last executing test programs:

11.669699126s ago: executing program 3 (id=1063):
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x14, 0x6000, @fd, 0x0, 0x20000003, 0x8020, 0x0, 0x1, {0x2}})
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))

11.434903308s ago: executing program 3 (id=1064):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
socket$nl_netfilter(0x10, 0x3, 0xc)
lsm_set_self_attr(0x65, &(0x7f0000000800)=ANY=[], 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x29, 0x45, &(0x7f0000000140)={'icmp\x00'}, &(0x7f0000000240)=0x1e)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
r3 = epoll_create1(0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000180)={0xc0002000})
ioctl$TCSETSW2(r4, 0x402c542c, &(0x7f0000000040)={0x4, 0x40100000, 0x5, 0x0, 0x1, "362e851f84882fb90efa3fa665d2eb144970e2", 0x8, 0x81})
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
syz_usb_disconnect(r5)
socket$inet(0x2, 0x4000000000000001, 0x0)
r6 = syz_io_uring_setup(0x186, &(0x7f0000000080)={0x0, 0x3416, 0x13100}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000000)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0x2def, 0x0, 0x0, 0x0, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000080)=0x2)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r9, &(0x7f0000000200)={0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, '\x00', 0xd}, 0xa57c}, 0x1c)

7.816268104s ago: executing program 3 (id=1073):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001"], 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)={0x0, 0x6, 0x7, {0x7, 0x23, "3d91419da5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="65872fb2d92e534b18de081125af63215527b005e2384e69f10e701d99c96d1c4b6d182d5ff79c3ecb657e97ac581f6a2e3d88eae03e49bba5216b02e4577abe6fab6948d25c6fd207fa0db6f9043c270535add48234aa9351d5042d9b7ecd590b4073345c83552368116ae826cec192eab701891e8df3fcd6ad75ec43d76e07718ee905c211ab", @ANYBLOB="00000200000000000000"], 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_usb_control_io(r2, &(0x7f0000000440)={0x2c, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c09}}, &(0x7f0000000140)={0x0, 0xf, 0x2a, {0x5, 0xf, 0x2a, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0x9c, 0x1, 0xc7, 0x81, 0xf}, @ss_container_id={0x14, 0x10, 0x4, 0xf, "d5f3bb25563d6d58480c110e8a48a0dc"}, @ptm_cap={0x3}, @ptm_cap={0x3}]}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x60, 0xc4, 0x0, "aabc4c00", "8bc1fcaa"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x3, 0x82, 0x7, 0xdd, 0xa5c9, 0x4}}}, &(0x7f0000000940)={0x84, &(0x7f0000000480)={0x0, 0xb, 0x88, "d1c77ccfac09b10bbd9896dfcf85d0e4c15a60f94f56d1fa4d39597720bb5a75f79a09a2c72c9f217150affad99a7b66302b212c84314c0d56d8e3dbbccfff8ea12c2cd657a2dae8bf2d4a3adfb22581f469010ac8960d49232bd895af1533df959be64de28c290c5bb32a4d15dfee53fdacedb1b5999ee0b0a9e94332fcfcc9e29a26fe910a7eee"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000580)={0x0, 0x8, 0x1}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x100, 0x10}}, &(0x7f0000000680)={0x40, 0x7, 0x2, 0x1}, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, &(0x7f0000000700)={0x40, 0xb, 0x2, "9ec8"}, &(0x7f0000000740)={0x40, 0xf, 0x2, 0x800}, &(0x7f0000000780)={0x40, 0x13, 0x6}, &(0x7f00000007c0)={0x40, 0x17, 0x6}, &(0x7f0000000800)={0x40, 0x19, 0x2, "1081"}, &(0x7f0000000840)={0x40, 0x1a, 0x2, 0x8000}, &(0x7f0000000880)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000008c0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000900)={0x40, 0x21, 0x1}})
syz_open_procfs(0x0, &(0x7f0000000180)='statm\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b"])

7.569533778s ago: executing program 0 (id=1075):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYBLOB="d18e416ed0d971f0371ea8572b1a67d904ed77349cc77a99e5edd19fafd2f7f17ea9f32da96b9bbef513ab8baedca4410a38ea75d6e25886ed97324c293884383294efacea98f84684279aad4c423564aee537a6beeb4e02fdc2294c6315d592802ea71ac4cd93559e9bf3c976549f189e321cfe32a5f2512ff4bbf3d6839880e85d0b400152ce991c3fb0fa8b77e5b21613d6"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000080)={0x27, 0x0, 0x0, 0x7, 0x0, 0x6, "750538d1ee6015c4807942ea7cdcd151bb2cd9894cc31f80718336d9bd3517076db9ad1f6a120d8be6d7f81cd81ec264000386e7d95f0669b740a5418d69d0", 0x10000000000001}, 0x60)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0xf)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x80000004, 0x4)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x18}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
open(0x0, 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
ioprio_set$pid(0x1, 0x0, 0x0)
munlock(&(0x7f0000ff5000/0x3000)=nil, 0x3000)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008081}, 0x20008000)
landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00b94e3d500007000000e0ff00000018000500", [0x0, 0x2000000000001]}})

7.504023469s ago: executing program 4 (id=1076):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x18, &(0x7f0000000040)=0x1f, 0x4)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000440)={&(0x7f0000133000/0x4000)=nil, &(0x7f000063b000/0x2000)=nil, &(0x7f0000b19000/0x4000)=nil, &(0x7f0000366000/0x3000)=nil, &(0x7f000035a000/0x4000)=nil, &(0x7f000098a000/0x4000)=nil, &(0x7f00002e5000/0x4000)=nil, &(0x7f0000bbc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000df5000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000340)="ada7add567670a893303eaca99ec08a42110bab48f38e5c0369a48607dd74355876dd0e61df947f3145c8a894ad3daedd22306b5bafd8ca6f504be890ae4d155872984bc3bce634b66d1833aa47691208b3806bbb89d60389ba39c63ba6ca1a75f2ccd711f09da1a348252cc49da3a3d5d0d5a2e857c0cf1676c65ebd21fcb27d1dbf133ec9a3964088dd5e3d0e1bcff875a618059bd875f605c9b7889fce9a99d42f00a77baf16740aa889bbfb2b2fac4639af50b691b3fa97561291dee2a0baabbc5f8930b29ae429ad642fb9a02bb3e7bbba2878123ce52680dae62036449461c2660fd213f7bda03d709c2d370e96ce6", 0xf2, r0}, 0x68)
r4 = syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0)
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80dc5521, &(0x7f0000002300)=""/4115)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = syz_io_uring_setup(0xbc3, &(0x7f0000000480)={0x0, 0x1568, 0x11080, 0x10, 0x264}, &(0x7f0000000040)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}})
io_uring_enter(r6, 0x47f8, 0x7000000, 0x0, 0x0, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r9 = fanotify_init(0x1, 0x40000)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
fanotify_mark(r9, 0x40, 0x30, r10, &(0x7f0000000100)='./file0\x00')
r11 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r11, 0x6, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r12 = fsmount(r11, 0x0, 0x3)
syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, {r12}}, 0x58)

7.481867232s ago: executing program 2 (id=1077):
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x20003, 0x1, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

6.905970112s ago: executing program 0 (id=1078):
socket$inet_smc(0x2b, 0x1, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b10009"], 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)

6.454979044s ago: executing program 2 (id=1079):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in6={{0xa, 0x4e20, 0x0, @empty, 0x9}}, 0x0, 0x0, 0x3fc, 0x0, 0x32, 0x7}, 0x9c)
setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000100)=0x7, 0x4)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x80000, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0xe0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

6.36929639s ago: executing program 2 (id=1080):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x88580, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
close(r4)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, r3, &(0x7f00000004c0)={[0x0, &(0x7f00000003c0)=')!}\x00']}, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xc)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00'})
r6 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000140)=ANY=[], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x400455cb, 0x0)

5.692434329s ago: executing program 4 (id=1082):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_procfs(0x0, &(0x7f0000000040)='numa_maps\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0xe, 0x4, 0x4, 0x20002, 0x4}, 0x48)

5.244084334s ago: executing program 0 (id=1083):
mkdirat(0xffffffffffffff9c, 0x0, 0x40)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = socket$kcm(0x10, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000640))
io_setup(0x2, 0x0)
syz_emit_ethernet(0x68, &(0x7f0000000040)=ANY=[], 0x0)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0xb001, 0x4, 0x388, 0x0, 0x1c4, 0x1c4, 0x2a8, 0x2a8, 0x2a8, 0x7fffffe, 0x0, {[{{@arp={@multicast1, @loopback, 0xff000000, 0xff, 0xe, 0x9, {@empty, {[0xff, 0x0, 0xff, 0xff]}}, {@mac=@remote, {[0x0, 0x0, 0xff, 0xff, 0x0, 0xff]}}, 0x8, 0x101, 0x10, 0x7, 0x3, 0x101, 'ipvlan0\x00', 'macvtap0\x00', {}, {0xff}, 0x0, 0xa}, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0x1c4}}, {{@uncond, 0xbc, 0xe4, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@uncond, 0xbc, 0xe4}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x0, 0x12ed}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3d4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$kcm(r0, 0x0, 0x0)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r4, 0x8914, &(0x7f0000000000)={'wlan1\x00'})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r7, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r3, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0)
r10 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r10, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
socket$pppoe(0x18, 0x1, 0x0)

4.24514409s ago: executing program 3 (id=1084):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0xa, 0x4, 0x3b)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x2c, r1, 0x5, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL80211_ATTR_4ADDR={0x5, 0x53, 0x1}]}, 0x2c}}, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x701820, 0x20)
getdents64(r5, &(0x7f0000000380)=""/73, 0x49)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
io_uring_enter(0xffffffffffffffff, 0x58e2, 0xfde4, 0x20, &(0x7f0000000340)={[0x6]}, 0x8)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f0000000200)={0x48})
r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0)
ioctl$FBIOBLANK(r7, 0x4611, 0x3)

4.218994796s ago: executing program 4 (id=1085):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x20003, 0x1, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x1000}], 0x1)
write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r6)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x80000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50822481, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x36, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x101, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x100, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0xfffffffd, 0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x8000000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x6, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f00, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xfffffffc, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfd, 0x0, 0xd, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r10, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000000)=ANY=[@ANYBLOB="e7400000", @ANYRES16=r7, @ANYBLOB="01002abd7000fddbdf253b00000008000300", @ANYRES32, @ANYBLOB="1e003300c0100e00ffffffffffff080211000000505050505050730024000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004)

3.333265601s ago: executing program 0 (id=1086):
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x3, 0x1000}, 0x4)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/164, 0x0, 0xf000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340))
dup(0xffffffffffffffff)
syz_io_uring_setup(0x31ca, 0x0, 0x0, &(0x7f0000000100))
syz_io_uring_setup(0x4e3, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_CONNECT={0x10, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b100090581"], 0x0)
r2 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r2, 0x80284504, &(0x7f0000000040)=""/185)

2.897772879s ago: executing program 2 (id=1087):
r0 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, 0x0, 0x0, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r0, 0x114, 0x1, &(0x7f0000000ec0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)

2.736277993s ago: executing program 4 (id=1088):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000001000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000340)={0x30, r2, 0x8d61ddcfedb48df, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x30}}, 0x0)

2.715341998s ago: executing program 4 (id=1089):
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0x0)
openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0x143240, 0x0)
setsockopt$MRT6_INIT(r0, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000040)={'rose0\x00', @broadcast})
bind$nfc_llcp(r4, &(0x7f00000001c0)={0x27, 0x0, 0x0, 0x2, 0x0, 0x49, "c46e9fd1a84b7fa0bf2cca6beb9363a680b652a86bcf56a1b9ca5386103a5ccbe47b7b9aa6d8d701a3ba00000000b97800001022f987617c318500", 0x3a}, 0x60)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x100000011, @private=0xa010501, 0x0, 0x0, 'none\x00'}, 0x2c)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @loopback, 0x0, 0x0, 'lblcr\x00', 0x0, 0x0, 0xfffffffc}, 0x2c)
setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0)
getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000240)={@local, <r5=>0x0}, &(0x7f0000000280)=0x14)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000380)={'syztnl1\x00', &(0x7f00000002c0)={'ip6tnl0\x00', <r6=>0x0, 0x2b, 0xf9, 0xff, 0x5, 0x20, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7, 0x700, 0x0, 0x35aedd66}})
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x58, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r7=>0x0}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'vxcan1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000580)={'syztnl2\x00', &(0x7f0000000500)={'syztnl1\x00', <r9=>0x0, 0x2f, 0x9, 0x2, 0x1, 0x54, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @private2, 0x8, 0x40, 0xb5, 0x1ff}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000740)={'sit0\x00', &(0x7f0000000680)={'sit0\x00', <r10=>0x0, 0x10, 0x80, 0x7, 0xca3, {{0x23, 0x4, 0x3, 0x38, 0x8c, 0x67, 0x0, 0xa1, 0x4, 0x0, @multicast2, @dev={0xac, 0x14, 0x14, 0x2d}, {[@cipso={0x86, 0x2e, 0x1, [{0x0, 0x9, "afdfd8d58a0d6d"}, {0x7, 0x10, "cb314f594a0d2592695a59718986"}, {0x7, 0x6, "1db5a644"}, {0x1, 0x9, "06eaf63a129959"}]}, @cipso={0x86, 0x3b, 0xffffffffffffffff, [{0x3, 0xb, "283ff9de7f42785459"}, {0x2, 0x4, "8fed"}, {0x1, 0x10, "4e4bdcf4b57aa137f1cc252577e4"}, {0x6, 0xd, "be8239f53d158f760c05d2"}, {0x7, 0x9, "3b2c2365d9d770"}]}, @generic={0x88, 0xe, "b216db40fd457b8107a0dc96"}]}}}}})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000780)={0x1b8, r3, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nicvf0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'nr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @HEADER={0x50, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'hsr0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x20004000}, 0x480c0)
getsockopt$inet_buf(r4, 0x118, 0x0, 0x0, &(0x7f00000003c0)=0x14)

2.21828924s ago: executing program 1 (id=1090):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000240)=[@in={0x2, 0x4e20, @local}], 0x10)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x70, 0x70, 0xc, [@union={0x5, 0x5, 0x0, 0x5, 0x1, 0x5, [{0xc, 0x2, 0x800}, {0x6, 0x3, 0x5}, {0xc, 0x0, 0xae7}, {0x0, 0x5, 0x7}, {0x5, 0x3, 0xffffffff}]}, @func={0xd, 0x0, 0x0, 0xc, 0x2}, @ptr={0x7, 0x0, 0x0, 0x2, 0x4}, @decl_tag={0x7, 0x0, 0x0, 0x11, 0x2, 0x5}]}, {0x0, [0x5f, 0x0, 0x61, 0x61, 0x0, 0x2e, 0x2e, 0x5f, 0xe, 0x61]}}, &(0x7f0000000100)=""/123, 0x94, 0x7b, 0x1, 0x0, 0x10000}, 0x28)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="180000005b00000000000000004000009500000000000000e8e70950ca540ee2435b1b453df2a7312931c99fd14cf40ee51a5d3d3acec442191cb595aff803690a888aedcc9db3fb1fd050cb0d9384ebcee05e77bf48038637df2dd0f6a8e96896dbd1ae01ea1145e90e4ea2365e4c858f3f9f2affb41b5f2539503e4bed4b4a2ffd09b77ae8e13eddc93aa9f29eb6a1679f55062148eb67bae483436b6cb95e9029291ba96ed1ac0d7ee52331f00399e59e624c82601b01f80fa51d1bd9b53c613eb5b6"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @fallback=0xd, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r3 = dup(r0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x85, &(0x7f00000012c0)={0x0, @in={{0x2, 0x4e21, @loopback}}, 0x9, 0x83fe}, 0x90)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000a80)={'wlan0\x00'})
syz_usb_connect(0x4, 0x36, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
r5 = socket$rxrpc(0x21, 0x2, 0x2)
connect$rxrpc(r5, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24)
setsockopt$RXRPC_SECURITY_KEY(r5, 0x110, 0x1, 0x0, 0xfffffffffffffdd3)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r6, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x1, &(0x7f0000000540)=@gcm_128={{0x303}, "ffffffffffffffe2", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r7, &(0x7f0000000000), 0xffffff6a)
sendfile(r6, r7, 0x0, 0xffffffff004)
r8 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
msgget$private(0x0, 0x0)
close_range(r8, 0xffffffffffffffff, 0x0)

2.132993778s ago: executing program 3 (id=1091):
unshare(0x22020600)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_pressure(r0, &(0x7f0000000080)='memory.pressure\x00', 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4000)
sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=@newtfilter={0x50, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x0, 0xf}, {0x0, 0x10}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x20, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}, @TCA_FLOWER_KEY_IPV6_SRC={0x14, 0xe, @rand_addr=' \x01\x00'}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x24008014}, 0x20084084)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0xfffffffffffffff5, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x0, 0xa}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x1c, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x18, 0x10, 0x3}, @TCA_FQ_FLOW_DEFAULT_RATE={0x0, 0x6, 0x4}, @TCA_FQ_TIMER_SLACK={0x0, 0xd, 0x2b3}]}}]}, 0x48}}, 0x0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/warn_count', 0x0, 0x1b2)
pread64(r8, &(0x7f0000000380)=""/248, 0xf8, 0x4)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x48b, &(0x7f0000000100)={0x1, 'geneve0\x00', 0x2}, 0x18)
getsockopt$IP_VS_SO_GET_DAEMON(r7, 0x0, 0x487, &(0x7f00000001c0), &(0x7f0000000200)=0x30)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000480)="67670f01c2b9800000c00f3235001000000f30b8010000000f01d90f01c4b8010000000f01c1b9800000c00f3235000800000f30f20f09260fc7b6f0ffffff0f135332c4e3155f0500000000d9", 0x4d}], 0x1, 0x0, 0x0, 0x4b)
r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r11)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(r11, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r12, 0x7bd9d9b3b8ac1ea5, 0x70bd29, 0x25dfdbfb, {}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x14)
ioctl$KVM_CREATE_IRQCHIP(r10, 0xae60)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000100)={0x2, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000300)=0x3, 0x4)

2.007565898s ago: executing program 2 (id=1092):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r0 = socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_int(r3, 0x6, 0x18, &(0x7f0000000040)=0x1f, 0x4)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000440)={&(0x7f0000133000/0x4000)=nil, &(0x7f000063b000/0x2000)=nil, &(0x7f0000b19000/0x4000)=nil, &(0x7f0000366000/0x3000)=nil, &(0x7f000035a000/0x4000)=nil, &(0x7f000098a000/0x4000)=nil, &(0x7f00002e5000/0x4000)=nil, &(0x7f0000bbc000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000df5000/0x3000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000340)="ada7add567670a893303eaca99ec08a42110bab48f38e5c0369a48607dd74355876dd0e61df947f3145c8a894ad3daedd22306b5bafd8ca6f504be890ae4d155872984bc3bce634b66d1833aa47691208b3806bbb89d60389ba39c63ba6ca1a75f2ccd711f09da1a348252cc49da3a3d5d0d5a2e857c0cf1676c65ebd21fcb27d1dbf133ec9a3964088dd5e3d0e1bcff875a618059bd875f605c9b7889fce9a99d42f00a77baf16740aa889bbfb2b2fac4639af50b691b3fa97561291dee2a0baabbc5f8930b29ae429ad642fb9a02bb3e7bbba2878123ce52680dae62036449461c2660fd213f7bda03d709c2d370e96ce6", 0xf2, r0}, 0x68)
r4 = syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0)
ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(r5, 0x80dc5521, &(0x7f0000002300)=""/4115)
openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = syz_io_uring_setup(0xbc3, &(0x7f0000000480)={0x0, 0x1568, 0x11080, 0x10, 0x264}, &(0x7f0000000040)=<r7=>0x0, &(0x7f00000000c0)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000300)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x2, 0xa3d8, &(0x7f00000005c0)=[{&(0x7f0000000240)="5db5bd", 0x3}], 0x10000000000002a8, 0x8, 0x1, {0x2}})
io_uring_enter(r6, 0x47f8, 0x7000000, 0x0, 0x0, 0x0)
r9 = socket$inet_smc(0x2b, 0x1, 0x0)
fanotify_init(0x1, 0x40000)
pipe(&(0x7f0000000000))
ioctl$sock_inet_tcp_SIOCINQ(r9, 0x541b, 0x0)
r10 = fsopen(&(0x7f0000000140)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r10, 0x6, 0x0, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r11 = fsmount(r10, 0x0, 0x3)
syz_clone3(&(0x7f0000000340)={0x201800000, 0x0, 0x0, 0x0, {0x1f}, 0x0, 0x0, 0x0, 0x0, 0x0, {r11}}, 0x58)

1.528060305s ago: executing program 0 (id=1093):
syz_emit_ethernet(0x82, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff1704b45adbde0800450000740000000000019078ac1e0001ac1414aa05009078e00000e0460000000000000000110000ac1414aa00000000830300070300443c00037f00008900000000ac1414bb000000000000000000000000ac1414000000000000000000000000007fde14aa00000000ac141400000000000000"], 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x18)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000a40), 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x41)
recvmsg(r1, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
recvmsg(r1, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
getdents(0xffffffffffffffff, &(0x7f0000000a80)=""/4096, 0x1000)
keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffff9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
syz_emit_ethernet(0x2e, &(0x7f0000001140)=ANY=[@ANYBLOB="ffffffffff060000000000000000451900f62b000000001190780000df96e70303857a2d82cd0000000000000001"], 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(&(0x7f0000000280)='exfat\x00', 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r5 = io_uring_setup(0x54a0, 0x0)
io_uring_register$IORING_UNREGISTER_IOWQ_AFF(r5, 0x12, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r5, 0x13, &(0x7f0000000400)=[0x32a4, 0x8], 0x2)
read$FUSE(r4, 0x0, 0x0)
request_key(&(0x7f0000000480)='big_key\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000100)='\\\\@}\x01\x00\x00@\xf5\xe2\xdbE\xc0P\x02\xe0\xf2\xaa\xe6\x00\x00\x00\x00\x00\x00\x00\xd0\xa1B\x80\xd3\xcc\x06D\a\x00\x00\x00\x00\x00\x00\x04)\'\x03t\xcd\xe8\xd0u\x01\xff\x01\xd1', 0xfffffffffffffffe)
r6 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x48200, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000000)=0x7)
ioctl$TIOCVHANGUP(r6, 0x5437, 0x200000000000000)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000900)='/proc/keys\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))

1.460861254s ago: executing program 3 (id=1094):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000001c0)={'vxcan1\x00', <r1=>0x0})
recvfrom(r0, &(0x7f0000001000)=""/4096, 0x1000, 0x10002, &(0x7f0000000200)=@can={0x1d, r1}, 0x80)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="8864812d07c532", @ANYRES16=r3, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0)
r4 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
close(0xffffffffffffffff)
socket$xdp(0x2c, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800080000fcffff0800090000000000080011000000000008000e00800000000800", @ANYRES64=r5], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt(r7, 0x0, 0x22, 0x0, &(0x7f00000007c0))
ioctl$IOMMU_TEST_OP_ACCESS_RW(0xffffffffffffffff, 0x3ba0, &(0x7f0000000080)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x1, 0x82e, &(0x7f00000002c0)="a38950b234e1b45876ef90d5ecd304759a79370592e500bcb0a1a02e0ec763721753536cb839503472be824ea84401420c95ffe9ee2f8a6d7ec05cb621bd0e8c978045aa9eca16c0f37100a9f19c7b808354a093554087c1b6217d3b9ac00e9bb042816f19232ec49b9c5c19e83e8232e3b387cf571ab322a53bd55db9b9f406cc2b6927d4015ecba73381f4d03fa3402c6bcea2d07c26ebcfa307a4b9539cb43f181deecf6be99d64fce773ee8b0501406dd6d522f7b54cafdecf830464956bdb8ea30102380273057deeeff004663994a735fe1ccb5ae3ed8e0126555691b145e5d3b8910e2808962f17cbba73415d5d6115ae7c5f74e8fdd8af25782286323ac3dc83c6cc2a85fb66f9e81a801f3e1fb4929ed5f985844f8ec03712483d36bf2ddaf722e840e423afd56f6828c2761ed4dff1a901d2c67c7e8400aae3be168c137640e4889bf509dd8759e40be6745b2c7ff765a5b07560e65fbbcb9f90f34ba6e6c6fb691d8db2df2f12e642d63e9b3ed48363b2166ed0ee49d346f0c64a81732bd4542a4e121d80f050dc464e77ab14eda4d4676052d9eadfd98d525a59947afa1621d1f978e250aa143193e73e2bea3ff319bb3f65be18f23f1c0aa67b92b58b508f5a1106151d2721886b134f3c248b5172a5e1cd99d1772fc6a0110cf006c89c4bc01ea714ef5ee47c9845e50a239945da91cba298cbf0b107af81c18654667c2ebc365cf82429f0ee1fbce656ba7ffec639c40c0eb6f51b49214ef7b1d70a5c7a9f11fda69c0dedb8ad156bb7735836b89291d49d99dc578a581aeb522f8c20486837a3b8c5dc1be748c67ccc84299ed0fead670bfb2b058a896c89feacdfb4d919fe2764f0bc4c8ecf142b6c83ab79acfc25ce2f520d3eda4ab5ed91efab8cbcb4e6892c533cf2184733d2e0815c1a03df97cdd27937110debd2e5f8f1be8b6feb2754c4da94d07509d3dead340d5057a892af9a5f8b45d53f2e9781ad5a5917477fdb011b31db7d9e3c892f1984e26a437cb741ea7ae1da7c71e07ba64c5f53d17088011ac5486e69e03e77bfa9991972abee4a1b931838184d85fd271269b1c42e309e803edf3d0cb1c22e5d298873e308e53bc7a82e54838a9774fabc8136c8acca8afca6e61faf5ae39fe7d52628d482ff8ba7c26343495e5b508b2ce945e09a2804b56496cbcbb5784d67de0880bd50347b67ea553e6d7a0140a807f06afb84a8cd05e44686a9c88c3d914ab4ad5f9e4db62428ce95cc05d459477ace61ece0497d04c175669dc0d3c270e0548e8f7b6307b153e6d6d65ebfe657c141a29fd4a0aa5ad31b1cf4602e1278e824311f60873a24965f7006fc1f8493fb09b97436448eca727287ab7dcad65531be0b2db64fca4bef77cb43e9bdfc5bedd80cb9559938313a572829f31cf4694a21c6b3234a73e0f4529bc9c374b872d5ca6a12ea8d3ff430c4ab1f57786f3d1a2b24f129ed4891bf5be9e3884377b9adb9e285e91e0263e8309968d3c7bb004b2f261896469b012b6c8631bb4ae9678321e6467b97eeea8c3efb892f697eead1077b108333f3f4676b464c8c3ccdb3e30cc4b6194959a558d874fa54d1bcbfa7ce292f07925fc2202d67d4a17a6348edc554bf5c44e9c312e07bab37bd48b17d3260f3c17ee2595c4ccd818812024f9129bcc5333328e4cc3b2e9d532a440ff5913f5006e09cd65f5da5897e5fdbf12cc23d2f47c578f770252e853169a2300ca705df4265969c084dbc3c990fb981e1ee72f2b6e2a2063d07bfff16ca3f5975f0b8a486281370434842fb0fec0db3f5b90cee08e82508b0695c6ea771a8c6c32c73fdc285edca390503dab6d826ca963273a4cd2b09796c3dfa266db85dfb9c18fd5e3c2b087d44c3ad0a494f6e075f9f0097a19761604999d6666f330992019d939135c6b28102c457480e2d90915482cbaa4022b332d4a478f70fbb99f73b57f0cd9b551001d4ad5cff91c8cc7840de97d6f9918f05a93fddc1b74061396f1699d7bee8ecab26562ada068848749bc312fa1cc63447ef271783f9d67ae05711e70dfaaf9b13390ba9a99e93d34c00608cc3f9d3e5801ce6076e15bcf026a6da21dc7dfdeaa0c506f134598ab11dfe6e94e629bf6958116fea7d105c809ad5707ded55be93f6ed13de1ebefc21009b188f8c453082e68c5f3da3292164f6d726d96d76430cbb67216f588e2b05a3cf7ca0a94151505f3dc1b181a48c2e5888a15f29f49776f8f13880e4e46a134ad4a9d153f8755d43d56ceda1273eb8b928265323e2157755b3e5629ada27a6df5d6baf7e1f74bae245aee4aec17e6aabbc7874f49789b3728dbd87013b867547b01ddcdaeb9eb8f9326d152fc74dc818a767f62d1c9493ba722f70990ca1a7e45a555c156eacd378ea22df59438573197b16d4952d0fba9bb23674a4bfc7895ded1cc700565355f3ebae05fd7b5a537a1a298f9456589606ae83baa8e87804deebfa997e2166c0fd8140b128f2a13c2f4f5f6255650b18c6a5dff0739013ab11c49236b1217ea260311cb03148030c1792db68966de107e24431e8bb02041391b915552033ef3a7de196a6a0c2305c114bd55ce30ed8ed58acf9fd4b915e0e1046fa94150b979eb4ffb13797ae23c4893b8c4d577b0ce5a08c1867fc8d35f1ad7335145b0b081d28be0f530a0b83ed690cd06972040c3ef4e749889a87e84901dd2f1d4220a10320af87e3f4b998821160ae7c1905f41cfcbddf785f7e355528b7a7fe98c57df5dd544995e0cc1634a981eee792db202ed63c416bee86d416c79c46c115b8e0428e3f2b2d836059bec4b4dde96256675429a147ad97c647d39358b1ff8826e55e3f468b4572e849b273f485d158660d12e753ab1bb7b13a16d7f262597e1b995208eebd62ea490af40322ab9f3060bc91dc6bdac64fc51b500c771f9f6269526223c84b9ffe", 0x4})
syz_usb_ep_write$ath9k_ep1(r4, 0x82, 0xbe5, &(0x7f00000000c0)=ANY=[])
syz_open_dev$video4linux(&(0x7f00000001c0), 0xe3, 0x400)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="88000000", @ANYRES16=r3, @ANYBLOB="04002e0bc758c09f6cfaee29bd7000ffdbdf251600000008000300990945ea127b7c4c30034969db3b64e44eeee646a837443d2479ea8c45d686330f3830ca8b1f979465e11e43a8462ddc60722196ef8919c70f7c7a623fe990a6cb89898c2822f3191fcd7a5ad994e5a29d1d57b224a2cfd37f650957e621718a0dab0fbcf8c70b29e027", @ANYRES32=r8, @ANYBLOB="0a00060008021100000000000a001a00ffffffffffff00000a001a00ffffffffffff00000a001a00ffffffffffff00000a00060008021100000100000a001a00ffffffffffff00000a000600ffffffffffff00000a001a00ffffffffffff00000a001a000802110000010000"], 0x88}}, 0x40)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB="340000003e000701fcffffff00000000017c0000040042800c00018006000600ab230000100002800c000680080001"], 0x34}, 0x1, 0x0, 0x0, 0x404c0c0}, 0x2000c000)
fchdir(r2)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ec0), r10)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r10, &(0x7f0000000fc0)={0x0, 0x0, &(0x7f0000000f80)={&(0x7f0000000f00)=ANY=[@ANYBLOB="38001000", @ANYRES16=r11, @ANYBLOB="01002abd7000fddbdf253100000005003600010000000a0001007770616e3000000005003500810000000500330002000000"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x4002)

1.023982863s ago: executing program 4 (id=1095):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000600)=ANY=[@ANYBLOB="44000000010101010000000000000000020000002400018014000180080001"], 0x44}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1038, 0x12b6, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x64, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x4}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io(r2, &(0x7f00000000c0)={0x2c, &(0x7f0000000040)={0x0, 0x6, 0x7, {0x7, 0x23, "3d91419da5"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYRES32=0x0, @ANYRES32=r1, @ANYBLOB="65872fb2d92e534b18de081125af63215527b005e2384e69f10e701d99c96d1c4b6d182d5ff79c3ecb657e97ac581f6a2e3d88eae03e49bba5216b02e4577abe6fab6948d25c6fd207fa0db6f9043c270535add48234aa9351d5042d9b7ecd590b4073345c83552368116ae826cec192eab701891e8df3fcd6ad75ec43d76e07718ee905c211ab", @ANYBLOB="00000200000000000000"], 0x38}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)
syz_usb_control_io(r2, &(0x7f0000000440)={0x2c, 0x0, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1c09}}, &(0x7f0000000140)={0x0, 0xf, 0x2a, {0x5, 0xf, 0x2a, 0x4, [@wireless={0xb, 0x10, 0x1, 0x2, 0x9c, 0x1, 0xc7, 0x81, 0xf}, @ss_container_id={0x14, 0x10, 0x4, 0xf, "d5f3bb25563d6d58480c110e8a48a0dc"}, @ptm_cap={0x3}, @ptm_cap={0x3}]}}, &(0x7f00000003c0)={0x20, 0x29, 0xf, {0xf, 0x29, 0x1, 0x60, 0xc4, 0x0, "aabc4c00", "8bc1fcaa"}}, &(0x7f0000000400)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xb, 0x3, 0x82, 0x7, 0xdd, 0xa5c9, 0x4}}}, &(0x7f0000000940)={0x84, &(0x7f0000000480)={0x0, 0xb, 0x88, "d1c77ccfac09b10bbd9896dfcf85d0e4c15a60f94f56d1fa4d39597720bb5a75f79a09a2c72c9f217150affad99a7b66302b212c84314c0d56d8e3dbbccfff8ea12c2cd657a2dae8bf2d4a3adfb22581f469010ac8960d49232bd895af1533df959be64de28c290c5bb32a4d15dfee53fdacedb1b5999ee0b0a9e94332fcfcc9e29a26fe910a7eee"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000580)={0x0, 0x8, 0x1}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000640)={0x20, 0x0, 0x4, {0x100, 0x10}}, &(0x7f0000000680)={0x40, 0x7, 0x2, 0x1}, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, &(0x7f0000000700)={0x40, 0xb, 0x2, "9ec8"}, &(0x7f0000000740)={0x40, 0xf, 0x2, 0x800}, &(0x7f0000000780)={0x40, 0x13, 0x6}, &(0x7f00000007c0)={0x40, 0x17, 0x6}, &(0x7f0000000800)={0x40, 0x19, 0x2, "1081"}, &(0x7f0000000840)={0x40, 0x1a, 0x2, 0x8000}, &(0x7f0000000880)={0x40, 0x1c, 0x1, 0x4}, &(0x7f00000008c0)={0x40, 0x1e, 0x1, 0x4}, &(0x7f0000000900)={0x40, 0x21, 0x1}})
syz_open_procfs(0x0, &(0x7f0000000180)='statm\x00')
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b"])

927.933149ms ago: executing program 1 (id=1096):
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000000)='syz1\x00', 0x200002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB="0000000000c104cc23d4849b0e9500000000000000000000000000000039c51cf3cfaab68348d2ab803bd7e1b29b1d3ab04219bb59f22b6899ff13119326a89173993de15f6e3acfbeecb3263021d63e08e1ee1aed1bf0f1e0699b9461827d01b4ef5d460e4feb881adc54f8d1e7274764b06e7c807b42ab69b212b4437c4acac95e32f3310fbe503ee0e140fdb3e01df1b52b8f9e988930ba0a900c3c61dace1bee60a4185eb109da8cdaef2ea22328f1314efb5beb9437abad6ea4f6ff0cfbcc3c0d83a9be3c37c966e5c04f5d0000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r2, &(0x7f0000000140), &(0x7f00000000c0), 0x1}, 0x20)
ioctl$sock_inet_SIOCSIFADDR(r1, 0x8916, &(0x7f0000000040)={'virt_wifi0\x00', {0x2, 0x4e24, @multicast2}})
ioctl(r1, 0x8b2a, &(0x7f0000000040))
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, r0, 0xfffff000)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000100)={&(0x7f000038b000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f000054e000/0x2000)=nil, &(0x7f00000b4000/0x3000)=nil, &(0x7f0000ff7000/0x7000)=nil, &(0x7f00006e5000/0x4000)=nil, &(0x7f0000584000/0x4000)=nil, &(0x7f000028c000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000016000/0x4000)=nil, &(0x7f00007b6000/0x3000)=nil, &(0x7f0000000340)="f77c9b970a3dfc48762aaa97f8b95c071056149a4a94c26561cb780d8b32abc607b78dcd216e0fbde072c023daafe66559d27ba997c13a13910c7732c617ef2b308f62304669705cdb35521b7a974a33686c30761638b6bd81461abc47340e810f6ada84e8c00980aad0c4e5850e3eea4247e901ef7e07410d90451a4c34864a3857918b5a5f4523c8347f42437f4fc5343ef2fd406d2c9fa6d67ec4cb6ba1d13ed975072600914d69348d28a55a3e12958e1c1f4c71f03552920784efcb18c3d493b214474112f1eeb4ab2a32ed76fd38a0790dbdba78029ddbcc9a938fe3a5cf6cac15cb0cb800ca5f687ca8756dffe2e20b8d09af56ee88bc8e3e3ab9f6b68e553484d7975b04fd8412ab20d15f42eeef6298fe7b61a4efb5d9fa5abbf173055076ca61fe03fb3218c893859423a5ed723accc0c6baff9b1208510a8e4a04c9a4f2adcf4a3cb9e5d7bd16fb26fdcc6fb3ef", 0x153, r0}, 0x68)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r4, &(0x7f00000021c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}}, 0xe)
r5 = gettid()
process_vm_readv(r5, &(0x7f0000001140)=[{&(0x7f0000000000)=""/87, 0x62}, {&(0x7f0000001200)=""/4096, 0x100a}], 0x2, &(0x7f00000011c0)=[{0xfffffffffffffffc, 0x19000}], 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
listen(r4, 0xfffffff2)
bind$bt_l2cap(r3, &(0x7f00000021c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xffff, 0x2}, 0xe)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r7)
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
r9 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_SET_EVBIT(r9, 0x40045564, 0x3)
ioctl$UI_SET_ABSBIT(r9, 0x40045567, 0x0)
write$uinput_user_dev(r9, &(0x7f0000000ec0)={'syz0\x00', {}, 0x0, [0xffffffff, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x2, 0xb16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1000, 0x0, 0xf, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x4, 0x0, 0x0, 0xfffffffc], [0x7, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xe, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x6cf5, 0x25bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x4], [0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x3, 0x2, 0x0, 0x2, 0x0, 0x0, 0xfffffffb, 0xfffffffd, 0x0, 0x101, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]}, 0x45c)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, &(0x7f0000000080), &(0x7f00000004c0)=0x4)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)

831.57484ms ago: executing program 1 (id=1097):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000500)=ANY=[@ANYRES64, @ANYRES32, @ANYBLOB="d18e416ed0d971f0371ea8572b1a67d904ed77349cc77a99e5edd19fafd2f7f17ea9f32da96b9bbef513ab8baedca4410a38ea75d6e25886ed97324c293884383294efacea98f84684279aad4c423564aee537a6beeb4e02fdc2294c6315d592802ea71ac4cd93559e9bf3c976549f189e321cfe32a5f2512ff4bbf3d6839880e85d0b400152ce991c3fb0fa8b77e5b21613d6"], 0x0, 0x7, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x80002, 0xf)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000280)=0x80000004, 0x4)
bind$inet6(r1, &(0x7f0000000200)={0xa, 0x4e20, 0x4000b, @ipv4={'\x00', '\xff\xff', @broadcast}, 0x18}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x9}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
open(0x0, 0x2000, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
semctl$IPC_INFO(0x0, 0x1, 0x3, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
ioprio_set$pid(0x1, 0x0, 0x0)
munlock(&(0x7f0000ff5000/0x3000)=nil, 0x3000)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4008081}, 0x20008000)
landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
write$binfmt_misc(r4, &(0x7f0000000040), 0xe09)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00b94e3d500007000000e0ff00000018000500", [0x0, 0x2000000000001]}})

444.857312ms ago: executing program 0 (id=1098):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @local}, 0x10)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x10)
ppoll(&(0x7f0000000500)=[{r3}], 0x1, 0x0, 0x0, 0x0)
pselect6(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x20003, 0x1, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x1000}], 0x1)
write$evdev(r0, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000680), r6)
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000080)={0x0, 0x1, 0x0, &(0x7f00000009c0)=""/251, 0x0, 0x4000})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(0xffffffffffffffff, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x20000000, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x80000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50822481, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x70, 0x0, 0xf2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x36, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x80000001, 0xfffffffe, 0x0, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x101, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x400, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x8d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x100, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x6d1, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x6, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0xfffffffd, 0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe02e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0xfffffffd, 0x8000000, 0x0, 0x0, 0x6, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x9, 0xcf, 0x0, 0x5, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x6, 0x7, 0x800, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f00, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x413f, 0x0, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4000000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xfffffffc, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0xfd, 0x0, 0xd, 0x0, 0xfffffffc, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0xe, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa32, 0x0, 0x0, 0xfffffffc, 0x789], 0x1, 0x400})
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x5, 0x7, 0xe51, 0x1, 0x5479, 0x103d, 0x6, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x5, 0x6a], 0x2000, 0x808d6})
write$rfkill(0xffffffffffffffff, &(0x7f0000000000)={0x3, 0x2, 0x0, 0x0, 0x1}, 0x8)
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000003700)={&(0x7f0000000000)=ANY=[@ANYBLOB="e7400000", @ANYRES16=r7, @ANYBLOB="01002abd7000fddbdf253b00000008000300", @ANYRES32, @ANYBLOB="1e003300c0100e00ffffffffffff080211000000505050505050730024000000"], 0x3c}, 0x1, 0x0, 0x0, 0x20040080}, 0x28008004)

277.799163ms ago: executing program 1 (id=1099):
r0 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r0, 0x84, 0xd, &(0x7f0000000000), 0x8)

227.040741ms ago: executing program 2 (id=1100):
syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pselect6(0x1a, &(0x7f00000001c0)={0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x20003, 0x1, 0x2}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x8, 0xa, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

181.248646ms ago: executing program 1 (id=1101):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000001c0)=@mmap={0x0, 0x1, 0x4, 0x20, 0x0, {0x77359400}, {0x4, 0x0, 0x1, 0x1, 0x0, 0x1}, 0x291d, 0x1, {}, 0x0, 0x0, <r1=>0xffffffffffffffff})
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001c40)={{{@in6, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@local}, 0x0, @in=@local}}, &(0x7f0000001d40)=0xe8)
r3 = socket(0x840000000002, 0x3, 0xff)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0, <r4=>0x0}, &(0x7f0000000140)=0xc)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd0060, &(0x7f0000000000)={[{@gid={'gid', 0x3d, r4}}]})
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001d80), 0x331ec1, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, 0x0, 0x40000)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000001dc0)={{0x1, 0x1, 0x18, <r7=>r1}, './file0\x00'})
r8 = inotify_init()
r9 = syz_open_dev$hidraw(&(0x7f0000001e00), 0x4000800000000, 0x42)
r10 = fsopen(&(0x7f0000002140)='hfs\x00', 0x1)
r11 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000003380)={0x6, 0x12, &(0x7f0000002180)=ANY=[@ANYBLOB="1800000004000000000000000600000018110001", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000011408000000000018360000050000000000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000002240)='GPL\x00', 0x6, 0x1000, &(0x7f0000002280)=""/4096, 0x40f00, 0x6e, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000003280)={0x8, 0x1}, 0x8, 0x10, &(0x7f00000032c0)={0x5, 0xa, 0x1000, 0x6}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000003300)=[0xffffffffffffffff], &(0x7f0000003340)=[{0x0, 0x4, 0xe, 0x4}, {0x1, 0x2, 0x10, 0x2}, {0x3, 0x3, 0x5, 0xb}], 0x10, 0x5}, 0x94)
r12 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000003440)={0x0, <r13=>0x0}, &(0x7f0000003480)=0xc)
r14 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x80, &(0x7f00000002c0)={{'fd', 0x3d, r14}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r14, &(0x7f00000021c0)={0x2020, 0x0, <r15=>0x0, <r16=>0x0, <r17=>0x0}, 0x2020)
write$FUSE_INIT(r14, &(0x7f0000000080)={0x50, 0x0, r15, {0x7, 0x29, 0x9, 0xffffffff8000edc4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x9}}, 0x50)
syz_fuse_handle_req(r14, &(0x7f00000042c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x20, 0xfffffffffffffffe, 0x0, {0x0, 0x1c}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_fuse_handle_req(r14, &(0x7f00000063c0)="99529ca7d265e2dba44891e35e7d5dab7921b730436ecd4e999a25bcf86a25f8f029c0dd50373e90b7cf7779b12ecd4423c5b13cfac186975cd723976f3c747612913029d42517c189364bc59d8ebad53ed1b86f8f66c99b1f9b5b40d78cef1f14f81815d53bdca7fef40607358db69eb8c0b1f6b0942ab4b1ee7ca8deb4eddef06381a3d1c52d6147fc5109c7c607591497a6b2477f60cc881d3219c96bffb34aadec3fa97250713cce17cd536721bf9c40a019531ed0bbad139e26a3d4d39b68ab1bf37cb1a4bd197a8789cb1940cd86d9e56713bc36c7cffd07a311f5bc2e91f16d152eb480645e85ec9b3bf09c7fa140dced0afd55d7b99e90a96e7748e2d0dc09672ac199ce529e631efe1783769819c182ca106f6184bcbb387ed246c43562d74c36ac3a7ec2f0e11f70bad0007c03bb9c0d2dacc2148cce4a4aea327c7319016ad146b52bfae0357f9e892e9bec61a13c93551cfa3d4f4bfa7585c93bb0bef01a9114f3dc54179cf9a57fe88f5cff3403e33c9d09e3e9c2e10f1f16894e1b59e3cad47c1f202cf7b756f2851fc96d09459c9a8d34c19e6a3525cd5001aac5181f57286d0e1e88ce5092c7c76b6abdaebf2c499aa47587b48eb12a2b72548c190b0324ebedb81a63333b6edb25550f859c5ccc404a944ff7f61af8800888192fbd4c8e0e417d1d181b4b335a6f52e0a7dae18397e81e3f747cab7be902ed903bdd6a622f178f9b4244718ee1206237257374d2fd1466ab6135ef7ef4a114ae170eafe9cd78cf9ffc36974cbc4b8003072bed78765a0b9f1240f24dec6a9e46db9bb498d40f727c0cbf8f4a6a49539bd0805caf65d80130d7fb60a69dc7ed890874a17530c042cf33a977d331435d68ef33885f638c777ad49564ca77d8b81ddd853a21cd55d95b627310dd633a4f005853a5506cd8f744c367f3cb6998b0fa97de6bb35b166b0c6408c4e0a38ed26235a88520c38ca97ac8a6dc81e6dc6483d383fa09f198997b8eea1c68c9e3320683c9a02dd89ddc34c241e7294ccc88d6b35762892e8746e558bfbc2251949f2ecb763dad5b975eaf36e2864be6a41d3e20514d32f5d4b6350dc7e3cc3a85428ea98efb3b1edc2a2ec1e618452949cc7e2ba1251990168fee342d4f304b7a7af9162bcbe6b09c75d7420d2c547b4e3cee1836df6eddd5dff73a4e308fcd8eaa7a33e6980a6f8ead03257a37d72d3b265d02fa42f57db877654ed513e31c35e1af0bd28511d6b57cfe07b27cbe9767a534b426dfc3dd257d5899444f34cbf4dc74b9eab2e7e3e1e1a8a6ac5e4359d653506b299a5b7c67b92dc462f1216655f952362a3387ad9966b606d98e8d1b544dc27dc6bc78fd18a446736e25c51143db9886b6c09812d5825b5d9e0932f218ff8bea4d9e1c4df9c9d4eb19336d48163a921c4ff1f0beef26b01b7e8c0d23fb59b84e229eaabb791f2cffc9aa4db75162cbfe4c9ae8d76a5b6bc4bff20e3f8f125b9aadb3e728d7f78d61fd55f46b7f59511b876e6563256686e44f25cf38d393a9b762bada272eba8df28e4086c4cd2fe3c9fab97756fb145373e6ca1991bb1ee6589e49c821ff29f047970819f88f724bd077cd3f0ae463d99b3e53078431e3f9bebabc5289a65479359efe3909186aac60a29f561de8c590988c913c9e693ab8106e8287f6565eee6735f7c88cad7124d1c8d9ff347e97912824088ee954de01c6d8a06447f06899607eadbfd078bc3df506252005749378dbd7399c9eca60b81dc0d88dedec31e5cf6e7b6d6d411958df8f9e0bf4443e8d3bdfe49d05f811d17088024d0629fc8ab8e05e309bf55e8e60d342623765f4e8d2dc4a90291cd4354ff9568c8170e6ea56e028bcf2719595253adb8c84050bb9ce4927a1c1f4560da87d109ceda90bbe45a1717763d8025f1ff40f157185ddf17079da272ae10c4f34162caf4b0d31221a57b3059fd449c87554d968a54b2eebd760dc3263c40d9eedf5905d5699d29706ea6e9e81ff2bf92489a06deffe7e978661f37a88450783e23f107c2bfce000dfc91c5fca49e46d9ea978f215a45984699f0d2503b30a741e13be56b7abe3e5663c0825c3cb04ead44ce97719c4ee6f4cdd3c452775ad7163d5c9034583cc2dbc2b0c04917a3e1aa3d0a8bb6fcf94d7922eb1d543c09185827aeb1b72ae7103ef2c014af2ff4b47fca40fb0e66ddf0264476d7a84e9b8dc551d4c407bdbac6757f7a25bd404b45bec1091696203cc438860131ad5f2fd80e3c45629864dd9f7d302b66fb8fb86735c9a6dcf8b135a273dd2ae9473bc905081be9fcb8f91b1ddba1ac692798dac0b9ccffe0319a779f5e10c65f294b22fe475283b023f9cd890e92c5447b1bc1528255c5af383bc1fb6e72cb9a67215a9e25cde63c89baa8c7125c7e8b748b728d07d9cb66778404f54e6a9e3ae1ae82f3d0ce77199f23f94a01b71b805b476fedbebeb52c83a1b857f23ba438c56a6c4c2a5909f721e6e3d240e4a16455e92220d13022ce7ec0b1365ba4e67aa6ecb324f8826579e12cebdfc0d8af63e83b5e5624d5b791f99093f9a27f7baea9fd10111209c0857a04f07408111063ef34026aee27a3d51b40e53883f9094402534bdd21cc49d7f5593e99cb204cd805bee4add0f82cf4b6dc5da14d6b79fbc68c9ccf7fb5fe774f8879e13079b024a8ad24bf123c420d630837a84ba05abf0ae4dc3fc04f25c7f74ff91d0d609c958642a48551e51b5c0074a56a7da10ce153b08cabea636f8489d8e7b655758a41d7f7474c9d76bf4d54d789bfceaffef139854065de6a94b0275a9626aab99ae838364b1a491e55017e4212b6b01f7a41bc9c215ecd17c49a8610db28c699259c58b81a0e84c45fd8e719c05c48501c49e8a6515044d247f58e4cd0bf22fd6ae31f45339d1f801196d426c52269b1aaffaf18e2a03760bb231cb7cefa6d72f1d7eb6a3bbd65d0914221b8fbf531dbd562eb4a1b28983ac7d83d4813b10b34c9525ba644f61a2c4800d4fe96a7bca63da1041ed73cc57fb9d42f9dfc8ca41d80292bbb311c89b0a0fcee1d88a025a7416863342aea00e6f049cb2ddebd17c5c617ff562a8af0c965cbe8341431a30ea239e4a62aa2b19757a3b0de04229a9907f8610c27b26591405845bf8b5b83706ed18d910c4f68777378366ff565617b19168a04560a32ce5ad64aaef9f4377118c4335b24826cdcde78fb4bdb11498553f56d8dfeb3a482c70cc6580c399b92339cbdb3464fcc7b00e9839fd0d2b8b6db90c56b33593a0048bf7983421f29b1285c81a239045b96a9b0cacd70d6d9853206471f06915efc8d3ec4c50fb13601abc73247a656066fd7b329159b3ce9e3302b4c0d6aec58cb0946a8ee8e7f55f1af604f1edb4d887fa6292dc0ce57705c1a25dc62650c127d11a364b397aefc2fcc3a164bdc53165a461b01de9180c1461b309c75af0911b4cc1b8aa05652b62119c87b4b235c573aa15b1516cddf61efd6a7f8c953fbaaee9c0e800e8f519e1494de850ddb976864088fe0cf90bbc54395078ea2501e8baa84d6807e184105bc2a140b663416496886422643bbf764d406af06e7d086678828defda0b648b25666b7b5ea29e927141740d5be0e61bf25d40b8404ffd3c67bb855b11d4faf82b7b8051615c101c3deb0601a0fa9ecd8b4a95082ccbc8222b0982802dd8430e653d6eea2786dc3a91397135faffdc65a5bae048f5c463b1a6648becce961d39d063d28d1ad6dafcea0b0878379adb16cc0d4cea572abeacd9a168a4fe2e338092b5bc93ecf02ac6ccda03e5b23adf511fdf7a79442093233b79c67d3fdd3c36c96a8f67aa79e4743d99cf963ae6161877f73656eb0314d889f4b8649bbce8a759f90eac6c006197b54b2bbac7c9b237f1e3dc099c62a65481960e6ad697fc66316ac084ba99c60f58bf44ff45f3b2006cbc4196a25f124dfaf247e863a855ef6070deb45219a922dcf2be9bd01c340e1ca5ed7c3ddac9f7a677c5d00610991d21e0751ac8044585b39f3fec5b672a11a9bce32196c2003d01ea50b0f0403e16df188ecbbb74f295f01398363ddfecdb63a49347c912c125670205d7b6be999688df85bb7d5ac12b62b4fdc4eadcc2a9a7897028404f697b007603a0ad588c772952d6670ee870771774ad157c0b9cccd4b2192d835606198ea0c65036ae4e406cdc539ff3aa81fa20b7ab58d6f3abdb69cc1f503d593f7025d2035e7f21db76336efc2843a0dc9bd2eb8794718134ee68fc57d4d2bcc18969d08177f442b87433b48540c661940cf9e2462c53efa310c7e47487deab2ae15b1978ef05aa1e14110943f649d82486f710a39854409e74edcaf06b4a92d3580b9cdabf83c6351657698d3d5af7514f382e75d1c912cded577258603fc9ed002e010747cddf7885d34afc9a84d82696c6660cb5ecafb68b564908fc49c4db6a187d037241a26b1141cf20f2e968a53366db0f60b79cd98cf3c897c50b7b9728e6e7100f99e4d5ed2428dbd285516ca6660777a39b4b2617c1be5b0232d60b9c8099f5daedbf190109439c40b46090985200d6c0501313f3fa4d244864575c275faca47aeff32c7b3e3c59392618562a7c2d4b3af85a37a8847f595352024cb63d3a9085c2a502c6a3248f43c5fc828e636cb634b2d393d853ae2dc9605985cf85c060860a90256c7b574c1e01c320687a2bb0b2d51cc2950c485f2ffa5db0ad7aaf753f543de7f86efb775c6bac2989a33757a28836fd27f9347229a0004bd2e546994c69c678fe5717f613f905d945c072004c3a80e0e54215e19ff9972521890d4e705e429f16fc35fe5a15f2e6b75cd719d38f76b087b62e4b5dcdb35f4baa2bab167150bafb6c69e260ca51004bc826d46b77c3f67eaa08497294868e6d91b7b867e4da62052f4f891677256cfbaf19cf32bad99a7da69d8a66537686f89a58d78c7eeaa99cd38009a1a32582bedc5c718e57b19cd405ae659a89909356a07fcef89384d160fa5ae6683cc379642aea4f0c915f72d679bd521399cb16112f2abdede3001400b4a64d2173e153a68631183679b56b8f389ba889784133453a7e892fd3b092f5040870a3cfd6f982990143e7c0882b4ff4c5d049192d36925a25ae4be441aa30dc7e74398b340c45b52c73ed3b0cd640e3cc9fd4be24e7355f386106f65895f1ee850b2a781d1d1d322ca5a3b0fdb78ce1eda048ece94af25437969c99c58c08f1446ca5541e03987a20fd75283e3e116dc4c9222ab7522e4ccf6da14aef49cac9a6a2cd4aba1c54d49e6da4179a66b84e384cd3da53908579b28c11d525ebdc4dc69074cef8a9ecd3aab98f2858769d656b46141c3a4e69a5ed6c0a732c9ec1fce080eaebf537fa5e17236a44ba9c931f555d193e475ffafd20c53ccbab607c1a15fd06742a64691205eb0d00f7f40e4dd8efb279cf09b2522aac0729a631aacb92d5cfa2ce6bb07385b981890b5916755d5cc3a51c8c36bd2987068cc24fcf73840895469bbb9aff1059601f771afedf0a48d5921103920515b27d7e607951982feba197df8c61600feb3622b9eea13a4db4068728cb98cca76cfae197f6258758490bf41673ee29acd91fd296ec863c646e0ca6a0f0e9de146c663ba13d962964d7c32804fd12a14c1ca7212ad48bdfab469c6570dca562220ecbe7b6b163ed4c9361c5c10bed5c92861b8786ada20a99245d282e4454187ec02adfe354e30647cb10661c85168f7958e3ce69ab48c9455214707a63c9b1167f0845a6bfcce2a96cd53eab430f13cd527f1666290719a47c517cfa22fec2e9916af8aa93c78e567993d7fb8ee60fc4b903b8c67a3658302c5e5f35250c30427e4c055b6c54705bc599861f80b7200d361965ff98c88cc698a2615cadeac4bdfd3d613377cea52d2bbcb7e6b78ac31d4b2c33eaf0b2ed40b963e3cb25c7dfea3ebfe7b4aff2aaaaf184dc80ab649a108e2c830ce7eaea58a263392aa9cd13d7f7bd607dc7c804b19dfa41b3e5a5155201a87311e22062c93896e70f3a5c4b03521300b61cc311ebd5beb9838d0ed207c6bfc99e4392508e95804b10b36024f32e1fe1138e9ee7773f797b2bc6be7416f4e9691ef4c2a8d06af6c8b84bd1e6fd1ba3d3183475ef6c139ccf8dcf37671fbb96a2ab5e0e042f7c4728cf30bcc1a0de28a5024276ceaa194b4926e7f6a97b78bac36e47f832d56a96cd266434d37bcf2c2f57877717d91b1854972f832354acc207a2ee8caace7504e0e6197dd7e64a01c4c67bb2de8acc0cccc6c6bff0b0cbfe345542c5a795dfa48cc0990ab5702574d36494bc44c20f5b324f7c984d986cc8cb40cb2550076d96a069b6688d22171beed2dc5b6ff3ede8fff4c4a9de6d3817357a7ca7d24d87300b4545ebbac8cf7f09ec637a4f4d6bd07673709b6c363a75ccef585610c5f15de7851b5ab53e02a757bfc3caeb9a9a8996beffdc0cfd1201b6cd99cb035584e51a6c15a5d2e17d2f8aa6b41e26809392fac6caed1e02a53dcea8a413203608780dab33315a76eba24d540e4c5b9790420834bc8d4e47bc65ae52a54c0ff308427a8d7aff746aa6589d17514e40fee5d0b3533cf4ad2c5f9d96db9f50bd69ed8c92b860e199a35cf268c66ed13516a3b4b024f62d4b2a656067eece95575bdb4907efc488a9821bc3a9c81dd11b2128b7a01aa7a9ce6e73de3b4e9beced70206f91575baddbcbe5722337953c8016a0f4b62120d776c43b7d1a879b692107954f45acdf8967dcaa994aad4922d4fe093e16c2d0090906f5036af99e50bb09b04e9c9b3b5085abf621297ce203010249cede92e9b66b446b86b43eaaae228dfdd3b4408c12b404bb727f7e969e7da04fc59900112bf8d38af0416dc616e75f167aa1352215f07115a6f4eb6bb5fff6f5c2fc9ab906392036b44090e65fdaf017dc53bc94e0807d679d793df18cc44e6c846d414cef1569530f7692daf91eaaf4ae89fe2522f2c9cf33b6ca508ebcd006bc1a61f0c800553aff9dc7d57200b25ecb83e1e0b8cd29520b63aa649d3f71a62570eee56e03223ddf31f0c04fa686b7f6dd054e7a259d9ba335c2c5b2c508897506c0db7f01878dec1411c33f0af61b81dbcf9ff8bdc0c50044963a79f3ee1462150c6bd03a32dbdfef8d72f0b8b3a395ffb0cc85792e7bc867feb5e312cb64e29e193388e9f173c162f4a1320a6f99ea3795fb77d982605959909a1aa11076fcc779ea6b80ec1bf0edfc2569ec04d15a0bdeebccf3c75393dca5e81663532f8ced12d08e4c2ae6e2954d427c7bf053dc4718f56f453bc88d74045bd2f9747aae9b5298a0de927f1d6b1308f4e1483487f083e71ed09298deb52bb10079b13def7453eb432498069edb5ade70c5c54913684d934a3febf78753ac13300a91f467ff3f6e2f00898f015d08f7739047b321b3eaee5ad8aa7adbf7833f014d8c576a491af9fca6843b327ed513821cb3951b2e67a275225d7af6b382e2f955adaacba5d1fdea2223202dee132b91d5cf381b51da94145255f584a70c5e8d11e06a44afa6599bf3ed0cb61703eba254333af53afac60e54cf6397f9f7302249ab644f0b576c713b15007be1f4f9bb213660bca8a70251472b86669d361ef968f542e81ddbe8f4d2e9cabe8d7bf6a31f14a2cc272963553a424c105e7750437ec5bf316e30ce60b4b0c27ccc1eb27e60f6472fef27654da49905ff9c01b28695310ecd8701aedff25a83da4b7c41995f902bdf249769dcb53a3efa894710dd66ba8745ae2253cc6b75a038183a0bee21226d48239320efad6727093e4f94bbc2fdcc216200d903c32bb9f16dd17d5dac423ae0696f3decc576b8f1fdce63d0532370af7d1e2fa2ca5c5d17bd88f5e3abb4792dac8689ca13752f83d753b06b037bf5a80a3748983790352775685b0414c9d74849fd217e388f904278ddb6b0abdda941b61579c796e2bb77a9bc363b18642c401faa502a31011544111b6eedaa369976c814773d83220a75f31026d6ad0b8b4298ea6062234db232bc435e096e84f740e55bb14d46ae04af0500aa5bb218aff6c76aa8a8e3140a1b0d6638538fd7f30fa8d992e53abf8af2fbc16b9e8a668c1aac72cea1a746ee5f7f3392a4ec8f1d19f2f426b6069b1cd347cbc38bceba96ce5da49198083403143c740c04639cd1089abb34fe812d85921c47437604f684bca44a1eaa965c0a6e1c1fd1f70ee932af3455b36184cc15934cdb3f28959d37d8fc10696f8ec1e4b0c3d1b9ff74a01b796d1bb68954a3768c8bcec741b3b69da892f8922142b16b2cabb469a9906b34216243fac80374c10e178c5fd36440f8d7a8588a9c2510d86ffa8cb68ce8c330d2111c94724e522f04573dad43bce252eb505d29ca9379a6b281519d38b7174f3ae8f185544f3003c936a7e6b23ca97a313aac6a061caa45fda73522f3061767bb4e33dbe4bde390eb0f07225a8aef939cb6ab2ada10c02527281abad394cd4ea9f59467a08b72047cdb75d7b2b98e5b4542554a60f953ac7a4b980f42518eec05ff2c044549cab0cf33eef36dfbabcbc0300009d898862d2194cfcdd9a713c30bbe52291105193656ea5eb830873ac956469d31689cc3c69edb5cb9a6e31ce3e6fb50ddd4e52ef9fdeacfc0db21e1e83e0d8d0a64f17cacb4dc208a893e7fd8ffa86cfc554dfba3d9fd281115eccb4b9d909f2fbf3fbb66bedd7b5db3f6d4f076f5d8fb54f8832896f8ef6f624162f1dd589be7a8e87dd5065708a8b0bfb18a5c2299f5605ac8a11c1add55b2018e6099380a70bee3e0727ca6ec58928fe6eb3147b47401e8d822eebade713b58335787669e5e0de5d328a1067df4cd9124665bb02ee8adfd1b3618374ef167df1f0fe79456f78aee3da4c1bf397e4637b0cf41a0f4a2910efd02b17bf5f3c15b0084b36fa7d4e85a53e5be366b428244eeba7499c3e54397227928e2ff6e583f332d6f7e8cf4d058f379b58a7d03a4bfa454bb4b6d543804b8970e6a9fe8886179eb418a8ce9e509e8433571f7d32378f2e983fa418c8c91760ec9fb20968e7fc23b7c4ac71693b2576ac0f8ce2020ff1e7a7ff24301b48b544fb29a1ca4f2502daded865e488a16dd33ec67b2eee3025cdc5ef90f253c4b5e0a61d51e495b675c5a1d55b4ba3812c5f44cd08487e61d36b0c2dc32d27333a5ee8a0906bfbcd388bd9389d1509912c0471c7b706a5aff880569a3fb11ac5f14d780deb4c1b1afe30fb6b8daf87b27a4ceb869d587a97f2f5af8d819aa47bbf207db68a6ecbbefb1e109ed0bfbbf3b54fba9e79de8fad9c3bcd3e74b8b92ccea3ff5c558c6cd72d78a711fc39df603bd4aa1439dd302258edd2204e52d7f435c6f552b612fbc321bea971195cd4d8bb033e2a779e239164d7eea6d8fd233b0b9b776246564cfcf44b31a83031a2413bf98a398c9f93da243cef9ce73d81bade8ad551fb0ffa75bc874c11d23ac9d7752f22a0f54c3870f3314a83e64332db810da1ebb288e10c4eb9be9ec037317b8f813e68160a887da3f5c0389510a0734b69ef275e19973b169d340610cf2112e9964cc0566b9b690c3feb36c8526491d3a563f0bead2abbcf0665e048aa3f929351b2f89876580633a403250ae3b5244c8c0e996bf888938dfc8920348d88e272e6eadc7c0387ca1dae228bd620ce3975d43b58758d9412d304a227245587065f58c4573ba2557f1d8333ba007709b1239d682f03405b22135757178fb701bbde81d2f8faaa7666c025d8a8bb426dc4b8e61aed79b3b3d3a9b01ee9142772d869677ede166e7a8be8ab84cdd6946b1478ce77ba307213971cfb24c86c344310f279e38d22254bf4caf83c02e715cb0550e615dc9f8dd2400fa749e3527493c15fb454c158e4c0603ae6e962b7890058ec7c10f0618ee274a15bca6ca9fe5bc5f9e7797c0950299912be9c58463c07d667d4bffe8aa590ae43db08512b40f3d265026bef2facdd508984e5f6d2ac7ef573397f14ed2e2ccdcbe5796e60ae64d173814906d1da5a5bfe8a2a4c5d6bb0b3315b878b4877d0c045f6e6cfa0dfc1ea4de7abe26f2b2d8c93299ed1d83f1b7853c756bfa346cd53b008fec169883983fe0f2405777dd85e17b2e4e8b23432c0dc4c386d67b6597184d0b4b95877362304638484cc0951400f66ee8391dd44417c58b3d46a8345a8049fcd70f7b5f4a6f912e2b18760947c74ef2b732b342878d7e7cc99902de87db36469555fbbfe76189f108d6ab31f4727fe4e22d075afaf6cc726ab17a5e1b4ab6c8f29a459da3c4266b5ad8ff55906a190f8b19a3bb92a50df49647c03d5d6106ec07e9300038d059a75b54ac31683ef8e5eee946e1c84d016ee1e7800a92c0a3823b62e0417fe86b191951f65abc0c38c1e0e8f1121a04b62a8a720790560f922804b1b7e7eaa497e1bede6e3d0dcf0312dbf221561958fa1e85a8f99e6fc82f919e78c17d1beda16cfef25fb5d00f7c32df9a51eac76000c988ffdf011564aa0e319764b16a5a7c728a470ff70772fb76c9ada26a0ac073fcbfa12501c2454b19e02d928e3939a40bfff76c002533b3849cdf8016728445131e5f1e292b7d3dc06bb3a3cfff6fabae0b7341694a8938c1d2497cd70b76c337c9a312e96c8f736d7625a535e1906eba53d199221ca60202a65be0f7e530aca10e61fa39c7601d65954e5ed4cab94345c6b89c7f8a0de5c61a7945e1564731b6715331d13263b2961a163382f7c4934d847033860e402f3aadb4f3e6cf47a97a2031401da4d2c8de8c80cdad71b97b4deb2075a02282f958ac6772354e67f097ca693778224b80892490015e7d697fb9107f75cea708178ffec93fb1d44e8493bad1d42c918e661219ea819e0200759037a5a585c0fe074fd407536fe58013f42612c41bfc66e16870d7a9c00ee93a3122b253fecbf5de3837641f4a1376af0f053463413c26c29f9a346318565276856b963da30ba6ab8c4c8ef6cfddc432328586d9d9829895835759bcde0851ae0c838a3927ea63fe5ba793fae94da61cab00fc05f3a265a2da1221bb2b66775ed7ba856b41011652d4984991e56249360ddfc997245ac1547a1c16382d42df383a8d1c852643b24895c422712e79c436fdfffece4ed1c50922d4f25296aaf6b204522086d188bee254f8303b60537ead1195ac5dd301286f0042dd68aa05a70e4beb779aa0b61a316f736b72c9ab7ed860a0908a078f4b8a53f2df0abf993f689de4b02b9138ca5047fb0bfc9ba3b92bff033e36fc9553260b008cef3d147c62d1d3944fd1eaff79bc5a922ec2190907bfda1b51c2c7fb867db1f8e13a37b5e3ae0165e93350b958a239ec1f2b78561cff854b975307b5b5dd23b040602a5a36bd79947ee04c7d0e5e30f9c4c79f7b4e6eada98bfc6c357cdf8939213423f1b21ba26cfc2b2756ea3eb992372db0ab8a7c37d8ae96bf3ed6be873c1891550ef741812032e1ae938326c399ee43a3061602dda006f1b6b620bebb6a5752bee77e8acf9921ebf4d4c8af7eb5e937c65697c0664c594e31a62377a25605051996c474ca322ce8e0e6ef8a7988be", 0x2000, &(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="a001000000000000f9ffffc12b35f1ef4ccc38627cd8dc38ffffffffff05000000000000000200000000000000030000000000000002000000000000000500000008000000060000000000000009000000000700000000000000e7ff00ff0000000000000003000000000000000000000000000000ffffff7f570000000300000000400000ff030000", @ANYRES32=0x0, @ANYRES32=r17, @ANYBLOB="04000000fcffffff00000000010000000000000037050000000000002b000000090000003a2d285cc980000000c30000f3397dd86d4d928d24d3a461b60245898556c60000000000002b133b000000000000000005000000000000000200000000000000ff010000000000009100000000000000ff7f00009e0e000000000000000000007f000000000000000000000000000000ffffffffffffff7f0600000000000000f65c0000000000000000008003000000050000000040000003000000", @ANYRES32=r16, @ANYRES32=r17, @ANYBLOB="ffffffff03000000000000000500000000000000ce03000000000000290000007f0000003a2d285cc980000000c30000f3397dd86d4d928d24d3a461b60245898556c60000000000002b133b0000000000000000"], 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000034c0)={0x3, 0x4, {<r18=>0x0}, {0xffffffffffffffff}, 0x6, 0xf89})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r19=>0x0}, 0x0)
setresuid(0x0, r19, 0x0)
setreuid(r19, r19)
r20 = getgid()
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003600)=[{{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000540)=[{&(0x7f00000002c0)="b496535352ba61a882eafb56031f2283d3263a7de82619b69e9e44d5cd8cda8267e24b34fa372cda13272d82dc25632bda57e42618ee92433c00149ba5942a567e6bfb86e05537f70a4ccfdff7e21b87c1015d309512bcf3bc550fe8d7b255c7f968fb8058ab63863fea3b1c47198e81489b8eff6a2b6be1045f5377f15d87b472bb7a66c4589858954c456094f6c3007861d77a208875dcb3eecc0114b695a80b23567de5378c51f640db1b240375f3aeb673f3", 0xb4}, {&(0x7f00000000c0)="449bd0cb4fa6cc31d3a79a770de7cd1fce02401fb72bca626f5fed15f5f1aac80730323a73", 0x25}, {&(0x7f0000000380)="4256d87cfd8fdbfbbbf45cdcc0a69d9962f7bdad6cf8b994efd10366c85414ad9ed292d88f7f85d3939f9efda05ce4387925efed9484b1fa024613274468329d1ce5d5c76640ebc35a6e6d5e4aa832e9cf860c47fb16a8fd9667dde01107a1e3583ebaf4ba83fbbbd0f58999e080b292f5f51496d6a70ee0e3177f30b9e789c7db299b387ff068b4f6b5ee0e4aa48e7bd2f0f2882fecef806932c82681a845eeddb5445685e4ec9c01eb682bbe5fc075cea45b6a5c63d6072907f819", 0xbc}, {&(0x7f0000000440)="5dff37f5a8cfee037a7a9445ec901ba90b053c3fcf740d91d5a0ad17ce844b295a62a5233ceb5b431b05c873065afcf6f81304f88206b7b68229dd6f8a5a117f68e4884d0e85a90167dc797692593774fbd1c1d519206136262ae211480c74e0db59e7b71fbe80d0661e3d7320dc6ef4e9992b13ba1b53d189b3d32be17d780feef2566fe3a59674b9f3a627808ec198c57ff1287efdf0b650995939343f97217287edc29284ed547c605f24d5bc9830d6c362995718e76735db3fd9e040184a66468b4968e89008b663ce13d633d80a0c9b02631920a60a1f5295f9c4dbd67f11e3b43c27836718ca9491604a02a60b71c934996b6e74772fd901", 0xfb}], 0x4, &(0x7f0000000880)=[@rights={{0x28, 0x1, 0x1, [r0, 0xffffffffffffffff, r1, r1, r0, r1]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x68, 0x4004001}}, {{&(0x7f0000000900)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000d80)=[{&(0x7f0000000980)="308469449b2f8a3e81434d63c6ed29d046cea9553a29d69dbafbd57a3c7a3d2451c48b3679deec9a8b0afc77f5583f657627f271c9c95a0b6a648dc0f4446d0ec04e98effc373d2b64af3271727151a48964b0832954ef6a2f4725629ae18483e47f0d08d0758958937de692a590bf9a01bfabba391416a796a1ab25ddeed252be4361f7f667ab17a0da4adcb16adc5c8cb861e754ba0693b3c8108890da49b82d524fc63adcc11d667916108f7a9819add4b7d6ee2eb632889a735fb7d694511bd15946c38c60902c8e3534394278966a4c79ac4c46067ab0abdd75f5", 0xdd}, {&(0x7f0000000a80)="a1b3cc89b6a8d8586b9c7dfb7e4df48cafbe069aeef20ed7b73af560b83bd1bb8d4f9cf1718e8744001654563f426ebab88a6b216459af5aa49f80c084a35c1ebadffabc10567ca8276dcf015bb9f24c12431afb1a1e7461537eb124f88419d82bf5181aefc7ba115c04bdc7f433dc8f81473c5b81812491a7c40e56462e0a827a4cc64ada423b56a00b86fe43dbf9cfea2b0a5670b906910ff64cfa69d969caa79cc10fd35abb20c6e937a5e9b9c45163a2f79e1f79cfc4e1356caa", 0xbc}, {&(0x7f0000000b40)="e8cd56edfb53c32e7dc28dc9108d612d", 0x10}, {&(0x7f0000000b80)="8ceea8848e5ceb79efede8a0b37b9cccd54cfc2d106029be69178d7b1905c2203f", 0x21}, {&(0x7f0000000bc0)="acd1a741191e684fe052420e4aadcff35dcd9fd010f95fed1943680c834ce8fc0828678312a0cc9d9ec80c900466621c002eb5d1053ad95f4b9ed89443b44570e676cc1d811183ac52578e429ac6cc9bee566fa68e88834a4cfce64c129dddb23fef48b361c2e46801ccca5f23875fef6fd3dd3da492be3e1798b3474e8740fda1a683a1fbf3c1ce110d13ea8cd78a0cbfa6d5f528d54470ff505123a20073b0dff6527585c37980ff4a93766284355c53919c0c6e4252a83edff1990d8bd92e65258554a92bea56c885a0fb92f4d55ca4337413a6de1c79589a4c7dd91650422e5dc5e7f064f111e41253", 0xeb}, {&(0x7f0000000cc0)="6332dd22d9d20b957ea83bb53b47860f6113d4a702d5e347055fcdd848241735f9b1024cacf11eca8845ab6d0aa3f59f67d6871195af59a1d4a9a64795b7d3bd28a91a6ea17e94a11a64b74b9dc467f395184f89c82931bd106db06770", 0x5d}, {&(0x7f0000000d40)="40a600130502", 0x6}], 0x7, &(0x7f0000000e00), 0x0, 0x8040}}, {{&(0x7f0000000e40)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f00000012c0)=[{&(0x7f0000000ec0)="c6260dd29d5ccd90faa4e74f39bf15c842a1bdd7f83a352f89ca987e0bf1313967644555b6ac78a08eb9304be0b356f05807642176e17d6bcd128dae717ca2aabda70f4d3066c66c806ad50ab4fd52933fc229421b9e5fc6e649ccdc561475faee4cf8836aed0c27fbd3e613c8", 0x6d}, {&(0x7f0000000f40)="99ce684ce6333feae0cf3d5d34991669c3ed1826cc746ee873e352fd575a6a1c349a90397acd00cab0317a3fc236afc876e482199c467f982e79c3f89f48639554499e5fc0e602017d776822a57c42b70605e8906c7d42cee0531873116320a57978473141be382a727387afc2e0f2ec77a8541e20ba0a344e85cbeeb5bedb6aa0b66f12467b7204866ffa32", 0x8c}, {&(0x7f0000001000)="4edd722d9e657b7eaea102428f375c2e799c7cf7130d76bc192fd2382a037e2ffb3e0fbe3ee97be68887180c3245d88c2090d60ad4dd39f7c49c740643e8be6595e0a1bbc6e35b4a7e389872b135d06b127d9be5b4dfefa4dd0433b12391f4fbf33ac2642436dc6d70d4f93359b4e12035a0c4412158af5d0c784cf789143b653882eb43ee0f5fb43f347445a0e16af66afb5ff986681e1cadc7657d5f883088cf42b9ef3a656524c84f512c0d34989354fceaf828f7b9bfd7337bf79d0eef8b91f319318e", 0xc5}, {&(0x7f0000001100)="e713d054917f09ae1fd9e0d7f325ea267e831b9b9e827277f54d7b4d2b78471d0502ba979fe5bc91f439249a73e9a800b5a15929c18d1c94627b3665c8b41a24194b1b27cef02868e0bd7ff1c24080df35f93ec6a983cd757d0264a529d01de46d809f0412314424300e43110ff93d772a462a20fb1a51aba2bf92222659c87dffb34c27dc0c2e7371406c666aa7f3343f30c3696cc3ae3e32388a6d8310ad7f9f82eb83eae2a7bd3e94f8995c5e6b0cf63a6c783f4ae61b8799e619f8ced04febc5a898d73c6b2cbe3fe70cbacf8dcb8152c222b61c8414b4120aad2aec2f8a9d179c6f315ddac4c7926bfc0bd8c42b0a111c2e8321aa", 0xf7}, {&(0x7f0000001200)="f46d631604e0bbab1a8ebf51677b24605c6518c2049cd8b6512e892b9673720cf206a46893d29961d518f2f9ec8fab8fddb5c8f87911ce367dfa59d5948408d9bb3d36ba68412e2e6551c80af0b2e8ac1a9626aeb61ca190b43dcc4a32e06ee5a50f5d3f834ebf8811b1d70da372eef64a96e7e7094757e0084ec7f223319cd8636231ca0371c5af1219d5b9f5bc4c582ea468a2cbcc036fae7f269ad27c51e4", 0xa0}], 0x5, &(0x7f0000001680)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r0]}}, @rights={{0x14, 0x1, 0x1, [r0]}}, @cred={{0x1c}}], 0x70, 0x1}}, {{&(0x7f0000001700)=@abs={0x1, 0x0, 0x4e20}, 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000001780)="08a667a66524bc31212e55f3a193f99ea94301b53f52f75a76b2481f937bdf5a54b6501a16b681c5ad8a14db35e130de", 0x30}, {&(0x7f00000017c0)="69e61cd4f4ed050bf44d4b823a0f3b4ae359e7bfba236ea5bb3c36b7bd1f2008be7c8e88398205b111e12dabe36b0ebee819f38df9b184fc06d1511e0465fd3c35c8b9f3ec0c8ab4b852941b3106634823c7f46a76882b6f1f016d0bb1", 0x5d}, {&(0x7f0000001840)="107c4af5991484f70f42c07a503a3e7450", 0x11}, {&(0x7f0000001880)="07310997ebf50200351c69e221b14a9b3a4edc28c58606ed1e6f5d92a28253978aea13fd4a872c0a30cc7ecbc7bc5e5434b8b42538c4f6a9bec940951b8addd82f415aba8f18da39b18f9324533d771d0db6d4df912fd5de6a62949eb4b79fedd85138d04cdd5c1fe8d4333111f3c0fcda7e00c73068e6cf14726d32b144d919907722af962875c6e1dfd5ef906674b0daf978ef0ef13236e8bafe74533c310c1eb194376ad2ec97e397cd8746d3f6c5642a775f6fc47b752c6ae41b8f082a861a891727a6317562de0a8db3e1a39ba347f404aabbb8553ce0adfd3c915f16799468db77dbcb621bb5149d28a1413cc88a2675b82d590c64e186b5", 0xfb}, {&(0x7f0000001980)="36f7bc5182c0c7425c12454c1e5711a6d5c2fdc8a7be29e35c08adf7371f467e1f01ab9d4af7b658f2d0489785ce263748b4f55160a93cb6bd6662ed164d52c2d8ca1ace86366504b1b0c710e7711200e173e33c5d28ad59318cd9164d190a05cea53df2b7ecfb102628fb227b6d0272ad8aa5b8420caa8ab212cd951f", 0x7d}, {&(0x7f0000001a00)="f312a58d2ea958a8642cf47b2677b8a367aab189f6b089", 0x17}, {&(0x7f0000001a40)="c11673ca3c1b23cd8fe2cae48b859e31cad799cda646696b52e085157eb38a1d9f89fe74ed6b9027e7937f6b0102be191f706c995be20084fdcdd237bb2211d0b6955aa8ca98246051d209dfe09ce833a9e50a6623ad330a669a73cfc4264e9c2af05e81828900f7ebf9cc31f46310ca83028e7301e3066f79c20294", 0x7c}, {&(0x7f0000001ac0)="407e540b07700533ce7382c4ad907b01606eab336ce700710b0d3552024a4a7424d6abe0a8951ba2be3d21c17faaaac16e82caff27ca9cb771df9fc69678267e01eb0584382903fce9a4ecd3481eaf5a66a843f86fca54a009f31a1a7d7202fd459759b41eef560a3774b8b68d94d795e2df4c61e662b66c27ca59b2666d4e5223f535104201957b96ec0b4485c9642ef40c553ac708b339318364c25c14606408935f764e85453341bc8bb0d1f3dad372f2d2bb0f68ad676aa6e85bafd3e8d2d28c8ca31ddd35fb90fc207c685f30e8f2af8c84eb0e3f48fe5ac9c117d013d2d0eda75a5ea355ba52bbfbd1dea2", 0xee}], 0x8, &(0x7f0000001e40)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r2, r4}}}, @rights={{0x20, 0x1, 0x1, [r5, r1, r6, r1]}}, @rights={{0x38, 0x1, 0x1, [r0, r7, 0xffffffffffffffff, r1, r1, r0, r1, r0, r1, r1]}}, @rights={{0x28, 0x1, 0x1, [r0, r8, r1, r9, r1, r0]}}], 0xa0, 0x10}}, {{&(0x7f0000001f00)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000002100)=[{&(0x7f0000001f80)="7fb2530b2e5cd180578ae99c11a5ab8e5c8176030f0cd60cfe9581999630f5ad18fce6ec7c1f237790e4057f5b120d5fdccfd3559c9234f5d025ad", 0x3b}, {&(0x7f0000001fc0)="1488ac357d63e9b59c3750b87201929537b0fdffb38b6852be994fa6adbdebd4a87795015dd7a6a3420326e2facdd51560696de5fa0d9f9ddc544476c4c0304086d3eaea8eeab245d0", 0x49}, {&(0x7f0000002040)="2c820405d3f59f6eebfc1d07817d830381b7431050106f0c16d9ae4bb99a130f5dcd", 0x22}, {&(0x7f0000002080)="e144dfb0db229cf5d1ed11a38f06d3b012b2b07205da3d2c11270efd40a79a9cab90693bdcc18b2e7af928177a04fbbdf29a62f30fdc0f88965922bd0472c25995c8ad08173e0e00d5fcb94133d76ea2ad4f449679cc414878bfaa4022b0d20bd170c3419baa5905ea5fa4c4e10975270a4780f1a3", 0x75}], 0x4, &(0x7f0000003500)=[@rights={{0x30, 0x1, 0x1, [r1, r0, 0xffffffffffffffff, r0, r0, r1, r0, r1]}}, @rights={{0x24, 0x1, 0x1, [r1, r1, 0xffffffffffffffff, r1, r1]}}, @rights={{0x2c, 0x1, 0x1, [r1, r0, r10, r1, r0, r11, r0]}}, @rights={{0x20, 0x1, 0x1, [r0, r1, r0, r12]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r13, r17}}}, @cred={{0x1c, 0x1, 0x2, {r18, r19, r20}}}], 0xe8, 0x8000}}], 0x5, 0x900)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000100)=0x1)

0s ago: executing program 1 (id=1102):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x64)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000})
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r5 = open_tree(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x100)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r7, 0x0, 0x1}, 0x18)
ioctl$sock_proto_private(r5, 0x89ee, &(0x7f0000000300)="e50ead1a7761933bd8e333f9d5e6f51191")
r8 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r8, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r4, 0x4010ae68, &(0x7f0000000000)={0x2000})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

kernel console output (not intermixed with test programs):

e number 27
[  326.029273][ T5934] usb 3-1: device descriptor read/8, error -71
[  326.345567][   T30] kauditd_printk_skb: 28 callbacks suppressed
[  326.345581][   T30] audit: type=1326 audit(1758556290.209:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.386116][ T9222] 9pnet_fd: p9_fd_create_tcp (9222): problem connecting socket to 127.0.0.1
[  326.418083][   T30] audit: type=1326 audit(1758556290.239:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.847130][   T30] audit: type=1326 audit(1758556290.239:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.870724][   T30] audit: type=1326 audit(1758556290.239:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.894127][   T30] audit: type=1326 audit(1758556290.239:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.918724][   T30] audit: type=1326 audit(1758556290.239:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.945407][   T30] audit: type=1326 audit(1758556290.239:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.969310][   T30] audit: type=1326 audit(1758556290.239:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  326.993508][   T30] audit: type=1326 audit(1758556290.239:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  327.085936][    T9] usb 2-1: USB disconnect, device number 29
[  327.096104][   T30] audit: type=1326 audit(1758556290.239:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9221 comm="syz.2.714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  327.303525][ T9250] netlink: 8 bytes leftover after parsing attributes in process `syz.0.720'.
[  327.394390][ T9255] netlink: 'syz.0.720': attribute type 10 has an invalid length.
[  327.429391][ T9255] netlink: 4 bytes leftover after parsing attributes in process `syz.0.720'.
[  328.043776][ T9269] bpf: Bad value for 'mode'
[  329.077583][ T9295] comedi comedi0: Minor 3 could not be opened
[  330.667800][ T9319] loop2: detected capacity change from 0 to 7
[  330.812990][  T942] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  330.825598][ T9319] Dev loop2: unable to read RDB block 7
[  330.831866][ T9319]  loop2: unable to read partition table
[  330.839785][ T9319] loop2: partition table beyond EOD, truncated
[  330.846090][ T9319] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  330.971830][  T942] usb 3-1: device descriptor read/64, error -71
[  331.423467][   T30] kauditd_printk_skb: 70 callbacks suppressed
[  331.423482][   T30] audit: type=1326 audit(1758556295.289:1441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9303 comm="syz.4.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  331.453106][  T942] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  331.469264][   T30] audit: type=1326 audit(1758556295.319:1442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9303 comm="syz.4.732" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  331.592062][  T942] usb 3-1: device descriptor read/64, error -71
[  331.699543][ T9335] FAULT_INJECTION: forcing a failure.
[  331.699543][ T9335] name failslab, interval 1, probability 0, space 0, times 0
[  331.734988][  T942] usb usb3-port1: attempt power cycle
[  331.737051][ T9335] CPU: 0 UID: 0 PID: 9335 Comm: syz.1.739 Not tainted syzkaller #0 PREEMPT(full) 
[  331.737073][ T9335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  331.737082][ T9335] Call Trace:
[  331.737087][ T9335]  <TASK>
[  331.737092][ T9335]  dump_stack_lvl+0x16c/0x1f0
[  331.737115][ T9335]  should_fail_ex+0x512/0x640
[  331.737135][ T9335]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  331.737155][ T9335]  should_failslab+0xc2/0x120
[  331.737173][ T9335]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  331.737189][ T9335]  ? __alloc_skb+0x2b2/0x380
[  331.737210][ T9335]  __alloc_skb+0x2b2/0x380
[  331.737227][ T9335]  ? __pfx___alloc_skb+0x10/0x10
[  331.737246][ T9335]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  331.737271][ T9335]  netlink_alloc_large_skb+0x69/0x130
[  331.737292][ T9335]  netlink_sendmsg+0x6a1/0xdd0
[  331.737315][ T9335]  ? __pfx_netlink_sendmsg+0x10/0x10
[  331.737343][ T9335]  ____sys_sendmsg+0xa95/0xc70
[  331.737366][ T9335]  ? copy_msghdr_from_user+0x10a/0x160
[  331.737385][ T9335]  ? __pfx_____sys_sendmsg+0x10/0x10
[  331.737417][ T9335]  ___sys_sendmsg+0x134/0x1d0
[  331.737443][ T9335]  ? __pfx____sys_sendmsg+0x10/0x10
[  331.737488][ T9335]  __sys_sendmsg+0x16d/0x220
[  331.737507][ T9335]  ? __pfx___sys_sendmsg+0x10/0x10
[  331.737540][ T9335]  do_syscall_64+0xcd/0x4e0
[  331.737562][ T9335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.737577][ T9335] RIP: 0033:0x7ff00098eec9
[  331.737589][ T9335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.737604][ T9335] RSP: 002b:00007feffebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  331.737619][ T9335] RAX: ffffffffffffffda RBX: 00007ff000be5fa0 RCX: 00007ff00098eec9
[  331.737628][ T9335] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  331.737638][ T9335] RBP: 00007feffebf6090 R08: 0000000000000000 R09: 0000000000000000
[  331.737646][ T9335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.737655][ T9335] R13: 00007ff000be6038 R14: 00007ff000be5fa0 R15: 00007ffee1dc6148
[  331.737675][ T9335]  </TASK>
[  332.135215][ T9340] ptrace attach of "./syz-executor exec"[5846] was attempted by "./syz-executor exec"[9340]
[  332.333092][ T9344] netlink: 80 bytes leftover after parsing attributes in process `syz.3.740'.
[  332.359646][  T942] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  332.403224][  T942] usb 3-1: device descriptor read/8, error -71
[  332.653721][  T942] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  332.695853][  T942] usb 3-1: device descriptor read/8, error -71
[  332.781865][    T9] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  332.855899][  T942] usb usb3-port1: unable to enumerate USB device
[  332.905976][ T9350] netlink: 24 bytes leftover after parsing attributes in process `syz.4.743'.
[  333.200739][    T9] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  333.241273][   T30] audit: type=1400 audit(1758556297.069:1443): avc:  denied  { read } for  pid=9351 comm="syz.1.744" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  333.276803][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.297395][   T30] audit: type=1400 audit(1758556297.149:1444): avc:  denied  { create } for  pid=9355 comm="syz.1.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  333.527549][   T30] audit: type=1400 audit(1758556297.149:1445): avc:  denied  { connect } for  pid=9355 comm="syz.1.745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  333.561908][    T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  333.584433][    T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  333.601337][    T9] usb 1-1: Manufacturer: syz
[  333.659632][    T9] usb 1-1: config 0 descriptor??
[  334.515177][    T9] rc_core: IR keymap rc-hauppauge not found
[  334.557565][ T9375] netlink: 'syz.2.747': attribute type 5 has an invalid length.
[  334.565281][   T30] audit: type=1400 audit(1758556298.419:1446): avc:  denied  { connect } for  pid=9362 comm="syz.2.747" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  334.586798][    T9] Registered IR keymap rc-empty
[  334.644515][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  334.665753][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input70
[  334.900439][    T9] usb 1-1: USB disconnect, device number 28
[  336.083934][ T9398] sp0: Synchronizing with TNC
[  337.374100][   T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  337.648701][   T24] usb 4-1: device descriptor read/64, error -71
[  338.221777][   T30] audit: type=1400 audit(1758556301.969:1447): avc:  denied  { write } for  pid=9411 comm="syz.2.756" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  338.241152][    C0] vkms_vblank_simulate: vblank timer overrun
[  338.366736][ T9425] mkiss: ax0: crc mode is auto.
[  338.571863][   T24] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  338.761891][   T24] usb 4-1: device descriptor read/64, error -71
[  338.873159][   T24] usb usb4-port1: attempt power cycle
[  339.221823][   T24] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  339.382277][   T24] usb 4-1: device descriptor read/8, error -71
[  339.793030][   T24] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  339.847205][   T30] audit: type=1326 audit(1758556303.699:1448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  340.009759][   T24] usb 4-1: device descriptor read/8, error -71
[  340.119476][   T30] audit: type=1326 audit(1758556303.699:1449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  340.142800][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.160634][ T9445] loop2: detected capacity change from 0 to 7
[  340.174048][ T9445] Dev loop2: unable to read RDB block 7
[  340.179598][ T9445]  loop2: unable to read partition table
[  340.185725][ T9445] loop2: partition table beyond EOD, truncated
[  340.191884][ T9445] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  340.223810][   T24] usb usb4-port1: unable to enumerate USB device
[  340.319248][   T30] audit: type=1326 audit(1758556303.699:1450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  340.342581][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.487692][   T30] audit: type=1326 audit(1758556303.699:1451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  340.510999][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.704586][   T24] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  340.867100][ T9467] sp0: Synchronizing with TNC
[  340.940627][   T30] audit: type=1326 audit(1758556303.699:1452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  340.981811][   T24] usb 4-1: device descriptor read/64, error -71
[  341.181566][   T30] audit: type=1326 audit(1758556303.699:1453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  341.407047][   T30] audit: type=1326 audit(1758556303.699:1454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  341.531981][   T24] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  341.851295][   T30] audit: type=1326 audit(1758556303.709:1455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  341.874613][    C0] vkms_vblank_simulate: vblank timer overrun
[  341.880629][   T30] audit: type=1326 audit(1758556303.709:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9443 comm="syz.0.764" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  342.092106][   T24] usb 4-1: device descriptor read/64, error -71
[  342.222293][   T24] usb usb4-port1: attempt power cycle
[  342.666238][   T24] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  342.742298][   T24] usb 4-1: device descriptor read/8, error -71
[  344.247504][   T30] kauditd_printk_skb: 47 callbacks suppressed
[  344.247519][   T30] audit: type=1326 audit(1758556308.109:1504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9489 comm="syz.0.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  344.284250][   T30] audit: type=1326 audit(1758556308.119:1505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9489 comm="syz.0.771" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7f78eec9 code=0x7ffc0000
[  344.523578][ T9515] netlink: 24 bytes leftover after parsing attributes in process `syz.2.776'.
[  344.942842][ T6025] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  345.092085][ T6025] usb 2-1: device descriptor read/64, error -71
[  345.402900][ T6025] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  345.561924][ T6025] usb 2-1: device descriptor read/64, error -71
[  345.692146][ T6025] usb usb2-port1: attempt power cycle
[  346.100174][   T30] audit: type=1326 audit(1758556309.939:1506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  346.250856][   T30] audit: type=1326 audit(1758556309.939:1507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  346.306844][ T6025] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  346.369054][ T6025] usb 2-1: device descriptor read/8, error -71
[  346.405290][   T30] audit: type=1326 audit(1758556309.939:1508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  346.649571][   T30] audit: type=1326 audit(1758556309.939:1509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  346.771808][ T6025] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  347.587843][   T30] audit: type=1326 audit(1758556309.939:1510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  347.611314][   T30] audit: type=1326 audit(1758556309.939:1511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  347.641808][ T6025] usb 2-1: device not accepting address 33, error -71
[  347.648899][   T30] audit: type=1326 audit(1758556309.939:1512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  347.673461][ T6025] usb usb2-port1: unable to enumerate USB device
[  347.680996][   T30] audit: type=1326 audit(1758556309.939:1513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9530 comm="syz.3.781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  348.001825][    T9] usb 1-1: new full-speed USB device number 29 using dummy_hcd
[  348.405810][ T9573] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.485917][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  348.509296][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  348.576244][    T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  348.634320][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.718435][ T9580] loop2: detected capacity change from 0 to 7
[  348.730091][ T9580] Dev loop2: unable to read RDB block 7
[  348.737497][ T9580]  loop2: unable to read partition table
[  348.745288][ T9580] loop2: partition table beyond EOD, truncated
[  348.751549][ T9580] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  348.793887][    T9] usb 1-1: config 0 descriptor??
[  349.003949][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  349.010584][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  349.037804][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  349.209671][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  349.220669][ T9557] dvb-usb: bulk message failed: -22 (2/0)
[  349.237055][    T9] usb 1-1: media controller created
[  349.338169][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  349.390519][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  349.409989][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  349.549885][ T9587] mkiss: ax0: crc mode is auto.
[  349.626189][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input73
[  349.714167][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  349.791755][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  349.810589][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  349.810603][   T30] audit: type=1400 audit(1758556313.669:1533): avc:  denied  { read } for  pid=9589 comm="syz.2.794" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  349.907351][    T9] usb 1-1: USB disconnect, device number 29
[  350.064467][   T30] audit: type=1400 audit(1758556313.799:1534): avc:  denied  { open } for  pid=9589 comm="syz.2.794" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  350.094277][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  350.103749][ T9593] bond0: (slave ip6gretap0): Error: Device can not be enslaved while up
[  350.747553][   T30] audit: type=1400 audit(1758556313.809:1535): avc:  denied  { read append } for  pid=9592 comm="syz.1.795" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  350.772813][   T30] audit: type=1400 audit(1758556313.809:1536): avc:  denied  { open } for  pid=9592 comm="syz.1.795" path="/dev/sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  350.797103][   T30] audit: type=1400 audit(1758556314.539:1537): avc:  denied  { write } for  pid=9592 comm="syz.1.795" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  350.826661][   T30] audit: type=1400 audit(1758556314.539:1538): avc:  denied  { ioctl } for  pid=9592 comm="syz.1.795" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  351.019431][ T9601] netlink: 'syz.1.795': attribute type 1 has an invalid length.
[  351.041094][ T9601] 8021q: adding VLAN 0 to HW filter on device bond1
[  351.143613][ T9601] bond1: (slave veth3): Enslaving as an active interface with a down link
[  351.272040][ T9593] netlink: 8 bytes leftover after parsing attributes in process `syz.1.795'.
[  351.371003][   T30] audit: type=1400 audit(1758556315.229:1539): avc:  denied  { ioctl } for  pid=9611 comm="syz.3.799" path="socket:[22618]" dev="sockfs" ino=22618 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  351.397171][ T9612] mkiss: ax0: crc mode is auto.
[  352.590456][   T30] audit: type=1400 audit(1758556315.289:1540): avc:  denied  { setopt } for  pid=9611 comm="syz.3.799" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  354.739578][   T30] audit: type=1400 audit(1758556318.599:1541): avc:  denied  { bind } for  pid=9632 comm="syz.4.803" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  354.991903][ T9640] FAULT_INJECTION: forcing a failure.
[  354.991903][ T9640] name failslab, interval 1, probability 0, space 0, times 0
[  355.031894][ T9640] CPU: 1 UID: 0 PID: 9640 Comm: syz.1.806 Not tainted syzkaller #0 PREEMPT(full) 
[  355.031918][ T9640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  355.031928][ T9640] Call Trace:
[  355.031933][ T9640]  <TASK>
[  355.031939][ T9640]  dump_stack_lvl+0x16c/0x1f0
[  355.031965][ T9640]  should_fail_ex+0x512/0x640
[  355.031984][ T9640]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  355.032006][ T9640]  should_failslab+0xc2/0x120
[  355.032026][ T9640]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  355.032045][ T9640]  ? __alloc_skb+0x2b2/0x380
[  355.032068][ T9640]  __alloc_skb+0x2b2/0x380
[  355.032087][ T9640]  ? __pfx___alloc_skb+0x10/0x10
[  355.032109][ T9640]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  355.032138][ T9640]  netlink_alloc_large_skb+0x69/0x130
[  355.032162][ T9640]  netlink_sendmsg+0x6a1/0xdd0
[  355.032189][ T9640]  ? __pfx_netlink_sendmsg+0x10/0x10
[  355.032223][ T9640]  ____sys_sendmsg+0xa95/0xc70
[  355.032249][ T9640]  ? copy_msghdr_from_user+0x10a/0x160
[  355.032271][ T9640]  ? __pfx_____sys_sendmsg+0x10/0x10
[  355.032308][ T9640]  ___sys_sendmsg+0x134/0x1d0
[  355.032332][ T9640]  ? __pfx____sys_sendmsg+0x10/0x10
[  355.032382][ T9640]  __sys_sendmsg+0x16d/0x220
[  355.032403][ T9640]  ? __pfx___sys_sendmsg+0x10/0x10
[  355.032436][ T9640]  ? rcu_is_watching+0x12/0xc0
[  355.032459][ T9640]  do_syscall_64+0xcd/0x4e0
[  355.032483][ T9640]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.032500][ T9640] RIP: 0033:0x7ff00098eec9
[  355.032514][ T9640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.032531][ T9640] RSP: 002b:00007feffebf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  355.032548][ T9640] RAX: ffffffffffffffda RBX: 00007ff000be5fa0 RCX: 00007ff00098eec9
[  355.032559][ T9640] RDX: 0000000000000080 RSI: 0000200000000040 RDI: 0000000000000003
[  355.032569][ T9640] RBP: 00007feffebf6090 R08: 0000000000000000 R09: 0000000000000000
[  355.032579][ T9640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.032589][ T9640] R13: 00007ff000be6038 R14: 00007ff000be5fa0 R15: 00007ffee1dc6148
[  355.032613][ T9640]  </TASK>
[  357.608033][ T9679] mkiss: ax0: crc mode is auto.
[  358.893236][ T9699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.820'.
[  359.131933][   T43] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  359.271529][    T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  359.337179][   T43] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  359.347843][   T43] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  359.739619][   T43] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  359.749180][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.777816][   T43] usb 5-1: config 0 descriptor??
[  359.793188][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.796896][   T43] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  359.819360][   T43] dvb-usb: bulk message failed: -22 (3/0)
[  359.838647][    T9] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  359.842662][   T43] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  359.868286][   T43] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  359.877315][   T43] usb 5-1: media controller created
[  359.898941][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  359.900402][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.950599][    T9] usb 3-1: config 0 descriptor??
[  359.956327][   T43] dvb-usb: bulk message failed: -22 (6/0)
[  360.210372][ T9697] dvb-usb: bulk message failed: -22 (2/0)
[  360.217493][   T43] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  360.229970][   T43] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input75
[  360.251536][   T43] dvb-usb: schedule remote query interval to 150 msecs.
[  360.258723][   T43] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  360.461627][   T24] dvb-usb: bulk message failed: -22 (1/0)
[  360.501806][    T9] steelseries 0003:1038:12B6.0025: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.2-1/input0
[  360.792359][   T24] dvb-usb: error while querying for an remote control event.
[  360.807717][   T43] usb 5-1: USB disconnect, device number 34
[  360.897622][   T43] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  361.248050][   T24] usb 3-1: USB disconnect, device number 31
[  363.125202][ T9751] mkiss: ax0: crc mode is auto.
[  363.462087][ T9754] comedi comedi0: Minor 3 could not be opened
[  364.467928][ T9762] mkiss: ax0: crc mode is auto.
[  365.031841][   T30] audit: type=1400 audit(1758556328.879:1542): avc:  denied  { name_connect } for  pid=9773 comm="syz.1.838" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  365.109899][   T30] audit: type=1400 audit(1758556328.919:1543): avc:  denied  { setattr } for  pid=9773 comm="syz.1.838" name="/" dev="9p" ino=4412287765254868893 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  366.349849][ T9789] sp0: Synchronizing with TNC
[  366.417169][ T9806] mkiss: ax0: crc mode is auto.
[  366.495644][   T30] audit: type=1326 audit(1758556330.359:1544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.611493][   T30] audit: type=1326 audit(1758556330.359:1545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.680485][   T30] audit: type=1326 audit(1758556330.359:1546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.756416][   T30] audit: type=1326 audit(1758556330.359:1547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.828624][   T30] audit: type=1326 audit(1758556330.359:1548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.922026][   T30] audit: type=1326 audit(1758556330.359:1549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  366.930054][   T10] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  366.945401][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.102353][   T30] audit: type=1326 audit(1758556330.359:1550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  367.125678][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.204957][   T30] audit: type=1326 audit(1758556330.359:1551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9802 comm="syz.3.844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  367.228243][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.281805][   T10] usb 3-1: Using ep0 maxpacket: 8
[  367.358804][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  367.413730][   T10] usb 3-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  367.515824][   T10] usb 3-1: Product: syz
[  367.623361][   T10] usb 3-1: Manufacturer: syz
[  367.713230][ T9828] loop2: detected capacity change from 0 to 7
[  367.874473][   T10] usb 3-1: SerialNumber: syz
[  367.876620][ T9828] Dev loop2: unable to read RDB block 7
[  367.921845][   T10] usb 3-1: config 0 descriptor??
[  367.931047][ T9828]  loop2: unable to read partition table
[  367.953253][   T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  368.016782][ T9828] loop2: partition table beyond EOD, truncated
[  368.029816][ T9828] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  368.739297][ T9844] netlink: 12 bytes leftover after parsing attributes in process `syz.4.855'.
[  368.861429][   T10] gspca_zc3xx: reg_w_i err -71
[  369.108120][   T10] gspca_zc3xx 3-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  369.108834][ T9850] input: syz0 as /devices/virtual/input/input76
[  369.293617][   T10] usb 3-1: USB disconnect, device number 32
[  369.731457][ T5934] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  369.882124][ T9847] mkiss: ax0: crc mode is auto.
[  370.033310][ T5934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  370.113694][ T5934] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  370.140562][ T5934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.147202][ T9861] netlink: 'syz.0.859': attribute type 10 has an invalid length.
[  370.181248][ T9861] netlink: 4 bytes leftover after parsing attributes in process `syz.0.859'.
[  370.203220][ T5934] usb 5-1: config 0 descriptor??
[  370.713412][ T5934] steelseries 0003:1038:12B6.0026: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.4-1/input0
[  371.140161][ T9875] mkiss: ax0: crc mode is auto.
[  371.416208][ T5934] usb 5-1: USB disconnect, device number 35
[  371.431080][   T30] kauditd_printk_skb: 15 callbacks suppressed
[  371.431096][   T30] audit: type=1400 audit(1758556335.279:1567): avc:  denied  { read } for  pid=9885 comm="syz.0.866" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  371.580372][   T30] audit: type=1400 audit(1758556335.279:1568): avc:  denied  { open } for  pid=9885 comm="syz.0.866" path="/167/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  371.607987][   T30] audit: type=1400 audit(1758556335.279:1569): avc:  denied  { ioctl } for  pid=9885 comm="syz.0.866" path="/167/file0/file0" dev="fuse" ino=64 ioctlcmd=0x2202 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  372.926057][ T9908] loop2: detected capacity change from 0 to 7
[  372.938988][ T9908] Dev loop2: unable to read RDB block 7
[  372.944908][ T9908]  loop2: unable to read partition table
[  372.953447][ T9908] loop2: partition table beyond EOD, truncated
[  372.959773][ T9908] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  373.295009][ T9913] FAULT_INJECTION: forcing a failure.
[  373.295009][ T9913] name failslab, interval 1, probability 0, space 0, times 0
[  373.373965][ T9913] CPU: 1 UID: 0 PID: 9913 Comm: syz.1.871 Not tainted syzkaller #0 PREEMPT(full) 
[  373.373990][ T9913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  373.374000][ T9913] Call Trace:
[  373.374008][ T9913]  <TASK>
[  373.374015][ T9913]  dump_stack_lvl+0x16c/0x1f0
[  373.374043][ T9913]  should_fail_ex+0x512/0x640
[  373.374065][ T9913]  ? fs_reclaim_acquire+0xae/0x150
[  373.374090][ T9913]  ? tomoyo_encode2+0x100/0x3e0
[  373.374114][ T9913]  should_failslab+0xc2/0x120
[  373.374134][ T9913]  __kmalloc_noprof+0xd2/0x510
[  373.374151][ T9913]  ? d_absolute_path+0x136/0x1a0
[  373.374183][ T9913]  tomoyo_encode2+0x100/0x3e0
[  373.374209][ T9913]  tomoyo_encode+0x29/0x50
[  373.374232][ T9913]  tomoyo_realpath_from_path+0x18f/0x6e0
[  373.374262][ T9913]  tomoyo_path_number_perm+0x245/0x580
[  373.374282][ T9913]  ? tomoyo_path_number_perm+0x237/0x580
[  373.374305][ T9913]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  373.374327][ T9913]  ? find_held_lock+0x2b/0x80
[  373.374369][ T9913]  ? find_held_lock+0x2b/0x80
[  373.374388][ T9913]  ? hook_file_ioctl_common+0x145/0x410
[  373.374412][ T9913]  ? __fget_files+0x20e/0x3c0
[  373.374436][ T9913]  security_file_ioctl+0x9b/0x240
[  373.374461][ T9913]  __x64_sys_ioctl+0xb7/0x210
[  373.374495][ T9913]  do_syscall_64+0xcd/0x4e0
[  373.374520][ T9913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.374536][ T9913] RIP: 0033:0x7ff00098eec9
[  373.374551][ T9913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.374567][ T9913] RSP: 002b:00007feffebf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  373.374582][ T9913] RAX: ffffffffffffffda RBX: 00007ff000be5fa0 RCX: 00007ff00098eec9
[  373.374594][ T9913] RDX: 0000000000000000 RSI: 0000000000002202 RDI: 0000000000000004
[  373.374603][ T9913] RBP: 00007feffebf6090 R08: 0000000000000000 R09: 0000000000000000
[  373.374612][ T9913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.374623][ T9913] R13: 00007ff000be6038 R14: 00007ff000be5fa0 R15: 00007ffee1dc6148
[  373.374647][ T9913]  </TASK>
[  373.374662][ T9913] ERROR: Out of memory at tomoyo_realpath_from_path.
[  373.856234][ T5934] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  374.011140][   T30] audit: type=1400 audit(1758556337.869:1570): avc:  denied  { read open } for  pid=9933 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.042558][ T5934] usb 5-1: Using ep0 maxpacket: 16
[  374.056899][   T43] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  374.060511][ T5934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.078898][   T30] audit: type=1400 audit(1758556337.869:1571): avc:  denied  { getattr } for  pid=9933 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.125194][ T5934] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  374.142880][ T5934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.283533][ T5934] usb 5-1: config 0 descriptor??
[  374.569577][   T43] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  374.578923][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.590702][   T43] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  374.600701][   T43] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  374.630114][   T43] usb 1-1: Manufacturer: syz
[  374.656271][   T43] usb 1-1: config 0 descriptor??
[  374.718142][ T5934] mcp2221 0003:04D8:00DD.0027: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  374.776044][   T43] rc_core: IR keymap rc-hauppauge not found
[  374.802771][   T43] Registered IR keymap rc-empty
[  374.814373][   T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  374.856819][   T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input77
[  374.863828][ T9947] FAULT_INJECTION: forcing a failure.
[  374.863828][ T9947] name failslab, interval 1, probability 0, space 0, times 0
[  374.898220][ T9946] netlink: 12 bytes leftover after parsing attributes in process `syz.1.879'.
[  374.937143][   T30] audit: type=1400 audit(1758556338.789:1572): avc:  denied  { add_name } for  pid=9931 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  374.941955][   T43] usb 1-1: USB disconnect, device number 30
[  375.048065][ T9947] CPU: 1 UID: 0 PID: 9947 Comm: syz.3.878 Not tainted syzkaller #0 PREEMPT(full) 
[  375.048092][ T9947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  375.048102][ T9947] Call Trace:
[  375.048109][ T9947]  <TASK>
[  375.048116][ T9947]  dump_stack_lvl+0x16c/0x1f0
[  375.048143][ T9947]  should_fail_ex+0x512/0x640
[  375.048165][ T9947]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  375.048188][ T9947]  should_failslab+0xc2/0x120
[  375.048208][ T9947]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  375.048227][ T9947]  ? __alloc_skb+0x2b2/0x380
[  375.048251][ T9947]  __alloc_skb+0x2b2/0x380
[  375.048271][ T9947]  ? __pfx___alloc_skb+0x10/0x10
[  375.048297][ T9947]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  375.048326][ T9947]  netlink_alloc_large_skb+0x69/0x130
[  375.048350][ T9947]  netlink_sendmsg+0x6a1/0xdd0
[  375.048377][ T9947]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.048410][ T9947]  ____sys_sendmsg+0xa95/0xc70
[  375.048437][ T9947]  ? copy_msghdr_from_user+0x10a/0x160
[  375.048458][ T9947]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.048487][ T9947]  ? __pfx__kstrtoull+0x10/0x10
[  375.048511][ T9947]  ___sys_sendmsg+0x134/0x1d0
[  375.048534][ T9947]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.048567][ T9947]  ? find_held_lock+0x2b/0x80
[  375.048604][ T9947]  __sys_sendmmsg+0x200/0x420
[  375.048629][ T9947]  ? __pfx___sys_sendmmsg+0x10/0x10
[  375.048659][ T9947]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  375.048692][ T9947]  ? fput+0x9b/0xd0
[  375.048723][ T9947]  ? ksys_write+0x1ac/0x250
[  375.048740][ T9947]  ? __pfx_ksys_write+0x10/0x10
[  375.048762][ T9947]  __x64_sys_sendmmsg+0x9c/0x100
[  375.048783][ T9947]  ? lockdep_hardirqs_on+0x7c/0x110
[  375.048804][ T9947]  do_syscall_64+0xcd/0x4e0
[  375.048828][ T9947]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.048845][ T9947] RIP: 0033:0x7f2c1278eec9
[  375.048858][ T9947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.048874][ T9947] RSP: 002b:00007f2c1369f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  375.048892][ T9947] RAX: ffffffffffffffda RBX: 00007f2c129e5fa0 RCX: 00007f2c1278eec9
[  375.048903][ T9947] RDX: 0400000000000235 RSI: 0000200000000000 RDI: 0000000000000004
[  375.048914][ T9947] RBP: 00007f2c1369f090 R08: 0000000000000000 R09: 0000000000000000
[  375.048923][ T9947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.048934][ T9947] R13: 00007f2c129e6038 R14: 00007f2c129e5fa0 R15: 00007ffc38556678
[  375.048957][ T9947]  </TASK>
[  375.302811][   T30] audit: type=1400 audit(1758556338.799:1573): avc:  denied  { create } for  pid=9931 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  375.325144][   T30] audit: type=1400 audit(1758556338.799:1574): avc:  denied  { write } for  pid=9931 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.sl0.link" dev="tmpfs" ino=7277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  375.351554][   T30] audit: type=1400 audit(1758556338.799:1575): avc:  denied  { append } for  pid=9931 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" dev="tmpfs" ino=7277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  375.578541][ T9920] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  375.622269][ T9920] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  375.656641][ T5911] usb 5-1: USB disconnect, device number 36
[  375.711788][   T30] audit: type=1400 audit(1758556339.559:1576): avc:  denied  { remove_name } for  pid=9951 comm="rm" name="resolv.conf.sl0.link" dev="tmpfs" ino=7277 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  375.721824][   T24] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  375.925384][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  375.941819][   T24] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  375.957964][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.978196][   T24] usb 2-1: config 0 descriptor??
[  376.052392][ T9969] mkiss: ax0: crc mode is auto.
[  376.131833][   T43] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  376.272803][   T43] usb 4-1: device descriptor read/64, error -71
[  376.417346][   T24] steelseries 0003:1038:12B6.0028: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.1-1/input0
[  376.511969][   T43] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  376.657966][   T43] usb 4-1: device descriptor read/64, error -71
[  376.846741][   T43] usb usb4-port1: attempt power cycle
[  377.160662][ T9997] input: syz0 as /devices/virtual/input/input78
[  377.262727][   T43] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  377.405995][ T5911] usb 2-1: USB disconnect, device number 34
[  377.415750][   T43] usb 4-1: device descriptor read/8, error -71
[  377.590984][T10001] FAULT_INJECTION: forcing a failure.
[  377.590984][T10001] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  377.901883][T10001] CPU: 1 UID: 0 PID: 10001 Comm: syz.0.887 Not tainted syzkaller #0 PREEMPT(full) 
[  377.901908][T10001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  377.901915][T10001] Call Trace:
[  377.901919][T10001]  <TASK>
[  377.901924][T10001]  dump_stack_lvl+0x16c/0x1f0
[  377.901942][T10001]  should_fail_ex+0x512/0x640
[  377.901958][T10001]  _copy_from_iter+0x29f/0x1720
[  377.901978][T10001]  ? __pfx__copy_from_iter+0x10/0x10
[  377.901993][T10001]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  377.902012][T10001]  copy_page_from_iter+0xde/0x180
[  377.902030][T10001]  tun_build_skb.constprop.0+0x2e8/0x1500
[  377.902057][T10001]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  377.902073][T10001]  ? unwind_get_return_address+0x59/0xa0
[  377.902087][T10001]  ? arch_stack_walk+0xa6/0x100
[  377.902108][T10001]  ? _kstrtoull+0x145/0x200
[  377.902119][T10001]  ? __pfx__kstrtoull+0x10/0x10
[  377.902132][T10001]  tun_get_user+0x14ae/0x3ce0
[  377.902155][T10001]  ? __pfx_tun_get_user+0x10/0x10
[  377.902173][T10001]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  377.902192][T10001]  ? find_held_lock+0x2b/0x80
[  377.902206][T10001]  ? tun_get+0x191/0x370
[  377.902225][T10001]  tun_chr_write_iter+0xdc/0x210
[  377.902243][T10001]  vfs_write+0x7d3/0x11d0
[  377.902255][T10001]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  377.902274][T10001]  ? __pfx_vfs_write+0x10/0x10
[  377.902283][T10001]  ? find_held_lock+0x2b/0x80
[  377.902305][T10001]  ksys_write+0x12a/0x250
[  377.902316][T10001]  ? __pfx_ksys_write+0x10/0x10
[  377.902331][T10001]  do_syscall_64+0xcd/0x4e0
[  377.902347][T10001]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.902358][T10001] RIP: 0033:0x7fef7f78d97f
[  377.902373][T10001] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  377.902383][T10001] RSP: 002b:00007fef8068f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  377.902394][T10001] RAX: ffffffffffffffda RBX: 00007fef7f9e6090 RCX: 00007fef7f78d97f
[  377.902401][T10001] RDX: 0000000000000032 RSI: 0000200000000240 RDI: 00000000000000c8
[  377.902407][T10001] RBP: 00007fef8068f090 R08: 0000000000000000 R09: 0000000000000000
[  377.902414][T10001] R10: 0000000000000032 R11: 0000000000000293 R12: 0000000000000001
[  377.902420][T10001] R13: 00007fef7f9e6128 R14: 00007fef7f9e6090 R15: 00007ffe469a4788
[  377.902433][T10001]  </TASK>
[  378.141265][   T43] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  378.171691][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.178070][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.186185][   T43] usb 4-1: device descriptor read/8, error -71
[  378.301980][   T43] usb usb4-port1: unable to enumerate USB device
[  378.401233][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  378.401248][   T30] audit: type=1400 audit(1758556342.259:1578): avc:  denied  { setopt } for  pid=10002 comm="syz.1.888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  378.594506][   T43] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  379.302055][   T43] usb 3-1: device descriptor read/64, error -71
[  379.305773][T10015] sp0: Synchronizing with TNC
[  379.571968][   T43] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  379.721849][   T43] usb 3-1: device descriptor read/64, error -71
[  380.042836][   T43] usb usb3-port1: attempt power cycle
[  380.064451][   T30] audit: type=1400 audit(1758556343.929:1579): avc:  denied  { listen } for  pid=10026 comm="syz.4.896" lport=59662 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  380.087546][ T5934] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  380.158397][   T30] audit: type=1400 audit(1758556344.019:1580): avc:  denied  { accept } for  pid=10026 comm="syz.4.896" lport=59662 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  380.263284][ T5934] usb 4-1: config 0 has no interfaces?
[  380.399231][   T43] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  380.526975][   T43] usb 3-1: device descriptor read/8, error -71
[  380.852329][ T5934] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  380.861953][ T5934] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  380.872621][   T30] audit: type=1400 audit(1758556344.049:1581): avc:  denied  { write } for  pid=10026 comm="syz.4.896" lport=59662 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  380.896123][ T5934] usb 4-1: Manufacturer: syz
[  380.902587][T10037] sp0: Synchronizing with TNC
[  380.911239][ T5934] usb 4-1: config 0 descriptor??
[  380.916343][   T30] audit: type=1400 audit(1758556344.049:1582): avc:  denied  { setopt } for  pid=10026 comm="syz.4.896" lport=59662 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  380.942233][   T30] audit: type=1400 audit(1758556344.279:1583): avc:  denied  { remove_name } for  pid=10026 comm="syz.4.896" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  380.996955][   T30] audit: type=1400 audit(1758556344.279:1584): avc:  denied  { unlink } for  pid=10026 comm="syz.4.896" name="binder1" dev="binder" ino=17 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  381.111799][   T43] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  382.012388][ T5934] usb 4-1: USB disconnect, device number 44
[  382.060591][   T43] usb 3-1: device descriptor read/8, error -71
[  382.454922][   T43] usb usb3-port1: unable to enumerate USB device
[  383.584993][T10060] mkiss: ax0: crc mode is auto.
[  383.877317][T10075] netlink: 'syz.4.904': attribute type 10 has an invalid length.
[  384.322965][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.904'.
[  386.332236][T10110] FAULT_INJECTION: forcing a failure.
[  386.332236][T10110] name failslab, interval 1, probability 0, space 0, times 0
[  386.375430][T10110] CPU: 0 UID: 0 PID: 10110 Comm: syz.4.912 Not tainted syzkaller #0 PREEMPT(full) 
[  386.375456][T10110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  386.375467][T10110] Call Trace:
[  386.375473][T10110]  <TASK>
[  386.375479][T10110]  dump_stack_lvl+0x16c/0x1f0
[  386.375507][T10110]  should_fail_ex+0x512/0x640
[  386.375528][T10110]  ? __kmalloc_noprof+0xbf/0x510
[  386.375548][T10110]  ? bpf_test_init.isra.0+0x9e/0x140
[  386.375567][T10110]  should_failslab+0xc2/0x120
[  386.375587][T10110]  __kmalloc_noprof+0xd2/0x510
[  386.375611][T10110]  bpf_test_init.isra.0+0x9e/0x140
[  386.375633][T10110]  bpf_prog_test_run_skb+0x245/0x2280
[  386.375656][T10110]  ? __fget_files+0x204/0x3c0
[  386.375679][T10110]  ? __fget_files+0x20e/0x3c0
[  386.375698][T10110]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  386.375723][T10110]  ? fput+0x9b/0xd0
[  386.375748][T10110]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  386.375775][T10110]  __sys_bpf+0x1050/0x4de0
[  386.375802][T10110]  ? __pfx___sys_bpf+0x10/0x10
[  386.375825][T10110]  ? ksys_write+0x190/0x250
[  386.375847][T10110]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  386.375885][T10110]  ? fput+0x9b/0xd0
[  386.375907][T10110]  ? ksys_write+0x1ac/0x250
[  386.375924][T10110]  ? __pfx_ksys_write+0x10/0x10
[  386.375946][T10110]  __x64_sys_bpf+0x78/0xc0
[  386.375969][T10110]  ? lockdep_hardirqs_on+0x7c/0x110
[  386.375989][T10110]  do_syscall_64+0xcd/0x4e0
[  386.376017][T10110]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.376035][T10110] RIP: 0033:0x7fc31018eec9
[  386.376049][T10110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.376065][T10110] RSP: 002b:00007fc310fdc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  386.376083][T10110] RAX: ffffffffffffffda RBX: 00007fc3103e5fa0 RCX: 00007fc31018eec9
[  386.376094][T10110] RDX: 0000000000000050 RSI: 0000200000000080 RDI: 000000000000000a
[  386.376105][T10110] RBP: 00007fc310fdc090 R08: 0000000000000000 R09: 0000000000000000
[  386.376115][T10110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.376125][T10110] R13: 00007fc3103e6038 R14: 00007fc3103e5fa0 R15: 00007ffcda7cdfe8
[  386.376149][T10110]  </TASK>
[  386.778559][T10116] netlink: 'syz.2.916': attribute type 1 has an invalid length.
[  386.795430][T10119] FAULT_INJECTION: forcing a failure.
[  386.795430][T10119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  386.819400][T10119] CPU: 0 UID: 0 PID: 10119 Comm: syz.1.915 Not tainted syzkaller #0 PREEMPT(full) 
[  386.819426][T10119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  386.819436][T10119] Call Trace:
[  386.819441][T10119]  <TASK>
[  386.819448][T10119]  dump_stack_lvl+0x16c/0x1f0
[  386.819475][T10119]  should_fail_ex+0x512/0x640
[  386.819501][T10119]  _copy_from_iter+0x29f/0x1720
[  386.819533][T10119]  ? __pfx__copy_from_iter+0x10/0x10
[  386.819557][T10119]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  386.819588][T10119]  copy_page_from_iter+0xde/0x180
[  386.819616][T10119]  tun_build_skb.constprop.0+0x2e8/0x1500
[  386.819651][T10119]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  386.819676][T10119]  ? unwind_get_return_address+0x59/0xa0
[  386.819697][T10119]  ? arch_stack_walk+0xa6/0x100
[  386.819732][T10119]  ? _kstrtoull+0x145/0x200
[  386.819750][T10119]  ? __pfx__kstrtoull+0x10/0x10
[  386.819769][T10119]  tun_get_user+0x14ae/0x3ce0
[  386.819803][T10119]  ? __pfx_tun_get_user+0x10/0x10
[  386.819829][T10119]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  386.819858][T10119]  ? find_held_lock+0x2b/0x80
[  386.819879][T10119]  ? tun_get+0x191/0x370
[  386.819905][T10119]  tun_chr_write_iter+0xdc/0x210
[  386.819932][T10119]  vfs_write+0x7d3/0x11d0
[  386.819952][T10119]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  386.819979][T10119]  ? __pfx_vfs_write+0x10/0x10
[  386.819995][T10119]  ? find_held_lock+0x2b/0x80
[  386.820031][T10119]  ksys_write+0x12a/0x250
[  386.820048][T10119]  ? __pfx_ksys_write+0x10/0x10
[  386.820071][T10119]  do_syscall_64+0xcd/0x4e0
[  386.820095][T10119]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.820113][T10119] RIP: 0033:0x7ff00098d97f
[  386.820127][T10119] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  386.820144][T10119] RSP: 002b:00007feffebf6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  386.820162][T10119] RAX: ffffffffffffffda RBX: 00007ff000be5fa0 RCX: 00007ff00098d97f
[  386.820173][T10119] RDX: 00000000000001d6 RSI: 0000200000000440 RDI: 00000000000000c8
[  386.820183][T10119] RBP: 00007feffebf6090 R08: 0000000000000000 R09: 0000000000000000
[  386.820193][T10119] R10: 00000000000001d6 R11: 0000000000000293 R12: 0000000000000001
[  386.820203][T10119] R13: 00007ff000be6038 R14: 00007ff000be5fa0 R15: 00007ffee1dc6148
[  386.820233][T10119]  </TASK>
[  386.853408][T10123] FAULT_INJECTION: forcing a failure.
[  386.853408][T10123] name failslab, interval 1, probability 0, space 0, times 0
[  386.881763][    T9] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  386.978347][T10123] CPU: 1 UID: 0 PID: 10123 Comm: syz.2.916 Not tainted syzkaller #0 PREEMPT(full) 
[  386.978370][T10123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  386.978378][T10123] Call Trace:
[  386.978384][T10123]  <TASK>
[  386.978390][T10123]  dump_stack_lvl+0x16c/0x1f0
[  386.978415][T10123]  should_fail_ex+0x512/0x640
[  386.978434][T10123]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  386.978453][T10123]  should_failslab+0xc2/0x120
[  386.978471][T10123]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  386.978488][T10123]  ? __alloc_skb+0x2b2/0x380
[  386.978514][T10123]  __alloc_skb+0x2b2/0x380
[  386.978531][T10123]  ? __pfx___alloc_skb+0x10/0x10
[  386.978550][T10123]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  386.978576][T10123]  netlink_alloc_large_skb+0x69/0x130
[  386.978597][T10123]  netlink_sendmsg+0x6a1/0xdd0
[  386.978620][T10123]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.978648][T10123]  ____sys_sendmsg+0xa95/0xc70
[  386.978671][T10123]  ? copy_msghdr_from_user+0x10a/0x160
[  386.978690][T10123]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.978723][T10123]  ___sys_sendmsg+0x134/0x1d0
[  386.978743][T10123]  ? __pfx____sys_sendmsg+0x10/0x10
[  386.978788][T10123]  __sys_sendmsg+0x16d/0x220
[  386.978807][T10123]  ? __pfx___sys_sendmsg+0x10/0x10
[  386.978839][T10123]  do_syscall_64+0xcd/0x4e0
[  386.978862][T10123]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.978877][T10123] RIP: 0033:0x7f17d2f8eec9
[  386.978890][T10123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  386.978905][T10123] RSP: 002b:00007f17d3e9d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.978920][T10123] RAX: ffffffffffffffda RBX: 00007f17d31e6090 RCX: 00007f17d2f8eec9
[  386.978930][T10123] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  386.978939][T10123] RBP: 00007f17d3e9d090 R08: 0000000000000000 R09: 0000000000000000
[  386.978948][T10123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.978956][T10123] R13: 00007f17d31e6128 R14: 00007f17d31e6090 R15: 00007ffd92aa5d18
[  386.978977][T10123]  </TASK>
[  388.449108][   T43] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  389.124601][   T43] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  389.135599][   T43] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  389.177332][T10140] mkiss: ax0: crc mode is auto.
[  389.212611][   T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  389.231008][   T43] usb 3-1: config 0 descriptor??
[  389.346126][    T9] usb 1-1: config 0 has no interfaces?
[  389.406111][    T9] usb 1-1: string descriptor 0 read error: -71
[  389.412463][    T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  389.441879][   T43] usbhid 3-1:0.0: can't add hid device: -71
[  389.447889][   T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  389.480512][   T43] usb 3-1: USB disconnect, device number 37
[  389.495940][    T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  389.524465][    T9] usb 1-1: config 0 descriptor??
[  389.531844][    T9] usb 1-1: can't set config #0, error -71
[  389.546127][    T9] usb 1-1: USB disconnect, device number 31
[  389.556434][   T30] audit: type=1400 audit(1758556353.409:1585): avc:  denied  { write } for  pid=10143 comm="syz.0.925" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  389.592906][T10144] netlink: zone id is out of range
[  389.603545][T10144] netlink: zone id is out of range
[  389.647224][T10129] netlink: 32 bytes leftover after parsing attributes in process `syz.2.921'.
[  389.671657][T10144] netlink: zone id is out of range
[  389.859029][   T30] audit: type=1400 audit(1758556353.449:1586): avc:  denied  { ioctl } for  pid=10143 comm="syz.0.925" path="socket:[24164]" dev="sockfs" ino=24164 ioctlcmd=0x8925 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  389.886300][T10144] netlink: zone id is out of range
[  389.891815][T10144] netlink: zone id is out of range
[  389.897025][T10144] netlink: zone id is out of range
[  389.902909][T10144] netlink: zone id is out of range
[  389.936630][T10144] netlink: set zone limit has 4 unknown bytes
[  390.771897][   T43] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  390.977387][T10156] netlink: 24 bytes leftover after parsing attributes in process `syz.3.927'.
[  391.180250][   T43] usb 3-1: device not accepting address 38, error -71
[  391.985684][   T43] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  392.164472][   T43] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  392.199728][   T43] usb 3-1: config 0 has no interface number 0
[  392.230635][   T43] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  392.252468][   T30] audit: type=1326 audit(1758556356.109:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  392.370260][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.383605][   T43] usb 3-1: Product: syz
[  392.422868][   T30] audit: type=1326 audit(1758556356.169:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  392.446266][    C1] vkms_vblank_simulate: vblank timer overrun
[  392.455594][   T43] usb 3-1: Manufacturer: syz
[  392.528580][   T43] usb 3-1: SerialNumber: syz
[  392.565347][   T43] usb 3-1: config 0 descriptor??
[  392.617697][   T30] audit: type=1326 audit(1758556356.169:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  392.759944][   T30] audit: type=1326 audit(1758556356.169:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  392.800976][   T43] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  393.091886][   T43] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  393.116266][   T43] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  393.125531][   T30] audit: type=1326 audit(1758556356.169:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  393.148882][    C1] vkms_vblank_simulate: vblank timer overrun
[  393.169278][   T43] usb 3-1: media controller created
[  393.226572][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  393.257414][   T30] audit: type=1326 audit(1758556356.169:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  393.281448][    C1] vkms_vblank_simulate: vblank timer overrun
[  393.325516][   T30] audit: type=1326 audit(1758556356.169:1593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  393.348883][    C1] vkms_vblank_simulate: vblank timer overrun
[  393.360607][   T43] i2c i2c-1: ec100: i2c rd failed=-32 reg=33
[  393.460705][   T30] audit: type=1326 audit(1758556356.169:1594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10178 comm="syz.3.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2c1278eec9 code=0x7ffc0000
[  394.502173][T10212] mkiss: ax0: crc mode is auto.
[  394.597290][T10214] tipc: Started in network mode
[  394.621016][    T9] usb 3-1: USB disconnect, device number 39
[  394.634414][T10214] tipc: Node identity 5ab6867e0e07, cluster identity 4711
[  394.713133][T10214] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  394.733299][T10215] syzkaller0: entered promiscuous mode
[  394.753983][T10215] syzkaller0: entered allmulticast mode
[  394.967535][T10214] tipc: Resetting bearer <eth:syzkaller0>
[  395.087962][T10213] tipc: Resetting bearer <eth:syzkaller0>
[  395.618108][T10213] tipc: Disabling bearer <eth:syzkaller0>
[  395.900247][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  395.900263][   T30] audit: type=1400 audit(1758556359.759:1620): avc:  denied  { append } for  pid=10229 comm="syz.1.943" name="video4" dev="devtmpfs" ino=936 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  395.929577][    C1] vkms_vblank_simulate: vblank timer overrun
[  395.943435][T10231] FAULT_INJECTION: forcing a failure.
[  395.943435][T10231] name failslab, interval 1, probability 0, space 0, times 0
[  396.002874][T10230] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.943'.
[  396.042282][T10231] CPU: 0 UID: 0 PID: 10231 Comm: syz.2.945 Not tainted syzkaller #0 PREEMPT(full) 
[  396.042307][T10231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  396.042317][T10231] Call Trace:
[  396.042324][T10231]  <TASK>
[  396.042331][T10231]  dump_stack_lvl+0x16c/0x1f0
[  396.042359][T10231]  should_fail_ex+0x512/0x640
[  396.042379][T10231]  ? __kmalloc_noprof+0xbf/0x510
[  396.042399][T10231]  ? bpf_test_init.isra.0+0x9e/0x140
[  396.042418][T10231]  should_failslab+0xc2/0x120
[  396.042439][T10231]  __kmalloc_noprof+0xd2/0x510
[  396.042456][T10231]  ? __lock_acquire+0x62e/0x1ce0
[  396.042487][T10231]  bpf_test_init.isra.0+0x9e/0x140
[  396.042509][T10231]  bpf_prog_test_run_xdp+0x4f0/0x1590
[  396.042540][T10231]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  396.042563][T10231]  ? __might_fault+0x70/0x190
[  396.042585][T10231]  ? fput+0x9b/0xd0
[  396.042607][T10231]  ? __bpf_prog_get+0x97/0x2a0
[  396.042627][T10231]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  396.042649][T10231]  __sys_bpf+0x1050/0x4de0
[  396.042674][T10231]  ? __pfx___sys_bpf+0x10/0x10
[  396.042697][T10231]  ? ksys_write+0x190/0x250
[  396.042720][T10231]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  396.042758][T10231]  ? fput+0x9b/0xd0
[  396.042781][T10231]  ? ksys_write+0x1ac/0x250
[  396.042798][T10231]  ? __pfx_ksys_write+0x10/0x10
[  396.042821][T10231]  __x64_sys_bpf+0x78/0xc0
[  396.042844][T10231]  ? lockdep_hardirqs_on+0x7c/0x110
[  396.042866][T10231]  do_syscall_64+0xcd/0x4e0
[  396.042890][T10231]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  396.042909][T10231] RIP: 0033:0x7f17d2f8eec9
[  396.042924][T10231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  396.042941][T10231] RSP: 002b:00007f17d3ebe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  396.042958][T10231] RAX: ffffffffffffffda RBX: 00007f17d31e5fa0 RCX: 00007f17d2f8eec9
[  396.042970][T10231] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  396.042980][T10231] RBP: 00007f17d3ebe090 R08: 0000000000000000 R09: 0000000000000000
[  396.042991][T10231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  396.043002][T10231] R13: 00007f17d31e6038 R14: 00007f17d31e5fa0 R15: 00007ffd92aa5d18
[  396.043026][T10231]  </TASK>
[  396.582358][T10242] capability: warning: `syz.2.949' uses deprecated v2 capabilities in a way that may be insecure
[  397.421937][ T6025] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  398.257155][   T30] audit: type=1400 audit(1758556362.119:1621): avc:  denied  { relabelfrom } for  pid=10253 comm="syz.0.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  398.298731][   T30] audit: type=1400 audit(1758556362.119:1622): avc:  denied  { relabelto } for  pid=10253 comm="syz.0.951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  398.346472][T10261] netlink: 16 bytes leftover after parsing attributes in process `syz.1.953'.
[  398.526885][ T6025] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  398.541784][ T6025] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  398.562617][ T6025] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  398.922120][T10268] netlink: 'syz.1.953': attribute type 10 has an invalid length.
[  398.959188][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.1.953'.
[  399.030409][T10273] comedi comedi0: Minor 3 could not be opened
[  399.093700][ T6025] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  399.129062][ T6025] usb 4-1: Manufacturer: syz
[  399.578737][ T6025] usb 4-1: config 0 descriptor??
[  399.691976][T10278] loop2: detected capacity change from 0 to 7
[  399.710208][T10278] Dev loop2: unable to read RDB block 7
[  399.718841][T10278]  loop2: unable to read partition table
[  399.733018][T10278] loop2: partition table beyond EOD, truncated
[  399.739256][T10278] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  399.943585][ T6025] igorplugusb 4-1:0.0: incorrect number of endpoints
[  399.954003][ T5219] Dev loop2: unable to read RDB block 7
[  399.964506][ T5219]  loop2: unable to read partition table
[  399.974197][ T5219] loop2: partition table beyond EOD, truncated
[  399.980840][T10280] FAULT_INJECTION: forcing a failure.
[  399.980840][T10280] name failslab, interval 1, probability 0, space 0, times 0
[  399.983608][ T6025] usb 4-1: USB disconnect, device number 45
[  400.014116][T10280] CPU: 1 UID: 0 PID: 10280 Comm: syz.4.957 Not tainted syzkaller #0 PREEMPT(full) 
[  400.014139][T10280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  400.014150][T10280] Call Trace:
[  400.014155][T10280]  <TASK>
[  400.014162][T10280]  dump_stack_lvl+0x16c/0x1f0
[  400.014189][T10280]  should_fail_ex+0x512/0x640
[  400.014210][T10280]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  400.014231][T10280]  should_failslab+0xc2/0x120
[  400.014251][T10280]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  400.014269][T10280]  ? getname_flags.part.0+0x4c/0x550
[  400.014303][T10280]  getname_flags.part.0+0x4c/0x550
[  400.014330][T10280]  getname_flags+0x93/0xf0
[  400.014349][T10280]  path_setxattrat+0x27a/0x2a0
[  400.014370][T10280]  ? __pfx_path_setxattrat+0x10/0x10
[  400.014394][T10280]  ? ksys_write+0x190/0x250
[  400.014431][T10280]  ? fput+0x9b/0xd0
[  400.014452][T10280]  ? ksys_write+0x1ac/0x250
[  400.014468][T10280]  ? __pfx_ksys_write+0x10/0x10
[  400.014489][T10280]  __x64_sys_setxattr+0xc6/0x140
[  400.014508][T10280]  ? do_syscall_64+0x91/0x4e0
[  400.014530][T10280]  ? lockdep_hardirqs_on+0x7c/0x110
[  400.014550][T10280]  do_syscall_64+0xcd/0x4e0
[  400.014573][T10280]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.014590][T10280] RIP: 0033:0x7fc31018eec9
[  400.014604][T10280] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  400.014621][T10280] RSP: 002b:00007fc310fdc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  400.014638][T10280] RAX: ffffffffffffffda RBX: 00007fc3103e5fa0 RCX: 00007fc31018eec9
[  400.014649][T10280] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000000240
[  400.014660][T10280] RBP: 00007fc310fdc090 R08: 0000000000000000 R09: 0000000000000000
[  400.014671][T10280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.014681][T10280] R13: 00007fc3103e6038 R14: 00007fc3103e5fa0 R15: 00007ffcda7cdfe8
[  400.014705][T10280]  </TASK>
[  400.045549][T10282] =======================================================
[  400.045549][T10282] WARNING: The mand mount option has been deprecated and
[  400.045549][T10282]          and is ignored by this kernel. Remove the mand
[  400.045549][T10282]          option from the mount to silence this warning.
[  400.045549][T10282] =======================================================
[  400.047266][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.254999][    C1] vkms_vblank_simulate: vblank timer overrun
[  400.260960][    C1] hrtimer: interrupt took 239254302 ns
[  400.360972][    C1] vkms_vblank_simulate: vblank timer overrun
[  401.348912][T10299] mkiss: ax0: crc mode is auto.
[  401.671787][   T43] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  401.947769][   T43] usb 3-1: device descriptor read/64, error -71
[  402.441845][   T43] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  402.623396][   T43] usb 3-1: device descriptor read/64, error -71
[  402.904985][   T43] usb usb3-port1: attempt power cycle
[  403.129331][T10325] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  403.158942][   T24] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  403.193565][ T5911] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  403.519515][   T43] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  403.588516][   T24] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  403.649252][ T5911] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  403.660274][   T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  403.679750][   T43] usb 3-1: device descriptor read/8, error -71
[  403.686033][ T5911] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  403.711761][ T5911] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  403.720957][ T5911] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  403.729465][ T5911] usb 4-1: Manufacturer: syz
[  403.734273][   T24] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  403.743433][   T24] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  403.753063][   T24] usb 5-1: Manufacturer: syz
[  403.760494][ T5911] usb 4-1: config 0 descriptor??
[  403.771991][   T24] usb 5-1: config 0 descriptor??
[  403.784633][ T5911] igorplugusb 4-1:0.0: incorrect number of endpoints
[  403.793366][   T24] igorplugusb 5-1:0.0: incorrect number of endpoints
[  403.932302][   T43] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  403.934401][   T30] audit: type=1400 audit(1758556367.789:1623): avc:  denied  { read } for  pid=10328 comm="syz.0.970" name="binder0" dev="binder" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  403.952229][   T43] usb 3-1: device descriptor read/8, error -71
[  403.974220][   T30] audit: type=1400 audit(1758556367.789:1624): avc:  denied  { open } for  pid=10328 comm="syz.0.970" path="/191/binderfs2/binder0" dev="binder" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  403.998216][    C1] vkms_vblank_simulate: vblank timer overrun
[  404.169079][T10335] overlayfs: failed to resolve './file1': -2
[  404.243921][   T43] usb usb3-port1: unable to enumerate USB device
[  404.265688][ T6025] usb 5-1: USB disconnect, device number 37
[  404.280841][ T5934] usb 4-1: USB disconnect, device number 46
[  406.501869][   T10] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  406.585866][T10353] fuse: Bad value for 'fd'
[  406.661978][   T10] usb 4-1: Using ep0 maxpacket: 32
[  406.674844][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  406.688628][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  406.751781][   T10] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  406.779718][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.809664][T10356] FAULT_INJECTION: forcing a failure.
[  406.809664][T10356] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  406.817300][   T10] usb 4-1: config 0 descriptor??
[  406.825340][T10356] CPU: 1 UID: 0 PID: 10356 Comm: syz.4.977 Not tainted syzkaller #0 PREEMPT(full) 
[  406.825361][T10356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  406.825370][T10356] Call Trace:
[  406.825375][T10356]  <TASK>
[  406.825381][T10356]  dump_stack_lvl+0x16c/0x1f0
[  406.825406][T10356]  should_fail_ex+0x512/0x640
[  406.825428][T10356]  _copy_from_user+0x2e/0xd0
[  406.825451][T10356]  ucma_set_option+0xa5/0x530
[  406.825472][T10356]  ? __might_fault+0xe3/0x190
[  406.825488][T10356]  ? __pfx_ucma_set_option+0x10/0x10
[  406.825519][T10356]  ? __pfx_ucma_set_option+0x10/0x10
[  406.825542][T10356]  ucma_write+0x1f8/0x330
[  406.825561][T10356]  ? __pfx_ucma_write+0x10/0x10
[  406.825579][T10356]  ? bpf_lsm_file_permission+0x9/0x10
[  406.825599][T10356]  ? security_file_permission+0x71/0x210
[  406.825623][T10356]  ? rw_verify_area+0xcf/0x6c0
[  406.825647][T10356]  ? __pfx_ucma_write+0x10/0x10
[  406.825666][T10356]  vfs_write+0x2a0/0x11d0
[  406.825689][T10356]  ? __pfx_vfs_write+0x10/0x10
[  406.825703][T10356]  ? find_held_lock+0x2b/0x80
[  406.825724][T10356]  ? __fget_files+0x204/0x3c0
[  406.825744][T10356]  ? __fget_files+0x20e/0x3c0
[  406.825767][T10356]  ksys_write+0x1f8/0x250
[  406.825786][T10356]  ? __pfx_ksys_write+0x10/0x10
[  406.825808][T10356]  do_syscall_64+0xcd/0x4e0
[  406.825830][T10356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.825845][T10356] RIP: 0033:0x7fc31018eec9
[  406.825858][T10356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.825872][T10356] RSP: 002b:00007fc310fdc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  406.825888][T10356] RAX: ffffffffffffffda RBX: 00007fc3103e5fa0 RCX: 00007fc31018eec9
[  406.825898][T10356] RDX: 0000000000000020 RSI: 0000200000000540 RDI: 0000000000000008
[  406.825907][T10356] RBP: 00007fc310fdc090 R08: 0000000000000000 R09: 0000000000000000
[  406.825916][T10356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.825925][T10356] R13: 00007fc3103e6038 R14: 00007fc3103e5fa0 R15: 00007ffcda7cdfe8
[  406.825946][T10356]  </TASK>
[  407.037760][ T6025] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  407.051286][T10364] mkiss: ax0: crc mode is auto.
[  407.332055][ T6025] usb 1-1: device descriptor read/64, error -71
[  407.788963][   T10] ft260 0003:0403:6030.0029: unknown main item tag 0x7
[  407.866272][   T10] ft260 0003:0403:6030.0029: chip code: 6424 8183
[  407.926020][ T6025] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  408.091862][   T10] ft260 0003:0403:6030.0029: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  408.116600][ T6025] usb 1-1: device descriptor read/64, error -71
[  408.153966][   T30] audit: type=1400 audit(1758556372.019:1625): avc:  denied  { name_bind } for  pid=10375 comm="syz.4.981" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  408.417155][ T6025] usb usb1-port1: attempt power cycle
[  408.422746][   T10] ft260 0003:0403:6030.0029: failed to retrieve status: -32, no wakeup
[  408.431953][   T10] ft260 0003:0403:6030.0029: failed to retrieve status: -32
[  408.444202][T10376] FAULT_INJECTION: forcing a failure.
[  408.444202][T10376] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.461862][T10376] CPU: 1 UID: 0 PID: 10376 Comm: syz.4.981 Not tainted syzkaller #0 PREEMPT(full) 
[  408.461886][T10376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  408.461897][T10376] Call Trace:
[  408.461902][T10376]  <TASK>
[  408.461909][T10376]  dump_stack_lvl+0x16c/0x1f0
[  408.461935][T10376]  should_fail_ex+0x512/0x640
[  408.461961][T10376]  _copy_to_iter+0x463/0x1710
[  408.461996][T10376]  ? __pfx__copy_to_iter+0x10/0x10
[  408.462020][T10376]  ? avc_has_perm_noaudit+0x149/0x3b0
[  408.462043][T10376]  ? avc_has_perm+0x144/0x1f0
[  408.462065][T10376]  udp_recvmsg+0xb99/0x1300
[  408.462096][T10376]  ? __pfx_udp_recvmsg+0x10/0x10
[  408.462125][T10376]  ? __pfx_sock_has_perm+0x10/0x10
[  408.462153][T10376]  ? __pfx_udp_recvmsg+0x10/0x10
[  408.462175][T10376]  inet_recvmsg+0x444/0x6a0
[  408.462194][T10376]  ? __pfx_inet_recvmsg+0x10/0x10
[  408.462219][T10376]  sock_recvmsg+0x1b2/0x250
[  408.462246][T10376]  ____sys_recvmsg+0x218/0x6b0
[  408.462277][T10376]  ? __pfx_____sys_recvmsg+0x10/0x10
[  408.462312][T10376]  ? __lock_acquire+0x62e/0x1ce0
[  408.462344][T10376]  ___sys_recvmsg+0x114/0x1a0
[  408.462366][T10376]  ? __pfx____sys_recvmsg+0x10/0x10
[  408.462408][T10376]  __sys_recvmsg+0x16a/0x220
[  408.462430][T10376]  ? __pfx___sys_recvmsg+0x10/0x10
[  408.462469][T10376]  do_syscall_64+0xcd/0x4e0
[  408.462493][T10376]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.462511][T10376] RIP: 0033:0x7fc31018eec9
[  408.462526][T10376] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  408.462542][T10376] RSP: 002b:00007fc310fdc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  408.462558][T10376] RAX: ffffffffffffffda RBX: 00007fc3103e5fa0 RCX: 00007fc31018eec9
[  408.462570][T10376] RDX: 0000000000000001 RSI: 0000200000000380 RDI: 0000000000000003
[  408.462580][T10376] RBP: 00007fc310fdc090 R08: 0000000000000000 R09: 0000000000000000
[  408.462590][T10376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.462600][T10376] R13: 00007fc3103e6038 R14: 00007fc3103e5fa0 R15: 00007ffcda7cdfe8
[  408.462624][T10376]  </TASK>
[  408.526061][   T10] ft260 0003:0403:6030.0029: failed to reset I2C controller: -71
[  408.532963][   T10] usb 4-1: USB disconnect, device number 47
[  408.862087][ T6025] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  408.882237][ T6025] usb 1-1: device descriptor read/8, error -71
[  409.067357][   T30] audit: type=1400 audit(1758556372.929:1626): avc:  denied  { write } for  pid=10380 comm="syz.3.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  409.141509][   T30] audit: type=1400 audit(1758556372.939:1627): avc:  denied  { ioctl } for  pid=10380 comm="syz.3.983" path="socket:[25548]" dev="sockfs" ino=25548 ioctlcmd=0x89e4 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  409.174340][ T6025] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  409.202444][ T6025] usb 1-1: device descriptor read/8, error -71
[  409.203873][   T30] audit: type=1400 audit(1758556372.939:1628): avc:  denied  { create } for  pid=10380 comm="syz.3.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  409.328155][ T6025] usb usb1-port1: unable to enumerate USB device
[  409.403304][   T30] audit: type=1400 audit(1758556372.939:1629): avc:  denied  { bind } for  pid=10380 comm="syz.3.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  409.837993][   T30] audit: type=1400 audit(1758556372.999:1630): avc:  denied  { setopt } for  pid=10380 comm="syz.3.983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  410.262080][ T5911] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  410.907930][T10404] mkiss: ax0: crc mode is auto.
[  410.938408][ T5911] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  410.958391][ T5911] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  411.721936][ T5911] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  411.736641][ T5911] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  411.754089][ T5911] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  412.661134][ T5911] usb 4-1: Manufacturer: syz
[  412.674986][ T5911] usb 4-1: config 0 descriptor??
[  412.843422][ T5911] igorplugusb 4-1:0.0: incorrect number of endpoints
[  414.166285][   T43] usb 4-1: USB disconnect, device number 48
[  414.262113][T10425] FAULT_INJECTION: forcing a failure.
[  414.262113][T10425] name fail_futex, interval 1, probability 0, space 0, times 1
[  414.394837][T10425] CPU: 0 UID: 0 PID: 10425 Comm: syz.1.990 Not tainted syzkaller #0 PREEMPT(full) 
[  414.394859][T10425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  414.394866][T10425] Call Trace:
[  414.394870][T10425]  <TASK>
[  414.394874][T10425]  dump_stack_lvl+0x16c/0x1f0
[  414.394893][T10425]  should_fail_ex+0x512/0x640
[  414.394910][T10425]  get_futex_key+0x293/0x1560
[  414.394928][T10425]  ? __pfx_get_futex_key+0x10/0x10
[  414.394945][T10425]  ? get_pid_task+0xfc/0x250
[  414.394958][T10425]  futex_wake+0xea/0x530
[  414.394969][T10425]  ? proc_fail_nth_write+0x9f/0x220
[  414.394984][T10425]  ? __pfx_futex_wake+0x10/0x10
[  414.394998][T10425]  ? ksys_write+0x190/0x250
[  414.395013][T10425]  do_futex+0x1e3/0x350
[  414.395030][T10425]  ? __pfx_do_futex+0x10/0x10
[  414.395051][T10425]  __x64_sys_futex+0x1e0/0x4c0
[  414.395061][T10425]  ? fput+0x9b/0xd0
[  414.395076][T10425]  ? __pfx___x64_sys_futex+0x10/0x10
[  414.395093][T10425]  ? ksys_write+0x1ac/0x250
[  414.395105][T10425]  ? __pfx_ksys_write+0x10/0x10
[  414.395120][T10425]  do_syscall_64+0xcd/0x4e0
[  414.395136][T10425]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  414.395147][T10425] RIP: 0033:0x7ff00098eec9
[  414.395156][T10425] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  414.395167][T10425] RSP: 002b:00007feffebb4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  414.395177][T10425] RAX: ffffffffffffffda RBX: 00007ff000be6180 RCX: 00007ff00098eec9
[  414.395184][T10425] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040
[  414.395191][T10425] RBP: 00007feffebb4090 R08: 0000000000000000 R09: 0000000000000001
[  414.395197][T10425] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001
[  414.395203][T10425] R13: 00007ff000be6218 R14: 00007ff000be6180 R15: 00007ffee1dc6148
[  414.395216][T10425]  </TASK>
[  414.661649][T10430] mkiss: ax0: crc mode is auto.
[  415.824670][T10458] loop2: detected capacity change from 0 to 7
[  415.997744][T10458] Dev loop2: unable to read RDB block 7
[  416.065771][T10458]  loop2: unable to read partition table
[  416.139248][T10458] loop2: partition table beyond EOD, truncated
[  416.156485][T10458] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  416.392181][   T30] audit: type=1400 audit(1758556380.259:1631): avc:  denied  { create } for  pid=10460 comm="syz.3.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  417.610602][   T30] audit: type=1400 audit(1758556381.449:1632): avc:  denied  { connect } for  pid=10465 comm="syz.3.1000" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  417.981804][ T5934] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  418.062125][   T43] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  418.182143][T10489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  418.275085][ T5934] usb 3-1: config index 0 descriptor too short (expected 23569, got 27)
[  418.283892][ T5934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  418.459730][   T43] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  418.478918][   T43] usb 1-1: config 0 has no interface number 0
[  418.491276][   T43] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  418.522576][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.530687][   T43] usb 1-1: Product: syz
[  418.793550][ T5934] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  418.951608][ T5934] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  418.970925][   T43] usb 1-1: Manufacturer: syz
[  418.984986][   T43] usb 1-1: SerialNumber: syz
[  418.990643][ T5934] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  419.008973][   T43] usb 1-1: config 0 descriptor??
[  419.046471][ T5934] usb 3-1: Manufacturer: syz
[  419.079253][ T5934] usb 3-1: config 0 descriptor??
[  419.113130][ T5934] igorplugusb 3-1:0.0: incorrect number of endpoints
[  419.236447][   T43] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  419.258933][   T43] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  419.312428][ T5911] usb 3-1: USB disconnect, device number 44
[  419.335838][   T43] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  419.392820][   T43] usb 1-1: media controller created
[  419.406432][   T30] audit: type=1400 audit(1758556383.269:1633): avc:  denied  { mount } for  pid=10500 comm="syz.3.1006" name="/" dev="rpc_pipefs" ino=25899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  419.440912][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  419.444979][   T30] audit: type=1400 audit(1758556383.299:1634): avc:  denied  { watch } for  pid=10500 comm="syz.3.1006" path="/205/file0" dev="rpc_pipefs" ino=25899 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=dir permissive=1
[  419.583390][   T30] audit: type=1400 audit(1758556383.299:1635): avc:  denied  { unmount } for  pid=10500 comm="syz.3.1006" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  419.649579][   T30] audit: type=1400 audit(1758556383.509:1636): avc:  denied  { unmount } for  pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  420.862336][   T43] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  421.150131][T10518] tty tty4: ldisc open failed (-12), clearing slot 3
[  421.405908][    T9] usb 5-1: new full-speed USB device number 38 using dummy_hcd
[  421.675598][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  421.697899][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  421.714630][    T9] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  421.731745][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.743088][   T30] audit: type=1326 audit(1758556385.559:1637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  421.805844][    T9] usb 5-1: config 0 descriptor??
[  421.891253][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  421.926762][   T30] audit: type=1326 audit(1758556385.559:1638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.013016][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  422.026717][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  422.221993][   T43] usb 1-1: USB disconnect, device number 36
[  422.233164][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  422.240305][   T30] audit: type=1326 audit(1758556385.559:1639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.299692][    T9] usb 5-1: media controller created
[  422.323205][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  422.335727][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  422.341810][   T30] audit: type=1326 audit(1758556385.559:1640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.368723][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  422.382049][   T30] audit: type=1326 audit(1758556385.559:1641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.429720][   T30] audit: type=1326 audit(1758556385.559:1642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.437452][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input84
[  422.481897][   T30] audit: type=1326 audit(1758556385.559:1643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.562044][   T30] audit: type=1326 audit(1758556385.559:1644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  422.795973][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  422.891790][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  422.958782][    T9] usb 5-1: USB disconnect, device number 38
[  422.966327][   T30] audit: type=1326 audit(1758556385.559:1645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  423.043567][   T30] audit: type=1326 audit(1758556385.559:1646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10517 comm="syz.2.1012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  423.713816][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  424.021329][T10548] comedi comedi0: Minor 3 could not be opened
[  426.299126][T10563] loop2: detected capacity change from 0 to 7
[  426.313756][T10563] Dev loop2: unable to read RDB block 7
[  426.319483][T10563]  loop2: unable to read partition table
[  426.325378][T10563] loop2: partition table beyond EOD, truncated
[  426.331722][T10563] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  426.641785][   T24] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  427.183173][   T24] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  427.196641][   T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  427.208087][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  427.230690][   T24] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  427.254201][   T24] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  427.868182][   T24] usb 4-1: Manufacturer: syz
[  427.874889][   T24] usb 4-1: config 0 descriptor??
[  427.964333][   T24] igorplugusb 4-1:0.0: incorrect number of endpoints
[  428.000114][T10576] mkiss: ax0: crc mode is auto.
[  428.227351][T10590] sp0: Synchronizing with TNC
[  428.375350][   T10] usb 4-1: USB disconnect, device number 49
[  429.162299][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  429.162314][   T30] audit: type=1326 audit(1758556393.019:1656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.232596][   T30] audit: type=1326 audit(1758556393.019:1657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.259161][   T30] audit: type=1326 audit(1758556393.059:1658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.282659][    C1] vkms_vblank_simulate: vblank timer overrun
[  429.402192][   T30] audit: type=1326 audit(1758556393.059:1659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.448009][   T30] audit: type=1326 audit(1758556393.059:1660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.480255][   T30] audit: type=1326 audit(1758556393.059:1661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.534336][   T30] audit: type=1326 audit(1758556393.059:1662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.608576][   T30] audit: type=1326 audit(1758556393.059:1663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  429.694921][   T30] audit: type=1326 audit(1758556393.059:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=250 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  430.231621][   T30] audit: type=1326 audit(1758556393.059:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10584 comm="syz.4.1025" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc31018eec9 code=0x7ffc0000
[  430.359678][ T5911] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  430.923953][ T5911] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  430.937445][ T5911] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  430.961044][ T5911] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  430.978830][ T5911] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  431.000556][ T5911] usb 1-1: Manufacturer: syz
[  431.021806][ T5911] usb 1-1: config 0 descriptor??
[  431.142398][ T5911] rc_core: IR keymap rc-hauppauge not found
[  431.148416][ T5911] Registered IR keymap rc-empty
[  431.155324][ T5911] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  431.168891][ T5911] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input86
[  431.234606][ T6025] usb 1-1: USB disconnect, device number 37
[  432.871645][T10647] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  433.291790][ T6025] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  433.463079][ T6025] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  433.471629][ T6025] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  433.612469][ T6025] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  433.641799][ T6025] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  433.721797][   T43] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  433.764597][ T6025] usb 4-1: Manufacturer: syz
[  433.781854][ T6025] usb 4-1: config 0 descriptor??
[  433.803099][ T6025] igorplugusb 4-1:0.0: incorrect number of endpoints
[  433.891809][   T43] usb 2-1: Using ep0 maxpacket: 8
[  433.898998][   T43] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 7
[  433.923785][   T43] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  433.938021][   T43] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  433.949862][T10664] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'.
[  433.977493][   T43] usb 2-1: Product: syz
[  433.986705][   T43] usb 2-1: Manufacturer: syz
[  434.002660][   T43] usb 2-1: SerialNumber: syz
[  434.014480][   T24] usb 4-1: USB disconnect, device number 50
[  434.041594][T10666] netlink: 'syz.4.1045': attribute type 10 has an invalid length.
[  434.074095][T10666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1045'.
[  434.601631][T10674] FAULT_INJECTION: forcing a failure.
[  434.601631][T10674] name failslab, interval 1, probability 0, space 0, times 0
[  434.616980][T10674] CPU: 0 UID: 0 PID: 10674 Comm: syz.3.1047 Not tainted syzkaller #0 PREEMPT(full) 
[  434.617006][T10674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  434.617016][T10674] Call Trace:
[  434.617022][T10674]  <TASK>
[  434.617029][T10674]  dump_stack_lvl+0x16c/0x1f0
[  434.617056][T10674]  should_fail_ex+0x512/0x640
[  434.617078][T10674]  ? fs_reclaim_acquire+0xae/0x150
[  434.617103][T10674]  ? tomoyo_encode2+0x100/0x3e0
[  434.617129][T10674]  should_failslab+0xc2/0x120
[  434.617149][T10674]  __kmalloc_noprof+0xd2/0x510
[  434.617168][T10674]  ? d_absolute_path+0x136/0x1a0
[  434.617197][T10674]  tomoyo_encode2+0x100/0x3e0
[  434.617226][T10674]  tomoyo_encode+0x29/0x50
[  434.617250][T10674]  tomoyo_realpath_from_path+0x18f/0x6e0
[  434.617283][T10674]  tomoyo_path_number_perm+0x245/0x580
[  434.617305][T10674]  ? tomoyo_path_number_perm+0x237/0x580
[  434.617329][T10674]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  434.617353][T10674]  ? find_held_lock+0x2b/0x80
[  434.617397][T10674]  ? find_held_lock+0x2b/0x80
[  434.617418][T10674]  ? hook_file_ioctl_common+0x145/0x410
[  434.617442][T10674]  ? __fget_files+0x20e/0x3c0
[  434.617467][T10674]  security_file_ioctl+0x9b/0x240
[  434.617494][T10674]  __x64_sys_ioctl+0xb7/0x210
[  434.617522][T10674]  do_syscall_64+0xcd/0x4e0
[  434.617548][T10674]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.617565][T10674] RIP: 0033:0x7f2c1278eec9
[  434.617580][T10674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  434.617596][T10674] RSP: 002b:00007f2c1369f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  434.617613][T10674] RAX: ffffffffffffffda RBX: 00007f2c129e5fa0 RCX: 00007f2c1278eec9
[  434.617624][T10674] RDX: 0000200000000100 RSI: 00000000c0d05605 RDI: 0000000000000003
[  434.617635][T10674] RBP: 00007f2c1369f090 R08: 0000000000000000 R09: 0000000000000000
[  434.617650][T10674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  434.617660][T10674] R13: 00007f2c129e6038 R14: 00007f2c129e5fa0 R15: 00007ffc38556678
[  434.617684][T10674]  </TASK>
[  434.617700][T10674] ERROR: Out of memory at tomoyo_realpath_from_path.
[  435.541777][ T6025] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  435.734208][ T6025] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  435.743923][ T6025] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  435.758642][ T6025] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  435.773139][ T6025] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  435.788765][ T6025] usb 5-1: Manufacturer: syz
[  435.806924][ T6025] usb 5-1: config 0 descriptor??
[  435.904350][ T6025] rc_core: IR keymap rc-hauppauge not found
[  435.910349][ T6025] Registered IR keymap rc-empty
[  435.916454][ T6025] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  435.935230][ T6025] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input88
[  437.337349][   T43] usb 5-1: USB disconnect, device number 39
[  437.367438][   T24] usb 2-1: USB disconnect, device number 35
[  437.793306][T10716] FAULT_INJECTION: forcing a failure.
[  437.793306][T10716] name failslab, interval 1, probability 0, space 0, times 0
[  437.844572][T10716] CPU: 0 UID: 0 PID: 10716 Comm: syz.2.1055 Not tainted syzkaller #0 PREEMPT(full) 
[  437.844597][T10716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  437.844608][T10716] Call Trace:
[  437.844619][T10716]  <TASK>
[  437.844626][T10716]  dump_stack_lvl+0x16c/0x1f0
[  437.844652][T10716]  should_fail_ex+0x512/0x640
[  437.844674][T10716]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  437.844697][T10716]  should_failslab+0xc2/0x120
[  437.844717][T10716]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  437.844736][T10716]  ? __alloc_skb+0x2b2/0x380
[  437.844760][T10716]  __alloc_skb+0x2b2/0x380
[  437.844779][T10716]  ? __pfx___alloc_skb+0x10/0x10
[  437.844800][T10716]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  437.844831][T10716]  netlink_alloc_large_skb+0x69/0x130
[  437.844855][T10716]  netlink_sendmsg+0x6a1/0xdd0
[  437.844882][T10716]  ? __pfx_netlink_sendmsg+0x10/0x10
[  437.844915][T10716]  ____sys_sendmsg+0xa95/0xc70
[  437.844942][T10716]  ? copy_msghdr_from_user+0x10a/0x160
[  437.844963][T10716]  ? __pfx_____sys_sendmsg+0x10/0x10
[  437.845001][T10716]  ___sys_sendmsg+0x134/0x1d0
[  437.845023][T10716]  ? __pfx____sys_sendmsg+0x10/0x10
[  437.845075][T10716]  __sys_sendmsg+0x16d/0x220
[  437.845098][T10716]  ? __pfx___sys_sendmsg+0x10/0x10
[  437.845115][T10703] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.845134][T10716]  do_syscall_64+0xcd/0x4e0
[  437.845158][T10716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  437.845173][T10716] RIP: 0033:0x7f17d2f8eec9
[  437.845186][T10716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  437.845201][T10716] RSP: 002b:00007f17d3ebe038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  437.845216][T10716] RAX: ffffffffffffffda RBX: 00007f17d31e5fa0 RCX: 00007f17d2f8eec9
[  437.845227][T10716] RDX: 0000000000000000 RSI: 0000200000001080 RDI: 0000000000000003
[  437.845236][T10716] RBP: 00007f17d3ebe090 R08: 0000000000000000 R09: 0000000000000000
[  437.845245][T10716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  437.845254][T10716] R13: 00007f17d31e6038 R14: 00007f17d31e5fa0 R15: 00007ffd92aa5d18
[  437.845274][T10716]  </TASK>
[  438.061778][   T10] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  438.221875][   T10] usb 1-1: device descriptor read/64, error -71
[  438.241186][T10719] netlink: 'syz.2.1056': attribute type 10 has an invalid length.
[  438.260599][T10719] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  438.671332][   T24] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  439.171830][   T24] usb 2-1: device descriptor read/64, error -71
[  439.252002][   T10] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  439.341853][   T43] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  439.429868][   T24] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  440.182161][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  440.189986][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  440.303928][   T10] usb 1-1: device descriptor read/64, error -71
[  440.352986][   T43] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  440.361619][   T43] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  440.381837][   T24] usb 2-1: device descriptor read/64, error -71
[  440.394473][   T43] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  440.403594][   T43] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  440.411552][   T43] usb 5-1: Manufacturer: syz
[  440.437864][   T10] usb usb1-port1: attempt power cycle
[  440.469111][   T43] usb 5-1: config 0 descriptor??
[  440.491909][   T24] usb usb2-port1: attempt power cycle
[  440.886960][   T43] igorplugusb 5-1:0.0: incorrect number of endpoints
[  441.342502][    T9] usb 5-1: USB disconnect, device number 40
[  441.344309][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  441.344320][   T30] audit: type=1400 audit(1758556405.189:1675): avc:  denied  { write } for  pid=10738 comm="syz.3.1063" name="sg0" dev="devtmpfs" ino=750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  441.388272][   T30] audit: type=1400 audit(1758556405.189:1676): avc:  denied  { ioctl } for  pid=10738 comm="syz.3.1063" path="/dev/sg0" dev="devtmpfs" ino=750 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  442.191770][ T5911] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  442.377268][ T5911] usb 4-1: Using ep0 maxpacket: 32
[  442.493039][   T43] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  442.611847][ T5911] usb 4-1: config index 0 descriptor too short (expected 156, got 27)
[  442.627103][ T5911] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  442.647488][T10760] fuse: Bad value for 'rootmode'
[  442.675759][ T5911] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  442.691880][ T5911] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  442.705382][ T5911] usb 4-1: config 0 interface 0 has no altsetting 0
[  442.796609][ T5911] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  442.805697][ T5911] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  442.814345][ T5911] usb 4-1: Product: syz
[  442.818558][ T5911] usb 4-1: Manufacturer: syz
[  442.823229][ T5911] usb 4-1: SerialNumber: syz
[  442.840115][ T5911] usb 4-1: config 0 descriptor??
[  442.999322][   T30] audit: type=1326 audit(1758556406.779:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  443.022789][    C0] vkms_vblank_simulate: vblank timer overrun
[  443.120796][ T5911] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  443.130249][   T43] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[  443.141416][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  443.212905][   T30] audit: type=1326 audit(1758556406.779:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  443.236363][    C0] vkms_vblank_simulate: vblank timer overrun
[  443.313411][   T30] audit: type=1326 audit(1758556406.779:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  443.336848][    C0] vkms_vblank_simulate: vblank timer overrun
[  443.349030][   T43] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  443.385265][   T30] audit: type=1326 audit(1758556406.779:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  443.733628][T10774] loop2: detected capacity change from 0 to 7
[  443.741176][   T43] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  443.749300][T10774] Dev loop2: unable to read RDB block 7
[  443.754856][T10774]  loop2: unable to read partition table
[  443.760560][T10774] loop2: partition table beyond EOD, truncated
[  443.766732][T10774] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  443.781840][   T43] usb 5-1: Manufacturer: syz
[  443.886543][ T5911] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  443.908744][   T43] usb 5-1: config 0 descriptor??
[  443.937322][ T5911] usb 4-1: USB disconnect, device number 51
[  443.957071][ T5911] ldusb 4-1:0.0: LD USB Device #0 now disconnected
[  443.986181][   T30] audit: type=1326 audit(1758556406.779:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  444.086033][   T30] audit: type=1326 audit(1758556406.779:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  444.228281][ T5963] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  444.236443][   T43] rc_core: IR keymap rc-hauppauge not found
[  444.242558][   T43] Registered IR keymap rc-empty
[  444.249448][   T43] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  444.260943][   T43] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input89
[  444.271742][   T30] audit: type=1326 audit(1758556406.789:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  444.394005][T10786] comedi comedi0: Minor 3 could not be opened
[  444.763778][ T5963] usb 2-1: device descriptor read/64, error -71
[  444.802161][   T43] usb 5-1: USB disconnect, device number 41
[  444.809168][   T30] audit: type=1326 audit(1758556406.789:1684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10761 comm="syz.2.1069" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f17d2f8eec9 code=0x7ffc0000
[  444.980395][T10788] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1073'.
[  445.011903][ T5963] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  445.211864][ T5963] usb 2-1: device descriptor read/64, error -71
[  445.323962][ T5963] usb usb2-port1: attempt power cycle
[  445.463342][T10797] loop2: detected capacity change from 0 to 7
[  445.481200][T10797] Dev loop2: unable to read RDB block 7
[  445.487520][T10797]  loop2: unable to read partition table
[  445.497075][T10797] loop2: partition table beyond EOD, truncated
[  445.503151][   T43] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  445.511056][T10797] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  445.692308][ T5963] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  445.775807][ T5963] usb 2-1: device descriptor read/8, error -71
[  445.785295][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.796697][   T43] usb 4-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  445.833580][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.885323][   T43] usb 4-1: config 0 descriptor??
[  446.021897][ T5963] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  446.052665][ T5963] usb 2-1: device descriptor read/8, error -71
[  446.161976][ T5963] usb usb2-port1: unable to enumerate USB device
[  446.172136][ T5911] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  446.337247][   T43] steelseries 0003:1038:12B6.002A: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.3-1/input0
[  446.385692][ T5911] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  446.413109][ T5911] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  446.461179][ T5911] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  446.508010][ T5911] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  446.536529][ T5911] usb 1-1: Manufacturer: syz
[  446.564090][ T5911] usb 1-1: config 0 descriptor??
[  446.583234][ T5911] igorplugusb 1-1:0.0: incorrect number of endpoints
[  446.930846][ T5911] usb 1-1: USB disconnect, device number 41
[  447.055652][   T10] usb 4-1: USB disconnect, device number 52
[  447.254078][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  447.254094][   T30] audit: type=1326 audit(1758556411.069:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  447.491871][   T30] audit: type=1326 audit(1758556411.079:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.425401][   T30] audit: type=1326 audit(1758556411.079:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.462053][   T30] audit: type=1326 audit(1758556411.079:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.485517][    C0] vkms_vblank_simulate: vblank timer overrun
[  448.491816][   T30] audit: type=1326 audit(1758556411.079:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.491858][   T30] audit: type=1326 audit(1758556411.079:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.491892][   T30] audit: type=1326 audit(1758556411.089:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.491927][   T30] audit: type=1326 audit(1758556411.089:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.491963][   T30] audit: type=1326 audit(1758556411.089:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.492148][   T30] audit: type=1326 audit(1758556411.099:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10814 comm="syz.1.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff00098eec9 code=0x7ffc0000
[  448.739090][T10832] netlink: 'syz.0.1083': attribute type 10 has an invalid length.
[  448.749112][T10832] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  449.829121][T10843] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  449.915784][    T9] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  450.276647][    T9] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  450.286117][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  450.305087][    T9] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  450.315522][    T9] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  450.326757][    T9] usb 1-1: Manufacturer: syz
[  450.336015][    T9] usb 1-1: config 0 descriptor??
[  450.644578][    T9] rc_core: IR keymap rc-hauppauge not found
[  450.652852][    T9] Registered IR keymap rc-empty
[  450.660159][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  450.696383][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input90
[  450.804923][    T9] usb 1-1: USB disconnect, device number 42
[  450.993791][T10878] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 2, id = 0
[  451.848116][T10894] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1095'.
[  451.961763][    T9] usb 4-1: new full-speed USB device number 53 using dummy_hcd
[  452.161875][   T43] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  452.298119][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  452.310748][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  452.341857][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  452.366826][T10900] loop2: detected capacity change from 0 to 7
[  452.373889][   T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  452.384932][T10900] Dev loop2: unable to read RDB block 7
[  452.390482][T10900]  loop2: unable to read partition table
[  452.396228][T10900] loop2: partition table beyond EOD, truncated
[  452.402391][T10900] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  452.422282][   T43] usb 5-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  452.439150][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  452.446268][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  452.498808][   T43] usb 5-1: config 0 descriptor??
[  452.547503][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  452.562829][    T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  452.574962][    T9] usb 4-1: Manufacturer: syz
[  452.601466][    T9] usb 4-1: config 0 descriptor??
[  452.706308][T10910] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  452.881838][    T9] rc_core: IR keymap rc-hauppauge not found
[  452.887766][    T9] Registered IR keymap rc-empty
[  452.892809][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  452.911857][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  452.933627][    T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  452.941143][   T43] steelseries 0003:1038:12B6.002B: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.4-1/input0
[  452.966502][    T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input91
[  452.986122][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.181852][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.427429][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.446765][T10888] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  453.461857][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.482263][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.504604][    T9] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  453.517918][T10921] page: refcount:515 mapcount:0 mapping:ffff888056860730 index:0x0 pfn:0x4d800
[  453.527244][T10921] head: order:9 mapcount:1 entire_mapcount:1 nr_pages_mapped:0 pincount:0
[  453.535747][T10921] aops:hugetlbfs_aops ino:6b16 dentry name(?):"anon_hugepage"
[  453.543195][T10921] flags: 0xfff00000000041(locked|head|node=0|zone=1|lastcpupid=0x7ff)
[  453.551329][T10921] page_type: f4(hugetlb)
[  453.555559][T10921] raw: 00fff00000000041 ffffc900038a7d68 ffffc900038a7d68 ffff888056860730
[  453.564119][T10921] raw: 0000000000000000 0000000000000000 00000203f4000000 0000000000000000
[  453.572695][T10921] head: 00fff00000000041 ffffc900038a7d68 ffffc900038a7d68 ffff888056860730
[  453.581342][T10921] head: 0000000000000000 0000000000000000 00000203f4000000 0000000000000000
[  453.589989][T10921] head: 00fff00000000009 ffffea0001360001 0000000000000000 0000000000000000
[  453.598641][T10921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000200
[  453.607282][T10921] page dumped because: VM_BUG_ON_FOLIO(folio_mapped(folio))
[  453.614546][T10921] page_owner tracks the page as allocated
[  453.620549][T10921] page last allocated via order 9, migratetype Movable, gfp_mask 0x146cca(GFP_HIGHUSER_MOVABLE|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_COMP), pid 10865, tgid 10863 (syz.1.1090), ts 450691217463, free_ts 435899323125
[  453.641281][T10921]  post_alloc_hook+0x1c0/0x230
[  453.646055][T10921]  get_page_from_freelist+0x132b/0x38e0
[  453.651592][T10921]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  453.657495][T10921]  alloc_surplus_hugetlb_folio+0x1ad/0x4a0
[  453.663286][T10921]  alloc_hugetlb_folio+0xed4/0x1560
[  453.668480][T10921]  hugetlb_fault+0x1bce/0x2f40
[  453.673235][T10921]  handle_mm_fault+0xbfa/0xd10
[  453.677980][T10921]  __get_user_pages+0x551/0x34a0
[  453.682911][T10921]  populate_vma_page_range+0x267/0x3f0
[  453.688365][T10921]  __mm_populate+0x1d8/0x380
[  453.692929][T10921]  vm_mmap_pgoff+0x37f/0x470
[  453.697507][T10921]  ksys_mmap_pgoff+0x1c8/0x5c0
[  453.702253][T10921]  __x64_sys_mmap+0x125/0x190
[  453.706903][T10921]  do_syscall_64+0xcd/0x4e0
[  453.711386][T10921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  453.717271][T10921] page last free pid 10686 tgid 10685 stack trace:
[  453.723743][T10921]  __free_frozen_pages+0x7d5/0x10f0
[  453.728939][T10921]  __folio_put+0x329/0x450
[  453.733344][T10921]  hugetlb_free_folio+0xfc/0x140
[  453.738278][T10921]  __update_and_free_hugetlb_folio+0x1e3/0x420
[  453.744430][T10921]  update_and_free_hugetlb_folio+0xce/0x210
[  453.750303][T10921]  free_huge_folio+0x85b/0x1050
[  453.755151][T10921]  folios_put_refs+0x4e7/0x740
[  453.759904][T10921]  remove_inode_hugepages+0xbef/0xed0
[  453.765258][T10921]  hugetlbfs_fallocate+0xf3f/0x12e0
[  453.770438][T10921]  vfs_fallocate+0x5b4/0x10e0
[  453.775109][T10921]  madvise_vma_behavior+0x2ad7/0x2d60
[  453.780472][T10921]  madvise_walk_vmas+0x31f/0x9c0
[  453.785396][T10921]  madvise_do_behavior+0x1e2/0x530
[  453.790498][T10921]  do_madvise+0x176/0x240
[  453.794804][T10921]  __x64_sys_madvise+0xa9/0x110
[  453.799645][T10921]  do_syscall_64+0xcd/0x4e0
[  453.804231][T10921] ------------[ cut here ]------------
[  453.809669][T10921] kernel BUG at mm/filemap.c:154!
[  453.814682][T10921] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[  453.821074][T10921] CPU: 0 UID: 0 PID: 10921 Comm: syz.1.1102 Not tainted syzkaller #0 PREEMPT(full) 
[  453.830433][T10921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  453.840480][T10921] RIP: 0010:filemap_unaccount_folio+0xef/0x8c0
[  453.846627][T10921] Code: 07 20 c9 ff 89 ee 31 ff 4c 8d 6b 30 e8 3a 1b c9 ff 85 ed 7e 17 e8 f1 1f c9 ff 48 c7 c6 40 20 b9 8b 48 89 df e8 22 d1 11 00 90 <0f> 0b e8 da 1f c9 ff 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1
[  453.866227][T10921] RSP: 0018:ffffc900038b7310 EFLAGS: 00010046
[  453.872279][T10921] RAX: 0000000000080000 RBX: ffffea0001360000 RCX: ffffc90011aa7000
[  453.880240][T10921] RDX: 0000000000080000 RSI: ffffffff81f27d9e RDI: ffff888032ac8444
[  453.888185][T10921] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  453.896132][T10921] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888056860730
[  453.904116][T10921] R13: ffffea0001360030 R14: 0000000000000630 R15: ffffea0001360000
[  453.912082][T10921] FS:  00007feffe36e6c0(0000) GS:ffff8881246b2000(0000) knlGS:0000000000000000
[  453.921005][T10921] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  453.927576][T10921] CR2: 0000200000006287 CR3: 000000007d29e000 CR4: 00000000003526f0
[  453.935546][T10921] Call Trace:
[  453.938816][T10921]  <TASK>
[  453.941735][T10921]  filemap_remove_folio+0xf1/0x250
[  453.946845][T10921]  remove_inode_hugepages+0x74a/0xed0
[  453.952207][T10921]  ? __schedule+0x11a3/0x5de0
[  453.956867][T10921]  ? _raw_spin_unlock_irqrestore+0x31/0x80
[  453.962670][T10921]  ? __pfx_remove_inode_hugepages+0x10/0x10
[  453.968549][T10921]  ? __pfx___schedule+0x10/0x10
[  453.973383][T10921]  ? __pfx_try_to_wake_up+0x10/0x10
[  453.978590][T10921]  ? up_write+0x209/0x520
[  453.982911][T10921]  hugetlbfs_fallocate+0xf3f/0x12e0
[  453.988098][T10921]  ? __pfx_hugetlbfs_fallocate+0x10/0x10
[  453.993737][T10921]  ? __pfx_hugetlbfs_fallocate+0x10/0x10
[  453.999355][T10921]  ? vfs_fallocate+0x5b4/0x10e0
[  454.004201][T10921]  vfs_fallocate+0x5b4/0x10e0
[  454.008850][T10921]  ? __pfx_vfs_fallocate+0x10/0x10
[  454.013946][T10921]  ? madvise_vma_behavior+0x2b20/0x2d60
[  454.019474][T10921]  ? madvise_vma_behavior+0x126/0x2d60
[  454.024934][T10921]  madvise_vma_behavior+0x2ad7/0x2d60
[  454.030306][T10921]  ? mas_prev_setup.constprop.0+0xb6/0x9d0
[  454.036099][T10921]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  454.041804][T10921]  ? __pfx_mas_prev+0x10/0x10
[  454.046464][T10921]  ? find_vma_prev+0xda/0x160
[  454.051120][T10921]  ? find_held_lock+0x2b/0x80
[  454.055779][T10921]  ? __pfx_find_vma_prev+0x10/0x10
[  454.060875][T10921]  ? futex_unqueue+0x133/0x2c0
[  454.065710][T10921]  ? __futex_wait+0x24c/0x2f0
[  454.070368][T10921]  madvise_walk_vmas+0x31f/0x9c0
[  454.075289][T10921]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  454.080729][T10921]  madvise_do_behavior+0x1e2/0x530
[  454.085822][T10921]  ? futex_private_hash_put+0x18a/0x300
[  454.091351][T10921]  ? __pfx_madvise_do_behavior+0x10/0x10
[  454.096963][T10921]  ? down_read+0x13d/0x480
[  454.101371][T10921]  do_madvise+0x176/0x240
[  454.105683][T10921]  ? __pfx_do_madvise+0x10/0x10
[  454.110515][T10921]  ? do_futex+0x122/0x350
[  454.114833][T10921]  ? xfd_validate_state+0x61/0x180
[  454.119936][T10921]  __x64_sys_madvise+0xa9/0x110
[  454.124769][T10921]  ? lockdep_hardirqs_on+0x7c/0x110
[  454.129945][T10921]  do_syscall_64+0xcd/0x4e0
[  454.134431][T10921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  454.140313][T10921] RIP: 0033:0x7ff00098eec9
[  454.144706][T10921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  454.164290][T10921] RSP: 002b:00007feffe36e038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  454.172682][T10921] RAX: ffffffffffffffda RBX: 00007ff000be6360 RCX: 00007ff00098eec9
[  454.180631][T10921] RDX: 0000000000000009 RSI: 0000000000600002 RDI: 0000200000000000
[  454.188579][T10921] RBP: 00007ff000a11f91 R08: 0000000000000000 R09: 0000000000000000
[  454.196530][T10921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  454.204490][T10921] R13: 00007ff000be63f8 R14: 00007ff000be6360 R15: 00007ffee1dc6148
[  454.212457][T10921]  </TASK>
[  454.215455][T10921] Modules linked in:
[  454.219330][T10921] ---[ end trace 0000000000000000 ]---
[  454.224762][T10921] RIP: 0010:filemap_unaccount_folio+0xef/0x8c0
[  454.230898][T10921] Code: 07 20 c9 ff 89 ee 31 ff 4c 8d 6b 30 e8 3a 1b c9 ff 85 ed 7e 17 e8 f1 1f c9 ff 48 c7 c6 40 20 b9 8b 48 89 df e8 22 d1 11 00 90 <0f> 0b e8 da 1f c9 ff 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1
[  454.250493][T10921] RSP: 0018:ffffc900038b7310 EFLAGS: 00010046
[  454.256551][T10921] RAX: 0000000000080000 RBX: ffffea0001360000 RCX: ffffc90011aa7000
[  454.264501][T10921] RDX: 0000000000080000 RSI: ffffffff81f27d9e RDI: ffff888032ac8444
[  454.272455][T10921] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  454.280400][T10921] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888056860730
[  454.288349][T10921] R13: ffffea0001360030 R14: 0000000000000630 R15: ffffea0001360000
[  454.296301][T10921] FS:  00007feffe36e6c0(0000) GS:ffff8881246b2000(0000) knlGS:0000000000000000
[  454.305213][T10921] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  454.311777][T10921] CR2: 0000200000006287 CR3: 000000007d29e000 CR4: 00000000003526f0
[  454.319733][T10921] Kernel panic - not syncing: Fatal exception
[  454.325970][T10921] Kernel Offset: disabled
[  454.330276][T10921] Rebooting in 86400 seconds..