last executing test programs:

14.234871079s ago: executing program 2 (id=1404):
socket$kcm(0xa, 0x5, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x40000000}, &(0x7f0000000380)=<r5=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000100)={r7, 0x0, 0x0, 0x1000})
syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, {0x414}, 0x1})
io_uring_enter(r4, 0x3f72, 0x74f1, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x621e, &(0x7f0000000340)={0x0, 0xaa11, 0x40, 0x3, 0x32d}, &(0x7f00000001c0), &(0x7f00000002c0))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x8001, @empty, 0x81}}, 0x0, 0x0, 0x3f8, 0xfffffffc, 0x32}, 0x9c)

11.750102227s ago: executing program 1 (id=1412):
ioctl$SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f0000000000)=0x4)
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000100)="f4c6581a5ba0165fd4b553a566204c8880877d82f1797639d35df78e0915bce3f9b0c43162a052549e785c06d122192d023a3c90d121dc09c780f98e684df0d0b871c268c5873ed7718f43905c4176243f2e837cd577bbb4dcde21df6d21a3a72c7aed6ef626a35ff07f2f3f4ce606d1a5e62c013355d2146faa6382456232be5bfa367b", &(0x7f00000001c0)=@tcp6=r1, 0xe93775fbcc93395e}, 0x20)
ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000240)={0x5, <r2=>0x0, 0x10001})
ioctl$DRM_IOCTL_AGP_UNBIND(0xffffffffffffffff, 0x40106437, &(0x7f0000000280)={r2, 0x8})
read$FUSE(0xffffffffffffffff, &(0x7f00000002c0)={0x2020, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x2020)
newfstatat(0xffffffffffffff9c, &(0x7f0000002300)='./file0\x00', &(0x7f0000002340)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2000)
statx(0xffffffffffffffff, &(0x7f00000023c0)='./file0\x00', 0x2000, 0x100, &(0x7f0000002400)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000002500)={0x0, <r7=>0x0, <r8=>0x0}, &(0x7f0000002540)=0xc)
setgroups(0x6, &(0x7f0000002580)=[r4, r5, r6, 0x0, r8, 0xffffffffffffffff])
r9 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000025c0), 0x2, 0x0)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r9, 0x80845663, &(0x7f0000002600)={0x0, @reserved})
madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x16)
r10 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000026c0), 0x2, 0x0)
bind$alg(r10, &(0x7f0000002700)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)-generic\x00'}, 0x58)
setsockopt$inet_sctp6_SCTP_NODELAY(r10, 0x84, 0x3, &(0x7f0000002780)=0x4, 0x4)
setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0x7, &(0x7f00000027c0)={0x0, 0x5, 0xc, 0x80000000}, 0x10)
lchown(&(0x7f0000002800)='./file0\x00', r3, r8)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_LISTALL(r11, &(0x7f0000002a00)={&(0x7f0000002840)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000029c0)={&(0x7f0000002880)={0x104, 0x0, 0x8, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x94, 0xc, 0x0, 0x1, [{0x34, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb392}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x5b2f0112}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x1ae4}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x65733250}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x2628}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6e8786e}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb675}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xab4b}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xd01e}]}, {0x24, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xf2af}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xb602}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xcfa7}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2a906463}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x24edfd82}]}, {0xc, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x17df714b}]}]}, @NLBL_CIPSOV4_A_TAGLST={0x44, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x3}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x104}, 0x1, 0x0, 0x0, 0x8051}, 0x20000000)
setsockopt$PNPIPE_ENCAP(r10, 0x113, 0x1, &(0x7f0000002a40)=0x1, 0x4)
setresuid(r7, r3, r3)
syz_usb_connect$cdc_ncm(0x5, 0x96, &(0x7f0000002a80)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x84, 0x2, 0x1, 0x11, 0x80, 0xf, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "9edc35a448fc"}, {0x5, 0x24, 0x0, 0x1ff}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x9, 0x7f, 0x25}, {0x6, 0x24, 0x1a, 0x29, 0xc}, [@dmm={0x7, 0x24, 0x14, 0xfff8, 0xe2}, @dmm={0x7, 0x24, 0x14, 0x4e, 0x8001}, @dmm={0x7, 0x24, 0x14, 0x7, 0x1000}, @mbim_extended={0x8, 0x24, 0x1c, 0xa, 0x9, 0x23c}, @obex={0x5, 0x24, 0x15, 0xfee}]}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0x5, 0x1, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x1, 0xbd, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x7, 0x2, 0x4}}}}}}}]}}, &(0x7f0000002e00)={0xa, &(0x7f0000002b40)={0xa, 0x6, 0x201, 0xf, 0x7, 0x3b, 0x10, 0xfe}, 0x51, &(0x7f0000002b80)={0x5, 0xf, 0x51, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x1, "738a747972a4aa115dbd91ab90f5ddd0"}, @ssp_cap={0x24, 0x10, 0xa, 0x6, 0x6, 0x6, 0xf00, 0x6, [0x3f30, 0x3f00, 0x0, 0xcf, 0x3fcf, 0xff3f30]}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "b190e10608bf476a7987643d941df01a"}]}, 0x2, [{0xe6, &(0x7f0000002c00)=@string={0xe6, 0x3, "bd1cb8e8227bebc1b3334e134d9e0b0578e1b7c980d1fcc204299e0b4d8c7705f03d0263741e6b5781936a6976357036d45c6e9e3c164601c209c023f0142b97159640917a15e3c27c9af6c1f38a93cd49ba1691dfc2f1fd3e2abfe9c5f59032b0213ccb02031236cfa743a8ae0df4e9991b282539bdbc6b746fa90c21e0829d1bf8b0d83c741e4ec55e0889e6e48b0968da05814f91b1be75c91b505ff60f9c02bc1cf589158af4e66af3f383313e0a9f946cd4721cffc5ef6e3afd6dd95a25acd8fe8ad61f0b6822e895e9c0e663c9f3ac1e0a2194ea3918228dcae8e0e1632650e73f"}}, {0xc6, &(0x7f0000002d00)=@string={0xc6, 0x3, "20ec80eeb4e1b11b40777436b877324fff89b38147d594973aa660b49d8b8292d190ec6e28a4f9235231c8775e8ad5d34cdad54a7ea37a16e42d765623131bcf3113822d9610c0eebb21c813253885d91ff41a0f4b4de74230b95325e359d9629b01ce6bd96cc26a1af7e71870145d0f5fa83e92d468e5cc0045caa47b62250a1985464a97900071e2e80b32ce9d3574d35689cfc8b96e646f38daa8d4183a15f665f5b53d91e8af48d454bb84ba6d7d7bd89a7d9068d01caea1e50858380306ed4b6a4e"}}]})
ioctl$UFFDIO_ZEROPAGE(r10, 0xc020aa04, &(0x7f0000002e40)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}})
fsetxattr$trusted_overlay_origin(r9, &(0x7f0000002e80), &(0x7f0000002ec0), 0x2, 0x3)
getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r10, 0x84, 0xc, &(0x7f0000002f00), &(0x7f0000002f40)=0x4)
ioctl$DRM_IOCTL_AGP_BIND(r10, 0x40106436, &(0x7f0000002f80)={r2, 0xffffffffffff9b99})
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000003140)={'sit0\x00', &(0x7f00000030c0)={'sit0\x00', 0x0, 0x10, 0x7800, 0x70, 0x44, {{0xa, 0x4, 0x1, 0x11, 0x28, 0x68, 0x0, 0x1, 0x2f, 0x0, @multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@end, @timestamp={0x44, 0x10, 0x95, 0x0, 0xa, [0x9, 0x7ff, 0x4c]}]}}}}})

9.803467167s ago: executing program 2 (id=1416):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001800)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000048000000030a01020000000000000000010000000900030073797a320000000014000480080002400000000408000140000000000900010073797a300000000008000a400000000284000000060a010400000000000000000100000008000b40000000000900010073797a30"], 0x124}}, 0x0)
bind$nfc_llcp(r0, &(0x7f0000000000)={0x27, 0x0, 0x2000, 0x0, 0x0, 0x0, "0f03c8c7e8da000000000000ffffff017f000000cce67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b3000000000000000000060000000000000000deff00", 0x1b}, 0x60)
sendmsg$sock(r0, &(0x7f0000001b40)={&(0x7f0000000440)=@un=@abs={0x0, 0x0, 0x4e20}, 0x80, &(0x7f0000000100)=[{&(0x7f00000004c0)="aa5f76", 0x3}], 0x1}, 0x4)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0x22, 0x3, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
keyctl$clear(0x7, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x15, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xe1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={r5, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd8, 0x8, 0x0, 0x0}}, 0x10)
sync()
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r6, 0x401c2103, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x300})
recvmmsg$unix(r1, &(0x7f00000018c0)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000080)=""/2, 0x2}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/135, 0x87}], 0x3}}, {{0x0, 0x0, &(0x7f0000001700)=[{&(0x7f00000002c0)=""/165, 0xa5}, {&(0x7f0000000380)=""/85, 0x55}, {&(0x7f0000001500)=""/120, 0x78}, {&(0x7f0000001580)=""/157, 0x9d}, {&(0x7f0000001b80)=""/4096, 0x1000}, {&(0x7f0000001640)=""/167, 0xa7}, {&(0x7f0000002b80)=""/4096, 0x1000}], 0x7, &(0x7f0000001780)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}], 0x2, 0x0, &(0x7f0000000400)={0x0, 0x3938700})

9.296808743s ago: executing program 3 (id=1419):
r0 = syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r0, 0xc01064bd, &(0x7f0000000040)={&(0x7f0000000a80)="61f245cafab21e55697298a0ae35e18d14dd4b6592fa14c0489b858840d12654fb8ddbd1563e581b6a29f56e6127a48c40b95af04e135572e6084e5706e88f02b4440c32e93c31603beb0bc2616de2e7f2a3936b7862df4bc4178710a61eb2e0e7b4ac16cde4477d10653b0d6afde80c950848626b7296ec902f7dc875cbb34a73638a2a48eec75667340826ad84022664c0039de213dc5054b5ecc2ea3c385fe8cdeb814e4eb6262fb39fb637c13a6c1b401f1eafc7a09d49980e60e5caca3520ffeeaf9b20a67d680c7ade66ff7398725ab5bfeed67b48888284c03f6c5331b33f5bd12b10f2c9f8a82549939fbf23caba0dfe1cd962f5e97d9a7dbfed7b25dfcd025cafb3c3b34bde13e2cf3684db786b56929bd381fa5e178b268005224cf7d79103524ec32d22509292501062fd2a907f9eb1a564bcb58da00933f9fb49af10ce55617b9edfad6ca5f9060623e0d6fb73aa68c9b5190dc671968ecbf752962f6e3f0ef6b3ff918603cd511ec00dc67ba004c6469380f5c5390226ccd5ebb934a63c103e4fb6b69c42a6e8e8aa434fd0c787de018fc1e25189ba81be91c80d5e3c9d021baa3cb3abaf755b79e41a8604392c68a018e1750ab6d54608969f3c9273b1a08c3b8d7d9b6f03f4bd3a6c64790617d72a891556cba509f21f992c59db9f78853421fb9ec4ddb2fe782f5da26c038626f26d1e4fda289cea520d44630b041e18ea2ecf56852c25f1ddf3bbaed2c17ba898575431134ee7c27fbf8548dfd63364b8beae267085bfa964786745134ae2b64c4a263f885c198952e795c17e04f0d9e4360de13ae3f2481e6d234bb5c54e03d5e0cb27e5b610ea2c0d85d21bc66e5c861f1e8ba66620cb6f590b2fe294013923b7fc9b170f449e7873bb9aa14cf7421e61feaaeb349a2acb5816a51325f45065b035be05f4498e77eb5e875c03b0c41061caadee14eb2764a5846ba0cab400e1676f533abc56930e5acccf331b0611af1e2947b11820d32e142ca885f4df233678ccbcfa63e5cfa708adcfefa34f059f81f14a5ef2538ef446feec5c78828c618576b18b86c7ee37d8182a8dee51d5dd199cd2ee915f5e25be2885822ab3e5b988786764e611f0bb1214bb9d825c9c4e15c061acf2b4e7361831e0fe9fc409e0004631ab31c42bfd962ba7a0e475f3a91643ce65d2efb94976b14fcf7d21c93bd9208b7bb7a3dfc4444cf14d127401c6892ba93ac786476e0885f028ae6141de817d3517cce625eebb50e2c1e5e64ffc50da4d2eaa605501769e4c1a40fd9da7da178b4bf468942514082773698770ef455ea263fefa4fb258c15afb076c7979296f901e84a2b71eb63cb3d9dfd9abb3e1f8f657070d75541c20476f37e14ca43014ef80b33eeca91ace604ec2051d73ec2f69ffa14bcd79ea577e9676825094606343d31874111fbc535d28fa7a9e379d38226001e241d3515e1d63ba56f1eebe8ea788c4d768f4c4fbbaf834ca3f21460613d768dacf2a27778dc2b4598726646b8c06b6e4d38162720c807724f92bdc9f0b0f5d303d5a5a3998aa270a6760c7651df601bc42c78dd9bd53ee960cf80a30a6b7a1a880d37ff31fb2c9bb0c591bba3ef8228a0506f45065c65b131aff8da8eebbd6754b9e5601632da39c329a229062a94833b23c97371d510a19e2d3b5bc516e3d3c8601495fbeecc16c5c50ba6c435974e8275d372add206964f29997b515f63f50121029e61f47db19fc63b07d0f059ca686e80fb6c294667affaea2daff241bdd0945bfbfe28643136bcea9aa345d482fc3b9d872b482463b92b25f0e5157be3fd8b7a328f327ddfa5c05a6f172deb795f19b9f2091386acb060f170540bfa898057c206d81afd85701b8ee030076bc3782d7d8f6673111baf80818aeca7e5944d91a7f4fce840303867ea18d2b92d74c67157284c787fcfde780fc9a53ae5560e101ef125ce707d34f957072958dc9916492e73a90a10f660a221a7c6730ac0ac01e37d54f058b64f41a46be5320800172e2c9fda248a2964548ddf1f53599027c29ede6079a72d454bcf4403808111d00cb4e3aadd060c333e57c64a70bdfbb572fe228538c82ab427416cdcce1dd643ece610ca7042e2a164d3dfdabb966f1a8fc875cd002920321dac62e25f38cb0031e4de6324b0db402b12c4b0e335898e21b7b326ebbeec0b4bc21ef2dd6f9755e8ff35602d30189ae3efe9c487aec2ce90dbbe790c919b77036240786f3fe9441204b81bc43b5f5cbede75702a1c28ab16d2f578dddb3624f596b5b82e2f26b63966ddc78c8ffa13a23b6c4ee2c741820b9738fe881ddeeeba60fa4221885be55a6fdaa0b90b246f5959b844afd6898bc8c0a75fc45fb968d6e8ea6831d15808b23904355c62a8590d1ba51cdb051bd5ccc1b62a8ca520af60daefae7f7f1dcc90a02ab3af5307fcd5fed9af7d9b192f080be6ded768c6d1d4ea0ba5cc996e5c24b8048eeaea09cabcf1c0488a357280395cfc5394ba160c439dda0a7f4ed182d3f33a4addb1c74d7d797179c633013b24c7e0cd2f4b86904bd1d70a4821c7ff619455953d820e1594c7136e66c260c868776129eddedfdec5ebb0da2e5207215f9c47d7bf74319661311232ca1d108da00df2d07ff5720c474981cb54bd185448ae0e3d9d3194614ae67bdb24122cb2207be610456c35ba6e11429a3a6c266b4bfd905c7534de4fe03ac5063cbb08b3a75137e59e3e8b3fee3989bfb0735ea6f948371a60efff49ea51d5825dd61ef9a0b735fc859c9b003325fe6e3a5fdb8d2cf51e2e9a4c73a8af3a702a83d57d3ddb81d5e9342c97f143ed28228c16a1625d8ba4f0ffddc968f37cb07ea09d35703f920cf4e7a1394b7f18e6f2508a4c90acc92710ddce1e7a9a22ad2d540f669411b263b3e20b07131cc17cf20ae8030de00862bdc33b7eb4f8122c47c833e73aed84199e5d584625570193e18c3d165dae7941d17cc07034a2a5c67c708d6c96f9c5595800dfb65f42c413716b952d42727e7117915b359d1f1c0a64f0ee4b4a0bfbc4e9fc794cd02369e9594acb7805a155ec03505df719aa47e5da38fd3ab736fa76acee10abd1b220b32436260f2ab86f7d0c20fd9b3a1e63b9b3dbd91e7579fec104f5a714f4d0a00a03a1848c58508e8ec27c7fa04d3baf64e1258bd1d72465f3a64c793b3e09a97ca1a2efbac7adb6228ef4588be15afc21c80905a26a22f4db7940b9369051dde4e24008a5f7b943d769578ffa46572435c2076c60096252f3b3b5fe6d8f4579d11c9c71cbf7444c661306fa07dd01e670fa8d24071b09d6e74a268a0d43aef3b7f8e126900bf2e21304785712f327275a2e16febd4faaaacce68b92dcc3c27ca035bb4210408a34103719c82d33c8b43dd9a46cc0420a533b906317fb817ef6164286b8ddacee6191027bfa9ed19746c8401bab93d08d028fd9e2203cccf56b22042c402e8a438ed226112fa71d02c4537d4156a3af28ab4ffcf19309d283902f1e70f42d6713782c5e468a086fdb5c8b3e15de36acc4469ec42ea23a1e5e8e399f4d4be71dd4b4c268db2ab91b68ceafb95cbba36228e59bc0cd7f987a2ad4bbd23b67acabb26a0f4c694ff320f2275042c85ef256aeef306cf5e2803d6c55827011e2f98d0e80819e0039a71cc9c59464f209afa7891a359a3f9efb4bba2a18fd013e8664a6bec7e717ffe2f0c06f7268862696cfae0fe6fab5b1a2921c0e29aaa8638f6a18d1cbaaa4aa0d76f66fa9f44511e631f2fde8024210eb39f545a648c1b77ab04a7d110edbd1dce3939b4dee867df3cb3107fffe5ab22fe5e32b38447d32094259cee40c9a5254df72cbd7a29188d7285facd6e2f5c78ee9d11645cf026e99162da9c2d148373018fe8e052ffccc4e3952e86228d7835a3bc9b4a5c6099dd3e802b059ef2225cbe4664458729c78032e184b61a089870c6b3c2bf2e5df6bd65bc195e1ccbe58b9a6dde49897ab59dd269a737f04e37e34d3d10c3b01c744a742d52da1bceca63fcbecc136a80bf3ca1df2f226de073b67a0b646674744acd14d5dab9929f2cb804637ebf211f2b3a8b959723808904e9044deb551b2613c1e501385693e7abff809b641c02107187cf1bd1c9571a9023942f0c78c467611193a7e6900eefc49fded206630336cd8d2849731b73798d9258be75b843f051679e6bd541c78457db5470d3d494f333a81b3ed26b57f9f7726275c12f192f4b1d9615c7fe3e0bb22fb47ae1effea3bd2a0a379593a25f933c8af1f14d08bd8ca692c9af3eaee136664e1829204c171ad6e50fa928a3c1f5ee2c14f984884c2cb0256acfa6172d030940f3f9f99443c730b0f070192d36fb83b3d470cf3098bd8b0f09eb6d1b58efbde00305c3a50e00df17b9963f1c06f26b48e4a166073f3f3119ed2b56af1f8c056c07f65ffc3f2e81efa22f97c66998b35bb2af3ce2d89af5f5b1368ce9148937f826c3ef81a116382bd3f53e26f210aed545f38c1e21400957b824eaa95bb401ef308852c7e5015b89244a403308de785a81739634161e33d79435f18cf378bd9f5eb59b40a55abe627f6944ec239f80fc15526e7f1b2c2949a85b8c15a299cee1c86f61746a4eae3dc5f347225f1965cf09d4457b1a1b692fb108a681607d6276c4a6cf35709dc95aa249ae245a0435c481cbae672037aefc82fee9f249e643e658d173aea1d99e361f383dd674a5f2a6525755eaba2d59928a8d9e2eb1aafd129cb4c2cefd5da0213d900efa938e937a7c4e62243eeb3f5f43be35323f63b0b1ac2a298fcfbf71129da3465e488f52b82ec725bdf2fd943e09004c62abf5332139fb38b797756c5e9de926da21f8d77408ea740cf5ec8a657eae110df0550c6ca2585e0cdd5de1e986da91ca1d112f0d5397fdc612b2163164dedddf60c1e3dcd94195b65f50a9c86fb7b67b91dc7c0b8ab3d1c254663fc09ad5fd2c97221f1c6032557ff0a2fc441b71b3a6a6c52efded4133c8d57ce15523550237e7fef838d66cd77c48a743b2a2cc7c1f0ef3d520eb7ce9c086d73c352fe311337b3558a6985660a19ac852edceed56e3e9bb49b8a788eaa3f9be70b3fd1e764888a35a6c874256f9a8e53790281e30fdc1ed35ef03e9bd805ba3ef6ad07c3eef31fadcaba39c9b793e15d04f096c62f6282e8fc4aa31b275bc7fe5dce144ba736151d046b1285b698422ae84ae222e835e2ea80791082cd1742385764a0b047fcadfd8da7acc8f820dd50444fbbecb18ff5c9df10e08609d4b0f76ce14dc8ab056227e3604b3933df593a1b961fba44678131c958b15246e5054465bfffba1cb05c8d4a3ce7a3473d88c9213b5d8fcef3c46f8650fec5077bffaf9b469051b0e5aa7b55f863f0919ca310505a063890b1560597aac6ca1ed9a7c7ed8e894597098cc9333d687bd8e1b4539bb9f74d034d2fc316ef806d67bcec412fb485a03f87cb89d122809fc55f1a7fb35a74440d661ee736340cdbe70141214e899cf9f907a2463f995d21e2d1d25fe92b47ea198f467bf5e775104bbb0ed11534ef25eabdd6b14e8961ee0534f5ab504151f1b2f1853f7229e07131696deb538114d51df2d5c4145bb53d7292e1544c3075806980d5d595528dcf1ce6d4d35470331f00a7bb00e4a1b38982f5dbd2114715a3bd23fa9dbadfe2970853a89d1abb9ae5d4f3bab355691c3ccbbe4bcb2e44425d6c2c3dc3ddd8d43872a6063f111c1c7e6ed4449b39bbd6df92ed4a0e4808ffad0391f89b509f683061bcbe06369e47d43e9", 0x1000, <r1=>0x0})
ioctl$DRM_IOCTL_MODE_GETPROPBLOB(r0, 0xc01064ac, &(0x7f0000000000)={r1, 0x0, 0x0})

9.216432166s ago: executing program 3 (id=1421):
getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000400), &(0x7f0000000440)=0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a02, 0x2)
memfd_secret(0x80000)
sendfile(r0, r0, 0x0, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
lseek(0xffffffffffffffff, 0x0, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44080)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)

8.334540185s ago: executing program 3 (id=1424):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x0, 0xffffff1f}, {0x3, 0x3, 0x3, 0xa, 0xa}, {0x7, 0x1, 0xb, 0x7, 0x2}, {0x7, 0x0, 0x0, 0x8, 0x0, 0x0, 0xfffffdff}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {0x4, 0x0, 0x6}, {0x18, 0x2, 0x2, 0x0, r0}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x5}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYRES64=0x0], 0x18}, 0xc1)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000940)=ANY=[@ANYBLOB="1201000000000008a306cd0c000000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$tipc(0x1e, 0x5, 0x0)
syz_open_dev$dri(0x0, 0x1, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, 0x0)
epoll_create1(0x0)
r6 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
preadv(r6, &(0x7f0000000740)=[{0x0}, {&(0x7f0000000780)=""/133, 0x85}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r6, 0xc018643a, &(0x7f0000000080)={0x4000000})
vmsplice(0xffffffffffffffff, &(0x7f0000008280)=[{&(0x7f0000006100)="ff", 0x1}], 0x1, 0x6)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io(r3, &(0x7f0000000040)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\v'], 0x0, 0x0, 0x0, 0x0}, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8400900}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xfc, 0x0, 0x1, 0x5, 0x0, 0x0, {0xa, 0x0, 0x1}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x3e2885987810ec15}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x110}]}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_ORIG={0x34, 0xf, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x8001}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}]}, @CTA_LABELS_MASK={0xc, 0x17, [0x80, 0xaab]}, @CTA_STATUS={0x8, 0x3, 0x1, 0x0, 0x2404}, @CTA_MARK={0x8, 0x8, 0x1, 0x0, 0xa79}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x3}, @CTA_SEQ_ADJ_REPLY={0x3c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_OFFSET_BEFORE={0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x2ea}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x8}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0xa8}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x1}]}, @CTA_TUPLE_MASTER={0x38, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010102}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @multicast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x8055}, 0x0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x280080d, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@privport}, {@noextend}], [{@fowner_lt={'fowner<', 0xffffffffffffffff}}]}})

7.08712857s ago: executing program 1 (id=1426):
socket$kcm(0xa, 0x5, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000190c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x40000000}, &(0x7f0000000380)=<r5=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
r7 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r7, 0xffff)
fcntl$addseals(r7, 0x409, 0x7)
r8 = ioctl$UDMABUF_CREATE(r6, 0x40187542, &(0x7f0000000100)={r7, 0x0, 0x0, 0x1000})
syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r8, 0x0, 0x0, 0x0, {0x414}, 0x1})
io_uring_enter(r4, 0x3f72, 0x74f1, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x621e, &(0x7f0000000340)={0x0, 0xaa11, 0x40, 0x3, 0x32d}, &(0x7f00000001c0), &(0x7f00000002c0))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e22, 0x8001, @empty, 0x81}}, 0x0, 0x0, 0x3f8, 0xfffffffc, 0x32}, 0x9c)

6.160863805s ago: executing program 2 (id=1430):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000401e04012810000000000109022400010000000009040000020300000009210000000122050009058103"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062c30bc068829afff36b31fa7e358e95cfa"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000200)={r2, 0x2000000, 0x16, 0x0, &(0x7f0000000380)="0990ddc848000092733a80c6907c26f0e5ab52894ed7", 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000340)={r3, r3, 0x8, 0x0, 0x0, 0x2, 0x83, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPCONNDEL(r4, 0x400448c9, &(0x7f0000000000)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="71009a299c40ed8bb2eba5c0280000", @ANYRES16=r5, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r6, @ANYBLOB="0800050009000000"], 0x24}}, 0x0)
ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
syz_emit_ethernet(0x74, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x73, 0x0, @private, @multicast1}, {0x0, 0x0, 0xfffffe9a, 0x0, @gue={{0x2, 0x0, 0x0, 0x0, 0x0, @val=0x1000000}}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x89f1, &(0x7f0000000900)={'ip6_vti0\x00', @random="0600002000"})
syz_usb_control_io$hid(r0, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r8}, 0x10)
syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="0000f0"], 0x0, 0x0, 0x0, 0x0}, 0x0)

5.859019783s ago: executing program 0 (id=1434):
mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000000c0)='devtmpfs\x00', 0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x159080, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

5.298319208s ago: executing program 0 (id=1435):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4020aeb2, &(0x7f0000000300)={0x0, 0x12c, @pic={0x81, 0x5, 0xfc, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1}})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000200)={0x0, 0x0, 0x1011, 0x0, 0xffffffff, 0x0, 0x0, 0x1})

4.854256166s ago: executing program 1 (id=1436):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffd}, [@generic={0x0, 0x3, 0x3, 0xff, 0x200}]}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
syz_usb_connect(0x0, 0x56, &(0x7f0000002d80)={{0x12, 0x1, 0x0, 0xc9, 0xd1, 0xc4, 0x8, 0x499, 0x500a, 0xe7b7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x2, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x97, 0x0, 0x1, 0xd, 0xd5, 0xce, 0x0, [@uac_as={[@format_type_i_continuous={0x8}]}], [{{0x9, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [@generic={0x7, 0x5, "a3f6d2fb5b"}]}}]}}, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x41, 0x6, 0xcf, 0x0, [@uac_as={[@format_type_i_discrete={0x8}]}], [{{0x9, 0x5, 0x2, 0x3}}]}}]}}]}}, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x145082, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000015c0)=@ipv6_getroute={0x1c, 0x1a, 0x1, 0x0, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x400}}, 0x1c}}, 0x0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f00000005c0)={0xeeef0000, 0xe000})

4.393532344s ago: executing program 3 (id=1437):
r0 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000ec0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001800000008000300", @ANYRES32=r2, @ANYBLOB="2c003080280001"], 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
syz_usb_connect$uac1(0x4, 0xdd, &(0x7f0000000240)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcb, 0x3, 0x1, 0x3, 0x80, 0x7, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x9, 0x3}, [@selector_unit={0x7, 0x24, 0x5, 0x4, 0x80, "d5c9"}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x301, 0x1, 0x2, 0x6}, @selector_unit={0xa, 0x24, 0x5, 0x2, 0x7, "1d0843cc45"}, @output_terminal={0x9, 0x24, 0x3, 0x4, 0x302, 0x3, 0x6, 0x9}, @processing_unit={0xa, 0x24, 0x7, 0x6, 0x6, 0x4, "2284a4"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x3, 0x7, 0x28, "599f9142ea435e04"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0xff00, 0xb, 0x6}, @as_header={0x7, 0x24, 0x1, 0x5, 0xf4, 0x1002}, @as_header={0x7, 0x24, 0x1, 0x8, 0x32, 0x5}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xa0, 0xa5, 0x2, {0x7, 0x25, 0x1, 0x1, 0x1, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x5, 0x10, 0x2}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x0, 0x2, 0xf}, @as_header={0x7, 0x24, 0x1, 0x35, 0x5, 0x4}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x8, 0x88, 0x8, {0x7, 0x25, 0x1, 0x80, 0x8, 0xffff}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0xff, 0x4, 0x0, 0x8, 0xae}, 0x92, &(0x7f0000000140)={0x5, 0xf, 0x92, 0x5, [@generic={0x11, 0x10, 0x4, "14c2559226622ce4bdd23ccbc6b4"}, @generic={0x39, 0x10, 0x2, "3f7139cdf8ddf7ce09e56796ba26f22aee8c4a9bb93adadfaef1daf98a3d929ddcb9fff1c53343d51d46e06589ac0f9b8d6513e7c3d7"}, @ext_cap={0x7, 0x10, 0x2, 0x9d4b05a3785ff093, 0x0, 0x0, 0x7000}, @generic={0x32, 0x10, 0x3, "8d26fc728aa4f487f3bbc710494de69246fead349551e34dc163e7ab5881eed215803da0bbe146753fe6901f665118"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x1, 0x9, 0x2, 0xb8d9}]}, 0x1, [{0x11, &(0x7f00000000c0)=@string={0x11, 0x3, "18c33499161d13fd576f4a34971e77"}}]})

3.805873084s ago: executing program 0 (id=1438):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{0x0, 0x18}], 0x1}, 0x0)

3.720250767s ago: executing program 3 (id=1439):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(0xffffffffffffffff, 0x40605346, 0x0)
prlimit64(0x0, 0xa, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000300)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019bc0)=""/102400, 0x19000)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x2000, @local}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
sendmmsg(r3, &(0x7f0000007fc0), 0x800001d, 0xfffe)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x851}, 0x0)
r4 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000840), 0x4)
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000140)={r4, 0x0, 0x25, 0x0, @val=@perf_event={0x6}}, 0x18)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@map, r1, 0x2a, 0x2018, 0x4, @value=r5}, 0x20)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f000000024000103000000000000000001"], 0xf0}}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0}, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x2, 0x0, 0x0)

3.719720903s ago: executing program 0 (id=1440):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$rxrpc(0x21, 0x2, 0x2)
sendmsg$inet(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{0x0}, {0x0}], 0x2, 0x0, 0x98}, 0x48000) (async)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) (async)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002) (async)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0) (async)
mount$overlay(0x0, &(0x7f0000000000)='./file1\x00', 0x0, 0x0, &(0x7f0000000100))
listen(r1, 0x7fffffff) (async)
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
setreuid(0x0, 0xee00)
r4 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r4, &(0x7f00000003c0)=[{{&(0x7f0000000280)={0x2, 0x4e22, @private=0xa010101}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000380)="ef", 0x1}, {&(0x7f0000000000)="4a0dd5dc05c84b3f4b7fc24a8d0e08ddb07b689c27f5d94409664ec77a8ab329a9e503eb1119f017a4b087e4f73c616a62ce5a16d83d7f2a4fd53b9d2135ff822c8b7779baeedec18e3c396c63752f95e1031782cf7e33d860b9fbefd57392a5160149", 0x63}, {&(0x7f00000000c0)="cfef0dc1af4e10c16aade1f4d6", 0xd}, {&(0x7f0000000100)="7c550046bcf53ffaa530f004cd6c1a265b9c8899cf0766c1a2f68e08c33b2ce9f33ef6082923be3dfd28f7dff144be19a7e6812e9ae6a750ffc2c964cdd57c8e93b0cbff", 0x44}, {&(0x7f0000000500)="d42e82f73a0b70ccbc56e34de9616ef4be7e4a953e0759705670d97b4e6f694186087836f51b4d9565c3b480c1b377d4c647d13b84dc0196367e6f953bcff5294ff10a5a1a5ca8393fea0472684ca5527bc0a69bf35c79063a4180d940068a4d720a7cdc0d840f53014944d0bee778d4b57581621902e5b01927b259340e7ebe57f03d7568ce7132366e19e589ed59a30e75845be923e9334705507970c09a60c8583cffbb5b8d7750e5aa8630d43fabb79345cb55f73e50923f0cedde0f244322c1d0173a6287c6b76377be11c1f3b3975cc0b02c58c8b8f4", 0xd9}, {&(0x7f0000001a80)="4fc2443f2e8f3cc661a1f38420a1e7bb7576fd9d0628ea3d45ba4f2a6c3838004a5cb74e9393827a8f286aabf36c90f3157bcce51a070e1eb447bc637bd603fbeff00e90b80783eb013adc2492284223ff7aaeb0c7950b61628a07cb047fc1ca188a2363e5ba0fdde1bb212870a2db7ff7527ca7a6f713f0590576f89f78f6ffeaf7327cb5ee6d12f89b57df0312a6be054e1174668634badca99e846d59009b8161598e867f8f30202297e8c1eb32d84ff9110023677f734eb841c92e02461c35b6f2f80772bf9231c528b27f8751cf3bbb4da969a509b7685882835195ee10d5f84fca5fe03c2ace40095841aae3bd75c30660a48d249f72513ac545e1b24dfaafe228b219884c27a512b696b6369128bb26b96fc3703fdee47172b7f801a1b6644b702fab3feb86d78f5dfa5c45f9b0986c79b8407576518d6bae27496cd6af0abac68a4af813ec2162e2be185f9dcaf757cf33ae958baf3d66c517d01f4a4d2238ebadef8dea52a7482173eb00f065ff317362a78373aab738b0bb206ddb03b62b50d629ee4dfccad1324e82c6df6059ebf0faff83ab1a510cad4fdc8df52e6f8f977cdfbc2ad5293f044721dac14ef93520d558ba140d21b9ce6731816ea7442360f12dc19ad0f7f281b43275af68db086eb8ad0eb3eeabcb63f3ff6091d5c609c0b4e582163c77ac84cc9566adf74dcd0540e143562cb4f0227ff30317cbf3825e51e2028c6de48370345fc63b3a5452f19d3775716f11d859bce62fa752c31bee12abc32b9b6c5bc257617f3275f6100303747794e3c528229c06492408d4dc8f3a8958b0d9d85422129e087e98a2be52224bfa246cb4d9578a1308ae600f37855e6f75f72da2c18666fe8b95c14abf3e14982dd2a4a2d1b459abeb4b4c1d4dc507e522139c14622c1c4c138356d09b4558e448a395b92d4d09527eb6d06ee9a4f87dea84e6f6769ed691008c6fdc1f572d87401fb4ddf4448309ecf34b715d1adae4359ccf2e4a297042b078c024ecca57041e1b9f47ef91f9aa315fa79b57bd5c26c0064e458ace759abe66dfe63a7046e89f5ec0dafc19ddcd31e80e51db5484cf116379c49db20eb2cc5311dcf3a5c6d0565145afaeb1737b7bfcf22d4c5a645dcaa63698c358e00db66b639f6c84941b632c831df0ac574672542bc5c16fe4409e46d4ec1d69cc7fc3bfe70f35811c5f29", 0x357}], 0x6}}], 0x1, 0x40080)
r5 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={<r6=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000001c0)={r6, 0x2}, 0x8) (async)
close_range(r3, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff) (async)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040)=0x9, 0x12) (async)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r7, 0x1, 0x26, &(0x7f0000000000)=0x2, 0x4) (async)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000022c0)={{{@in=@rand_addr=0x64010100, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x4e23, 0xfffb, 0x4e20, 0x9, 0x2, 0x20, 0xa0}, {0x1, 0x5, 0x7, 0x5, 0x2, 0x6, 0x7, 0xd62d}, {0xffffffff, 0x1, 0x2}, 0x3, 0x6e6bbc, 0x0, 0x0, 0x2, 0x1}, {{@in=@multicast2, 0x4d6, 0x2b}, 0xa, @in=@dev={0xac, 0x14, 0x14, 0x34}, 0x0, 0x1, 0x2, 0x9, 0x8, 0x1, 0x82b}}, 0xe8)

3.286793803s ago: executing program 0 (id=1441):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000096c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newtaction={0x74, 0x30, 0x1, 0x0, 0x4, {}, [{0x60, 0x1, [@m_vlan={0x5c, 0x1, 0x0, 0x0, {{0x9}, {0x30, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0xfffffff9, 0x6, 0x1000f000, 0x41c2, 0x9}, 0x2}}, @TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x755}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x74}}, 0x8000)

3.283099213s ago: executing program 1 (id=1442):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), r1)
sendmmsg$alg(r1, &(0x7f0000004680)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40000}], 0x1, 0x20000000)
sendmsg$nl_route_sched_retired(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001cc0)=@deltfilter={0xa4c, 0x2d, 0x200, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0x2}, {0xfff1, 0xfff2}, {0xfff2, 0x9}}, [@f_tcindex={{0xc}, {0x444, 0x2, [@TCA_TCINDEX_HASH={0x8, 0x1, 0x9166}, @TCA_TCINDEX_MASK={0x6, 0x2, 0x2}, @TCA_TCINDEX_POLICE={0x430, 0x6, [@TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x7}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x4}, @TCA_POLICE_PEAKRATE64={0xc, 0x9, 0x1}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x80000001}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x91, 0x29, 0x7, 0xfffffff1, 0xa7b, 0x75a, 0x5, 0x10001, 0x6, 0x6, 0xf69, 0x6, 0x1, 0x10, 0x8001, 0x8000, 0x50, 0x1, 0x644f7a2c, 0x7, 0x0, 0xa0, 0x7, 0x7f, 0x5, 0xbd, 0x6, 0x1, 0x9, 0xfffffff3, 0x4, 0x9, 0x5, 0x3ff, 0xffff, 0x7, 0x2, 0x64, 0x1000, 0x9, 0x5, 0x401, 0x6, 0x10001, 0x1, 0x0, 0x8, 0xfffff967, 0xfffffff8, 0x6, 0x1ff, 0x3ff, 0x3, 0x34b9, 0xfffffc01, 0x80000000, 0xc, 0x9, 0x2, 0x6, 0xff, 0x0, 0x56, 0x4, 0x1, 0x7f1, 0x6, 0x7, 0xfff, 0x7f, 0x5, 0x3, 0x7a0000, 0x5, 0x0, 0x9, 0x1, 0x9, 0x7, 0x8, 0x8, 0x80000001, 0x81, 0x6, 0x81, 0x3fc0, 0x3, 0x40, 0x5, 0x3, 0x1d, 0x1, 0x4, 0x9, 0x75, 0x8, 0x9, 0x7, 0x80000001, 0x800, 0x1, 0x208b, 0x6, 0x6, 0x54c6, 0x9, 0x8, 0xfffffff0, 0x6, 0xffff, 0x0, 0x1ba91ea4, 0x7, 0x3, 0x9, 0x0, 0x6, 0x0, 0x7, 0x4, 0x2be3, 0x72, 0x3, 0xfffffff8, 0x6, 0x5, 0x6, 0x6, 0x6, 0x9, 0x12, 0x5, 0x7, 0x36, 0x401, 0x2, 0xfff, 0xc000, 0x8001, 0xdb8a, 0xff, 0x85, 0x200, 0x7, 0x8aef, 0x7, 0x2, 0x5, 0x6, 0x3, 0x6, 0x610, 0x8, 0x2, 0x5, 0x8, 0x81, 0x1, 0x10, 0x4, 0x0, 0x113, 0x81, 0x7fffffff, 0x4, 0x0, 0x2, 0x7fffffff, 0x4, 0x4, 0x5, 0xffffffff, 0x2, 0x4, 0x1, 0x4, 0x4, 0x800, 0xb, 0x4, 0x5, 0x2, 0xe, 0x2, 0x0, 0x7, 0x4ab, 0x5, 0x6, 0xfffffff7, 0x3, 0x8, 0x2, 0x1, 0x5, 0x3, 0x2, 0x3ff, 0x4, 0x100, 0x8, 0xdc, 0x1, 0x2, 0x92a, 0x936c, 0xfffffff1, 0x80, 0x5, 0x4, 0x8001, 0x5, 0x6, 0xd417, 0x800, 0x100, 0x4, 0x7f, 0x5, 0xd, 0x2, 0x5, 0x0, 0xe7, 0x1, 0x200, 0x3, 0x9, 0xdf, 0x4, 0x4c6100, 0x400, 0x4e8, 0x0, 0x8, 0x8, 0xffffffd5, 0x101, 0xfffffff8, 0xfff, 0x8001, 0x9, 0x4, 0xba5, 0x6, 0x1, 0x5, 0x1, 0xfbf, 0x800000, 0x80000000, 0x3, 0x0, 0x8, 0x3, 0x2]}]}]}}, @f_tcindex={{0xc}, {0x4}}, @f_rsvp={{0x9}, {0x19c, 0x2, [@TCA_RSVP_ACT={0x198, 0x6, [@m_simple={0x104, 0x9, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0xd, 0x3, 'skcipher\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0xffff, 0x3, 0x20000003, 0x6, 0x7}}, @TCA_DEF_DATA={0xd, 0x3, 'skcipher\x00'}, @TCA_DEF_DATA={0x5, 0x3, '\x00'}]}, {0x98, 0x6, "e89619fadc2a64b4e440edea0a61a5385b258c659478827965d2ee4c25079aa83f7586146b73194d944f6597a0d268f70dabe90fd45c12fd3115288fc8bff023892c325e6f5c667f1f1228f50846a52320bf5c11f25fc3826df955cb6652f4ca33db31c5131007f44625aac84005a3df7551bfa190b99f976ac0b0cd020df5a8e046ab6c58b10067dbe6b7553d0fa0b9c3f85505"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_sample={0x90, 0xf, 0x0, 0x0, {{0xb}, {0xc, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xfffffffc}]}, {0x59, 0x6, "97d9cc5dd00db8a96aba7046b586716f6bfd8aebe42c16e786089d2ab5de405653af86cae20458355c949f297eb7e00a30760e474fb8ee218c70228d2e05bf9978dd3557d46d8e298ab3675954052a7dcafbbca6f0"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1}}}}]}]}}, @f_rsvp={{0x9}, {0x414, 0x2, [@TCA_RSVP_DST={0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x25}}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0xb9a3, 0xfffffffd, 0x401, 0x2, 0x8, 0xfffffff9, 0x1, 0x1ff, 0x9, 0x7, 0x3, 0xfffffff7, 0x7f, 0x9, 0x8, 0x81, 0x10, 0x8, 0x1, 0x0, 0xfff, 0x9, 0x7, 0xe87, 0x0, 0xe, 0xd830, 0x0, 0xfffffffb, 0x6, 0xfffffff4, 0x1, 0xfffffffd, 0x6, 0x5dc9, 0x2, 0x58000000, 0x7fff, 0x200, 0x6, 0xffffff7d, 0x0, 0xf, 0x40, 0x10001, 0xe3, 0x2, 0xffff0000, 0x8, 0x0, 0x4e, 0x0, 0x2, 0x4, 0x7, 0x3, 0x8, 0x7, 0x2, 0x4f98, 0xfffffff7, 0xbc9, 0x4, 0x9, 0xfff, 0x4, 0x3, 0x4, 0x0, 0x9, 0x2, 0xfffffff8, 0x6, 0x6, 0x8a, 0x1, 0x800, 0x0, 0x9, 0xfffffff3, 0x3, 0x8, 0x8, 0x3, 0x799ade5e, 0x5, 0x7, 0x2, 0x10001, 0x7fff, 0xfff, 0x6, 0x7, 0x0, 0x2, 0x6, 0x4, 0x40, 0x9, 0xe7c, 0xc9, 0x3, 0xa, 0x1, 0x5, 0x7, 0x80000001, 0xfffffff7, 0x9, 0x3, 0x3, 0x401, 0x40, 0x2, 0x8000, 0x0, 0xbc8, 0x0, 0xbe, 0x40, 0xe05f, 0xb5d, 0x6, 0x7, 0x9, 0xfffffffd, 0x5, 0x8, 0x3ff, 0x0, 0x81, 0x7, 0x1, 0xb, 0x9, 0x2, 0xf3, 0xfffffff9, 0x4, 0x4, 0x75, 0xfafc, 0x5, 0xb0, 0x2, 0x7, 0xac17, 0x7, 0x6, 0x7fff, 0x1, 0x200008, 0x9, 0x8, 0xe0000000, 0xffff8de8, 0x7, 0x5, 0x9, 0x2, 0xfffffff8, 0x9, 0x9, 0x4, 0x46, 0x4, 0xae7, 0x3, 0x7, 0x8, 0x200, 0x4000000, 0x800, 0x7, 0x0, 0x191, 0x1, 0x29a, 0xfffffff6, 0x8000, 0x80, 0x3ff, 0x2, 0x7, 0x6, 0xcaa, 0x8, 0x3, 0x7b63, 0x7, 0x6, 0x80, 0x7, 0x5, 0xfffffff1, 0xb3, 0x4, 0x8d61, 0x10001, 0x1, 0x800, 0x2, 0x9, 0x0, 0xfffffff7, 0x2, 0x80000001, 0x7, 0x6ef, 0x5, 0x0, 0x4, 0x7, 0x800, 0x9, 0xb, 0xca, 0x3, 0x10, 0x1000, 0x5, 0x9, 0x3, 0x0, 0x8, 0x708, 0x101, 0xf9a7, 0x6, 0x6, 0x6, 0x10000, 0x5, 0x9, 0x0, 0x9, 0x5, 0x1, 0x6, 0x7, 0x4, 0x2, 0x602, 0x4, 0x6, 0x2, 0x9, 0x5, 0x5, 0xd0, 0x4, 0xbf, 0x101, 0xfffffffa, 0x2, 0x4]}]}]}}]}, 0xa4c}, 0x1, 0x0, 0x0, 0x8000}, 0x40)

3.189111426s ago: executing program 0 (id=1443):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0xa)
mount$bind(&(0x7f0000000180)='.\x00', 0x0, 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r4}, 0x18)
syz_emit_ethernet(0x0, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000080)='cdg\x00', 0x4)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="90", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r5, 0x2)
mkdirat(r0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
rename(&(0x7f0000000500)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)='./file0\x00')
r6 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000800000001090224000100007e000904340102d469e7000905", @ANYRES32, @ANYRESDEC=0x0], 0x0)
syz_usb_control_io$uac1(r6, 0x0, 0x0)

3.050401851s ago: executing program 2 (id=1444):
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0)
preadv(r0, &(0x7f0000000400)=[{0x0}], 0x1, 0x0, 0x0)

2.988260665s ago: executing program 4 (id=1445):
fsopen(0x0, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040), 0x111, 0x6}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
preadv(r5, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r6, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(r6, 0x1, 0x53, &(0x7f00000000c0)={0x8, 0x7, 0x0, 'syz2\x00'}, &(0x7f0000000100)=0x2c)
sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x2c, 0x0, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x4040002)
r7 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r7, 0x11, 0x67, &(0x7f0000000180)=0x7f, 0x4)
connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x4}, 0x1c)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e25, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}, 0x1c)
r8 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000180)=0x7ff, 0x4)
setsockopt$packet_rx_ring(r8, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c)

2.960405586s ago: executing program 1 (id=1446):
ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12)
socket$inet6(0xa, 0x6, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socketpair(0x15, 0x1, 0x4, &(0x7f00000000c0))
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='\x00', 0x1}], 0x1}}], 0x1, 0x0)

2.858281108s ago: executing program 2 (id=1447):
getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, &(0x7f0000000400), &(0x7f0000000440)=0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/disk', 0x169a02, 0x2)
memfd_secret(0x80000)
sendfile(r0, r0, 0x0, 0x30)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
lseek(0xffffffffffffffff, 0x0, 0x4)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x44080)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)

1.388990127s ago: executing program 4 (id=1448):
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x823, 0x800000000004}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
openat$nvram(0xffffffffffffff9c, &(0x7f0000003300), 0x801, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000054c0)='fd/3\x00')
syz_clone3(0x0, 0x0)
read$FUSE(r0, &(0x7f0000003340)={0x2020}, 0x2020)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(0xffffffffffffffff, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, 0x0)
r3 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102390, 0x18ff6)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000180)={0x28, 0x4, 0x0, 0x0, &(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x7})
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)='c::=/\x10\xcd\xb7@\x88\xedP9\xf5,\xef\x87\xc9G\xeb\xd9\xf9\xcd\xb1\xac!\xa7\x9c\x8f\xc98\xcb-\t\xcf-\xdd\xc4\xafK\x8d\xb1R8m\xc1[A\x99g\x9d\x8a\"\x98:\xc1I<\xdf;\x11t\xd3\xd2\x19\x964\xff\x03\xbc\x7fo\xe8\x89\x01:\x8b-\xab[X\x10\x18\x8d\xbf\xe1\x88\x16', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="20010000", @ANYRES16=r5, @ANYBLOB="01000000000000000000540000000e0001006e657464657673696d0000000f0002006e657464657673696d3000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030303a30303a31302e3000000000080001007063690011000200303030303a30303a31302e30000000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080001007063690011000200303030"], 0x120}}, 0x0)
close(r4)

1.119345444s ago: executing program 2 (id=1449):
syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000500)={0x84, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
pipe2$9p(&(0x7f0000000240), 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMP(r2, 0x1, 0x1d, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x4000010)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sysvipc/msg\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000004100)={0x2020}, 0x2020)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x2, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$EVIOCGMASK(r5, 0x80045b10, 0x0)

892.823451ms ago: executing program 4 (id=1450):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='contention_end\x00', r0}, 0x10)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f00000047c0)={0x0, 0x0, &(0x7f00000005c0)=[{0x0, 0x18}], 0x1}, 0x0)

343.262191ms ago: executing program 1 (id=1451):
r0 = socket$inet6(0xa, 0x1, 0x0)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000040))
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x3d, 0x0, 0x2, 0x2, 0xff}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf4, 0x0, 0x1, 0x0, 0x0, 0xc}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}], 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r6, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x40010)
fadvise64(r5, 0x18, 0x0, 0x4)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0x0, 0x0, 0x5], 0x0, 0x202})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x400}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[{0x18, 0x110, 0x1, '$'}], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0x500}}], 0x2, 0x0)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x8001, 0x0, 0x6}, 0x10)
setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x5, 0x4)

266.64225ms ago: executing program 3 (id=1452):
r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
ioctl$NBD_SET_SOCK(r0, 0xab00, r1)
arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x3)
r2 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r2, 0xab0a, 0x1000001000104)
ioctl$NBD_SET_SOCK(r2, 0xab00, r1)
ioctl$NBD_DO_IT(r2, 0xab03)
ioctl$NBD_CLEAR_SOCK(r2, 0xab04)

233.9035ms ago: executing program 4 (id=1453):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b0, 0x0, 0x18c, 0x203, 0x4d000000, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@private, 'veth1_macvtap\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x310)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x24, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x4}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x4c}}, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe80000000000000000000", @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0xf500)

26.352616ms ago: executing program 4 (id=1454):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x28, 0x2, 0x6, 0x801, 0x700, 0x0, {0x2}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x28}, 0x1, 0x0, 0x0, 0x400d4}, 0x84)

0s ago: executing program 4 (id=1455):
migrate_pages(0x0, 0x4, &(0x7f0000000000)=0x9, &(0x7f0000000080)=0x272)
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf)
r1 = add_key$fscrypt_v1(0x0, &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000100)={0x0, "92a08b59b371a74cadc29486b6d34e362028dab33f548435586bfa126fc774858b625b6445ff770b79fb50049ace6b402850ca3c314b3f69ea943e0cd0e453a1", 0x1e}, 0x48, 0xfffffffffffffffe)
add_key(&(0x7f0000000180)='.dead\x00', &(0x7f0000000280)={'syz', 0x3}, &(0x7f00000002c0)="1d", 0x1, r1)
socketpair(0x1, 0x5, 0x0, 0x0)
syz_emit_vhci(0x0, 0x7)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
semget(0x1, 0x1, 0xe5)
clock_gettime(0x6, &(0x7f0000000340))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x84, @remote, 0x0, 0x0, 'nq\x00'}, 0x2c)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f00000004c0)=@nat={'nat\x00', 0x670, 0x5, 0x3f8, 0x450, 0x2c0, 0xffffffff, 0x3a8, 0x2c0, 0x450, 0x450, 0xffffffff, 0x450, 0x450, 0x5, 0x0, {[{{@uncond, 0x0, 0x130, 0x168, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x5, 0xc, 'kmp\x00', "0d01d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x79, 0x2, {0x1}}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x801, {0x0, @broadcast, @multicast2, @port=0x1, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@multicast2, @broadcast, 0x0, 0x0, 'virt_wifi0\x00', 'veth1_vlan\x00'}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0xe, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @icmp_id=0x65, @port=0x4e21}}}, {{@ip={@private=0xa010100, @rand_addr, 0x0, 0x0, 'nicvf0\x00', 'nr0\x00'}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @rand_addr, @dev={0xac, 0x14, 0x14, 0x2a}, @icmp_id, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x458)
personality(0x4000000)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000300))
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r6, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x1c, r7, 0x1, 0x0, 0x0, {{}, {0x0, 0x6}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x84)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

kernel console output (not intermixed with test programs):

.977287][   T25] usb 3-1: config 0 descriptor??
[  243.023501][   T25] gspca_main: vc032x-2.14.0 probing 046d:0892
[  243.456115][ T8173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  243.607127][ T8173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  243.821786][ T5867] usb 2-1: USB disconnect, device number 16
[  243.830153][   T25] gspca_vc032x: reg_r err -71
[  243.839398][   T25] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[  243.901110][ T5815] udevd[5815]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  243.926560][   T25] usb 3-1: USB disconnect, device number 14
[  245.612120][ T8197] netlink: 8 bytes leftover after parsing attributes in process `syz.0.651'.
[  246.136302][ T8207] netlink: 'syz.0.653': attribute type 10 has an invalid length.
[  246.154672][   T29] audit: type=1400 audit(2000000084.150:409): avc:  denied  { listen } for  pid=8206 comm="syz.0.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  246.767604][   T29] audit: type=1400 audit(2000000084.150:410): avc:  denied  { connect } for  pid=8206 comm="syz.0.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  247.437901][ T8220] netlink: 16 bytes leftover after parsing attributes in process `syz.4.656'.
[  247.447316][ T8220] netlink: 32 bytes leftover after parsing attributes in process `syz.4.656'.
[  247.556031][ T8207] 8021q: adding VLAN 0 to HW filter on device team0
[  247.571272][ T8222] rdma_rxe: rxe_newlink: failed to add team_slave_0
[  247.583532][ T8207] bond0: (slave team0): Enslaving as an active interface with an up link
[  247.599274][   T29] audit: type=1400 audit(2000000085.610:411): avc:  denied  { nlmsg_write } for  pid=8206 comm="syz.0.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  247.714808][ T8216] vcan0 speed is unknown, defaulting to 1000
[  247.876218][   T29] audit: type=1400 audit(2000000085.890:412): avc:  denied  { setopt } for  pid=8206 comm="syz.0.653" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  248.284342][ T8225] netlink: 'syz.1.657': attribute type 32 has an invalid length.
[  248.304197][ T8225] netlink: 8 bytes leftover after parsing attributes in process `syz.1.657'.
[  248.331112][   T29] audit: type=1400 audit(2000000086.340:413): avc:  denied  { write } for  pid=8228 comm="syz.3.659" name="task" dev="proc" ino=16914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  248.384905][ T8230] vivid-003: disconnect
[  248.411133][ T8225] (unnamed net_device) (uninitialized): Setting coupled_control to off (0)
[  248.437034][   T29] audit: type=1400 audit(2000000086.340:414): avc:  denied  { add_name } for  pid=8228 comm="syz.3.659" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  248.611944][  T969] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  248.622014][   T29] audit: type=1400 audit(2000000086.340:415): avc:  denied  { create } for  pid=8228 comm="syz.3.659" name="hugetlb.2MB.usage_in_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  248.681776][   T29] audit: type=1400 audit(2000000086.340:416): avc:  denied  { associate } for  pid=8228 comm="syz.3.659" name="hugetlb.2MB.usage_in_bytes" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  248.694249][ T8224] vivid-003: reconnect
[  249.054048][  T969] usb 4-1: Using ep0 maxpacket: 32
[  249.083199][  T969] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x2 has invalid wMaxPacketSize 0
[  249.096641][  T969] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 0
[  249.582051][  T969] usb 4-1: config 0 interface 0 has no altsetting 0
[  249.793385][  T969] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  249.807110][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.816341][  T969] usb 4-1: Product: syz
[  250.459559][  T969] usb 4-1: Manufacturer: syz
[  250.464338][  T969] usb 4-1: SerialNumber: syz
[  250.533202][  T969] usb 4-1: config 0 descriptor??
[  250.540570][  T969] gs_usb 4-1:0.0: Required endpoints not found
[  250.728473][ T8250] 9pnet: p9_errstr2errno: server reported unknown error �@:�d�.�o^��$h9�4�Y½�J
S�jp
[  250.776947][ T3147] usb 4-1: USB disconnect, device number 10
[  251.027163][ T8261] netlink: 220 bytes leftover after parsing attributes in process `syz.0.664'.
[  251.470944][ T8267] input: syz0 as /devices/virtual/input/input15
[  252.256487][ T8276] netlink: 60 bytes leftover after parsing attributes in process `syz.4.673'.
[  252.291319][ T8276] process 'syz.4.673' launched './file2' with NULL argv: empty string added
[  252.307729][   T29] audit: type=1400 audit(2000000090.320:417): avc:  denied  { execute_no_trans } for  pid=8275 comm="syz.4.673" path="/129/file2" dev="tmpfs" ino=682 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  252.368138][ T8276] overlayfs: failed to clone upperpath
[  252.369533][   T29] audit: type=1400 audit(2000000090.350:418): avc:  denied  { mount } for  pid=8275 comm="syz.4.673" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  252.407415][ T8276] overlayfs: failed to clone upperpath
[  252.595844][ T8282] netlink: 8 bytes leftover after parsing attributes in process `syz.4.675'.
[  252.712521][   T29] audit: type=1400 audit(2000000090.710:419): avc:  denied  { block_suspend } for  pid=8283 comm="syz.1.676" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  253.961800][   T29] audit: type=1400 audit(2000000091.230:420): avc:  denied  { ioctl } for  pid=8293 comm="syz.4.680" path="socket:[17439]" dev="sockfs" ino=17439 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  254.861977][   T29] audit: type=1400 audit(2000000092.850:421): avc:  denied  { setopt } for  pid=8295 comm="syz.1.682" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  255.055024][ T8312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.687'.
[  255.928173][ T8326] evm: overlay not supported
[  256.001380][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  256.008192][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  256.343012][ T8334] netlink: 4 bytes leftover after parsing attributes in process `syz.0.693'.
[  256.418667][ T8333] fuse: Bad value for 'fd'
[  256.450358][   T29] audit: type=1400 audit(2000000094.380:422): avc:  denied  { create } for  pid=8335 comm="syz.3.695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  257.429042][ T8358] Bluetooth: MGMT ver 1.23
[  257.941980][  T969] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  258.702032][  T969] usb 3-1: Using ep0 maxpacket: 8
[  258.713118][  T969] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  258.721423][  T969] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  258.751593][  T969] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  258.766567][  T969] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  258.787166][  T969] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  258.820767][  T969] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  258.878610][  T969] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  258.941243][   T29] audit: type=1400 audit(2000000096.950:423): avc:  denied  { accept } for  pid=8373 comm="syz.4.708" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  259.119551][  T969] usb 3-1: usb_control_msg returned -32
[  259.125348][  T969] usbtmc 3-1:16.0: can't read capabilities
[  259.172352][ T5908] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  259.452099][ T5908] usb 4-1: Using ep0 maxpacket: 32
[  259.459102][ T5908] usb 4-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6
[  259.468324][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.478933][ T5908] usb 4-1: config 0 descriptor??
[  259.502377][ T5908] usb 4-1: dvb_usb_v2: found a 'Anysee' in warm state
[  259.509510][ T5908] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  259.516489][ T5908] dvb_usb_anysee 4-1:0.0: probe with driver dvb_usb_anysee failed with error -22
[  259.561758][ T8389] usbtmc 3-1:16.0: stb usb_control_msg returned -32
[  260.045498][ T8372] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  260.092729][ T8372] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  260.664117][  T969] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  261.765800][  T969] usb 2-1: Using ep0 maxpacket: 32
[  262.727058][ T5826] Bluetooth: hci4: command 0x0405 tx timeout
[  262.738070][  T969] usb 2-1: config 0 has an invalid interface number: 35 but max is 0
[  262.746255][  T969] usb 2-1: config 0 has no interface number 0
[  262.754755][  T969] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  262.763963][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.085556][ T5908] usb 3-1: USB disconnect, device number 15
[  263.291985][  T969] usb 2-1: Product: syz
[  263.325242][    T8] usb 4-1: USB disconnect, device number 11
[  263.356511][  T969] usb 2-1: Manufacturer: syz
[  263.426776][  T969] usb 2-1: SerialNumber: syz
[  263.555226][  T969] usb 2-1: config 0 descriptor??
[  263.579126][   T29] audit: type=1400 audit(2000000101.550:424): avc:  denied  { ioctl } for  pid=8405 comm="syz.2.718" path="socket:[17634]" dev="sockfs" ino=17634 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  263.853063][  T969] radio-si470x 2-1:0.35: this is not a si470x device.
[  264.181751][  T969] radio-raremono 2-1:0.35: this is not Thanko's Raremono.
[  264.405754][  T969] usb 2-1: USB disconnect, device number 17
[  264.946367][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz.4.723'.
[  265.921148][   T29] audit: type=1400 audit(2000000103.000:425): avc:  denied  { listen } for  pid=8427 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  265.972000][   T29] audit: type=1400 audit(2000000103.960:426): avc:  denied  { bind } for  pid=8427 comm="syz.0.727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  266.503097][ T8415] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  266.766873][   T29] audit: type=1400 audit(2000000104.780:427): avc:  denied  { cmd } for  pid=8439 comm="syz.2.728" path="socket:[17708]" dev="sockfs" ino=17708 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  268.451189][ T8478] netlink: 8 bytes leftover after parsing attributes in process `syz.2.735'.
[  269.401480][ T8482] netlink: 60 bytes leftover after parsing attributes in process `syz.4.740'.
[  269.448080][ T8482] overlayfs: failed to clone upperpath
[  270.695459][ T8523] netlink: 'syz.1.753': attribute type 1 has an invalid length.
[  270.732152][ T8522] tipc: Enabling of bearer <Eth:t> rejected, media not registered
[  270.855974][ T8533] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  271.873880][   T29] audit: type=1400 audit(2000000108.870:428): avc:  denied  { bind } for  pid=8532 comm="syz.1.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  271.896267][   T29] audit: type=1400 audit(2000000109.400:429): avc:  denied  { bind } for  pid=8532 comm="syz.1.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  271.915569][   T29] audit: type=1400 audit(2000000109.400:430): avc:  denied  { write } for  pid=8532 comm="syz.1.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  271.934878][    C0] vkms_vblank_simulate: vblank timer overrun
[  271.985822][ T8538] sctp: [Deprecated]: syz.4.757 (pid 8538) Use of struct sctp_assoc_value in delayed_ack socket option.
[  271.985822][ T8538] Use struct sctp_sack_info instead
[  272.218726][ T8540] netlink: 12 bytes leftover after parsing attributes in process `syz.3.759'.
[  272.318734][ T8541] netlink: 100 bytes leftover after parsing attributes in process `syz.2.754'.
[  272.642123][   T29] audit: type=1400 audit(2000000110.590:431): avc:  denied  { ioctl } for  pid=8546 comm="syz.1.762" path="socket:[17850]" dev="sockfs" ino=17850 ioctlcmd=0x89a0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  272.880435][   T29] audit: type=1400 audit(2000000110.890:432): avc:  denied  { connect } for  pid=8549 comm="syz.0.758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  273.518953][   T29] audit: type=1400 audit(2000000111.530:433): avc:  denied  { bind } for  pid=8560 comm="syz.1.766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  273.589716][ T8563] netlink: 220 bytes leftover after parsing attributes in process `syz.0.765'.
[  273.609330][   T29] audit: type=1400 audit(2000000111.560:434): avc:  denied  { create } for  pid=8560 comm="syz.1.766" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  274.602074][   T29] audit: type=1400 audit(2000000112.610:435): avc:  denied  { write } for  pid=8573 comm="syz.1.770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  274.888537][   T29] audit: type=1326 audit(2000000112.900:436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8572 comm="syz.2.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2112585d29 code=0x7fc00000
[  275.241907][   T29] audit: type=1400 audit(2000000113.240:437): avc:  denied  { bind } for  pid=8594 comm="syz.1.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  276.072144][ T5863] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  276.073687][ T8618] netlink: 8 bytes leftover after parsing attributes in process `syz.0.783'.
[  276.318516][ T8619] netlink: 12 bytes leftover after parsing attributes in process `syz.0.783'.
[  276.327975][ T8619] netlink: 'syz.0.783': attribute type 18 has an invalid length.
[  276.515374][ T5863] usb 2-1: Using ep0 maxpacket: 8
[  276.523888][ T5863] usb 2-1: config 0 has no interfaces?
[  276.530573][ T5863] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  276.609126][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  276.622858][ T8623] bridge0: port 3(erspan0) entered blocking state
[  276.629504][ T8623] bridge0: port 3(erspan0) entered disabled state
[  276.636145][ T8623] erspan0: entered allmulticast mode
[  276.642126][ T8623] erspan0: entered promiscuous mode
[  276.649280][ T8623] bridge0: port 3(erspan0) entered blocking state
[  276.655907][ T8623] bridge0: port 3(erspan0) entered forwarding state
[  276.706140][ T5863] usb 2-1: config 0 descriptor??
[  277.113186][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  277.113206][   T29] audit: type=1400 audit(2000000115.110:442): avc:  denied  { accept } for  pid=8594 comm="syz.1.776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  278.461979][ T5908] usb 2-1: USB disconnect, device number 18
[  278.922186][ T8649] PM: Enabling pm_trace changes system date and time during resume.
[  278.922186][ T8649] PM: Correct system time has to be restored manually after resume.
[  279.034992][   T29] audit: type=1400 audit(2000000117.050:443): avc:  denied  { ioctl } for  pid=8651 comm="syz.4.792" path="socket:[18697]" dev="sockfs" ino=18697 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  279.112373][ T8654] netlink: 'syz.1.791': attribute type 4 has an invalid length.
[  279.296489][ T8666] netlink: 'syz.2.794': attribute type 2 has an invalid length.
[  282.362142][ T5908] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  282.549040][ T8703] vcan0 speed is unknown, defaulting to 1000
[  283.630633][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  283.799059][    T9] usb 1-1: Using ep0 maxpacket: 8
[  283.818749][    T9] usb 1-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  283.881394][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.921942][    T9] usb 1-1: Product: syz
[  283.946586][    T9] usb 1-1: Manufacturer: syz
[  283.961732][    T9] usb 1-1: SerialNumber: syz
[  283.978920][ T8721] fuse: Bad value for 'fd'
[  283.985520][    T9] usb 1-1: config 0 descriptor??
[  284.325970][    T9] gspca_main: vc032x-2.14.0 probing 046d:0896
[  284.551983][    T9] gspca_vc032x: reg_r err -32
[  284.556785][    T9] vc032x 1-1:0.0: probe with driver vc032x failed with error -32
[  284.582124][    T9] usb 1-1: USB disconnect, device number 17
[  284.592514][ T8717] nbd3: detected capacity change from 0 to 30
[  284.622888][ T8725] block nbd3: shutting down sockets
[  284.677597][    C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  284.687406][    C0] Buffer I/O error on dev nbd3, logical block 0, async page read
[  284.695563][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  284.714515][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  284.734526][ T8717] netlink: 'syz.3.808': attribute type 3 has an invalid length.
[  284.766791][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  285.610394][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  285.651559][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  285.696480][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  285.704941][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  285.718594][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  285.729813][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  285.756927][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  285.882204][ T8746] netlink: 8 bytes leftover after parsing attributes in process `syz.2.816'.
[  285.958390][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  285.984545][ T8747] netlink: 12 bytes leftover after parsing attributes in process `syz.2.816'.
[  285.993919][ T8747] netlink: 'syz.2.816': attribute type 18 has an invalid length.
[  286.035439][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  286.176558][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  286.202114][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  286.229346][ T5831] ldm_validate_partition_table(): Disk read failed.
[  286.245218][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  286.262379][ T8752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.818'.
[  286.271524][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  286.288960][ T8753] smc: removing ib device syz1
[  286.290282][ T5831] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  286.504867][   T29] audit: type=1400 audit(2000000124.500:444): avc:  denied  { watch } for  pid=8749 comm="syz.0.819" path="/169" dev="tmpfs" ino=919 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  286.529137][    C1] vkms_vblank_simulate: vblank timer overrun
[  286.535708][ T5831] Buffer I/O error on dev nbd3, logical block 0, async page read
[  286.872181][ T5831] Dev nbd3: unable to read RDB block 0
[  286.881192][ T5831]  nbd3: unable to read partition table
[  286.887920][ T5831] nbd3: partition table beyond EOD, truncated
[  286.890185][   T29] audit: type=1400 audit(2000000124.500:445): avc:  denied  { watch_sb watch_reads } for  pid=8749 comm="syz.0.819" path="/169" dev="tmpfs" ino=919 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  286.958429][ T5831] ldm_validate_partition_table(): Disk read failed.
[  286.971154][ T5831] Dev nbd3: unable to read RDB block 0
[  286.979015][ T5831]  nbd3: unable to read partition table
[  287.162981][ T5831] nbd3: partition table beyond EOD, truncated
[  290.311932][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  290.416191][   T29] audit: type=1400 audit(2000000128.430:446): avc:  denied  { setopt } for  pid=8782 comm="syz.0.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  290.462152][    T9] usb 3-1: Using ep0 maxpacket: 8
[  290.469715][    T9] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  290.485666][    T9] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  290.496089][    T9] usb 3-1: config 0 has no interface number 0
[  290.502339][    T9] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  290.513961][    T9] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  290.525183][    T9] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  290.537015][    T9] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  290.550223][    T9] usb 3-1: config 0 interface 52 has no altsetting 0
[  290.557008][    T9] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  290.566203][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.574442][    T8] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  290.699239][ T8785] netlink: 12 bytes leftover after parsing attributes in process `syz.0.827'.
[  290.717830][    T9] usb 3-1: config 0 descriptor??
[  290.922265][    T8] usb 4-1: Using ep0 maxpacket: 8
[  290.930737][    T8] usb 4-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  290.944874][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.963630][    T9] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input16
[  291.714498][    T8] usb 4-1: Product: syz
[  291.807007][    T8] usb 4-1: Manufacturer: syz
[  291.832999][ T8792] netlink: 8 bytes leftover after parsing attributes in process `syz.1.829'.
[  291.884589][    T8] usb 4-1: SerialNumber: syz
[  291.913781][    T8] usb 4-1: config 0 descriptor??
[  291.935744][    T8] gspca_main: vc032x-2.14.0 probing 046d:0896
[  292.056391][ T8794] netlink: 12 bytes leftover after parsing attributes in process `syz.1.829'.
[  292.065716][ T8794] netlink: 'syz.1.829': attribute type 18 has an invalid length.
[  292.163541][    T8] gspca_vc032x: reg_r err -32
[  292.176350][ T8795] overlayfs: failed to clone upperpath
[  292.177786][ T8797] overlay: filesystem on ./bus not supported as upperdir
[  292.184206][    T8] vc032x 4-1:0.0: probe with driver vc032x failed with error -32
[  292.197381][   T29] audit: type=1400 audit(2000000130.190:447): avc:  denied  { mounton } for  pid=8796 comm="syz.0.831" path="/173/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1
[  292.303212][ T8798] overlayfs: failed to clone upperpath
[  292.317740][    T8] usb 3-1: USB disconnect, device number 16
[  292.347777][ T5863] usb 4-1: USB disconnect, device number 13
[  292.374940][ T5831] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -19
[  292.669074][ T8816] netlink: 8 bytes leftover after parsing attributes in process `syz.2.835'.
[  293.021650][   T29] audit: type=1400 audit(2000000131.030:448): avc:  denied  { getopt } for  pid=8818 comm="syz.1.836" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  293.104724][ T8811] netlink: 12 bytes leftover after parsing attributes in process `syz.2.835'.
[  293.114853][ T8811] netlink: 'syz.2.835': attribute type 18 has an invalid length.
[  295.702075][    T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  296.532195][ T5863] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  296.551550][ T8849] trusted_key: encrypted_key: master key parameter '�l��1�C�#���7\��K�ǫ۴���(���z��g�p���$~0z6��|�9�%�W-����آ�' is invalid
[  296.923511][ T5863] usb 3-1: config index 0 descriptor too short (expected 4114, got 18)
[  297.045700][ T8851] netlink: 60 bytes leftover after parsing attributes in process `syz.0.844'.
[  297.113807][ T5863] usb 3-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=51.38
[  297.123014][ T5863] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.133379][ T5863] usb 3-1: Product: syz
[  297.137708][ T5863] usb 3-1: Manufacturer: syz
[  297.143338][ T5863] usb 3-1: SerialNumber: syz
[  297.193487][ T8851] overlay: filesystem on ./bus not supported as upperdir
[  297.201362][ T5863] usb 3-1: config 0 descriptor??
[  297.508232][ T3147] usb 3-1: USB disconnect, device number 17
[  299.283040][   T29] audit: type=1400 audit(2000000137.290:449): avc:  denied  { connect } for  pid=8878 comm="syz.1.851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  299.283984][ T8886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.853'.
[  299.312975][ T8886] netlink: 'syz.3.853': attribute type 18 has an invalid length.
[  299.657725][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[  299.671945][ T5821] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  302.290408][   T29] audit: type=1400 audit(2000000140.300:450): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  302.428158][ T8927] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8927 comm=syz.2.864
[  302.947944][ T8933] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  303.025261][ T8922] netlink: 12 bytes leftover after parsing attributes in process `syz.3.862'.
[  303.025357][ T8922] netlink: 'syz.3.862': attribute type 18 has an invalid length.
[  303.049548][   T29] audit: type=1400 audit(2000000141.050:451): avc:  denied  { write } for  pid=8939 comm="syz.4.867" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  303.208799][ T8947] netlink: 60 bytes leftover after parsing attributes in process `syz.4.868'.
[  303.259041][ T8947] overlayfs: failed to clone upperpath
[  303.267973][ T8947] overlayfs: failed to clone upperpath
[  303.506084][    T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  303.632887][   T29] audit: type=1400 audit(2000000141.520:452): avc:  denied  { connect } for  pid=8950 comm="syz.0.870" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  303.783590][    T8] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  303.783623][    T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  303.783643][    T8] usb 3-1: config 0 has no interface number 0
[  303.783675][    T8] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid maxpacket 3840, setting to 64
[  303.783705][    T8] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  303.785283][    T8] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  303.785312][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.785333][    T8] usb 3-1: Product: syz
[  303.785350][    T8] usb 3-1: Manufacturer: syz
[  303.785367][    T8] usb 3-1: SerialNumber: syz
[  303.863206][    T8] usb 3-1: config 0 descriptor??
[  304.733899][ T5867] usb 1-1: new low-speed USB device number 18 using dummy_hcd
[  304.872519][   T29] audit: type=1400 audit(2000000142.880:453): avc:  denied  { append } for  pid=8962 comm="syz.1.872" name="event3" dev="devtmpfs" ino=953 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1
[  305.002792][    T8] usbtouchscreen 3-1:0.117: probe with driver usbtouchscreen failed with error -71
[  305.022563][    T8] usb 3-1: USB disconnect, device number 18
[  305.082065][ T5867] usb 1-1: Invalid ep0 maxpacket: 16
[  305.222506][ T5867] usb 1-1: new low-speed USB device number 19 using dummy_hcd
[  305.351924][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  305.471912][ T5867] usb 1-1: Invalid ep0 maxpacket: 16
[  305.477891][ T5867] usb usb1-port1: attempt power cycle
[  305.505779][    T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  305.517131][    T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  305.543411][    T9] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  305.552944][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  305.562820][    T9] usb 2-1: SerialNumber: syz
[  305.788878][    T9] usb 2-1: 0:2 : does not exist
[  305.815770][    T9] usb 2-1: unit 5: unexpected type 0x0d
[  305.832488][ T5867] usb 1-1: new low-speed USB device number 20 using dummy_hcd
[  305.844269][    T9] usb 2-1: USB disconnect, device number 20
[  305.864847][ T5867] usb 1-1: Invalid ep0 maxpacket: 16
[  306.002477][ T5867] usb 1-1: new low-speed USB device number 21 using dummy_hcd
[  306.038232][ T5867] usb 1-1: Invalid ep0 maxpacket: 16
[  306.051464][ T5867] usb usb1-port1: unable to enumerate USB device
[  306.062263][ T5815] udevd[5815]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  306.527493][ T8964] syz.1.872 (8964) used greatest stack depth: 18592 bytes left
[  306.685204][ T8988] netlink: 8 bytes leftover after parsing attributes in process `syz.4.883'.
[  306.748391][ T8990] netlink: 12 bytes leftover after parsing attributes in process `syz.4.883'.
[  306.761280][ T8990] netlink: 'syz.4.883': attribute type 18 has an invalid length.
[  307.057871][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  308.187776][ T9013] FAULT_INJECTION: forcing a failure.
[  308.187776][ T9013] name failslab, interval 1, probability 0, space 0, times 0
[  308.205653][ T9013] CPU: 0 UID: 0 PID: 9013 Comm: syz.3.892 Not tainted 6.13.0-rc4-syzkaller #0
[  308.214639][ T9013] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  308.224783][ T9013] Call Trace:
[  308.228096][ T9013]  <TASK>
[  308.231021][ T9013]  dump_stack_lvl+0x16c/0x1f0
[  308.235711][ T9013]  should_fail_ex+0x497/0x5b0
[  308.240382][ T9013]  ? fs_reclaim_acquire+0xae/0x150
[  308.245591][ T9013]  should_failslab+0xc2/0x120
[  308.250249][ T9013]  __kmalloc_cache_noprof+0x68/0x410
[  308.255691][ T9013]  ip_set_create+0x33f/0x14d0
[  308.260366][ T9013]  ? __pfx_ip_set_create+0x10/0x10
[  308.265472][ T9013]  nfnetlink_rcv_msg+0x9c3/0x11e0
[  308.270483][ T9013]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  308.275928][ T9013]  ? __pfx___lock_acquire+0x10/0x10
[  308.281119][ T9013]  ? lock_acquire+0x2f/0xb0
[  308.285616][ T9013]  ? avc_has_perm_noaudit+0x61/0x3a0
[  308.290894][ T9013]  netlink_rcv_skb+0x16b/0x440
[  308.295643][ T9013]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  308.301102][ T9013]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  308.306382][ T9013]  ? bpf_lsm_capable+0x9/0x10
[  308.311054][ T9013]  ? security_capable+0x7e/0x260
[  308.315973][ T9013]  ? ns_capable+0xd7/0x110
[  308.320465][ T9013]  nfnetlink_rcv+0x1b4/0x430
[  308.325147][ T9013]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  308.330241][ T9013]  ? netlink_deliver_tap+0x1ae/0xd30
[  308.335514][ T9013]  netlink_unicast+0x53c/0x7f0
[  308.340277][ T9013]  ? __pfx_netlink_unicast+0x10/0x10
[  308.345560][ T9013]  netlink_sendmsg+0x8b8/0xd70
[  308.350308][ T9013]  ? __pfx_netlink_sendmsg+0x10/0x10
[  308.355593][ T9013]  ____sys_sendmsg+0xaaf/0xc90
[  308.360338][ T9013]  ? copy_msghdr_from_user+0x10b/0x160
[  308.365777][ T9013]  ? __pfx_____sys_sendmsg+0x10/0x10
[  308.371061][ T9013]  ___sys_sendmsg+0x135/0x1e0
[  308.375718][ T9013]  ? __pfx____sys_sendmsg+0x10/0x10
[  308.380901][ T9013]  ? __pfx_lock_release+0x10/0x10
[  308.385910][ T9013]  ? trace_lock_acquire+0x14e/0x1f0
[  308.391110][ T9013]  ? __fget_files+0x206/0x3a0
[  308.395774][ T9013]  __sys_sendmsg+0x16e/0x220
[  308.400374][ T9013]  ? __pfx___sys_sendmsg+0x10/0x10
[  308.405503][ T9013]  do_syscall_64+0xcd/0x250
[  308.409999][ T9013]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.415899][ T9013] RIP: 0033:0x7f2dfe585d29
[  308.420297][ T9013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.439970][ T9013] RSP: 002b:00007f2dff3f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  308.448372][ T9013] RAX: ffffffffffffffda RBX: 00007f2dfe775fa0 RCX: 00007f2dfe585d29
[  308.456322][ T9013] RDX: 0000000020000000 RSI: 0000000020000040 RDI: 0000000000000003
[  308.464277][ T9013] RBP: 00007f2dff3f6090 R08: 0000000000000000 R09: 0000000000000000
[  308.472236][ T9013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.480210][ T9013] R13: 0000000000000000 R14: 00007f2dfe775fa0 R15: 00007ffe6556e648
[  308.488196][ T9013]  </TASK>
[  310.216133][ T9030] overlay: filesystem on ./bus not supported as upperdir
[  310.221332][ T5908] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  311.033272][ T5908] usb 1-1: Using ep0 maxpacket: 32
[  311.041038][ T5908] usb 1-1: config 0 has an invalid interface number: 244 but max is 0
[  311.081187][ T5908] usb 1-1: config 0 has no interface number 0
[  311.120811][ T5908] usb 1-1: config 0 interface 244 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  311.218266][ T5908] usb 1-1: New USB device found, idVendor=2001, idProduct=3a00, bcdDevice=c0.21
[  311.239646][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.286071][ T5908] usb 1-1: Product: syz
[  311.336148][ T5908] usb 1-1: Manufacturer: syz
[  311.379933][ T5908] usb 1-1: SerialNumber: syz
[  311.666112][ T5908] usb 1-1: config 0 descriptor??
[  311.672689][ T5908] usb 1-1: can't set config #0, error -71
[  311.977608][ T5908] usb 1-1: USB disconnect, device number 22
[  314.216715][ T9075] netlink: 8 bytes leftover after parsing attributes in process `syz.4.907'.
[  315.354621][ T9084] netlink: 12 bytes leftover after parsing attributes in process `syz.4.907'.
[  315.367245][ T9084] netlink: 'syz.4.907': attribute type 18 has an invalid length.
[  317.569716][   T29] audit: type=1400 audit(2000000155.160:454): avc:  denied  { watch } for  pid=9087 comm="syz.4.911" path="/196" dev="tmpfs" ino=1051 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  317.603331][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  317.609876][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  317.651627][   T29] audit: type=1400 audit(2000000155.630:455): avc:  denied  { ioctl } for  pid=9089 comm="syz.2.910" path="socket:[20565]" dev="sockfs" ino=20565 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  321.892256][ T5863] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  322.074571][ T5863] usb 1-1: device descriptor read/64, error -71
[  322.372096][ T5863] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  323.628147][ T5863] usb 1-1: device descriptor read/64, error -71
[  323.671940][ T5911] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  323.734965][ T9170] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  323.743417][ T5863] usb usb1-port1: attempt power cycle
[  323.774137][ T9170] wg2: entered promiscuous mode
[  323.782399][ T9170] netlink: 136 bytes leftover after parsing attributes in process `syz.1.934'.
[  323.807903][ T9153] netlink: 220 bytes leftover after parsing attributes in process `syz.4.931'.
[  323.847376][ T5911] usb 3-1: config index 0 descriptor too short (expected 4114, got 18)
[  323.867112][ T5911] usb 3-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=51.38
[  323.870502][ T9174] netlink: 10 bytes leftover after parsing attributes in process `syz.1.936'.
[  323.895019][ T5911] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.912099][ T9174] netlink: 8 bytes leftover after parsing attributes in process `syz.1.936'.
[  323.914919][ T5911] usb 3-1: Product: syz
[  323.927622][ T5911] usb 3-1: Manufacturer: syz
[  323.935926][ T5911] usb 3-1: SerialNumber: syz
[  323.960064][ T5911] usb 3-1: config 0 descriptor??
[  324.052529][   T29] audit: type=1400 audit(2000000162.070:456): avc:  denied  { bind } for  pid=9180 comm="syz.4.939" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  324.078555][ T9181] netlink: 24 bytes leftover after parsing attributes in process `syz.4.939'.
[  324.092108][ T5863] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  324.116581][ T5863] usb 1-1: device descriptor read/8, error -71
[  324.226000][ T5866] usb 3-1: USB disconnect, device number 19
[  324.376646][ T5863] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  324.424414][ T5863] usb 1-1: device descriptor read/8, error -71
[  324.499673][   T29] audit: type=1400 audit(2000000162.510:457): avc:  denied  { setopt } for  pid=9177 comm="syz.1.938" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  324.533406][ T5863] usb usb1-port1: unable to enumerate USB device
[  324.779582][ T9176] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  324.815370][ T9196] netlink: 60 bytes leftover after parsing attributes in process `syz.1.942'.
[  325.577095][   T29] audit: type=1400 audit(2000000163.590:458): avc:  denied  { module_request } for  pid=9195 comm="syz.1.942" kmod="binfmt-0000" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  326.086746][ T5821] Bluetooth: hci0: command 0x0406 tx timeout
[  326.794974][ T9196] overlay: filesystem on ./bus not supported as upperdir
[  326.852484][ T9216] openvswitch: netlink: nsh attribute has 4 unknown bytes.
[  329.021960][ T5866] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  329.203664][ T5866] usb 4-1: Using ep0 maxpacket: 8
[  329.215531][ T5866] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  329.267762][ T5866] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  329.582107][ T5866] usb 4-1: config 0 has no interface number 0
[  329.588762][ T5866] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  329.780288][ T5866] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  329.814947][ T5866] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  329.830494][ T5866] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  329.849426][ T5866] usb 4-1: config 0 interface 52 has no altsetting 0
[  329.934887][ T5866] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  329.971969][ T5866] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.049643][ T5866] usb 4-1: config 0 descriptor??
[  331.291542][ T5908] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  331.436100][ T5866] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input19
[  332.515024][ T5911] usb 4-1: USB disconnect, device number 14
[  332.521004][    C0] synaptics_usb 4-1:0.52: synusb_irq - usb_submit_urb failed with result: -19
[  332.534277][ T5908] usb 2-1: Using ep0 maxpacket: 32
[  332.639036][ T5908] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  332.647396][ T5908] usb 2-1: config 0 has no interface number 0
[  332.664553][ T5908] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  332.679433][ T5908] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.689185][ T5908] usb 2-1: Product: syz
[  332.698074][ T5908] usb 2-1: Manufacturer: syz
[  332.703082][ T5908] usb 2-1: SerialNumber: syz
[  332.725867][ T5908] usb 2-1: config 0 descriptor??
[  332.748926][ T5908] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  333.822179][ T5908] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  333.925960][ T5908] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  334.334501][ T9286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.346863][ T9286] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  334.926995][    T8] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  334.995463][    C0] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  335.002918][   T25] usb 2-1: USB disconnect, device number 21
[  335.202185][    T8] usb 3-1: Using ep0 maxpacket: 8
[  335.358267][    T8] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  335.362367][   T25] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  335.386905][   T25] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  335.386941][    T8] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  335.398773][   T25] quatech2 2-1:0.51: device disconnected
[  335.431710][    T8] usb 3-1: config 0 has no interface number 0
[  335.438275][    T8] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  335.451083][    T8] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  335.463979][    T8] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  335.475780][    T8] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  335.489299][    T8] usb 3-1: config 0 interface 52 has no altsetting 0
[  335.496124][    T8] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  335.505303][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.531158][    T8] usb 3-1: config 0 descriptor??
[  335.723867][    T8] usb 3-1: Can not set alternate setting to 1, error: -71
[  335.731581][    T8] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -71
[  336.333756][    T8] usb 3-1: USB disconnect, device number 20
[  336.502051][   T29] audit: type=1400 audit(2000000174.430:459): avc:  denied  { ioctl } for  pid=9303 comm="syz.0.975" path="/dev/nvram" dev="devtmpfs" ino=623 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  336.602124][ T9306] netlink: 8 bytes leftover after parsing attributes in process `syz.2.976'.
[  339.635811][ T9336] uprobe: syz.4.986:9336 failed to unregister, leaking uprobe
[  340.040964][ T9339] netlink: 12 bytes leftover after parsing attributes in process `syz.0.987'.
[  340.050390][ T9339] netlink: 'syz.0.987': attribute type 18 has an invalid length.
[  340.072782][ T9347] /dev/nullb0: Can't lookup blockdev
[  340.205667][   T29] audit: type=1326 audit(2000000178.210:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.233298][   T29] audit: type=1326 audit(2000000178.240:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.269704][   T29] audit: type=1326 audit(2000000178.240:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.300797][   T29] audit: type=1326 audit(2000000178.240:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.325453][   T29] audit: type=1326 audit(2000000178.240:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.350230][   T29] audit: type=1326 audit(2000000178.240:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.376031][   T29] audit: type=1326 audit(2000000178.240:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.405693][   T29] audit: type=1326 audit(2000000178.240:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  340.434562][   T29] audit: type=1326 audit(2000000178.240:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9350 comm="syz.4.991" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x7ffc0000
[  343.237302][ T9340] netlink: 8 bytes leftover after parsing attributes in process `syz.0.987'.
[  343.594499][ T9376] netlink: 228 bytes leftover after parsing attributes in process `syz.4.998'.
[  344.174748][ T9382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.999'.
[  344.279357][ T9382] netlink: 12 bytes leftover after parsing attributes in process `syz.0.999'.
[  344.288811][ T9382] netlink: 'syz.0.999': attribute type 18 has an invalid length.
[  344.695804][ T5911] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  345.112098][ T5911] usb 4-1: Using ep0 maxpacket: 16
[  346.216453][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  346.228114][ T5911] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  348.774424][ T5911] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  348.791933][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.819818][ T5911] usb 4-1: config 0 descriptor??
[  348.825753][ T5911] usb 4-1: can't set config #0, error -71
[  348.848564][ T5911] usb 4-1: USB disconnect, device number 15
[  349.392018][ T9410] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1009'.
[  349.467549][ T9410] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1009'.
[  349.592242][   T29] kauditd_printk_skb: 32 callbacks suppressed
[  349.592263][   T29] audit: type=1400 audit(2000000187.390:501): avc:  denied  { read } for  pid=9409 comm="syz.0.1009" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  349.667624][ T9413] : entered promiscuous mode
[  349.708805][ T9417] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1011'.
[  349.808736][ T9417] overlay: filesystem on ./bus not supported as upperdir
[  351.067149][ T9434] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1013'.
[  351.144018][ T9435] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1013'.
[  351.153255][ T9435] netlink: 'syz.2.1013': attribute type 18 has an invalid length.
[  351.415224][ T9436] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1016'.
[  351.538238][ T9439] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1019'.
[  351.589796][ T9442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1016'.
[  351.599165][ T9442] netlink: 'syz.1.1016': attribute type 18 has an invalid length.
[  351.814523][   T29] audit: type=1400 audit(2000000189.830:502): avc:  denied  { execute } for  pid=9440 comm="syz.3.1018" path="/dev/dsp1" dev="devtmpfs" ino=1289 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  352.765512][ T9458] libceph: resolve 'c' (ret=-3): failed
[  352.872227][   T29] audit: type=1400 audit(2000000190.850:503): avc:  denied  { create } for  pid=9457 comm="syz.3.1023" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  353.131500][ T9478] overlayfs: failed to clone upperpath
[  353.229804][   T29] audit: type=1400 audit(2000000191.220:504): avc:  denied  { listen } for  pid=9467 comm="syz.0.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  353.353761][ T9476] vivid-002: disconnect
[  353.448852][   T29] audit: type=1400 audit(2000000191.230:505): avc:  denied  { listen } for  pid=9467 comm="syz.0.1026" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  353.605830][ T9488] vivid-002: reconnect
[  353.686559][   T29] audit: type=1400 audit(2000000191.330:506): avc:  denied  { watch watch_reads } for  pid=9477 comm="syz.4.1027" path="/232/bus/file1" dev="tmpfs" ino=1245 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  354.396624][ T9513] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  355.155697][   T29] audit: type=1400 audit(2000000192.430:507): avc:  denied  { write } for  pid=9497 comm="syz.3.1035" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  357.497443][ T5911] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  358.919340][ T9544] FAULT_INJECTION: forcing a failure.
[  358.919340][ T9544] name failslab, interval 1, probability 0, space 0, times 0
[  358.933024][ T9544] CPU: 1 UID: 0 PID: 9544 Comm: syz.2.1046 Not tainted 6.13.0-rc4-syzkaller #0
[  358.941997][ T9544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  358.952075][ T9544] Call Trace:
[  358.955368][ T9544]  <TASK>
[  358.958306][ T9544]  dump_stack_lvl+0x16c/0x1f0
[  358.963026][ T9544]  should_fail_ex+0x497/0x5b0
[  358.967727][ T9544]  ? fs_reclaim_acquire+0xae/0x150
[  358.972852][ T9544]  should_failslab+0xc2/0x120
[  358.977522][ T9544]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  358.983321][ T9544]  ? __alloc_skb+0x2b1/0x380
[  358.987921][ T9544]  __alloc_skb+0x2b1/0x380
[  358.992346][ T9544]  ? __pfx___alloc_skb+0x10/0x10
[  358.997283][ T9544]  ? print_usage_bug.part.0+0x540/0x560
[  359.002905][ T9544]  ? __mutex_trylock_common+0xea/0x250
[  359.008351][ T9544]  ? __pfx___mutex_trylock_common+0x10/0x10
[  359.014243][ T9544]  netlink_dump+0x699/0xd00
[  359.018744][ T9544]  ? __pfx_netlink_dump+0x10/0x10
[  359.023786][ T9544]  __netlink_dump_start+0x6ca/0x970
[  359.028992][ T9544]  ? __pfx_inet_dump_fib+0x10/0x10
[  359.034096][ T9544]  rtnetlink_rcv_msg+0xb44/0xea0
[  359.039030][ T9544]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  359.044513][ T9544]  ? __pfx_rtnl_dumpit+0x10/0x10
[  359.049441][ T9544]  ? __pfx_inet_dump_fib+0x10/0x10
[  359.054559][ T9544]  netlink_rcv_skb+0x16b/0x440
[  359.059314][ T9544]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  359.064771][ T9544]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  359.070072][ T9544]  ? rcu_is_watching+0x12/0xc0
[  359.074833][ T9544]  netlink_unicast+0x53c/0x7f0
[  359.079619][ T9544]  ? __pfx_netlink_unicast+0x10/0x10
[  359.084900][ T9544]  ? __sanitizer_cov_trace_cmp8+0xe/0x20
[  359.090544][ T9544]  netlink_sendmsg+0x8b8/0xd70
[  359.095317][ T9544]  ? __pfx_netlink_sendmsg+0x10/0x10
[  359.100604][ T9544]  sock_write_iter+0x4fe/0x5b0
[  359.105366][ T9544]  ? __pfx_sock_write_iter+0x10/0x10
[  359.110687][ T9544]  ? bpf_lsm_file_permission+0x9/0x10
[  359.116091][ T9544]  ? security_file_permission+0x71/0x210
[  359.121748][ T9544]  vfs_write+0x5ae/0x1150
[  359.126070][ T9544]  ? __pfx_sock_write_iter+0x10/0x10
[  359.131357][ T9544]  ? __pfx_vfs_write+0x10/0x10
[  359.136128][ T9544]  ? __fget_files+0x40/0x3a0
[  359.140717][ T9544]  ksys_write+0x207/0x250
[  359.145047][ T9544]  ? __pfx_ksys_write+0x10/0x10
[  359.149891][ T9544]  ? rcu_is_watching+0x12/0xc0
[  359.154655][ T9544]  do_syscall_64+0xcd/0x250
[  359.159155][ T9544]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.165048][ T9544] RIP: 0033:0x7f2112585d29
[  359.169449][ T9544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.189142][ T9544] RSP: 002b:00007f21132d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  359.197545][ T9544] RAX: ffffffffffffffda RBX: 00007f2112776080 RCX: 00007f2112585d29
[  359.205507][ T9544] RDX: 0000000000000024 RSI: 0000000020000000 RDI: 0000000000000003
[  359.214077][ T9544] RBP: 00007f21132d0090 R08: 0000000000000000 R09: 0000000000000000
[  359.222057][ T9544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.230026][ T9544] R13: 0000000000000000 R14: 00007f2112776080 R15: 00007fff2d68da28
[  359.238008][ T9544]  </TASK>
[  359.753376][ T9549] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1050'.
[  359.885409][ T9549] overlay: filesystem on ./bus not supported as upperdir
[  360.022079][ T5867] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  360.250351][ T5867] usb 3-1: Using ep0 maxpacket: 8
[  360.370910][ T5867] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  360.461518][ T5867] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  360.500157][ T5867] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  360.551978][ T5867] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  360.580205][ T5867] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  360.606791][ T5867] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  360.625379][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  363.179427][ T9570] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  363.246095][ T9570] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  364.697652][ T3147] usb 3-1: USB disconnect, device number 21
[  365.039384][   T29] audit: type=1400 audit(2000000203.050:508): avc:  denied  { ioctl } for  pid=9587 comm="syz.3.1060" path="socket:[22319]" dev="sockfs" ino=22319 ioctlcmd=0x8923 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  365.064365][    C1] vkms_vblank_simulate: vblank timer overrun
[  365.071141][ T9588] @: renamed from vlan0 (while UP)
[  365.103466][   T29] audit: type=1400 audit(2000000203.110:509): avc:  denied  { map } for  pid=9587 comm="syz.3.1060" path="/dev/dri/card0" dev="devtmpfs" ino=627 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  365.127055][    C1] vkms_vblank_simulate: vblank timer overrun
[  365.779485][   T29] audit: type=1400 audit(2000000203.790:510): avc:  denied  { setopt } for  pid=9594 comm="syz.2.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  367.450819][ T9610] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1068'.
[  367.506738][ T9610] overlay: filesystem on ./bus not supported as upperdir
[  368.182009][ T3147] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  368.543212][ T3147] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.561865][ T3147] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.586525][ T3147] usb 1-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00
[  368.606365][ T3147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.637040][ T3147] usb 1-1: config 0 descriptor??
[  368.642288][ T5867] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  368.808170][ T5867] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[  368.834639][ T5867] usb 2-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=51.38
[  368.852257][ T5867] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.881060][ T5867] usb 2-1: Product: syz
[  368.891172][ T5867] usb 2-1: Manufacturer: syz
[  368.911932][ T5867] usb 2-1: SerialNumber: syz
[  368.920218][ T5867] usb 2-1: config 0 descriptor??
[  369.070438][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.092260][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.099698][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.123679][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.147690][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.173104][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.202963][ T3147] logitech 0003:046D:CA04.0003: unknown main item tag 0x0
[  369.202991][ T5911] usb 2-1: USB disconnect, device number 22
[  369.279106][ T9646] program syz.2.1077 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  369.302849][ T9646] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  369.621364][ T3147] logitech 0003:046D:CA04.0003: hidraw0: USB HID v0.00 Device [HID 046d:ca04] on usb-dummy_hcd.0-1/input0
[  369.682581][ T3147] logitech 0003:046D:CA04.0003: no inputs found
[  369.987955][ T3147] usb 1-1: USB disconnect, device number 28
[  370.341070][ T9662] atomic_op ffff88807ebf5998 conn xmit_atomic 0000000000000000
[  370.632794][   T29] audit: type=1400 audit(2000000208.640:511): avc:  denied  { module_load } for  pid=9666 comm="syz.3.1083" path="/sys/power/pm_trace" dev="sysfs" ino=1385 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  371.443743][   T29] audit: type=1400 audit(2000000209.460:512): avc:  denied  { read } for  pid=9679 comm="syz.1.1087" path="socket:[22559]" dev="sockfs" ino=22559 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  372.433960][ T9695] fuse: Bad value for 'fd'
[  372.450707][   T29] audit: type=1326 audit(2000000210.460:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9694 comm="syz.4.1092" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x0
[  374.081670][ T9714] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1097'.
[  374.217744][ T9700] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  374.898336][   T29] audit: type=1400 audit(2000000212.910:514): avc:  denied  { listen } for  pid=9719 comm="syz.2.1099" lport=42198 faddr=::ffff:172.20.255.187 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  376.036211][   T29] audit: type=1400 audit(2000000214.050:515): avc:  denied  { associate } for  pid=9721 comm="syz.4.1100" name="nullb0" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[  376.496593][   T29] audit: type=1400 audit(2000000214.510:516): avc:  denied  { ioctl } for  pid=9745 comm="syz.1.1106" path="socket:[22655]" dev="sockfs" ino=22655 ioctlcmd=0xf504 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  378.042871][   T29] audit: type=1400 audit(2000000216.040:517): avc:  denied  { create } for  pid=9759 comm="syz.4.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  378.207008][   T29] audit: type=1400 audit(2000000216.050:518): avc:  denied  { write } for  pid=9759 comm="syz.4.1110" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  378.461271][    C1] vkms_vblank_simulate: vblank timer overrun
[  379.183008][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  379.189357][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  380.868591][   T29] audit: type=1400 audit(2000000218.820:519): avc:  denied  { getattr } for  pid=9783 comm="syz.2.1117" path="socket:[22689]" dev="sockfs" ino=22689 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  381.014002][   T25] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  381.039506][ T9786] tc_dump_action: action bad kind
[  381.257365][   T25] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config
[  381.289656][   T25] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  381.300863][   T25] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.339614][   T29] audit: type=1400 audit(2000000219.340:520): avc:  denied  { setopt } for  pid=9785 comm="syz.0.1118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  381.359033][    C1] vkms_vblank_simulate: vblank timer overrun
[  381.422609][   T25] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[  381.529453][    C0] Unknown status report in ack skb
[  381.739223][ T3147] usb 2-1: USB disconnect, device number 23
[  382.451969][   T25] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  382.586064][   T25] usb 1-1: device descriptor read/64, error -71
[  382.625415][ T9811] netlink: 'syz.1.1125': attribute type 8 has an invalid length.
[  382.635674][ T9811] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1125'.
[  382.700632][   T29] audit: type=1400 audit(2000000220.710:521): avc:  denied  { mount } for  pid=9810 comm="syz.1.1125" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  382.861965][   T25] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  382.992108][   T25] usb 1-1: device descriptor read/64, error -71
[  383.104074][   T25] usb usb1-port1: attempt power cycle
[  383.452445][   T25] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  383.516668][   T25] usb 1-1: device descriptor read/8, error -71
[  383.636740][ T9830] syz.1.1131[9830] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  383.636799][ T9830] syz.1.1131[9830] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  383.690099][ T9830] syz.1.1131[9830] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  383.721371][ T9830] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=61 sclass=netlink_route_socket pid=9830 comm=syz.1.1131
[  383.731993][   T29] audit: type=1400 audit(2000000221.730:522): avc:  denied  { bind } for  pid=9829 comm="syz.1.1131" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  383.802954][   T29] audit: type=1400 audit(2000000221.730:523): avc:  denied  { name_bind } for  pid=9829 comm="syz.1.1131" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  383.830999][   T29] audit: type=1400 audit(2000000221.730:524): avc:  denied  { node_bind } for  pid=9829 comm="syz.1.1131" src=28196 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  384.266251][   T29] audit: type=1400 audit(2000000222.280:525): avc:  denied  { shutdown } for  pid=9838 comm="syz.1.1134" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  385.025324][   T29] audit: type=1400 audit(2000000223.040:526): avc:  denied  { mount } for  pid=9845 comm="syz.0.1136" name="/" dev="configfs" ino=1069 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[  385.393775][ T9853] netlink: 'syz.1.1138': attribute type 1 has an invalid length.
[  386.063928][   T29] audit: type=1400 audit(2000000224.080:527): avc:  denied  { mounton } for  pid=9856 comm="syz.0.1139" path="/240/file0/bus" dev="ramfs" ino=23828 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  386.089438][ T9857] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  386.105369][ T9857] overlayfs: failed to set xattr on upper
[  386.120079][ T9857] overlayfs: ...falling back to redirect_dir=nofollow.
[  386.127811][ T9857] overlayfs: ...falling back to index=off.
[  386.142026][ T9857] overlayfs: ...falling back to uuid=null.
[  386.702480][ T9853] workqueue: Failed to create a rescuer kthread for wq "bond4": -EINTR
[  386.810858][ T9871] cgroup: No subsys list or none specified
[  387.055586][ T9884] netdevsim netdevsim1: Direct firmware load for � failed with error -2
[  387.064518][ T9884] netdevsim netdevsim1: Falling back to sysfs fallback for: �
[  387.112050][ T3147] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  387.368305][ T9886] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1147'.
[  387.384513][ T9886] netlink: 'syz.4.1147': attribute type 18 has an invalid length.
[  387.651140][ T3147] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  387.666806][ T3147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  387.718627][ T3147] usb 4-1: config 0 descriptor??
[  388.639114][ T9875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  388.652762][ T9875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  388.778392][ T3147] ath6kl: Failed to submit usb control message: -110
[  388.801171][ T3147] ath6kl: unable to send the bmi data to the device: -110
[  388.852119][ T3147] ath6kl: Unable to send get target info: -110
[  388.923898][ T3147] ath6kl: Failed to init ath6kl core: -110
[  388.936805][ T3147] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110
[  388.988573][ T9909] netlink: 'syz.4.1154': attribute type 1 has an invalid length.
[  389.053015][ T9875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  389.061553][ T9875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  389.082261][ T9909] 8021q: adding VLAN 0 to HW filter on device bond3
[  389.143281][   T29] audit: type=1400 audit(2000000227.150:528): avc:  denied  { read write } for  pid=9874 comm="syz.3.1145" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  389.216368][   T29] audit: type=1400 audit(2000000227.150:529): avc:  denied  { open } for  pid=9874 comm="syz.3.1145" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  389.317329][   T29] audit: type=1400 audit(2000000227.310:530): avc:  denied  { getopt } for  pid=9874 comm="syz.3.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  389.357954][ T9906] mmap: syz.3.1145 (9906) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  390.030745][   T29] audit: type=1400 audit(2000000228.040:531): avc:  denied  { connect } for  pid=9918 comm="syz.2.1157" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  390.284598][ T9904] trusted_key: encrypted_key: insufficient parameters specified
[  390.740714][    T8] usb 4-1: USB disconnect, device number 16
[  391.298961][ T9933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1161'.
[  391.631017][ T9946] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1162'.
[  391.641017][ T9946] netlink: 'syz.3.1162': attribute type 18 has an invalid length.
[  392.048297][ T9948] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1164'.
[  392.058844][ T9948] netlink: 'syz.2.1164': attribute type 18 has an invalid length.
[  392.524365][ T9953] netlink: 'syz.3.1166': attribute type 1 has an invalid length.
[  392.579916][ T9953] 8021q: adding VLAN 0 to HW filter on device bond1
[  394.708297][ T9976] sp0: Synchronizing with TNC
[  394.714457][ T9976] sp0: Found TNC
[  394.835663][ T9987] FAULT_INJECTION: forcing a failure.
[  394.835663][ T9987] name failslab, interval 1, probability 0, space 0, times 0
[  394.848624][ T9987] CPU: 0 UID: 0 PID: 9987 Comm: syz.2.1174 Not tainted 6.13.0-rc4-syzkaller #0
[  394.857681][ T9987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  394.867763][ T9987] Call Trace:
[  394.871226][ T9987]  <TASK>
[  394.874222][ T9987]  dump_stack_lvl+0x16c/0x1f0
[  394.878927][ T9987]  should_fail_ex+0x497/0x5b0
[  394.883638][ T9987]  ? fs_reclaim_acquire+0xae/0x150
[  394.888758][ T9987]  should_failslab+0xc2/0x120
[  394.893539][ T9987]  __kmalloc_node_noprof+0xd1/0x510
[  394.898847][ T9987]  ? __kvmalloc_node_noprof+0xad/0x1a0
[  394.900568][ T9975] [U] �`
[  394.904335][ T9987]  __kvmalloc_node_noprof+0xad/0x1a0
[  394.912600][ T9987]  alloc_fdtable+0x158/0x2b0
[  394.917310][ T9987]  dup_fd+0x83b/0xb90
[  394.921356][ T9987]  ? _raw_spin_unlock+0x3e/0x50
[  394.926331][ T9987]  ? copy_fs_struct+0x2a0/0x340
[  394.931292][ T9987]  ksys_unshare+0x833/0xa40
[  394.935813][ T9987]  ? __pfx_ksys_unshare+0x10/0x10
[  394.940934][ T9987]  ? ksys_write+0x1ba/0x250
[  394.945457][ T9987]  __x64_sys_unshare+0x31/0x40
[  394.950240][ T9987]  do_syscall_64+0xcd/0x250
[  394.954776][ T9987]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.960692][ T9987] RIP: 0033:0x7f2112585d29
[  394.965114][ T9987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  394.984729][ T9987] RSP: 002b:00007f21103f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[  394.993149][ T9987] RAX: ffffffffffffffda RBX: 00007f2112776160 RCX: 00007f2112585d29
[  395.001129][ T9987] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000002a020400
[  395.009190][ T9987] RBP: 00007f21103f6090 R08: 0000000000000000 R09: 0000000000000000
[  395.017211][ T9987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  395.025209][ T9987] R13: 0000000000000000 R14: 00007f2112776160 R15: 00007fff2d68da28
[  395.033485][ T9987]  </TASK>
[  395.189475][ T9991] xt_HMARK: spi-set and port-set can't be combined
[  395.676688][T10005] netlink: 'syz.2.1183': attribute type 1 has an invalid length.
[  396.319842][T10005] 8021q: adding VLAN 0 to HW filter on device bond3
[  396.625939][T10026] Mount JFS Failure: -22
[  396.630654][T10026] jfs_mount failed w/return code = -22
[  397.141372][T10032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1189'.
[  397.751337][T10047] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1196'.
[  397.820843][T10051] netlink: 'syz.4.1197': attribute type 1 has an invalid length.
[  397.874020][T10051] 8021q: adding VLAN 0 to HW filter on device bond4
[  397.982114][ T5826] Bluetooth: hci4: command 0x0405 tx timeout
[  398.036825][   T29] audit: type=1400 audit(2000000236.040:532): avc:  denied  { create } for  pid=10055 comm="syz.4.1199" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  398.411880][  T969] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  399.227243][T10069] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1200'.
[  399.237136][T10069] netlink: 'syz.2.1200': attribute type 18 has an invalid length.
[  399.351994][  T969] usb 1-1: Using ep0 maxpacket: 16
[  399.362779][  T969] usb 1-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  399.375397][  T969] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  399.391688][  T969] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  399.421010][  T969] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  399.430469][  T969] usb 1-1: Product: syz
[  399.435593][  T969] usb 1-1: Manufacturer: syz
[  399.442293][  T969] usb 1-1: SerialNumber: syz
[  399.724084][T10085] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1208'.
[  399.870436][  T969] usb 1-1: invalid UAC_HEADER (v1)
[  399.918750][  T969] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -22
[  399.990438][   T29] audit: type=1326 audit(2000000238.000:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10090 comm="syz.4.1211" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb058b85d29 code=0x0
[  400.128838][ T9626] udevd[9626]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  400.390590][  T969] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  400.408017][   T29] audit: type=1400 audit(2000000238.390:534): avc:  denied  { write } for  pid=10106 comm="syz.1.1213" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  400.636660][  T969] usb 4-1: Using ep0 maxpacket: 8
[  400.650197][  T969] usb 4-1: config 0 has an invalid interface number: 186 but max is 0
[  400.682809][  T969] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.692187][ T5866] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  400.693177][  T969] usb 4-1: config 0 has no interface number 0
[  400.706804][  T969] usb 4-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  400.717797][  T969] usb 4-1: config 0 interface 186 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  400.736430][  T969] usb 4-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  400.745742][  T969] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.754043][  T969] usb 4-1: Product: syz
[  400.759476][  T969] usb 4-1: Manufacturer: syz
[  400.764573][  T969] usb 4-1: SerialNumber: syz
[  400.800135][T10113] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1215'.
[  400.817304][  T969] usb 4-1: config 0 descriptor??
[  400.830088][  T969] iowarrior 4-1:0.186: no interrupt-in endpoint found
[  400.905545][ T5866] usb 2-1: config index 0 descriptor too short (expected 4114, got 18)
[  401.467853][ T5866] usb 2-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=51.38
[  401.525492][ T5866] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.535783][ T5866] usb 2-1: Product: syz
[  401.726412][ T5866] usb 2-1: Manufacturer: syz
[  401.731051][ T5866] usb 2-1: SerialNumber: syz
[  401.769625][  T969] usb 1-1: USB disconnect, device number 33
[  401.770228][ T5866] usb 2-1: config 0 descriptor??
[  401.788585][T10100] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1212'.
[  401.798313][T10100] 0�X���: renamed from caif0
[  401.846852][T10100] 0�X���: entered allmulticast mode
[  401.846864][T10100] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  401.907259][ T5864] usb 4-1: USB disconnect, device number 17
[  402.029757][ T5911] usb 2-1: USB disconnect, device number 24
[  402.561474][T10134] FAULT_INJECTION: forcing a failure.
[  402.561474][T10134] name failslab, interval 1, probability 0, space 0, times 0
[  402.577419][T10134] CPU: 1 UID: 0 PID: 10134 Comm: syz.0.1221 Not tainted 6.13.0-rc4-syzkaller #0
[  402.581506][T10136] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1222'.
[  402.586464][T10134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  402.586482][T10134] Call Trace:
[  402.586490][T10134]  <TASK>
[  402.586498][T10134]  dump_stack_lvl+0x16c/0x1f0
[  402.586534][T10134]  should_fail_ex+0x497/0x5b0
[  402.586561][T10134]  ? fs_reclaim_acquire+0xae/0x150
[  402.586583][T10134]  should_failslab+0xc2/0x120
[  402.586606][T10134]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  402.586630][T10134]  ? __alloc_skb+0x2b1/0x380
[  402.586660][T10134]  __alloc_skb+0x2b1/0x380
[  402.586688][T10134]  ? __pfx___alloc_skb+0x10/0x10
[  402.586719][T10134]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  402.586751][T10134]  netlink_alloc_large_skb+0x69/0x130
[  402.661978][T10134]  netlink_sendmsg+0x689/0xd70
[  402.667110][T10134]  ? __pfx_netlink_sendmsg+0x10/0x10
[  402.672406][T10134]  ____sys_sendmsg+0xaaf/0xc90
[  402.677169][T10134]  ? copy_msghdr_from_user+0x10b/0x160
[  402.682627][T10134]  ? __pfx_____sys_sendmsg+0x10/0x10
[  402.687963][T10134]  ___sys_sendmsg+0x135/0x1e0
[  402.693097][T10134]  ? __pfx____sys_sendmsg+0x10/0x10
[  402.698316][T10134]  ? __pfx_lock_release+0x10/0x10
[  402.703422][T10134]  ? trace_lock_acquire+0x14e/0x1f0
[  402.708714][T10134]  ? __fget_files+0x206/0x3a0
[  402.713491][T10134]  __sys_sendmsg+0x16e/0x220
[  402.718072][T10134]  ? __pfx___sys_sendmsg+0x10/0x10
[  402.723195][T10134]  do_syscall_64+0xcd/0x250
[  402.727708][T10134]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.733616][T10134] RIP: 0033:0x7f571b785d29
[  402.738022][T10134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.757707][T10134] RSP: 002b:00007f571c594038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  402.766211][T10134] RAX: ffffffffffffffda RBX: 00007f571b976080 RCX: 00007f571b785d29
[  402.774260][T10134] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007
[  402.782220][T10134] RBP: 00007f571c594090 R08: 0000000000000000 R09: 0000000000000000
[  402.790457][T10134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  402.798502][T10134] R13: 0000000000000000 R14: 00007f571b976080 R15: 00007fff31e9b158
[  402.806473][T10134]  </TASK>
[  402.809491][    C1] vkms_vblank_simulate: vblank timer overrun
[  402.871937][ T5866] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  402.907365][T10139] netlink: 'syz.1.1223': attribute type 11 has an invalid length.
[  403.023335][ T5866] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  403.034869][ T5866] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  403.059312][ T5866] usb 4-1: config 0 has no interface number 0
[  403.069107][ T5866] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10
[  403.086212][ T5866] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  403.096520][ T5866] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  403.110014][ T5866] usb 4-1: config 0 interface 52 has no altsetting 0
[  403.140816][ T5866] usb 4-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00
[  403.148788][T10144] vivid-002: disconnect
[  403.150087][ T5866] usb 4-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35
[  403.165469][ T5866] usb 4-1: Product: syz
[  403.169746][ T5866] usb 4-1: Manufacturer: syz
[  403.179968][ T5866] usb 4-1: SerialNumber: syz
[  403.192874][ T5866] usb 4-1: config 0 descriptor??
[  403.197053][T10140] vivid-002: reconnect
[  403.405618][ T5866] synaptics_usb 4-1:0.52: synusb_open - usb_submit_urb failed, error: -90
[  403.417430][ T5866] synaptics_usb 4-1:0.52: probe with driver synaptics_usb failed with error -5
[  403.572064][  T969] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  403.632613][ T5911] usb 4-1: USB disconnect, device number 18
[  403.641399][T10149] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  403.681668][T10156] hugetlbfs: syz.4.1231 (10156): Using mlock ulimits for SHM_HUGETLB is obsolete
[  403.683062][T10149] 9p: Unknown Cache mode or invalid value 0file1
[  403.731953][  T969] usb 3-1: Using ep0 maxpacket: 16
[  403.739275][  T969] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  403.753284][  T969] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  403.879079][T10160] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1233'.
[  403.927621][  T969] usb 3-1: New USB device found, idVendor=0b57, idProduct=2bbd, bcdDevice=e7.cc
[  403.937771][  T969] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.946656][  T969] usb 3-1: Product: syz
[  403.951028][  T969] usb 3-1: Manufacturer: syz
[  403.955785][  T969] usb 3-1: SerialNumber: syz
[  403.962562][  T969] usb 3-1: config 0 descriptor??
[  403.970785][  T969] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  404.485749][  T969] usb 3-1: USB disconnect, device number 22
[  404.731286][   T29] audit: type=1400 audit(2000000242.740:535): avc:  denied  { ioctl } for  pid=10166 comm="syz.4.1236" path="socket:[23439]" dev="sockfs" ino=23439 ioctlcmd=0x89f0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  405.152068][ T5911] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  405.185506][T10188] fuseblk: Unknown parameter 'use��Z|'
[  405.185760][   T29] audit: type=1400 audit(2000000243.200:536): avc:  denied  { bind } for  pid=10187 comm="syz.2.1242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  405.562844][   T29] audit: type=1400 audit(2000000243.330:537): avc:  denied  { read } for  pid=10187 comm="syz.2.1242" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  405.684623][   T29] audit: type=1400 audit(2000000243.340:538): avc:  denied  { open } for  pid=10187 comm="syz.2.1242" path="/228/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  405.730509][T10189] block device autoloading is deprecated and will be removed.
[  405.763341][ T5911] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  405.773575][ T5911] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  405.786174][ T5911] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.818338][T10194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1244'.
[  405.839800][T10172] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  405.869246][ T5911] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  407.226789][   T29] audit: type=1400 audit(2000000245.240:539): avc:  denied  { read } for  pid=10170 comm="syz.0.1238" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  407.249899][   T29] audit: type=1400 audit(2000000245.240:540): avc:  denied  { open } for  pid=10170 comm="syz.0.1238" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  407.276160][    T8] usb 1-1: USB disconnect, device number 34
[  407.289925][T10208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1246'.
[  407.299756][T10208] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1246'.
[  408.441041][T10227] overlayfs: missing 'workdir'
[  408.556842][   T29] audit: type=1400 audit(2000000246.410:541): avc:  denied  { getopt } for  pid=10226 comm="syz.2.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  409.165685][T10236] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1257'.
[  409.192044][ T5866] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  409.362771][ T5866] usb 3-1: Using ep0 maxpacket: 32
[  409.386575][ T5866] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  409.467641][ T5866] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  409.545686][ T5866] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.568104][ T5866] usb 3-1: Product: syz
[  409.572462][ T5866] usb 3-1: Manufacturer: syz
[  409.577419][ T5866] usb 3-1: SerialNumber: syz
[  409.620002][ T5866] usb 3-1: config 0 descriptor??
[  409.632306][ T5866] usb 3-1: bad CDC descriptors
[  409.637718][ T5866] usb 3-1: unsupported MDLM descriptors
[  409.763042][T10246] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1259'.
[  409.777630][T10246] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1259'.
[  409.787869][T10246] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1259'.
[  409.797741][T10246] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1259'.
[  409.811976][T10247] block nbd3: Device being setup by another task
[  409.851280][  T969] usb 3-1: USB disconnect, device number 23
[  410.527724][ T5826] block nbd3: Receive control failed (result -32)
[  410.539305][T10247] block nbd3: shutting down sockets
[  410.706631][   T29] audit: type=1400 audit(2000000248.720:542): avc:  denied  { create } for  pid=10259 comm="syz.0.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  410.730183][   T29] audit: type=1400 audit(2000000248.740:543): avc:  denied  { append } for  pid=10259 comm="syz.0.1266" name="rtc0" dev="devtmpfs" ino=921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  410.762056][    T8] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  410.912700][    T8] usb 3-1: Using ep0 maxpacket: 8
[  411.128440][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  411.136381][   T29] audit: type=1400 audit(2000000249.150:544): avc:  denied  { accept } for  pid=10259 comm="syz.0.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  411.168274][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  411.178619][    T8] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  411.188174][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  411.193277][   T29] audit: type=1400 audit(2000000249.210:545): avc:  denied  { write } for  pid=10262 comm="syz.1.1267" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  411.326472][   T29] audit: type=1400 audit(2000000249.240:546): avc:  denied  { connect } for  pid=10259 comm="syz.0.1266" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  411.374988][    T8] usb 3-1: config 0 descriptor??
[  411.475097][T10276] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1270'.
[  412.670930][   T29] audit: type=1326 audit(2000000250.670:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10283 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7fc00000
[  412.694641][    C0] vkms_vblank_simulate: vblank timer overrun
[  412.701503][  T969] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  412.768937][T10287] @: renamed from vlan0 (while UP)
[  412.813916][   T29] audit: type=1326 audit(2000000250.670:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10283 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f571b785d29 code=0x7fc00000
[  412.843935][   T29] audit: type=1326 audit(2000000250.670:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10283 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7fc00000
[  412.903941][   T29] audit: type=1326 audit(2000000250.670:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10283 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7fc00000
[  412.927404][    C0] vkms_vblank_simulate: vblank timer overrun
[  412.963351][  T969] usb 4-1: Using ep0 maxpacket: 8
[  412.981508][  T969] usb 4-1: config 0 has an invalid interface number: 52 but max is 0
[  413.000544][  T969] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  413.001955][   T29] audit: type=1326 audit(2000000250.680:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10283 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7fc00000
[  413.161876][  T969] usb 4-1: config 0 has no interface number 0
[  413.180267][  T969] usb 4-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  413.197426][  T969] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  413.452042][  T969] usb 4-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  413.467783][  T969] usb 4-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  413.483012][  T969] usb 4-1: config 0 interface 52 has no altsetting 0
[  413.490060][  T969] usb 4-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  413.499677][  T969] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.642340][  T969] usb 4-1: config 0 descriptor??
[  414.245048][  T969] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.52/input/input22
[  414.362062][    T8] usbhid 3-1:0.0: can't add hid device: -71
[  414.368373][    T8] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  414.761988][    T8] usb 3-1: USB disconnect, device number 24
[  414.801940][ T5864] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  414.861432][T10307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1281'.
[  415.172070][ T5864] usb 2-1: Using ep0 maxpacket: 8
[  415.182637][ T5864] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  415.216145][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.301965][ T5864] usb 2-1: Product: syz
[  415.306175][ T5864] usb 2-1: Manufacturer: syz
[  415.311519][ T5864] usb 2-1: SerialNumber: syz
[  415.330402][ T5866] usb 4-1: USB disconnect, device number 19
[  415.346087][ T5864] usb 2-1: config 0 descriptor??
[  415.466206][T10317] overlayfs: failed to clone upperpath
[  415.472995][ T3147] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  415.621917][ T3147] usb 1-1: Using ep0 maxpacket: 8
[  415.926672][ T5864] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  415.949638][ T3147] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  415.959289][ T3147] usb 1-1: config 0 has no interface number 0
[  415.979550][ T3147] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  416.012265][ T3147] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  416.041085][ T3147] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  416.060820][ T3147] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  416.074076][ T3147] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  416.083739][ T3147] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.096914][T10330] netdevsim netdevsim4: Direct firmware load for � failed with error -2
[  416.106095][T10330] netdevsim netdevsim4: Falling back to sysfs fallback for: �
[  416.138377][ T3147] usb 1-1: config 0 descriptor??
[  416.149181][   T29] kauditd_printk_skb: 146 callbacks suppressed
[  416.149198][   T29] audit: type=1400 audit(2000000254.160:698): avc:  denied  { read } for  pid=10321 comm="syz.4.1286" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1
[  416.184316][ T3147] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  416.272027][    T8] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  416.414121][   T29] audit: type=1400 audit(2000000254.430:699): avc:  denied  { create } for  pid=10312 comm="syz.0.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  416.438129][   T29] audit: type=1400 audit(2000000254.450:700): avc:  denied  { write } for  pid=10312 comm="syz.0.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  416.446235][    T8] usb 4-1: Using ep0 maxpacket: 8
[  416.464078][ T5908] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  416.476247][   T29] audit: type=1400 audit(2000000254.490:701): avc:  denied  { getopt } for  pid=10312 comm="syz.0.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  416.476554][    T8] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  416.539425][    T9] usb 1-1: USB disconnect, device number 35
[  416.548481][    T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  416.558912][    T9] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  416.567118][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  416.578222][    T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  416.588467][    T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  416.601547][    T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  416.610937][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.621870][ T5908] usb 3-1: Using ep0 maxpacket: 8
[  416.628763][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.641563][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.652340][ T5908] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  416.661511][ T5908] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.672306][ T5908] usb 3-1: config 0 descriptor??
[  416.852904][    T8] usb 4-1: usb_control_msg returned -32
[  416.858864][    T8] usbtmc 4-1:16.0: can't read capabilities
[  417.300988][   T29] audit: type=1326 audit(2000000255.310:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7ffc0000
[  417.352441][   T29] audit: type=1326 audit(2000000255.310:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7ffc0000
[  417.386259][   T29] audit: type=1326 audit(2000000255.340:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f571b785d29 code=0x7ffc0000
[  417.396773][T10345] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1293'.
[  417.409909][    C0] vkms_vblank_simulate: vblank timer overrun
[  417.415261][   T29] audit: type=1326 audit(2000000255.340:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7ffc0000
[  417.448387][    C0] vkms_vblank_simulate: vblank timer overrun
[  417.458456][   T29] audit: type=1326 audit(2000000255.340:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f571b785d29 code=0x7ffc0000
[  417.483763][   T29] audit: type=1326 audit(2000000255.340:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10342 comm="syz.0.1291" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f571b784690 code=0x7ffc0000
[  417.582411][ T3147] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  417.706239][T10355] netlink: 2 bytes leftover after parsing attributes in process `syz.4.1297'.
[  417.893185][ T3147] usb 1-1: Using ep0 maxpacket: 8
[  417.906430][ T5864] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  417.917006][ T5864] dvbdev: DVB: registering new adapter (Terratec H7)
[  417.924283][ T5864] usb 2-1: media controller created
[  417.930338][ T3147] usb 1-1: unable to get BOS descriptor or descriptor too short
[  417.939987][ T3147] usb 1-1: config 9 has an invalid interface number: 5 but max is 0
[  417.948839][ T3147] usb 1-1: config 9 has no interface number 0
[  417.957547][ T3147] usb 1-1: config 9 interface 5 altsetting 9 has an ignored endpoint with address 0x1, skipping
[  417.973905][ T3147] usb 1-1: config 9 interface 5 has no altsetting 0
[  417.995029][ T3147] usb 1-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8
[  418.008000][ T3147] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.017927][ T3147] usb 1-1: Product: syz
[  418.065712][ T5864] usb read operation failed. (-71)
[  418.077210][ T5864] dvb_usb_az6007 2-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  418.105145][ T5864] usb 2-1: USB disconnect, device number 25
[  418.117768][ T3147] usb 1-1: Manufacturer: syz
[  418.124665][ T3147] usb 1-1: SerialNumber: syz
[  418.364876][ T3147] usb 1-1: USB disconnect, device number 36
[  419.158128][    T9] usb 4-1: USB disconnect, device number 20
[  419.250105][ T5908] usbhid 3-1:0.0: can't add hid device: -71
[  419.298322][ T5908] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  419.332576][T10374] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1303'.
[  419.498540][T10376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  419.686571][ T5908] usb 3-1: USB disconnect, device number 25
[  419.804577][T10374] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1303'.
[  419.836235][T10374] netlink: 'syz.0.1303': attribute type 18 has an invalid length.
[  420.422633][T10397] openvswitch: netlink: Message has 8 unknown bytes.
[  421.317265][T10408] tmpfs: Unknown parameter 'usrqu}�ګ�.�%v
��9zota'
[  423.379459][ T5908] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  423.642383][ T5908] usb 4-1: Using ep0 maxpacket: 8
[  423.649086][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.660988][ T5908] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.672048][ T5908] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  424.061969][ T5911] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  424.294170][ T5908] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.352638][ T5908] usb 4-1: config 0 descriptor??
[  424.432863][ T5911] usb 2-1: Using ep0 maxpacket: 8
[  424.439915][ T5911] usb 2-1: config 0 has an invalid interface number: 52 but max is 0
[  424.448682][ T5911] usb 2-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  424.538008][ T5911] usb 2-1: config 0 has no interface number 0
[  424.551229][ T5911] usb 2-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  424.972831][ T5911] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  425.003706][ T5911] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  425.015140][ T5911] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  425.028127][ T5911] usb 2-1: config 0 interface 52 has no altsetting 0
[  425.035074][ T5911] usb 2-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  425.044577][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.102811][ T5911] usb 2-1: config 0 descriptor??
[  425.345639][ T5911] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.52/input/input23
[  426.331947][ T5908] usbhid 4-1:0.0: can't add hid device: -71
[  426.338178][ T5908] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  426.416014][ T5908] usb 4-1: USB disconnect, device number 21
[  426.702017][ T3147] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  426.919174][T10465] mmap: syz.0.1328 (10465): VmData 25841664 exceed data ulimit 6. Update limits or use boot option ignore_rlimit_data.
[  427.023967][ T3147] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.034931][ T3147] usb 3-1: config 0 has no interfaces?
[  427.040446][ T3147] usb 3-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00
[  427.051612][ T5908] usb 2-1: USB disconnect, device number 26
[  427.059852][ T3147] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  427.072601][ T3147] usb 3-1: config 0 descriptor??
[  429.259131][ T5864] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  429.423721][ T5864] usb 2-1: Using ep0 maxpacket: 32
[  429.432841][ T5864] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  429.442611][ T5864] usb 2-1: config 0 has no interface number 0
[  429.454424][ T5864] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  429.467853][ T5864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.508984][ T5864] usb 2-1: Product: syz
[  429.513418][ T5864] usb 2-1: Manufacturer: syz
[  429.518119][ T5864] usb 2-1: SerialNumber: syz
[  429.533644][ T5864] usb 2-1: config 0 descriptor??
[  429.544617][ T5864] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  430.457085][ T3147] usb 3-1: USB disconnect, device number 26
[  430.523302][T10512] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  430.541450][T10512] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  430.553732][ T5864] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  430.573045][ T5864] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  431.089246][    C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71
[  431.089832][ T5911] usb 2-1: USB disconnect, device number 27
[  431.290309][T10524] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  431.323850][T10516] capability: warning: `syz.2.1344' uses 32-bit capabilities (legacy support in use)
[  431.334939][T10516] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1344'.
[  431.348085][T10516] netlink: 140 bytes leftover after parsing attributes in process `syz.2.1344'.
[  431.358575][ T5908] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  431.521669][ T5911] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  431.535937][ T5911] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  431.549462][ T5911] quatech2 2-1:0.51: device disconnected
[  431.963711][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  431.975466][ T5908] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.985639][ T5908] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  432.011914][ T5908] usb 1-1: New USB device found, idVendor=05ac, idProduct=0272, bcdDevice= 0.00
[  432.027132][ T5908] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  432.045828][ T5908] usb 1-1: config 0 descriptor??
[  432.392178][T10545] delete_channel: no stack
[  432.409497][   T29] kauditd_printk_skb: 43 callbacks suppressed
[  432.409515][   T29] audit: type=1400 audit(2000000270.420:751): avc:  denied  { ioctl } for  pid=10542 comm="syz.3.1352" path="socket:[26273]" dev="sockfs" ino=26273 ioctlcmd=0xaa03 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  432.448834][ T5911] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  432.478640][ T5908] apple 0003:05AC:0272.0004: unbalanced collection at end of report description
[  432.489205][ T5908] apple 0003:05AC:0272.0004: parse failed
[  432.500423][ T5908] apple 0003:05AC:0272.0004: probe with driver apple failed with error -22
[  432.694389][   T29] audit: type=1400 audit(2000000270.700:752): avc:  denied  { mount } for  pid=10517 comm="syz.0.1345" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  433.727606][    T9] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  433.738727][ T5911] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  433.837815][ T5911] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  433.847868][ T5911] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  433.857091][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.871612][   T29] audit: type=1400 audit(2000000271.860:753): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  433.899946][T10537] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  433.902404][ T5908] usb 1-1: USB disconnect, device number 37
[  433.917812][ T5911] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  434.077744][    T9] usb 4-1: Using ep0 maxpacket: 32
[  434.133062][    T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  434.144305][    T9] usb 4-1: config 0 has no interface number 0
[  434.192238][ T5864] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  434.382209][ T5864] usb 3-1: Using ep0 maxpacket: 8
[  434.398368][    T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  434.408298][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.415963][ T5864] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  434.428175][ T5864] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  434.432485][    T9] usb 4-1: Product: syz
[  434.442356][ T5864] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  434.454728][ T5864] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  434.482434][    T9] usb 4-1: Manufacturer: syz
[  434.487883][    T9] usb 4-1: SerialNumber: syz
[  434.491385][ T5864] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  434.494965][    T9] usb 4-1: config 0 descriptor??
[  434.515638][    T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  434.540576][ T5864] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  434.561967][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  434.726630][    T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  434.759491][    T9] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  434.821883][ T5864] usb 3-1: usb_control_msg returned -32
[  434.827545][ T5864] usbtmc 3-1:16.0: can't read capabilities
[  435.013268][ T5864] usb 2-1: USB disconnect, device number 28
[  435.040728][T10550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.050964][T10550] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.271649][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  435.273255][ T5864] usb 4-1: USB disconnect, device number 22
[  435.309197][ T5864] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  435.339372][ T5864] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  435.363553][ T5864] quatech2 4-1:0.51: device disconnected
[  436.217066][T10590] loop8: detected capacity change from 0 to 7
[  436.446288][T10590] Dev loop8: unable to read RDB block 7
[  436.455550][T10590]  loop8: unable to read partition table
[  436.480019][T10590] loop8: partition table beyond EOD, truncated
[  436.486645][T10590] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  436.486645][T10590] 
) failed (rc=-5)
[  436.595258][ T5864] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  437.275378][ T5908] usb 3-1: USB disconnect, device number 27
[  437.299264][ T5864] usb 1-1: Using ep0 maxpacket: 8
[  437.314060][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.351046][ T5864] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.367409][T10599] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1368'.
[  437.388444][ T5864] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00
[  437.567519][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.577728][ T5864] usb 1-1: config 0 descriptor??
[  438.136025][ T5864] kone 0003:1E7D:2CED.0005: item fetching failed at offset 2/5
[  438.145117][ T5864] kone 0003:1E7D:2CED.0005: parse failed
[  438.151412][ T5864] kone 0003:1E7D:2CED.0005: probe with driver kone failed with error -22
[  438.452056][ T5911] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  439.015383][ T5911] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  439.033085][ T5911] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.112873][ T5864] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  439.265207][ T5911] usb 2-1: config 0 descriptor??
[  439.273065][ T5911] gspca_main: cpia1-2.14.0 probing 0813:0001
[  439.402566][ T5864] usb 3-1: Using ep0 maxpacket: 8
[  439.422051][ T5866] usb 1-1: USB disconnect, device number 38
[  439.484194][ T5864] usb 3-1: config 0 has an invalid interface number: 52 but max is 0
[  439.502590][ T5864] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  439.529289][ T5864] usb 3-1: config 0 has no interface number 0
[  439.539731][ T5864] usb 3-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  439.571862][ T5864] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  439.583867][ T5864] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  439.600005][ T5864] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  439.622164][ T5864] usb 3-1: config 0 interface 52 has no altsetting 0
[  439.629274][ T5864] usb 3-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  439.642435][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  439.670351][ T5864] usb 3-1: config 0 descriptor??
[  439.676011][   T29] audit: type=1400 audit(2000000277.690:754): avc:  denied  { lock } for  pid=10622 comm="syz.0.1374" path="socket:[26444]" dev="sockfs" ino=26444 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  439.701012][ T5911] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  439.913614][ T5911] gspca_cpia1: usb_control_msg 01, error -71
[  439.926386][ T5911] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  439.932670][ T5864] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input24
[  439.952053][ T5911] usb 2-1: USB disconnect, device number 29
[  440.289480][T10632] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1375'.
[  440.300066][T10632] netlink: 'syz.3.1375': attribute type 18 has an invalid length.
[  440.462254][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  440.493073][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  441.206428][T10640] netlink: 'syz.1.1378': attribute type 10 has an invalid length.
[  441.276674][T10640] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.285434][T10640] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.310938][T10640] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.318663][T10640] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.326152][T10640] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.333384][T10640] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.830547][T10640] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  442.037514][ T5864] usb 3-1: USB disconnect, device number 28
[  445.603971][T10694] FAULT_INJECTION: forcing a failure.
[  445.603971][T10694] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  445.618004][T10694] CPU: 1 UID: 0 PID: 10694 Comm: syz.3.1392 Not tainted 6.13.0-rc4-syzkaller #0
[  445.627063][T10694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  445.637196][T10694] Call Trace:
[  445.640519][T10694]  <TASK>
[  445.643558][T10694]  dump_stack_lvl+0x16c/0x1f0
[  445.648331][T10694]  should_fail_ex+0x497/0x5b0
[  445.653006][T10694]  ? fs_reclaim_acquire+0xae/0x150
[  445.658110][T10694]  should_fail_alloc_page+0xe7/0x130
[  445.663445][T10694]  prepare_alloc_pages.constprop.0+0x16f/0x560
[  445.669610][T10694]  __alloc_pages_noprof+0x190/0x25b0
[  445.674895][T10694]  ? __pfx_mark_lock+0x10/0x10
[  445.679656][T10694]  ? find_held_lock+0x2d/0x110
[  445.684419][T10694]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  445.690131][T10694]  ? __pfx_lock_release+0x10/0x10
[  445.695169][T10694]  ? __lruvec_stat_mod_folio+0xa0/0x360
[  445.700716][T10694]  ? mark_held_locks+0x9f/0xe0
[  445.705474][T10694]  ? ___kmalloc_large_node+0x166/0x1b0
[  445.710935][T10694]  ? lockdep_hardirqs_on+0x7c/0x110
[  445.716137][T10694]  ? rcu_is_watching+0x12/0xc0
[  445.720991][T10694]  ___kmalloc_large_node+0x84/0x1b0
[  445.726194][T10694]  __kmalloc_large_noprof+0x1c/0x70
[  445.731403][T10694]  vhost_dev_set_owner+0x31a/0xa70
[  445.736521][T10694]  vhost_net_ioctl+0x690/0x16e0
[  445.741370][T10694]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  445.746647][T10694]  ? rcu_is_watching+0x12/0xc0
[  445.751415][T10694]  ? selinux_file_ioctl+0xb4/0x270
[  445.756523][T10694]  ? __pfx_vhost_net_ioctl+0x10/0x10
[  445.761904][T10694]  __x64_sys_ioctl+0x190/0x200
[  445.766663][T10694]  do_syscall_64+0xcd/0x250
[  445.771168][T10694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  445.777178][T10694] RIP: 0033:0x7f2dfe585d29
[  445.781583][T10694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  445.801199][T10694] RSP: 002b:00007f2dff3d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  445.809604][T10694] RAX: ffffffffffffffda RBX: 00007f2dfe776080 RCX: 00007f2dfe585d29
[  445.817652][T10694] RDX: 0000000000000000 RSI: 000040000000af01 RDI: 0000000000000007
[  445.825706][T10694] RBP: 00007f2dff3d5090 R08: 0000000000000000 R09: 0000000000000000
[  445.833666][T10694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  445.841630][T10694] R13: 0000000000000000 R14: 00007f2dfe776080 R15: 00007ffe6556e648
[  445.849775][T10694]  </TASK>
[  445.852821][    C1] vkms_vblank_simulate: vblank timer overrun
[  448.786534][T10736] fuse: Bad value for 'group_id'
[  448.792434][T10736] fuse: Bad value for 'group_id'
[  451.469749][T10759] lo speed is unknown, defaulting to 1000
[  451.475727][T10759] lo speed is unknown, defaulting to 1000
[  451.482936][T10759] lo speed is unknown, defaulting to 1000
[  451.492773][T10759] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  451.507781][T10759] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  451.719501][T10759] lo speed is unknown, defaulting to 1000
[  451.731005][T10759] lo speed is unknown, defaulting to 1000
[  451.741370][T10759] lo speed is unknown, defaulting to 1000
[  451.750900][T10759] lo speed is unknown, defaulting to 1000
[  451.761015][T10759] lo speed is unknown, defaulting to 1000
[  451.771061][T10759] lo speed is unknown, defaulting to 1000
[  452.235792][T10765] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  452.343500][ T5911] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  452.672313][ T5911] usb 2-1: Using ep0 maxpacket: 32
[  452.702284][ T5911] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  452.727291][ T5911] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  452.890040][ T5911] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  452.905075][T10774] netlink: 92 bytes leftover after parsing attributes in process `syz.2.1416'.
[  452.910752][ T5911] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.927560][ T5911] usb 2-1: Product: syz
[  452.937818][ T5911] usb 2-1: Manufacturer: ᮱着㙴瞸伲觿膳핇鞔꘺둠讝銂郑滬ꐨ⏹ㅒ矈詞폕䫕ꍾᙺⷤ噶ጣ켛ጱⶂ႖↻Ꮘ㠥༚䵋䋧뤰╓姣拙ƛ毎泙櫂ᣧᑰཝꡟ鈾棔쳥䔀꓊扻ਥ蔙䩆邗焀㈋鷎琵囓쾉마摮㡯꣚ᣔᔺ时뗵鄽꿨푈뭔몄絭続梐᳐ꆮࣥ㡘؃䯭乪
[  453.001976][ T5911] usb 2-1: SerialNumber: syz
[  453.414603][   T29] audit: type=1400 audit(2000000291.400:755): avc:  denied  { write } for  pid=10773 comm="syz.2.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  453.853303][   T29] audit: type=1400 audit(2000000291.870:756): avc:  denied  { setattr } for  pid=10753 comm="syz.1.1412" name="video36" dev="devtmpfs" ino=1044 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  455.592248][ T5911] cdc_ncm 2-1:1.0: bind() failure
[  455.602421][ T5911] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  455.609258][ T5911] cdc_ncm 2-1:1.1: bind() failure
[  455.690196][   T29] audit: type=1400 audit(2000000293.700:757): avc:  denied  { read } for  pid=10773 comm="syz.2.1416" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  455.691989][ T5911] usb 2-1: USB disconnect, device number 30
[  455.970546][ T3147] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  456.091441][T10811] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  456.515668][ T3147] usb 4-1: Using ep0 maxpacket: 8
[  456.548556][T10811] batadv_slave_0: entered promiscuous mode
[  456.598983][ T3147] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.610182][ T3147] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.626019][ T3147] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00
[  456.648393][ T3147] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.658817][ T3147] usb 4-1: config 0 descriptor??
[  456.841957][ T5864] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  457.121061][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  457.213195][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  457.371881][ T5864] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  457.386391][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.393930][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.401956][ T5864] usb 3-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  457.411372][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  457.419572][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.426660][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.433766][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.440757][ T3147] saitek 0003:06A3:0CCD.0006: unknown main item tag 0x0
[  457.456208][ T5864] usb 3-1: config 0 descriptor??
[  457.479906][ T3147] saitek 0003:06A3:0CCD.0006: hidraw0: USB HID v0.00 Device [HID 06a3:0ccd] on usb-dummy_hcd.3-1/input0
[  457.695989][ T3147] usb 4-1: USB disconnect, device number 23
[  458.001121][ T5864] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  458.015922][ T5864] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  458.026462][ T5864] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  458.036966][ T5864] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  458.048340][ T5864] prodikeys 0003:041E:2801.0007: unknown main item tag 0x0
[  458.058374][  T969] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  458.059881][ T5864] prodikeys 0003:041E:2801.0007: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.2-1/input0
[  458.221912][  T969] usb 2-1: Using ep0 maxpacket: 8
[  458.233943][  T969] usb 2-1: config 0 has an invalid interface number: 151 but max is 1
[  458.254831][  T969] usb 2-1: config 0 has no interface number 1
[  458.267451][  T969] usb 2-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  458.296411][  T969] usb 2-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  458.318666][  T969] usb 2-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  458.339008][  T969] usb 2-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  458.362994][  T969] usb 2-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  458.392747][T10836] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1437'.
[  458.403923][  T969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7
[  458.415690][  T969] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  458.429963][  T969] usb 2-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  458.439446][  T969] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.448033][  T969] usb 2-1: Product: syz
[  458.452527][  T969] usb 2-1: Manufacturer: syz
[  458.457389][  T969] usb 2-1: SerialNumber: syz
[  458.473144][  T969] usb 2-1: config 0 descriptor??
[  458.479387][T10831] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  458.492803][  T969] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  458.509109][  T969] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  458.516456][  T969] usb 2-1: invalid MIDI in EP 0
[  458.584578][  T969] snd-usb-audio 2-1:0.0: probe with driver snd-usb-audio failed with error -22
[  458.827184][  T969] usb 2-1: USB disconnect, device number 31
[  459.591852][ T5864] usb 3-1: USB disconnect, device number 29
[  461.280385][ T5864] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  461.523648][ T5864] usb 1-1: Using ep0 maxpacket: 8
[  461.530401][ T5864] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  461.543886][ T5864] usb 1-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  461.567965][ T5864] usb 1-1: config 0 has no interface number 0
[  461.582033][ T5864] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  461.594254][ T5864] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 48, changing to 9
[  461.606007][ T5864] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  461.617485][ T5864] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  461.630582][ T5864] usb 1-1: config 0 interface 52 has no altsetting 0
[  461.637555][ T5864] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  461.734535][ T5864] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.752333][ T5864] usb 1-1: config 0 descriptor??
[  462.024852][ T5864] input: USB Synaptics Device 06cb:0007 (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input25
[  462.569430][   T29] audit: type=1400 audit(2000000300.580:758): avc:  denied  { map } for  pid=10880 comm="syz.1.1451" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  462.596222][   T29] audit: type=1400 audit(2000000300.610:759): avc:  denied  { execute } for  pid=10880 comm="syz.1.1451" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  462.712909][T10884] 
[  462.715324][T10884] ======================================================
[  462.722536][T10884] WARNING: possible circular locking dependency detected
[  462.729541][T10884] 6.13.0-rc4-syzkaller #0 Not tainted
[  462.734902][T10884] ------------------------------------------------------
[  462.741908][T10884] syz.3.1452/10884 is trying to acquire lock:
[  462.747956][T10884] ffff88814438e7a8 (&q->sysfs_lock){+.+.}-{4:4}, at: __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  462.758383][T10884] 
[  462.758383][T10884] but task is already holding lock:
[  462.765865][T10884] ffff88814438e278 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x14e0
[  462.777335][T10884] 
[  462.777335][T10884] which lock already depends on the new lock.
[  462.777335][T10884] 
[  462.787746][T10884] 
[  462.787746][T10884] the existing dependency chain (in reverse order) is:
[  462.796758][T10884] 
[  462.796758][T10884] -> #4 (&q->q_usage_counter(io)#52){++++}-{0:0}:
[  462.805358][T10884]        blk_mq_submit_bio+0x1fb6/0x24c0
[  462.810997][T10884]        __submit_bio+0x384/0x540
[  462.816006][T10884]        submit_bio_noacct_nocheck+0x698/0xd70
[  462.822151][T10884]        submit_bio_noacct+0x93a/0x1e20
[  462.827689][T10884]        mpage_readahead+0x41d/0x590
[  462.832964][T10884]        read_pages+0x1a8/0xdc0
[  462.837814][T10884]        page_cache_ra_unbounded+0x3dc/0x750
[  462.843780][T10884]        force_page_cache_ra+0x24b/0x340
[  462.849400][T10884]        page_cache_sync_ra+0x110/0x9c0
[  462.854936][T10884]        filemap_get_pages+0xd7b/0x1be0
[  462.860467][T10884]        filemap_read+0x3ca/0xd70
[  462.865476][T10884]        blkdev_read_iter+0x187/0x480
[  462.870837][T10884]        vfs_read+0x87f/0xbe0
[  462.875501][T10884]        ksys_read+0x12b/0x250
[  462.880250][T10884]        do_syscall_64+0xcd/0x250
[  462.885268][T10884]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  462.891675][T10884] 
[  462.891675][T10884] -> #3 (mapping.invalidate_lock#2){.+.+}-{4:4}:
[  462.900187][T10884]        down_read+0x9a/0x330
[  462.904864][T10884]        page_cache_ra_unbounded+0x173/0x750
[  462.910829][T10884]        page_cache_ra_order+0x8f2/0xc80
[  462.916445][T10884]        filemap_fault+0x14a5/0x2820
[  462.921715][T10884]        __do_fault+0x10a/0x490
[  462.926556][T10884]        do_pte_missing+0xebd/0x3e00
[  462.931830][T10884]        __handle_mm_fault+0x103c/0x2a40
[  462.937455][T10884]        handle_mm_fault+0x3fa/0xaa0
[  462.942725][T10884]        __get_user_pages+0x8d9/0x3b50
[  462.948170][T10884]        get_user_pages_unlocked+0x1c2/0x780
[  462.954136][T10884]        hva_to_pfn+0x8be/0xc20
[  462.959000][T10884]        kvm_follow_pfn+0x29f/0x3f0
[  462.964186][T10884]        __kvm_faultin_pfn+0x11c/0x1a0
[  462.969633][T10884]        kvm_mmu_faultin_pfn+0x469/0x1f30
[  462.975339][T10884]        kvm_tdp_page_fault+0x182/0x3d0
[  462.980877][T10884]        kvm_mmu_do_page_fault+0x58d/0x690
[  462.986672][T10884]        kvm_mmu_page_fault+0x20f/0x1bb0
[  462.992304][T10884]        handle_ept_violation+0x25a/0x640
[  462.998037][T10884]        vmx_handle_exit+0x733/0x1f70
[  463.003408][T10884]        vcpu_run+0x3047/0x4f50
[  463.008247][T10884]        kvm_arch_vcpu_ioctl_run+0x44a/0x1740
[  463.014323][T10884]        kvm_vcpu_ioctl+0x6ce/0x1520
[  463.019688][T10884]        __x64_sys_ioctl+0x190/0x200
[  463.024965][T10884]        do_syscall_64+0xcd/0x250
[  463.029982][T10884]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.036425][T10884] 
[  463.036425][T10884] -> #2 (&mm->mmap_lock){++++}-{4:4}:
[  463.043976][T10884]        __might_fault+0x11b/0x190
[  463.049097][T10884]        _copy_from_user+0x29/0xd0
[  463.054201][T10884]        __blk_trace_setup+0xa8/0x180
[  463.059560][T10884]        blk_trace_ioctl+0x163/0x290
[  463.064825][T10884]        blkdev_ioctl+0x109/0x6d0
[  463.069842][T10884]        __x64_sys_ioctl+0x190/0x200
[  463.075128][T10884]        do_syscall_64+0xcd/0x250
[  463.080143][T10884]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.086550][T10884] 
[  463.086550][T10884] -> #1 (&q->debugfs_mutex){+.+.}-{4:4}:
[  463.094366][T10884]        __mutex_lock+0x19b/0xa60
[  463.099380][T10884]        blk_register_queue+0x13c/0x4f0
[  463.104924][T10884]        add_disk_fwnode+0x785/0x1300
[  463.110289][T10884]        brd_alloc.isra.0+0x5a2/0x840
[  463.115652][T10884]        brd_init+0x12b/0x1d0
[  463.120405][T10884]        do_one_initcall+0x128/0x700
[  463.125678][T10884]        kernel_init_freeable+0x5c7/0x900
[  463.131392][T10884]        kernel_init+0x1c/0x2b0
[  463.136231][T10884]        ret_from_fork+0x45/0x80
[  463.141160][T10884]        ret_from_fork_asm+0x1a/0x30
[  463.146437][T10884] 
[  463.146437][T10884] -> #0 (&q->sysfs_lock){+.+.}-{4:4}:
[  463.153982][T10884]        __lock_acquire+0x249e/0x3c40
[  463.159346][T10884]        lock_acquire.part.0+0x11b/0x380
[  463.164964][T10884]        __mutex_lock+0x19b/0xa60
[  463.169977][T10884]        __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.176464][T10884]        blk_mq_update_nr_hw_queues+0x2a/0x40
[  463.182518][T10884]        nbd_start_device+0x15b/0xd70
[  463.187875][T10884]        nbd_ioctl+0x21a/0xfd0
[  463.192623][T10884]        blkdev_ioctl+0x276/0x6d0
[  463.197638][T10884]        __x64_sys_ioctl+0x190/0x200
[  463.202919][T10884]        do_syscall_64+0xcd/0x250
[  463.207939][T10884]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.214353][T10884] 
[  463.214353][T10884] other info that might help us debug this:
[  463.214353][T10884] 
[  463.224564][T10884] Chain exists of:
[  463.224564][T10884]   &q->sysfs_lock --> mapping.invalidate_lock#2 --> &q->q_usage_counter(io)#52
[  463.224564][T10884] 
[  463.239332][T10884]  Possible unsafe locking scenario:
[  463.239332][T10884] 
[  463.246762][T10884]        CPU0                    CPU1
[  463.252114][T10884]        ----                    ----
[  463.257467][T10884]   lock(&q->q_usage_counter(io)#52);
[  463.262828][T10884]                                lock(mapping.invalidate_lock#2);
[  463.270621][T10884]                                lock(&q->q_usage_counter(io)#52);
[  463.278500][T10884]   lock(&q->sysfs_lock);
[  463.282812][T10884] 
[  463.282812][T10884]  *** DEADLOCK ***
[  463.282812][T10884] 
[  463.290937][T10884] 4 locks held by syz.3.1452/10884:
[  463.296117][T10884]  #0: ffff8881443b0998 (&nbd->config_lock){+.+.}-{4:4}, at: nbd_ioctl+0x151/0xfd0
[  463.305416][T10884]  #1: ffff8881443b08d8 (&set->tag_list_lock){+.+.}-{4:4}, at: blk_mq_update_nr_hw_queues+0x20/0x40
[  463.316191][T10884]  #2: ffff88814438e278 (&q->q_usage_counter(io)#52){++++}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x14e0
[  463.328019][T10884]  #3: ffff88814438e2b0 (&q->q_usage_counter(queue)#36){+.+.}-{0:0}, at: __blk_mq_update_nr_hw_queues+0x1fc/0x14e0
[  463.340108][T10884] 
[  463.340108][T10884] stack backtrace:
[  463.346018][T10884] CPU: 0 UID: 0 PID: 10884 Comm: syz.3.1452 Not tainted 6.13.0-rc4-syzkaller #0
[  463.355036][T10884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  463.365166][T10884] Call Trace:
[  463.368427][T10884]  <TASK>
[  463.371343][T10884]  dump_stack_lvl+0x116/0x1f0
[  463.376019][T10884]  print_circular_bug+0x419/0x5d0
[  463.381039][T10884]  check_noncircular+0x31a/0x400
[  463.385977][T10884]  ? __pfx_check_noncircular+0x10/0x10
[  463.391424][T10884]  ? lockdep_lock+0xc6/0x200
[  463.396012][T10884]  ? add_lock_to_list+0x17d/0x390
[  463.401031][T10884]  __lock_acquire+0x249e/0x3c40
[  463.405874][T10884]  ? __pfx___lock_acquire+0x10/0x10
[  463.411075][T10884]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  463.416869][T10884]  ? stack_depot_save_flags+0x38f/0x9c0
[  463.422411][T10884]  lock_acquire.part.0+0x11b/0x380
[  463.427514][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.433660][T10884]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  463.439281][T10884]  ? rcu_is_watching+0x12/0xc0
[  463.444043][T10884]  ? trace_lock_acquire+0x14e/0x1f0
[  463.449240][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.455384][T10884]  ? lock_acquire+0x2f/0xb0
[  463.459894][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.466040][T10884]  __mutex_lock+0x19b/0xa60
[  463.470534][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.476674][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.482818][T10884]  ? __pfx___mutex_lock+0x10/0x10
[  463.487843][T10884]  ? __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.493988][T10884]  __blk_mq_update_nr_hw_queues+0x446/0x14e0
[  463.499964][T10884]  ? __mutex_trylock_common+0xea/0x250
[  463.505426][T10884]  ? __pfx___mutex_trylock_common+0x10/0x10
[  463.511306][T10884]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  463.517014][T10884]  ? rcu_is_watching+0x12/0xc0
[  463.521775][T10884]  ? __pfx___blk_mq_update_nr_hw_queues+0x10/0x10
[  463.528271][T10884]  ? __pfx___mutex_trylock_common+0x10/0x10
[  463.534154][T10884]  ? avc_has_perm_noaudit+0x61/0x3a0
[  463.539446][T10884]  ? blk_mq_update_nr_hw_queues+0x20/0x40
[  463.545185][T10884]  ? __pfx___mutex_lock+0x10/0x10
[  463.550225][T10884]  ? trace_contention_end+0xee/0x140
[  463.555525][T10884]  ? __mutex_lock+0x1cc/0xa60
[  463.560307][T10884]  ? nbd_ioctl+0x151/0xfd0
[  463.564714][T10884]  ? __pfx___mutex_lock+0x10/0x10
[  463.569920][T10884]  blk_mq_update_nr_hw_queues+0x2a/0x40
[  463.575556][T10884]  nbd_start_device+0x15b/0xd70
[  463.580412][T10884]  ? bpf_lsm_capable+0x9/0x10
[  463.585113][T10884]  nbd_ioctl+0x21a/0xfd0
[  463.589344][T10884]  ? ioctl_has_perm.constprop.0.isra.0+0x2ea/0x460
[  463.595839][T10884]  ? ioctl_has_perm.constprop.0.isra.0+0x2f3/0x460
[  463.602425][T10884]  ? __pfx_nbd_ioctl+0x10/0x10
[  463.607182][T10884]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  463.614149][T10884]  ? __pfx_lock_release+0x10/0x10
[  463.619173][T10884]  ? __pfx_nbd_ioctl+0x10/0x10
[  463.623930][T10884]  blkdev_ioctl+0x276/0x6d0
[  463.628432][T10884]  ? __pfx_blkdev_ioctl+0x10/0x10
[  463.633451][T10884]  ? selinux_file_ioctl+0x180/0x270
[  463.638641][T10884]  ? selinux_file_ioctl+0xb4/0x270
[  463.643747][T10884]  ? __pfx_blkdev_ioctl+0x10/0x10
[  463.648764][T10884]  __x64_sys_ioctl+0x190/0x200
[  463.653524][T10884]  do_syscall_64+0xcd/0x250
[  463.658111][T10884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  463.664121][T10884] RIP: 0033:0x7f2dfe585d29
[  463.668521][T10884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  463.688120][T10884] RSP: 002b:00007f2dff3f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  463.696536][T10884] RAX: ffffffffffffffda RBX: 00007f2dfe775fa0 RCX: 00007f2dfe585d29
[  463.704520][T10884] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000006
[  463.712487][T10884] RBP: 00007f2dfe601aa8 R08: 0000000000000000 R09: 0000000000000000
[  463.720446][T10884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  463.728410][T10884] R13: 0000000000000000 R14: 00007f2dfe775fa0 R15: 00007ffe6556e648
[  463.736382][T10884]  </TASK>
[  463.739465][    C0] vkms_vblank_simulate: vblank timer overrun
[  463.785515][  T969] usb 1-1: USB disconnect, device number 39
[  463.894946][T10889] block nbd3: shutting down sockets