last executing test programs:

11m13.941428686s ago: executing program 4 (id=914):
bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r0 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x26)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@dev, @in=@multicast1}}, {{@in6=@loopback}, 0x0, @in=@multicast1}}, &(0x7f00000005c0)=0xe8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket(0x2, 0x80805, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000340)={0x48})
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000080)={0x84, @rand_addr=0x64010103, 0x4e20, 0x3, 'sh\x00', 0x11, 0xa7e, 0x70}, 0x2c)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="ff93af273af5cf9c2f3b16ca8434780000001000010400"/34, @ANYRES32=0x0, @ANYBLOB="5d5800000000000044001a8040000a8014000700fe8000000000000000000000000000aa14000700fc01000000000000000000000000000014000700"/72], 0x78}, 0x1, 0x0, 0x0, 0x840}, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='{\x00', &(0x7f0000000080)='/@-^#}&\\%\x00', 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f0000000680)={0x15, 0x110, 0xfa08, {r6, 0x0, 0x10, 0x10, 0x0, @in={0x2, 0x4e24, @empty}, @in={0x2, 0x4e20, @remote}}}, 0x118)
bind$inet6(r3, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e20, 0x9, @remote, 0x4}}, 0xd31, 0x2, 0x8, 0xffffffff, 0x56, 0x7, 0x1d}, &(0x7f0000000200)=0x9c)
sendto$inet6(r3, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r3, 0x0, 0x0, 0x0)
syz_io_uring_setup(0xfd, &(0x7f0000000000)={0x0, 0xb7a3, 0x800, 0x1, 0xa7}, &(0x7f0000000180), &(0x7f0000000100))
mmap$IORING_OFF_SQES(&(0x7f0000a6e000/0x1000)=nil, 0x1000, 0x3000007, 0x13, 0xffffffffffffffff, 0x10000000)

11m12.215506603s ago: executing program 4 (id=920):
r0 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x6)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000))
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff6000/0x3000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ff3000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f000069a000/0x4000)=nil, &(0x7f0000ff7000/0x6000)=nil, 0x0}, 0x68)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000600)={0x84, r3, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x46, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0x0, @random=0x7, 0x1, @void, @val, @val={0x3, 0x1, 0x70}, @val={0x4, 0x6, {0xf0, 0x2, 0x7f, 0xa70a}}, @val={0x6, 0x2, 0x6}, @void, @val={0x25, 0x3, {0x1, 0x8c, 0x8}}, @void, @void, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x84}, 0x1, 0x0, 0x0, 0x20004090}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r5 = io_uring_setup(0x5802, &(0x7f0000000040)={0x0, 0xc89d, 0xc000, 0xa, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x8}, {0x0, 0xfff0}, {0xe, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x60000014}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), r2)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0xc101})
ioctl$int_in(r6, 0x5452, &(0x7f0000000580)=0x4)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x3, 0x1, 0x1, 0x4, 0x9, 0xa4, 0xffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x8, 0x5, 0x101, 0x1000, 0x9, 0x3, 0x3, 0x1, 0xfffffffa, 0x0, 0x6, 0x9, 0x81, 0x7, 0x8, 0x100000, 0x762, 0x3, 0x429f, 0xe, 0x2b12, 0x100, 0x6, 0x1c00, 0xb, 0x40, 0xbed4, 0x8, 0x8000100, 0x3, 0x8, 0x11000, 0x8, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0x800a, 0x7, 0xf, 0x102, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x400d6f, 0x4007, 0x8c, 0x1, 0x2af, 0xf7, 0x5, 0x1, 0x6, 0x9, 0x4, 0x7, 0x4009, 0x800000, 0x6, 0x1, 0x8, 0x8000, 0x0, 0x3, 0x0, 0x10001, 0x4e7b3717, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0xfffffffe, 0x84, 0x100, 0x5, 0x5b, 0x81, 0x33b, 0x8, 0x20006, 0x5, 0x2, 0x0, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x2, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40000040, 0x8, 0x4, 0x3, 0x401, 0x66cd, 0x8, 0x8, 0x1, 0xfffffffe, 0xc5c, 0xffffff41]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
r8 = fcntl$getown(r0, 0x9)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000080)={'\x00', 0xe, 0x8, 0x10, 0x4, 0xffffffff, r8})
r9 = syz_open_procfs(r1, &(0x7f0000000040)='net/tcp6\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r9, 0x541b, 0x0)

11m11.96844032s ago: executing program 4 (id=921):
fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50, 0xffffffffffffffff, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x10, @mcast2}, 0x1c)
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x400c404)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000040)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000200), 0x3, r3})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000500)={0x601, 0x0, &(0x7f0000000180), &(0x7f0000000480), &(0x7f0000000440)=[r4], &(0x7f0000000040), 0x0, 0x8})
r5 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, &(0x7f0000000000)={@remote, @multicast1, 0x4, "d30f388c52647612d91de4353d68b0fa00", 0x0, 0x0, 0x4000000, 0x8}, 0x3c)
setsockopt$MRT_ADD_MFC(r5, 0x0, 0xcc, &(0x7f0000000280)={@broadcast, @multicast1, 0x0, "7ea97ddb2ac127ffa5b7216fe75ebaa2855a422a8bf8ec7caf003751804500", 0x0, 0xfffffffd, 0x4, 0xfffffffe}, 0x3c)
setsockopt$MRT_ADD_MFC(r5, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ff1f4d7ed79c31e2e0f1da00000000230000002000", 0x1, 0x0, 0x3}, 0x3c)
keyctl$get_persistent(0x16, 0xee00, 0xfffffffffffffff8)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r6, 0x0, 0xd2, 0x0, 0x0)
setsockopt$MRT_FLUSH(r5, 0x2000, 0xd4, &(0x7f00000003c0)=0xa, 0x4)

11m10.530893222s ago: executing program 4 (id=924):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x80}, 0x50)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6000, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x5}, 0x0)
r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r6 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000480), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r7, r5, r6}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
r8 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
sendmmsg$unix(r8, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000740)=[{0x0}], 0x1}}], 0x1, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={0xffffffffffffffff, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x63, 0x0, 0x0, 0x0}, 0x50)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x14d802, 0x0)
r10 = dup(r9)
r11 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r11, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "e5e81571c97b166978ff61fcfd2409b2b73e0f936ed774de107de8a9041b5113"})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x12, r10, 0x2c93e000)

11m9.54789884s ago: executing program 4 (id=925):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7c9, 0x10, &(0x7f0000000400))
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x101000, 0x0, 0x22}, 0x18)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001080)={0x6, 0xc, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x45}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x42, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket(0x2, 0x80805, 0x0)
r3 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r4 = fcntl$dupfd(r3, 0x0, r3)
write$binfmt_script(r4, &(0x7f0000000100), 0xfffffd9d)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0)
sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4040090}, 0x2400c8c1)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x83)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r5, 0x40086602, &(0x7f0000000000))
link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
write$binfmt_script(r4, &(0x7f0000001180)={'#! ', '', [], 0xa, "1a79c0b5f98080449ffe84fb265b70a9a69c8e99189adf1dff76f5b943edfed74de85475fc200b57fb89288dcb1a31788a9625f8aece2d650b9f869c7eed7e8d511a64f05fbe39c1d87ce68c080baa799c8472a3e76e195159b25013a2f7f28807b66814fee2361e6322b4462e687f49e2e64993a3a9e150456bca134379a9ed558962c34686a3c994c1ea6f216b3a95cf3b17f83f402da6ecb36132048166ffcb5999c4363a3382c1ed1d716a8b37e31b085346e85e66916650e05cd485861852597c5546a3c08c1d97d7e3ffde24b848e35df30b41bf9e74f025a8"}, 0xe0)
write$P9_RFLUSH(r4, &(0x7f0000000000)={0x7, 0x6d, 0x2}, 0x7)
getsockopt$bt_hci(r2, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000400)="e02746e86c0d85ff9783763a0800", 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x4}, 0x50)

11m9.165972592s ago: executing program 4 (id=926):
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r1, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

10m53.287931435s ago: executing program 32 (id=926):
getsockopt$packet_int(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r1, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

6m9.04127217s ago: executing program 5 (id=1835):
socket$nl_rdma(0x10, 0x3, 0x14)
socket$kcm(0x2, 0x1, 0x84)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='uid_map\x00')
close_range(r0, 0xffffffffffffffff, 0x2)
ioctl$FIONREAD(r0, 0x541b, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000140)=[{0x0}, {&(0x7f0000000180)="abd9296f", 0x4}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

6m8.029753065s ago: executing program 5 (id=1843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000640)={0x84, r1, 0x5, 0x0, 0x25dfdbf7, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x3e, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @void, @void, @void, @void, @void, @void, @void, @val={0x3c, 0x4, {0x1, 0x4, 0x3, 0x7}}, @void, @val={0x72, 0x6}, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x8, 0x2, "ce713fc2"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x800007f}]}, 0x84}}, 0x840) (fail_nth: 9)

6m7.622876113s ago: executing program 5 (id=1847):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYRES16=0x0], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000020d0039000000000000b4a518110000", @ANYRES32=r1], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x76, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc7)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000757ff6", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r4, &(0x7f0000000140), &(0x7f00000000c0), 0x1}, 0x20)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000200)={'ip6_vti0\x00', &(0x7f0000000380)={'syztnl1\x00', <r5=>0x0, 0x4, 0x80, 0xf8, 0x53bd, 0x0, @private0, @loopback, 0x8000, 0x40, 0x0, 0x2}})
r6 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000400)=0xffffffffffffffff, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x16, &(0x7f00000002c0)=@raw=[@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x7, 0x0, 0x0, 0x0, 0x1}, @jmp={0x5, 0x1, 0xd, 0x9, 0xe, 0x80, 0x8}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @call={0x85, 0x0, 0x0, 0x1f}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x60, '\x00', r5, 0x0, r6, 0x8, &(0x7f0000000580)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000005c0)={0x1, 0x4, 0x5, 0xa}, 0x10, 0x0, 0x0, 0x9, &(0x7f0000000600)=[r0, r0, r1], &(0x7f0000000640)=[{0x3, 0x2, 0x5, 0x5}, {0x0, 0x3, 0xe, 0x4}, {0x1, 0x1, 0x4, 0xc}, {0x2, 0x4, 0x10, 0xc}, {0x4, 0x3, 0x6, 0x1}, {0x4, 0x5, 0x8, 0xc}, {0x3, 0x3, 0xe, 0xa}, {0x5, 0x5, 0x5, 0x1}, {0x2, 0x5, 0x1, 0x9}], 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000500)='page_pool_state_release\x00', r3}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r7, 0x2000000, 0xe, 0x0, &(0x7f00000004c0)="630b008646dc3f0adf33c9f7b986", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x2}, 0x50)
r8 = socket(0x1d, 0x802, 0x6)
ioctl$sock_SIOCETHTOOL(r8, 0x8946, &(0x7f0000000040)={'wlan1\x00', &(0x7f0000000080)=@ethtool_ringparam={0x11, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}})

6m7.594868298s ago: executing program 5 (id=1848):
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r2, 0x0, 0x3000c085)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='attr/fscreate\x00')
write$binfmt_script(r3, &(0x7f0000002800)={'#! ', './cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0xff1)
chdir(&(0x7f0000000080)='./file1\x00')
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000800)='./file0\x00', 0x8042, 0x80)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r5, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2)
r9 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, 0x930, 0x2800002, 0x11, r8, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r9, 0x20, &(0x7f00000001c0)="fb4149dd033be3ac2cc4a22332a77b23b08986814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16f8f1f449a7a835673312b54ebb2aa7fc869d22627e7", 0x0, 0x48)
r10 = fanotify_init(0x20, 0x101000)
fanotify_mark(r10, 0x1, 0x48000013, r4, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000380)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'tunl0\x00', <r11=>0x0})
sendto$packet(0xffffffffffffffff, &(0x7f0000000200)='S', 0x1, 0xc881, &(0x7f0000000140)={0x11, 0x6, r11, 0x1, 0x0, 0x6, @multicast}, 0x14)

6m6.522229964s ago: executing program 5 (id=1851):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x509000, 0x1f7)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f00000008c0)='./file4\x00', 0xffffffffffffff9c, &(0x7f0000000900)='./file7\x00', 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYBLOB="180200000000e1ff00000000000000008500000027000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r2, 0x0, 0xe, 0x0, &(0x7f00000000c0)="ff07000000000000ab5becdc7da9", 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x641, 0x8000026, r0, 0x0)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x1405, 0x0, 0x70bd2c, 0x25dfdbff, "", [{{0x8}, {0x8, 0x3, 0x3}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x2}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x2}}, {{0x8, 0x1, 0x2}, {0x8, 0x3, 0x4}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x8081)
fanotify_mark(r3, 0x221, 0x40000010, r0, 0x0)

6m6.434939279s ago: executing program 5 (id=1853):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
sendmmsg(r1, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x42042, 0x14a)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x10d6, &(0x7f0000000340)={0x0, 0x8aec, 0x80, 0x2, 0x34f, 0x0, r2}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000005c0)={'syztnl2\x00', &(0x7f0000000500)={'ip_vti0\x00', <r7=>0x0, 0x700, 0x1, 0xfffffffb, 0xf, {{0x19, 0x4, 0x3, 0x24, 0x64, 0x68, 0x0, 0x3, 0x0, 0x0, @broadcast, @local, {[@noop, @timestamp={0x44, 0x28, 0x64, 0x0, 0x8, [0xe, 0x1, 0x7, 0x200, 0x8003, 0xff, 0x10000, 0x5, 0x0]}, @timestamp_prespec={0x44, 0xc, 0x9f, 0x3, 0x7, [{@multicast2, 0x1}]}, @end, @timestamp={0x44, 0x8, 0x39, 0x0, 0x4, [0x9]}, @ssrr={0x89, 0xf, 0x6e, [@dev={0xac, 0x14, 0x14, 0x35}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r8 = geteuid()
sendmsg$nl_xfrm(r2, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000600)={&(0x7f0000001600)=ANY=[@ANYBLOB="4c0700001700000328bd7000fcdbdf2500000000000000000000000000000000000004d200000000ac14141b0000000000000000000000007f0000010000000000000000000000000a0101000000000000000000000000004e2300004e2200080200802033000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141428000000000000000000000000e00000020000000000000000000000004e2000964e2200040a00a0006c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b20f0000000000000c000000000000000800000000000000090000000000000007000000000000006d00000000000000ffffffffffffffff0000000000000000030000000000000006000000000000000100000000000000080000000000000000000000be6b6e0000010300000000004927000007000000050000002cbd700080011100fc020000000000000000000000000001e0000001000000000000000000000000ac1e0001000000000000000000000000000000000000000000000000000000003c020000000000000a000200e000000100000000000000000000000000000000000000000000ffff0a0101007f000001000000000000000000000000fc02000000000000000000000000000033000000000000000a000200e0000001000000000000000000000000e000000200000000000000000000000000000000000000000000000000000001fc02000000000000000000000000000033020000000000000a000200fe80000000000000000000000000000b00000000000000000000002b7d33b4971b4091ed31a40000000000fc00000000000000000000000000000000000000000000000000000000000000f00300000235000002000200fc010000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000001fe8000000000000000000000000000bb32040000000000000a000a00660001007368613235362d617678320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000000074f00ab2b4a7e3d17c3aa7c03a036c0a52a855a9a1864b6a4f385f5e798b0000e4000600fe8000000000000000000000000000aaac1414280000000000000000000000004e2300084e227fff02002080330000007a54f36adcf734f9a9b1fd19", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="7f000001000000000000000000000000000004d600000000fe880000000000000000000000000001000800000000000000800000000000009600000000000000010000800000000009000000000000005a08000000000000ffffffffffffffff0700000000000000080000000000000003000000000000000800000000000000030000000000000006000000000100000800000027bd7000ff3400000000047f0e000000000000002c001300fe8000000000000000000000000000aaac1e01010000000000000000000000000000000002000000f80001007368613531322d61726d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800500004484233974045e9c7a8cdd435a5d97a594d8e923d2353564a8d3c90fa45eff6bd402f93be105dd2373e7170497c1a3d14702f2841fd0c13c1730c1fe77035514bc6a394d243e3546f9cfeb7061c272a639e8c326ceb751447fbd36fb19321c1cf9d07390891a688fd077fce370bdf851f7508a51ad9e6fe02cc3f079f643d0ed19da62e524c90fb06b009b6b6f78a772d37376fdd592c15564d28cb9405a7d4b4424fcd7e03f7ae76fdf2ed4028276170a001000010000000000000014000d0064010102000000000000000000000000ac000700fe880000000000000000000000000101ffffffff0000000000000000000000004e2300064e220000020080a001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f7ffffffffffffff020000000000000006000000000000000100000000000000f600000000000000060000000000000007000000000000000800000000000000773f000000000000d8000000000000000600000000000000010000000000000081000000b86b6e000001010200000000e400060000000000000000000000000000000001ac1414aa0000000000000000000000004e2200034e21f0010200802087000000", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="fc020000000000000000000000000000000004d6ff00000000000000000000000000000000000000ff00000000000000a5ffffffffffffffadfaf85e0000000009000000000000004000000000000000030000000000000000000000000000000900000000000000060000000000000005000000000000007f000000000000000a0000000000000004000000060000000100000029bd70000635000002000316100000000000000084000500ff010000000000000000000000000001000004d33c00000002000000ff0200000000000000000000000000010635000003030b00050000000d00000006000000ff02000000000000000000000000000100000000330000000a000000fe8800000000000000000000000000010635000002002200040000000800000001000000"], 0x74c}, 0x1, 0x0, 0x0, 0x10}, 0xc5)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r10 = dup3(r9, r0, 0x0)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r9}}, &(0x7f0000000bc0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

5m51.192003279s ago: executing program 33 (id=1853):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = socket$inet_udp(0x2, 0x2, 0x0)
socket$phonet_pipe(0x23, 0x5, 0x2)
sendmmsg(r1, 0x0, 0x0, 0x0)
r2 = openat(0xffffffffffffff9c, 0x0, 0x42042, 0x14a)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = syz_io_uring_setup(0x10d6, &(0x7f0000000340)={0x0, 0x8aec, 0x80, 0x2, 0x34f, 0x0, r2}, &(0x7f0000000100)=<r5=>0x0, &(0x7f0000000080)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x47bc, 0x0, 0x0, 0x0, 0x0)
chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000005c0)={'syztnl2\x00', &(0x7f0000000500)={'ip_vti0\x00', <r7=>0x0, 0x700, 0x1, 0xfffffffb, 0xf, {{0x19, 0x4, 0x3, 0x24, 0x64, 0x68, 0x0, 0x3, 0x0, 0x0, @broadcast, @local, {[@noop, @timestamp={0x44, 0x28, 0x64, 0x0, 0x8, [0xe, 0x1, 0x7, 0x200, 0x8003, 0xff, 0x10000, 0x5, 0x0]}, @timestamp_prespec={0x44, 0xc, 0x9f, 0x3, 0x7, [{@multicast2, 0x1}]}, @end, @timestamp={0x44, 0x8, 0x39, 0x0, 0x4, [0x9]}, @ssrr={0x89, 0xf, 0x6e, [@dev={0xac, 0x14, 0x14, 0x35}, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
r8 = geteuid()
sendmsg$nl_xfrm(r2, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000600)={&(0x7f0000001600)=ANY=[@ANYBLOB="4c0700001700000328bd7000fcdbdf2500000000000000000000000000000000000004d200000000ac14141b0000000000000000000000007f0000010000000000000000000000000a0101000000000000000000000000004e2300004e2200080200802033000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac141428000000000000000000000000e00000020000000000000000000000004e2000964e2200040a00a0006c000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="b20f0000000000000c000000000000000800000000000000090000000000000007000000000000006d00000000000000ffffffffffffffff0000000000000000030000000000000006000000000000000100000000000000080000000000000000000000be6b6e0000010300000000004927000007000000050000002cbd700080011100fc020000000000000000000000000001e0000001000000000000000000000000ac1e0001000000000000000000000000000000000000000000000000000000003c020000000000000a000200e000000100000000000000000000000000000000000000000000ffff0a0101007f000001000000000000000000000000fc02000000000000000000000000000033000000000000000a000200e0000001000000000000000000000000e000000200000000000000000000000000000000000000000000000000000001fc02000000000000000000000000000033020000000000000a000200fe80000000000000000000000000000b00000000000000000000002b7d33b4971b4091ed31a40000000000fc00000000000000000000000000000000000000000000000000000000000000f00300000235000002000200fc010000000000000000000000000000ac1414bb00000000000000000000000000000000000000000000000000000001fe8000000000000000000000000000bb32040000000000000a000a00660001007368613235362d617678320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f000000074f00ab2b4a7e3d17c3aa7c03a036c0a52a855a9a1864b6a4f385f5e798b0000e4000600fe8000000000000000000000000000aaac1414280000000000000000000000004e2300084e227fff02002080330000007a54f36adcf734f9a9b1fd19", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="7f000001000000000000000000000000000004d600000000fe880000000000000000000000000001000800000000000000800000000000009600000000000000010000800000000009000000000000005a08000000000000ffffffffffffffff0700000000000000080000000000000003000000000000000800000000000000030000000000000006000000000100000800000027bd7000ff3400000000047f0e000000000000002c001300fe8000000000000000000000000000aaac1e01010000000000000000000000000000000002000000f80001007368613531322d61726d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800500004484233974045e9c7a8cdd435a5d97a594d8e923d2353564a8d3c90fa45eff6bd402f93be105dd2373e7170497c1a3d14702f2841fd0c13c1730c1fe77035514bc6a394d243e3546f9cfeb7061c272a639e8c326ceb751447fbd36fb19321c1cf9d07390891a688fd077fce370bdf851f7508a51ad9e6fe02cc3f079f643d0ed19da62e524c90fb06b009b6b6f78a772d37376fdd592c15564d28cb9405a7d4b4424fcd7e03f7ae76fdf2ed4028276170a001000010000000000000014000d0064010102000000000000000000000000ac000700fe880000000000000000000000000101ffffffff0000000000000000000000004e2300064e220000020080a001000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f7ffffffffffffff020000000000000006000000000000000100000000000000f600000000000000060000000000000007000000000000000800000000000000773f000000000000d8000000000000000600000000000000010000000000000081000000b86b6e000001010200000000e400060000000000000000000000000000000001ac1414aa0000000000000000000000004e2200034e21f0010200802087000000", @ANYRES32=r7, @ANYRES32=r8, @ANYBLOB="fc020000000000000000000000000000000004d6ff00000000000000000000000000000000000000ff00000000000000a5ffffffffffffffadfaf85e0000000009000000000000004000000000000000030000000000000000000000000000000900000000000000060000000000000005000000000000007f000000000000000a0000000000000004000000060000000100000029bd70000635000002000316100000000000000084000500ff010000000000000000000000000001000004d33c00000002000000ff0200000000000000000000000000010635000003030b00050000000d00000006000000ff02000000000000000000000000000100000000330000000a000000fe8800000000000000000000000000010635000002002200040000000800000001000000"], 0x74c}, 0x1, 0x0, 0x0, 0x10}, 0xc5)
r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r9, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r10 = dup3(r9, r0, 0x0)
r11 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder1\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r11, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r9, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r10, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000e00)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000400)={@flat=@weak_handle={0x77682a85, 0x0, 0x1}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x22}, @fd={0x66642a85, 0x0, r9}}, &(0x7f0000000bc0)={0x0, 0x18, 0x40}}, 0x1000}], 0x0, 0x0, 0x0})

4m11.717347526s ago: executing program 6 (id=2194):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000140)={0x6}, 0x10)
write(r4, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0x1, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40101}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
recvmmsg$unix(r4, &(0x7f0000006340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40010040, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001240)={&(0x7f0000000200)='kfree\x00', r3, 0x0, 0x9}, 0x18)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48800}, 0x4040090)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000240)=@raw=[@generic={0xd, 0x6, 0x5, 0x101, 0x2}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x3}, @generic={0x81, 0x2, 0x9, 0x5, 0x1eb}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}], &(0x7f0000000300)='syzkaller\x00', 0x7fffffff, 0x0, 0x0, 0x41100, 0x6, '\x00', 0x0, 0x0, r1, 0x8, &(0x7f0000000440)={0x6, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000540), 0x10, 0x5}, 0x94)

4m11.624628543s ago: executing program 6 (id=2195):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a0020400000000700000a00140011007665742651e40e58a92f166964046500080017004e224e24140002"], 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x4048000)

4m11.577101707s ago: executing program 6 (id=2196):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
accept4(r0, 0x0, 0x0, 0x800)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000300), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f00000003c0)={{0x80}, 'port0\x00', 0xf3, 0x130c17, 0xfffffffa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8})
r3 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x80d02, 0x0)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r2, 0x84, 0x6, &(0x7f0000000580)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x64010102}}}, &(0x7f0000000640)=0x84)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000380)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000080)='source', &(0x7f0000000180)='b:::\x00\xef\xdfB\xfa=\xe3\xd1\x9d\xe1\xbfUlJ4]y-,\x8a\x03\x91xu\x9cP\xdc\xe5\x95\xa2@\x9c\x98\xa4\xd2\xd4}\xc8]7N\xf3\x0e\'\xa0x\xfbdt\xb4\x1fW\xe7\xbe\xaf\x01.zT\xab\x92I\x104\x8c\x18\x16\x1c\x8a\x8e\xfd\x8b{ZVHZ2\xd3\xd6-~\x96\x80#\xee)+L\xf1\x00\xd5p\xe7 \x8c\xd2\a\x1e\xae\xb4\xe8\xd1\xe1\xed\xb8\x94\xb2*\x1c\xaeG\x1e\xdb\xc0Q\xb9`K\xffG\xc0\xa2\xb41\xac\x98\x01\xde}:\b\xa0Oq\xec\xa8\xf0\x8f\xe3\xa17\xe3\xd7\x9c^\x90\xfal\xbe\x81\x9a\xa4\x00K', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, 0x0, 0x0)
close(r2)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000100)=<r6=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
timer_settime(r6, 0x1, &(0x7f0000000040)={{0x77359400}}, 0x0)
fremovexattr(r3, &(0x7f0000000480)=ANY=[])
syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

4m10.512182335s ago: executing program 6 (id=2199):
r0 = getpid()
process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000)
r1 = syz_pidfd_open(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x92)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000180), 0xb)
copy_file_range(r3, &(0x7f00000008c0)=0x4, r2, 0x0, 0x8, 0x0)
setns(r1, 0x24020000)
r4 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = syz_pidfd_open(r4, 0x0)
setns(r5, 0x24020000)
mount(0x0, 0x0, 0x0, 0x800108, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_udp_encap(r6, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x21}}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
r7 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r7, 0x5, 0x1, 0x0, &(0x7f0000000000)="05", 0x0, 0xd01, 0x0, 0xfffffffffffffdb7, 0x0, 0x0, 0x0, 0x1, 0x0, 0x6322cd5}, 0x5)
r8 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)
fsmount(r8, 0x1, 0x0)

4m10.380988716s ago: executing program 6 (id=2200):
getresgid(&(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540)=<r0=>0x0) (async, rerun: 32)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f00000047c0)={0x5, 0x9, {<r1=>0x0}, {0xffffffffffffffff}, 0xfffffffffffffff7}) (rerun: 32)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setuid(r3) (async)
r4 = getgid() (async, rerun: 32)
r5 = accept4$netrom(0xffffffffffffffff, &(0x7f0000004800)={{0x3, @null}, [@default, @default, @rose, @remote, @null, @default, @default, @bcast]}, &(0x7f0000004880)=0x48, 0x100800) (async, rerun: 32)
r6 = accept4$unix(0xffffffffffffffff, &(0x7f00000048c0)=@abs, &(0x7f0000004940)=0x6e, 0xc00) (async)
r7 = landlock_create_ruleset(&(0x7f0000004980)={0x8, 0x2, 0x3}, 0x18, 0x1) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r8}, 0x10)
r9 = bpf$TOKEN_CREATE(0x24, &(0x7f00000049c0), 0x8) (async)
r10 = socket(0x9, 0x4, 0x5)
r11 = syz_open_dev$video(&(0x7f0000004a00), 0x1eb8, 0x101880) (async)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000004a40)={{0x1, 0x1, 0x18, <r12=>0xffffffffffffffff, {0x1ff}}, './file0\x00'}) (async)
r13 = socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32)
r14 = accept4$rose(0xffffffffffffffff, &(0x7f0000004a80)=@short={0xb, @remote, @default, 0x1, @null}, &(0x7f0000004ac0)=0x1c, 0xc0000) (rerun: 32)
r15 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r15, 0x3b87, &(0x7f0000000100)={0x18}) (async)
r16 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r16, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async)
sendmsg$NFT_BATCH(r16, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @reject={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REJECT_TYPE={0x8, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x74}}, 0x0) (async)
ioctl$vim2m_VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f0000004b00)={0x2, 0x1, 0x9, 0x4000, <r17=>0xffffffffffffffff}) (async)
r18 = syz_open_dev$media(&(0x7f0000004b40), 0x8, 0x22000)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000004b80)={{0x1, 0x1, 0x18, <r19=>0xffffffffffffffff, {0x9}}, './file0\x00'}) (async)
r20 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000004bc0)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) (async)
r21 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000004d80)={0x11, 0x3, &(0x7f0000004c00)=@raw=[@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}], &(0x7f0000004c40)='GPL\x00', 0x3, 0x1f, &(0x7f0000004c80)=""/31, 0x41100, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000004cc0)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000004d00)={0x0, 0xb, 0x4, 0x8d5c}, 0x10, 0x0, 0x0, 0x3, 0x0, &(0x7f0000004d40)=[{0x3, 0x3, 0x2, 0x5}, {0x0, 0x5, 0x10, 0x6}, {0x0, 0x5, 0x1, 0x2}], 0x10, 0x3}, 0x94)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004f00)=[{{&(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f0000000380)=[{&(0x7f0000000140)="3757286eff9dad2b37a17bea07b8cd7200ade5da67f773ef0209ff0e24d12068750c56d62d15e7c5bb6cafde85a9b21f9bc20f236fb9b3dc7875a964fdca710be0e4c3bc877142b0632a0c2124ff7e4c66e797b0e32792557823df", 0x5b}, {&(0x7f00000001c0)="8d3471aa8f940064e94878fee7cfac29d7c70f0816e1ce48f7a063044a98ba4bb6dc3c95ca65ff33f75d4eb55c7540423fd58d896a6acefa6086b66fb435031b211afbe57b354515b4e986bdbf063569a1d9491db4d75dcd9a5a7f5dff3b9072a44aa3a4ebe49171775c91334ded4adb23b4d525fa7c9753da8bd073d23b74e1ef3c8f48aaca578dafa6b791496197af8b923233821abac0b35a3672c65fedfbaf959b91936f71c05e4f1ae4a8213978a92243eb82a8235dc47c57898021ac6f2831cad9fdc5801af339096a826e7727", 0xd0}, {&(0x7f00000002c0)="71079ac60c51bd395a2148586a1cb27fec36739c78171e52a76bf188ae77eb2de232998beeb9b118eb439b15cd415d775fafde5b3b8406a52b33128b145c5bbb887f0049f75a97578d793cd2d50ffed24a970cc22afb4ae9d7879bb485d2e726b74f2762219025045648758fc9dcc69d2f9232a6c30cf4a7acc10c5b8f7e95e4374a019d4937", 0x86}], 0x3}}, {{&(0x7f00000003c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000580)=[{&(0x7f0000000440)="bbe7d5510ed21d2d5d554b620c78acda06927c3a2f4cbc42e0760d040ab9faf463431beb39a16b08f895895f02a86f", 0x2f}, {&(0x7f0000000480)="fcf848f627f284bfdfd7e83cf594382fc6342725c0f57aac", 0x18}, {&(0x7f00000004c0)="1334be6995f4af59f02548ad33f5a4a1bcdaf71d8924187b233ce4119822c5bf4ce9461e00acbfd359e6d8f4cf2fdc42", 0x30}, {&(0x7f00000006c0)="69f8d08432553c397b91ec1f3b17aa15720aae43555032363819f05293d64a54e240410b5d3916d5ce2a860fa53a58e4ab7cd167125eac1631bd1604066cfee685f5aac1e16d07c6750774bf923b84652590b3cbe973d798a4d1f34f10786c750e1643ad34df765939188518877661dce8c3ef3f74cb4b668691b0597a6470a7e4d48a9e4b6bdf089d0e09f008a459aee598246a1c73d15024baa400be82b9ee19dc1f06a59a1bb7a3662c7cb83fbc15157d3f00676ee681bce11b471f08ded80b366219ad1f53f48dde3f3cd623cc683882d26b1f0bb6326cd63decd41d5d10e21e6b19a9d588782238046877dc31bce65a186dc2457ac994b750b30e20e398d2b133df42ed13a78b4f06a2a3a1b6d7acff946117a2c7fd98caacd0c85d5023bf944d99c5fe7490fbb5717ad2b582b97d140b1b0823b931c90833f09113b27f5ec903436fad25b968eef771254fc56802377497f755097fde935a1b2b84c333dc11be95fe82fec55256eadf92ac8d3ab66b8ea25c133bb1de3fbeb04b9a017539437f78be751443c01ee83ed2b73746b6e3a6d435572e0a03e7f7e178a359df81cdbedbb943d5f2e04abefa48341283cbdf7a4f98d741dec3980dd93ec49b4c94aa61764b680b2fb81774b10c9c15ec53a26bec2a6dc4c19b799c4bdb3a53884f0ed4e03d3d381487b8394a6581f763a25e599a66661868ef2f3c0e2271d194000246520e2e4e725f1e17525b7d8a3fb0cea97bd569e098666b26efdf9936ef077234bb87d89742a95051dce4fd1bbab9b443a78aeb4621c3f15a1336adaca043a12d873e4508cbc9ebcdf23c7a59d0800a88d79d5685198997ca393a024c2f60d3bca7ed348e8511cab39532d699353d8b5414e530b937df42a87db5dd01707bf877ebdb73e90adc654e64eba47eadf20bab92d76b8c4501d722efaad09dbd3c61a488413d1ea31178a78a1dfd097e6f3499a84e91dc7ac4d49acf72b5a920990e8dae2f0e317af748b0954fa0a1831084ead54196ce92c16871ef157c44fac0de41b6580a7661cfa46aa4ef35e939207479f0540f8d5dce2cb9f8cc1e6f1140c264fe35811ebccf1cacf54ede87e6113f02adc0f5af0b547a66365b3a56967613e7579a295e6d76a5a7fd12ab016f71d9dd54c73e0a0419e73d26fa410dfdd924cded7c1363695ac859d1ef676993fa5b0ff0ccb90f9d821a9edc1320122b82b3eacbc5b1fd11698f3a6edaf1daf82ef434d449b432264fbe9b7cf283fa59ca8b251a125ac0b5ec50bc7b3338977e8486137f0f95a4b2121055e0779d23dd76f64e1b40fc24f433f848483f7038a0f5b0f89cdd4bbcfc376b93d30ee130e58f2ec9972b4d562ed1aeb42c7b00ef608c27b0eac26bc00fbab6f9fc2f5015dac790fca84b56da8fb1aaa643a64dc3fade67b2770e86147949c786e24848146a06df4f32342a016ea78d26022cdea23bf1ba12fdd5765fe154dcf5ebbae92a1b9173b64d15cc246822c82b72d37126aa38e10012c45febf9e712f183376634507d45ba1b91ff5292bc5231a2a7f2a5b05c32bf3454957b529996d67c42c1fc699540ae1e1e1b2c6ebb996dfa599e60c3f92b2ec034a549637c8f7e190710e0e16b62b0bcace1f6dc77a19b7f7a0e3eb30d0e32af05597b84a64764f329e0d8da20b20d51c518606e9edf02925ad16ea3e8ffcdec71c516ad8cfe31834a8b9f9973b158e6d16cd0cec7eb01c6aaa8176e71e442afc8e5843571792c690a7c716a5804138b5dac759c74081ae5a0aefd08e57323d314d79cdb66d4995114440aff5c83f0f4b42c2a26f2f151a3df51c7849f9f879ec311a5c643415d99b7d6ff3b497f69410b06f1562a0571448b5b6d3b9f7b48f7e4e45fe6d193b841ef176ce7887997581c3ac1bb9e51b7e0b8219f54c4f6360f2a1f5d21be764afec11704e572c031f5b572514a6e468c255ac9a70ea998ee6e13ce2680e822d0c934b034d6d7e183c9ea9213bf09238d91c5087f51bb49b677fab6e510c3b5c795c1870c18d8dbfcafc269c2d54c0018535b9374d2362fa2da0bd4b5e3883cbb16b36dfdf057d2ca929d6ed67f3dc66d0b742484cd8ea885a19a0393208d6268f44aa401e1fa96fe550a889b71862ef560a1a1faf6f16b842321025e87accae99283c48b74fe348e63d038cbd0d3af1cd9c24de4ffb0551fce407128629285c56084103757b26936b3eb1a3f7674f76ed89aa7368b63f9692baccb16ab0d2401a195a13634cb9c24934ebe73109078d75e8eb2114b4f3af0a5df31b40a822433ff29cd8ca63414296b392c8e05afe57877dd6352f59f84bd066b1554a6276431460e85e539815fe6033b383648491494a33a5a5a6db7d7f34728d58cfad2faa7c5f8f959fd97756448774c48a262f5586e886737684b980f50443ebb5b6c237c5b1457fd0a13e44dc1f53742717cf63615b41331f71c8692ff37e6d2530fbcdf741c5406ef303e64318391e00bc228e2e20389580fef2d4504ae860d42b8ea211f407a7b1ba8febd493b8170fc67af5d4364f1687374cb20ff29e7e657cf0432676561e658b1083bf13a113ff04e934c6f089b7fa83bf519ff987050b1efa16178550b128e8f7785c6d722688bb42709a24f93a91ba7ee70386bea99dae42acaeba299b26ece3f2fa5d20957a6fcd4c81350f0512b45bbb2ed7cdef2d1470c7e304ddc9f9c7508c6c90d5c6c7fab99a8bda17cc085b5c957cae89a1e08dc015684baa742e2e74f301082ea912a4c89db60e6974e1ef3ce848f67d46d0718adf419858c4da9297c8dc4c396892aa2f848d725bc65a6a20153618f1bb72b934cbf6bc6e9ea08d89f4f7c924ba6dc779d4ea47d9ca6c138e7b65fe868a1a3c089bea4690fa230eaebdd086d715b5a42d13e7db2b44cb14a4ad8c81df064f93923c510b161e2bf453f5dbd6e0067241e3c10a78be92f750136aad6f4cd31cc52b68897140a7d7a3e3a4a238733e2d6dfe501031a500203fa139ba7c936a914569dba8c66db08a84f3652417136bb6d8a01038c38879962c3ee0d6f16fa6bea2cc2344c24884804947c6f9e07bc5467c9b6e419d783680396de347395240779a3ad3b3e5ed7b18c21d95da5895caaaf80b360e536ccf2911dd8f50f4237f4134e8088052d723d82331d3abebbf5da1cec9124d17dd882ed2ee783f8da183cb18ed33e575d0af6e60589058e99c664014027f0fac62056a2e0cce778521e4578d71e62469ed79a3e369d2f2dab300a049918f7460ba178edc8f93c214729cdc87dbf2c53d4afbf5f96980bceff6061e1ef70387a24e258ff45d83f95a4405377e0fdb12dfc91d85fb366682d68d4d9f3f535998c206c196ca7843ff9a995759bc10104427d956baa01b75dd629393311c4b4e01e7ece4e7c7370357b28588e8a72bd6868ed1fe04a6bfedf488155eab97e79323de8a33083f9ae7b070f576e44082a2e3924e912f87b1ba50c95fdb0bca1ac4f8ad108f3587b9212c99023368fd94a9f027ee93ac1d14d7dc71899def1e81793d9f67f9e833ee60ab69caec721286ac171ae1d74f7f6f5b091554697e74a3791e0d41e8fabb05d54ed28b8cf410396abaaa108033ef110dd6a62e3499201b37e49deecf68e0dbb2d9602193723b18e327dd2594ba26a56beffb8d0536fc1c69751103a556261e9f99beab78cf42eaedbff640eeb309f9554d1e04a1cca142fa22ecaa252114669c550960978997db3da039cc29c0358858cac6a05f0b86cff7eb6f7c947b6f5da807ac78d336c3489c5927f618e94bcd12da47b907cacc68264f4511c94e28015d5d416b2223d7006104647661d6ebe44d1033bf12e4d2a0a2e498926ed0d0c16c36e433f1206595b38b665d9b0438fcdd383ff4b90c090ddd7d88a174bfeafdebd93c284840bb31d63b7613e8333ffad841273f11590d70d8399f516210ad52a6945b65dbf3a948675f0b885aab1850e03dd49d3674ff5637be27694992016e61f1fa257f798128ab8acbc1c6f29ab477ae88cdc3624b5d55fb05554467989ee4e9818f482e243ff1ef45c06215beb667793624eb9cc1c1ea8a11fbbb0ccfd870ea7f026c3f3e97775410664e189af75977181a10e12b275f9e6a414b065fd94a7d3d538cd6d7898535366b629de4e01a880db296f23dd6d04e974d760d36cfc67d2e4ce075daa77b060852a7b4848e9433da9efa61773099230b261d3c5f2fd3d7a99b08cef4f2f4cabdff5d1eec569edeca87651d6bb3a79b785b45624b3c549fcdb8dd6027df945c4f76a62b7fc8e263ee9ad3d0284e55a4c5b91c27de17bb59369e1361ebb0647a883080f9c267b37fe43661960e7e41047f8abde264497d793008063409a9466faccb1566b6e93ae38b98049dfafa663ae2b5a9fae10b5fe179753fe5f8e76470dcdca4b3c6f397fa4dfafdbcc1ad4e0f212ecb2d2b83f54a04b3190bc63c8c94aaa22f9a2dcdaf1708a39b8c5a667c1532efdf2ee45dc0c9a8ab9c4bfa0e4f2cb3fefb71abbbc945fa429a78e340fea638ebc188ac7489c9237671e9ed2b86c68f760080068c1ce481d01991c8c4da67a03d83cc2b20e39d947218823cb4d0c2ef34f652b4a7faaa8808968f8eecee6447526abc6c945e4b47adbe3856080ccf818134813f5e169c48c583a9c85e2ed97e18c4de3cdd2623df00bebae08942ca2b3790080c1b37ef085972f6029e94fd0cf70151bb3e9e97a3e556d72bc209a7620a9ee6df4181ad7df9141f31d716df01118af05492b2670bc3d8bfdfc135dc4edaf8e9f5b94c87108ade4d56c12103d24efd42167d87f35019fea705290c49877bd9e37e1bb1c9d73b2808520deab3fdf44430f88fcfa93c881d1cb4f5f147d6f9d279d36bfc59877c1dd7a9500944820856940080a54ad53260cea8e53044669af1704f13fdcffe1f1343abc7b5a8c24a82c06877668be6fe0f58293028eaddee462eb37497fba7a55343a98c433b143a3b562c0f15380e04ef7e19141224cfa9e05fac771c5bfdde9ffc0f3646941d079e7b50f5db34e9394b5e414354272c25dd495cc100f0c2c97235eb79bc4df03863ef37efe2e17a011877e8f75942ec6a05fda85a0d591f1902b28ad35d7202b77cda2323d14f665b694bfec6336645b74cfac9470690f1dfa3f0fe3575fb956af2c701a102831523ecba0dcb4bb9345348cfb9c9ed7c29c1a00d15563d7bc4455e3e2ceb84f1d1ed6f31b1a86d877f135afb1a23634b31411618071b30e3fd80f4b375334d65cec75206bf0dd0e62126cc2d87a88af335c2ff327be6f4516331c82d04345df273071ae970385c604af1d4a09e179e7f3f827a59cea5455bcaad0d3a8c844e30a733f15d41f8b9073a0fabe711f5550f8aa87dc2bf07ba5b0081329cc426404fd27fb88d1795fcd61a2d97a5077dda5d04f2db04131bbaf464bff1f86a405e9562db5bbefacc4cab72e69b2897329a7aea00909764d75b90a557167282069544f6dd5158ba9792eef33738ac3839b02a14e9f5219a1dafb17f0a9579c7ef7ad5a1b08a848a30ffa13325730ed239901adc9819ff48a2b858b035b4f3fe485191617098dbcf1efdaf86633c3d7fae9902faf5fca118c8777ea90a03bf8dcc9a7f0f19f0f5e93cf77fbee66aea7cc1ba6df09d04b8d7e011a3251e78e2ab0f9bdb0d247a046b78207bdd4d153638c60e353dab1f7ce76afc5a548f22cd305db0db074caf2f5fbfed2c55ad16e0a688ddc5acb50b9aad4b3d4b1f80a3ac67c7302a41fb6726b7ef5c20f601f171b", 0x1000}, {&(0x7f0000000500)="e5ef5c36444dd3ebf10acfdf01c7e09c14b044b04343c0688e2aaeea57cf23bf64ab62f054b3df760d5be4cc737ac6a987fc97ea9bb86fc1b4a85a6b2f9ae62932396c9508f012bbfe691a29992036ea96350383674fe44dbd74c43e23ac8d03daf13f", 0x63}], 0x5, &(0x7f0000001d40)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x108, 0x20000081}}, {{&(0x7f0000001e80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000002000)=[{&(0x7f0000001f00)="2bebaa730915906775288b19ec3170be128e9f4389d0c66cf9440ec141ad4440e8ad0bc4fe272971b9e6b3a310bcc62cc0691f613dda56f803fbcaafde01e1f5629231574a4dba580105295680ade9ad3aefcce5076ffe63600df82b2b36e88121b4b48bbb47b78e1c8422952d9ffb4ea9c0e1cf2e11fd28a74d0579430008c12bb1b9d4ee00377e2f3ab580d415db54cdbbc9fd1c3b27bf5feefdf594a2599ad2cbd1ad714b423d77b09263738d86003ada9e48ea6369be467a630d7e2771b18975cbba84e5d5b7e08466ebaef365d19715f68a14f02b09575c2c590899de4c83b4232d580a4ddc2638cb746c", 0xed}], 0x1, &(0x7f0000004580)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r0}}}], 0xf8, 0x20040000}}, {{&(0x7f0000004680)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000004780)=[{&(0x7f0000004700)="07635d1b9625129267fc2311f517a5f97a489a13fc993ca8cb2bf07bbf3c1845c6c667483db7f10b8ebe8b4a0bdb25a7fb2b3c49689327168f41dffded39843872c8fb69aa1a59ab7a801af618a5e25a4f3c7547ec274c166443629222ce9a41529e0f2f615826cfd351d176a912331f0bef423a2c6cae46e9b71e044b", 0x7d}], 0x1, &(0x7f0000004e40)=[@cred={{0x1c, 0x1, 0x2, {r1, r3, r4}}}, @rights={{0x28, 0x1, 0x1, [r5, r6, r7, 0xffffffffffffffff, r8, r9]}}, @rights={{0x1c, 0x1, 0x1, [r10, r11, r12]}}, @rights={{0x2c, 0x1, 0x1, [r13, r14, r15, 0xffffffffffffffff, r16, r17, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [r18, r19, r20, r21]}}], 0xb8, 0x4081}}], 0x4, 0x8000)
r22 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
sendmsg$L2TP_CMD_TUNNEL_GET(r22, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4000805)

4m10.297557329s ago: executing program 6 (id=2201):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4ea3, 0xc54, @ipv4={'\x00', '\xff\xff', @remote}, 0x59d5}}, 0x0, 0x0, 0x2a, 0x0, "b25dd300350731437df94f0a338977934d6951cdd6c61e31687172d956b141e3f4e87e6ab615ea379a12c5a6f5c6e7b3ab38f5f3570909f89f3e47ec97b12cc30a1c48cd0300fd5dfad4624800"}, 0xd8)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[], 0x24}, 0x1, 0xba01, 0x0, 0x40080}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000240)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x4, @loopback, 0x7fffffff}}}, 0x30)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
pwritev(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r6, 0x4c00, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x9, 0x0, 0x7fff0000}]})
r7 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
shmctl$IPC_RMID(r7, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x2, 0x1, 0x10)
sendfile(r6, r6, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000480)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x9, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310900000010fe1406584afd8d74b8830793b848194e1df82d00", [0x6, 0x9]})
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$isdn(0x22, 0x2, 0x23)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000480)={@local, @random="0000101d00", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x27, 0x3c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x8, 0x87, 0x0, 0xe7, {[@md5sig={0x13, 0x12, "e51161d5a2292c95be8610d511f7dd05"}]}}}}}}}, 0x0)

4m10.193380662s ago: executing program 34 (id=2201):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in6={{0xa, 0x4ea3, 0xc54, @ipv4={'\x00', '\xff\xff', @remote}, 0x59d5}}, 0x0, 0x0, 0x2a, 0x0, "b25dd300350731437df94f0a338977934d6951cdd6c61e31687172d956b141e3f4e87e6ab615ea379a12c5a6f5c6e7b3ab38f5f3570909f89f3e47ec97b12cc30a1c48cd0300fd5dfad4624800"}, 0xd8)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[], 0x24}, 0x1, 0xba01, 0x0, 0x40080}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000240)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e22, 0x4, @loopback, 0x7fffffff}}}, 0x30)
r4 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
r6 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xa382)
pwritev(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x800000, 0x0)
ioctl$LOOP_CHANGE_FD(r6, 0x4c00, 0xffffffffffffffff)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x9, 0x0, 0x7fff0000}]})
r7 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
shmctl$IPC_RMID(r7, 0x0)
pwritev2(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x2, 0x1, 0x10)
sendfile(r6, r6, 0x0, 0x24002de8)
ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000000480)={0x0, {}, 0x0, {}, 0x40000004, 0x0, 0xffffffff, 0x9, "28f5c9ea1f1ae4be4111ab18d2da69bde58cd7af40fd150b70aac11c2e16bd5bba7663c435aff94793ddd7aae07ef35f17bf01933bdb6fd7ecdd91b59ca8d541", "07a9310900000010fe1406584afd8d74b8830793b848194e1df82d00", [0x6, 0x9]})
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$isdn(0x22, 0x2, 0x23)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
syz_emit_ethernet(0x4a, &(0x7f0000000480)={@local, @random="0000101d00", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x27, 0x3c, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x8, 0x87, 0x0, 0xe7, {[@md5sig={0x13, 0x12, "e51161d5a2292c95be8610d511f7dd05"}]}}}}}}}, 0x0)

12.40645889s ago: executing program 0 (id=2927):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pipe2$9p(&(0x7f0000000380), 0x80000)
syz_clone3(0x0, 0xffffffffffffff0b)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
getrlimit(0x6, &(0x7f00000001c0))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x1d, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$COMEDI_POLL(0xffffffffffffffff, 0x640f)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$COMEDI_DEVCONFIG(0xffffffffffffffff, 0x40946400, &(0x7f0000000080)={'dt2815\x00', [0xee, 0x80008000, 0x1, 0xa, 0x0, 0x37, 0x9, 0xfb3, 0x1000, 0x1, 0x8, 0x5, 0x6, 0x4, 0xffff, 0x100006, 0xffffffa7, 0x3, 0xfffffdfd, 0xc9de, 0x3, 0x10000, 0x800, 0xa20, 0x9, 0x40, 0x4, 0x3, 0x101, 0x5, 0x5]})
r1 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$set_timeout(0xf, r2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
recvfrom$packet(r3, &(0x7f0000000300)=""/90, 0x5a, 0x20, &(0x7f0000000040)={0x11, 0x2, 0x0, 0x1, 0x40, 0x6, @random="95c7e69baeba"}, 0x14)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
r4 = open(&(0x7f0000000000)='./file0\x00', 0x28a102, 0x2)
fcntl$setsig(r4, 0xa, 0x21)
fcntl$setlease(r4, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0x3e)
r5 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r5, 0xc0105512, &(0x7f0000000200))

11.441536975s ago: executing program 0 (id=2932):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x80, 0x7, 0x8, "3b6feb62", "f16c06b3"}}, 0x0}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x17)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f0000000040)=0x2)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005ff00"/19, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYBLOB="0a00010007"], 0x48}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
eventfd(0xfffffff9)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180), 0x6cc0, 0x0)

9.03630619s ago: executing program 2 (id=2938):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pipe2$9p(&(0x7f0000000380), 0x80000)
syz_clone3(0x0, 0xffffffffffffff0b)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
getrlimit(0x6, &(0x7f00000001c0))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
futex(0x0, 0x1d, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
ioctl$COMEDI_POLL(0xffffffffffffffff, 0x640f)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
r1 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key(&(0x7f00000000c0)='cifs.idmap\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$set_timeout(0xf, r2, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
recvfrom$packet(r3, &(0x7f0000000300)=""/90, 0x5a, 0x20, &(0x7f0000000040)={0x11, 0x2, 0x0, 0x1, 0x40, 0x6, @random="95c7e69baeba"}, 0x14)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wpan0\x00'})
fcntl$setsig(0xffffffffffffffff, 0xa, 0x21)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0x3e)
r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x70, 0x103301)
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000000200))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

8.310301461s ago: executing program 7 (id=2940):
socket$inet6(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0) (async)
r0 = socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=@polexpire={0xc0, 0x1b, 0x300, 0x70bd25, 0x25dfdbfe, {{{@in=@dev={0xac, 0x14, 0x14, 0x1c}, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, 0x4e23, 0xfff2, 0x4e24, 0x94, 0x2, 0x80, 0x80, 0x87}, {0x6, 0x8000000000000000, 0x8, 0x6, 0x0, 0x0, 0xa, 0xfffffffffffffffe}, {0x0, 0x8001, 0x9, 0xf3d5}, 0x7, 0x6e6bbe, 0x0, 0x1, 0x3, 0x1}, 0x5}}, 0xc0}, 0x1, 0x0, 0x0, 0xa2}, 0x10) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) (async)
syz_clone(0x21000011, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
syz_emit_vhci(0x0, 0x22)

7.884902484s ago: executing program 3 (id=2941):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$admmidi(&(0x7f0000000000), 0xdf, 0x4000)
timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x1}, {0x0, 0xe4c}}, 0x0)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x66)
move_pages(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], 0x0, 0x0, 0x0)

7.818172603s ago: executing program 0 (id=2943):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x5, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x80}, 0x50)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001c40)={0x14, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0xb, 0x0, 0x0)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x6)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0)
r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd)
r6 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe)
r7 = add_key$user(&(0x7f0000000480), &(0x7f0000000380)={'syz', 0x2}, &(0x7f0000000580)="ed", 0x1, 0xffffffffffffffff)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r7, r5, r6}, 0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={'blake2b-256\x00'}})

7.665837359s ago: executing program 3 (id=2944):
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
write$tcp_congestion(r1, &(0x7f0000000180)='westwood\x00', 0x9)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000041c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x3, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r5, r3)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x0) (fail_nth: 4)

7.166945263s ago: executing program 2 (id=2945):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb00000000000086dd6100000000103afffe8000009c630000005f36bd37f75e9b3c00000000000000000000000000000186009078002d06009909000032590000"], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x353a, 0x1}}, 0x20)
r1 = openat$kvm(0xffffff9c, &(0x7f0000000100), 0x41, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000140)={0xe4495f3})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
io_uring_enter(0xffffffffffffffff, 0x133d, 0x0, 0x8, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1, {0x6, 0x6d4}, 0xf0}, 0x1)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r2, 0x4068aea3, &(0x7f0000000200)={0x8f, 0x0, 0xe})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4, 0xfd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x100000001, 0x80000000440, 0x6, 0x2, 0xfffffffffffffffd, 0x2004c8, 0x0, 0x0, 0x100000001, 0x10001, 0xe, 0x2000, 0x4], 0x0, 0x200306})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

7.138219428s ago: executing program 3 (id=2946):
modify_ldt$write(0x1, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0x3, 0x300)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
r3 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, &(0x7f00000001c0)=<r4=>0x0, &(0x7f0000000200)=<r5=>0x0)
syz_clone3(&(0x7f0000000480)={0x240041000, 0x0, 0x0, &(0x7f00000002c0), {0x5}, 0x0, 0x0, &(0x7f00000003c0)=""/85, 0x0}, 0x58)
r6 = socket$phonet_pipe(0x23, 0x5, 0x2)
capset(&(0x7f0000000300)={0x20080522}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0xffffffff})
setsockopt$PNPIPE_ENCAP(r6, 0x113, 0x1, &(0x7f0000000140)=0x1, 0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x4, 0x0, {0x0, 0x0, 0x0, 0x0, {0x5}, {0xfff3, 0xc}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000810)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x0, &(0x7f0000000080)=0x3, 0x0, 0x4)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

7.111322516s ago: executing program 1 (id=2947):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x44000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003880)=[{{&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000140)=[{&(0x7f0000000580)=""/179, 0xb3}, {&(0x7f0000000640)=""/176, 0xb0}, {&(0x7f0000000700)=""/201, 0xc9}], 0x3, &(0x7f0000000880)=[@rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000000940), 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000000240)=""/8, 0x8}, {0x0}, {&(0x7f0000000b00)=""/171, 0xab}, {&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/6, 0x6}], 0x5, &(0x7f0000000800)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000001c40)=@abs, 0x6e, &(0x7f0000002180)=[{&(0x7f0000001cc0)=""/42, 0x2a}, {&(0x7f0000001d00)=""/68, 0x44}, {&(0x7f0000001d80)=""/26, 0x1a}, {&(0x7f0000001dc0)=""/214, 0xd6}, {&(0x7f0000001ec0)=""/243, 0xf3}, {&(0x7f0000001fc0)=""/136, 0x88}, {&(0x7f0000002100)=""/126, 0x7e}], 0x7, &(0x7f0000002200)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000002240), 0x6e, &(0x7f0000003780)=[{&(0x7f00000022c0)=""/4096, 0x1000}, {&(0x7f00000032c0)=""/40, 0x28}, {&(0x7f0000003300)=""/188, 0xbc}, {&(0x7f00000033c0)=""/105, 0x69}, {&(0x7f0000003440)=""/247, 0xf7}, {&(0x7f0000003540)=""/235, 0xeb}, {&(0x7f0000003640)=""/43, 0x2b}, {&(0x7f0000003680)=""/87, 0x57}, {&(0x7f0000003700)=""/73, 0x49}], 0x9, &(0x7f0000003840)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}], 0x4, 0x20, &(0x7f0000003980)={0x77359400})
r2 = syz_io_uring_setup(0x49f, &(0x7f0000000080)={0x0, 0xe7a8, 0x400, 0x7ffc, 0x8040024e}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = eventfd2(0xff, 0x80001)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, 0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000300)=r5, 0x1)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r2, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000d, 0x40010, 0xffffffffffffffff, 0x0)
r8 = syz_io_uring_complete(r7)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004510005c0000000000119078000000000000000000004e220048907803000000020000728e956f3f20d16734af14637c85eff9728117c4c62162a8a6a5340ad7eccbe4a1c68802028d6ef0a4df21f4a9"], 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r8)

7.027004474s ago: executing program 7 (id=2948):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[], 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
read$FUSE(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc)
r6 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(r8, r6, 0x0, 0x4000000053d2)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0xffffffff, 0xfffffffd})
r9 = syz_io_uring_setup(0x63ab, &(0x7f00000006c0)={0x0, 0x1d11, 0x400}, &(0x7f0000010080), &(0x7f0000000400))
r10 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000840), 0x10200, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, 0x0, 0x0)
setrlimit(0x40000000000008, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f0000000080)=[{&(0x7f0000001100)=""/4096, 0x1000}], 0x1)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='mm_page_alloc\x00', r11}, 0x18)

5.405787942s ago: executing program 1 (id=2949):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x101ff, 0x2, 0x6000, 0x1000, &(0x7f0000feb000/0x1000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="7b87f20f34"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x42, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x0, &(0x7f00000000c0)}, 0x10)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
fanotify_init(0x202, 0x0)
setfsuid(0xee00)
setresuid(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000e, 0x4031, 0xffffffffffffffff, 0x8b1ac000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_emit_ethernet(0x46, &(0x7f0000000440)=ANY=[@ANYBLOB="ffffffffffffbbbbbbbbbbbb0800450000380000000000019078ac1e0001ac14141a2b00907803000000470000000000000000000000ac1414aaac"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x0, 0x0, 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpu.stat\x00', 0x275a, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x10000000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
read$msr(0xffffffffffffffff, &(0x7f000001b700)=""/102385, 0x18ff1)
syz_open_dev$tty1(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
setsockopt$SO_VM_SOCKETS_CONNECT_TIMEOUT_OLD(r3, 0x28, 0x6, &(0x7f0000000140)={0x0, 0xea60}, 0x10)

5.070047319s ago: executing program 1 (id=2950):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, 0x0, 0xb97534d5fe9704cf, 0x709d2c, 0x25dfdbfb, {{0x12}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24008091}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
sched_setscheduler(0x0, 0x5, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
capget(0x0, &(0x7f0000000080)={0xffffffff, 0xc, 0x2, 0x2, 0x0, 0x9})
unshare(0x24060400)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x1a, &(0x7f0000000000)=0x6, 0x4)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x42}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_CREATE_SOCKETS={0x5}]}}}]}, 0x38}, 0x1, 0xba01, 0x0, 0x4000050}, 0x0)
sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, 0x0, 0x20000090)
socket$nl_xfrm(0x10, 0x3, 0x6)
timer_create(0x7, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x20000000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)

5.06002748s ago: executing program 7 (id=2951):
r0 = bpf$TOKEN_CREATE(0x24, &(0x7f0000000140), 0x8)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0xc, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="7a0af8ff75253073bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000023000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f81d9217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000098045f785a1292fcb8c1d3079a00db453620ce72d75946c2b638d91dbef661935839c77edf2d34b12cd48a1b20fb7dd8430a19f2c50d77bc0ea9b0af58e604f4942eb613eff28902010045ef76d7d864409ef2dc9518a09f4886afc26abba34635d0e8b598a51bc7421d33fe226c944bc76be40d435aa8b5208ff0df2db7619a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be34dda66fb977aef7c9cb92428ef25d9bf665bd60020500000000000000abe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e02200b95941d34ac81fd48f9b7314ffa730017f3d37fdb23bc26992529402a520ef67e246415a697a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f000000000080c4adf75a0a108585e9b2000000000000000000000074054d643c2b5692d8304a23eaf9153c457ae5bbe49b3c164461470a452bd357fa62341c759dc21b45a06ec414cadf9695d030012acad582e3fe75e61ae908347e4d6d089b"], &(0x7f0000000100)='GPL\x00'}, 0x94)
r2 = socket$kcm(0x10, 0x2, 0x4)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f00000000c0)=r1, 0x4)
sendmsg$kcm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000580)="39000000140081ae50003c00fbff008311001f9f660fcf065c05acb612f691f3bd3508abca1be6eeb89c44ebb37358582bb8b7d553b4e92155", 0x39}], 0x1}, 0x0)
r3 = syz_init_net_socket$ax25(0x3, 0x5, 0x0)
bind$ax25(r3, &(0x7f0000000000)={{0x3, @bcast}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
clock_adjtime(0x0, &(0x7f00000001c0)={0xffff, 0x0, 0x0, 0x0, 0x49, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3b9ac9ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfef, 0x0, 0x0, 0x1})
r5 = socket(0x11, 0x2, 0x1)
sched_setscheduler(0x0, 0x2, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r6 = getpid()
r7 = syz_pidfd_open(r6, 0x0)
ioctl$VIDIOC_QBUF(r7, 0xc058ff0b, &(0x7f0000000200)=@mmap={0x1, 0x1, 0x4, 0x10, 0x200, {}, {0x3, 0x8, 0xe, 0x9f, 0x0, 0x7b, "c16599e2"}, 0xabdb, 0x1, {}, 0xbaa})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
connect$bt_rfcomm(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, @none, 0x6}, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3, 0xd, &(0x7f0000000000)=ANY=[@ANYBLOB="180000008b0000000000000000000000850000001300000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b708000008ea00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000001000000850000008200000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SFACILITIES(r10, 0x89e3, &(0x7f00000004c0)={0x54, 0xfffffeff, 0x8, 0x5, 0x30000, 0x81})
setsockopt$inet_tcp_int(r5, 0x6, 0x10, &(0x7f0000000300)=0x6, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r9, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000080)="b9ff03076003008cb89e08f088a8", 0x0, 0x5da0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.004719017s ago: executing program 0 (id=2952):
pipe(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x1)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
write$tcp_congestion(r1, &(0x7f0000000180)='westwood\x00', 0x9)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r3, &(0x7f0000006300)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000040)={0x50, 0x0, r4, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000041c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000777a078afbd825c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000db2100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000cc2351270000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20, 0x0, 0x3, {0x0, 0x5}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r5 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
dup2(r5, r3)
splice(r0, 0x0, r2, 0x0, 0x4ffe2, 0x1000000)

4.948274881s ago: executing program 7 (id=2953):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
lstat(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000480))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='oom_score_adj_update\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid() (async)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = fsopen(&(0x7f00000002c0)='devpts\x00', 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0) (async)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000100)='mode\x00', &(0x7f0000000140)='7', 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
write$evdev(r3, &(0x7f0000000400)=[{{0x77359400}, 0x16, 0x7, 0xffffffff}, {{0x0, 0x2710}, 0x12, 0x4, 0x8000}], 0x30)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
r6 = add_key(&(0x7f0000000840)='keyring\x00', &(0x7f0000000880)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000180)='asymmetric\x00', 0x0, &(0x7f0000000200)="1f10", 0xfffff, r6)
mount(0x0, &(0x7f0000000280)='./file1\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r7 = socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'macvtap0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'macvtap0\x00', <r9=>0x0})
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x90e46, 0x1020}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x4}]}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x600}, 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604dd318001c060000010000000000000000000000000000fe8000020000000000000000000000aafffe400124ab2b05ae136215e03e2345bfae3947702c92ecab89ce8893234e688085017166dda432ae298295f5a739181c088fa7223da42e417cce4508f458209e56f1d71e22a8f90be89158", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7002000090780000fe08f98974f65fae"], 0x0) (async)
syz_emit_ethernet(0x52, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd604dd318001c060000010000000000000000000000000000fe8000020000000000000000000000aafffe400124ab2b05ae136215e03e2345bfae3947702c92ecab89ce8893234e688085017166dda432ae298295f5a739181c088fa7223da42e417cce4508f458209e56f1d71e22a8f90be89158", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="7002000090780000fe08f98974f65fae"], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r10, &(0x7f0000000100)=ANY=[], 0x32600)
getsockopt$bt_BT_RCVMTU(r10, 0x112, 0xd, &(0x7f00000000c0)=0xf5ea, &(0x7f0000000180)=0x2)

4.468457684s ago: executing program 1 (id=2954):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000050000000000000000000024000a20000000000a1f000000000000000000010000000900010073797a300000000058000000030a0104000000000000000001000000090003803d2175fbe782c2002c00048008000240172af2e40800014000000003080002401c791e7108000240423930ce08000140000000030900010073797a300000000088000000060a010400000000000000000100000008000b400000000014000480100001800b0001006e756d67656e00000900010073797a30000000004c00048048000180080001"], 0x122}}, 0x4008090)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x86)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[], &(0x7f0000000c00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
write$cgroup_devices(r5, &(0x7f0000000380)={'c', ' *:* ', 'rm\x00'}, 0x9)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000700000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sys_enter\x00', r7}, 0x10)
rmdir(0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r6, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket(0x400000000010, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r8, 0x0, 0x81}, 0x18)
r9 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$VT_DISALLOCATE(r9, 0x5608)

4.366486223s ago: executing program 7 (id=2955):
syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100004ea208105d0502905e230102030109021200010000000009040000002484b400095daf0cfe50cd06000000fdec3ce277b945305ef246926efdd2d08af02d94c8d8"], 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='bond_slave_0\x00', 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x102)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r4, 0xc0145401, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xb652, 0x3})
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0))
ioctl$SYNC_IOC_MERGE(0xffffffffffffffff, 0xc0303e03, &(0x7f0000000040)={"c607936430a3171081128715cf95feda464f6d008f8348eb683ae6186f2295e0"})
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000000)={'syztnl1\x00', <r6=>0x0, 0x7800, 0x20, 0x800, 0x6, {{0x5, 0x4, 0x3, 0x7, 0x14, 0x66, 0x0, 0xe, 0x2f, 0x0, @multicast1, @multicast1}}}})
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r6, 0x0, 0x9c1}, [@IFLA_TXQLEN={0x8, 0xd, 0x2}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x600}, 0x0)
r7 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
r8 = fsmount(r7, 0x0, 0x82)
fchdir(r8)
mount$9p_virtio(0x0, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x106000, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)

4.365285678s ago: executing program 0 (id=2956):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x9}, 0x8)

4.282883369s ago: executing program 3 (id=2957):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'macvlan0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e20}, 0x252ac7840acc7f3f)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000900), r4)
chdir(&(0x7f00000000c0)='./file0\x00')
write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000180)={0x10, 0x17, 0xfffd, {0x7, './file0'}}, 0x10)
open(&(0x7f0000000140)='./file0\x00', 0x33f, 0x0)
r5 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
listen(r5, 0x0)

4.090298616s ago: executing program 2 (id=2958):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{}, [@TCA_NETEM_LOSS={0x18, 0x5, 0x0, 0x1, [@NETEM_LOSS_GE={0x14}]}, @TCA_NETEM_RATE={0x14, 0xd}, @TCA_NETEM_CORRUPT={0xc}]}}}]}, 0x84}}, 0x0) (fail_nth: 4)

3.634742802s ago: executing program 2 (id=2959):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x44000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000003880)=[{{&(0x7f0000000500)=@abs, 0x6e, &(0x7f0000000140)=[{&(0x7f0000000580)=""/179, 0xb3}, {&(0x7f0000000640)=""/176, 0xb0}, {&(0x7f0000000700)=""/201, 0xc9}], 0x3, &(0x7f0000000880)=[@rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000000940), 0x6e, &(0x7f0000001bc0)=[{&(0x7f0000000240)=""/8, 0x8}, {0x0}, {&(0x7f0000000b00)=""/171, 0xab}, {&(0x7f0000000bc0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/6, 0x6}], 0x5, &(0x7f0000000800)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}}, {{&(0x7f0000001c40)=@abs, 0x6e, &(0x7f0000002180)=[{&(0x7f0000001cc0)=""/42, 0x2a}, {&(0x7f0000001d00)=""/68, 0x44}, {&(0x7f0000001d80)=""/26, 0x1a}, {&(0x7f0000001dc0)=""/214, 0xd6}, {&(0x7f0000001ec0)=""/243, 0xf3}, {&(0x7f0000001fc0)=""/136, 0x88}, {&(0x7f0000002100)=""/126, 0x7e}], 0x7, &(0x7f0000002200)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000002240), 0x6e, &(0x7f0000003780)=[{&(0x7f00000022c0)=""/4096, 0x1000}, {&(0x7f00000032c0)=""/40, 0x28}, {&(0x7f0000003300)=""/188, 0xbc}, {&(0x7f00000033c0)=""/105, 0x69}, {&(0x7f0000003440)=""/247, 0xf7}, {&(0x7f0000003540)=""/235, 0xeb}, {&(0x7f0000003640)=""/43, 0x2b}, {&(0x7f0000003680)=""/87, 0x57}, {&(0x7f0000003700)=""/73, 0x49}], 0x9, &(0x7f0000003840)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}], 0x4, 0x20, &(0x7f0000003980)={0x77359400})
r2 = syz_io_uring_setup(0x49f, &(0x7f0000000080)={0x0, 0xe7a8, 0x400, 0x7ffc, 0x8040024e}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r5 = eventfd2(0xff, 0x80001)
r6 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r6, 0x65, 0x2, 0x0, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD(r2, 0x4, &(0x7f0000000300)=r5, 0x1)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r2, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r2, 0x3d0e, 0x4c1, 0x43, 0x0, 0x0)
r7 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x100000d, 0x40010, 0xffffffffffffffff, 0x0)
r8 = syz_io_uring_complete(r7)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020002000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
syz_emit_ethernet(0x6a, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000008004510005c0000000000119078000000000000000000004e220048907803000000020000728e956f3f20d16734af14637c85eff9728117c4c62162a8a6a5340ad7eccbe4a1c68802028d6ef0a4df21f4a9"], 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r8)

3.542934477s ago: executing program 3 (id=2960):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', <r2=>0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r3, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r5=>0x0})
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010700000000000000001600000008000300", @ANYRES32=r5, @ANYBLOB="66901890513c8f"], 0x1c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=@newqdisc={0x240, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x2, {0x0, 0x0, 0x0, r2, {}, {0xd, 0xffff}}, [@qdisc_kind_options=@q_red={{0x8}, {0x214, 0x2, [@TCA_RED_MAX_P={0x8, 0x3, 0x4}, @TCA_RED_STAB={0x105, 0x2, "b8cfa84f2d38d0dd9ad8708d2ecf4697b8120ca3a33314f95cd76b4414dd9297596e818a06c2ab4f265db2b668923baad6085fe44d126e5cd06b691f66bfedb471be5a9f3ee3ad8a179a240d63b080e09d818b5c2be7dda61bc75bf8c936a4a4fe40fe73ffdddbb3fff11da64cb532b8e26284cb8a74c1bd2aeef9b8bdf88bf0cbccd06b17ccb9886eb8a768ca33ba6fd9e8c232d47889605caa323b9df276308bcb9753264e87dca6cc7208a01ff0250e1767692934e61735b84978d65527cf62d84363d5293e66c16df6d7b419795b5d4411e307aea27f3f168caf75c4233c1191f029509c94e4716d4b6cc1a458457a8769280de0c27b5eb2fa61c575adda"}, @TCA_RED_STAB={0x104, 0x2, "1d73854f9e9b831dd87cf1dc6b2429b929ebe2edc5ab97798486dcd6f276b9ee85f53415e0b9a2931ea2b7f151b4ca7ab4bf3523c9783041ce73662b4ef2e76d8ef34087aa9940d37b780e90e28c9eb4a76ff3e41fe3ba5aeac7b6bf313b0e2e93d8ea1a3b336bc12b408681a7451438fce0dc48713deb9d613640c4cac98555c4012e2af48c09cd8047e62283dbc7da282929cea63cccf1d65e46361d222aae4530b34cdf62198e3712669e51d550971871caff6f1e55d1cbfb8716fcbc3b12633f8d365813e6eb77f5fec29011c91eb75037e6c351cac7f89793743e53eb4355c02b35f992268db002a2a0f95946862ab4dc23b0a45afe42e1159f14ed9b63"}]}}]}, 0x240}}, 0x26000894)
socket$nl_sock_diag(0x10, 0x3, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c9282, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000008000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff8500"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000440)='block_bio_complete\x00', r8, 0x0, 0x1}, 0x18)
write$cgroup_int(r7, &(0x7f0000000040)=0x1c9, 0x12)
r9 = memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r9, 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1400, &(0x7f0000000080)=ANY=[@ANYBLOB='mpol=bind:', @ANYRES16=r9])
lseek(r6, 0xd0, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000004c0)={r7, <r10=>0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x9, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000040000000000000000800000018320000030000000000000000000000180001"], &(0x7f0000000340)='syzkaller\x00', 0x5, 0xa, &(0x7f00000002c0)=""/10, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000003c0)={0x6, 0x20000003}, 0x8, 0x10, &(0x7f0000000480)={0x3, 0xf, 0x1, 0x4}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000540)=[{0x2, 0x4, 0x8, 0xa}, {0x5, 0x2, 0x5, 0x5}, {0x2, 0x5, 0x6, 0x8}, {0x7, 0x1, 0xc, 0x5}, {0x0, 0x1, 0xfffffffd, 0xb}, {0x1, 0x3, 0x3, 0x2}, {0x3, 0x1, 0xf, 0x1}], 0x10, 0x1}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="09000000040010000400000007000000000000008c363cc30232fc198c1d39e678a0a3294b06301fccc524504a8cd1d96b7de6b2b0bc36cb58ba7a88ac2b8102dcd26fcfed0facbf32958bd0061e67589f8f96429214282b84145476e3f5", @ANYRESHEX=r10, @ANYBLOB="000002000000001800"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000100"/28], 0x48)
gettid()

3.283605241s ago: executing program 1 (id=2961):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[], 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
read$FUSE(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file1/file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0xc)
r6 = open(&(0x7f0000000380)='./bus\x00', 0x40, 0x0)
r7 = creat(&(0x7f0000000200)='./bus\x00', 0x84)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r7, &(0x7f0000000240)=ANY=[@ANYBLOB='+\x00\x00\x00', @ANYRES32=r6], 0x2b)
sendfile(r8, r6, 0x0, 0x4000000053d2)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0xffffffff, 0xfffffffd})
r9 = syz_io_uring_setup(0x63ab, &(0x7f00000006c0)={0x0, 0x1d11, 0x400}, &(0x7f0000010080), &(0x7f0000000400))
r10 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000840), 0x10200, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r10, 0x29, 0x20, 0x0, 0x0)
setrlimit(0x40000000000008, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r9, 0x0, &(0x7f0000000080)=[{&(0x7f0000001100)=""/4096, 0x1000}], 0x1)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000840)='mm_page_alloc\x00', r11}, 0x18)

1.257328462s ago: executing program 2 (id=2962):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$key(0xf, 0x3, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = socket$alg(0x26, 0x5, 0x0)
rt_sigqueueinfo(0x0, 0x6, &(0x7f0000000080)={0x13, 0x5, 0x28})
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58)
socket$nl_route(0x10, 0x3, 0x0)
r2 = semget$private(0x0, 0x5, 0x0)
semop(r2, &(0x7f0000000180)=[{0x3, 0x44cf, 0x800}], 0x1f4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f0000008200)=[{{&(0x7f00000003c0)=@nfc, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000600)=""/104, 0x68}, {&(0x7f0000000680)=""/189, 0xbd}, {&(0x7f0000002a00)=""/83, 0x53}, {&(0x7f0000000040)=""/51, 0x33}, {&(0x7f0000000880)=""/213, 0xd5}, {&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000001980)=""/4096, 0x1000}], 0x7}, 0x2}, {{&(0x7f0000002980)=@ax25={{0x3, @bcast}, [@null, @remote, @remote, @null, @remote, @remote, @default]}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000002d00)=""/138, 0x8a}, {&(0x7f00000000c0)=""/10, 0xa}, {&(0x7f0000002a80)=""/149, 0x95}, {&(0x7f0000002b40)=""/211, 0xd3}], 0x4, &(0x7f0000008440)=""/218, 0xda}, 0x2}, {{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000002c40)=""/131, 0x83}, {&(0x7f0000008540)=""/4096, 0x1000}], 0x2, &(0x7f0000002e00)=""/40, 0x28}, 0x5}, {{0x0, 0x0, &(0x7f0000003040)=[{&(0x7f0000002e40)=""/70, 0x46}, {&(0x7f0000002ec0)=""/143, 0x8f}, {&(0x7f0000002f80)=""/142, 0x8e}], 0x3}, 0xc3}, {{&(0x7f0000000740)=@nl, 0x80, &(0x7f0000003200)=[{&(0x7f0000003100)=""/77, 0x4d}, {&(0x7f0000003180)=""/85, 0x55}], 0x2, &(0x7f0000003240)=""/160, 0xa0}, 0x2419}, {{&(0x7f0000003300)=@l2tp={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000003440)=[{&(0x7f0000003380)=""/164, 0xa4}], 0x1, &(0x7f0000003480)=""/63, 0x3f}, 0x6}, {{&(0x7f00000034c0)=@l2tp={0x2, 0x0, @multicast2}, 0x80, &(0x7f0000004640)=[{&(0x7f0000003540)=""/4096, 0x1000}, {&(0x7f0000004540)=""/163, 0xa3}, {&(0x7f0000004600)=""/26, 0x1a}], 0x3, &(0x7f0000004680)=""/4096, 0x1000}, 0x1}, {{&(0x7f0000005680)=@phonet, 0x80, &(0x7f0000005a00)=[{&(0x7f0000005700)=""/173, 0xad}, {&(0x7f00000057c0)=""/102, 0x66}, {&(0x7f0000005840)=""/106, 0x6a}, {&(0x7f00000058c0)=""/148, 0x94}, {&(0x7f0000005980)=""/92, 0x5c}], 0x5, &(0x7f0000005a80)=""/11, 0xb}, 0xffffd68e}, {{&(0x7f0000005ac0)=@alg, 0x80, &(0x7f00000080c0)=[{&(0x7f0000005b40)=""/101, 0x65}, {&(0x7f0000005bc0)=""/86, 0x56}, {&(0x7f0000005c40)=""/170, 0xaa}, {&(0x7f0000005d00)=""/4096, 0x1000}, {&(0x7f0000006d00)=""/198, 0xc6}, {&(0x7f0000006e00)=""/213, 0xd5}, {&(0x7f0000006f00)=""/225, 0xe1}, {&(0x7f0000007000)=""/113, 0x71}, {&(0x7f0000007080)=""/4096, 0x1000}, {&(0x7f0000008080)=""/36, 0x24}], 0xa, &(0x7f0000008180)=""/106, 0x6a}, 0x3}], 0x9, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$sock_TIOCINQ(r5, 0x541b, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
open(0x0, 0x10000, 0x0)
close(0xffffffffffffffff)

1.170819151s ago: executing program 7 (id=2963):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, 0x0, 0x88141, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000140)=0x2)
ioctl$SNDCTL_DSP_SUBDIVIDE(r4, 0xc0045009, &(0x7f0000000200)=0x7)
pipe2$9p(&(0x7f0000001900)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r6, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r7 = dup(r6)
write$FUSE_BMAP(r7, &(0x7f0000000100)={0x18}, 0x18)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r8, &(0x7f0000019680)=""/102392, 0x18ff8)
write$FUSE_NOTIFY_RETRIEVE(r7, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r7}, 0x2c, {[], [], 0x6b}})
sendmsg$NL80211_CMD_SET_MPATH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r2, 0x300, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xf, 0x52}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x4c}}, 0x8001)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f00000005c0)=ANY=[@ANYBLOB="f4060000", @ANYBLOB="a14ecafa56421c5265e07b5f81e3881176bea38a5faa042ebe6719b305b4fb562d698368cc387749effcd9e3873a545604ca321920646d0abeca7374f66342c534e09aff7da2451943fb68a89a969f548f1db7a148f05d3acda53610598a3223bfc25cbd68676aa71975001ea2c4444907e8cefa7165bc154a75bdecf6dcb44a0d5b5c02d41fd05e97b3f0c31fb7d51d7288c9150e5c0472dc34678e665c0e1a57e77b2cae475dfbf608b36f27cb38a4493c2418e5acf21f47d1229fa94c70418f0256c0283a53b6f1b55c7950802f57e9778c149e016fdca8a5764bc398cd50d24bb87dafbc352227f32375aa0dc0dad220fb9ff57ce67a98", @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001", @ANYRESHEX=r3, @ANYRESDEC=0x0, @ANYRESHEX=0x0], 0x6f4}}, 0x0)
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x200, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, ["", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x11}, 0x400c000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpid()
syz_open_dev$dri(&(0x7f0000000440), 0x1, 0x0)

1.170418275s ago: executing program 3 (id=2964):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009"], 0x0)
syz_usb_control_io(r0, &(0x7f00000007c0)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x29, 0xf, {0xf, 0x29, 0x2, 0x80, 0x7, 0x8, "3b6feb62", "f16c06b3"}}, 0x0}, 0x0)
syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x17)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e24, @empty}, 0x10)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$vim2m_VIDIOC_STREAMON(0xffffffffffffffff, 0x40045612, &(0x7f0000000040)=0x2)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000000c0)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYBLOB="0a00010007"], 0x48}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x8000}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000200), 0x0, 0x0)
read$msr(r4, &(0x7f0000002700)=""/102392, 0x18ff8)
r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0)
eventfd(0xfffffff9)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180), 0x6cc0, 0x0)

495.929999ms ago: executing program 0 (id=2965):
syz_usb_connect$hid(0x4, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x20e, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0x50, 0x7, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x1, 0x1, 0x8, {0x9, 0x21, 0x4, 0x5, 0x1, {0x22, 0xc45}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x6, 0x1, 0x69}}}}}]}}]}}, 0x0)
getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x4d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
syz_emit_ethernet(0x4e, &(0x7f0000000800)={@random="61fe71b72b5f", @link_local={0x17, 0x80, 0xc2, 0x2, 0x9, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "001958", 0x18, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x18}, @mcast2, {[], @ndisc_na={0x88, 0x0, 0x0, 0x49, '\x00', @private0={0xfc, 0x0, '\x00', 0x1}}}}}}}, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f00000003c0))
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x70, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x34, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x101}, @NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xf4}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000540), r4)
sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0)

245.298204ms ago: executing program 2 (id=2966):
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r2}, 0x18)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x3, &(0x7f0000001000/0x1000)=nil, &(0x7f0000001000/0x4000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4}) (fail_nth: 3)

0s ago: executing program 1 (id=2967):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000080)={0x6, 0x6, 0x0, 0x2, 0x3, 0x6, 0x40}, 0xc)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1c0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r2 = landlock_create_ruleset(&(0x7f00000002c0)={0x7f6e}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000000)={0x2108, r1}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
syz_open_dev$vim2m(&(0x7f0000000580), 0x7fffffff, 0x2)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000002000010000000000000000000a0020400000000700000a00140011007665742651e40e58a92f166964046500080017004e224e24140002"], 0x4c}, 0x1, 0x0, 0x0, 0x24040804}, 0x4048000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
connect$x25(0xffffffffffffffff, &(0x7f0000000040)={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x12)
landlock_restrict_self(r2, 0x0)
landlock_restrict_self(r2, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./file1/file2\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x2)

kernel console output (not intermixed with test programs):

D 1e7d:2dbe] on usb-dummy_hcd.1-1/input0
[  862.302689][T15646] binder: 15644:15646 ioctl c0306201 0 returned -14
[  862.652249][T15646] binder_alloc: 15644: binder_alloc_buf, no vma
[  862.694799][T15647] vivid-002: disconnect
[  862.701114][T15645] vivid-002: reconnect
[  862.748576][T10718] usb 2-1: USB disconnect, device number 53
[  863.320070][ T5923] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[  864.510206][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  864.814667][T15677] hub 2-0:1.0: USB hub found
[  864.829658][T15677] hub 2-0:1.0: 1 port detected
[  865.289324][   T30] audit: type=1400 audit(2000000569.793:1024): avc:  denied  { audit_read } for  pid=15676 comm="syz.1.2422" capability=37  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  865.290256][ T2149] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  865.311445][    C0] vkms_vblank_simulate: vblank timer overrun
[  865.348803][ T5923] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  865.396748][ T5923] usb 3-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  865.406190][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.433016][T15684] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  865.573161][T15687] 9pnet_fd: Insufficient options for proto=fd
[  865.616731][ T5923] usb 3-1: Product: syz
[  865.660209][ T2149] usb 8-1: Using ep0 maxpacket: 32
[  865.671071][ T2149] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  865.725558][ T2149] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  866.001163][ T5923] usb 3-1: Manufacturer: syz
[  866.008626][ T5923] usb 3-1: SerialNumber: syz
[  866.013867][ T2149] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  866.025297][ T2149] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  866.037163][ T5923] usb 3-1: config 0 descriptor??
[  866.044860][ T2149] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  866.062896][ T2149] usb 8-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  866.072430][ T2149] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.081041][ T2149] usb 8-1: Product: syz
[  866.085231][ T2149] usb 8-1: Manufacturer: syz
[  866.090249][ T2149] usb 8-1: SerialNumber: syz
[  866.096742][ T2149] usb 8-1: config 0 descriptor??
[  866.657063][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -32
[  866.665476][ T2149] input input103: Device does not respond to id packet M
[  866.708123][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -32
[  866.766164][ T2149] input input103: Device does not respond to id packet P
[  866.911970][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -32
[  866.918203][ T2149] input input103: Device does not respond to id packet B
[  866.926451][ T2149] input input103: Device does not respond to id packet N
[  867.068402][ T5923] usb 3-1: can't set config #0, error -71
[  867.075516][ T5923] usb 3-1: USB disconnect, device number 77
[  867.278957][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -71
[  867.306431][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -71
[  867.358056][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -71
[  867.388555][ T2149] iforce 8-1:0.0: usb_submit_urb failed: -71
[  867.397020][ T2149] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input103
[  867.422572][ T2149] usb 8-1: USB disconnect, device number 9
[  867.540243][ T5923] usb 3-1: new full-speed USB device number 78 using dummy_hcd
[  867.581091][   T30] audit: type=1400 audit(2000000572.093:1025): avc:  denied  { remount } for  pid=15710 comm="syz.3.2431" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  867.683470][T15716] netlink: 'syz.0.2432': attribute type 16 has an invalid length.
[  867.698512][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  868.288774][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  868.294269][T15716] 8021q: adding VLAN 0 to HW filter on device bond0
[  868.299099][ T5923] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  868.315559][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  868.326321][ T5923] usb 3-1: config 0 descriptor??
[  868.384318][T15716] 8021q: adding VLAN 0 to HW filter on device team0
[  868.484889][ T5923] hub 3-1:0.0: USB hub found
[  868.500234][T15716] batman_adv: batadv0: Interface activated: team0
[  868.519673][T15716] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  868.566303][ T5923] hub 3-1:0.0: 2 ports detected
[  868.923209][T15731] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2430'.
[  869.584141][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  869.587056][ T5923] hub 3-1:0.0: hub_hub_status failed (err = -32)
[  869.602208][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2436'.
[  869.611416][T15733] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2436'.
[  869.620991][T15733] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2436'.
[  869.630077][T15733] netlink: 24 bytes leftover after parsing attributes in process `syz.7.2436'.
[  869.699316][ T5923] hub 3-1:0.0: config failed, can't get hub status (err -32)
[  869.734374][ T5923] usbhid 3-1:0.0: can't add hid device: -32
[  869.998077][T15746] openvswitch: netlink: Missing key (keys=40, expected=100)
[  870.005530][ T5923] usbhid 3-1:0.0: probe with driver usbhid failed with error -32
[  870.046267][   T30] audit: type=1400 audit(2000000574.563:1026): avc:  denied  { mount } for  pid=15747 comm="syz.1.2440" name="/" dev="hugetlbfs" ino=52757 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  870.587503][T10718] usb 3-1: USB disconnect, device number 78
[  870.728179][T15757] hub 2-0:1.0: USB hub found
[  870.734212][T15757] hub 2-0:1.0: 1 port detected
[  873.592788][T15771] batman_adv: batadv0: Interface deactivated: team0
[  874.309806][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.364532][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.404819][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.414572][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.561044][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.571345][T15789] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2451'.
[  874.599930][ T5861] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  874.690173][T10718] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  874.875454][ T5861] usb 2-1: Using ep0 maxpacket: 8
[  874.885465][ T5861] usb 2-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  874.894792][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  874.905951][ T5861] usb 2-1: Product: syz
[  874.948522][T10718] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  874.957482][T10718] usb 1-1: config 1 has no interface number 0
[  874.967756][ T5861] usb 2-1: Manufacturer: syz
[  874.975166][T10718] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  874.986772][ T5861] usb 2-1: SerialNumber: syz
[  874.993510][ T5861] usb 2-1: config 0 descriptor??
[  874.998554][T10718] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  875.007827][T10718] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 35782, setting to 1024
[  875.049515][ T5861] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  875.057079][T10718] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024
[  875.070482][T10718] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  875.079751][T10718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  875.087781][T10718] usb 1-1: Product: syz
[  875.092083][T10718] usb 1-1: Manufacturer: syz
[  875.096976][T10718] usb 1-1: SerialNumber: syz
[  875.306548][T15793] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  875.340127][T10718] cdc_ncm 1-1:1.1: bind() failure
[  875.350873][T10718] usb 1-1: USB disconnect, device number 65
[  875.473554][T15815] vivid-001: disconnect
[  875.851210][T15812] vivid-001: reconnect
[  876.631293][T15779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  876.818619][T15779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  877.071549][T15825] FAULT_INJECTION: forcing a failure.
[  877.071549][T15825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  877.087545][T15825] CPU: 0 UID: 0 PID: 15825 Comm: syz.0.2459 Not tainted syzkaller #0 PREEMPT(full) 
[  877.087569][T15825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  877.087580][T15825] Call Trace:
[  877.087586][T15825]  <TASK>
[  877.087593][T15825]  dump_stack_lvl+0x16c/0x1f0
[  877.087625][T15825]  should_fail_ex+0x512/0x640
[  877.087656][T15825]  _copy_from_user+0x2e/0xd0
[  877.087684][T15825]  move_addr_to_kernel+0x65/0x170
[  877.087707][T15825]  __copy_msghdr+0x386/0x470
[  877.087734][T15825]  copy_msghdr_from_user+0xc1/0x160
[  877.087758][T15825]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  877.087797][T15825]  ___sys_sendmsg+0xfe/0x1d0
[  877.087823][T15825]  ? __pfx____sys_sendmsg+0x10/0x10
[  877.087880][T15825]  __sys_sendmsg+0x16d/0x220
[  877.087907][T15825]  ? __pfx___sys_sendmsg+0x10/0x10
[  877.087948][T15825]  do_syscall_64+0xcd/0xfa0
[  877.087975][T15825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  877.087993][T15825] RIP: 0033:0x7f22d438eec9
[  877.088008][T15825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  877.088025][T15825] RSP: 002b:00007f22d51ed038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  877.088042][T15825] RAX: ffffffffffffffda RBX: 00007f22d45e5fa0 RCX: 00007f22d438eec9
[  877.088054][T15825] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[  877.088064][T15825] RBP: 00007f22d51ed090 R08: 0000000000000000 R09: 0000000000000000
[  877.088074][T15825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  877.088084][T15825] R13: 00007f22d45e6038 R14: 00007f22d45e5fa0 R15: 00007ffe0bda07f8
[  877.088110][T15825]  </TASK>
[  877.317351][ T5861] usb 2-1: USB disconnect, device number 54
[  877.325602][T15834] binder_alloc: 15833: binder_alloc_buf, no vma
[  878.525141][T15853] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  878.699732][   T30] audit: type=1400 audit(2000000583.203:1027): avc:  denied  { map } for  pid=15839 comm="syz.0.2466" path="socket:[52134]" dev="sockfs" ino=52134 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  878.723111][    C1] vkms_vblank_simulate: vblank timer overrun
[  879.130115][ T5923] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[  879.281892][ T5923] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  879.345092][ T5923] usb 3-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  879.385862][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  879.401457][ T5923] usb 3-1: Product: syz
[  879.405616][ T5923] usb 3-1: Manufacturer: syz
[  879.423234][ T5923] usb 3-1: SerialNumber: syz
[  879.436806][ T5923] usb 3-1: config 0 descriptor??
[  879.480329][ T5923] vmk80xx 3-1:0.0: driver 'vmk80xx' failed to auto-configure device.
[  880.577903][T15894] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  880.880361][T10718] usb 3-1: USB disconnect, device number 79
[  881.425713][T15904] hub 2-0:1.0: USB hub found
[  881.431846][T15904] hub 2-0:1.0: 1 port detected
[  882.222116][T15911] fuse: Unknown parameter '0x000000000000000300000000000000000000003'
[  882.553333][T15921] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  883.607717][T15938] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2487'.
[  885.833952][   T30] audit: type=1400 audit(2000000590.353:1028): avc:  denied  { nlmsg_read } for  pid=15964 comm="syz.0.2495" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  886.290337][ T5923] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  886.470232][ T5923] usb 1-1: Using ep0 maxpacket: 8
[  886.476913][ T5923] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  886.490239][ T5923] usb 1-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  886.601685][ T5923] usb 1-1: config 0 interface 0 has no altsetting 0
[  886.608435][ T5923] usb 1-1: New USB device found, idVendor=17ef, idProduct=61ae, bcdDevice= 0.00
[  886.620461][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.631228][ T5923] usb 1-1: config 0 descriptor??
[  886.744717][T15978] netlink: 3 bytes leftover after parsing attributes in process `syz.7.2498'.
[  886.758709][T15978] batadv1: entered promiscuous mode
[  886.769461][T15978] batadv1: entered allmulticast mode
[  887.049618][ T5861] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  887.057566][ T5923] lenovo 0003:17EF:61AE.000F: hidraw0: USB HID vff.ff Device [HID 17ef:61ae] on usb-dummy_hcd.0-1/input0
[  887.229995][ T5861] usb 8-1: Using ep0 maxpacket: 8
[  887.261155][ T5861] usb 8-1: config 11 has an invalid interface number: 95 but max is 0
[  887.269439][ T5861] usb 8-1: config 11 has no interface number 0
[  887.279637][ T5861] usb 8-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  887.295861][T15965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  887.309922][T15965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  887.343741][ T5861] usb 8-1: config 11 interface 95 has no altsetting 0
[  887.361433][T15965] netlink: 'syz.0.2495': attribute type 6 has an invalid length.
[  887.393224][ T5861] usb 8-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  887.401400][ T5923] usb 1-1: USB disconnect, device number 66
[  888.420778][ T5861] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.247140][ T5861] usb 8-1: Product: syz
[  889.251387][ T5861] usb 8-1: Manufacturer: syz
[  889.256013][ T5861] usb 8-1: SerialNumber: syz
[  889.648272][   T30] audit: type=1400 audit(2000000594.163:1029): avc:  denied  { create } for  pid=15992 comm="syz.2.2501" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  889.667969][    C1] vkms_vblank_simulate: vblank timer overrun
[  889.826677][ T5861] usbtouchscreen 8-1:11.95: probe with driver usbtouchscreen failed with error -22
[  889.855542][ T5861] usb 8-1: USB disconnect, device number 10
[  891.058418][T16016] hub 2-0:1.0: USB hub found
[  891.070222][T16016] hub 2-0:1.0: 1 port detected
[  895.813173][T16058] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2516'.
[  896.601660][T16058] batadv2: entered promiscuous mode
[  896.606890][T16058] batadv2: entered allmulticast mode
[  896.924162][T16070] hub 2-0:1.0: USB hub found
[  896.929680][T16070] hub 2-0:1.0: 1 port detected
[  897.421212][ T5923] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[  897.451026][   T30] audit: type=1400 audit(2000000601.973:1030): avc:  denied  { append } for  pid=16074 comm="syz.1.2520" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  897.640213][ T5923] usb 3-1: Using ep0 maxpacket: 8
[  897.750204][ T5923] usb 3-1: config 11 has an invalid interface number: 95 but max is 0
[  897.758388][ T5923] usb 3-1: config 11 has no interface number 0
[  897.795590][ T5923] usb 3-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  897.817494][ T5923] usb 3-1: config 11 interface 95 has no altsetting 0
[  897.852686][ T5923] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  897.862582][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  897.880354][ T5923] usb 3-1: Product: syz
[  897.915591][ T5923] usb 3-1: Manufacturer: syz
[  897.930153][ T5923] usb 3-1: SerialNumber: syz
[  897.950211][ T5919] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  898.112062][ T5919] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  898.123629][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  898.150838][ T5919] usb 2-1: config 0 descriptor??
[  898.158647][ T5919] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  898.215094][ T5923] usbtouchscreen 3-1:11.95: probe with driver usbtouchscreen failed with error -22
[  898.229013][ T5923] usb 3-1: USB disconnect, device number 80
[  898.437174][T16096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2526'.
[  898.446227][T16096] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2526'.
[  898.457278][T16096] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2526'.
[  898.466230][T16096] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2526'.
[  899.247018][T16099] overlay: Unknown parameter 'mask'
[  899.314509][T16081] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.2524'.
[  899.323851][T16081] openvswitch: netlink: Message has 512 unknown bytes.
[  899.332430][ T5919] gp8psk: usb in 128 operation failed.
[  899.419053][   T30] audit: type=1800 audit(2000000603.923:1031): pid=16102 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.7.2528" name="bus" dev="overlay" ino=335 res=0 errno=0
[  899.461530][ T5919] gp8psk: usb in 137 operation failed.
[  899.478116][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  900.394055][ T5919] dvbdev: DVB: registering new adapter (Genpix SkyWalker-1 DVB-S receiver)
[  900.415940][ T5919] usb 2-1: media controller created
[  900.486739][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  900.506802][ T5919] gp8psk_fe: Frontend attached
[  900.515573][ T5919] usb 2-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  900.524995][ T5919] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  900.536161][T16112] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2531'.
[  900.545724][T16112] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2531'.
[  901.277400][T16121] ALSA: mixer_oss: invalid OSS volume ''
[  901.575588][ T5919] gp8psk: usb in 138 operation failed.
[  901.585022][ T5919] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully initialized and connected.
[  901.719365][ T5919] gp8psk: found Genpix USB device pID = 203 (hex)
[  901.731959][ T5919] usb 2-1: USB disconnect, device number 55
[  902.195599][T16136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2539'.
[  902.205215][T16136] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  902.217663][T16136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2539'.
[  902.227508][T16136] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2539'.
[  902.254444][ T2149] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  902.516067][ T2149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  902.648295][ T2149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  902.857705][ T2149] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  902.916980][ T2149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  902.939277][ T5919] dvb-usb: Genpix SkyWalker-1 DVB-S receiver successfully deinitialized and disconnected.
[  902.956733][T16141] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  902.957183][ T2149] usb 4-1: config 0 descriptor??
[  903.003006][T16146] FAULT_INJECTION: forcing a failure.
[  903.003006][T16146] name failslab, interval 1, probability 0, space 0, times 0
[  903.030634][T16146] CPU: 0 UID: 0 PID: 16146 Comm: syz.7.2543 Not tainted syzkaller #0 PREEMPT(full) 
[  903.030657][T16146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  903.030668][T16146] Call Trace:
[  903.030675][T16146]  <TASK>
[  903.030682][T16146]  dump_stack_lvl+0x16c/0x1f0
[  903.030719][T16146]  should_fail_ex+0x512/0x640
[  903.030746][T16146]  ? fs_reclaim_acquire+0xae/0x150
[  903.030769][T16146]  should_failslab+0xc2/0x120
[  903.030790][T16146]  __kmalloc_noprof+0xdd/0x880
[  903.030813][T16146]  ? kfree+0x252/0x6d0
[  903.030835][T16146]  ? trace_kmalloc+0x2b/0xd0
[  903.030856][T16146]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  903.030882][T16146]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  903.030901][T16146]  tomoyo_realpath_from_path+0xc2/0x6e0
[  903.030923][T16146]  ? tomoyo_fill_path_info+0x233/0x420
[  903.030951][T16146]  tomoyo_mount_acl+0x1ae/0x850
[  903.030967][T16146]  ? bpf_ksym_find+0x127/0x1c0
[  903.030994][T16146]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  903.031020][T16146]  ? is_bpf_text_address+0x94/0x1a0
[  903.031044][T16146]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  903.031061][T16146]  ? unwind_get_return_address+0x59/0xa0
[  903.031113][T16146]  ? tomoyo_domain+0xbb/0x150
[  903.031134][T16146]  ? tomoyo_profile+0x47/0x60
[  903.031159][T16146]  tomoyo_mount_permission+0x16d/0x420
[  903.031176][T16146]  ? tomoyo_mount_permission+0x14f/0x420
[  903.031196][T16146]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  903.031231][T16146]  security_sb_mount+0x9b/0x260
[  903.031261][T16146]  path_mount+0x158/0x23a0
[  903.031287][T16146]  ? __pfx_path_mount+0x10/0x10
[  903.031310][T16146]  ? kmem_cache_free+0x2d4/0x6c0
[  903.031334][T16146]  ? putname+0x154/0x1a0
[  903.031361][T16146]  ? putname+0x154/0x1a0
[  903.031379][T16146]  ? putname+0x154/0x1a0
[  903.031403][T16146]  ? __x64_sys_mount+0x293/0x310
[  903.031421][T16146]  __x64_sys_mount+0x293/0x310
[  903.031441][T16146]  ? __pfx___x64_sys_mount+0x10/0x10
[  903.031470][T16146]  do_syscall_64+0xcd/0xfa0
[  903.031499][T16146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  903.031517][T16146] RIP: 0033:0x7f893618eec9
[  903.031533][T16146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  903.031550][T16146] RSP: 002b:00007f89343f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  903.031568][T16146] RAX: ffffffffffffffda RBX: 00007f89363e5fa0 RCX: 00007f893618eec9
[  903.031580][T16146] RDX: 0000200000000180 RSI: 0000200000000040 RDI: 0000000000000000
[  903.031592][T16146] RBP: 00007f89343f6090 R08: 00002000000001c0 R09: 0000000000000000
[  903.031603][T16146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  903.031614][T16146] R13: 00007f89363e6038 R14: 00007f89363e5fa0 R15: 00007ffd0be13f78
[  903.031643][T16146]  </TASK>
[  903.031667][T16146] ERROR: Out of memory at tomoyo_realpath_from_path.
[  903.163494][T16150] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2544'.
[  903.216253][T16154] FAULT_INJECTION: forcing a failure.
[  903.216253][T16154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  903.367508][T16154] CPU: 1 UID: 0 PID: 16154 Comm: syz.0.2546 Not tainted syzkaller #0 PREEMPT(full) 
[  903.367531][T16154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  903.367541][T16154] Call Trace:
[  903.367547][T16154]  <TASK>
[  903.367554][T16154]  dump_stack_lvl+0x16c/0x1f0
[  903.367581][T16154]  should_fail_ex+0x512/0x640
[  903.367609][T16154]  _copy_from_user+0x2e/0xd0
[  903.367635][T16154]  kstrtouint_from_user+0xd6/0x1d0
[  903.367656][T16154]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  903.367675][T16154]  ? __lock_acquire+0xb97/0x1ce0
[  903.367712][T16154]  proc_fail_nth_write+0x83/0x220
[  903.367730][T16154]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  903.367754][T16154]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  903.367770][T16154]  vfs_write+0x2a0/0x11d0
[  903.367789][T16154]  ? __pfx___mutex_lock+0x10/0x10
[  903.367805][T16154]  ? __pfx_vfs_write+0x10/0x10
[  903.367839][T16154]  ? __fget_files+0x20e/0x3c0
[  903.367866][T16154]  ksys_write+0x12a/0x250
[  903.367881][T16154]  ? __pfx_ksys_write+0x10/0x10
[  903.367905][T16154]  do_syscall_64+0xcd/0xfa0
[  903.367932][T16154]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  903.367950][T16154] RIP: 0033:0x7f22d438d97f
[  903.367965][T16154] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  903.367981][T16154] RSP: 002b:00007f22d51ed030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  903.367999][T16154] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f22d438d97f
[  903.368010][T16154] RDX: 0000000000000001 RSI: 00007f22d51ed0a0 RDI: 0000000000000004
[  903.368020][T16154] RBP: 00007f22d51ed090 R08: 0000000000000000 R09: 0000000000000000
[  903.368031][T16154] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  903.368041][T16154] R13: 00007f22d45e6038 R14: 00007f22d45e5fa0 R15: 00007ffe0bda07f8
[  903.368067][T16154]  </TASK>
[  903.388890][ T2149] konepure 0003:1E7D:2DBE.0010: unknown main item tag 0x1
[  904.558677][T16161] netlink: 28 bytes leftover after parsing attributes in process `syz.7.2547'.
[  905.654928][   T30] audit: type=1800 audit(2000000610.163:1032): pid=16170 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.0.2549" name="bus" dev="overlay" ino=1587 res=0 errno=0
[  905.693046][T16161] batman_adv: batadv0: Removing interface: batadv_slave_0
[  905.743157][T16161] batman_adv: batadv0: Removing interface: batadv_slave_1
[  906.704256][ T2149] konepure 0003:1E7D:2DBE.0010: unknown main item tag 0x2
[  906.949376][ T2149] konepure 0003:1E7D:2DBE.0010: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.3-1/input0
[  906.973500][ T2149] usb 4-1: USB disconnect, device number 59
[  907.121507][T16187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  907.139781][T16187] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  907.540245][ T5861] usb 8-1: new full-speed USB device number 11 using dummy_hcd
[  907.740302][ T2149] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  907.758021][T16204] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  907.999712][T10718] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  908.079944][ T2149] usb 1-1: Using ep0 maxpacket: 32
[  908.086332][ T2149] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  908.100400][ T2149] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  908.112215][ T2149] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  908.162201][ T2149] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  908.174169][ T2149] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  908.193465][ T2149] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  908.204511][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.214255][ T2149] usb 1-1: Product: syz
[  908.218506][ T2149] usb 1-1: Manufacturer: syz
[  908.226980][ T2149] usb 1-1: SerialNumber: syz
[  908.319586][T10718] usb 4-1: Using ep0 maxpacket: 32
[  908.352806][T16207] pim6reg: entered allmulticast mode
[  908.400200][T10718] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  908.400865][ T2149] usb 1-1: config 0 descriptor??
[  908.416687][T10718] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  908.428373][T10718] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  908.438166][T10718] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  908.464965][T10718] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  908.657581][T10718] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  908.666803][T10718] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  908.677517][T10718] usb 4-1: Product: syz
[  908.688091][T10718] usb 4-1: Manufacturer: syz
[  908.692819][T10718] usb 4-1: SerialNumber: syz
[  908.699067][T10718] usb 4-1: config 0 descriptor??
[  908.911076][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -32
[  908.918208][ T2149] input input108: Device does not respond to id packet M
[  908.936449][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -32
[  908.942532][ T2149] input input108: Device does not respond to id packet P
[  908.953192][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -32
[  908.959171][ T2149] input input108: Device does not respond to id packet B
[  908.967241][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -71
[  908.973983][ T2149] input input108: Device does not respond to id packet N
[  908.986198][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -71
[  908.993657][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -71
[  909.000398][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -71
[  909.008383][ T2149] iforce 1-1:0.0: usb_submit_urb failed: -71
[  909.141177][T10718] iforce 4-1:0.0: usb_submit_urb failed: -32
[  909.142527][ T2149] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input108
[  909.147203][T10718] input input109: Device does not respond to id packet M
[  909.190905][ T2149] usb 1-1: USB disconnect, device number 67
[  909.199710][ T5861] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  909.238348][T10718] iforce 4-1:0.0: usb_submit_urb failed: -32
[  909.250030][T10718] input input109: Device does not respond to id packet P
[  909.270649][T10718] iforce 4-1:0.0: usb_submit_urb failed: -32
[  909.297539][T10718] input input109: Device does not respond to id packet B
[  909.330512][T10718] input input109: Device does not respond to id packet N
[  909.538537][T10718] iforce 4-1:0.0: usb_submit_urb failed: -71
[  909.587581][T10718] iforce 4-1:0.0: usb_submit_urb failed: -71
[  909.629520][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  909.640832][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  909.663134][T10718] iforce 4-1:0.0: usb_submit_urb failed: -71
[  909.670892][T10718] iforce 4-1:0.0: usb_submit_urb failed: -71
[  909.716070][ T5861] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  909.766736][T10718] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input109
[  909.779826][ T5861] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  909.790658][ T5861] usb 8-1: config 0 descriptor??
[  909.849846][T10718] usb 4-1: USB disconnect, device number 60
[  910.200936][ T5861] konepure 0003:1E7D:2DBE.0011: unknown main item tag 0x1
[  910.208171][ T5861] konepure 0003:1E7D:2DBE.0011: unknown main item tag 0x2
[  910.218155][ T5861] konepure 0003:1E7D:2DBE.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.7-1/input0
[  910.407040][ T5861] usb 8-1: USB disconnect, device number 12
[  910.941343][T16207] pim6reg: left allmulticast mode
[  911.092509][T16241] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2571'.
[  913.656130][T16269] vivid-002: disconnect
[  914.086713][T16275] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2577'.
[  914.358717][T16267] vivid-002: reconnect
[  914.372434][T16275] batadv2: entered promiscuous mode
[  914.377645][T16275] batadv2: entered allmulticast mode
[  914.494929][   T30] audit: type=1400 audit(2000000619.013:1033): avc:  denied  { connect } for  pid=16281 comm="syz.1.2582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  914.589689][ T5861] usb 3-1: new high-speed USB device number 81 using dummy_hcd
[  914.646976][T16289] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2580'.
[  915.870455][ T5861] usb 3-1: Using ep0 maxpacket: 8
[  915.877403][ T5861] usb 3-1: config 11 has an invalid interface number: 95 but max is 0
[  915.890969][ T5861] usb 3-1: config 11 has no interface number 0
[  915.897326][ T5861] usb 3-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  915.910263][ T5861] usb 3-1: config 11 interface 95 has no altsetting 0
[  915.922691][ T5861] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  915.938196][ T5861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  915.946353][ T5861] usb 3-1: Product: syz
[  915.955144][ T5861] usb 3-1: Manufacturer: syz
[  915.959860][ T5861] usb 3-1: SerialNumber: syz
[  916.524075][ T5861] usbtouchscreen 3-1:11.95: probe with driver usbtouchscreen failed with error -22
[  917.054437][ T5861] usb 3-1: USB disconnect, device number 81
[  917.257065][T16292] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2580'.
[  917.325096][ T5861] libceph: connect (1)[c::]:6789 error -101
[  917.332083][ T5861] libceph: mon0 (1)[c::]:6789 connect error
[  917.436079][ T2149] libceph: connect (1)[b::]:6789 error -101
[  917.466430][ T2149] libceph: mon0 (1)[b::]:6789 connect error
[  917.669850][T10718] libceph: connect (1)[c::]:6789 error -101
[  917.676170][T10718] libceph: mon0 (1)[c::]:6789 connect error
[  917.682495][ T2149] libceph: connect (1)[b::]:6789 error -101
[  917.748438][ T2149] libceph: mon0 (1)[b::]:6789 connect error
[  917.829618][ T5861] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  917.966160][T16323] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2590'.
[  918.019845][ T5861] usb 8-1: Using ep0 maxpacket: 32
[  918.035950][ T5861] usb 8-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  918.045464][ T5861] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  918.075310][ T5861] usb 8-1: Product: syz
[  918.080527][ T2149] libceph: connect (1)[b::]:6789 error -101
[  918.086572][ T2149] libceph: mon0 (1)[b::]:6789 connect error
[  918.098048][ T5861] usb 8-1: Manufacturer: syz
[  918.136924][ T5861] usb 8-1: SerialNumber: syz
[  918.149390][ T5861] usb 8-1: config 0 descriptor??
[  918.154067][T16311] ceph: No mds server is up or the cluster is laggy
[  918.154529][T16306] ceph: No mds server is up or the cluster is laggy
[  918.212328][ T5861] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  918.240454][T10718] libceph: connect (1)[c::]:6789 error -101
[  918.246451][T10718] libceph: mon0 (1)[c::]:6789 connect error
[  919.390044][ T2149] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  919.454056][T16353] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2598'.
[  919.574803][ T2149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  919.620645][ T2149] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  919.631195][ T2149] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  919.641235][ T2149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  919.652087][T16348] netem: incorrect ge model size
[  919.658193][T16348] netem: change failed
[  919.686462][ T2149] usb 4-1: config 0 descriptor??
[  919.858588][ T5861] gspca_topro: reg_r err -71
[  919.873363][ T5861] gspca_topro: Sensor soi763a
[  920.097007][ T2149] konepure 0003:1E7D:2DBE.0012: unknown main item tag 0x1
[  920.661416][ T2149] konepure 0003:1E7D:2DBE.0012: unknown main item tag 0x2
[  921.156403][   T30] audit: type=1800 audit(2000000624.373:1034): pid=16356 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.1.2599" name="bus" dev="overlay" ino=2974 res=0 errno=0
[  921.190904][ T2149] konepure 0003:1E7D:2DBE.0012: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.3-1/input0
[  921.192174][ T5861] usb 8-1: USB disconnect, device number 13
[  921.233684][ T2149] usb 4-1: USB disconnect, device number 61
[  921.407968][T16358] 9pnet_fd: Insufficient options for proto=fd
[  921.531681][   T30] audit: type=1400 audit(2000000626.053:1035): avc:  denied  { ioctl } for  pid=16361 comm="syz.0.2602" path="socket:[56385]" dev="sockfs" ino=56385 ioctlcmd=0x89e3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  921.556346][    C0] vkms_vblank_simulate: vblank timer overrun
[  921.876415][ T5861] usb 8-1: new full-speed USB device number 14 using dummy_hcd
[  921.951755][T16369] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  921.961626][T16369] block device autoloading is deprecated and will be removed.
[  922.019610][ T5861] usb 8-1: device descriptor read/64, error -71
[  922.459855][ T5861] usb 8-1: new full-speed USB device number 15 using dummy_hcd
[  922.610010][ T5861] usb 8-1: device descriptor read/64, error -71
[  922.739875][ T5861] usb usb8-port1: attempt power cycle
[  923.229649][ T5861] usb 8-1: new full-speed USB device number 16 using dummy_hcd
[  923.407555][T10718] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  923.451503][ T5861] usb 8-1: device descriptor read/8, error -71
[  923.570542][T10718] usb 4-1: no configurations
[  923.590351][T10718] usb 4-1: can't read configurations, error -22
[  923.648533][T16393] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  923.677794][ T5810] Bluetooth: hci5: command 0x0405 tx timeout
[  923.699685][ T5861] usb 8-1: new full-speed USB device number 17 using dummy_hcd
[  923.740562][T10718] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  923.751849][ T5861] usb 8-1: device descriptor read/8, error -71
[  923.859819][ T5861] usb usb8-port1: unable to enumerate USB device
[  923.872716][T16400] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  923.882644][T16400] block device autoloading is deprecated and will be removed.
[  923.900337][T10718] usb 4-1: no configurations
[  923.905394][T10718] usb 4-1: can't read configurations, error -22
[  923.912899][T10718] usb usb4-port1: attempt power cycle
[  924.289585][T10718] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  924.367716][T10718] usb 4-1: no configurations
[  924.372442][T10718] usb 4-1: can't read configurations, error -22
[  924.485986][T16405] syzkaller1: entered promiscuous mode
[  924.491662][T16405] syzkaller1: entered allmulticast mode
[  924.683472][T10718] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  924.775270][T16409] pim6reg: entered allmulticast mode
[  924.880315][T10718] usb 4-1: no configurations
[  924.884926][T10718] usb 4-1: can't read configurations, error -22
[  924.899104][T10718] usb usb4-port1: unable to enumerate USB device
[  925.192956][ T5919] usb 8-1: new high-speed USB device number 18 using dummy_hcd
[  925.420185][ T5919] usb 8-1: Using ep0 maxpacket: 32
[  925.470953][ T5919] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  925.540185][T16428] FAULT_INJECTION: forcing a failure.
[  925.540185][T16428] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  925.555525][T16428] CPU: 1 UID: 0 PID: 16428 Comm: syz.2.2619 Not tainted syzkaller #0 PREEMPT(full) 
[  925.555550][T16428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  925.555562][T16428] Call Trace:
[  925.555568][T16428]  <TASK>
[  925.555575][T16428]  dump_stack_lvl+0x16c/0x1f0
[  925.555608][T16428]  should_fail_ex+0x512/0x640
[  925.555638][T16428]  _copy_from_user+0x2e/0xd0
[  925.555667][T16428]  restore_sigcontext+0xcb/0x6a0
[  925.555690][T16428]  ? __pfx_restore_sigcontext+0x10/0x10
[  925.555772][T16428]  ? __pfx_restore_altstack+0x10/0x10
[  925.555807][T16428]  ? _raw_spin_unlock_irq+0x23/0x50
[  925.555831][T16428]  ? lockdep_hardirqs_on+0x7c/0x110
[  925.555862][T16428]  __do_sys_rt_sigreturn+0x229/0x2c0
[  925.555885][T16428]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  925.555915][T16428]  do_syscall_64+0xcd/0xfa0
[  925.555942][T16428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  925.555960][T16428] RIP: 0033:0x7f40edd2af79
[  925.555976][T16428] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  925.555994][T16428] RSP: 002b:00007f40eecd8340 EFLAGS: 00000206 ORIG_RAX: 000000000000000f
[  925.556012][T16428] RAX: ffffffffffffffda RBX: 00007f40edfe5fa0 RCX: 00007f40edd2af79
[  925.556024][T16428] RDX: 00007f40eecd8340 RSI: 00007f40eecd8470 RDI: 0000000000000021
[  925.556035][T16428] RBP: 00007f40eecd9090 R08: 0000000000000000 R09: 0000000000000000
[  925.556046][T16428] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  925.556057][T16428] R13: 00007f40edfe6038 R14: 00007f40edfe5fa0 R15: 00007ffefb3ca5c8
[  925.556082][T16428]  </TASK>
[  925.736586][ T5919] usb 8-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  925.746348][ T5919] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  925.862812][ T5919] usb 8-1: Product: syz
[  925.879380][ T5919] usb 8-1: Manufacturer: syz
[  925.896605][ T5919] usb 8-1: SerialNumber: syz
[  925.931089][ T5919] usb 8-1: config 0 descriptor??
[  925.957957][ T5919] peak_usb 8-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[  926.146120][ T5919] peak_usb 8-1:0.0: unable to read PCAN-USB serial number (err -22)
[  926.310469][ T5919] peak_usb 8-1:0.0: probe with driver peak_usb failed with error -22
[  926.644291][T16448] atomic_op ffff888055e37998 conn xmit_atomic 0000000000000000
[  927.751459][T10718] usb 8-1: USB disconnect, device number 18
[  927.768551][T16409] pim6reg: left allmulticast mode
[  928.002077][T16470] vivid-002: disconnect
[  928.021675][ T5923] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[  928.213650][ T5923] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  928.602287][ T5923] usb 3-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  929.180546][ T5923] usb 3-1: Product: syz
[  929.184732][ T5923] usb 3-1: Manufacturer: syz
[  929.470655][ T5923] usb 3-1: SerialNumber: syz
[  929.491051][ T5923] usb 3-1: config 0 descriptor??
[  929.504799][ T5923] ch341 3-1:0.0: ch341-uart converter detected
[  929.893210][T16467] vivid-002: reconnect
[  929.927263][T16465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  930.002712][T16465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  930.294452][T16465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  930.423392][T16465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  930.451622][T16489] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  930.512448][T16491] netlink: 3 bytes leftover after parsing attributes in process `syz.7.2635'.
[  930.561269][T16489] batman_adv: batadv0: Adding interface: macsec1
[  930.567878][T16489] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  930.597602][T16489] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  930.611320][   T30] audit: type=1400 audit(2000000635.133:1036): avc:  denied  { checkpoint_restore } for  pid=16463 comm="syz.2.2629" capability=40  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  930.651912][T16489] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  930.662396][   T30] audit: type=1400 audit(2000000635.163:1037): avc:  denied  { write } for  pid=16463 comm="syz.2.2629" name="/" dev="configfs" ino=57 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[  930.665280][T16498] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  930.693331][T16489] batman_adv: batadv0: Interface activated: macsec1
[  930.697588][T16498] block device autoloading is deprecated and will be removed.
[  930.720235][T16491] batadv0: entered promiscuous mode
[  930.725444][T16491] batadv0: entered allmulticast mode
[  930.754768][T16495] tipc: Resetting bearer <eth:syzkaller0>
[  931.022895][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  931.030335][T10718] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  931.212795][T10718] usb 8-1: Using ep0 maxpacket: 8
[  931.240015][T10718] usb 8-1: config 11 has an invalid interface number: 95 but max is 0
[  931.243503][T16508] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2638'.
[  931.259852][T10718] usb 8-1: config 11 has no interface number 0
[  931.266726][T10718] usb 8-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  931.280574][T10718] usb 8-1: config 11 interface 95 has no altsetting 0
[  931.317008][T10718] usb 8-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  931.326571][T10718] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  931.350417][T10718] usb 8-1: Product: syz
[  931.356455][T10718] usb 8-1: Manufacturer: syz
[  931.361217][T10718] usb 8-1: SerialNumber: syz
[  931.596469][T10718] usbtouchscreen 8-1:11.95: probe with driver usbtouchscreen failed with error -22
[  931.612875][T10718] usb 8-1: USB disconnect, device number 19
[  931.905479][ T5923] usb 3-1: failed to send control message: -110
[  931.918639][ T5923] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -110
[  932.211426][T16525] hub 2-0:1.0: USB hub found
[  932.217455][T16525] hub 2-0:1.0: 1 port detected
[  934.204843][T10718] usb 3-1: USB disconnect, device number 82
[  934.233753][T10718] ch341 3-1:0.0: device disconnected
[  934.562484][T16545] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2648'.
[  936.201772][T16562] hub 2-0:1.0: USB hub found
[  936.206552][T16562] hub 2-0:1.0: 1 port detected
[  936.525848][   T30] audit: type=1400 audit(2000000641.043:1038): avc:  denied  { mounton } for  pid=16566 comm="syz.7.2654" path="/75/file0" dev="tmpfs" ino=432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  938.249289][T16575] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  938.259373][T16575] syzkaller0: entered promiscuous mode
[  938.280413][T16575] syzkaller0: entered allmulticast mode
[  938.900412][ T5923] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  939.063458][ T5923] usb 8-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  939.074593][ T5923] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  939.109033][ T5923] usb 8-1: Product: syz
[  939.114262][ T5923] usb 8-1: Manufacturer: syz
[  939.125679][ T5923] usb 8-1: SerialNumber: syz
[  939.136099][   T30] audit: type=1400 audit(2000000643.653:1039): avc:  denied  { mount } for  pid=16588 comm="syz.1.2662" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  939.173152][ T5923] usb 8-1: config 0 descriptor??
[  939.178689][   T30] audit: type=1400 audit(2000000643.693:1040): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  939.187404][T16592] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2663'.
[  939.420845][ T5919] tipc: Node number set to 4080339067
[  939.451253][T16583] syzkaller0: left promiscuous mode
[  939.456455][T16583] syzkaller0: left allmulticast mode
[  939.469586][T10718] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  939.619859][T10718] usb 2-1: Using ep0 maxpacket: 16
[  939.688466][T10718] usb 2-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config
[  939.960515][ T5923] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  939.970574][T10718] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  939.970616][T10718] usb 2-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  939.970637][T10718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.003406][T10718] usb 2-1: config 0 descriptor??
[  940.016474][T10718] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  940.052791][ T5923] asix 8-1:0.0: probe with driver asix failed with error -71
[  940.068244][ T5923] usb 8-1: USB disconnect, device number 20
[  941.687178][T16618] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  941.903353][T16618] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[  942.169452][   T30] audit: type=1400 audit(2000000646.683:1041): avc:  denied  { write } for  pid=16631 comm="syz.2.2673" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  942.200856][   T30] audit: type=1400 audit(2000000646.683:1042): avc:  denied  { open } for  pid=16631 comm="syz.2.2673" path="/519/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  942.444202][T16639] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2675'.
[  943.429172][ T5923] usb 2-1: USB disconnect, device number 56
[  945.938970][   T30] audit: type=1326 audit(2000000650.453:1043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.030188][ T5923] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  946.090383][   T30] audit: type=1326 audit(2000000650.453:1044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.113979][   T30] audit: type=1326 audit(2000000650.453:1045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=190 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.137509][   T30] audit: type=1326 audit(2000000650.453:1046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.161057][   T30] audit: type=1326 audit(2000000650.453:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.185338][   T30] audit: type=1326 audit(2000000650.453:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.211068][   T30] audit: type=1326 audit(2000000650.453:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.238573][   T30] audit: type=1326 audit(2000000650.453:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  946.263630][ T5923] usb 4-1: Using ep0 maxpacket: 16
[  946.268837][ T2149] usb 3-1: new high-speed USB device number 83 using dummy_hcd
[  946.280643][ T5923] usb 4-1: config 75 has an invalid interface number: 136 but max is 0
[  946.290390][ T5923] usb 4-1: config 75 has no interface number 0
[  946.298998][ T5923] usb 4-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=bc.ca
[  946.315327][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  946.325106][ T5923] usb 4-1: Product: syz
[  946.329313][ T5923] usb 4-1: Manufacturer: syz
[  946.335211][ T5923] usb 4-1: SerialNumber: syz
[  946.442374][ T2149] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  946.453042][ T2149] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.549328][ T2149] usb 3-1: config 0 descriptor??
[  947.186317][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  947.186342][   T30] audit: type=1326 audit(2000000651.703:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  948.065218][ T2149] ath6kl: Failed to submit usb control message: -110
[  948.230209][   T30] audit: type=1326 audit(2000000651.703:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  948.759005][ T2149] ath6kl: unable to send the bmi data to the device: -110
[  948.767563][ T2149] ath6kl: Unable to send get target info: -110
[  948.775086][   T30] audit: type=1326 audit(2000000651.703:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  949.214843][   T30] audit: type=1326 audit(2000000651.733:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  949.239489][ T2149] ath6kl: Failed to init ath6kl core: -110
[  949.247482][ T2149] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110
[  949.262994][ T2149] usb 3-1: USB disconnect, device number 83
[  949.296696][   T30] audit: type=1326 audit(2000000652.143:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  949.321839][ T5923] ftdi_sio 4-1:75.136: FTDI USB Serial Device converter detected
[  949.332000][ T5923] ftdi_sio ttyUSB0: unknown device type: 0xbcca
[  949.351551][ T5923] usb 4-1: USB disconnect, device number 66
[  949.357983][ T5923] ftdi_sio 4-1:75.136: device disconnected
[  949.365326][   T30] audit: type=1326 audit(2000000652.153:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16689 comm="syz.2.2689" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[  949.797131][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  949.821446][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  949.895360][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  949.904615][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  950.170447][ T5923] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  950.322110][ T5923] usb 8-1: Using ep0 maxpacket: 8
[  950.332723][ T5923] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  950.359299][ T5923] usb 8-1: config 179 has no interface number 0
[  950.381552][ T5923] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  950.406421][ T5923] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  950.444745][ T5923] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  950.474712][ T5923] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  950.498729][ T5923] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  950.528524][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  950.545012][T16714] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2696'.
[  950.554578][ T5923] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  950.611102][ T5923] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  950.668471][T16722] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  950.885987][ T5923] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input112
[  951.192585][T10718] usb 8-1: USB disconnect, device number 21
[  951.192592][    C0] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  951.192725][    C0] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  951.890095][   T30] audit: type=1400 audit(2000000656.403:1084): avc:  denied  { getopt } for  pid=16748 comm="syz.1.2705" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  952.870154][ T5923] usb 3-1: new high-speed USB device number 84 using dummy_hcd
[  953.023510][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  953.070373][ T2149] usb 1-1: new low-speed USB device number 68 using dummy_hcd
[  953.872971][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  953.911963][ T5923] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  953.995977][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  954.092364][ T2149] usb 1-1: Invalid ep0 maxpacket: 64
[  954.284265][ T5923] usb 3-1: config 0 descriptor??
[  954.400108][ T2149] usb 1-1: new low-speed USB device number 69 using dummy_hcd
[  954.572091][ T2149] usb 1-1: Invalid ep0 maxpacket: 64
[  954.581105][ T2149] usb usb1-port1: attempt power cycle
[  954.659924][ T5919] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  954.721450][ T5923] konepure 0003:1E7D:2DBE.0013: unknown main item tag 0x1
[  954.729235][ T5923] konepure 0003:1E7D:2DBE.0013: unknown main item tag 0x2
[  954.750457][ T5923] konepure 0003:1E7D:2DBE.0013: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0
[  954.810147][ T5919] usb 4-1: Using ep0 maxpacket: 16
[  954.821445][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  954.835182][ T5919] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  954.849144][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  954.867409][T16808] pim6reg: entered allmulticast mode
[  954.877214][ T5919] usb 4-1: config 0 descriptor??
[  954.889922][T10718] usb 2-1: new low-speed USB device number 57 using dummy_hcd
[  954.949910][ T2149] usb 1-1: new low-speed USB device number 70 using dummy_hcd
[  954.979389][ T5809] usb 3-1: USB disconnect, device number 84
[  954.980505][ T2149] usb 1-1: Invalid ep0 maxpacket: 64
[  955.061462][T10718] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  955.070196][T10718] usb 2-1: config 0 has no interface number 0
[  955.076361][T10718] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  955.088078][T10718] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  955.098920][T10718] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  955.108378][T10718] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.118258][T10718] usb 2-1: config 0 descriptor??
[  955.123498][ T2149] usb 1-1: new low-speed USB device number 71 using dummy_hcd
[  955.124080][T16806] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22
[  955.140697][T10718] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  955.151445][ T2149] usb 1-1: Invalid ep0 maxpacket: 64
[  955.151600][ T5861] usb 8-1: new high-speed USB device number 22 using dummy_hcd
[  955.157043][ T2149] usb usb1-port1: unable to enumerate USB device
[  955.302729][ T5919] kye 0003:0458:5011.0014: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  955.315048][ T5919] kye 0003:0458:5011.0014: hidraw0: USB HID v0.0b Device [HID 0458:5011] on usb-dummy_hcd.3-1/input0
[  955.326291][ T5919] kye 0003:0458:5011.0014: tablet-enabling feature report not found
[  955.329537][ T5861] usb 8-1: Using ep0 maxpacket: 32
[  955.334757][ T5919] kye 0003:0458:5011.0014: tablet enabling failed
[  955.340868][ T5861] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  955.357767][ T5861] usb 8-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  955.369565][ T5861] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  955.377560][ T5861] usb 8-1: Product: syz
[  955.381808][ T5861] usb 8-1: Manufacturer: syz
[  955.386394][ T5861] usb 8-1: SerialNumber: syz
[  955.460274][ T5861] usb 8-1: config 0 descriptor??
[  955.485376][ T5861] peak_usb 8-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[  955.493153][ T5861] peak_usb 8-1:0.0: unable to read PCAN-USB serial number (err -22)
[  955.520251][T10718] usb 4-1: USB disconnect, device number 67
[  955.534329][T16809] tmpfs: Unknown parameter 'sched_switch'
[  955.582684][ T5861] peak_usb 8-1:0.0: probe with driver peak_usb failed with error -22
[  955.849252][ T5919] usb 3-1: new high-speed USB device number 85 using dummy_hcd
[  955.882849][T16817] 9pnet_fd: Insufficient options for proto=fd
[  956.001824][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  956.023251][ T5919] usb 3-1: New USB device found, idVendor=0c12, idProduct=0005, bcdDevice= 0.00
[  956.033770][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  956.050950][ T5919] usb 3-1: config 0 descriptor??
[  956.520920][ T5919] usbhid 3-1:0.0: can't add hid device: -71
[  957.110982][ T5919] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  957.121479][ T5919] usb 3-1: USB disconnect, device number 85
[  957.680161][T10718] usb 2-1: USB disconnect, device number 57
[  957.689127][ T5919] usb 8-1: USB disconnect, device number 22
[  957.698730][T16808] pim6reg: left allmulticast mode
[  959.395748][T16855] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  959.466286][T16862] netlink: 'syz.3.2737': attribute type 2 has an invalid length.
[  959.493277][T16862] : entered promiscuous mode
[  959.739246][T16864] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  960.770037][ T5919] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  960.900013][ T5919] usb 8-1: device descriptor read/64, error -71
[  961.139910][ T5919] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  961.290172][ T5919] usb 8-1: device descriptor read/64, error -71
[  961.328656][   T30] audit: type=1400 audit(2000000665.843:1085): avc:  denied  { setattr } for  pid=16888 comm="syz.2.2743" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  961.400391][ T5919] usb usb8-port1: attempt power cycle
[  962.080136][ T5919] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  962.570952][T16898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2745'.
[  962.580597][ T5919] usb 8-1: device descriptor read/8, error -71
[  962.827409][T16898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2745'.
[  962.860117][T16898] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2745'.
[  962.949859][ T5919] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  962.978057][ T5919] usb 8-1: device descriptor read/8, error -71
[  963.088126][   T30] audit: type=1400 audit(2000000667.603:1086): avc:  denied  { connect } for  pid=16897 comm="syz.1.2746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  963.120314][ T5919] usb usb8-port1: unable to enumerate USB device
[  964.611682][ T5919] usb 3-1: new high-speed USB device number 86 using dummy_hcd
[  964.897542][T16932] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  964.921467][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  964.937544][ T5919] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  964.948224][ T5919] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[  966.228375][ T5919] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  966.258691][T16945] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  966.275135][ T5919] usb 3-1: config 0 descriptor??
[  966.425512][   T30] audit: type=1400 audit(2000000670.943:1087): avc:  denied  { mount } for  pid=16951 comm="syz.3.2759" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  966.461728][T16955] tmpfs: Unknown parameter '18446744073709551615ÿÿ'
[  966.781989][T16958] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2761'.
[  966.796559][ T5919] konepure 0003:1E7D:2DBE.0015: unknown main item tag 0x1
[  967.059973][ T5919] konepure 0003:1E7D:2DBE.0015: unknown main item tag 0x2
[  967.118531][ T5919] konepure 0003:1E7D:2DBE.0015: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.2-1/input0
[  967.200377][ T5919] usb 3-1: USB disconnect, device number 86
[  967.430923][T16971] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2764'.
[  967.534616][T16971] batadv2: entered promiscuous mode
[  967.550805][   T30] audit: type=1326 audit(2000000672.073:1088): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  967.574744][T16971] batadv2: entered allmulticast mode
[  967.605350][   T30] audit: type=1326 audit(2000000672.073:1089): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  967.695325][   T30] audit: type=1326 audit(2000000672.173:1090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  967.817628][   T30] audit: type=1326 audit(2000000672.173:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  967.880055][T10718] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[  967.970178][   T30] audit: type=1326 audit(2000000672.173:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  967.995919][   T30] audit: type=1326 audit(2000000672.173:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  968.021527][   T30] audit: type=1326 audit(2000000672.173:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  968.046032][   T30] audit: type=1326 audit(2000000672.333:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  968.072456][   T30] audit: type=1326 audit(2000000672.333:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16965 comm="syz.7.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f893618eec9 code=0x7ffc0000
[  968.159572][T10718] usb 1-1: Using ep0 maxpacket: 8
[  968.166692][T10718] usb 1-1: config 11 has an invalid interface number: 95 but max is 0
[  968.175215][T10718] usb 1-1: config 11 has no interface number 0
[  968.183736][T10718] usb 1-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  968.233404][T10718] usb 1-1: config 11 interface 95 has no altsetting 0
[  968.249834][T10718] usb 1-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  968.258990][T10718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.288746][T10718] usb 1-1: Product: syz
[  968.349007][T10718] usb 1-1: Manufacturer: syz
[  968.368472][T10718] usb 1-1: SerialNumber: syz
[  968.595202][T10718] usbtouchscreen 1-1:11.95: probe with driver usbtouchscreen failed with error -22
[  968.636027][T10718] usb 1-1: USB disconnect, device number 72
[  969.088488][T16997] pim6reg: entered allmulticast mode
[  969.307178][T17001] new mount options do not match the existing superblock, will be ignored
[  969.318654][T17001] option changes via remount are deprecated (pid=16998 comm=syz.2.2770)
[  969.441592][T10718] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  969.630975][T10718] usb 8-1: Using ep0 maxpacket: 32
[  969.646008][T10718] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  969.740232][ T2149] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[  969.767379][T10718] usb 8-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  969.776545][T10718] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  969.784586][T10718] usb 8-1: Product: syz
[  969.788775][T10718] usb 8-1: Manufacturer: syz
[  969.793413][T10718] usb 8-1: SerialNumber: syz
[  969.800848][T10718] usb 8-1: config 0 descriptor??
[  969.833247][T10718] peak_usb 8-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[  969.857842][T10718] peak_usb 8-1:0.0: unable to read PCAN-USB serial number (err -22)
[  969.889629][ T2149] usb 1-1: Using ep0 maxpacket: 16
[  969.896204][ T2149] usb 1-1: config 0 interface 0 has no altsetting 0
[  969.903195][ T2149] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  969.920098][ T2149] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  969.930589][ T2149] usb 1-1: config 0 descriptor??
[  970.175408][T10718] peak_usb 8-1:0.0: probe with driver peak_usb failed with error -22
[  970.345111][ T2149] hid (null): global environment stack underflow
[  970.352393][ T2149] hid (null): unknown global tag 0xc
[  970.372622][ T2149] hid (null): report_id 25068 is invalid
[  970.387027][ T2149] hid (null): report_id 0 is invalid
[  970.404024][ T2149] hid (null): global environment stack overflow
[  970.431208][ T2149] hid (null): unknown global tag 0xc
[  970.452812][ T2149] hid (null): unknown global tag 0x58
[  970.563558][ T2149] usb 1-1: USB disconnect, device number 73
[  970.684695][T17013] pim6reg: entered allmulticast mode
[  970.959547][T10718] usb 3-1: new high-speed USB device number 87 using dummy_hcd
[  971.153757][T10718] usb 3-1: Using ep0 maxpacket: 32
[  971.167271][T10718] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  971.186920][T10718] usb 3-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[  971.196416][T10718] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  971.204812][T10718] usb 3-1: Product: syz
[  971.207980][T17019] lo: entered promiscuous mode
[  971.214182][T10718] usb 3-1: Manufacturer: syz
[  971.214327][T17018] lo: entered allmulticast mode
[  971.218807][T10718] usb 3-1: SerialNumber: syz
[  971.228651][T17019] lo: left allmulticast mode
[  971.233322][T17019] lo: left promiscuous mode
[  971.239383][T10718] usb 3-1: config 0 descriptor??
[  971.250102][T10718] peak_usb 3-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[  971.258063][T10718] peak_usb 3-1:0.0: unable to read PCAN-USB serial number (err -22)
[  971.405916][T10718] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -22
[  971.608853][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  971.655524][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  971.748516][T16991] pim6reg: left allmulticast mode
[  971.753803][ T2149] usb 8-1: USB disconnect, device number 28
[  971.762855][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  971.819205][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  971.892614][   T30] kauditd_printk_skb: 27 callbacks suppressed
[  971.892628][   T30] audit: type=1400 audit(2000000676.413:1124): avc:  denied  { execute } for  pid=17035 comm="syz.7.2778" path="/dev/v4l-subdev2" dev="devtmpfs" ino=942 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  971.893062][T17036] batadv_slave_1: entered promiscuous mode
[  971.941880][T17035] batadv_slave_1: left promiscuous mode
[  972.038885][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  972.047962][T17027] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2777'.
[  972.550156][T10718] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  972.740887][T10718] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  972.751105][T10718] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  972.788007][T10718] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  972.799357][T10718] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  972.826003][T10718] usb 8-1: Product: syz
[  972.838234][T10718] usb 8-1: Manufacturer: syz
[  972.854207][T10718] usb 8-1: SerialNumber: syz
[  973.242007][ T2149] usb 3-1: USB disconnect, device number 87
[  973.252619][T17013] pim6reg: left allmulticast mode
[  976.216034][T10718] cdc_ncm 8-1:1.0: bind() failure
[  976.226124][T17071] FAULT_INJECTION: forcing a failure.
[  976.226124][T17071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  976.246151][T17071] CPU: 0 UID: 0 PID: 17071 Comm: syz.7.2790 Not tainted syzkaller #0 PREEMPT(full) 
[  976.246174][T17071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  976.246185][T17071] Call Trace:
[  976.246191][T17071]  <TASK>
[  976.246198][T17071]  dump_stack_lvl+0x16c/0x1f0
[  976.246235][T17071]  should_fail_ex+0x512/0x640
[  976.246256][T10718] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found
[  976.246265][T17071]  _copy_to_user+0x32/0xd0
[  976.246294][T17071]  video_usercopy+0xf43/0x1720
[  976.246314][T17071]  ? __pfx___video_do_ioctl+0x10/0x10
[  976.246330][T17071]  ? selinux_kernel_read_file+0xf0/0x130
[  976.246347][T17071]  ? __pfx_video_usercopy+0x10/0x10
[  976.246379][T17071]  v4l2_ioctl+0x1ba/0x250
[  976.246395][T17071]  ? __pfx_v4l2_ioctl+0x10/0x10
[  976.246411][T17071]  __x64_sys_ioctl+0x18e/0x210
[  976.246435][T17071]  do_syscall_64+0xcd/0xfa0
[  976.246459][T17071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.246476][T17071] RIP: 0033:0x7f893618eec9
[  976.246489][T17071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  976.246504][T17071] RSP: 002b:00007f89343f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  976.246520][T17071] RAX: ffffffffffffffda RBX: 00007f89363e5fa0 RCX: 00007f893618eec9
[  976.246530][T17071] RDX: 0000200000000000 RSI: 00000000c008561c RDI: 0000000000000003
[  976.246540][T17071] RBP: 00007f89343f6090 R08: 0000000000000000 R09: 0000000000000000
[  976.246549][T17071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  976.246558][T17071] R13: 00007f89363e6038 R14: 00007f89363e5fa0 R15: 00007ffd0be13f78
[  976.246581][T17071]  </TASK>
[  976.621247][T17082] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2788'.
[  976.636291][T17082] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2788'.
[  976.810214][ T2149] usb 4-1: new full-speed USB device number 68 using dummy_hcd
[  976.825401][T10718] cdc_ncm 8-1:1.1: bind() failure
[  976.840530][T10718] usb 8-1: USB disconnect, device number 29
[  977.232735][ T2149] usb 4-1: config 0 has an invalid interface number: 201 but max is 0
[  977.262787][ T2149] usb 4-1: config 0 has no interface number 0
[  977.282547][ T2149] usb 4-1: config 0 interface 201 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  977.295856][ T2149] usb 4-1: config 0 interface 201 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  977.317251][ T2149] usb 4-1: New USB device found, idVendor=04fc, idProduct=0235, bcdDevice=ef.15
[  977.330139][ T2149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.354383][ T2149] usb 4-1: Product: syz
[  977.367858][ T2149] usb 4-1: Manufacturer: syz
[  977.383141][ T2149] usb 4-1: SerialNumber: syz
[  977.475348][ T2149] usb 4-1: config 0 descriptor??
[  977.505219][ T2149] spcp8x5 4-1:0.201: SPCP8x5 converter detected
[  977.513486][ T2149] usb 4-1: SPCP8x5 converter now attached to ttyUSB0
[  980.562974][ T2149] IPVS: starting estimator thread 0...
[  980.760522][T17118] IPVS: using max 37 ests per chain, 88800 per kthread
[  981.012868][ T5919] usb 4-1: USB disconnect, device number 68
[  981.021689][ T5919] SPCP8x5 ttyUSB0: SPCP8x5 converter now disconnected from ttyUSB0
[  981.030910][ T5919] spcp8x5 4-1:0.201: device disconnected
[  984.751352][T17169] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  985.050002][T17174] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  985.465757][ T2149] usb 3-1: new high-speed USB device number 88 using dummy_hcd
[  985.660175][ T2149] usb 3-1: Using ep0 maxpacket: 32
[  985.685584][ T2149] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  985.731174][ T2149] usb 3-1: config 0 has no interface number 0
[  985.776397][ T2149] usb 3-1: config 0 interface 12 has no altsetting 0
[  986.157802][ T2149] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  986.261586][ T2149] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  986.480436][ T2149] usb 3-1: Product: syz
[  986.484615][ T2149] usb 3-1: Manufacturer: syz
[  986.489196][ T2149] usb 3-1: SerialNumber: syz
[  986.539173][ T2149] usb 3-1: config 0 descriptor??
[  986.551215][ T5810] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  986.565077][ T5810] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  986.575823][ T5810] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  986.584153][ T5810] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  986.591705][ T5810] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  987.052449][ T8452] bridge_slave_1: left allmulticast mode
[  987.088810][ T8452] bridge_slave_1: left promiscuous mode
[  987.129223][ T8452] bridge0: port 2(bridge_slave_1) entered disabled state
[  987.165266][ T8452] bridge_slave_0: left allmulticast mode
[  987.183900][ T8452] bridge_slave_0: left promiscuous mode
[  987.200882][ T8452] bridge0: port 1(bridge_slave_0) entered disabled state
[  987.404724][T17170] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  987.434497][T17170] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  988.625323][   T51] Bluetooth: hci0: command tx timeout
[  989.262169][ T2149] f81534 3-1:0.12: f81534_get_register: reg: 1003 failed: -32
[  989.282945][ T2149] f81534 3-1:0.12: f81534_find_config_idx: read failed: -32
[  989.290646][ T2149] f81534 3-1:0.12: f81534_calc_num_ports: find idx failed: -32
[  989.298564][ T2149] f81534 3-1:0.12: probe with driver f81534 failed with error -32
[  989.793016][ T8452] bond0 (unregistering): (slave 
3
0
): Releasing backup interface
[  989.809164][ T8452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  989.819151][ T8452] bond0 (unregistering): Released all slaves
[  989.997445][ T8452] bond1 (unregistering): Released all slaves
[  990.227877][T17180] lo speed is unknown, defaulting to 1000
[  990.370865][ T8452] : left promiscuous mode
[  990.700683][   T51] Bluetooth: hci0: command tx timeout
[  990.774936][T17216] FAULT_INJECTION: forcing a failure.
[  990.774936][T17216] name failslab, interval 1, probability 0, space 0, times 0
[  990.788211][T17216] CPU: 0 UID: 0 PID: 17216 Comm: syz.7.2825 Not tainted syzkaller #0 PREEMPT(full) 
[  990.788235][T17216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  990.788245][T17216] Call Trace:
[  990.788252][T17216]  <TASK>
[  990.788259][T17216]  dump_stack_lvl+0x16c/0x1f0
[  990.788290][T17216]  should_fail_ex+0x512/0x640
[  990.788316][T17216]  ? fs_reclaim_acquire+0xae/0x150
[  990.788345][T17216]  should_failslab+0xc2/0x120
[  990.788365][T17216]  __kmalloc_noprof+0xdd/0x880
[  990.788391][T17216]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  990.788416][T17216]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  990.788434][T17216]  tomoyo_realpath_from_path+0xc2/0x6e0
[  990.788456][T17216]  ? tomoyo_profile+0x47/0x60
[  990.788481][T17216]  tomoyo_path_number_perm+0x245/0x580
[  990.788506][T17216]  ? tomoyo_path_number_perm+0x237/0x580
[  990.788535][T17216]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  990.788563][T17216]  ? preempt_schedule_common+0x44/0xc0
[  990.788615][T17216]  ? find_held_lock+0x2b/0x80
[  990.788638][T17216]  ? hook_file_ioctl_common+0x145/0x410
[  990.788667][T17216]  ? __fget_files+0x20e/0x3c0
[  990.788691][T17216]  security_file_ioctl+0x9b/0x240
[  990.788711][T17216]  __x64_sys_ioctl+0xb7/0x210
[  990.788738][T17216]  do_syscall_64+0xcd/0xfa0
[  990.788767][T17216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  990.788785][T17216] RIP: 0033:0x7f893618eec9
[  990.788800][T17216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  990.788817][T17216] RSP: 002b:00007f89343d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  990.788834][T17216] RAX: ffffffffffffffda RBX: 00007f89363e6090 RCX: 00007f893618eec9
[  990.788846][T17216] RDX: 0000200000000000 RSI: 000000004048aecb RDI: 0000000000000008
[  990.788856][T17216] RBP: 00007f89343d5090 R08: 0000000000000000 R09: 0000000000000000
[  990.788867][T17216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  990.788878][T17216] R13: 00007f89363e6128 R14: 00007f89363e6090 R15: 00007ffd0be13f78
[  990.788905][T17216]  </TASK>
[  990.788942][T17216] ERROR: Out of memory at tomoyo_realpath_from_path.
[  991.137970][T10718] usb 3-1: USB disconnect, device number 88
[  991.298598][ T8452] tipc: Left network mode
[  991.493811][   T30] audit: type=1400 audit(2000000696.003:1125): avc:  denied  { read } for  pid=17228 comm="syz.7.2827" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  991.919650][   T30] audit: type=1800 audit(2000000696.013:1126): pid=17229 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.7.2827" name="/" dev="9p" ino=2 res=0 errno=0
[  991.939770][   T30] audit: type=1400 audit(2000000696.013:1127): avc:  denied  { mounton } for  pid=17228 comm="syz.7.2827" path="/113/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  992.471617][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  992.781515][   T51] Bluetooth: hci0: command tx timeout
[  992.857664][T17180] chnl_net:caif_netlink_parms(): no params data found
[  993.257531][ T8452] hsr_slave_0: left promiscuous mode
[  993.266530][ T8452] hsr_slave_1: left promiscuous mode
[  993.287643][ T8452] batman_adv: batadv0: Removing interface: batadv_slave_0
[  993.406109][ T8452] batman_adv: batadv0: Removing interface: batadv_slave_1
[  993.977081][T17261] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2834'.
[  994.025780][ T8452] team0 (unregistering): Port device team_slave_1 removed
[  994.102685][ T8452] team0 (unregistering): Port device team_slave_0 removed
[  994.220786][T17267] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2831'.
[  994.493939][T17261] batadv2: entered promiscuous mode
[  994.517245][T17261] batadv2: entered allmulticast mode
[  994.553989][T17267] batadv2: entered promiscuous mode
[  994.559440][T17267] batadv2: entered allmulticast mode
[  994.589629][ T5809] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[  994.819829][ T5809] usb 1-1: Using ep0 maxpacket: 8
[  994.820171][T17223] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  994.826704][ T5809] usb 1-1: config 11 has an invalid interface number: 95 but max is 0
[  994.833967][T17276] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2836'.
[  994.843095][ T5809] usb 1-1: config 11 has no interface number 0
[  994.860185][   T51] Bluetooth: hci0: command tx timeout
[  994.865392][ T5809] usb 1-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  994.877815][T17180] bridge0: port 1(bridge_slave_0) entered blocking state
[  994.885697][T17180] bridge0: port 1(bridge_slave_0) entered disabled state
[  994.893132][ T5809] usb 1-1: config 11 interface 95 has no altsetting 0
[  994.904878][T17180] bridge_slave_0: entered allmulticast mode
[  994.924116][ T5809] usb 1-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  994.926938][T17180] bridge_slave_0: entered promiscuous mode
[  994.934554][ T5809] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  994.948471][ T5809] usb 1-1: Product: syz
[  994.954175][ T5809] usb 1-1: Manufacturer: syz
[  994.955082][T17180] bridge0: port 2(bridge_slave_1) entered blocking state
[  994.958856][ T5809] usb 1-1: SerialNumber: syz
[  994.996661][T17180] bridge0: port 2(bridge_slave_1) entered disabled state
[  995.006980][T17180] bridge_slave_1: entered allmulticast mode
[  995.036547][T17180] bridge_slave_1: entered promiscuous mode
[  995.046741][T17223] usb 8-1: config 160 has an invalid interface number: 200 but max is 0
[  995.063587][T17223] usb 8-1: config 160 has no interface number 0
[  995.070066][T17223] usb 8-1: config 160 interface 200 has no altsetting 0
[  995.096484][T17223] usb 8-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  995.100850][T17180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  995.116233][T17223] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  995.118812][T17180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  995.134094][T17223] usb 8-1: Product: syz
[  995.138768][T17223] usb 8-1: Manufacturer: syz
[  995.150107][T17223] usb 8-1: SerialNumber: syz
[  995.166185][T17180] team0: Port device team_slave_0 added
[  995.181543][T17180] team0: Port device team_slave_1 added
[  995.206244][ T5809] usbtouchscreen 1-1:11.95: probe with driver usbtouchscreen failed with error -22
[  995.220422][ T5809] usb 1-1: USB disconnect, device number 74
[  995.238615][T17180] batman_adv: batadv0: Adding interface: batadv_slave_0
[  995.245950][T17180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  995.274184][T17180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  995.286367][T17180] batman_adv: batadv0: Adding interface: batadv_slave_1
[  995.288548][ T8452] IPVS: stop unused estimator thread 0...
[  995.293496][T17180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  995.293521][T17180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  995.355140][T17180] hsr_slave_0: entered promiscuous mode
[  995.362190][T17180] hsr_slave_1: entered promiscuous mode
[  995.362975][T17271] Bluetooth: MGMT ver 1.23
[  995.390978][T17271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  995.401149][T17271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  995.429816][T10718] usb 3-1: new high-speed USB device number 89 using dummy_hcd
[  995.446827][T17271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  995.457744][T17271] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  995.611628][T10718] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  995.624134][T10718] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  995.634622][T10718] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  995.645770][T10718] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  995.654445][T10718] usb 3-1: SerialNumber: syz
[  995.806368][T17180] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  995.841164][T17180] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  995.846770][T17282] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2837'.
[  995.865727][T17180] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  995.882416][T10718] usb 3-1: 0:2 : does not exist
[  995.895707][T17180] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  995.917853][T10718] usb 3-1: USB disconnect, device number 89
[  996.081015][T17292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2837'.
[  996.251957][T17223] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  996.258986][T17223] usb 8-1: MIDIStreaming interface descriptor not found
[  996.288276][T17223] usb 8-1: USB disconnect, device number 30
[  996.336357][T17292] batman_adv: batadv0: Removing interface: team0
[  996.349258][T17292] team0 (unregistering): Port device team_slave_0 removed
[  996.358662][T17292] team0 (unregistering): Port device team_slave_1 removed
[  996.413986][T17180] 8021q: adding VLAN 0 to HW filter on device bond0
[  996.458608][T17180] 8021q: adding VLAN 0 to HW filter on device team0
[  996.469646][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state
[  996.476724][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state
[  996.522334][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state
[  996.529389][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state
[  997.220212][T17180] 8021q: adding VLAN 0 to HW filter on device batadv0
[  998.632526][T17180] veth0_vlan: entered promiscuous mode
[  998.686295][T17180] veth1_vlan: entered promiscuous mode
[  998.774501][T17180] veth0_macvtap: entered promiscuous mode
[  998.792178][   T30] audit: type=1400 audit(2000000703.313:1128): avc:  denied  { remount } for  pid=17316 comm="syz.7.2842" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1
[  999.166247][T17180] veth1_macvtap: entered promiscuous mode
[  999.219386][T17180] batman_adv: batadv0: Interface activated: batadv_slave_0
[  999.259340][T17180] batman_adv: batadv0: Interface activated: batadv_slave_1
[  999.304163][T17324] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  999.333305][ T9439] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  999.619546][ T9439] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  999.647213][ T8452] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  999.666056][T10718] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[  999.772150][ T8452] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  999.848136][T10718] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  999.872913][T10718] usb 1-1: config 1 has no interface number 0
[  999.894038][ T8452] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  999.902576][T10718] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  999.917023][ T8452] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  999.926428][T10718] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1023
[  999.948330][T10718] usb 1-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  999.970121][T15735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  999.978979][T15735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1000.000004][T10718] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[ 1000.009351][T10718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1000.021885][T10718] usb 1-1: Product: syz
[ 1000.026097][T10718] usb 1-1: Manufacturer: syz
[ 1000.031162][T10718] usb 1-1: SerialNumber: syz
[ 1000.043622][T17329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1000.061567][T17329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1000.080838][T10718] usb 1-1: Expected 3 endpoints, found: 2
[ 1000.597263][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.609417][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.649298][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.658405][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.785596][   T30] audit: type=1400 audit(2000000705.303:1129): avc:  denied  { mount } for  pid=17364 comm="syz.2.2856" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1000.787222][T17365] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[ 1000.820180][T17367] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1000.923874][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.975071][T17355] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2854'.
[ 1000.984471][   T30] audit: type=1326 audit(2000000705.353:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.008954][   T30] audit: type=1326 audit(2000000705.353:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.067503][   T30] audit: type=1326 audit(2000000705.353:1132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.409550][   T30] audit: type=1326 audit(2000000705.353:1133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=37 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.705025][   T30] audit: type=1326 audit(2000000705.353:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.730046][   T30] audit: type=1326 audit(2000000705.353:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.843381][   T30] audit: type=1326 audit(2000000705.353:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.867573][   T30] audit: type=1326 audit(2000000705.353:1137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17364 comm="syz.2.2856" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f40edd8eec9 code=0x7ffc0000
[ 1001.921004][T17382] FAULT_INJECTION: forcing a failure.
[ 1001.921004][T17382] name failslab, interval 1, probability 0, space 0, times 0
[ 1001.934325][T17382] CPU: 0 UID: 0 PID: 17382 Comm: syz.3.2860 Not tainted syzkaller #0 PREEMPT(full) 
[ 1001.934343][T17382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1001.934350][T17382] Call Trace:
[ 1001.934354][T17382]  <TASK>
[ 1001.934359][T17382]  dump_stack_lvl+0x16c/0x1f0
[ 1001.934379][T17382]  should_fail_ex+0x512/0x640
[ 1001.934396][T17382]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[ 1001.934414][T17382]  should_failslab+0xc2/0x120
[ 1001.934427][T17382]  kmem_cache_alloc_noprof+0x75/0x6e0
[ 1001.934443][T17382]  ? alloc_empty_file+0x55/0x1e0
[ 1001.934459][T17382]  ? alloc_empty_file+0x55/0x1e0
[ 1001.934471][T17382]  ? _raw_spin_unlock+0x28/0x50
[ 1001.934485][T17382]  alloc_empty_file+0x55/0x1e0
[ 1001.934499][T17382]  alloc_file_pseudo+0x13a/0x230
[ 1001.934513][T17382]  ? __pfx_alloc_file_pseudo+0x10/0x10
[ 1001.934531][T17382]  sock_alloc_file+0x50/0x210
[ 1001.934549][T17382]  do_accept+0x240/0x530
[ 1001.934562][T17382]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1001.934575][T17382]  ? __pfx_do_accept+0x10/0x10
[ 1001.934597][T17382]  __sys_accept4+0x100/0x1c0
[ 1001.934610][T17382]  ? __pfx___sys_accept4+0x10/0x10
[ 1001.934624][T17382]  ? __pfx_ksys_write+0x10/0x10
[ 1001.934636][T17382]  __x64_sys_accept4+0x96/0x100
[ 1001.934649][T17382]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1001.934665][T17382]  do_syscall_64+0xcd/0xfa0
[ 1001.934682][T17382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1001.934694][T17382] RIP: 0033:0x7f43c898eec9
[ 1001.934703][T17382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1001.934714][T17382] RSP: 002b:00007f43c97c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000120
[ 1001.934724][T17382] RAX: ffffffffffffffda RBX: 00007f43c8be5fa0 RCX: 00007f43c898eec9
[ 1001.934731][T17382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[ 1001.934737][T17382] RBP: 00007f43c97c1090 R08: 0000000000000000 R09: 0000000000000000
[ 1001.934744][T17382] R10: 0000000000080000 R11: 0000000000000246 R12: 0000000000000001
[ 1001.934750][T17382] R13: 00007f43c8be6038 R14: 00007f43c8be5fa0 R15: 00007ffe10980e08
[ 1001.934764][T17382]  </TASK>
[ 1002.596517][T12054] usb 1-1: USB disconnect, device number 75
[ 1002.720243][T17388] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2861'.
[ 1002.740623][T17388] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2861'.
[ 1003.286494][T17388] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2861'.
[ 1003.307745][T17388] netlink: 60 bytes leftover after parsing attributes in process `syz.7.2861'.
[ 1004.312404][T17223] libceph: connect (1)[b::]:6789 error -101
[ 1004.370310][T17223] libceph: mon0 (1)[b::]:6789 connect error
[ 1004.632012][T17223] libceph: connect (1)[b::]:6789 error -101
[ 1004.638072][T17223] libceph: mon0 (1)[b::]:6789 connect error
[ 1004.751260][T17428] batadv2: entered promiscuous mode
[ 1004.758742][T17428] batadv2: entered allmulticast mode
[ 1005.083232][T17414] ceph: No mds server is up or the cluster is laggy
[ 1005.190991][T17438] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1006.356881][T17223] usb 3-1: new high-speed USB device number 90 using dummy_hcd
[ 1006.550180][T17223] usb 3-1: Using ep0 maxpacket: 16
[ 1006.581105][T17223] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1006.602256][T12054] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1006.670256][T17223] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1006.709882][T17223] usb 3-1: config 0 interface 0 has no altsetting 0
[ 1006.726754][T17223] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[ 1006.746556][T17223] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.773277][T17223] usb 3-1: config 0 descriptor??
[ 1006.830170][T12054] usb 4-1: Using ep0 maxpacket: 32
[ 1006.840972][T12054] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1006.853771][T12054] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1006.870267][T12054] usb 4-1: New USB device found, idVendor=28bd, idProduct=0055, bcdDevice= 0.00
[ 1006.880886][T12054] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1006.890441][T17455] __nla_validate_parse: 4 callbacks suppressed
[ 1006.890455][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1006.891953][T12054] usb 4-1: config 0 descriptor??
[ 1006.920393][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1006.984690][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1007.001300][T17448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.006642][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1007.011436][T17448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.038626][T17448] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1007.048073][T17448] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1007.080428][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1007.089397][T17455] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2877'.
[ 1007.239574][ T5889] usb 8-1: new full-speed USB device number 31 using dummy_hcd
[ 1007.262493][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1007.262507][   T30] audit: type=1400 audit(2000000711.773:1142): avc:  denied  { ioctl } for  pid=17447 comm="syz.2.2876" path="/dev/ptyq8" dev="devtmpfs" ino=127 ioctlcmd=0x5402 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[ 1007.365428][T17223] usbhid 3-1:0.0: can't add hid device: -71
[ 1007.384517][T12054] uclogic 0003:28BD:0055.0017: interface is invalid, ignoring
[ 1007.392145][T17223] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1007.420215][T17223] usb 3-1: USB disconnect, device number 90
[ 1007.447837][ T5889] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1007.462129][ T5889] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1007.476428][ T5889] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1007.486064][ T5889] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1007.511189][ T5889] usb 8-1: config 0 descriptor??
[ 1007.518980][ T5889] hub 8-1:0.0: USB hub found
[ 1007.554661][T17472] pim6reg: entered allmulticast mode
[ 1007.732999][ T5889] hub 8-1:0.0: 2 ports detected
[ 1007.840139][T10718] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 1007.997465][T17481] netlink: 40 bytes leftover after parsing attributes in process `syz.7.2878'.
[ 1008.743164][T10718] usb 1-1: Using ep0 maxpacket: 32
[ 1008.948111][ T5889] hub 8-1:0.0: hub_hub_status failed (err = -32)
[ 1009.049041][ T5889] hub 8-1:0.0: config failed, can't get hub status (err -32)
[ 1009.125173][ T5809] usb 4-1: USB disconnect, device number 69
[ 1009.142439][ T5889] usbhid 8-1:0.0: can't add hid device: -32
[ 1009.149375][ T5889] usbhid 8-1:0.0: probe with driver usbhid failed with error -32
[ 1009.162081][T10718] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1009.193298][T10718] usb 1-1: New USB device found, idVendor=0c72, idProduct=000c, bcdDevice=d4.09
[ 1009.203098][ T5889] usb 8-1: USB disconnect, device number 31
[ 1009.209102][T10718] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1009.225612][T10718] usb 1-1: Product: syz
[ 1009.233206][T10718] usb 1-1: Manufacturer: syz
[ 1009.240197][T10718] usb 1-1: SerialNumber: syz
[ 1009.253288][T10718] usb 1-1: config 0 descriptor??
[ 1009.273111][T10718] peak_usb 1-1:0.0 can0: sending cmd f=0x6 n=0x1 failure: -22
[ 1009.280832][T10718] peak_usb 1-1:0.0: unable to read PCAN-USB serial number (err -22)
[ 1009.528956][T17492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2884'.
[ 1009.538504][T17492] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2884'.
[ 1009.548828][T17492] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2884'.
[ 1009.890466][T10718] peak_usb 1-1:0.0: probe with driver peak_usb failed with error -22
[ 1010.383466][T17506] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1011.229107][T17524] batadv2: entered promiscuous mode
[ 1011.249829][T17524] batadv2: entered allmulticast mode
[ 1011.568043][T12054] usb 1-1: USB disconnect, device number 76
[ 1011.637185][T17472] pim6reg: left allmulticast mode
[ 1011.830168][ T5918] usb 3-1: new high-speed USB device number 91 using dummy_hcd
[ 1012.063229][ T5918] usb 3-1: Using ep0 maxpacket: 8
[ 1012.145329][ T5889] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 1012.320959][ T5889] usb 1-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[ 1012.339654][ T5889] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.348119][ T5918] usb 3-1: config 11 has an invalid interface number: 95 but max is 0
[ 1012.356617][ T5918] usb 3-1: config 11 has no interface number 0
[ 1012.364042][ T5918] usb 3-1: config 11 interface 95 altsetting 64 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1012.375924][ T5918] usb 3-1: config 11 interface 95 has no altsetting 0
[ 1012.498182][ T5889] usb 1-1: config 0 descriptor??
[ 1012.514741][ T5889] gspca_main: mars-2.14.0 probing 093a:050f
[ 1012.520201][ T5918] usb 3-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[ 1012.540120][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1012.548229][ T5918] usb 3-1: Product: syz
[ 1012.778890][T17223] usb 1-1: USB disconnect, device number 77
[ 1012.997347][ T5918] usb 3-1: Manufacturer: syz
[ 1013.003175][T14806] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1013.015430][T14806] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1013.024764][T14806] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1013.035152][T14806] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1013.043417][T14806] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1013.054701][ T5918] usb 3-1: SerialNumber: syz
[ 1013.342809][ T5918] usbtouchscreen 3-1:11.95: probe with driver usbtouchscreen failed with error -22
[ 1013.363932][ T5918] usb 3-1: USB disconnect, device number 91
[ 1013.396282][T17554] Cannot find del_set index 2 as target
[ 1013.819494][   T30] audit: type=1400 audit(2000000718.123:1143): avc:  denied  { ioctl } for  pid=17549 comm="syz.7.2899" path="socket:[61397]" dev="sockfs" ino=61397 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1013.960058][    C1] hrtimer: interrupt took 11097 ns
[ 1014.324854][T17543] chnl_net:caif_netlink_parms(): no params data found
[ 1015.093713][T14806] Bluetooth: hci5: command 0x0405 tx timeout
[ 1015.100129][T14806] Bluetooth: hci4: command tx timeout
[ 1015.319642][T17543] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1015.362140][T17543] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1015.379741][T17543] bridge_slave_0: entered allmulticast mode
[ 1015.403080][T17543] bridge_slave_0: entered promiscuous mode
[ 1015.432305][T17543] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1015.495871][T17580] vivid-000: disconnect
[ 1015.711701][T17543] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1015.810372][T17543] bridge_slave_1: entered allmulticast mode
[ 1015.884055][T17543] bridge_slave_1: entered promiscuous mode
[ 1015.979397][T17577] vivid-000: reconnect
[ 1016.035956][T17543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1016.077397][T17543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1016.492194][T17543] team0: Port device team_slave_0 added
[ 1016.518494][T17543] team0: Port device team_slave_1 added
[ 1016.569825][T10718] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1016.584215][T17543] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1016.592316][T17543] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1016.631636][T17543] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1016.644454][T17543] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1016.649185][   T30] audit: type=1400 audit(2000000721.163:1144): avc:  denied  { read } for  pid=17595 comm="syz.2.2909" path="socket:[62569]" dev="sockfs" ino=62569 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[ 1016.652162][T17543] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1016.703449][T17596] program syz.2.2909 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1016.723529][T17543] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1016.755835][   T30] audit: type=1400 audit(2000000721.223:1145): avc:  denied  { bind } for  pid=17595 comm="syz.2.2909" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1016.789509][T10718] usb 1-1: Using ep0 maxpacket: 16
[ 1016.796028][T10718] usb 1-1: config 0 has an invalid descriptor of length 228, skipping remainder of the config
[ 1016.816000][T17543] hsr_slave_0: entered promiscuous mode
[ 1016.822401][T17543] hsr_slave_1: entered promiscuous mode
[ 1016.828245][T10718] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1016.828804][T17543] debugfs: 'hsr0' already exists in 'hsr'
[ 1016.847960][T10718] usb 1-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[ 1016.847977][T17543] Cannot create hsr debugfs directory
[ 1016.862773][T10718] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1016.887059][T10718] usb 1-1: config 0 descriptor??
[ 1016.896763][T10718] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[ 1017.020118][ T5918] usb 8-1: new high-speed USB device number 32 using dummy_hcd
[ 1017.170896][ T5918] usb 8-1: Using ep0 maxpacket: 16
[ 1017.177605][ T5918] usb 8-1: config 0 has an invalid interface number: 237 but max is 0
[ 1017.186211][   T51] Bluetooth: hci4: command tx timeout
[ 1017.192331][T12054] usb 3-1: new high-speed USB device number 92 using dummy_hcd
[ 1017.200886][ T5918] usb 8-1: config 0 has no interface number 0
[ 1017.207032][ T5918] usb 8-1: config 0 interface 237 has no altsetting 0
[ 1017.228298][ T5918] usb 8-1: New USB device found, idVendor=0e41, idProduct=5057, bcdDevice= 6.ad
[ 1017.240207][ T5918] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1017.248354][ T5918] usb 8-1: Product: syz
[ 1017.254191][ T5918] usb 8-1: Manufacturer: syz
[ 1017.258877][ T5918] usb 8-1: SerialNumber: syz
[ 1017.283181][ T5918] usb 8-1: config 0 descriptor??
[ 1017.304448][ T5918] snd_usb_podhd 8-1:0.237: Line 6 POD HD300 found
[ 1017.349526][T12054] usb 3-1: Using ep0 maxpacket: 16
[ 1017.357217][T12054] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11
[ 1017.380680][T12054] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[ 1017.391192][T12054] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[ 1017.406268][T12054] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1017.424124][T12054] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1017.442007][T12054] usb 3-1: SerialNumber: syz
[ 1017.455749][T17598] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 1017.515738][T17543] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1017.515999][ T5918] snd_usb_podhd 8-1:0.237: set_interface failed
[ 1017.538889][ T5918] snd_usb_podhd 8-1:0.237: Line 6 POD HD300 now disconnected
[ 1017.539582][T17543] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1017.555898][ T5918] snd_usb_podhd 8-1:0.237: probe with driver snd_usb_podhd failed with error -71
[ 1017.560456][T17543] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1017.573986][ T5918] usb 8-1: USB disconnect, device number 32
[ 1017.593630][T17543] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1017.677432][T17543] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1017.681611][T12054] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[ 1017.709347][T17543] 8021q: adding VLAN 0 to HW filter on device team0
[ 1017.710387][T12054] usb 3-1: USB disconnect, device number 92
[ 1017.720671][ T8452] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1017.728966][ T8452] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1017.761130][ T8452] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1017.768235][ T8452] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1018.013717][T17616] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1018.496530][T17616] overlayfs: failed lookup in lower (/, name='file0', err=-66): unsupported object type
[ 1019.260753][   T51] Bluetooth: hci4: command tx timeout
[ 1019.268053][T17543] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1020.219410][T17543] veth0_vlan: entered promiscuous mode
[ 1020.247413][T12054] usb 1-1: USB disconnect, device number 78
[ 1020.289307][T17543] veth1_vlan: entered promiscuous mode
[ 1020.363654][T17543] veth0_macvtap: entered promiscuous mode
[ 1020.393545][T17543] veth1_macvtap: entered promiscuous mode
[ 1020.753878][T17543] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1020.793442][T17543] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1020.823048][ T9435] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1020.832325][ T9435] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.215936][ T9435] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.224821][ T9435] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1021.229985][T12054] usb 3-1: new high-speed USB device number 93 using dummy_hcd
[ 1021.341707][   T51] Bluetooth: hci4: command tx timeout
[ 1021.400456][T12054] usb 3-1: Using ep0 maxpacket: 16
[ 1021.410585][T12054] usb 3-1: config 75 has an invalid interface number: 136 but max is 0
[ 1021.421471][T12054] usb 3-1: config 75 has no interface number 0
[ 1021.448594][T12054] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=bc.ca
[ 1021.458094][T12054] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.466468][T12054] usb 3-1: Product: syz
[ 1021.470984][T12054] usb 3-1: Manufacturer: syz
[ 1021.475587][T12054] usb 3-1: SerialNumber: syz
[ 1021.700927][ T9435] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1021.708773][ T9435] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1023.233365][ T9436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1023.269526][ T9436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1023.271586][T12054] ftdi_sio 3-1:75.136: FTDI USB Serial Device converter detected
[ 1023.287889][T12054] ftdi_sio ttyUSB0: unknown device type: 0xbcca
[ 1023.304473][T12054] usb 3-1: USB disconnect, device number 93
[ 1023.356676][T12054] ftdi_sio 3-1:75.136: device disconnected
[ 1024.643677][T17666] SQUASHFS error: Failed to read block 0x0: -5
[ 1024.667702][T17666] unable to read squashfs_super_block
[ 1026.442780][T17666] infiniband syz!: set active
[ 1026.447718][T17666] infiniband syz!: added team_slave_0
[ 1026.455681][T17666] syz!: rxe_create_cq: returned err = -12
[ 1026.462247][T17666] infiniband syz!: Couldn't create ib_mad CQ
[ 1026.468276][T17666] infiniband syz!: Couldn't open port 1
[ 1026.487841][T17666] RDS/IB: syz!: added
[ 1026.492795][T17666] smc: adding ib device syz! with port count 1
[ 1026.500244][T17666] smc:    ib device syz! port 1 has no pnetid
[ 1026.709708][ T5861] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[ 1026.880862][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1026.891837][ T5861] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1026.925917][ T5861] usb 8-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00
[ 1027.014765][ T5923] usb 1-1: new full-speed USB device number 79 using dummy_hcd
[ 1027.040187][ T5861] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1027.120756][ T5861] usb 8-1: config 0 descriptor??
[ 1027.341834][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1027.353395][ T5923] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1027.430137][ T5923] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1027.459417][ T5923] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1027.501180][ T5923] usb 1-1: config 0 descriptor??
[ 1027.512650][ T5923] hub 1-1:0.0: USB hub found
[ 1027.542353][ T5861] konepure 0003:1E7D:2DBE.0018: unknown main item tag 0x1
[ 1027.601212][ T5861] konepure 0003:1E7D:2DBE.0018: unknown main item tag 0x2
[ 1027.710619][ T5861] konepure 0003:1E7D:2DBE.0018: hidraw0: USB HID v0.00 Device [HID 1e7d:2dbe] on usb-dummy_hcd.7-1/input0
[ 1027.972195][ T5923] hub 1-1:0.0: 2 ports detected
[ 1027.990313][ T5861] usb 8-1: USB disconnect, device number 33
[ 1028.100287][T17705] __nla_validate_parse: 8 callbacks suppressed
[ 1028.100299][T17705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2935'.
[ 1028.330436][T17710] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2932'.
[ 1029.138352][ T5923] hub 1-1:0.0: hub_hub_status failed (err = -32)
[ 1029.169542][T17717] netlink: 4400 bytes leftover after parsing attributes in process `syz.3.2936'.
[ 1029.178729][ T5923] hub 1-1:0.0: config failed, can't get hub status (err -32)
[ 1029.216301][ T5923] usbhid 1-1:0.0: can't add hid device: -32
[ 1029.222611][ T5923] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[ 1029.659715][T17717] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2936'.
[ 1029.668808][T17717] netlink: 180 bytes leftover after parsing attributes in process `syz.3.2936'.
[ 1029.920255][ T5923] usb 1-1: USB disconnect, device number 79
[ 1030.580172][T17745] fuse: Bad value for 'fd'
[ 1030.809680][T17729] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1030.909165][T17729] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1030.917981][T17729] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1030.924921][T17729] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1030.934704][T17729] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1030.946157][T17729] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1030.952939][T17729] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1030.970286][T17729] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1032.025909][T17761] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[ 1032.060656][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[ 1032.940090][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1033.019883][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1033.110663][   T30] audit: type=1400 audit(2000000737.623:1146): avc:  denied  { bind } for  pid=17770 comm="syz.7.2951" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[ 1033.791286][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1033.865055][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1033.936835][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1033.961051][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1034.060824][ T5923] usb 8-1: new full-speed USB device number 34 using dummy_hcd
[ 1034.140851][   T51] Bluetooth: hci5: command 0x0405 tx timeout
[ 1034.148846][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1034.168692][T17784] netlink: 60 bytes leftover after parsing attributes in process `syz.1.2954'.
[ 1034.180369][T17796] FAULT_INJECTION: forcing a failure.
[ 1034.180369][T17796] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1034.221552][T17796] CPU: 0 UID: 0 PID: 17796 Comm: syz.2.2958 Not tainted syzkaller #0 PREEMPT(full) 
[ 1034.221577][T17796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1034.221587][T17796] Call Trace:
[ 1034.221593][T17796]  <TASK>
[ 1034.221600][T17796]  dump_stack_lvl+0x16c/0x1f0
[ 1034.221635][T17796]  should_fail_ex+0x512/0x640
[ 1034.221665][T17796]  _copy_from_iter+0x29f/0x1720
[ 1034.221701][T17796]  ? __alloc_skb+0x200/0x380
[ 1034.221725][T17796]  ? __pfx__copy_from_iter+0x10/0x10
[ 1034.221753][T17796]  ? netlink_autobind.isra.0+0x158/0x370
[ 1034.221792][T17796]  netlink_sendmsg+0x820/0xdd0
[ 1034.221814][T17796]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1034.221840][T17796]  ____sys_sendmsg+0xa95/0xc70
[ 1034.221860][T17796]  ? copy_msghdr_from_user+0x10a/0x160
[ 1034.221885][T17796]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1034.221916][T17796]  ___sys_sendmsg+0x134/0x1d0
[ 1034.221943][T17796]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1034.222002][T17796]  __sys_sendmsg+0x16d/0x220
[ 1034.222028][T17796]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1034.222072][T17796]  do_syscall_64+0xcd/0xfa0
[ 1034.222099][T17796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1034.222117][T17796] RIP: 0033:0x7f40edd8eec9
[ 1034.222132][T17796] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1034.222149][T17796] RSP: 002b:00007f40eecd9038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1034.222166][T17796] RAX: ffffffffffffffda RBX: 00007f40edfe5fa0 RCX: 00007f40edd8eec9
[ 1034.222178][T17796] RDX: 0000000000000000 RSI: 0000200000001200 RDI: 0000000000000003
[ 1034.222189][T17796] RBP: 00007f40eecd9090 R08: 0000000000000000 R09: 0000000000000000
[ 1034.222199][T17796] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1034.222210][T17796] R13: 00007f40edfe6038 R14: 00007f40edfe5fa0 R15: 00007ffefb3ca5c8
[ 1034.222236][T17796]  </TASK>
[ 1034.225875][ T5923] usb 8-1: New USB device found, idVendor=055d, idProduct=9002, bcdDevice=23.5e
[ 1034.440407][   T30] audit: type=1400 audit(2000000739.942:1147): avc:  denied  { listen } for  pid=17792 comm="syz.3.2957" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1035.827527][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1035.835586][   T51] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1035.928895][ T5923] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1035.937476][ T5923] usb 8-1: Product: syz
[ 1035.960203][ T5923] usb 8-1: Manufacturer: syz
[ 1035.964859][ T5923] usb 8-1: SerialNumber: syz
[ 1035.972472][ T5923] usb 8-1: config 0 descriptor??
[ 1035.990160][ T5923] pwc: Samsung SNC-35E (v3.0) USB webcam detected.
[ 1036.011884][T17804] block device autoloading is deprecated and will be removed.
[ 1036.022016][T17804] syz.3.2960: attempt to access beyond end of device
[ 1036.022016][T17804] ram201: rw=2048, sector=521328, nr_sectors = 8 limit=8192
[ 1036.927869][ T5923] pwc: Failed to set LED on/off time (-71)
[ 1036.976994][ T5923] pwc: send_video_command error -71
[ 1036.990351][ T5923] pwc: Failed to set video mode VGA@30 fps; return code = -71
[ 1036.997887][ T5923] Philips webcam 8-1:0.0: probe with driver Philips webcam failed with error -71
[ 1037.303001][ T5923] usb 8-1: USB disconnect, device number 34
[ 1037.570140][T17223] usb 4-1: new full-speed USB device number 70 using dummy_hcd
[ 1037.755936][T17223] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1037.900834][ T5810] Bluetooth: hci4: command 0x0c1a tx timeout
[ 1037.906847][ T5810] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1037.941903][T17223] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 1038.145788][T17223] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1038.229802][T17825] FAULT_INJECTION: forcing a failure.
[ 1038.229802][T17825] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1038.230876][T17825] 
[ 1038.230882][T17825] ======================================================
[ 1038.230886][T17825] WARNING: possible circular locking dependency detected
[ 1038.230890][T17825] syzkaller #0 Not tainted
[ 1038.230896][T17825] ------------------------------------------------------
[ 1038.230899][T17825] syz.2.2966/17825 is trying to acquire lock:
[ 1038.230905][T17825] ffffffff8e2d16c0 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x61/0x80
[ 1038.230941][T17825] 
[ 1038.230941][T17825] but task is already holding lock:
[ 1038.230944][T17825] ffff8880b843a398 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1038.230968][T17825] 
[ 1038.230968][T17825] which lock already depends on the new lock.
[ 1038.230968][T17825] 
[ 1038.230971][T17825] 
[ 1038.230971][T17825] the existing dependency chain (in reverse order) is:
[ 1038.230975][T17825] 
[ 1038.230975][T17825] -> #4 (&rq->__lock){-.-.}-{2:2}:
[ 1038.230987][T17825]        _raw_spin_lock_nested+0x31/0x40
[ 1038.231002][T17825]        raw_spin_rq_lock_nested+0x29/0x130
[ 1038.231014][T17825]        task_rq_lock+0xcf/0x490
[ 1038.231025][T17825]        cgroup_move_task+0x81/0x2a0
[ 1038.231039][T17825]        css_set_move_task+0x288/0x5f0
[ 1038.231049][T17825]        cgroup_post_fork+0x201/0x9d0
[ 1038.231062][T17825]        copy_process+0x602d/0x76a0
[ 1038.231075][T17825]        kernel_clone+0xfc/0x930
[ 1038.231087][T17825]        user_mode_thread+0xc8/0x110
[ 1038.231100][T17825]        rest_init+0x23/0x2b0
[ 1038.231110][T17825]        start_kernel+0x3f3/0x4e0
[ 1038.231124][T17825]        x86_64_start_reservations+0x18/0x30
[ 1038.231139][T17825]        x86_64_start_kernel+0x130/0x190
[ 1038.231153][T17825]        common_startup_64+0x13e/0x148
[ 1038.231164][T17825] 
[ 1038.231164][T17825] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[ 1038.231176][T17825]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1038.231189][T17825]        try_to_wake_up+0xb7/0x1870
[ 1038.231200][T17825]        __wake_up_common+0x135/0x1f0
[ 1038.231216][T17825]        __wake_up+0x31/0x60
[ 1038.231229][T17825]        tty_port_default_wakeup+0x47/0x60
[ 1038.231241][T17825]        serial8250_tx_chars+0x68e/0x860
[ 1038.231255][T17825]        serial8250_handle_irq+0x761/0xcb0
[ 1038.231268][T17825]        serial8250_default_handle_irq+0x9e/0x270
[ 1038.231281][T17825]        serial8250_interrupt+0xf5/0x1d0
[ 1038.231295][T17825]        __handle_irq_event_percpu+0x236/0x920
[ 1038.231308][T17825]        handle_irq_event+0xab/0x1e0
[ 1038.231320][T17825]        handle_edge_irq+0x3ca/0x9e0
[ 1038.231331][T17825]        __common_interrupt+0xcd/0x2f0
[ 1038.231344][T17825]        common_interrupt+0xba/0xe0
[ 1038.231355][T17825]        asm_common_interrupt+0x26/0x40
[ 1038.231365][T17825]        pv_native_safe_halt+0xf/0x20
[ 1038.231379][T17825]        default_idle+0x13/0x20
[ 1038.231388][T17825]        default_idle_call+0x6c/0xb0
[ 1038.231398][T17825]        do_idle+0x38d/0x500
[ 1038.231409][T17825]        cpu_startup_entry+0x4f/0x60
[ 1038.231421][T17825]        start_secondary+0x21d/0x2b0
[ 1038.231436][T17825]        common_startup_64+0x13e/0x148
[ 1038.231445][T17825] 
[ 1038.231445][T17825] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[ 1038.231458][T17825]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1038.231471][T17825]        __wake_up+0x1c/0x60
[ 1038.231484][T17825]        tty_port_default_wakeup+0x47/0x60
[ 1038.231495][T17825]        serial8250_tx_chars+0x68e/0x860
[ 1038.231507][T17825]        serial8250_handle_irq+0x761/0xcb0
[ 1038.231520][T17825]        serial8250_default_handle_irq+0x9e/0x270
[ 1038.231534][T17825]        serial8250_interrupt+0xf5/0x1d0
[ 1038.231548][T17825]        __handle_irq_event_percpu+0x236/0x920
[ 1038.231560][T17825]        handle_irq_event+0xab/0x1e0
[ 1038.231572][T17825]        handle_edge_irq+0x3ca/0x9e0
[ 1038.231582][T17825]        __common_interrupt+0xcd/0x2f0
[ 1038.231595][T17825]        common_interrupt+0xba/0xe0
[ 1038.231605][T17825]        asm_common_interrupt+0x26/0x40
[ 1038.231615][T17825]        pv_native_safe_halt+0xf/0x20
[ 1038.231628][T17825]        default_idle+0x13/0x20
[ 1038.231637][T17825]        default_idle_call+0x6c/0xb0
[ 1038.231647][T17825]        do_idle+0x38d/0x500
[ 1038.231658][T17825]        cpu_startup_entry+0x4f/0x60
[ 1038.231671][T17825]        start_secondary+0x21d/0x2b0
[ 1038.231685][T17825]        common_startup_64+0x13e/0x148
[ 1038.231694][T17825] 
[ 1038.231694][T17825] -> #1 (&port_lock_key){-.-.}-{3:3}:
[ 1038.231707][T17825]        _raw_spin_lock_irqsave+0x3a/0x60
[ 1038.231720][T17825]        serial8250_console_write+0x181/0x1890
[ 1038.231736][T17825]        console_flush_all+0x801/0xc60
[ 1038.231753][T17825]        console_unlock+0xd8/0x210
[ 1038.231769][T17825]        vprintk_emit+0x3d7/0x680
[ 1038.231781][T17825]        _printk+0xc7/0x100
[ 1038.231789][T17825]        register_console+0xc2d/0x11b0
[ 1038.231802][T17825]        univ8250_console_init+0x5f/0x90
[ 1038.231817][T17825]        console_init+0x14f/0x680
[ 1038.231831][T17825]        start_kernel+0x29f/0x4e0
[ 1038.231844][T17825]        x86_64_start_reservations+0x18/0x30
[ 1038.231858][T17825]        x86_64_start_kernel+0x130/0x190
[ 1038.231871][T17825]        common_startup_64+0x13e/0x148
[ 1038.231881][T17825] 
[ 1038.231881][T17825] -> #0 (console_owner){-.-.}-{0:0}:
[ 1038.231893][T17825]        __lock_acquire+0x12a6/0x1ce0
[ 1038.231909][T17825]        lock_acquire+0x179/0x350
[ 1038.231921][T17825]        console_lock_spinning_enable+0x72/0x80
[ 1038.231933][T17825]        console_flush_all+0x7aa/0xc60
[ 1038.231944][T17825]        console_unlock+0xd8/0x210
[ 1038.231955][T17825]        vprintk_emit+0x3d7/0x680
[ 1038.231967][T17825]        _printk+0xc7/0x100
[ 1038.231975][T17825]        should_fail_ex+0x4e7/0x640
[ 1038.231991][T17825]        strncpy_from_user+0x3b/0x2e0
[ 1038.232004][T17825]        strncpy_from_user_nofault+0x7f/0x180
[ 1038.232020][T17825]        bpf_bprintf_prepare+0xe90/0x13f0
[ 1038.232030][T17825]        bpf_trace_printk+0xda/0x190
[ 1038.232041][T17825]        bpf_prog_930ede9872f2967c+0x3e/0x44
[ 1038.232049][T17825]        bpf_trace_run2+0x239/0x590
[ 1038.232060][T17825]        __bpf_trace_contention_begin+0xc9/0x110
[ 1038.232076][T17825]        trace_contention_begin.constprop.0+0xde/0x160
[ 1038.232087][T17825]        __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1038.232104][T17825]        do_raw_spin_lock+0x20e/0x2b0
[ 1038.232114][T17825]        raw_spin_rq_lock_nested+0x7e/0x130
[ 1038.232126][T17825]        __schedule+0x307/0x5de0
[ 1038.232139][T17825]        preempt_schedule_irq+0x51/0x90
[ 1038.232153][T17825]        irqentry_exit+0x36/0x90
[ 1038.232168][T17825]        asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1038.232178][T17825]        __asan_memcpy+0x47/0x60
[ 1038.232193][T17825]        vsnprintf+0x691/0x1160
[ 1038.232206][T17825]        snprintf+0xc7/0x100
[ 1038.232218][T17825]        tomoyo_print_ulong+0x9e/0x100
[ 1038.232231][T17825]        tomoyo_path_number_perm+0x3ab/0x580
[ 1038.232246][T17825]        security_file_ioctl+0x9b/0x240
[ 1038.232255][T17825]        __x64_sys_ioctl+0xb7/0x210
[ 1038.232268][T17825]        do_syscall_64+0xcd/0xfa0
[ 1038.232282][T17825]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.232292][T17825] 
[ 1038.232292][T17825] other info that might help us debug this:
[ 1038.232292][T17825] 
[ 1038.232295][T17825] Chain exists of:
[ 1038.232295][T17825]   console_owner --> &p->pi_lock --> &rq->__lock
[ 1038.232295][T17825] 
[ 1038.232309][T17825]  Possible unsafe locking scenario:
[ 1038.232309][T17825] 
[ 1038.232312][T17825]        CPU0                    CPU1
[ 1038.232315][T17825]        ----                    ----
[ 1038.232317][T17825]   lock(&rq->__lock);
[ 1038.232323][T17825]                                lock(&p->pi_lock);
[ 1038.232330][T17825]                                lock(&rq->__lock);
[ 1038.232337][T17825]   lock(console_owner);
[ 1038.232343][T17825] 
[ 1038.232343][T17825]  *** DEADLOCK ***
[ 1038.232343][T17825] 
[ 1038.232345][T17825] 5 locks held by syz.2.2966/17825:
[ 1038.232351][T17825]  #0: ffffffff8eda81b0 (tomoyo_ss){.+.+}-{0:0}, at: tomoyo_path_number_perm+0x237/0x580
[ 1038.232379][T17825]  #1: ffff8880b843a398 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[ 1038.232404][T17825]  #2: ffffffff8e3c44a0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1bc/0x590
[ 1038.232427][T17825]  #3: ffffffff8e3b1b00 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[ 1038.232450][T17825]  #4: ffffffff8e3b1b70 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[ 1038.232474][T17825] 
[ 1038.232474][T17825] stack backtrace:
[ 1038.232479][T17825] CPU: 1 UID: 0 PID: 17825 Comm: syz.2.2966 Not tainted syzkaller #0 PREEMPT(full) 
[ 1038.232491][T17825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1038.232497][T17825] Call Trace:
[ 1038.232501][T17825]  <TASK>
[ 1038.232505][T17825]  dump_stack_lvl+0x116/0x1f0
[ 1038.232521][T17825]  print_circular_bug+0x275/0x350
[ 1038.232537][T17825]  check_noncircular+0x14c/0x170
[ 1038.232554][T17825]  __lock_acquire+0x12a6/0x1ce0
[ 1038.232573][T17825]  lock_acquire+0x179/0x350
[ 1038.232582][T17825]  ? console_lock_spinning_enable+0x61/0x80
[ 1038.232595][T17825]  ? console_lock_spinning_enable+0x4a/0x80
[ 1038.232608][T17825]  console_lock_spinning_enable+0x72/0x80
[ 1038.232621][T17825]  ? console_lock_spinning_enable+0x61/0x80
[ 1038.232633][T17825]  console_flush_all+0x7aa/0xc60
[ 1038.232647][T17825]  ? __pfx_console_flush_all+0x10/0x10
[ 1038.232663][T17825]  ? is_printk_cpu_sync_owner+0x32/0x40
[ 1038.232678][T17825]  console_unlock+0xd8/0x210
[ 1038.232690][T17825]  ? __pfx_console_unlock+0x10/0x10
[ 1038.232702][T17825]  ? do_raw_spin_unlock+0xe0/0x230
[ 1038.232714][T17825]  ? _printk+0xc7/0x100
[ 1038.232723][T17825]  ? __down_trylock_console_sem+0xb0/0x140
[ 1038.232736][T17825]  vprintk_emit+0x3d7/0x680
[ 1038.232756][T17825]  ? __pfx_vprintk_emit+0x10/0x10
[ 1038.232771][T17825]  ? __perf_event_task_sched_in+0x27a/0xa10
[ 1038.232788][T17825]  _printk+0xc7/0x100
[ 1038.232797][T17825]  ? __pfx__printk+0x10/0x10
[ 1038.232807][T17825]  ? mark_held_locks+0x49/0x80
[ 1038.232822][T17825]  ? __pfx____ratelimit+0x10/0x10
[ 1038.232836][T17825]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1038.232852][T17825]  should_fail_ex+0x4e7/0x640
[ 1038.232868][T17825]  strncpy_from_user+0x3b/0x2e0
[ 1038.232883][T17825]  strncpy_from_user_nofault+0x7f/0x180
[ 1038.232899][T17825]  bpf_bprintf_prepare+0xe90/0x13f0
[ 1038.232914][T17825]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[ 1038.232925][T17825]  ? lock_acquire+0x179/0x350
[ 1038.232936][T17825]  ? bpf_trace_run2+0x3e1/0x590
[ 1038.232948][T17825]  bpf_trace_printk+0xda/0x190
[ 1038.232958][T17825]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1038.232971][T17825]  ? bpf_trace_run2+0x3e1/0x590
[ 1038.232983][T17825]  ? mark_held_locks+0x49/0x80
[ 1038.233000][T17825]  bpf_prog_930ede9872f2967c+0x3e/0x44
[ 1038.233008][T17825]  bpf_trace_run2+0x239/0x590
[ 1038.233020][T17825]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1038.233035][T17825]  __bpf_trace_contention_begin+0xc9/0x110
[ 1038.233052][T17825]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[ 1038.233070][T17825]  ? __pfx___schedule+0x10/0x10
[ 1038.233084][T17825]  ? __lock_acquire+0x62e/0x1ce0
[ 1038.233101][T17825]  trace_contention_begin.constprop.0+0xde/0x160
[ 1038.233114][T17825]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1038.233131][T17825]  ? __lock_acquire+0xb97/0x1ce0
[ 1038.233147][T17825]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 1038.233166][T17825]  do_raw_spin_lock+0x20e/0x2b0
[ 1038.233178][T17825]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1038.233189][T17825]  ? rcu_qs+0x2b/0xe0
[ 1038.233201][T17825]  ? rcu_note_context_switch+0x192/0x1e00
[ 1038.233215][T17825]  raw_spin_rq_lock_nested+0x7e/0x130
[ 1038.233228][T17825]  ? preempt_schedule_irq+0x51/0x90
[ 1038.233243][T17825]  __schedule+0x307/0x5de0
[ 1038.233256][T17825]  ? unwind_get_return_address+0x59/0xa0
[ 1038.233268][T17825]  ? arch_stack_walk+0xa6/0x100
[ 1038.233282][T17825]  ? stack_trace_save+0x8e/0xc0
[ 1038.233297][T17825]  ? __pfx___schedule+0x10/0x10
[ 1038.233310][T17825]  ? stack_depot_save_flags+0x29/0x9c0
[ 1038.233326][T17825]  ? __lock_acquire+0xb97/0x1ce0
[ 1038.233344][T17825]  ? mark_held_locks+0x49/0x80
[ 1038.233360][T17825]  preempt_schedule_irq+0x51/0x90
[ 1038.233375][T17825]  irqentry_exit+0x36/0x90
[ 1038.233390][T17825]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1038.233400][T17825] RIP: 0010:__asan_memcpy+0x47/0x60
[ 1038.233416][T17825] Code: ef e8 1d ef ff ff 84 c0 74 2b 48 8b 4c 24 18 ba 01 00 00 00 48 89 de 4c 89 e7 e8 04 ef ff ff 84 c0 74 12 48 89 da 48 89 ee 5b <4c> 89 e7 5d 41 5c e9 3e 40 40 09 5b 31 c0 5d 41 5c c3 cc cc cc cc
[ 1038.233427][T17825] RSP: 0018:ffffc90005827a30 EFLAGS: 00000202
[ 1038.233435][T17825] RAX: 0000000000000001 RBX: ffffffff8be96da2 RCX: ffffffff8b627fe1
[ 1038.233442][T17825] RDX: 0000000000000002 RSI: ffffffff8be96da0 RDI: ffffc90005827e00
[ 1038.233448][T17825] RBP: ffffffff8be96da0 R08: 0000000000000001 R09: fffff52000b04fc0
[ 1038.233455][T17825] R10: ffffc90005827e01 R11: 0000000000000000 R12: ffffc90005827e00
[ 1038.233461][T17825] R13: ffffffff8be96da0 R14: 0000000000000000 R15: 0000000000000002
[ 1038.233469][T17825]  ? vsnprintf+0x691/0x1160
[ 1038.233484][T17825]  vsnprintf+0x691/0x1160
[ 1038.233499][T17825]  ? __pfx_vsnprintf+0x10/0x10
[ 1038.233514][T17825]  snprintf+0xc7/0x100
[ 1038.233528][T17825]  ? __pfx_snprintf+0x10/0x10
[ 1038.233541][T17825]  ? kfree+0x2b8/0x6d0
[ 1038.233555][T17825]  ? tomoyo_check_path_number_acl+0xa6/0x2f0
[ 1038.233572][T17825]  tomoyo_print_ulong+0x9e/0x100
[ 1038.233586][T17825]  tomoyo_path_number_perm+0x3ab/0x580
[ 1038.233602][T17825]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1038.233618][T17825]  ? find_held_lock+0x2b/0x80
[ 1038.233636][T17825]  ? find_held_lock+0x2b/0x80
[ 1038.233649][T17825]  ? hook_file_ioctl_common+0x145/0x410
[ 1038.233665][T17825]  ? __fget_files+0x20e/0x3c0
[ 1038.233676][T17825]  security_file_ioctl+0x9b/0x240
[ 1038.233687][T17825]  __x64_sys_ioctl+0xb7/0x210
[ 1038.233701][T17825]  do_syscall_64+0xcd/0xfa0
[ 1038.233717][T17825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1038.233727][T17825] RIP: 0033:0x7f40edd8eec9
[ 1038.233738][T17825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1038.233753][T17825] RSP: 002b:00007f40eecb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1038.233765][T17825] RAX: ffffffffffffffda RBX: 00007f40edfe6090 RCX: 00007f40edd8eec9
[ 1038.233771][T17825] RDX: 00002000000001c0 RSI: 0000000000003ba0 RDI: 0000000000000005
[ 1038.233778][T17825] RBP: 00007f40eecb8090 R08: 0000000000000000 R09: 0000000000000000
[ 1038.233784][T17825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1038.233790][T17825] R13: 00007f40edfe6128 R14: 00007f40edfe6090 R15: 00007ffefb3ca5c8
[ 1038.233801][T17825]  </TASK>
[ 1039.620585][T17825] CPU: 1 UID: 0 PID: 17825 Comm: syz.2.2966 Not tainted syzkaller #0 PREEMPT(full) 
[ 1039.620601][T17825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 1039.620608][T17825] Call Trace:
[ 1039.620612][T17825]  <TASK>
[ 1039.620617][T17825]  dump_stack_lvl+0x116/0x1f0
[ 1039.620636][T17825]  should_fail_ex+0x512/0x640
[ 1039.620658][T17825]  strncpy_from_user+0x3b/0x2e0
[ 1039.620673][T17825]  strncpy_from_user_nofault+0x7f/0x180
[ 1039.620691][T17825]  bpf_bprintf_prepare+0xe90/0x13f0
[ 1039.620704][T17825]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[ 1039.620715][T17825]  ? lock_acquire+0x179/0x350
[ 1039.620727][T17825]  ? bpf_trace_run2+0x3e1/0x590
[ 1039.620746][T17825]  bpf_trace_printk+0xda/0x190
[ 1039.620764][T17825]  ? __pfx_bpf_trace_printk+0x10/0x10
[ 1039.620776][T17825]  ? bpf_trace_run2+0x3e1/0x590
[ 1039.620789][T17825]  ? mark_held_locks+0x49/0x80
[ 1039.620806][T17825]  bpf_prog_930ede9872f2967c+0x3e/0x44
[ 1039.620814][T17825]  bpf_trace_run2+0x239/0x590
[ 1039.620827][T17825]  ? __pfx_bpf_trace_run2+0x10/0x10
[ 1039.620842][T17825]  __bpf_trace_contention_begin+0xc9/0x110
[ 1039.620859][T17825]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[ 1039.620878][T17825]  ? __pfx___schedule+0x10/0x10
[ 1039.620892][T17825]  ? __lock_acquire+0x62e/0x1ce0
[ 1039.620911][T17825]  trace_contention_begin.constprop.0+0xde/0x160
[ 1039.620924][T17825]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[ 1039.620941][T17825]  ? __lock_acquire+0xb97/0x1ce0
[ 1039.620958][T17825]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[ 1039.620977][T17825]  do_raw_spin_lock+0x20e/0x2b0
[ 1039.620989][T17825]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1039.621000][T17825]  ? rcu_qs+0x2b/0xe0
[ 1039.621012][T17825]  ? rcu_note_context_switch+0x192/0x1e00
[ 1039.621027][T17825]  raw_spin_rq_lock_nested+0x7e/0x130
[ 1039.621041][T17825]  ? preempt_schedule_irq+0x51/0x90
[ 1039.621055][T17825]  __schedule+0x307/0x5de0
[ 1039.621069][T17825]  ? unwind_get_return_address+0x59/0xa0
[ 1039.621082][T17825]  ? arch_stack_walk+0xa6/0x100
[ 1039.621096][T17825]  ? stack_trace_save+0x8e/0xc0
[ 1039.621111][T17825]  ? __pfx___schedule+0x10/0x10
[ 1039.621124][T17825]  ? stack_depot_save_flags+0x29/0x9c0
[ 1039.621140][T17825]  ? __lock_acquire+0xb97/0x1ce0
[ 1039.621158][T17825]  ? mark_held_locks+0x49/0x80
[ 1039.621174][T17825]  preempt_schedule_irq+0x51/0x90
[ 1039.621189][T17825]  irqentry_exit+0x36/0x90
[ 1039.621205][T17825]  asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1039.621216][T17825] RIP: 0010:__asan_memcpy+0x47/0x60
[ 1039.621233][T17825] Code: ef e8 1d ef ff ff 84 c0 74 2b 48 8b 4c 24 18 ba 01 00 00 00 48 89 de 4c 89 e7 e8 04 ef ff ff 84 c0 74 12 48 89 da 48 89 ee 5b <4c> 89 e7 5d 41 5c e9 3e 40 40 09 5b 31 c0 5d 41 5c c3 cc cc cc cc
[ 1039.621243][T17825] RSP: 0018:ffffc90005827a30 EFLAGS: 00000202
[ 1039.621253][T17825] RAX: 0000000000000001 RBX: ffffffff8be96da2 RCX: ffffffff8b627fe1
[ 1039.621260][T17825] RDX: 0000000000000002 RSI: ffffffff8be96da0 RDI: ffffc90005827e00
[ 1039.621266][T17825] RBP: ffffffff8be96da0 R08: 0000000000000001 R09: fffff52000b04fc0
[ 1039.621273][T17825] R10: ffffc90005827e01 R11: 0000000000000000 R12: ffffc90005827e00
[ 1039.621279][T17825] R13: ffffffff8be96da0 R14: 0000000000000000 R15: 0000000000000002
[ 1039.621287][T17825]  ? vsnprintf+0x691/0x1160
[ 1039.621303][T17825]  vsnprintf+0x691/0x1160
[ 1039.621318][T17825]  ? __pfx_vsnprintf+0x10/0x10
[ 1039.621334][T17825]  snprintf+0xc7/0x100
[ 1039.621347][T17825]  ? __pfx_snprintf+0x10/0x10
[ 1039.621360][T17825]  ? kfree+0x2b8/0x6d0
[ 1039.621375][T17825]  ? tomoyo_check_path_number_acl+0xa6/0x2f0
[ 1039.621392][T17825]  tomoyo_print_ulong+0x9e/0x100
[ 1039.621407][T17825]  tomoyo_path_number_perm+0x3ab/0x580
[ 1039.621424][T17825]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1039.621440][T17825]  ? find_held_lock+0x2b/0x80
[ 1039.621458][T17825]  ? find_held_lock+0x2b/0x80
[ 1039.621471][T17825]  ? hook_file_ioctl_common+0x145/0x410
[ 1039.621486][T17825]  ? __fget_files+0x20e/0x3c0
[ 1039.621497][T17825]  security_file_ioctl+0x9b/0x240
[ 1039.621509][T17825]  __x64_sys_ioctl+0xb7/0x210
[ 1039.621524][T17825]  do_syscall_64+0xcd/0xfa0
[ 1039.621540][T17825]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1039.621550][T17825] RIP: 0033:0x7f40edd8eec9
[ 1039.621559][T17825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1039.621569][T17825] RSP: 002b:00007f40eecb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1039.621578][T17825] RAX: ffffffffffffffda RBX: 00007f40edfe6090 RCX: 00007f40edd8eec9
[ 1039.621585][T17825] RDX: 00002000000001c0 RSI: 0000000000003ba0 RDI: 0000000000000005
[ 1039.621591][T17825] RBP: 00007f40eecb8090 R08: 0000000000000000 R09: 0000000000000000
[ 1039.621598][T17825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1039.621604][T17825] R13: 00007f40edfe6128 R14: 00007f40edfe6090 R15: 00007ffefb3ca5c8
[ 1039.621614][T17825]  </TASK>
[ 1040.363765][T17223] usb 4-1: config 0 descriptor??
[ 1040.380128][T17223] usb 4-1: can't set config #0, error -71
[ 1040.396827][T17223] usb 4-1: USB disconnect, device number 70