a6f0f1b6fc9adf80557eb44db1b41824e9ef104c95e999766bbf27d74ad5d8fa63210cde65d384dd3e87c3fedaec3144d1ee66a0eb0750363e346cb930dae6109df6b9955bf8af119b5c9a86622af4ff8b5949fb90f8edbde416d046d61512fe4c453bb601a780e1bbc00dbedc5e50d3cd9bc920810eaefd5f9a171e9d32ab46b42e3e78c60087318bab42e94653cbd9e52fba37c5a31d095500e91d02256f101e82447e34733220cdaaabc947f5b815080b5214c94a06fe96450ea42f48006c032b24d9e8d722841b7c7244b1d2cc012fcda1f7472fdbabb673ef862e32b359fad715b3f5cef6ef951abab80a4a0f5f8574395c5820fa25d07a119e23b39a87cb3b763fbfb0491121eec3e05eacbe7835e79e74881d1179013622a2a6421d51c", 0x187}], 0x1}}], 0x2, 0x480e0)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendto$inet(r2, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x51, 0x12, 0x5, 0x0, 0x29, 0x0, 0x657, 0x0, 0xbdf], 0xffff1001, 0x2429c0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, &(0x7f00000000c0))
rt_sigaction(0x39, 0x0, 0x0, 0x4c, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x9, 0x1000000000, 0x0, 0x41, 0x2000001, 0x0, 0x2004cb, 0x0, 0x1000000, 0x40000000068ff, 0x5, 0x800000009, 0x3, 0x6], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x8080000, 0xc, 0x8, 0x1b, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x8}, {0x5000, 0x1000, 0x3, 0x0, 0x42, 0x5, 0x81, 0x5, 0x12, 0x3, 0x2, 0x87}, {0xeeef0000, 0xdddd1000, 0xe, 0x5, 0x3, 0x4, 0x0, 0x9, 0x8, 0xa7, 0x5, 0x5}, {0x6000, 0xeeee0000, 0xf, 0x6, 0x1, 0x42, 0xb, 0xff, 0x8, 0x80, 0xe}, {0xeeee0000, 0xd000, 0xb, 0x3, 0x15, 0xb, 0xab, 0x8, 0x9, 0x83, 0xa1, 0x83}, {0x1000, 0x80a0000, 0xe, 0xa0, 0xb1, 0x8, 0x3, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x3000, 0x8001000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x4, 0x5, 0x81, 0xff, 0x70}, {0x100000, 0x4000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xc, 0xb0, 0x9}, {0xdddd1000, 0x30}, {0x10000, 0x7}, 0x80000031, 0x0, 0x8000000, 0x2024, 0x3, 0x0, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0x4]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_open_dev$mouse(&(0x7f0000000100), 0x9, 0x220900)

1.045987961s ago: executing program 1 (id=2075):
syz_usb_connect$cdc_ncm(0x4, 0xd1, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003020000182505a1a44000010203010902bf0002010650000900000000020d00000524060001082400a9b30d240f010a0000000300ff000606241a05001407240a050905580c240c00000000a90c09000304240202042402"], 0x0)
syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000772aed408680070bb96c010203010902e30003dc2000000904003f000e01000505a40600010524007f000d240f0104000000080000000006241a03000a05240101070424020a1524120009a317a88b045e4f01a607c0ff"], 0x0)

836.512987ms ago: executing program 0 (id=2076):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x11, &(0x7f0000000680)=0xab21, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
socket$isdn_base(0x22, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = gettid()
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffbfffff5]}, 0x8, 0x0)
readv(r4, &(0x7f0000000200)=[{&(0x7f0000000080)=""/59, 0x3b}, {&(0x7f0000000300)=""/69, 0x45}], 0x2)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='signal_generate\x00', r6}, 0x18)
tkill(r3, 0x8)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="a7e392e1", @ANYRES16=r7, @ANYBLOB="010027bd7000fddbdf250b0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00db6a0000"], 0x3c}, 0x1, 0x0, 0x0, 0xb6c6cd315b241bca}, 0x8000)
close_range(r1, 0xffffffffffffffff, 0x0)

833.81133ms ago: executing program 5 (id=2077):
socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
getpid()
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x4)
r3 = inotify_init()
inotify_add_watch(r3, &(0x7f00000000c0)='.\x00', 0x5000009)
fallocate(r2, 0x0, 0x1000000, 0x3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e20, 0x9, @empty, 0x10}}, 0x0, 0x0, 0x1c, 0x0, "fb9a201bcf35506e3e77848b2b87a2d40318bb05e4e29306a0b8718b0b3602cf89fe5cbb65f6ce9b9de68542c2f0b0eff851facbd766bc80492388111244330f8dfd0ce58fb0e6cddcac56871b14206c"}, 0xd8)
socket$inet6_tcp(0xa, 0x1, 0x0)
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000040)=ANY=[], 0x118)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)

757.943425ms ago: executing program 4 (id=2078):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="400100000000000029000000370000005c04000000000000c910ff0100000000000000000074b25e68cf1aa8d6dac9f941f5d3715973a40000000001000100071000000003027d060092c03cceb98470626b1801f8ff00"], 0x40}}], 0x1, 0x810)
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3b"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

690.249419ms ago: executing program 0 (id=2079):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x7, 0x0, 0x4a7}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00'}, 0x18)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_int(r3, &(0x7f0000000200)='cpuset.mem_exclusive\x00', 0x2, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
userfaultfd(0x1)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$inet_udp(0x2, 0x2, 0x0)
close(r7)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0)
write$binfmt_misc(r6, &(0x7f0000000000), 0xfffffecc)
splice(r5, 0x0, r7, 0x0, 0x4ffe6, 0x0)

589.978512ms ago: executing program 4 (id=2080):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001340)={0x16, 0xc, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x7fffffffffe, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
ioctl$TUNSETPERSIST(r2, 0x400454cb, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00'})
r4 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r4, &(0x7f0000000040)={0xa, 0xe22}, 0x1c)
connect$inet6(r4, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
getpriority(0x2, 0x0)

0s ago: executing program 34 (id=2034):
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, 0x0, 0x0)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @private1}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x30}, 0x0) (async)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @private1}, 0x80, 0x0, 0x0, &(0x7f00000003c0)=[@mark={{0x14, 0x1, 0x24, 0x7}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}], 0x30}, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[], 0x0, 0x26, 0x0, 0x1}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r2, 0x20, &(0x7f0000000100)={0x0, 0x0, <r3=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r3, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000180), 0x943, 0x0)
sync()
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305580000000000000000000008", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e00010069703665727370616e00000014000280060002003000000008000400ffffff1f"], 0x48}}, 0x0) (async)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="4800000010000305580000000000000000000008", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800e00010069703665727370616e00000014000280060002003000000008000400ffffff1f"], 0x48}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x13, 0x4, &(0x7f0000000000)=ANY=[@ANYRESOCT, @ANYRES32=r4], &(0x7f0000000080)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
socket$kcm(0x11, 0x200000000000002, 0x300) (async)
r6 = socket$kcm(0x11, 0x200000000000002, 0x300)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4) (async)
setsockopt$sock_attach_bpf(r6, 0x1, 0x32, &(0x7f0000000040)=r5, 0x4)
syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  560.029357][T11571] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  560.203714][T12102] veth0_vlan: entered promiscuous mode
[  560.512179][T11571] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.537886][T12102] veth1_vlan: entered promiscuous mode
[  560.574502][T12102] veth0_macvtap: entered promiscuous mode
[  560.687362][T11571] usb 5-1: config 0 descriptor??
[  560.705973][T12102] veth1_macvtap: entered promiscuous mode
[  560.775042][T12102] batman_adv: batadv0: Interface activated: batadv_slave_0
[  560.821420][T12102] batman_adv: batadv0: Interface activated: batadv_slave_1
[  560.849247][   T36] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.861969][   T36] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.894830][   T36] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.904775][   T36] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.960165][    T9] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  561.122997][T11571] arvo 0003:1E7D:30D4.0009: unknown main item tag 0x0
[  561.155931][T11571] arvo 0003:1E7D:30D4.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.4-1/input0
[  561.180478][   T64] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.188306][   T64] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.200267][    T9] usb 1-1: Using ep0 maxpacket: 16
[  561.227392][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  561.239499][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  561.284648][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  561.310988][T11508] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  561.355822][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  561.360172][    T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  561.366851][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  561.393599][    T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  561.440402][    T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  561.464469][    T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  561.480491][    T9] usb 1-1: Manufacturer: syz
[  561.496490][    T9] usb 1-1: config 0 descriptor??
[  561.534981][T11571] usb 5-1: USB disconnect, device number 63
[  561.573785][   T30] audit: type=1400 audit(1760817824.191:4458): avc:  denied  { getopt } for  pid=12276 comm="syz.5.1659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  561.690162][T11508] usb 2-1: Using ep0 maxpacket: 8
[  561.731427][T11508] usb 2-1: unable to get BOS descriptor or descriptor too short
[  561.933310][T12290] sd 0:0:1:0: PR command failed: 1026
[  561.938860][T12290] sd 0:0:1:0: Sense Key : Illegal Request [current] 
[  561.946115][T12290] sd 0:0:1:0: Add. Sense: Invalid command operation code
[  561.960228][   T30] audit: type=1400 audit(1760817824.541:4459): avc:  denied  { read write } for  pid=12285 comm="syz.6.1620" name="file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  562.126734][T11508] usb 2-1: config 0 has an invalid interface number: 248 but max is 0
[  562.135517][T11508] usb 2-1: config 0 has no interface number 0
[  562.142091][T11508] usb 2-1: config 0 interface 248 has no altsetting 0
[  562.149559][   T30] audit: type=1400 audit(1760817824.541:4460): avc:  denied  { open } for  pid=12285 comm="syz.6.1620" path="/0/file0/file0" dev="fuse" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  562.190498][   T30] audit: type=1400 audit(1760817824.551:4461): avc:  denied  { ioctl } for  pid=12285 comm="syz.6.1620" path="/0/file0/file0" dev="fuse" ino=3 ioctlcmd=0x70c9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  562.216819][T11508] usb 2-1: New USB device found, idVendor=16ab, idProduct=7811, bcdDevice=dd.b3
[  562.227245][    T9] rc_core: IR keymap rc-hauppauge not found
[  562.233995][T11508] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  562.242320][    T9] Registered IR keymap rc-empty
[  562.247804][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  562.255202][T11508] usb 2-1: Product: syz
[  562.280018][T11508] usb 2-1: Manufacturer: syz
[  562.290198][T11508] usb 2-1: SerialNumber: syz
[  562.300263][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  562.345729][T11508] usb 2-1: config 0 descriptor??
[  562.351869][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  562.368925][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input24
[  562.384571][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  562.416451][    C0] rc rc0: IR event FIFO is full!
[  562.421424][    C0] rc rc0: IR event FIFO is full!
[  562.426356][    C0] rc rc0: IR event FIFO is full!
[  562.431283][    C0] rc rc0: IR event FIFO is full!
[  562.436208][    C0] rc rc0: IR event FIFO is full!
[  562.441135][    C0] rc rc0: IR event FIFO is full!
[  562.446071][    C0] rc rc0: IR event FIFO is full!
[  562.451014][    C0] rc rc0: IR event FIFO is full!
[  562.455924][    C0] rc rc0: IR event FIFO is full!
[  562.460833][    C0] rc rc0: IR event FIFO is full!
[  562.465743][    C0] rc rc0: IR event FIFO is full!
[  562.470656][    C0] rc rc0: IR event FIFO is full!
[  562.477157][    C0] rc rc0: IR event FIFO is full!
[  562.482079][    C0] rc rc0: IR event FIFO is full!
[  562.486987][    C0] rc rc0: IR event FIFO is full!
[  562.491905][    C0] rc rc0: IR event FIFO is full!
[  562.496830][    C0] rc rc0: IR event FIFO is full!
[  562.501758][    C0] rc rc0: IR event FIFO is full!
[  562.507389][    C0] rc rc0: IR event FIFO is full!
[  562.512340][    C0] rc rc0: IR event FIFO is full!
[  562.517262][    C0] rc rc0: IR event FIFO is full!
[  562.522190][    C0] rc rc0: IR event FIFO is full!
[  562.527113][    C0] rc rc0: IR event FIFO is full!
[  562.532021][    C0] rc rc0: IR event FIFO is full!
[  562.536949][    C0] rc rc0: IR event FIFO is full!
[  562.542509][    C0] rc rc0: IR event FIFO is full!
[  562.547431][    C0] rc rc0: IR event FIFO is full!
[  562.552340][    C0] rc rc0: IR event FIFO is full!
[  562.557263][    C0] rc rc0: IR event FIFO is full!
[  562.562700][    C0] rc rc0: IR event FIFO is full!
[  562.567780][    C0] rc rc0: IR event FIFO is full!
[  562.572880][    C0] rc rc0: IR event FIFO is full!
[  562.577806][    C0] rc rc0: IR event FIFO is full!
[  562.582712][    C0] rc rc0: IR event FIFO is full!
[  562.587623][    C0] rc rc0: IR event FIFO is full!
[  562.592535][    C0] rc rc0: IR event FIFO is full!
[  562.600289][    C0] rc rc0: IR event FIFO is full!
[  562.605227][    C0] rc rc0: IR event FIFO is full!
[  562.610144][    C0] rc rc0: IR event FIFO is full!
[  562.615061][    C0] rc rc0: IR event FIFO is full!
[  562.619975][    C0] rc rc0: IR event FIFO is full!
[  562.625428][    C0] rc rc0: IR event FIFO is full!
[  562.630352][    C0] rc rc0: IR event FIFO is full!
[  562.635265][    C0] rc rc0: IR event FIFO is full!
[  562.640182][    C0] rc rc0: IR event FIFO is full!
[  562.684124][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  562.741112][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  562.920534][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  563.395650][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  563.430226][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  564.756469][T12305] overlay: Unknown parameter 'fowner'
[  564.770319][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  564.810213][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  564.845034][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  565.132672][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  565.220536][    T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  565.692067][    T9] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  565.720279][ T5819] Bluetooth: hci6: command 0x1003 tx timeout
[  565.728046][   T50] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  565.738077][    T9] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  565.840461][    T9] usb 1-1: USB disconnect, device number 80
[  565.867113][T11508] usb 2-1: Could not find all expected endpoints
[  565.886275][T11508] usb 2-1: USB disconnect, device number 42
[  566.121724][T12319] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12319 comm=syz.1.1667
[  566.306828][T12329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1670'.
[  566.318294][T12329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1670'.
[  566.488502][T12329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1670'.
[  566.498613][T12329] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1670'.
[  567.012369][T12331] overlayfs: failed to resolve './file0': -2
[  567.381969][T12338] overlay: Unknown parameter 'fowner'
[  569.325772][   T30] audit: type=1400 audit(1760817831.941:4462): avc:  denied  { name_bind } for  pid=12356 comm="syz.5.1682" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  570.410194][T11043] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  570.430164][T11508] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  570.470151][    T9] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  570.560178][T11043] usb 2-1: Using ep0 maxpacket: 16
[  570.566694][T11043] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  570.579971][T11043] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  570.587892][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1688'.
[  570.604414][T11043] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  570.606039][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1688'.
[  570.624979][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1688'.
[  570.635075][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1688'.
[  570.644099][T11043] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  570.644163][T11043] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  570.661416][T11043] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  570.677180][T12380] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1688'.
[  570.677732][T11043] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  570.696230][T11043] usb 2-1: Manufacturer: syz
[  570.725068][T11043] usb 2-1: config 0 descriptor??
[  570.741571][T11508] usb 7-1: config 220 has an invalid interface number: 76 but max is 2
[  570.750448][    T9] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  570.758920][T11508] usb 7-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  570.770285][    T9] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  570.795742][T11508] usb 7-1: config 220 has no interface number 2
[  570.802294][    T9] usb 5-1: config 220 has no interface number 2
[  570.816875][T11508] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  570.833716][    T9] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  570.849624][T11508] usb 7-1: config 220 interface 0 has no altsetting 0
[  570.856558][    T9] usb 5-1: config 220 interface 0 has no altsetting 0
[  570.863763][T11508] usb 7-1: config 220 interface 76 has no altsetting 0
[  570.870671][    T9] usb 5-1: config 220 interface 76 has no altsetting 0
[  570.877568][T11508] usb 7-1: config 220 interface 1 has no altsetting 0
[  570.884392][    T9] usb 5-1: config 220 interface 1 has no altsetting 0
[  570.900252][    T9] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  570.909841][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.918179][T11508] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  570.927680][T11508] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  570.935959][    T9] usb 5-1: Product: syz
[  570.940465][    T9] usb 5-1: Manufacturer: syz
[  570.969400][T11508] usb 7-1: Product: syz
[  570.974233][    T9] usb 5-1: SerialNumber: syz
[  571.002899][T11508] usb 7-1: Manufacturer: syz
[  571.018552][T11508] usb 7-1: SerialNumber: syz
[  571.090176][T11043] rc_core: IR keymap rc-hauppauge not found
[  571.097285][T11043] Registered IR keymap rc-empty
[  571.117491][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.141761][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.205028][T11043] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  571.239932][T11043] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input25
[  571.268395][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.272564][    T9] usb 5-1: selecting invalid altsetting 0
[  571.287417][T11508] usb 7-1: selecting invalid altsetting 0
[  571.311699][T11508] uvcvideo 7-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  571.319654][    T9] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  571.332825][T11508] uvcvideo 7-1:220.0: No valid video chain found.
[  571.339318][    T9] uvcvideo 5-1:220.0: No valid video chain found.
[  571.346246][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.372954][    T9] usb 5-1: selecting invalid altsetting 0
[  571.379355][T11508] usb 7-1: selecting invalid altsetting 0
[  571.401401][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.414194][    T9] usbtest 5-1:220.1: probe with driver usbtest failed with error -22
[  571.430725][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.437992][T11508] usbtest 7-1:220.1: probe with driver usbtest failed with error -22
[  571.460247][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.466244][T11508] usb 7-1: USB disconnect, device number 2
[  571.482538][    T9] usb 5-1: USB disconnect, device number 64
[  571.550204][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.603540][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.670249][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.691811][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.710670][T11043] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  571.732455][T11043] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  571.742353][T11043] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  571.794172][T11043] usb 2-1: USB disconnect, device number 43
[  571.937692][T12392] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1692'.
[  572.001639][ T5944] usb 1-1: new low-speed USB device number 81 using dummy_hcd
[  572.618247][T11508] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  572.633316][ T5944] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  572.641697][ T5944] usb 1-1: config 0 has no interface number 0
[  572.647892][ T5944] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  572.659527][ T5944] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  572.670355][    T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  572.677912][T12397] nvme_fabrics: missing parameter 'transport=%s'
[  572.685979][T12397] nvme_fabrics: missing parameter 'nqn=%s'
[  572.692752][ T5944] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  572.713090][ T5944] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  572.728085][ T5944] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  572.739064][ T5944] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  572.752261][ T5944] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  572.765860][ T5944] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  572.858922][ T5944] usb 1-1: config 0 descriptor??
[  572.865374][T11508] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  572.873687][T11508] usb 6-1: config 0 has no interface number 0
[  572.879982][T11508] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  572.891004][T11508] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  573.062251][T12387] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  573.204402][T12387] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  573.376660][ T5944] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  573.384899][T11508] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  573.397716][    T9] usb 7-1: Using ep0 maxpacket: 32
[  573.405304][T11508] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  573.417232][T11508] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  573.428184][T11508] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  573.441804][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  573.471564][T11508] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  573.481365][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  573.492335][T11508] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  573.501473][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  573.512914][T11508] usb 6-1: config 0 descriptor??
[  573.518081][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  573.529532][T12393] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  573.664988][T12393] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  573.672793][    T9] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  573.684851][T11508] ldusb 6-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  573.693102][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.704422][    T9] usb 7-1: Product: syz
[  573.708695][    T9] usb 7-1: Manufacturer: syz
[  573.714090][    T9] usb 7-1: SerialNumber: syz
[  573.733736][    T9] usb 7-1: config 0 descriptor??
[  574.170162][T11571] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  574.315154][ T5858] usb 7-1: USB disconnect, device number 3
[  574.324948][T11571] usb 5-1: unable to get BOS descriptor or descriptor too short
[  574.379838][T11571] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  574.926491][T11571] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  574.935622][T11571] usb 5-1: config 1 has no interface number 1
[  574.941849][T11571] usb 5-1: config 1 interface 2 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  574.955361][T11571] usb 5-1: config 1 interface 2 has no altsetting 0
[  574.964043][T11571] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  574.973675][T11571] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  574.981785][T11571] usb 5-1: Product: syz
[  574.986002][T11571] usb 5-1: Manufacturer: syz
[  574.990678][T11571] usb 5-1: SerialNumber: syz
[  575.155827][ T5858] usb 1-1: USB disconnect, device number 81
[  575.168248][ T5858] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  575.249542][T11571] usb 5-1: USB disconnect, device number 65
[  575.293412][T11934] udevd[11934]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  576.027850][    T9] usb 6-1: USB disconnect, device number 8
[  576.068819][    T9] ldusb 6-1:0.55: LD USB Device #1 now disconnected
[  577.136332][   T30] audit: type=1400 audit(1760817839.751:4463): avc:  denied  { ioctl } for  pid=12420 comm="syz.4.1700" path="socket:[36412]" dev="sockfs" ino=36412 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  577.490526][T12437] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1702'.
[  577.555785][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1702'.
[  577.611741][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1702'.
[  577.668206][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1702'.
[  577.693186][T12433] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1702'.
[  577.711650][T12438] 9pnet: Could not find request transport: fdÉ&ÙšõA‹þŽ
[  578.745446][T12452] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1708'.
[  578.990462][ T5858] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  579.140626][ T5858] usb 6-1: device descriptor read/64, error -71
[  579.413351][ T5858] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  579.460435][T11043] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  579.570232][ T5858] usb 6-1: device descriptor read/64, error -71
[  579.750517][ T5858] usb usb6-port1: attempt power cycle
[  579.760152][T11043] usb 1-1: unable to get BOS descriptor or descriptor too short
[  579.790651][T11043] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  579.802881][T11043] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  579.838506][T11043] usb 1-1: config 1 has no interface number 1
[  579.845545][T11043] usb 1-1: config 1 interface 2 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  579.874994][T11043] usb 1-1: config 1 interface 2 has no altsetting 0
[  579.978794][T12471] overlayfs: failed to resolve './file1': -2
[  580.076731][T11043] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  580.085895][T11043] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.094101][T11043] usb 1-1: Product: syz
[  580.098275][T11043] usb 1-1: Manufacturer: syz
[  580.110195][T11571] usb 2-1: new low-speed USB device number 44 using dummy_hcd
[  580.130138][ T5858] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  580.156281][T11043] usb 1-1: SerialNumber: syz
[  580.178064][ T5858] usb 6-1: device descriptor read/8, error -71
[  580.240207][T11508] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  580.321906][T11571] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10
[  580.338346][T11571] usb 2-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  580.349094][T11571] usb 2-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  580.371169][T11571] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  580.394060][T11508] usb 5-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  580.406924][T11508] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.427804][T11508] usb 5-1: Product: syz
[  580.436219][T11508] usb 5-1: Manufacturer: syz
[  580.445340][T11508] usb 5-1: SerialNumber: syz
[  580.451415][ T5858] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  580.471426][T11043] usb 1-1: USB disconnect, device number 82
[  580.491198][ T5858] usb 6-1: device descriptor read/8, error -71
[  580.527751][T11934] udevd[11934]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  580.610666][ T5858] usb usb6-port1: unable to enumerate USB device
[  580.647492][   T30] audit: type=1400 audit(1760817843.261:4464): avc:  denied  { create } for  pid=12467 comm="syz.1.1712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  580.678479][   T30] audit: type=1400 audit(1760817843.291:4465): avc:  denied  { getopt } for  pid=12467 comm="syz.1.1712" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  581.000761][ T5986] block nbd4: Possible stuck request ffff888026840000: control (read@0,1024B). Runtime 90 seconds
[  581.011601][ T5986] block nbd4: Possible stuck request ffff8880268401c0: control (read@1024,1024B). Runtime 90 seconds
[  581.024694][ T5986] block nbd4: Possible stuck request ffff888026840380: control (read@2048,1024B). Runtime 90 seconds
[  581.036187][ T5986] block nbd4: Possible stuck request ffff888026840540: control (read@3072,1024B). Runtime 90 seconds
[  582.684519][   T30] audit: type=1326 audit(1760817845.301:4466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12498 comm="syz.0.1721" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0626d8efc9 code=0x0
[  582.732216][T11508] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPIPE
[  582.799434][T12501] rdma_rxe: rxe_newlink: failed to add lo
[  583.006328][T12505] overlay: Unknown parameter 'fowner'
[  583.185116][T11571] usb 2-1: string descriptor 0 read error: -71
[  583.196351][T11571] hub 2-1:32.0: USB hub found
[  583.224914][T11571] hub 2-1:32.0: config failed, can't read hub descriptor (err -22)
[  583.820994][T12470] netlink: 'syz.4.1714': attribute type 4 has an invalid length.
[  583.834684][T11571] usb 2-1: USB disconnect, device number 44
[  584.325418][T11508] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00001020. ret = -EPROTO
[  584.339886][T11508] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x0000011c. ret = -EPROTO
[  584.360289][T11508] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  584.403749][T11508] lan78xx 5-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  584.419843][T11508] lan78xx 5-1:1.0: probe with driver lan78xx failed with error -71
[  584.444318][T11508] usb 5-1: USB disconnect, device number 66
[  585.074136][T12526] netlink: 'syz.6.1728': attribute type 3 has an invalid length.
[  585.954310][T12534] netlink: 'syz.0.1731': attribute type 3 has an invalid length.
[  586.407727][T12537] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1730'.
[  587.370210][T11043] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  588.501951][T11043] usb 6-1: device descriptor read/64, error -71
[  588.682533][ T5819] Bluetooth: hci6: command 0x1003 tx timeout
[  588.712069][   T50] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  588.764867][T12554] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12554 comm=syz.4.1736
[  588.780146][T11508] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  588.799092][T11043] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  589.020181][T11508] usb 1-1: Using ep0 maxpacket: 32
[  589.100576][T12561] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1739'.
[  589.152643][T11508] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  589.164371][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  589.178947][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  589.189056][T11508] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  589.200695][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  589.211617][T11508] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  589.226626][T11508] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  589.238053][T11508] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  589.249354][T12560] FAULT_INJECTION: forcing a failure.
[  589.249354][T12560] name failslab, interval 1, probability 0, space 0, times 0
[  589.262625][T11508] usb 1-1: Product: syz
[  589.266854][T12560] CPU: 0 UID: 0 PID: 12560 Comm: syz.5.1738 Not tainted syzkaller #0 PREEMPT(full) 
[  589.266876][T12560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  589.266887][T12560] Call Trace:
[  589.266892][T12560]  <TASK>
[  589.266898][T12560]  dump_stack_lvl+0x16c/0x1f0
[  589.266924][T12560]  should_fail_ex+0x512/0x640
[  589.266945][T12560]  ? __kmalloc_noprof+0xca/0x880
[  589.266964][T12560]  should_failslab+0xc2/0x120
[  589.266990][T12560]  __kmalloc_noprof+0xdd/0x880
[  589.267008][T12560]  ? unregister_netdevice_many_notify+0x60c/0x25c0
[  589.267038][T12560]  ? unregister_netdevice_many_notify+0x60c/0x25c0
[  589.267061][T12560]  unregister_netdevice_many_notify+0x60c/0x25c0
[  589.267086][T12560]  ? __pfx___might_resched+0x10/0x10
[  589.267106][T12560]  ? trace_contention_end+0xdd/0x130
[  589.267130][T12560]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  589.267154][T12560]  ? proc_fail_nth_write+0x9f/0x220
[  589.267178][T12560]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  589.267208][T12560]  ? __fsnotify_parent+0x24b/0xc40
[  589.267234][T12560]  ? __pfx___mutex_lock+0x10/0x10
[  589.267261][T12560]  unregister_netdevice_queue+0x305/0x3f0
[  589.267285][T12560]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  589.267310][T12560]  ? __pfx_locks_remove_file+0x10/0x10
[  589.267338][T12560]  ? __pfx_ppp_release+0x10/0x10
[  589.267355][T12560]  ppp_release+0x209/0x230
[  589.267373][T12560]  __fput+0x402/0xb70
[  589.267396][T12560]  fput_close_sync+0x118/0x210
[  589.267414][T12560]  ? __pfx_fput_close_sync+0x10/0x10
[  589.267428][T12560]  ? dnotify_flush+0x79/0x4c0
[  589.267450][T12560]  __x64_sys_close+0x8b/0x120
[  589.267469][T12560]  do_syscall_64+0xcd/0xfa0
[  589.267492][T12560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  589.267509][T12560] RIP: 0033:0x7f131f98efc9
[  589.267524][T12560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  589.267541][T12560] RSP: 002b:00007f132083f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  589.267558][T12560] RAX: ffffffffffffffda RBX: 00007f131fbe5fa0 RCX: 00007f131f98efc9
[  589.267570][T12560] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  589.267579][T12560] RBP: 00007f132083f090 R08: 0000000000000000 R09: 0000000000000000
[  589.267589][T12560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  589.267599][T12560] R13: 00007f131fbe6038 R14: 00007f131fbe5fa0 R15: 00007fff7b0f0238
[  589.267625][T12560]  </TASK>
[  589.268093][T11508] usb 1-1: Manufacturer: syz
[  589.447437][   T30] audit: type=1326 audit(1760817852.061:4467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12570 comm="syz.6.1742" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0e958efc9 code=0x0
[  589.546867][T11508] usb 1-1: SerialNumber: syz
[  589.560778][T12564] veth0_to_hsr: entered allmulticast mode
[  589.595973][T11508] usb 1-1: config 0 descriptor??
[  589.605929][T12576] rdma_rxe: rxe_newlink: failed to add lo
[  589.909107][ T5858] usb 1-1: USB disconnect, device number 83
[  590.819499][   T30] audit: type=1400 audit(1760817853.431:4468): avc:  denied  { create } for  pid=12592 comm="syz.5.1747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  591.020199][T11043] usb 2-1: new low-speed USB device number 45 using dummy_hcd
[  591.026948][T12597] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1748'.
[  591.490179][ T5858] usb 1-1: new low-speed USB device number 84 using dummy_hcd
[  591.532726][T11043] usb 2-1: config 0 has an invalid interface number: 55 but max is 0
[  591.543663][T11043] usb 2-1: config 0 has no interface number 0
[  591.549785][T11043] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  591.561416][T11043] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  591.572082][T11043] usb 2-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  591.580224][T11508] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  591.583861][T11043] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  591.602473][T11043] usb 2-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  591.613609][T11043] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  591.616091][T12601] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12601 comm=syz.4.1750
[  591.627041][T11043] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  591.649053][T11043] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.664559][T11043] usb 2-1: config 0 descriptor??
[  591.673729][T12590] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  591.674116][ T5858] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  591.683363][T12590] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  591.689068][ T5858] usb 1-1: config 0 has no interface number 0
[  591.702758][ T5858] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  591.714298][ T5858] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  591.729121][ T5858] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  591.731067][T11508] usb 6-1: device descriptor read/64, error -71
[  591.741459][T11043] ldusb 2-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  591.759768][ T5858] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  591.771400][ T5858] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  591.786193][ T5858] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  591.799434][ T5858] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  591.808471][ T5858] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  591.825663][ T5858] usb 1-1: config 0 descriptor??
[  591.831406][T12594] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  591.838605][T12594] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  591.850906][ T5858] ldusb 1-1:0.55: LD USB Device #1 now attached to major 180 minor 1
[  592.529889][T11508] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  592.690267][T11508] usb 6-1: device descriptor read/64, error -71
[  593.081869][T11508] usb usb6-port1: attempt power cycle
[  593.430266][T11508] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  593.544400][T11508] usb 6-1: device descriptor read/8, error -71
[  594.730402][T11508] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  595.555417][   T10] usb 1-1: USB disconnect, device number 84
[  595.566837][   T10] ldusb 1-1:0.55: LD USB Device #1 now disconnected
[  595.574544][T11043] usb 2-1: USB disconnect, device number 45
[  595.692144][T11043] ldusb 2-1:0.55: LD USB Device #0 now disconnected
[  595.740288][T11508] usb 6-1: device not accepting address 18, error -71
[  595.757357][T11508] usb usb6-port1: unable to enumerate USB device
[  599.103583][T12669] overlayfs: failed to resolve './file0': -2
[  599.484624][T12673] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1768'.
[  599.730130][    T9] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  599.950232][    T9] usb 5-1: device descriptor read/64, error -71
[  600.250834][    T9] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  600.413871][T12684] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1772'.
[  600.480297][T12686] netlink: 116 bytes leftover after parsing attributes in process `syz.1.1772'.
[  600.820393][   T30] audit: type=1400 audit(1760817863.121:4469): avc:  denied  { accept } for  pid=12678 comm="syz.0.1771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  600.990433][    T9] usb 5-1: device descriptor read/64, error -71
[  601.040942][T11508] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  601.112154][    T9] usb usb5-port1: attempt power cycle
[  601.212445][T11508] usb 6-1: unable to get BOS descriptor or descriptor too short
[  601.221196][T11508] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  601.231878][T11508] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  601.241679][T11508] usb 6-1: config 1 has no interface number 1
[  601.247843][T11508] usb 6-1: config 1 interface 2 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  601.261285][T11508] usb 6-1: config 1 interface 2 has no altsetting 0
[  601.271482][T11508] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  601.285383][T11508] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  601.293718][T11508] usb 6-1: Product: syz
[  601.298008][T11508] usb 6-1: Manufacturer: syz
[  601.303185][T11508] usb 6-1: SerialNumber: syz
[  601.460405][    T9] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  601.811837][    T9] usb 5-1: device descriptor read/8, error -71
[  601.852103][T11508] usb 6-1: USB disconnect, device number 19
[  601.909711][T11934] udevd[11934]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  601.997069][   T30] audit: type=1400 audit(1760817864.611:4470): avc:  denied  { read } for  pid=12696 comm="syz.0.1776" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  602.030150][   T30] audit: type=1400 audit(1760817864.611:4471): avc:  denied  { open } for  pid=12696 comm="syz.0.1776" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  602.053830][    C0] vkms_vblank_simulate: vblank timer overrun
[  602.166749][    T9] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  602.210452][   T30] audit: type=1400 audit(1760817864.611:4472): avc:  denied  { ioctl } for  pid=12696 comm="syz.0.1776" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x9408 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  602.335783][    T9] usb 5-1: device descriptor read/8, error -71
[  602.379224][   T30] audit: type=1400 audit(1760817864.991:4473): avc:  denied  { setopt } for  pid=12707 comm="syz.5.1779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  602.460380][    T9] usb usb5-port1: unable to enumerate USB device
[  603.582555][T12727] netlink: 80 bytes leftover after parsing attributes in process `syz.5.1784'.
[  603.610004][   T30] audit: type=1400 audit(1760817866.221:4474): avc:  denied  { setopt } for  pid=12711 comm="syz.4.1781" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  603.638150][   T30] audit: type=1400 audit(1760817866.251:4475): avc:  denied  { map } for  pid=12723 comm="syz.6.1783" path="socket:[37369]" dev="sockfs" ino=37369 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  603.641563][T12727] netlink: 116 bytes leftover after parsing attributes in process `syz.5.1784'.
[  603.721039][   T30] audit: type=1400 audit(1760817866.251:4476): avc:  denied  { read } for  pid=12723 comm="syz.6.1783" path="socket:[37369]" dev="sockfs" ino=37369 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  604.709427][T12751] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1791'.
[  605.116771][T12754] FAULT_INJECTION: forcing a failure.
[  605.116771][T12754] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  605.130136][T12754] CPU: 0 UID: 0 PID: 12754 Comm: syz.1.1792 Not tainted syzkaller #0 PREEMPT(full) 
[  605.130159][T12754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  605.130169][T12754] Call Trace:
[  605.130175][T12754]  <TASK>
[  605.130183][T12754]  dump_stack_lvl+0x16c/0x1f0
[  605.130211][T12754]  should_fail_ex+0x512/0x640
[  605.130236][T12754]  _copy_from_user+0x2e/0xd0
[  605.130259][T12754]  input_event_from_user+0x133/0x3b0
[  605.130285][T12754]  ? __pfx_input_event_from_user+0x10/0x10
[  605.130302][T12754]  ? __pfx___might_resched+0x10/0x10
[  605.130313][T12754]  ? input_inject_event+0x1c0/0x3b0
[  605.130330][T12754]  evdev_write+0x37b/0x750
[  605.130348][T12754]  ? __pfx_evdev_write+0x10/0x10
[  605.130364][T12754]  ? bpf_lsm_file_permission+0x9/0x10
[  605.130379][T12754]  ? security_file_permission+0x71/0x210
[  605.130397][T12754]  ? rw_verify_area+0xcf/0x6c0
[  605.130410][T12754]  ? __pfx_evdev_write+0x10/0x10
[  605.130425][T12754]  vfs_write+0x2a0/0x11d0
[  605.130441][T12754]  ? __pfx_vfs_write+0x10/0x10
[  605.130454][T12754]  ? find_held_lock+0x2b/0x80
[  605.130477][T12754]  ? __fget_files+0x204/0x3c0
[  605.130494][T12754]  ? __fget_files+0x20e/0x3c0
[  605.130513][T12754]  ksys_write+0x1f8/0x250
[  605.130526][T12754]  ? __pfx_ksys_write+0x10/0x10
[  605.130544][T12754]  do_syscall_64+0xcd/0xfa0
[  605.130559][T12754]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.130570][T12754] RIP: 0033:0x7fae7bd8efc9
[  605.130580][T12754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.130590][T12754] RSP: 002b:00007fae7cbeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  605.130601][T12754] RAX: ffffffffffffffda RBX: 00007fae7bfe6090 RCX: 00007fae7bd8efc9
[  605.130608][T12754] RDX: 0000000000002250 RSI: 0000200000000040 RDI: 0000000000000003
[  605.130614][T12754] RBP: 00007fae7cbeb090 R08: 0000000000000000 R09: 0000000000000000
[  605.130620][T12754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  605.130630][T12754] R13: 00007fae7bfe6128 R14: 00007fae7bfe6090 R15: 00007ffdc4131c98
[  605.130645][T12754]  </TASK>
[  605.130764][T11508] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  605.792065][  T195] Bluetooth: Error in BCSP hdr checksum
[  606.774217][T11508] usb 7-1: device descriptor read/64, error -71
[  607.080304][T11508] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  607.508368][   T30] audit: type=1400 audit(1760817870.121:4477): avc:  denied  { write } for  pid=12765 comm="syz.0.1796" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  607.550878][T11508] usb 7-1: device descriptor read/64, error -71
[  607.561656][   T50] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  607.681948][T12767] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1796'.
[  607.797777][T11508] usb usb7-port1: attempt power cycle
[  608.226356][T12767] Process accounting resumed
[  608.270148][    T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  608.375305][T11508] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  608.431444][T11508] usb 7-1: Using ep0 maxpacket: 32
[  608.450185][T11508] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  608.462227][T11508] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  608.474319][T11508] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.500234][    T9] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  608.500246][T11043] usb 5-1: new low-speed USB device number 71 using dummy_hcd
[  608.525107][T11508] usb 7-1: Product: syz
[  608.549649][    T9] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  608.558623][T11508] usb 7-1: Manufacturer: syz
[  608.563524][T11508] usb 7-1: SerialNumber: syz
[  608.568678][    T9] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  608.621342][T11508] usb 7-1: config 0 descriptor??
[  608.630256][    T9] usb 6-1: config 220 has no interface number 2
[  608.637108][    T9] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  608.682549][    T9] usb 6-1: config 220 interface 0 has no altsetting 0
[  608.689323][    T9] usb 6-1: config 220 interface 76 has no altsetting 0
[  608.691415][T11043] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  608.706395][T11043] usb 5-1: config 0 has no interface number 0
[  608.706428][    T9] usb 6-1: config 220 interface 1 has no altsetting 0
[  608.729946][T11043] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  608.748071][    T9] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  608.760696][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  608.768753][T11043] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  608.778894][    T9] usb 6-1: Product: syz
[  608.788989][T11043] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  608.799158][    T9] usb 6-1: Manufacturer: syz
[  608.805199][    T9] usb 6-1: SerialNumber: syz
[  608.820038][T11043] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  608.837858][T11043] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  608.854331][T12794] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12794 comm=syz.0.1806
[  608.888186][ T1206] usb 7-1: USB disconnect, device number 6
[  608.906470][T11043] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  608.921497][T11043] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  608.931268][T11043] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  608.954099][T11043] usb 5-1: config 0 descriptor??
[  608.959748][T12784] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  608.967916][T12784] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  609.096899][T11043] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  609.117361][    T9] uvcvideo 6-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  609.573007][T12803] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1809'.
[  609.609269][    T9] uvcvideo 6-1:220.0: No valid video chain found.
[  609.633886][    T9] usb 6-1: USB disconnect, device number 20
[  609.910457][ T1206] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  610.360112][ T1206] usb 1-1: device descriptor read/64, error -71
[  610.734180][ T1206] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  610.962079][T11571] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  611.040213][ T1206] usb 1-1: device descriptor read/64, error -71
[  611.081318][ T5986] block nbd4: Possible stuck request ffff888026840000: control (read@0,1024B). Runtime 120 seconds
[  611.092813][ T5986] block nbd4: Possible stuck request ffff8880268401c0: control (read@1024,1024B). Runtime 120 seconds
[  611.103898][ T5986] block nbd4: Possible stuck request ffff888026840380: control (read@2048,1024B). Runtime 120 seconds
[  611.114989][ T5986] block nbd4: Possible stuck request ffff888026840540: control (read@3072,1024B). Runtime 120 seconds
[  611.133007][T11571] usb 7-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  611.155706][T11571] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.164671][ T1206] usb usb1-port1: attempt power cycle
[  611.324877][T11043] usb 5-1: USB disconnect, device number 71
[  611.335501][T11571] usb 7-1: config 0 descriptor??
[  611.619066][T11043] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  611.628361][T12830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12830 comm=syz.4.1818
[  611.685878][T11571] gspca_main: cpia1-2.14.0 probing 0813:0001
[  611.772996][T12835] overlayfs: failed to resolve './file0': -2
[  611.874658][ T1206] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  611.900671][ T1206] usb 1-1: device descriptor read/8, error -71
[  611.913070][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1820'.
[  611.948648][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1820'.
[  611.959396][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1820'.
[  611.972530][T12838] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1820'.
[  612.004822][T12838] netlink: 'syz.4.1820': attribute type 3 has an invalid length.
[  612.146258][   T30] audit: type=1400 audit(1760817874.761:4478): avc:  denied  { watch watch_reads } for  pid=12817 comm="syz.6.1815" path="/35/file0" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  612.199146][T11571] cpia1 7-1:0.0: unexpected state after lo power cmd: 00
[  612.427537][T11571] gspca_cpia1: usb_control_msg 01, error -71
[  612.448676][T11571] cpia1 7-1:0.0: only firmware version 1 is supported (got: 0)
[  613.234295][T11571] usb 7-1: USB disconnect, device number 7
[  614.321168][T12856] syz.5.1827: vmalloc error: size 16777216, failed to allocated page array size 32768, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  614.350244][T12856] CPU: 0 UID: 0 PID: 12856 Comm: syz.5.1827 Not tainted syzkaller #0 PREEMPT(full) 
[  614.350271][T12856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  614.350281][T12856] Call Trace:
[  614.350287][T12856]  <TASK>
[  614.350294][T12856]  dump_stack_lvl+0x16c/0x1f0
[  614.350322][T12856]  warn_alloc+0x248/0x3a0
[  614.350346][T12856]  ? __pfx_warn_alloc+0x10/0x10
[  614.350375][T12856]  ? packet_set_ring+0xb4c/0x17e0
[  614.350393][T12856]  ? __vmalloc_node_noprof+0xad/0xf0
[  614.350436][T12856]  __vmalloc_node_range_noprof+0xfe2/0x1480
[  614.350473][T12856]  ? packet_set_ring+0xb4c/0x17e0
[  614.350499][T12856]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  614.350527][T12856]  ? alloc_pages_mpol+0x25a/0x550
[  614.350554][T12856]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  614.350579][T12856]  ? rcu_is_watching+0x12/0xc0
[  614.350603][T12856]  ? packet_set_ring+0xb4c/0x17e0
[  614.350617][T12856]  __vmalloc_node_noprof+0xad/0xf0
[  614.350645][T12856]  ? packet_set_ring+0xb4c/0x17e0
[  614.350662][T12856]  packet_set_ring+0xb4c/0x17e0
[  614.350688][T12856]  packet_setsockopt+0x121b/0x33c0
[  614.350710][T12856]  ? sock_has_perm+0x259/0x2f0
[  614.350733][T12856]  ? __pfx_packet_setsockopt+0x10/0x10
[  614.350750][T12856]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[  614.350770][T12856]  ? __pfx_selinux_netlbl_socket_setsockopt+0x10/0x10
[  614.350790][T12856]  ? find_held_lock+0x2b/0x80
[  614.350804][T12856]  ? selinux_socket_setsockopt+0x6a/0x80
[  614.350818][T12856]  ? __pfx_packet_setsockopt+0x10/0x10
[  614.350831][T12856]  do_sock_setsockopt+0xf3/0x1d0
[  614.350849][T12856]  __sys_setsockopt+0x1a0/0x230
[  614.350865][T12856]  __x64_sys_setsockopt+0xbd/0x160
[  614.350877][T12856]  ? do_syscall_64+0x91/0xfa0
[  614.350891][T12856]  ? lockdep_hardirqs_on+0x7c/0x110
[  614.350904][T12856]  do_syscall_64+0xcd/0xfa0
[  614.350919][T12856]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.350931][T12856] RIP: 0033:0x7f131f98efc9
[  614.350942][T12856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.350953][T12856] RSP: 002b:00007f132083f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  614.350964][T12856] RAX: ffffffffffffffda RBX: 00007f131fbe5fa0 RCX: 00007f131f98efc9
[  614.350971][T12856] RDX: 0000000000000005 RSI: 0000000000000107 RDI: 0000000000000005
[  614.350978][T12856] RBP: 00007f131fa11f91 R08: 000000000000001c R09: 0000000000000000
[  614.350984][T12856] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000000
[  614.350991][T12856] R13: 00007f131fbe6038 R14: 00007f131fbe5fa0 R15: 00007fff7b0f0238
[  614.351006][T12856]  </TASK>
[  614.875424][T12856] Mem-Info:
[  614.878555][T12856] active_anon:19826 inactive_anon:0 isolated_anon:0
[  614.878555][T12856]  active_file:17590 inactive_file:40841 isolated_file:0
[  614.878555][T12856]  unevictable:784 dirty:365 writeback:0
[  614.878555][T12856]  slab_reclaimable:12305 slab_unreclaimable:104335
[  614.878555][T12856]  mapped:44270 shmem:9717 pagetables:1532
[  614.878555][T12856]  sec_pagetables:0 bounce:0
[  614.878555][T12856]  kernel_misc_reclaimable:0
[  614.878555][T12856]  free:1254774 free_pcp:17463 free_cma:0
[  615.001045][T12856] Node 0 active_anon:73404kB inactive_anon:0kB active_file:70336kB inactive_file:163160kB unevictable:1600kB isolated(anon):0kB isolated(file):0kB mapped:176556kB dirty:1460kB writeback:0kB shmem:30732kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13068kB pagetables:5952kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  615.223575][T12856] Node 1 active_anon:0kB inactive_anon:0kB active_file:24kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:24kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:276kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  615.296373][T12856] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  615.337012][T12869] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12869 comm=syz.1.1830
[  615.358096][T12856] lowmem_reserve[]: 0 2481 2483 2483 2483
[  615.368214][T12856] Node 0 DMA32 free:1154568kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:60804kB inactive_anon:0kB active_file:70336kB inactive_file:163160kB unevictable:1600kB writepending:1660kB zspages:8kB present:3129332kB managed:2541316kB mlocked:64kB bounce:0kB free_pcp:50544kB local_pcp:22816kB free_cma:0kB
[  615.783936][T12856] lowmem_reserve[]: 0 0 1 1 1
[  615.852732][T12856] Node 0 Normal free:0kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  615.901961][T12881] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1831'.
[  616.110406][T12856] lowmem_reserve[]: 0 0 0 0 0
[  616.122417][T12856] Node 1 Normal free:3855280kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:24kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:35008kB local_pcp:16832kB free_cma:0kB
[  616.366929][T12856] lowmem_reserve[]: 0 0 0 0 0
[  616.551346][T12856] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  616.580424][ T5944] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  616.614216][T12856] Node 0 DMA32: 515*4kB (ME) 144*8kB (UM) 210*16kB (UME) 238*32kB (ME) 84*64kB (UME) 51*128kB (UME) 71*256kB (UM) 30*512kB (UM) 22*1024kB (UM) 7*2048kB (UME) 258*4096kB (M) = 1153260kB
[  616.668177][T12856] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  616.696390][T12856] Node 1 Normal: 10*4kB (UME) 17*8kB (UME) 18*16kB (UME) 17*32kB (UME) 19*64kB (UME) 8*128kB (UME) 11*256kB (UM) 10*512kB (UM) 4*1024kB (UE) 5*2048kB (UE) 935*4096kB (UM) = 3855280kB
[  616.742224][ T5944] usb 7-1: Using ep0 maxpacket: 32
[  616.758475][ T5944] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  616.782142][T11508] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  616.800546][ T6051] Bluetooth: Error in BCSP hdr checksum
[  616.990401][ T5944] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  617.013521][T12856] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  617.057038][ T5944] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  617.067899][ T6051] Bluetooth: Error in BCSP hdr checksum
[  617.073964][T11508] usb 2-1: Using ep0 maxpacket: 32
[  617.087275][T12856] Node 0 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  617.102691][T11508] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  617.116948][ T5944] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  617.147991][T11508] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  617.234060][ T5944] usb 7-1: Product: syz
[  617.772532][T12856] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  617.790134][ T5944] usb 7-1: Manufacturer: syz
[  617.794769][ T5944] usb 7-1: SerialNumber: syz
[  617.794878][T12856] Node 1 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  617.808666][T11508] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  617.808692][T11508] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  617.808714][T11508] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  617.842552][T12856] 63907 total pagecache pages
[  617.847225][T12856] 0 pages in swap cache
[  617.853199][ T5944] usb 7-1: rejected 1 configuration due to insufficient available bus power
[  617.865887][T12856] Free swap  = 124996kB
[  617.870029][T12856] Total swap = 124996kB
[  617.875957][ T5944] usb 7-1: no configuration chosen from 1 choice
[  617.889140][T12856] 2097051 pages RAM
[  617.901965][T12856] 0 pages HighMem/MovableOnly
[  617.915617][T12856] 429696 pages reserved
[  617.920543][T11508] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  617.939118][T12856] 0 pages cma reserved
[  617.952974][T11508] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  617.962956][T11508] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.188292][T11508] usb 2-1: Product: syz
[  618.200192][T11508] usb 2-1: Manufacturer: syz
[  618.205278][T12894] netlink: 'syz.4.1838': attribute type 3 has an invalid length.
[  618.213211][T11508] usb 2-1: SerialNumber: syz
[  618.230416][T11508] usb 2-1: config 0 descriptor??
[  618.362466][   T30] audit: type=1400 audit(1760817880.981:4479): avc:  denied  { map } for  pid=12899 comm="syz.5.1840" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  618.364867][T12900] binder: 12899:12900 ioctl c0306201 2000000001c0 returned -14
[  618.386785][   T30] audit: type=1400 audit(1760817880.981:4480): avc:  denied  { execute } for  pid=12899 comm="syz.5.1840" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  618.441530][T11508] usb 7-1: USB disconnect, device number 8
[  618.456174][   T30] audit: type=1400 audit(1760817880.981:4481): avc:  denied  { ioctl } for  pid=12899 comm="syz.5.1840" path="/dev/binderfs/binder0" dev="binder" ino=43 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  618.523923][ T5944] usb 2-1: USB disconnect, device number 46
[  618.611148][   T50] Bluetooth: hci6: command 0x1003 tx timeout
[  618.762688][ T5819] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  619.785851][T12912] CUSE: unknown device info ""
[  619.802396][T12912] CUSE: zero length info key specified
[  619.814059][T12914] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12914 comm=syz.0.1844
[  620.980579][   T30] audit: type=1326 audit(1760817883.601:4482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12920 comm="syz.1.1846" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae7bd8efc9 code=0x0
[  621.087639][T12929] s
z1: rxe_newlink: already configured on lo
[  621.695046][   T30] audit: type=1400 audit(1760817884.311:4483): avc:  denied  { mount } for  pid=12926 comm="syz.0.1849" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  621.780129][ T1206] usb 6-1: new low-speed USB device number 21 using dummy_hcd
[  622.013186][ T1206] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  622.066974][ T1206] usb 6-1: config 0 has no interface number 0
[  622.071412][T12947] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1852'.
[  622.129168][ T1206] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  622.193855][ T1206] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  622.211091][ T1206] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  622.225347][ T1206] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  622.238743][ T1206] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  622.305935][ T1206] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  622.352676][ T1206] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  622.371350][    T9] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  622.372409][ T1206] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.495314][ T1206] usb 6-1: config 0 descriptor??
[  622.511439][T12935] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  622.527047][T12935] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  622.541647][ T1206] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  622.630322][    T9] usb 5-1: Using ep0 maxpacket: 32
[  622.636980][    T9] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  622.647367][    T9] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  622.658880][    T9] usb 5-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  622.668991][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  622.677103][    T9] usb 5-1: Product: syz
[  622.681545][    T9] usb 5-1: Manufacturer: syz
[  622.686165][    T9] usb 5-1: SerialNumber: syz
[  622.692511][    T9] usb 5-1: rejected 1 configuration due to insufficient available bus power
[  622.701377][    T9] usb 5-1: no configuration chosen from 1 choice
[  622.790186][T11571] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[  623.305587][T11571] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  623.319525][T11571] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  623.329233][T11571] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  623.340182][T11571] usb 1-1: config 220 has no interface number 2
[  623.347033][T11571] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  623.360499][T11571] usb 1-1: config 220 interface 0 has no altsetting 0
[  623.367418][T11571] usb 1-1: config 220 interface 76 has no altsetting 0
[  623.376970][T11571] usb 1-1: config 220 interface 1 has no altsetting 0
[  623.392719][T11571] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  623.403130][T11571] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  623.411656][T11571] usb 1-1: Product: syz
[  623.416201][T11571] usb 1-1: Manufacturer: syz
[  623.421100][T11571] usb 1-1: SerialNumber: syz
[  623.680552][ T5944] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  623.795307][T11571] usb 1-1: selecting invalid altsetting 0
[  623.806417][T11571] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  623.814131][T11571] uvcvideo 1-1:220.0: No valid video chain found.
[  623.841167][ T5944] usb 7-1: Using ep0 maxpacket: 32
[  623.856604][T11571] usb 1-1: selecting invalid altsetting 0
[  623.862597][T11571] usbtest 1-1:220.1: probe with driver usbtest failed with error -22
[  623.872066][ T5944] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  623.875548][T11571] usb 1-1: USB disconnect, device number 89
[  623.893117][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  623.971389][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  624.008744][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  624.033353][ T5944] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  624.045642][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  624.058260][ T5944] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  624.092209][ T5944] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  624.109100][ T5944] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  624.117450][ T5944] usb 7-1: Product: syz
[  624.121887][ T5944] usb 7-1: Manufacturer: syz
[  624.126581][ T5944] usb 7-1: SerialNumber: syz
[  624.135954][ T5944] usb 7-1: config 0 descriptor??
[  624.195211][T12966] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12966 comm=syz.1.1859
[  624.330556][T11571] usb 6-1: USB disconnect, device number 21
[  624.376262][T11571] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  624.537246][ T5878] usb 7-1: USB disconnect, device number 9
[  624.735857][   T30] audit: type=1400 audit(1760817887.351:4484): avc:  denied  { bind } for  pid=12973 comm="syz.5.1862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  624.847862][   T30] audit: type=1400 audit(1760817887.351:4485): avc:  denied  { connect } for  pid=12973 comm="syz.5.1862" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  624.969000][T11508] usb 5-1: USB disconnect, device number 72
[  625.114984][T12983] overlayfs: failed to resolve './file0': -2
[  625.150132][T11571] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  625.400201][T11571] usb 6-1: Using ep0 maxpacket: 8
[  625.424865][T11571] usb 6-1: unable to get BOS descriptor or descriptor too short
[  625.932186][T11571] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  625.945358][T11571] usb 6-1: config 0 has no interfaces?
[  625.953424][T11571] usb 6-1: New USB device found, idVendor=6d79, idProduct=4f80, bcdDevice=d7.15
[  626.038718][T11571] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.050913][T11571] usb 6-1: Product: syz
[  626.088406][T11571] usb 6-1: Manufacturer: syz
[  626.228587][T11571] usb 6-1: SerialNumber: syz
[  626.266218][T11571] usb 6-1: config 0 descriptor??
[  626.320256][T11508] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  626.490288][T12997] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12997 comm=syz.0.1870
[  626.508958][T11508] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  626.623346][T11508] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  626.635397][T11508] usb 2-1: config 220 has no interface number 2
[  626.641764][T11508] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  626.717882][T13000] netlink: 'syz.5.1862': attribute type 4 has an invalid length.
[  626.725831][T13000] netlink: 17 bytes leftover after parsing attributes in process `syz.5.1862'.
[  626.811390][T13000] xt_SECMARK: invalid security context 'system_u:object_r:dbusd_etc_t:s0'
[  626.840271][T13000] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.850538][T13000] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  626.866265][T13000] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1862'.
[  627.606550][T11508] usb 2-1: config 220 interface 0 has no altsetting 0
[  627.613396][T11508] usb 2-1: config 220 interface 76 has no altsetting 0
[  627.620305][T11508] usb 2-1: config 220 interface 1 has no altsetting 0
[  627.636523][T11508] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  627.645687][T11508] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  627.653716][T11508] usb 2-1: Product: syz
[  627.657861][T11508] usb 2-1: Manufacturer: syz
[  628.456186][T11508] usb 2-1: SerialNumber: syz
[  628.693131][T11508] usb 2-1: selecting invalid altsetting 0
[  628.719230][T11508] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  628.727504][T11508] uvcvideo 2-1:220.0: No valid video chain found.
[  628.747180][T11508] usb 2-1: selecting invalid altsetting 0
[  628.761925][T11508] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[  628.774804][T11508] usb 2-1: USB disconnect, device number 47
[  628.890510][    T9] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  628.953847][T13010] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1875'.
[  629.093702][    T9] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  629.102839][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.120120][    T9] usb 1-1: Product: syz
[  629.124299][    T9] usb 1-1: Manufacturer: syz
[  629.128882][    T9] usb 1-1: SerialNumber: syz
[  629.151852][    T9] usb 1-1: config 0 descriptor??
[  629.210117][ T5944] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  629.360186][ T5944] usb 7-1: Using ep0 maxpacket: 32
[  629.366969][ T5944] usb 7-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  629.377544][ T5944] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  629.389080][ T5944] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  629.398266][ T5944] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.406770][ T5944] usb 7-1: Product: syz
[  629.411081][ T5944] usb 7-1: Manufacturer: syz
[  629.415730][ T5944] usb 7-1: SerialNumber: syz
[  629.433495][   T30] audit: type=1400 audit(1760817892.051:4486): avc:  denied  { create } for  pid=13014 comm="syz.1.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  629.438562][ T5944] usb 7-1: rejected 1 configuration due to insufficient available bus power
[  629.456874][   T30] audit: type=1400 audit(1760817892.071:4487): avc:  denied  { connect } for  pid=13014 comm="syz.1.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  629.465597][ T5944] usb 7-1: no configuration chosen from 1 choice
[  629.587445][T11508] usb 6-1: USB disconnect, device number 22
[  630.120166][   T30] audit: type=1400 audit(1760817892.481:4488): avc:  denied  { create } for  pid=13023 comm="syz.1.1880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  630.145334][   T30] audit: type=1400 audit(1760817892.731:4489): avc:  denied  { ioctl } for  pid=13023 comm="syz.1.1880" path="socket:[39202]" dev="sockfs" ino=39202 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  630.172635][T13027] netlink: 'syz.1.1880': attribute type 8 has an invalid length.
[  630.182078][   T30] audit: type=1400 audit(1760817892.791:4490): avc:  denied  { bind } for  pid=13023 comm="syz.1.1880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  630.535420][    T9] usb 1-1: Firmware version (0.0) predates our first public release.
[  630.543744][    T9] usb 1-1: Please update to version 0.2 or newer
[  630.682959][    T9] usb 1-1: USB disconnect, device number 90
[  631.125796][T13038] ip6t_srh: unknown srh invflags 4000
[  631.143887][T13038] netlink: 14436 bytes leftover after parsing attributes in process `syz.1.1881'.
[  631.964052][ T5858] usb 7-1: USB disconnect, device number 10
[  632.251786][T13056] overlayfs: failed to resolve './file0': -2
[  632.434993][   T30] audit: type=1400 audit(1760817895.051:4491): avc:  denied  { listen } for  pid=13061 comm="syz.5.1891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  632.510507][    T9] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  632.683851][    T9] usb 1-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  632.695712][    T9] usb 1-1: config 36 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  632.738932][    T9] usb 1-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=26.29
[  632.753737][    T9] usb 1-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16
[  632.804298][    T9] usb 1-1: Manufacturer: syz
[  632.825488][    T9] usb 1-1: SerialNumber: syz
[  634.594512][    T9] usbhid 1-1:36.0: couldn't find an input interrupt endpoint
[  634.617002][    T9] usb 1-1: USB disconnect, device number 91
[  634.890596][ T1206] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  634.904729][T13106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1898'.
[  635.040194][ T1206] usb 6-1: device descriptor read/64, error -71
[  635.338254][T13113] siw: device registration error -23
[  635.531180][ T1206] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  635.532775][T13117] netdevsim netdevsim0: Firmware load for '../file0/file0' refused, path contains '..' component
[  635.600794][   T30] audit: type=1400 audit(1760817898.181:4492): avc:  denied  { bind } for  pid=13116 comm="syz.0.1902" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  635.627570][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.642330][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.650459][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.658501][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.667840][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.675872][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.684098][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.690141][ T1206] usb 6-1: device descriptor read/64, error -71
[  635.784305][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.801224][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.812112][T13106] netlink: 'syz.1.1898': attribute type 3 has an invalid length.
[  635.931534][ T1206] usb usb6-port1: attempt power cycle
[  635.939432][   T30] audit: type=1400 audit(1760817898.551:4493): avc:  denied  { create } for  pid=13102 comm="syz.1.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  636.362541][ T1206] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  636.390719][ T1206] usb 6-1: device descriptor read/8, error -71
[  636.693203][ T1206] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  636.878371][ T1206] usb 6-1: device descriptor read/8, error -71
[  636.984593][T13139] vxcan0: tx drop: invalid da for name 0x0000000000000003
[  636.996388][T13139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1907'.
[  637.011226][ T1206] usb usb6-port1: unable to enumerate USB device
[  639.381765][T13164] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1918'.
[  641.170942][ T5986] block nbd4: Possible stuck request ffff888026840000: control (read@0,1024B). Runtime 150 seconds
[  641.181803][ T5986] block nbd4: Possible stuck request ffff8880268401c0: control (read@1024,1024B). Runtime 150 seconds
[  641.192863][ T5986] block nbd4: Possible stuck request ffff888026840380: control (read@2048,1024B). Runtime 150 seconds
[  641.204106][ T5986] block nbd4: Possible stuck request ffff888026840540: control (read@3072,1024B). Runtime 150 seconds
[  641.884281][T13192] siw: device registration error -23
[  642.155217][   T30] audit: type=1326 audit(1760817904.411:4494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.190788][   T30] audit: type=1326 audit(1760817904.411:4495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.224074][T13198] overlay: Unknown parameter 'fowner'
[  642.415361][   T30] audit: type=1326 audit(1760817904.421:4496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.492356][   T30] audit: type=1326 audit(1760817904.421:4497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.520554][   T30] audit: type=1326 audit(1760817904.421:4498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.545593][   T30] audit: type=1326 audit(1760817904.431:4499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.574463][   T30] audit: type=1326 audit(1760817904.431:4500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.610324][   T30] audit: type=1326 audit(1760817904.431:4501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.640608][   T30] audit: type=1326 audit(1760817904.441:4502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.665197][   T30] audit: type=1326 audit(1760817904.441:4503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13187 comm="syz.6.1925" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e958efc9 code=0x7ffc0000
[  642.700144][ T1206] usb 7-1: new low-speed USB device number 11 using dummy_hcd
[  642.957731][ T1206] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  642.985621][ T1206] usb 7-1: config 0 has no interface number 0
[  643.245662][ T1206] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  643.288729][ T1206] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  643.342144][ T1206] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  643.478184][ T1206] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  643.490112][ T1206] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  643.653593][T13212] cgroup: Bad value for 'name'
[  643.979331][ T1206] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  644.017221][ T1206] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  644.051320][ T1206] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  644.097106][ T1206] usb 7-1: config 0 descriptor??
[  644.134552][T13204] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  644.142366][T13204] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  644.225240][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1933'.
[  644.235926][ T1206] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  644.249588][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1933'.
[  644.275875][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1933'.
[  645.427549][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1933'.
[  645.879941][T13218] validate_nla: 41 callbacks suppressed
[  645.886205][T13218] netlink: 'syz.4.1933': attribute type 3 has an invalid length.
[  646.446309][   T50] Bluetooth: hci6: command 0x1003 tx timeout
[  646.459806][ T5819] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  647.044649][ T1206] usb 7-1: USB disconnect, device number 11
[  647.108858][ T1206] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  648.624662][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  648.624678][   T30] audit: type=1400 audit(1760817911.241:4518): avc:  denied  { getopt } for  pid=13262 comm="syz.5.1945" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  648.888877][T13269] netlink: 'syz.1.1948': attribute type 1 has an invalid length.
[  649.668710][T13269] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link
[  649.734247][T13276] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  650.541051][T13292] CUSE: unknown device info ""
[  650.545937][T13292] CUSE: zero length info key specified
[  650.648900][T13292] overlay: Unknown parameter 'fowner'
[  650.737153][T13291] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  650.755470][T13291] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  650.966705][T13298] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  650.995299][T13298] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  652.067922][   T30] audit: type=1400 audit(1760817914.681:4519): avc:  denied  { getopt } for  pid=13310 comm="syz.6.1959" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  652.768965][T13322] FAULT_INJECTION: forcing a failure.
[  652.768965][T13322] name failslab, interval 1, probability 0, space 0, times 0
[  652.874209][T13322] CPU: 0 UID: 0 PID: 13322 Comm: syz.1.1961 Not tainted syzkaller #0 PREEMPT(full) 
[  652.874227][T13322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  652.874234][T13322] Call Trace:
[  652.874238][T13322]  <TASK>
[  652.874242][T13322]  dump_stack_lvl+0x16c/0x1f0
[  652.874260][T13322]  should_fail_ex+0x512/0x640
[  652.874274][T13322]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  652.874292][T13322]  should_failslab+0xc2/0x120
[  652.874309][T13322]  __kvmalloc_node_noprof+0x141/0x9c0
[  652.874324][T13322]  ? video_usercopy+0xa6b/0x1720
[  652.874344][T13322]  ? video_usercopy+0xa6b/0x1720
[  652.874360][T13322]  video_usercopy+0xa6b/0x1720
[  652.874377][T13322]  ? __pfx___video_do_ioctl+0x10/0x10
[  652.874393][T13322]  ? selinux_kernel_read_file+0x121/0x130
[  652.874410][T13322]  ? __pfx_video_usercopy+0x10/0x10
[  652.874435][T13322]  v4l2_ioctl+0x1bd/0x250
[  652.874450][T13322]  ? __pfx_v4l2_ioctl+0x10/0x10
[  652.874466][T13322]  __x64_sys_ioctl+0x18e/0x210
[  652.874480][T13322]  do_syscall_64+0xcd/0xfa0
[  652.874494][T13322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  652.874506][T13322] RIP: 0033:0x7fae7bd8efc9
[  652.874515][T13322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  652.874526][T13322] RSP: 002b:00007fae7cc0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  652.874537][T13322] RAX: ffffffffffffffda RBX: 00007fae7bfe5fa0 RCX: 00007fae7bd8efc9
[  652.874544][T13322] RDX: 0000200000000100 RSI: 00000000c0205648 RDI: 0000000000000005
[  652.874551][T13322] RBP: 00007fae7cc0c090 R08: 0000000000000000 R09: 0000000000000000
[  652.874557][T13322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  652.874564][T13322] R13: 00007fae7bfe6038 R14: 00007fae7bfe5fa0 R15: 00007ffdc4131c98
[  652.874578][T13322]  </TASK>
[  653.438441][ T5878] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  653.946493][T13335] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1965'.
[  653.969001][T13335] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1965'.
[  653.978615][T13335] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1965'.
[  653.989600][T13335] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1965'.
[  654.012772][T13335] netlink: 'syz.6.1965': attribute type 3 has an invalid length.
[  654.042491][ T5878] usb 6-1: Using ep0 maxpacket: 16
[  654.198867][ T5878] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  654.235497][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  654.294801][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  654.401732][ T5878] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  654.414341][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  654.431015][ T5878] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  654.453633][ T5878] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  654.463834][ T5878] usb 6-1: Manufacturer: syz
[  654.506857][ T5878] usb 6-1: config 0 descriptor??
[  654.928776][T13346] tipc: Started in network mode
[  654.933858][T13346] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  654.981662][ T5878] rc_core: IR keymap rc-hauppauge not found
[  654.987614][ T5878] Registered IR keymap rc-empty
[  654.995487][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.010262][T13346] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  655.040165][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.050281][T13346] tipc: Enabled bearer <udp:syz0>, priority 10
[  655.099900][ T5878] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  655.174540][ T5878] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input26
[  655.236009][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.271044][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.292269][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.334566][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.424488][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.550646][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.658567][    T9] usb 5-1: new low-speed USB device number 73 using dummy_hcd
[  655.691252][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.852405][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.950963][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.970234][ T5878] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  655.994049][ T5878] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  656.025384][ T5878] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  656.035331][ T1206] tipc: Node number set to 1
[  656.055648][ T5878] usb 6-1: USB disconnect, device number 27
[  656.071576][    T9] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  656.079986][    T9] usb 5-1: config 0 has no interface number 0
[  656.108530][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  656.177943][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  656.213573][T13367] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  656.334275][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  656.346153][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  656.357758][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  656.371736][    T9] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  656.401375][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  656.405685][T13367] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  656.421490][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.462435][    T9] usb 5-1: config 0 descriptor??
[  656.468230][T13348] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  656.475676][T13348] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  656.491444][    T9] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  656.501230][ T5878] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  657.282088][ T5878] usb 6-1: Using ep0 maxpacket: 32
[  658.222349][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  658.292108][    T9] usb 5-1: USB disconnect, device number 73
[  658.310430][    T9] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  658.389519][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  658.448992][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  658.457058][T13388] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1981'.
[  658.540204][ T5878] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  658.563075][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  658.574237][ T5878] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  658.741752][ T5878] usb 6-1: string descriptor 0 read error: -71
[  658.748016][ T5878] usb 6-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  658.757312][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  658.787498][ T5878] usb 6-1: config 0 descriptor??
[  658.793024][ T5878] usb 6-1: can't set config #0, error -71
[  658.862576][ T5878] usb 6-1: USB disconnect, device number 28
[  659.637720][   T30] audit: type=1400 audit(1760817922.251:4520): avc:  denied  { unmount } for  pid=5817 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  660.201251][    T9] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  660.350169][    T9] usb 6-1: Using ep0 maxpacket: 32
[  660.371493][    T9] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  660.421955][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  660.471119][ T1206] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  660.522756][    T9] usb 6-1: config 0 has no interface number 0
[  660.540492][    T9] usb 6-1: config 0 interface 51 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  660.564747][    T9] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  660.574088][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.582203][    T9] usb 6-1: Product: syz
[  660.588967][    T9] usb 6-1: Manufacturer: syz
[  660.722886][T13421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1988'.
[  660.779293][T13418] siw: device registration error -23
[  660.820200][ T1206] usb 7-1: Using ep0 maxpacket: 16
[  660.834335][T13421] netlink: 'syz.0.1988': attribute type 3 has an invalid length.
[  660.860332][ T1206] usb 7-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  660.869541][ T1206] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  660.889757][ T1206] usb 7-1: Product: syz
[  660.906385][ T1206] usb 7-1: Manufacturer: syz
[  660.911198][ T1206] usb 7-1: SerialNumber: syz
[  660.947712][ T1206] usb 7-1: config 0 descriptor??
[  660.978923][ T1206] ssu100 7-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  661.020096][    T9] usb 6-1: SerialNumber: syz
[  661.033830][    T9] usb 6-1: config 0 descriptor??
[  661.056941][    T9] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  661.429402][   T30] audit: type=1400 audit(1760817924.041:4521): avc:  denied  { watch } for  pid=13403 comm="syz.5.1984" path="/110/file0" dev="tmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  661.485628][   T30] audit: type=1400 audit(1760817924.041:4522): avc:  denied  { watch_sb watch_reads } for  pid=13403 comm="syz.5.1984" path="/110/file0" dev="tmpfs" ino=619 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  661.597361][T13411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.700394][T13411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.732318][T13411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  661.749786][T13411] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  661.768005][ T1206] ssu100 7-1:0.0: probe with driver ssu100 failed with error -110
[  661.813367][T13411] netlink: 'syz.6.1986': attribute type 2 has an invalid length.
[  661.824624][T13411] netlink: 'syz.6.1986': attribute type 21 has an invalid length.
[  661.835127][T13411] netlink: 'syz.6.1986': attribute type 6 has an invalid length.
[  661.849121][T13411] netlink: 132 bytes leftover after parsing attributes in process `syz.6.1986'.
[  661.908178][T13428] xt_TPROXY: Can be used only with -p tcp or -p udp
[  662.398563][ T1206] usb 7-1: USB disconnect, device number 12
[  662.690789][T13435] overlay: Unknown parameter 'fowner'
[  663.236460][    T9] usb 6-1: qt2_attach - failed to power on unit: -71
[  663.243926][    T9] quatech2 6-1:0.51: probe with driver quatech2 failed with error -71
[  663.259451][    T9] usb 6-1: USB disconnect, device number 29
[  663.766370][T13449] overlay: Unknown parameter 'euid<00000000000000016384'
[  663.930233][    T9] usb 6-1: new low-speed USB device number 30 using dummy_hcd
[  664.466256][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1997'.
[  664.523992][    T9] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  664.541268][    T9] usb 6-1: config 0 has no interface number 0
[  664.548283][    T9] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  664.563958][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1997'.
[  664.565970][    T9] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  664.606870][    T9] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  664.632714][    T9] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  664.693363][T13447] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1990'.
[  664.717763][    T9] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  664.731856][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1997'.
[  664.747205][T13462] netlink: 'syz.4.1997': attribute type 3 has an invalid length.
[  664.747396][T13454] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1997'.
[  664.764927][    T9] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  664.783216][    T9] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  664.793417][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  664.913175][    T9] usb 6-1: config 0 descriptor??
[  664.918759][T13442] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  664.966932][T13442] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  664.987648][    T9] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  665.040125][T11508] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  665.240127][T11508] usb 7-1: Using ep0 maxpacket: 32
[  665.348172][T11508] usb 7-1: config 0 interface 0 has no altsetting 0
[  665.356899][T11508] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  665.366602][T11508] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.374699][T11508] usb 7-1: Product: syz
[  665.378921][T11508] usb 7-1: Manufacturer: syz
[  665.383532][T11508] usb 7-1: SerialNumber: syz
[  665.391614][T11508] usb 7-1: config 0 descriptor??
[  665.494990][T13476] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  665.996610][T13473] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  666.116098][T11508] gs_usb 7-1:0.0: Configuring for 1 interfaces
[  666.573939][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2002'.
[  666.584646][T13485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2003'.
[  666.586942][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2002'.
[  666.605234][T13464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  666.609912][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2002'.
[  666.629638][T13464] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  666.639011][T13486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2002'.
[  666.640523][T13487] netlink: 'syz.0.2002': attribute type 3 has an invalid length.
[  666.707231][T11508] gs_usb 7-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  666.721116][T11508] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -71
[  666.772475][T11508] usb 7-1: USB disconnect, device number 13
[  666.955792][ T5973] usb 6-1: USB disconnect, device number 30
[  666.964308][ T5973] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  667.020271][ T1206] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  667.130160][ T5878] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  667.183118][ T1206] usb 2-1: unable to get BOS descriptor or descriptor too short
[  667.192986][ T1206] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  667.203902][ T1206] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  667.213891][ T1206] usb 2-1: config 1 has no interface number 1
[  667.220587][ T1206] usb 2-1: config 1 interface 2 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  667.233812][ T1206] usb 2-1: config 1 interface 2 has no altsetting 0
[  667.243311][ T1206] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  667.253128][ T1206] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  667.261887][ T1206] usb 2-1: Product: syz
[  667.268876][ T1206] usb 2-1: Manufacturer: syz
[  667.274118][ T1206] usb 2-1: SerialNumber: syz
[  667.283095][ T5878] usb 5-1: Using ep0 maxpacket: 16
[  667.291947][ T5878] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  667.303413][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  667.324255][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  667.335491][ T5878] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  667.346766][ T5878] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  667.362331][ T5878] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  667.371986][ T5878] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  667.380526][ T5878] usb 5-1: Manufacturer: syz
[  667.427000][ T5878] usb 5-1: config 0 descriptor??
[  667.675005][ T1206] usb 2-1: USB disconnect, device number 48
[  667.889363][T12905] udevd[12905]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  667.971210][ T5878] rc_core: IR keymap rc-hauppauge not found
[  667.977189][ T5878] Registered IR keymap rc-empty
[  668.010539][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.030165][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.051830][ T5878] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  668.273142][ T5878] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input27
[  668.380401][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.422822][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.542695][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.570183][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.600293][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  668.673334][   T30] audit: type=1400 audit(1760817931.281:4523): avc:  denied  { getopt } for  pid=13500 comm="syz.1.2007" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  669.149817][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  669.170152][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  669.200175][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  669.231435][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  669.363673][ T5878] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  669.414769][ T5878] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  669.443018][ T5878] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  669.474965][ T5878] usb 5-1: USB disconnect, device number 74
[  670.273665][   T30] audit: type=1326 audit(1760817932.891:4524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13518 comm="syz.5.2013" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f131f98efc9 code=0x0
[  670.985034][T13529] rdma_rxe: rxe_newlink: failed to add lo
[  671.240484][ T5986] block nbd4: Possible stuck request ffff888026840000: control (read@0,1024B). Runtime 180 seconds
[  671.251431][ T5986] block nbd4: Possible stuck request ffff8880268401c0: control (read@1024,1024B). Runtime 180 seconds
[  671.262463][ T5986] block nbd4: Possible stuck request ffff888026840380: control (read@2048,1024B). Runtime 180 seconds
[  671.275651][ T5986] block nbd4: Possible stuck request ffff888026840540: control (read@3072,1024B). Runtime 180 seconds
[  671.288852][T13540] FAULT_INJECTION: forcing a failure.
[  671.288852][T13540] name failslab, interval 1, probability 0, space 0, times 0
[  671.324625][T13540] CPU: 1 UID: 0 PID: 13540 Comm: syz.0.2018 Not tainted syzkaller #0 PREEMPT(full) 
[  671.324642][T13540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  671.324649][T13540] Call Trace:
[  671.324653][T13540]  <TASK>
[  671.324657][T13540]  dump_stack_lvl+0x16c/0x1f0
[  671.324676][T13540]  should_fail_ex+0x512/0x640
[  671.324690][T13540]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  671.324706][T13540]  should_failslab+0xc2/0x120
[  671.324722][T13540]  kmem_cache_alloc_node_noprof+0x78/0x770
[  671.324735][T13540]  ? __alloc_skb+0x2b2/0x380
[  671.324751][T13540]  ? __alloc_skb+0x2b2/0x380
[  671.324761][T13540]  ? __pfx_netlink_insert+0x10/0x10
[  671.324775][T13540]  __alloc_skb+0x2b2/0x380
[  671.324787][T13540]  ? __pfx___alloc_skb+0x10/0x10
[  671.324799][T13540]  ? netlink_autobind.isra.0+0x158/0x370
[  671.324817][T13540]  netlink_alloc_large_skb+0x69/0x140
[  671.324833][T13540]  netlink_sendmsg+0x698/0xdd0
[  671.324850][T13540]  ? __pfx_netlink_sendmsg+0x10/0x10
[  671.324870][T13540]  ____sys_sendmsg+0xa98/0xc70
[  671.324887][T13540]  ? copy_msghdr_from_user+0x10a/0x160
[  671.324900][T13540]  ? __pfx_____sys_sendmsg+0x10/0x10
[  671.324919][T13540]  ? __pfx__kstrtoull+0x10/0x10
[  671.324932][T13540]  ___sys_sendmsg+0x134/0x1d0
[  671.324946][T13540]  ? __pfx____sys_sendmsg+0x10/0x10
[  671.324966][T13540]  ? find_held_lock+0x2b/0x80
[  671.324986][T13540]  __sys_sendmmsg+0x200/0x420
[  671.325001][T13540]  ? __pfx___sys_sendmmsg+0x10/0x10
[  671.325019][T13540]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  671.325040][T13540]  ? fput+0x9b/0xd0
[  671.325050][T13540]  ? ksys_write+0x1ac/0x250
[  671.325063][T13540]  ? __pfx_ksys_write+0x10/0x10
[  671.325079][T13540]  __x64_sys_sendmmsg+0x9c/0x100
[  671.325092][T13540]  ? lockdep_hardirqs_on+0x7c/0x110
[  671.325106][T13540]  do_syscall_64+0xcd/0xfa0
[  671.325120][T13540]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.325132][T13540] RIP: 0033:0x7f0626d8efc9
[  671.325141][T13540] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  671.325151][T13540] RSP: 002b:00007f0627cbe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  671.325163][T13540] RAX: ffffffffffffffda RBX: 00007f0626fe5fa0 RCX: 00007f0626d8efc9
[  671.325170][T13540] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000004
[  671.325177][T13540] RBP: 00007f0627cbe090 R08: 0000000000000000 R09: 0000000000000000
[  671.325183][T13540] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  671.325190][T13540] R13: 00007f0626fe6038 R14: 00007f0626fe5fa0 R15: 00007ffc7a003908
[  671.325204][T13540]  </TASK>
[  671.620860][T11571] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  671.688714][T13544] team0: left allmulticast mode
[  671.693757][T13544] team_slave_0: left allmulticast mode
[  671.699299][T13544] team_slave_1: left allmulticast mode
[  671.707286][T13546] overlay: Unknown parameter 'fowner'
[  671.708846][T13544] team0: left promiscuous mode
[  671.718526][T13544] team_slave_0: left promiscuous mode
[  671.728388][T13544] team_slave_1: left promiscuous mode
[  671.740073][T13544] bridge0: port 3(team0) entered disabled state
[  671.822660][T11571] usb 2-1: Using ep0 maxpacket: 32
[  671.830293][T11571] usb 2-1: config 127 has an invalid interface number: 98 but max is 0
[  671.838222][T13544] bridge_slave_0: left allmulticast mode
[  671.838642][T11571] usb 2-1: config 127 has an invalid descriptor of length 36, skipping remainder of the config
[  671.854569][T13544] bridge_slave_0: left promiscuous mode
[  671.854743][T13544] bridge0: port 1(bridge_slave_0) entered disabled state
[  671.860983][T11571] usb 2-1: config 127 has no interface number 0
[  671.876278][T11571] usb 2-1: New USB device found, idVendor=22b8, idProduct=2e0a, bcdDevice=73.f0
[  671.887927][T11571] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.902741][T13544] bridge_slave_1: left allmulticast mode
[  671.908503][T11571] usb 2-1: Product: syz
[  671.913102][T11571] usb 2-1: Manufacturer: syz
[  671.918723][T11571] usb 2-1: SerialNumber: syz
[  671.929905][T11571] option 2-1:127.98: GSM modem (1-port) converter detected
[  671.930096][ T5944] usb 5-1: new full-speed USB device number 75 using dummy_hcd
[  671.950852][T13544] bridge_slave_1: left promiscuous mode
[  671.972979][T13544] bridge0: port 2(bridge_slave_1) entered disabled state
[  672.001709][T13544] bond0: (slave bond_slave_0): Releasing backup interface
[  672.013637][T13544] bond0: (slave bond_slave_1): Releasing backup interface
[  672.031179][T13544] team0: Port device team_slave_0 removed
[  672.044464][T13544] team0: Port device team_slave_1 removed
[  672.052989][T13544] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  672.060636][T13544] batman_adv: batadv0: Removing interface: batadv_slave_0
[  672.068861][T13544] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  672.076366][ T5944] usb 5-1: device descriptor read/64, error -71
[  672.082877][T13544] batman_adv: batadv0: Removing interface: batadv_slave_1
[  672.091937][T13544] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  672.139660][T11571] usb 2-1: USB disconnect, device number 49
[  672.146405][T11571] option 2-1:127.98: device disconnected
[  672.320134][ T5944] usb 5-1: new full-speed USB device number 76 using dummy_hcd
[  672.450124][ T5944] usb 5-1: device descriptor read/64, error -71
[  672.560468][ T5944] usb usb5-port1: attempt power cycle
[  673.041419][ T5944] usb 5-1: new full-speed USB device number 77 using dummy_hcd
[  673.110645][ T5944] usb 5-1: device descriptor read/8, error -71
[  673.417868][T13560] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2025'.
[  673.553862][ T5944] usb 5-1: new full-speed USB device number 78 using dummy_hcd
[  673.580770][ T5944] usb 5-1: device descriptor read/8, error -71
[  673.664559][   T30] audit: type=1326 audit(1760817936.281:4525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13568 comm="syz.0.2026" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0626d8efc9 code=0x0
[  673.693241][ T5944] usb usb5-port1: unable to enumerate USB device
[  673.768835][T13571] rdma_rxe: rxe_newlink: failed to add lo
[  674.471577][   T30] audit: type=1400 audit(1760817937.071:4526): avc:  denied  { bind } for  pid=13579 comm="syz.4.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  675.270150][   T30] audit: type=1400 audit(1760817937.071:4527): avc:  denied  { setopt } for  pid=13579 comm="syz.4.2031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  675.301053][T13592] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2029'.
[  675.390548][T13592] __vm_enough_memory: pid: 13592, comm: syz.6.2029, bytes: 4503599627366400 not enough memory for the allocation
[  675.403448][ T5944] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  675.415479][   T30] audit: type=1400 audit(1760817937.301:4528): avc:  denied  { ioctl } for  pid=13583 comm="syz.1.2030" path="socket:[41479]" dev="sockfs" ino=41479 ioctlcmd=0x8922 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  675.570148][ T5944] usb 2-1: Using ep0 maxpacket: 16
[  675.673089][ T5944] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  675.690075][   T30] audit: type=1400 audit(1760817938.301:4529): avc:  denied  { ioctl } for  pid=13595 comm="syz.5.2032" path="socket:[40889]" dev="sockfs" ino=40889 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  675.715342][ T5944] usb 2-1: config 0 has no interface number 0
[  675.722440][ T5944] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  675.727173][   T30] audit: type=1400 audit(1760817938.331:4530): avc:  denied  { read write } for  pid=13602 comm="syz.6.2034" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  675.733540][ T5944] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  675.769545][ T5944] usb 2-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  675.770329][   T30] audit: type=1400 audit(1760817938.331:4531): avc:  denied  { ioctl open } for  pid=13602 comm="syz.6.2034" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  675.782404][ T5944] usb 2-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  675.816245][ T5944] usb 2-1: Product: syz
[  675.820479][ T5944] usb 2-1: SerialNumber: syz
[  675.826724][ T5944] usb 2-1: config 0 descriptor??
[  675.835056][ T5944] cm109 2-1:0.8: invalid payload size 0, expected 4
[  675.842911][ T5944] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.8/input/input28
[  675.940132][T11571] usb 5-1: new low-speed USB device number 79 using dummy_hcd
[  676.091797][T11571] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  676.099971][T11571] usb 5-1: config 0 has no interface number 0
[  676.106523][T11571] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  676.118825][T11571] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  676.129893][T11571] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  676.142401][T11571] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  676.153674][T11571] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  676.164605][T11571] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  676.177636][T11571] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  676.186893][T11571] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  676.196768][T11571] usb 5-1: config 0 descriptor??
[  676.206733][T13601] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  676.214482][T13601] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  676.226349][T11571] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  677.443957][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.452870][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.461685][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.468825][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.476044][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.483182][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.490297][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.497414][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.504549][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.511667][    C0] cm109 2-1:0.8: cm109_urb_ctl_callback: urb status -71
[  677.514592][T13627] usb 2-1: USB disconnect, device number 50
[  677.518606][    C0] cm109 2-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  677.864387][T13627] cm109 2-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  679.590474][T11571] usb 5-1: USB disconnect, device number 79
[  679.629485][T11571] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  680.704006][ T5819] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  680.848662][T13653] siw: device registration error -23
[  680.957995][T13660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'.
[  680.975333][T13660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'.
[  681.016807][T13660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'.
[  681.028388][T13660] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'.
[  681.091691][T13660] netlink: 'syz.1.2045': attribute type 3 has an invalid length.
[  682.755257][   T30] audit: type=1400 audit(1760817945.371:4532): avc:  denied  { compute_member } for  pid=13681 comm="syz.1.2052" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  682.775781][    C1] vkms_vblank_simulate: vblank timer overrun
[  682.974003][T13688] FAULT_INJECTION: forcing a failure.
[  682.974003][T13688] name failslab, interval 1, probability 0, space 0, times 0
[  682.987490][T13688] CPU: 0 UID: 0 PID: 13688 Comm: syz.0.2054 Not tainted syzkaller #0 PREEMPT(full) 
[  682.987515][T13688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  682.987526][T13688] Call Trace:
[  682.987532][T13688]  <TASK>
[  682.987538][T13688]  dump_stack_lvl+0x16c/0x1f0
[  682.987564][T13688]  should_fail_ex+0x512/0x640
[  682.987579][T13688]  ? __kmalloc_cache_noprof+0x5f/0x780
[  682.987593][T13688]  should_failslab+0xc2/0x120
[  682.987611][T13688]  __kmalloc_cache_noprof+0x72/0x780
[  682.987622][T13688]  ? do_raw_read_unlock+0x44/0xe0
[  682.987639][T13688]  ? route4_init+0x3f/0xa0
[  682.987653][T13688]  ? __pfx_route4_classify+0x10/0x10
[  682.987665][T13688]  ? route4_init+0x3f/0xa0
[  682.987676][T13688]  route4_init+0x3f/0xa0
[  682.987687][T13688]  tc_new_tfilter+0x114a/0x2340
[  682.987709][T13688]  ? __lock_acquire+0xb8a/0x1c90
[  682.987723][T13688]  ? __pfx_tc_new_tfilter+0x10/0x10
[  682.987739][T13688]  ? __pfx___schedule+0x10/0x10
[  682.987762][T13688]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[  682.987783][T13688]  ? __pfx_tc_new_tfilter+0x10/0x10
[  682.987798][T13688]  rtnetlink_rcv_msg+0x95e/0xe90
[  682.987822][T13688]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  682.987836][T13688]  ? __lock_acquire+0xb8a/0x1c90
[  682.987851][T13688]  ? __pfx___sanitizer_cov_trace_pc+0x10/0x10
[  682.987867][T13688]  netlink_rcv_skb+0x158/0x420
[  682.987882][T13688]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  682.987897][T13688]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  682.987910][T13688]  ? rcu_is_watching+0x12/0xc0
[  682.987931][T13688]  netlink_unicast+0x5aa/0x870
[  682.987947][T13688]  ? __pfx_netlink_unicast+0x10/0x10
[  682.987968][T13688]  netlink_sendmsg+0x8c8/0xdd0
[  682.987985][T13688]  ? __pfx_netlink_sendmsg+0x10/0x10
[  682.988005][T13688]  ____sys_sendmsg+0xa98/0xc70
[  682.988023][T13688]  ? copy_msghdr_from_user+0x10a/0x160
[  682.988036][T13688]  ? __pfx_____sys_sendmsg+0x10/0x10
[  682.988059][T13688]  ___sys_sendmsg+0x134/0x1d0
[  682.988071][T13688]  ? find_held_lock+0x2b/0x80
[  682.988082][T13688]  ? __pfx____sys_sendmsg+0x10/0x10
[  682.988094][T13688]  ? __lock_acquire+0x622/0x1c90
[  682.988120][T13688]  ? lockdep_hardirqs_on+0x70/0x110
[  682.988138][T13688]  __sys_sendmsg+0x16d/0x220
[  682.988152][T13688]  ? __pfx___sys_sendmsg+0x10/0x10
[  682.988164][T13688]  ? rcu_is_watching+0x12/0xc0
[  682.988180][T13688]  ? trace_irq_enable.constprop.0+0x2f/0x120
[  682.988195][T13688]  do_syscall_64+0xcd/0xfa0
[  682.988210][T13688]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  682.988221][T13688] RIP: 0033:0x7f0626d8efc9
[  682.988230][T13688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  682.988241][T13688] RSP: 002b:00007f0627c9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  682.988252][T13688] RAX: ffffffffffffffda RBX: 00007f0626fe6090 RCX: 00007f0626d8efc9
[  682.988259][T13688] RDX: 0000000000000080 RSI: 0000200000000000 RDI: 0000000000000005
[  682.988270][T13688] RBP: 00007f0627c9d090 R08: 0000000000000000 R09: 0000000000000000
[  682.988276][T13688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  682.988282][T13688] R13: 00007f0626fe6128 R14: 00007f0626fe6090 R15: 00007ffc7a003908
[  682.988298][T13688]  </TASK>
[  684.652863][T13696] 9pnet_fd: Insufficient options for proto=fd
[  685.390545][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  685.632553][T13714] GUP no longer grows the stack in syz.1.2062 (13714): 200000011000-200000018000 (20000000e000)
[  685.644413][T13714] CPU: 0 UID: 0 PID: 13714 Comm: syz.1.2062 Not tainted syzkaller #0 PREEMPT(full) 
[  685.644432][T13714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  685.644439][T13714] Call Trace:
[  685.644443][T13714]  <TASK>
[  685.644449][T13714]  dump_stack_lvl+0x16c/0x1f0
[  685.644467][T13714]  gup_vma_lookup+0x1d2/0x220
[  685.644486][T13714]  __get_user_pages+0x241/0x3530
[  685.644509][T13714]  ? find_held_lock+0x2b/0x80
[  685.644524][T13714]  ? __pfx___get_user_pages+0x10/0x10
[  685.644545][T13714]  get_user_pages_remote+0x243/0xab0
[  685.644562][T13714]  ? mast_spanning_rebalance.isra.0+0x2060/0x2060
[  685.644578][T13714]  ? __pfx_get_user_pages_remote+0x10/0x10
[  685.644597][T13714]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  685.644619][T13714]  __access_remote_vm+0x250/0xaa0
[  685.644638][T13714]  ? do_raw_spin_lock+0x12c/0x2b0
[  685.644654][T13714]  ? __pfx___access_remote_vm+0x10/0x10
[  685.644674][T13714]  proc_pid_cmdline_read+0x4de/0x8e0
[  685.644693][T13714]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  685.644711][T13714]  ? rw_verify_area+0xcf/0x6c0
[  685.644724][T13714]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  685.644740][T13714]  vfs_readv+0x5c1/0x8b0
[  685.644756][T13714]  ? __pfx_vfs_readv+0x10/0x10
[  685.644779][T13714]  ? __fget_files+0x20e/0x3c0
[  685.644798][T13714]  ? do_preadv+0x1a6/0x270
[  685.644810][T13714]  do_preadv+0x1a6/0x270
[  685.644827][T13714]  ? __pfx_do_preadv+0x10/0x10
[  685.644844][T13714]  do_syscall_64+0xcd/0xfa0
[  685.644859][T13714]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  685.644872][T13714] RIP: 0033:0x7fae7bd8efc9
[  685.644881][T13714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  685.644893][T13714] RSP: 002b:00007fae7cc0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  685.644904][T13714] RAX: ffffffffffffffda RBX: 00007fae7bfe5fa0 RCX: 00007fae7bd8efc9
[  685.644912][T13714] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000004
[  685.644920][T13714] RBP: 00007fae7be11f91 R08: 0000000000006a76 R09: 0000000000000000
[  685.644927][T13714] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
[  685.644934][T13714] R13: 00007fae7bfe6038 R14: 00007fae7bfe5fa0 R15: 00007ffdc4131c98
[  685.644950][T13714]  </TASK>
[  686.142035][T13716] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2061'.
[  686.363327][T13716] netlink: 'syz.0.2061': attribute type 3 has an invalid length.
[  687.571702][T11508] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  687.886220][   T30] audit: type=1400 audit(1760817950.501:4533): avc:  denied  { getopt } for  pid=13729 comm="syz.1.2067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  688.187458][T11508] usb 1-1: device descriptor read/64, error -71
[  688.430152][T11508] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  688.590172][T11508] usb 1-1: device descriptor read/64, error -71
[  688.710642][T11508] usb usb1-port1: attempt power cycle
[  688.983731][T13747] overlay: Unknown parameter 'fowner'
[  689.060105][T11508] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  689.145419][T11508] usb 1-1: device descriptor read/8, error -71
[  689.440143][T11508] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[  690.135858][T11508] usb 1-1: device descriptor read/8, error -71
[  690.270633][T11508] usb usb1-port1: unable to enumerate USB device
[  690.382729][   T30] audit: type=1326 audit(1760817953.001:4534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13776 comm="syz.0.2079" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0626d8efc9 code=0x0
[  691.091570][   T31] INFO: task syz.2.1577:11926 blocked for more than 144 seconds.
[  691.109579][   T31]       Not tainted syzkaller #0
[  691.125042][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  691.156384][   T31] task:syz.2.1577      state:D stack:26584 pid:11926 tgid:11925 ppid:5809   task_flags:0x400140 flags:0x00080002
[  691.170767][   T30] audit: type=1400 audit(1760817953.771:4535): avc:  denied  { write } for  pid=5795 comm="syz-executor" path="pipe:[4822]" dev="pipefs" ino=4822 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  691.180397][   T31] Call Trace:
[  691.340118][   T31]  <TASK>
[  691.343099][   T31]  __schedule+0x1190/0x5de0
[  691.380668][   T31]  ? look_up_lock_class+0x59/0x150
[  691.385838][   T31]  ? __lock_acquire+0x622/0x1c90
[  691.420126][   T31]  ? __pfx___schedule+0x10/0x10
[  691.425032][   T31]  ? find_held_lock+0x2b/0x80
[  691.429711][   T31]  ? schedule+0x2d7/0x3a0
[  691.460087][   T31]  ? sync_bdevs+0xfd/0x360
[  691.464546][   T31]  schedule+0xe7/0x3a0
[  691.468620][   T31]  schedule_preempt_disabled+0x13/0x30
[  691.484837][   T31]  __mutex_lock+0x818/0x1060
[  691.489465][   T31]  ? sync_bdevs+0xfd/0x360
[  691.494338][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  691.499387][   T31]  ? iput.part.0+0x181/0xb00
[  691.504290][   T31]  ? sync_bdevs+0xfd/0x360
[  691.508711][   T31]  sync_bdevs+0xfd/0x360
[  691.513293][   T31]  ksys_sync+0xb2/0x150
[  691.517457][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  691.522618][   T31]  ? rcu_is_watching+0x12/0xc0
[  691.527383][   T31]  ? do_syscall_64+0x91/0xfa0
[  691.532424][   T31]  __do_sys_sync+0xe/0x20
[  691.536770][   T31]  do_syscall_64+0xcd/0xfa0
[  691.546623][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.553825][   T31] RIP: 0033:0x7f6df258efc9
[  691.558239][   T31] RSP: 002b:00007f6df350f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  691.567594][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e5fa0 RCX: 00007f6df258efc9
[  691.575663][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  691.584051][   T31] RBP: 00007f6df27e5fa0 R08: 0000000000000000 R09: 0000000000000000
[  691.592076][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  691.600070][   T31] R13: 00007f6df27e6038 R14: 00007f6df27e5fa0 R15: 00007ffed5911298
[  691.608043][   T31]  </TASK>
[  691.611092][   T31] INFO: task syz.2.1577:11929 blocked for more than 144 seconds.
[  691.618808][   T31]       Not tainted syzkaller #0
[  691.623781][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  691.632514][   T31] task:syz.2.1577      state:D stack:27672 pid:11929 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080002
[  691.644631][   T31] Call Trace:
[  691.647914][   T31]  <TASK>
[  691.650896][   T31]  __schedule+0x1190/0x5de0
[  691.655429][   T31]  ? __pfx___schedule+0x10/0x10
[  691.660335][   T31]  ? find_held_lock+0x2b/0x80
[  691.665009][   T31]  ? schedule+0x2d7/0x3a0
[  691.669341][   T31]  ? sync_bdevs+0xfd/0x360
[  691.674214][   T31]  schedule+0xe7/0x3a0
[  691.678288][   T31]  schedule_preempt_disabled+0x13/0x30
[  691.684425][   T31]  __mutex_lock+0x818/0x1060
[  691.689028][   T31]  ? sync_bdevs+0xfd/0x360
[  691.693872][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  691.698918][   T31]  ? iput.part.0+0x181/0xb00
[  691.703775][   T31]  ? sync_bdevs+0xfd/0x360
[  691.708191][   T31]  sync_bdevs+0xfd/0x360
[  691.712732][   T31]  ksys_sync+0xb2/0x150
[  691.716896][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  691.722261][   T31]  ? rcu_is_watching+0x12/0xc0
[  691.727030][   T31]  ? do_syscall_64+0x91/0xfa0
[  691.732055][   T31]  __do_sys_sync+0xe/0x20
[  691.736400][   T31]  do_syscall_64+0xcd/0xfa0
[  691.741204][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  691.747099][   T31] RIP: 0033:0x7f6df258efc9
[  691.751824][   T31] RSP: 002b:00007f6df34ee038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  691.760428][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6090 RCX: 00007f6df258efc9
[  691.768404][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  691.776902][   T31] RBP: 00007f6df27e6090 R08: 0000000000000000 R09: 0000000000000000
[  691.785414][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  691.793697][   T31] R13: 00007f6df27e6128 R14: 00007f6df27e6090 R15: 00007ffed5911298
[  691.801856][   T31]  </TASK>
[  691.854871][   T31] INFO: task syz.2.1577:11935 blocked for more than 144 seconds.
[  691.894446][   T31]       Not tainted syzkaller #0
[  691.899415][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  691.930065][   T31] task:syz.2.1577      state:D stack:28504 pid:11935 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080002
[  691.950373][   T31] Call Trace:
[  691.953678][   T31]  <TASK>
[  691.956609][   T31]  __schedule+0x1190/0x5de0
[  691.970515][   T31]  ? __pfx___schedule+0x10/0x10
[  691.975394][   T31]  ? find_held_lock+0x2b/0x80
[  691.990160][   T31]  ? schedule+0x2d7/0x3a0
[  691.994523][   T31]  ? sync_bdevs+0xfd/0x360
[  691.998941][   T31]  schedule+0xe7/0x3a0
[  692.020096][   T31]  schedule_preempt_disabled+0x13/0x30
[  692.025583][   T31]  __mutex_lock+0x818/0x1060
[  692.041851][   T31]  ? sync_bdevs+0xfd/0x360
[  692.046303][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  692.062114][   T31]  ? iput.part.0+0x181/0xb00
[  692.066782][   T31]  ? sync_bdevs+0xfd/0x360
[  692.080406][   T31]  sync_bdevs+0xfd/0x360
[  692.084682][   T31]  ksys_sync+0xb2/0x150
[  692.089245][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  692.120149][   T31]  ? do_user_addr_fault+0x843/0x1370
[  692.125508][   T31]  ? rcu_is_watching+0x12/0xc0
[  692.140066][   T31]  ? do_syscall_64+0x91/0xfa0
[  692.144780][   T31]  __do_sys_sync+0xe/0x20
[  692.149117][   T31]  do_syscall_64+0xcd/0xfa0
[  692.170817][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.176744][   T31] RIP: 0033:0x7f6df258efc9
[  692.181499][   T31] RSP: 002b:00007f6df34cd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  692.192000][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6180 RCX: 00007f6df258efc9
[  692.199992][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  692.208082][   T31] RBP: 00007f6df27e6180 R08: 0000000000000000 R09: 0000000000000000
[  692.216143][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.224163][   T31] R13: 00007f6df27e6218 R14: 00007f6df27e6180 R15: 00007ffed5911298
[  692.232173][   T31]  </TASK>
[  692.235185][   T31] INFO: task syz.2.1577:11936 blocked for more than 145 seconds.
[  692.242950][   T31]       Not tainted syzkaller #0
[  692.247879][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  692.257240][   T31] task:syz.2.1577      state:D stack:28504 pid:11936 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080002
[  692.269206][   T31] Call Trace:
[  692.272501][   T31]  <TASK>
[  692.275418][   T31]  __schedule+0x1190/0x5de0
[  692.279911][   T31]  ? __pfx___schedule+0x10/0x10
[  692.284806][   T31]  ? find_held_lock+0x2b/0x80
[  692.289480][   T31]  ? schedule+0x2d7/0x3a0
[  692.294380][   T31]  ? sync_bdevs+0xfd/0x360
[  692.298801][   T31]  schedule+0xe7/0x3a0
[  692.302907][   T31]  schedule_preempt_disabled+0x13/0x30
[  692.308361][   T31]  __mutex_lock+0x818/0x1060
[  692.312956][   T31]  ? sync_bdevs+0xfd/0x360
[  692.317369][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  692.322435][   T31]  ? iput.part.0+0x181/0xb00
[  692.327025][   T31]  ? sync_bdevs+0xfd/0x360
[  692.331587][   T31]  sync_bdevs+0xfd/0x360
[  692.335861][   T31]  ksys_sync+0xb2/0x150
[  692.340003][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  692.344829][   T31]  ? do_user_addr_fault+0x843/0x1370
[  692.350199][   T31]  ? rcu_is_watching+0x12/0xc0
[  692.354959][   T31]  ? do_syscall_64+0x91/0xfa0
[  692.359616][   T31]  __do_sys_sync+0xe/0x20
[  692.364526][   T31]  do_syscall_64+0xcd/0xfa0
[  692.369020][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.374979][   T31] RIP: 0033:0x7f6df258efc9
[  692.379388][   T31] RSP: 002b:00007f6df34ac038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  692.387809][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6270 RCX: 00007f6df258efc9
[  692.396236][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  692.404261][   T31] RBP: 00007f6df27e6270 R08: 0000000000000000 R09: 0000000000000000
[  692.412329][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.420333][   T31] R13: 00007f6df27e6308 R14: 00007f6df27e6270 R15: 00007ffed5911298
[  692.428327][   T31]  </TASK>
[  692.434494][   T31] INFO: task syz.2.1577:11937 blocked for more than 145 seconds.
[  692.442989][   T31]       Not tainted syzkaller #0
[  692.447957][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  692.458328][   T31] task:syz.2.1577      state:D stack:28504 pid:11937 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080002
[  692.470305][   T31] Call Trace:
[  692.473572][   T31]  <TASK>
[  692.476483][   T31]  __schedule+0x1190/0x5de0
[  692.481144][   T31]  ? __pfx___schedule+0x10/0x10
[  692.486017][   T31]  ? find_held_lock+0x2b/0x80
[  692.490731][   T31]  ? schedule+0x2d7/0x3a0
[  692.495057][   T31]  ? sync_bdevs+0xfd/0x360
[  692.499754][   T31]  schedule+0xe7/0x3a0
[  692.503899][   T31]  schedule_preempt_disabled+0x13/0x30
[  692.509355][   T31]  __mutex_lock+0x818/0x1060
[  692.513984][   T31]  ? sync_bdevs+0xfd/0x360
[  692.518418][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  692.523622][   T31]  ? iput.part.0+0x181/0xb00
[  692.528258][   T31]  ? sync_bdevs+0xfd/0x360
[  692.532739][   T31]  sync_bdevs+0xfd/0x360
[  692.536978][   T31]  ksys_sync+0xb2/0x150
[  692.541367][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  692.546142][   T31]  ? do_user_addr_fault+0x843/0x1370
[  692.552735][   T31]  ? rcu_is_watching+0x12/0xc0
[  692.557506][   T31]  ? do_syscall_64+0x91/0xfa0
[  692.562246][   T31]  __do_sys_sync+0xe/0x20
[  692.566588][   T31]  do_syscall_64+0xcd/0xfa0
[  692.571138][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.577023][   T31] RIP: 0033:0x7f6df258efc9
[  692.581436][   T31] RSP: 002b:00007f6df348b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  692.589843][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6360 RCX: 00007f6df258efc9
[  692.597874][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  692.606429][   T31] RBP: 00007f6df27e6360 R08: 0000000000000000 R09: 0000000000000000
[  692.614476][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.622464][   T31] R13: 00007f6df27e63f8 R14: 00007f6df27e6360 R15: 00007ffed5911298
[  692.630560][   T31]  </TASK>
[  692.633644][   T31] INFO: task syz.2.1577:11940 blocked for more than 145 seconds.
[  692.641708][   T31]       Not tainted syzkaller #0
[  692.646636][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  692.657650][   T31] task:syz.2.1577      state:D stack:28248 pid:11940 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080003
[  692.669708][   T31] Call Trace:
[  692.673037][   T31]  <TASK>
[  692.675960][   T31]  __schedule+0x1190/0x5de0
[  692.680629][   T31]  ? __lock_acquire+0x622/0x1c90
[  692.685624][   T31]  ? __pfx___schedule+0x10/0x10
[  692.690530][   T31]  ? find_held_lock+0x2b/0x80
[  692.695219][   T31]  ? schedule+0x2d7/0x3a0
[  692.699563][   T31]  ? sync_bdevs+0xfd/0x360
[  692.704399][   T31]  schedule+0xe7/0x3a0
[  692.708472][   T31]  schedule_preempt_disabled+0x13/0x30
[  692.713953][   T31]  __mutex_lock+0x818/0x1060
[  692.718540][   T31]  ? sync_bdevs+0xfd/0x360
[  692.723003][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  692.728047][   T31]  ? iput.part.0+0x181/0xb00
[  692.732654][   T31]  ? sync_bdevs+0xfd/0x360
[  692.737061][   T31]  sync_bdevs+0xfd/0x360
[  692.741311][   T31]  ksys_sync+0xb2/0x150
[  692.745467][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  692.750384][   T31]  ? do_user_addr_fault+0x843/0x1370
[  692.755681][   T31]  ? rcu_is_watching+0x12/0xc0
[  692.760555][   T31]  ? do_syscall_64+0x91/0xfa0
[  692.765243][   T31]  __do_sys_sync+0xe/0x20
[  692.769554][   T31]  do_syscall_64+0xcd/0xfa0
[  692.774086][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.779972][   T31] RIP: 0033:0x7f6df258efc9
[  692.784402][   T31] RSP: 002b:00007f6df346a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  692.792849][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6450 RCX: 00007f6df258efc9
[  692.800879][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  692.809260][   T31] RBP: 00007f6df27e6450 R08: 0000000000000000 R09: 0000000000000000
[  692.817269][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  692.825258][   T31] R13: 00007f6df27e64e8 R14: 00007f6df27e6450 R15: 00007ffed5911298
[  692.833248][   T31]  </TASK>
[  692.836257][   T31] INFO: task syz.2.1577:11942 blocked for more than 145 seconds.
[  692.844039][   T31]       Not tainted syzkaller #0
[  692.848995][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  692.857696][   T31] task:syz.2.1577      state:D stack:28504 pid:11942 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080003
[  692.869714][   T31] Call Trace:
[  692.873014][   T31]  <TASK>
[  692.875939][   T31]  __schedule+0x1190/0x5de0
[  692.880507][   T31]  ? __lock_acquire+0x622/0x1c90
[  692.885450][   T31]  ? __pfx___schedule+0x10/0x10
[  692.890335][   T31]  ? find_held_lock+0x2b/0x80
[  692.895022][   T31]  ? schedule+0x2d7/0x3a0
[  692.899352][   T31]  ? sync_bdevs+0xfd/0x360
[  692.903785][   T31]  schedule+0xe7/0x3a0
[  692.908250][   T31]  schedule_preempt_disabled+0x13/0x30
[  692.913768][   T31]  __mutex_lock+0x818/0x1060
[  692.918356][   T31]  ? sync_bdevs+0xfd/0x360
[  692.922940][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  692.927981][   T31]  ? iput.part.0+0x181/0xb00
[  692.932589][   T31]  ? sync_bdevs+0xfd/0x360
[  692.936998][   T31]  sync_bdevs+0xfd/0x360
[  692.941246][   T31]  ksys_sync+0xb2/0x150
[  692.945405][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  692.950196][   T31]  ? do_user_addr_fault+0x843/0x1370
[  692.955485][   T31]  ? rcu_is_watching+0x12/0xc0
[  692.960297][   T31]  ? do_syscall_64+0x91/0xfa0
[  692.964971][   T31]  __do_sys_sync+0xe/0x20
[  692.969281][   T31]  do_syscall_64+0xcd/0xfa0
[  692.973938][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  692.979826][   T31] RIP: 0033:0x7f6df258efc9
[  692.984263][   T31] RSP: 002b:00007f6df3449038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  692.992714][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6540 RCX: 00007f6df258efc9
[  693.000737][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  693.008701][   T31] RBP: 00007f6df27e6540 R08: 0000000000000000 R09: 0000000000000000
[  693.017068][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  693.025081][   T31] R13: 00007f6df27e65d8 R14: 00007f6df27e6540 R15: 00007ffed5911298
[  693.033073][   T31]  </TASK>
[  693.036086][   T31] INFO: task syz.2.1577:11946 blocked for more than 145 seconds.
[  693.044168][   T31]       Not tainted syzkaller #0
[  693.049094][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  693.057869][   T31] task:syz.2.1577      state:D stack:28248 pid:11946 tgid:11925 ppid:5809   task_flags:0x400040 flags:0x00080002
[  693.069841][   T31] Call Trace:
[  693.073135][   T31]  <TASK>
[  693.076058][   T31]  __schedule+0x1190/0x5de0
[  693.080742][   T31]  ? __pfx___schedule+0x10/0x10
[  693.085592][   T31]  ? find_held_lock+0x2b/0x80
[  693.090283][   T31]  ? schedule+0x2d7/0x3a0
[  693.094607][   T31]  ? sync_bdevs+0xfd/0x360
[  693.099026][   T31]  schedule+0xe7/0x3a0
[  693.103128][   T31]  schedule_preempt_disabled+0x13/0x30
[  693.108584][   T31]  __mutex_lock+0x818/0x1060
[  693.113568][   T31]  ? sync_bdevs+0xfd/0x360
[  693.117984][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  693.123075][   T31]  ? iput.part.0+0x181/0xb00
[  693.127660][   T31]  ? sync_bdevs+0xfd/0x360
[  693.132079][   T31]  sync_bdevs+0xfd/0x360
[  693.136319][   T31]  ksys_sync+0xb2/0x150
[  693.140501][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  693.145263][   T31]  ? do_user_addr_fault+0x843/0x1370
[  693.150589][   T31]  ? rcu_is_watching+0x12/0xc0
[  693.155348][   T31]  ? do_syscall_64+0x91/0xfa0
[  693.160079][   T31]  __do_sys_sync+0xe/0x20
[  693.164407][   T31]  do_syscall_64+0xcd/0xfa0
[  693.168890][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  693.174801][   T31] RIP: 0033:0x7f6df258efc9
[  693.179221][   T31] RSP: 002b:00007f6df3428038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  693.187633][   T31] RAX: ffffffffffffffda RBX: 00007f6df27e6630 RCX: 00007f6df258efc9
[  693.195704][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  693.203717][   T31] RBP: 00007f6df27e6630 R08: 0000000000000000 R09: 0000000000000000
[  693.211708][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  693.219938][   T31] R13: 00007f6df27e66c8 R14: 00007f6df27e6630 R15: 00007ffed5911298
[  693.227947][   T31]  </TASK>
[  693.230992][   T31] 
[  693.230992][   T31] Showing all locks held in the system:
[  693.238696][   T31] 1 lock held by pool_workqueue_/3:
[  693.243965][   T31] 1 lock held by khungtaskd/31:
[  693.248812][   T31]  #0: ffffffff8e3c4460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  693.258862][   T31] 2 locks held by getty/5571:
[  693.263610][   T31]  #0: ffff88814d9a30a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  693.273453][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  693.283664][   T31] 1 lock held by udevd/7001:
[  693.288247][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  693.297677][   T31] 1 lock held by syz-executor/11023:
[  693.303006][   T31]  #0: ffffffff8e3cf8c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  693.313087][   T31] 1 lock held by syz.2.1577/11926:
[  693.318465][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.327826][   T31] 1 lock held by syz.2.1577/11929:
[  693.333000][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.342375][   T31] 1 lock held by syz.2.1577/11935:
[  693.347471][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.356788][   T31] 1 lock held by syz.2.1577/11936:
[  693.361926][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.371269][   T31] 1 lock held by syz.2.1577/11937:
[  693.376366][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.385703][   T31] 1 lock held by syz.2.1577/11940:
[  693.390822][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.400884][   T31] 1 lock held by syz.2.1577/11942:
[  693.405976][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.415301][   T31] 1 lock held by syz.2.1577/11946:
[  693.420760][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.430186][   T31] 1 lock held by syz.6.2034/13603:
[  693.435288][   T31]  #0: ffff888143783358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  693.444598][   T31] 1 lock held by syz.1.2075/13765:
[  693.449694][   T31]  #0: ffffffff900fbd08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  693.458677][   T31] 1 lock held by syz.0.2079/13781:
[  693.463801][   T31]  #0: ffffffff900fbd08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  693.472795][   T31] 2 locks held by syz.4.2080/13780:
[  693.477975][   T31]  #0: ffffffff900fbd08 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x230
[  693.486975][   T31]  #1: ffffffff8e3cf9f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  693.497064][   T31] 
[  693.499392][   T31] =============================================
[  693.499392][   T31] 
[  693.507980][   T31] NMI backtrace for cpu 1
[  693.507995][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  693.508015][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  693.508026][   T31] Call Trace:
[  693.508032][   T31]  <TASK>
[  693.508039][   T31]  dump_stack_lvl+0x116/0x1f0
[  693.508066][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  693.508092][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  693.508113][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  693.508136][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  693.508165][   T31]  watchdog+0xf3f/0x1170
[  693.508186][   T31]  ? rcu_is_watching+0x12/0xc0
[  693.508203][   T31]  ? __pfx_watchdog+0x10/0x10
[  693.508217][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  693.508246][   T31]  ? __kthread_parkme+0x19e/0x250
[  693.508267][   T31]  ? __pfx_watchdog+0x10/0x10
[  693.508282][   T31]  kthread+0x3c5/0x780
[  693.508306][   T31]  ? __pfx_kthread+0x10/0x10
[  693.508330][   T31]  ? rcu_is_watching+0x12/0xc0
[  693.508346][   T31]  ? __pfx_kthread+0x10/0x10
[  693.508369][   T31]  ret_from_fork+0x675/0x7d0
[  693.508389][   T31]  ? __pfx_kthread+0x10/0x10
[  693.508412][   T31]  ret_from_fork_asm+0x1a/0x30
[  693.508444][   T31]  </TASK>
[  693.508450][   T31] Sending NMI from CPU 1 to CPUs 0:
[  693.635356][    C0] NMI backtrace for cpu 0
[  693.635371][    C0] CPU: 0 UID: 0 PID: 3569 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  693.635387][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  693.635396][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  693.635419][    C0] RIP: 0010:mark_lock+0x48/0x610
[  693.635438][    C0] Code: 89 44 24 68 31 c0 83 fa 09 0f 87 8d 00 00 00 49 89 ff 49 89 f4 89 d3 83 fa 08 74 6d 41 bd 01 00 00 00 89 d9 41 d3 e5 4d 63 ed <41> 0f b7 44 24 20 66 25 ff 1f 0f b7 c0 48 0f a3 05 43 7a 12 14 0f
[  693.635451][    C0] RSP: 0018:ffffc9000cec6af0 EFLAGS: 00000002
[  693.635461][    C0] RAX: 0000000000000000 RBX: 0000000000000009 RCX: ffffffff95b0c8a0
[  693.635470][    C0] RDX: 0000000000000008 RSI: ffff888032948bd0 RDI: ffff888032948000
[  693.635478][    C0] RBP: ffffc9000cec6b90 R08: 0000000000000000 R09: 0000000000000000
[  693.635487][    C0] R10: 00000000000000a0 R11: 0000000000000001 R12: ffff888032948bd0
[  693.635495][    C0] R13: 0000000000000200 R14: 0000000000000004 R15: ffff888032948000
[  693.635509][    C0] FS:  0000000000000000(0000) GS:ffff8881249d6000(0000) knlGS:0000000000000000
[  693.635524][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  693.635533][    C0] CR2: 0000563c2ea6fad0 CR3: 00000000327d7000 CR4: 00000000003526f0
[  693.635542][    C0] Call Trace:
[  693.635547][    C0]  <TASK>
[  693.635552][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  693.635570][    C0]  ? __lock_acquire+0x622/0x1c90
[  693.635587][    C0]  __lock_acquire+0x3e9/0x1c90
[  693.635604][    C0]  ? lock_acquire+0x179/0x350
[  693.635622][    C0]  lock_acquire+0x179/0x350
[  693.635637][    C0]  ? unwind_next_frame+0xbd/0x20a0
[  693.635657][    C0]  ? unwind_next_frame+0x3f4/0x20a0
[  693.635676][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  693.635691][    C0]  unwind_next_frame+0xd1/0x20a0
[  693.635709][    C0]  ? unwind_next_frame+0xbd/0x20a0
[  693.635726][    C0]  ? worker_thread+0x6c8/0xf10
[  693.635746][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  693.635759][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  693.635773][    C0]  arch_stack_walk+0x94/0x100
[  693.635794][    C0]  ? worker_thread+0x6c8/0xf10
[  693.635813][    C0]  stack_trace_save+0x8e/0xc0
[  693.635825][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  693.635840][    C0]  ? __lock_acquire+0xb8a/0x1c90
[  693.635856][    C0]  kasan_save_stack+0x33/0x60
[  693.635873][    C0]  ? kasan_save_stack+0x33/0x60
[  693.635889][    C0]  ? kasan_save_track+0x14/0x30
[  693.635904][    C0]  ? __kasan_save_free_info+0x3b/0x60
[  693.635918][    C0]  ? __kasan_slab_free+0x5f/0x80
[  693.635934][    C0]  ? kfree+0x2b8/0x6d0
[  693.635947][    C0]  ? ieee80211_inform_bss+0x77c/0x1140
[  693.635967][    C0]  ? cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  693.635983][    C0]  ? cfg80211_inform_bss_data+0x22b/0x3be0
[  693.635997][    C0]  ? cfg80211_inform_bss_frame_data+0x26f/0x750
[  693.636012][    C0]  ? ieee80211_bss_info_update+0x310/0xab0
[  693.636031][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x191b/0x2fe0
[  693.636052][    C0]  ? ieee80211_iface_work+0xe2e/0x1360
[  693.636064][    C0]  ? cfg80211_wiphy_work+0x2c7/0x580
[  693.636080][    C0]  ? process_one_work+0x9cf/0x1b70
[  693.636097][    C0]  ? worker_thread+0x6c8/0xf10
[  693.636127][    C0]  kasan_save_track+0x14/0x30
[  693.636143][    C0]  __kasan_save_free_info+0x3b/0x60
[  693.636157][    C0]  __kasan_slab_free+0x5f/0x80
[  693.636174][    C0]  kfree+0x2b8/0x6d0
[  693.636186][    C0]  ? ieee80211_inform_bss+0x77c/0x1140
[  693.636207][    C0]  ? ieee80211_inform_bss+0x77c/0x1140
[  693.636226][    C0]  ieee80211_inform_bss+0x77c/0x1140
[  693.636248][    C0]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  693.636271][    C0]  ? cfg80211_inform_single_bss_data+0x53e/0x1df0
[  693.636288][    C0]  ? __pfx_ieee80211_inform_bss+0x10/0x10
[  693.636308][    C0]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  693.636324][    C0]  ? unwind_next_frame+0x3f4/0x20a0
[  693.636345][    C0]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[  693.636368][    C0]  ? stack_trace_save+0x8e/0xc0
[  693.636381][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  693.636395][    C0]  ? stack_depot_save_flags+0x29/0x9c0
[  693.636424][    C0]  ? cfg80211_inform_bss_data+0x22b/0x3be0
[  693.636439][    C0]  cfg80211_inform_bss_data+0x22b/0x3be0
[  693.636455][    C0]  ? __kasan_kmalloc+0xaa/0xb0
[  693.636470][    C0]  ? __kmalloc_noprof+0x32f/0x880
[  693.636483][    C0]  ? ieee802_11_parse_elems_full+0x1db/0x3780
[  693.636501][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xc79/0x2fe0
[  693.636521][    C0]  ? cfg80211_wiphy_work+0x2c7/0x580
[  693.636538][    C0]  ? kthread+0x3c5/0x780
[  693.636554][    C0]  ? ret_from_fork+0x675/0x7d0
[  693.636570][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  693.636586][    C0]  ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[  693.636605][    C0]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  693.636627][    C0]  ? _ieee802_11_parse_elems_full+0x626/0x44e0
[  693.636648][    C0]  ? __lock_acquire+0x622/0x1c90
[  693.636665][    C0]  ? ieee802_11_parse_elems_full+0x143/0x3780
[  693.636682][    C0]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  693.636701][    C0]  ieee80211_bss_info_update+0x310/0xab0
[  693.636722][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  693.636745][    C0]  ? find_held_lock+0x2b/0x80
[  693.636757][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0x18e1/0x2fe0
[  693.636779][    C0]  ieee80211_ibss_rx_queued_mgmt+0x191b/0x2fe0
[  693.636799][    C0]  ? __lock_acquire+0xb8a/0x1c90
[  693.636819][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  693.636839][    C0]  ? __lock_acquire+0xb8a/0x1c90
[  693.636855][    C0]  ? sctp_setsockopt_paddr_thresholds+0x80d/0xa10
[  693.636876][    C0]  ? rcu_is_watching+0x12/0xc0
[  693.636894][    C0]  ? kcov_remote_start+0x3c9/0x6d0
[  693.636910][    C0]  ieee80211_iface_work+0xe2e/0x1360
[  693.636923][    C0]  ? rcu_is_watching+0x12/0xc0
[  693.636936][    C0]  cfg80211_wiphy_work+0x2c7/0x580
[  693.636955][    C0]  process_one_work+0x9cf/0x1b70
[  693.636977][    C0]  ? __pfx_process_one_work+0x10/0x10
[  693.636998][    C0]  ? assign_work+0x1a0/0x250
[  693.637015][    C0]  worker_thread+0x6c8/0xf10
[  693.637038][    C0]  ? __pfx_worker_thread+0x10/0x10
[  693.637055][    C0]  kthread+0x3c5/0x780
[  693.637072][    C0]  ? __pfx_kthread+0x10/0x10
[  693.637089][    C0]  ? rcu_is_watching+0x12/0xc0
[  693.637101][    C0]  ? __pfx_kthread+0x10/0x10
[  693.637118][    C0]  ret_from_fork+0x675/0x7d0
[  693.637132][    C0]  ? __pfx_kthread+0x10/0x10
[  693.637149][    C0]  ret_from_fork_asm+0x1a/0x30
[  693.637167][    C0]  </TASK>
[  693.637766][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  694.258090][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  694.267185][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  694.277229][   T31] Call Trace:
[  694.280491][   T31]  <TASK>
[  694.283409][   T31]  dump_stack_lvl+0x3d/0x1f0
[  694.287990][   T31]  vpanic+0x640/0x6f0
[  694.291963][   T31]  panic+0xca/0xd0
[  694.295673][   T31]  ? __pfx_panic+0x10/0x10
[  694.300076][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  694.305443][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  694.311588][   T31]  ? watchdog+0xe48/0x1170
[  694.315986][   T31]  ? watchdog+0xe3b/0x1170
[  694.320386][   T31]  watchdog+0xe59/0x1170
[  694.324616][   T31]  ? rcu_is_watching+0x12/0xc0
[  694.329360][   T31]  ? __pfx_watchdog+0x10/0x10
[  694.334016][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  694.339230][   T31]  ? __kthread_parkme+0x19e/0x250
[  694.344246][   T31]  ? __pfx_watchdog+0x10/0x10
[  694.348908][   T31]  kthread+0x3c5/0x780
[  694.352966][   T31]  ? __pfx_kthread+0x10/0x10
[  694.357545][   T31]  ? rcu_is_watching+0x12/0xc0
[  694.362292][   T31]  ? __pfx_kthread+0x10/0x10
[  694.366869][   T31]  ret_from_fork+0x675/0x7d0
[  694.371461][   T31]  ? __pfx_kthread+0x10/0x10
[  694.376038][   T31]  ret_from_fork_asm+0x1a/0x30
[  694.380797][   T31]  </TASK>
[  694.383997][   T31] Kernel Offset: disabled
[  694.388324][   T31] Rebooting in 86400 seconds..