last executing test programs:

2m41.433006565s ago: executing program 1 (id=534):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
dup2(0xffffffffffffffff, r0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235000800000f3066baf80cb8b58eb48aef66bafc0cec0fe72d16da0000c4c37d054e0000b93c090000b80000c0feba000000000f30df180f20583e650f01c9660fdcd42e0f78dc", 0x4e}], 0x1, 0x90, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$sysctl(0xffffffffffffffff, &(0x7f0000000180)='4\x00', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0}, 0x400d0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r8, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xe, 0x0, 0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4040000)
sendmsg$NFT_BATCH(r8, 0x0, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4d008}, 0x2000c000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0xc0, 0x1400}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg2\x00'}]}, 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)
ioctl$sock_SIOCGPGRP(r9, 0x8904, &(0x7f00000001c0))
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081200000bfa30000000000000703000002feffff720af0fff8ffffff91a4f0ff000000006b030000000000001d400500000000004704000001ed000072030200000000001d44000000000000730a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

2m36.499297044s ago: executing program 1 (id=543):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x10, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME={0xc, 0x8, 0x7fffffffffffffff}]}}]}, 0x40}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x103802, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mount(0x0, &(0x7f0000000140)='./cgroup\x00', 0x0, 0x345c14ed3863a686, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80fae0090f000000000000a2bc5603ca00000f7f89000000200000004a2471083ec6811778581acb6c0101ff0000000309", 0x48}], 0x1)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0xa890)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000500)={0x0, 0x0, @ioapic={0x1cccd2002, 0x5, 0x9, 0x1, 0x0, [{0x6, 0x2, 0x6, '\x00', 0x1}, {0x2, 0x6, 0x3, '\x00', 0xf}, {0x3, 0xc, 0x1}, {0x0, 0x40, 0x5, '\x00', 0x8}, {0xf8, 0x5, 0x4, '\x00', 0xc0}, {0x40, 0x9, 0x10, '\x00', 0x9b}, {0x0, 0xf7, 0x0, '\x00', 0x6}, {0x5, 0x6, 0xe1, '\x00', 0x40}, {0x9, 0x6, 0x5, '\x00', 0x1}, {0x8, 0x7, 0x9d, '\x00', 0x61}, {0x2, 0x9e, 0x3, '\x00', 0x9}, {0x80, 0x9, 0x81, '\x00', 0x7}, {0x5, 0x6, 0x9, '\x00', 0x8c}, {0x3, 0xfa, 0x9, '\x00', 0xf}, {0x76, 0x7, 0x8, '\x00', 0x5}, {0x1, 0x9, 0x1, '\x00', 0xc}, {0x4, 0x8, 0xfb, '\x00', 0x6}, {0x5, 0x2, 0x6, '\x00', 0x9}, {0x1, 0xb, 0xe, '\x00', 0x80}, {0x7, 0x2, 0x2, '\x00', 0x8}, {0x3, 0x9, 0x7, '\x00', 0x10}, {0x7, 0x81, 0x0, '\x00', 0x7}, {0x7, 0x10, 0x7, '\x00', 0x81}, {0xbc, 0x2, 0x5, '\x00', 0x1}]}})
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r7, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)={0x3c, r8, 0x101, 0x80, 0x80200, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @chandef_params, @NL80211_ATTR_KEYS={0x1c, 0x51, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11}]}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x200040c0}, 0x48800)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r6, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="00022bbd7000fddbdf25a871ba401e5540ca0958752200000008000300", @ANYRES32=0x0, @ANYBLOB='\f\x00X\x00\t\x00\x00\x00\x00\x00\x00\x00\f\x00X\x009\x00\x00\x00\x00\x00\x00\x00\f\x00X\x00d\x00\x00\x00\x00\x00\x00\x00\f\x00X\x00z\x00\x00\x00\x00\x00\x00\x00'], 0x4c}, 0x1, 0x0, 0x0, 0x40}, 0x4000800)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)

2m34.838198632s ago: executing program 1 (id=549):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sendmsg$nl_netfilter(0xffffffffffffffff, 0x0, 0x20000045)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002340), 0x40800)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000002380)={{0x0, 0x1}, 0x0, 0x8000, 0x4, {0x0, 0x1}, 0x5, 0x800})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000005580)=""/102392, 0x18ff8)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x4, 0x0, 0x717e387b, 0x40, "1ae34e06a6ffffff7f0000000040794233a5bd", 0x4, 0x2})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r2, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0xf9)
r3 = openat$sequencer(0xffffff9c, &(0x7f0000001bc0), 0x88302, 0x0)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(r3, 0x4004510d, &(0x7f0000000000))
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000180)=0x6)
r4 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000080)={{0x3, 0x1}})
ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r5, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r6, 0x3}}, 0x10)

2m32.36126918s ago: executing program 1 (id=556):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x6, 0x4, 0x0, 0x0, 0x0, 0x0, 0x9, 0xff, 0x0, 0x0, 0x0, 0x3}})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x3e7, &(0x7f0000001ac0)={&(0x7f0000000000)=ANY=[@ANYBLOB="200000002d00010026bdf000fcdbdf25040000000400190008000c"], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

2m32.026555931s ago: executing program 1 (id=558):
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x146b, 0x902, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
rt_tgsigqueueinfo(0x0, 0x0, 0x36, 0x0)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000000)='console\x00', 0xffffffffffffffff, 0x0, 0x2}, 0x18)
r1 = fcntl$getown(r0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x80000000005, 0x100000001000087}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x14, &(0x7f0000000040)=0x6)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x40)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000100)=ANY=[])
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r6 = landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f0000000340)={0x2000, r7}, 0x0)
landlock_restrict_self(r6, 0x0)
landlock_restrict_self(r6, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)

2m28.738373192s ago: executing program 1 (id=568):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x6, 0x0, 0x0)
setreuid(0xee01, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='attr/prev\x00')
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x2040400)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000ff9000000000b70000000000000085032e0200"/32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0x9}, 0x18)
syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
sync()
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x1b0)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x200000005c832, r0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
socket$packet(0x11, 0x3, 0x300)

2m13.001120123s ago: executing program 32 (id=568):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0x6, 0x0, 0x0)
setreuid(0xee01, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='attr/prev\x00')
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
unshare(0x2040400)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x840, 0x0, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000ff9000000000b70000000000000085032e0200"/32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4, 0x0, 0x9}, 0x18)
syz_clone(0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
sync()
setsockopt$inet6_IPV6_HOPOPTS(r5, 0x29, 0x36, &(0x7f0000000300)=ANY=[], 0x1b0)
bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[], 0x48)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3000003, 0x200000005c832, r0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
socket$packet(0x11, 0x3, 0x300)

17.172338087s ago: executing program 5 (id=931):
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x4c001)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='illinois\x00', 0x9)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000080))
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, 0x0, 0xa000000)

16.139448678s ago: executing program 5 (id=935):
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0xc, 0xe, &(0x7f0000000b00)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff6a0af0fff8ffff1971a400fe00000000b7060000080000001e64000000000000450403000100ff801704000001000a00b7040000ff010000720af2fe000000008500000049000000b700000070b2000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d761ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a8321e056acf27c34bed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb93ce1c0983cdcb48477b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e44c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6bc7c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c460880000000000000000000000000000007a4604baa70bda5d5f18f54e9638350a6dd81a55ab5528efd1ef5a564908db7cce99e5c569c2947763b90e03b6d1a53b590e4ff4867f0d86b9af58244866b9df33634c8d85ce1b3bfa3e5bec6989c907c2f46b9a837676e07d87bb7dba3f34694ceb5b9faf10eece00bcfd503ed3f3048782665a848d79e443de4ba97db3a9bde69be7612cb1441c61eadd5bb4494ff2eb189c2ab3a241c12f764c0719650c1b"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000080), 0x60, 0x10, &(0x7f0000000340), 0xfffffffffffffdef, 0x0, 0xffffffffffffffff, 0xfffffffffffffe96}, 0x42)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000100)={0x4, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @local}}}, 0x108)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x2)
readv(r5, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r6 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18, 0x0, 0x0, {0x1}}, 0x18)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
write$FUSE_INIT(r6, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x2b, 0x2, 0x14204000, 0xf800, 0xffb9, 0xa, 0x800, 0x0, 0x0, 0x8, 0x2}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB='\x00'])
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, 0x0, 0x0)
getsockopt$packet_int(r3, 0x107, 0x18, 0x0, &(0x7f0000000040))
writev(r2, &(0x7f0000000240)=[{&(0x7f0000000080)="390000001300090468fe0700000000000000ff3f04000000480100100000000004002b000a00010014a4ee1ee438d2fd000000000000", 0x36}], 0x320)
close(0x3)
socket$inet6(0xa, 0x2, 0x0)
bind$ax25(r0, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48)

11.905683185s ago: executing program 5 (id=940):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
open(&(0x7f0000000140)='./file1\x00', 0x60142, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
write$FUSE_INIT(r1, &(0x7f0000002300)={0x50, 0x0, r2, {0x7, 0x9, 0x0, 0x1030002}}, 0x50)
read$FUSE(r1, &(0x7f00000065c0)={0x2020, 0x0, <r3=>0x0}, 0x2020)
io_setup(0x8a18, &(0x7f0000000040)=<r4=>0x0)
io_cancel(r4, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x6, r0, &(0x7f0000002280)="730943b08ab035c728d3bb90b6386b9338fe905c975ee62498eac730059e261f0e20a7a70b77142b225e752b8d6b8639f5734372309793d211d3118cce38ddef314649e1740ce85b96bc7276", 0x4c, 0x1, 0x0, 0x2}, &(0x7f0000002380))
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x44400, 0x44)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x20080, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
dup3(r5, r1, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x300, 0x300, 0x0, 0x0, 0x0, 0x37a0}, 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)

11.666427951s ago: executing program 3 (id=943):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TCSETAF(0xffffffffffffffff, 0x5408, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, 0x0)
read$msr(r0, &(0x7f0000000680)=""/102372, 0x18fe4)
socketpair(0x5, 0x4, 0x6, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_GATEWAYS(r2, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYRES32=r1, @ANYRESDEC=r1, @ANYBLOB="ff830500000700ffffff0800000002d11b0432ee8dd9e7742285de95723a50b37ef928d724eef451487ed4ea2e8c9d0228a2b973a8c0050b74d9673221a9d4eaa10f2fd217a30097b00620bc2fd1dc575e013175f5f425cbc87b0810000061f8d33d6f2ec6466002477e3d47165e9af7f06590d7158d5a28bbf96454c09767ce3273c6517b656f115f4c85401d9887134b5c2e0c81b9a498dad3463c32b225d67cb83c2e68c35bc47d198ce70069cafe2deec5176b34ebfd203981fc74f1a9159f0b47ea167afc171337a44a296a0b6a45831ce8e8d84be323fec329f7e17f4f87031202b3495fffdd1a5c0b0a9db2e1684f9bc3a65ed8db06558eaed193f651bdfe9466a18889a9534fe884b00d17efe96e8b4fcfbd7376280bba18a7ec152f611ef6530cf2d4f5a0465e1dfa4fc0f48d3e4781a872e92a085de283bac3d7b21a60d08ac5bba1504a18ce25734e161141612238b0e763dea72cdea9b925405387e04f69e46f51844a088b474ae29acb1ac919325ce3780e2a707c6ead20ef202c63f0ffd7f2701fce6f1b4ede6d1618c6d34a33aad627a3ff62d4be518e149d49332bf9c400a2366f17c1c28ed5aaeaf6abd23467", @ANYRES16=r2], 0x4}}, 0x80)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2800000070000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="10000180040004800800010065794931072a71"], 0x28}}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="44000086", @ANYRES16=r4, @ANYBLOB="100026bd7000fedbdf250700000008003a0003000000050033000000000008000b0000000000080039000500000008000600", @ANYRES32=r6, @ANYBLOB="0500330000000000"], 0x44}}, 0x850)
r7 = socket(0x10, 0x2, 0x0)
write(r7, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x24000040}, 0x4000004)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$NL80211_CMD_DEL_NAN_FUNCTION(r3, &(0x7f00000196c0)={&(0x7f0000000300), 0xc, &(0x7f0000019680)={&(0x7f0000000600)={0x34, 0x0, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x4}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x55}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20008090)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10)

11.495678619s ago: executing program 2 (id=944):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r0, 0x110, 0x5, 0x0, 0x4)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r2 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
close(r2)
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000", 0x14}], 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="b000000010003b0cfeffffff0000000000000000", @ANYRES32=r5, @ANYBLOB="0000000006100000900012800b000100697036767469000080000280080002000101000008000300bf0f000008000600ff03000008000200d7c60000080006000600000008000100", @ANYRES32=r5, @ANYBLOB="2efd0100", @ANYRES32=r5, @ANYBLOB="0800020001e4000014000500fe880000000000000000000000000001140005000702000000000000000000000000000114000500fc0000000000ff000000000000000000"], 0xb0}}, 0x40080c0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, r7, 0x0, <r8=>0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r6, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r8, 0x0, r7})
r9 = syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2)
ioctl$VIDIOC_G_PARM(r9, 0xc0cc5615, &(0x7f0000000200)={0x2, @raw_data="01890e075f0c4c5c12215b57f8f126d792d1483c7c308f4bb4d45d3d938a432875b310b9c0f6be88e2c9729aa33170863a85a60f2b0ecdb61e6dd59ac9bee00e6e58cc5cc9be70dc5a7e663ae8138a2ae53c771409db79b273d413eae5d6f296a78567114b7c149009976b4f4e745e3d4d524f4899466dff7b095230748ee6f72cc96105b6f465ed737da362cbe05b5c8c60cef55daf99e817c0fcd5b3fe6167add1c8b2bf262c1e4d523167720858d7071fb8e51e785e9cc556388cd2245fe8cfa01ecd03b69ef1"})
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r9, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8f, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0xacc, 0x402, 0x0, 0x3, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x0, {0x45}, 0xcd, 0x3}})
socket$nl_route(0x10, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

11.163810341s ago: executing program 5 (id=945):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
r1 = syz_open_procfs(r0, &(0x7f0000000040)='net\x00')
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5)
write$cgroup_pid(r1, &(0x7f0000000240)=r0, 0x12)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB], 0x48)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000002600)=ANY=[@ANYBLOB, @ANYRES32=<r7=>0x0, @ANYRES32=<r8=>0x0], 0x228}}, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYRESOCT=r9, @ANYRES64=r7, @ANYRES32, @ANYRES8=r9, @ANYRES32, @ANYRES64=r5, @ANYRES16=r8], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0xb, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r10}, 0x10)
r11 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r11, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r11, 0x40946400, &(0x7f0000000180)={'aio_aio12_8\x00', [0x2000, 0x36, 0x2, 0x3, 0x5, 0xcc1, 0xf, 0x7, 0xa, 0xe8aa, 0x2, 0x1, 0xffffbffd, 0x1, 0x0, 0xffffffff, 0x0, 0x0, 0x3ff, 0x4000002f, 0x99, 0x4, 0x0, 0x20001e57, 0x7, 0xe6b, 0x3c, 0xd0, 0x2, 0xffffffff, 0xfce]})

10.742723174s ago: executing program 3 (id=946):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="010000000000e5ff08010040"])
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a20000000000a010400000000000000000100ffff0900010073797a30000000002c000000030a01010001000000000000010040000900010073797a30000000000900030073797a310000000094000000060a010400000000000000000100000008000b40000000006c000480340001800b000100657874686472000024000280080001400000000c080003400000000008000440000000220500020007000000340001800c00010062697477697365002400028008000140000000140800034000000002080002400000001208000800000000000900010073797a30"], 0x108}}, 0x0)

10.247716875s ago: executing program 2 (id=947):
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r0, &(0x7f0000002c00)=[{{0x0, 0x0, 0x0}, 0x200001}, {{0x0, 0x0, 0x0}, 0x80000001}, {{0x0, 0x0, 0x0}, 0x401}, {{0x0, 0x0, 0x0}, 0x260d}, {{0x0, 0x0, 0x0}, 0x40}, {{0x0, 0x0, 0x0}, 0x409}, {{0x0, 0x0, &(0x7f0000001900)=[{&(0x7f00000007c0)=""/4112, 0x1010}, {&(0x7f0000006080)=""/4085, 0xff5}, {&(0x7f00000000c0)=""/115, 0x73}, {&(0x7f00000003c0)=""/83, 0x53}, {&(0x7f0000000240)=""/95, 0x5f}, {&(0x7f0000000340)=""/106, 0x6a}, {&(0x7f0000001800)=""/203, 0xcb}, {&(0x7f0000000440)=""/67, 0x43}, {&(0x7f0000001980)=""/229, 0xe5}], 0x9}, 0x4d9}, {{0x0, 0x0, 0x0}, 0x20c78}], 0x8, 0x0, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b19, &(0x7f0000000000)={'pim6reg1\x00', @link_local})
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_rose_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, @bcast, @bpq0, 0x0, [@bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r4, &(0x7f0000000200)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000140)={'tunl0\x00', &(0x7f00000004c0)={'gre0\x00', <r5=>0x0, 0x1, 0x20, 0x80000000, 0x7, {{0x2b, 0x4, 0x3, 0x9, 0xac, 0x65, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, {[@generic={0x94, 0xe, "47d4daf30d60e76f1661e343"}, @cipso={0x86, 0x29, 0xffffffffffffffff, [{0x5, 0xb, "010f8bf5ea79d5f3a5"}, {0x6, 0x5, "834c96"}, {0x9, 0x8, "fd9ee2c5024b"}, {0x0, 0xb, "91aa36f27c90608902"}]}, @noop, @timestamp_prespec={0x44, 0x1c, 0xf9, 0x3, 0x3, [{@loopback, 0x5}, {@dev={0xac, 0x14, 0x14, 0x2e}, 0x100}, {@multicast1}]}, @timestamp={0x44, 0x14, 0xff, 0x0, 0xd, [0x101, 0x80000001, 0x7, 0x4]}, @timestamp_addr={0x44, 0x24, 0xe2, 0x1, 0x6, [{@dev={0xac, 0x14, 0x14, 0x13}, 0x5}, {@loopback, 0x5}, {@loopback, 0xf}, {@multicast2, 0x4}]}, @ra={0x94, 0x4}, @lsrr={0x83, 0x7, 0x70, [@multicast1]}, @end]}}}}})
sendmsg$kcm(r0, &(0x7f0000002b00)={&(0x7f00000005c0)=@ll={0x11, 0x1, r5, 0x1, 0x2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x80, &(0x7f0000002a80)=[{&(0x7f00000001c0)="e95944e07d40a24596512108a44e1d23d383faa8eb7162", 0x17}, {&(0x7f0000000640)="cd4c7dbbf5b638d8049fcd606fa57748b4dfa4e3fb43488854b26490dcdc5d3e0351ed16c2667d8c4319c2818253cbea8cc0a1e1584d919e3e477974f6e47102ca8b707ca2c8bd0c3aa885935594253f65710bec0b383e92da82fa9f5a5fe872bfb2681736ab7e9ee5a658306edb1d92201540f90683a5713599fa16382af55403fca5f53de0a419c0b09e65236a0d8cb0b01bf19473d92e6220e83278ef634aaba008987d4945622b312b6af491c9ce971e37e2a24fac8eb465dbf4cbbff6527453cfeccbf04f3c27874706d4a333e9d4432347237df7ec4789c2a670f34166b4ee7dbdfbaacf02ab451b50fdfb29fe9008", 0xf2}, {&(0x7f0000001a80)="07015dc103b9c59236ae18692e4696648ad5e463c1644572b5a9401d585f3d09818c2b42929bd466314efec351ccc2e0eb2abb988d0470b2c73ff5ecea760a7fbec6d0396a1b4100e89c3b32619b94eeb93401b4a02bbc2c10648353a75b4bdcbfcb320b3cb810893f0dfb330a0e33e2972008b25dce91cabcb2dc7ce12888e7ce845afc73a3bf54d27e20168b396657e7829ef325ad5433f4289436c8fef1bdb3b587b94a747289eb9ba3c4425a51e411033ab765a1f92603f789541ead613a81f556ef313a0fe19d3106fde6060b673b96bb15a1beee5cc2aa86d68f8a4d23760d630170081bce30a3cd0a56a46f7f61577de5c679b9f1bc8eedb846337fc386fb385d3658710aaf4cdf3a3953d5eb24bc3cedea5e497976ecb89e1b2650f794cbe9b2fa58e397a1966070b8edb5b783ee908da819b0b6272d5bec550d91b4092879387e3b85a8bdebba77da220e2168180bb0b7aabd869639be44d6b0b8b8c23d2eaaa0118d77d90231d0d06250011597cfd2d89c27b60088c2dad7ee09762b2075ba16edab6e27fab62d69f8ebef645bc873bef425121fbc0be1b76d92b3e886c0e56c9aa339a4f6f220a745a1b97bbfef2f3edec906af2b0114d02f668a22a4ddbcb204fc590f76b63bbd36e30db91fdbfd4862a8eaff30511b3edf0d8f0cadcb5510b8f7195216ad827c84c82ec88fce139fd52b86dbbc537e254838e2588fba9ecef8f1a955063a8dc0deb0c808e8266a89a04c03d47ee3fd711bf62598b370a2c9de29096fc9610b6d08f14046d0f271fa002d86ca8a6ba494001132af7036194f4f89a3f78de1496912083c830bd3be53cf3980d1bc7cc37abf8d1622c6d90e6a7c3df335afa3ed8a6d14438ea7a0f00ee6844221191f8a2f0e6cd28e40da626dad035904fe4c14a79acef5a1e7b803bf87a073ad1de6a1a47477a9b53594338efff50dae5bee6c7c4b5b4ce7ea3a601128c6b49d2849997bf2216085adca2ce84f670914aa5e0c220411fdab2b563b8b44cfb80cebf29864451eb292131c4ea007b67a691f46dd55a437f511aba0f10265ebeb41e64d76816d427ce350491887115e17227e8196d9762c49e692471f40c81ff4a0de5b593a211931be5fd858a49882ea34da7bc9047d8332bc54c91261b83bebb4f6a0f196ba2c674ea9d1627915cf5d299895c248037f728a2d55fc9209404632e445277ce8d68e37bc680a16c5d9e9cdb1f6b51750abb1d25fb4c36db3f6b4e0ed4dbf13db64a80e78599a48f27d25d9828ad878e4c6efc01ecd827b1e632a865feaa121384ed81e1a1f373e442f5d5e6894c1c4b396e0c1c1e54bdd4c868c476d9fc51d35041e891695db729ea09fb7cff91afcccf436f8547fa3c910066791d78436fb2c7b3c1d20e66d2836b2f7b2c3195c904f35830d5b86da42c619d6377400fe4ae758207bd2910c8ba69e90e13306f5bb2227bd3cd38088f751180d43249251c53f014feec44ffa233c222e6b571a18901d2fd351995d20ba4d82811b86f5baa9110c90df87a9daca58d18d0262791c765fe9f5f71cbd7138a59caa1a7d16ba0a80e6d80244cb23f584b2964d6d7205062db1df775e26f2ab63c8ad67b0af68d10d76436543017da296bd657d41f8bac8041bab7800e9539b767948b044261ed989177560f6381cd205c25bb767a954b32a74d1e3f2d9730678c4011adb2b0f8051c9b9a69bd04fc81b40bb3beb5a2a32317893c52906a4c1f7e1c2b9d65a2928699e8276d2b7ed51cc690b65deeb2cd0c9211c24d623a5f4c8aa60149964bed008f8ebb8a28e15da38d4c83125e17d4aa6333f0ab532a234515a3cb92bcd82e7dd83ac6b07ff68d75e5b2db8a230b556d73cac7b44ffda3ef3f42e1a5df07e5eaed0c1e66de8fd2870c7eba162634b5fe1061d3b7f79ab3fb643137450d8fa8ab8dbcc454135458396bcbf299b14f03137cacd6a49640cec15795374a8c6ac27205f703e4fb6cb8a2d4efd87e37ab4e5544032972f556235dd82715c1d338e75f46c6a554a6362696ad3a3e046076e2258fba2a2b5f3cb26124bf43ffd8f263d8ab8ac8e4cfcf038df6291b3109143602c039c185b5e3d03becf20a988ab6d0597d9860b1fc44f963e1dbb4444afd20dee595ea14455320bb5f6ef6a507f0d641ea24036430d62ea242609c8a95a287167e9baac9dee6c6261c41c36d1eafeb24ec4bd55a091a541d4f1110cb245ca4edc147b01eaaac878dec5ed043cd82be2d1145acd62b22811f0eaa7f134b981ce9331dd1d6d482ac44246fe60a260ae32b70182efcd8b0451de4625477b45941db276179fc5c92c969ba400e3bcedd92f3287b891b94487480e43e4ab8fc156ca56f3b1099c6f70180daf69837d9e24c6f1e51fba400920ba076b84d3d53aa9ee5ee9638613bb9b070615ee20f70011ef0830fde76ed9e84fd8a99962b2039653ee692f0ab43fa753018dc94263796250d76f68df1ad801d3c0244c62a143737121425287f4735fc50f86cdff6a62885b2564b955da612738cd10ae5714a43337d9f086320fb613dbaf2640e4f4b9db7a3a2090557cedb787a21d000790fb1c302be18ae65c44529c2296abe866db6d33ec5e8a4db8d8fc95e2e92bcbf069a8f504ed3830f007a7f1bb50ff4156f28a89c67ee980ab832363980b7824421faa5566f60c37226fbf56ab1aff5015fd2c71a05ee11e9f2da08af1c95ca2147243b16cdf02fd9194827b3d3c5e419b0e20049a18da1ff19a98e1e0f851cce7c8fd05cd0f219e33ec48d6fe1adfd4abd0c462c92a2ea5bb583f32c4c53f8934e83249bad59b474b7bc5fdc82b1e41285e2ab6b35ea87fc07fc9d5a2fe15adbd175eb790090797357c0dde5531816a9530b868de8b989dea57ddca99b3671407d984e157c8076f48a5873a84c250ace63ae1bdf0867ed32e00eff33d41d951753719077dd639ebb4b9f07657c2c689b2fd00b30ab1eda9aaabda91b9dedaef9738e95c8c4b00cfa3ebe4b18cd1537b4afecdc79744247c3e53f2cb18c419a99b7e63f273812b876e18e58527b441490f41d2f91a234cacc9c8b09348bd27b296df4c09851b60ccc968a67f4fdfce997a405415c6c7ac65b0b9a67365e52e93fb1cdcb436783547681c5eda28de59f32c96fbb4064fffee29373d271c23625b1940ed76d9e1caf46ee7eedad6c4a9fb770e1765d07367548bd3c4d341acd6ad037f2981a9646844ef3098d6850b82934be1dd509db0c348a05637144ada0556a43f1e17514211ab59865fe3e087d35f1418c88d1155af764831f55fe31d2502af7c8ed02720903312d653f08107833ccbd888f177e5b653c3b68db19aa32568cc266f22f65c39e21c0a71ea1887de445220940fc045a0da30cb23b2c13b28681f7d35a7b71e763433522fa1f259a90e6277f99e1203d7a775269f87a227bcd1452c71fddba40aa9f01b64d32af3a58d8e04133867106918a4c5fd88687aaabe0223355802fef89d6d57ab61c46526848586a6a33220f8e1ca8b7ff7e5a0039c13d7eb62ab1287225de98ee9421c74785946b28ed5ba0069220f71e0a43366be6dbbc08444d371f9e90e4e0210a0ee72bc2484c49a83835adf871178cfd6d76a5b48e7aa60be4ef734e92c362f2aaeb02669a2e84280e7cc0398b824a91f11084747618263ac9dfaf10e2fbd8b015f4d61d933412ecf9f51b3dbacf5ef96b54154299019fa7e7deccfd194e3e31c0dba99858e4ead8ffa243afad50b9d809be51ed601ecd7c7b4e980b705a77411e70fa2003a262d36f1a53422466ce2ccab1f457c7e76754bee8b61669cf64a69b16fcf46e07cafc84eb555cbad1db104e33dc678609f8468df0d0488778a5abcf6f4bdd0eacd9c277b36f15f23c326dd0ec203e97819245da767f9b010a7ac26ea12dde6d10685f8be50ea0e7dd7a669cf0b57a54f38aa3586c9d1c88ec1c072cde1fec2d0864cf03821b38f81b4e73f33e98e98d8bb3dd0cbeb773d613a5728ca040057fdedfa5fac782f7110495a9285c8f114df7bc90d7455b4f2738ee8531b88175fac32f6cb0128ceb5e2716a62af62cd8a5bdca597148e814bb231017229002332792dc9bec61e4207e6dfbde872b2fab79de090be3a53aa99ddb69271dfb0fde6641341863dfd1a7517e9c59913968c30d06146be69037c8813c774650876f8ce6df55c2b9eb241ee17379a6fd17d953f68d6d8e8ab6bc0c6b5c5a58f49355d5a8721e5244310d8283a38c582241572f278a2ec125bae892000151cd0eb7139fc878b1cfb051d8e9937b3cf68f8303e4fe3adaa90a1af6c4ee2a7ca4bf65e0f6adeb749144e2b8fcf51f63c6a31d004331ad385448ea5785ef145190ec4b970343b0adb36b19577f73546da5ac5dddcecb9a90081820a62bd5a5266ce0ade0ea3a3b535c976976425d317c24f118844d7e3f00667c4eb361cb7f31158d46b86524ff56029f2f31593c48208d9dc85490addd9eb18b5fa076e3d16096b99991b9ca0df60778b3deb62bd87d6a37a26f75f69c8c0de812e0c4a33a2eb24e77570bf72ff31e60f1ddf287e035d29a75d9f88e86874d9176e84d6d1fa53a82a6a03248d1565d30de56595d153454075670c5e465ee89a0ec3c8ded0af4aad92c615ad19a6d9ddb890d0cf8de2e1c7ef31eeb773fdd70b8766832a90821c80d7c8761fcb9276f845f67a196c94acae88bcd6700a6220292153b4075aabb2325feea1ef01b6fa007b7f049b22182328d0c8a3e84e6068839eab45879ee16dc56da2c3adf23fa1bfd16c19df9401bb35da62845edc4eebbc934860f2e7938990310f4b145d2fe13e88777ab8d09f32454262045f0d8dc62c14693177cd1babd2dddddc47f8d7399891e46c18b797a98e338aaefb1769ecd5cc3f305ef1a6daf12c9186a3925f93c2074fe4eebb9d049b87b5ffcc9c189745759168915a7f75862aca8f19b6b1273bf859766ab58ee2c65b2522a0041dd4a026b77e434c64c525f0724e707288e526972939dfc895495e441ef7e60e606443e03418e4960147ea3de8005cadcf2875bdc9559a612bf2eefe6d07dff5a47b216305bd30df1124f6e3e6175d91f0876339fa7bef3f1f2ed647d1e11992edc956ae049f04b13ee80f9a09c42b746a5c6ea02c447d3b6e4966f5acf1a75a9dcf436e3ebbfb875f4cb294e9cd621525623ae82318b1e823fdbb60354365e8e2746fe400d66cfde9adf6ffb297406ae8c378c18b6066bea87670afbaca96f0f858bba2f3a2c76a1e66b36d422e52b04d33636c31650376b4f5eb7a70696a9498c657ad3e6c9ce1cdf6d9070e074fc1fd4189398b242d136259520c74d46cf3a2cadd36ffc8b380bffa7b5f76c1c27f64955fde12193cca22083f4ce8d2b83832666755a3736c82b3b931d3b4de6ae540477460c05d96e7f32bef47dd71e8c522a940e442a02695b5d41d59019195f45b778806c89b8f842552995eef455ebc7a8a952701d84b9f8acdc19d5d7efac06bcb82e67fd42ce69206d84088c138284b76e3d42356d50058ee212e6ccbbd3ad095143ae858288f340dd56f6a5ad8c5354e848d9c2a725d9b555da90225451ce2e3efeee89cf88420127ebea29be5a0d26b62230713ff472b6ee3127367bdd692b82a28bcd337c826544016f2a00aa09c0ac7accc234c96ff4426fbc585c79a75d74fcf28f63c3b1413393b0b6d14dc872955f26b02f248be35372fe9bbcc432d3a5bc2a217804b294e2e060e71d82c6c39629f0e710be2a51334d1d28b6517ccf46db7", 0x1000}, {&(0x7f00000002c0)="0a874f40e6d3807a827c86bc05c951b8165d7a55b9d6f7279aec5da19a5aac55b5787b2f427ba195b3c9fb9e40850c", 0x2f}, {&(0x7f0000000740)="4a430cad60b7e6a2a022be60e1a0e1e8e811df95448d5b25aeacb6ff636a2e2e7d44c041e46f0750c134ac29beb800f246ed8e364bc161b5f2f91af7193739b32af1bc86c8ecc84d99", 0x49}], 0x5, &(0x7f0000002e00)=[{0xc8, 0x10c, 0x0, "32e63991f48eed4d376c2fac8883cd0f50fc400b8e68854f6d91926490041ac25aa5d52668e4b75a9615d8e82ae455b63002d6f2eac47d0c6f94bba55c3e2a6daa0ee5bb50a594f326e90b12ebd34cd7fda0ffebe153d1c09bbe2ee5f1fa7facc59be8dd4e646a829eb2ddbc703460222660cfa6930411e7bfd8918da53a3c1ffdde23a1ab23d574fc0060564eee234277c306bf482af6651b70af86ca8d42eac964c993a1620e2d15b0f3daa5033e21fa4929d9b05ac1d6"}, {0x108, 0x117, 0x7f, "c632cd63549a1abcc5bdff29cda2990f6c13964b5e591dc4223129aa91b091a5764c50536dd4109fee20cc401cd93ef8c2b5869d5d8c4d89e101e4846652e2c08a57552bf55f4d10faad86dc23fe681f10c8bad4e03e45703449bbf55ac6e0152fe53d85a75cb2c0d05bc15493f0ba0f0fc10c478ea4eb475285bc1aeb7e87648f1537dba8c5f164a78283474f8dfed4a4ec9e19143867cab487b8ecaa690223f2f55219ec09a2415859b7553e7ec61199219c33a9f2f3f4ae113f00be30287b72b750a8e703ff8c532a01d695d42ef3caa25f11880f399c61bc03ffcaa119f92a4a1d3e2450a7df6f855a851704bf8b36b8e25a57"}], 0x1d0}, 0x40000)
connect$rose(r4, &(0x7f0000000100)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, 0x1, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}}, 0x1c)
chown(&(0x7f0000000000)='./file0\x00', 0xee01, 0x0)
r6 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98)
fcntl$setlease(r6, 0x400, 0x0)

10.083572342s ago: executing program 0 (id=948):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r3], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x18)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x0)
sendmmsg(r5, &(0x7f0000000180), 0x400008a, 0xfbffffffffffffff)

10.02667578s ago: executing program 3 (id=949):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000780)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x1, 0x32}, 0x9c)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x4e63, 0x5, @dev={0xfe, 0x80, '\x00', 0x2e}, 0x80000001}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000001c0)=ANY=[@ANYRES64], &(0x7f0000000100)='GPL\x00', 0x6fd, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, "c8444943470da91b", "42f3ac0e0b8a32be8fe91c368e60693800", "e7198360", "f7a5c1777af05eaa"}, 0x38)
sendto$inet6(r4, 0x0, 0x0, 0x8040, 0x0, 0x0)
write$binfmt_elf64(r4, 0x0, 0x78)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000002c0)=0x12)
r6 = fcntl$dupfd(r5, 0x0, r5)
ioctl$TCFLSH(r6, 0x400455c8, 0x1)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0xfc)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000280)=0x4)
ioctl$TIOCSTI(r5, 0x5412, 0x0)
ioctl$VHOST_SET_FEATURES(r6, 0x4008af00, &(0x7f0000000080)=0x1c)

7.865979072s ago: executing program 0 (id=950):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000c40)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r6, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000c80)={0x2c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000840)
r8 = accept$alg(r3, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r9)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r10 = accept(r9, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x30, 0x2, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_FAMILY={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40840}, 0x24008880)
sendmmsg$alg(r8, &(0x7f0000000e00)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="deae9c022e9411e86b41ed3d656745d80660ffb0e01403a97b2877519a6dc6f10732998302b64c5381eb39e03f1591ff", 0x30}, {&(0x7f00000000c0)="64cb9e25049cf5e28cd1ae6eaa094d03ba91a3eb5d6291461dfc3cef61436519b354375d27b40ee160eba5029ea5c5d2d97608b2e0cce85e0183b5cf9af645f3bb83fadb12400e241800", 0x4a}], 0x2}], 0x1, 0xc0c0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000400))

7.865466902s ago: executing program 3 (id=951):
syz_emit_ethernet(0x7e, &(0x7f0000001a40)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "1200b0", 0x48, 0x3a, 0x0, @empty, @mcast2, {[], @dest_unreach={0x5, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "277382", 0x0, 0x2c, 0x0, @private1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@hopopts={0x2f, 0x1, '\x00', [@calipso={0x7, 0x8, {0x22ebffff, 0x0, 0x7}}]}]}}}}}}}, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
pipe(&(0x7f0000000400)={<r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
splice(r1, 0x0, r2, 0x0, 0x88000cc, 0x0)
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x541c, &(0x7f0000000040))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000000000000000000000fdffffff18010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000018010000756d6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000400000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
syz_usb_connect(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x351, 0x29, 0xfb, 0xf0, 0x40, 0x738, 0x4540, 0xc6ce, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x2, 0x6, 0x10, 0x78, [{{0x9, 0x4, 0xe2, 0x0, 0x2, 0xb2, 0x26, 0x18, 0xbb, [], [{{0x9, 0x5, 0x1, 0x0, 0x200, 0x7c, 0x9e, 0x9}}, {{0x9, 0x5, 0x7, 0xb, 0x0, 0x9, 0x73, 0x3}}]}}]}}]}}, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0})
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000080)="1f0000001300090468fe0700200000000000ff3f080000004801001000000000", 0x20}], 0x1)
ioctl$FBIOPUT_CON2FBMAP(r1, 0x4610, &(0x7f0000000100))
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$sock_TIOCINQ(r4, 0x541b, &(0x7f0000000240))
syz_io_uring_setup(0x2920, &(0x7f0000000500)={0x0, 0x4533, 0x2, 0x0, 0x24c}, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {0x201}, 0x1})
sendmsg$nl_xfrm(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="b80000001300e9990000000000000000fc00000000000000010000000000000f0000000100f20000000000000000000000000000000000000a0060"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300020000000000fedbdf25fc000000000000000000000000000000ac1414bb00000000000000000000000000000400000000000a0060", @ANYRES32=0x0], 0xb8}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9"], 0xb8}}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r7, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e99900000000fedbdf25fc00"/29, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0xb8}, 0x1, 0x0, 0x0, 0xc0}, 0x0)
sendmsg$nl_xfrm(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000600)=ANY=[@ANYBLOB="b80000001300e9050000000000000000fc00000000000054d369a6649500d4ee4e7a54500e0982dc070a69120000000000000000ac1e000100"/70, @ANYRES32=0x0, @ANYRES32=0xee01, @ANYBLOB="00000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/112], 0xb8}}, 0x4000)
ioctl$TCFLSH(r0, 0x400455cb, 0x20000000008)

7.849458471s ago: executing program 2 (id=952):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x2)
sendmsg$nl_route(r1, 0x0, 0x20004081)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='btrfs\x00', 0x5, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddce)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x40100, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r3, 0x0, &(0x7f0000000480)='}', 0x1, 0x7ff})
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, 0x0)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder-control\x00', 0x802, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {0x77359400}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
open(0x0, 0x0, 0x1a5)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r5}, 0x10)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x4bfa, 0x10000000000004)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x1a1100, 0x0)

6.819520143s ago: executing program 0 (id=953):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000100)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x29)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000005000000850000008200000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b70800f8ff0000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)

5.642848388s ago: executing program 2 (id=955):
r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe00000090582021a"], 0x0)
ioctl$USBDEVFS_REAPURBNDELAY(0xffffffffffffffff, 0x4008550d, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000200)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
r2 = syz_usb_connect(0x0, 0x24, 0x0, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
socket$packet(0x11, 0x3, 0x300)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)

5.354434477s ago: executing program 0 (id=957):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = socket$kcm(0x21, 0x2, 0x2)
setsockopt$sock_attach_bpf(r0, 0x110, 0x5, 0x0, 0x4)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
r2 = bpf$ITER_CREATE(0xb, 0x0, 0x0)
close(r2)
socket$inet_sctp(0x2, 0x5, 0x84)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
writev(0xffffffffffffffff, &(0x7f00000003c0)=[{&(0x7f0000000280)="390000001300034700bb65e1c3e4ffff01000000", 0x14}], 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'erspan0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="b000000010003b0cfeffffff0000000000000000", @ANYRES32=r5, @ANYBLOB="0000000006100000900012800b000100697036767469000080000280080002000101000008000300bf0f000008000600ff03000008000200d7c60000080006000600000008000100", @ANYRES32=r5, @ANYBLOB="2efd0100", @ANYRES32=r5, @ANYBLOB="0800020001e4000014000500fe880000000000000000000000000001140005000702000000000000000000000000000114000500fc0000000000ff000000000000000000"], 0xb0}}, 0x40080c0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, r7, 0x0, <r8=>0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r6, 0x3ba0, &(0x7f0000000280)={0x48, 0x12, r8, 0x0, r7})
r9 = syz_open_dev$vbi(&(0x7f00000000c0), 0x0, 0x2)
ioctl$VIDIOC_G_PARM(r9, 0xc0cc5615, &(0x7f0000000200)={0x2, @raw_data="01890e075f0c4c5c12215b57f8f126d792d1483c7c308f4bb4d45d3d938a432875b310b9c0f6be88e2c9729aa33170863a85a60f2b0ecdb61e6dd59ac9bee00e6e58cc5cc9be70dc5a7e663ae8138a2ae53c771409db79b273d413eae5d6f296a78567114b7c149009976b4f4e745e3d4d524f4899466dff7b095230748ee6f72cc96105b6f465ed737da362cbe05b5c8c60cef55daf99e817c0fcd5b3fe6167add1c8b2bf262c1e4d523167720858d7071fb8e51e785e9cc556388cd2245fe8cfa01ecd03b69ef1"})
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r9, 0xc0845657, &(0x7f00000007c0)={0x0, @bt={0xa8f, 0x870, 0x1, 0x2, 0xd59f82, 0x19f5, 0xacc, 0x402, 0x0, 0x3, 0x27fd, 0x2800, 0x440, 0x3, 0xd, 0x0, {0x45}, 0xcd, 0x3}})
socket$nl_route(0x10, 0x3, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

4.678644001s ago: executing program 3 (id=958):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8, 0x4, 0x1, 0x0, 0x8000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
r5 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[], 0x0)
syz_usb_control_io(r5, 0x0, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r6}, 0x18)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)

3.816119213s ago: executing program 4 (id=960):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$TCSETS(r0, 0x8925, 0x0)

3.762524923s ago: executing program 5 (id=961):
sched_setscheduler(0x0, 0x1, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x206, 0x8401)
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)
ioctl$USBDEVFS_BULK(r0, 0x5523, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3)
sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
close(r5)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000980)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2, 0x2}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x1, 0x7, 0x100, 0x8}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
ioctl$SIOCSIFHWADDR(r5, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})
ioctl$USBDEVFS_FORBID_SUSPEND(r0, 0x5521)
r9 = socket$pppoe(0x18, 0x1, 0x0)
close_range(r9, 0xffffffffffffffff, 0x0)

3.725941863s ago: executing program 0 (id=962):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet6_buf(r2, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb", 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r3, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x90)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r5, r6, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r7, 0x1)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r8, &(0x7f0000000000), 0xffffff6a)
sendfile(r7, r8, 0x0, 0xffffffff004)
setsockopt$inet_IP_XFRM_POLICY(r8, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x2, 0x2, 0xa0}, {0x10000, 0x7, 0x1, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff8}, {0x0, 0x8, 0xfffffffffffffffc, 0x6}, 0x3, 0x0, 0x1, 0x0, 0x1}, {{@in6=@empty, 0x2, 0x6c}, 0xa, @in=@empty, 0x0, 0x2, 0x0, 0xb7}}, 0xe8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x78)
r9 = syz_open_dev$sndctrl(&(0x7f0000000280), 0x20000, 0x800)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r9, 0xc0045540, &(0x7f0000000100))
r10 = open(&(0x7f0000000140)='./file1\x00', 0x109cc2, 0x40)
ftruncate(r10, 0x200004)
mount$tmpfs(0x0, &(0x7f00000000c0)='./file1\x00', &(0x7f0000000080), 0x20a8800, &(0x7f0000000000)=ANY=[@ANYRESDEC=r10, @ANYRES8=r9, @ANYRES8=r9, @ANYRESHEX])

3.686786789s ago: executing program 4 (id=963):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(sm4)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000c40)={'batadv_slave_0\x00', <r7=>0x0})
sendmsg$BATADV_CMD_SET_HARDIF(r6, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000c80)={0x2c, 0x0, 0x1, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xffffffff}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000840)
r8 = accept$alg(r3, 0x0, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r9)
bind$inet6(r9, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
r10 = accept(r9, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x30, 0x2, 0x6, 0x101, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x3}, @IPSET_ATTR_FAMILY={0x5}]}, 0x30}, 0x1, 0x0, 0x0, 0x40840}, 0x24008880)
sendmmsg$alg(r8, &(0x7f0000000e00)=[{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="deae9c022e9411e86b41ed3d656745d80660ffb0e01403a97b2877519a6dc6f10732998302b64c5381eb39e03f1591ff", 0x30}, {&(0x7f00000000c0)="64cb9e25049cf5e28cd1ae6eaa094d03ba91a3eb5d6291461dfc3cef61436519b354375d27b40ee160eba5029ea5c5d2d97608b2e0cce85e0183b5cf9af645f3bb83fadb12400e241800", 0x4a}], 0x2}], 0x1, 0xc0c0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000400))

2.586390666s ago: executing program 4 (id=964):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xfff7fffffffffff5}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x200, 0x1)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x6, 'dvmrp1\x00'})
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000040)={0x0, @dev, 0x4e24, 0x2, 'sed\x00', 0x0, 0xfffffffc}, 0x2c)
mount(0x0, &(0x7f0000000240)='.\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setgroups(0x0, 0x0)
setregid(0xffffffffffffffff, r4)
socket$inet(0x2, 0x2, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', &(0x7f0000000080), 0x2000040, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r5, &(0x7f0000000100)={{0x3, @default, 0x1}, [@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48)
setsockopt$ax25_SO_BINDTODEVICE(r5, 0x101, 0x19, &(0x7f0000000040)=@rose={'rose', 0x0}, 0x10)

2.585175287s ago: executing program 5 (id=965):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(0xffffffffffffffff, 0x5, &(0x7f0000000200)=0x262)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$unix(0x1, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)}], 0x2}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000140)="14", 0x2, 0x0, 0x4}, 0x50)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8b18, &(0x7f0000000000)={'wlan1\x00'})
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000008850000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x0, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8, 0x5, r7}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
sendmsg$nl_route_sched(r8, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

1.649812182s ago: executing program 4 (id=966):
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
read$msr(r0, &(0x7f0000004340)=""/102376, 0x18fe8)
r1 = fsmount(0xffffffffffffffff, 0x0, 0x2)
sendmsg$nl_route(r1, 0x0, 0x20004081)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000300)='btrfs\x00', 0x5, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddce)
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x40100, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000001c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_MAP(0xffffffffffffffff, 0x3b85, 0x0)
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000140)={0x28, 0x2, r3, 0x0, &(0x7f0000000480)='}', 0x1, 0x7ff})
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, 0x0)
timer_create(0x7, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs2/binder-control\x00', 0x802, 0x0)
timer_settime(0x0, 0x0, &(0x7f00000004c0)={{0x0, 0x989680}, {0x77359400}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
open(0x0, 0x0, 0x1a5)
r4 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='contention_end\x00', r5}, 0x10)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000000100)=""/144, 0x90}], 0x1)
ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x4bfa, 0x10000000000004)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card0/oss_mixer\x00', 0x1a1100, 0x0)

1.566568263s ago: executing program 0 (id=967):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_inet6_SIOCDELRT(r1, 0x890b, &(0x7f0000000240)={@private1={0xfc, 0x1, '\x00', 0x1}, @private1, @dev={0xfe, 0x80, '\x00', 0x12}, 0x0, 0x0, 0xfffa, 0x0, 0x0, 0x600283})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r5, 0x84, 0x81, &(0x7f00000002c0), 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f0000000080)=ANY=[@ANYBLOB="04000100"], 0x9)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000000180)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e24, 0x400, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x357}], 0x2c)
write(r4, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c)
recvmmsg(r4, &(0x7f0000002ec0), 0x400000000000ec0, 0x2, &(0x7f00000001c0)={0x77359400})
socket(0x2, 0x80805, 0x0)
add_key(0x0, &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
preadv2(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000001200)=""/4096, 0x1000}], 0x100000000000000d, 0x0, 0x0, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x52b281, 0x0)
r7 = fcntl$dupfd(r6, 0x0, r6)
ioctl$SG_IO(r7, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffc, 0x0, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="000000000000d4a1ce4e9de42536000000000000", @ANYRES32=0x0, @ANYBLOB], 0x48)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000200), 0xffffffffffffffff)

1.504661118s ago: executing program 3 (id=968):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
dup2(0xffffffffffffffff, r0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f0000000000)="b9800000c00f3235000800000f3066baf80cb8b58eb48aef66bafc0cec0fe72d16da0000c4c37d054e0000b93c090000b80000c0feba000000000f30df180f20583e650f01c9660fdcd42e0f78dc", 0x4e}], 0x1, 0x90, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$sysctl(0xffffffffffffffff, &(0x7f0000000180)='4\x00', 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_GET(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0}, 0x400d0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r8, &(0x7f0000000440)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x14, 0x6, 0x1, 0x201, 0x0, 0x0, {0xe, 0x0, 0xa}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x4040000)
sendmsg$NFT_BATCH(r8, 0x0, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000180a0500000000000000000002000000300003802c00038014000100776732000000000000000000000000000400010076657468315f746f5f627269646765000900020073797a30000000000900010073797a30"], 0x84}, 0x1, 0x0, 0x0, 0x4d008}, 0x2000c000)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, 0x0, 0x40004)
ioctl$sock_SIOCGPGRP(r9, 0x8904, &(0x7f00000001c0))
write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b700000081200000bfa30000000000000703000002feffff720af0fff8ffffff91a4f0ff000000006b030000000000001d400500000000004704000001ed000072030200000000001d44000000000000730a00fe000000007303000000000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f1ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c107571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d1abf3cb17b40ac9b10968f38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130bc01a2d61f3b39c64307f9c82b2807c9ff4a269841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67a41b9e320146ee9f566a28"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

1.136096293s ago: executing program 2 (id=969):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r1}, 0x18)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c3, 0x6, 0x801, 0x0, 0x8, 'syz1\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r6, 0x800448d2, &(0x7f00000000c0)={0x1, &(0x7f0000000140)=[{@fixed}]})
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4(r7, 0x0, 0x0, 0x0)
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
sendmmsg(r8, &(0x7f0000001140)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="8e94db41b0b73a1092ce0faab4088f0b1311ecc70ec210ad732310b7556f5cbe22ae6f571b40a0d352ebacf1c260bbcde5e24c", 0x33}], 0x1}}], 0x1, 0x8810)
sendmsg$kcm(r8, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000001880)="46353a8e5289109320738efafadc5e1af958b31b0d24d9ed4a81b3761f5e7645299f8624d52ca4127b1e8de0395aaa4cc310d2c539515d54a635cf641950e7e9ba5ebb5d8c19fbbf57b6fe3998027c8c70a48a6a4af92674bde2895d16c6598f989b7aed069926742ebc3dc63e197117d388495f3981b063499786de8c6a047b102852b675bfe62a649db2a50a57eb6c8be1cc2445611b7222263b8c17637a47e2c94617b5688c6e91728abf60b378510bb227d0bbbd229817536ab97624dab0cd1897ac0ae02c058fc992de8b0f66701962ef0988c98e66cf2ab10fdd14a0b507d046d4d538742c7686d996432e3a6a906e787110c4a0a99692fc650daaffe73a795f3dcc3c1a8e3841b3f6456c0ac5a1aaa11fb5b39a2fc0ee7366228393b7d101fabb018824a5f0236b710855f6b98dd548cbcb399f54c7d346a799a6c905ce41551420757e12c2fa29f8f7fce9c5df240c6eed09967862535e8b258a02efcad9261b2c4940f3b15050574746cea92e004a2c07b03419ab02bc09d434f3f6e8e175bfcc7d0f039f2bed97e74b5ff7fccff065cd442597c76c1e0dbaa16e488d17449a929624c6a8106bfa16c6377a6d0a56d3f7d497832bcce5880e670cb84ff118a49fd7349b2df6afb3bd715c2b49e94d61f1389a20f8e80bcc46c9f16f38549defc4a06a909c872125ba70b30da9bf80fc25a806ecf7a4221112923fd31f3d3317e8b11450b9f31a23c447e6bffef958c47ee6e1cbf6ee54d34b6c4ca8d86804d5ca36621fae6beaf1428db69805051ccc2948fc81e1dfd6c5854a5af2395c5c1974fdf11485bfed52f44776b3cddaf2b5a3631bd9de16487d547acd2ffa19b35ff8fd9db7ecf04d596784a4fb477df5334006378a7565c770b5be8cf749b4241f58acc2b03839e2f5637f81b707bba7af102ad1b5396f9007e8cf351a56b72c7d7ec9047c4dc6a5b710362edfec18818e93b90be2a8316d82c17055d015e8f75d6d1e49c63f699223a27f7edf4198505126503a7d32b4d43b1dc2ed6d539b9fc220d862febeaa8e162432367c510579e250df128db7d814388935b896d7f0d63665b117985e826382c48be44a85470eefd40a4a2ca423ad90479ff8b3d796a662a4abeb719488ccdfe3b1dd650ac8728c9e589d3149607ac705e343bd694bdaf1059e757308bb761af4c0b5ea60b2cd6ddd14a787a78124fafcf42eb12c2d17bff1bef2531b910c8eea5e406fd99c386812932d5da55f5770dcfb3b76fc4239f6bb65ac27ade0d6cfc6ac7819cc927fef59f8018a847ee07c9c2d844ff85ccfc7258e3d94b063678703d195143e62261987154166d0ac51cb421226f8b81234aed7d3acbc32f989b5c88f1984d06014ff0da238f5c8fc726758967666c1b6571dcf3554d9a91f4cbc877dbae93c44016d07466f2a6bdcb748b7937ac494959f0c7975a5bb9d22d22bfec1af25a02dc3ce0afd354364440b71ead044343b9eebadc608a6782253d66b02a4ca419d25f7989b3fcce45aa05513a9d42115baa8b7372d08e939b96b863538b9f1ed7de948ff9a0b8b6d172bcc89ad3393d52894c9b51ef165617bc2a4e942e2b42daa84f196a5d389e841706457fb370618d8de71029f75b2dbc98f5099fd9293417b190f633fb8e68d0783a65b1a209eb27629abf4ed4a0d864971d0d5c313e0522aeb12722b40681baaf9e0bb02d1018f2ef2c21e1724cc2d561e05b84fe60d6e76ae4674b40e5e2221f9693f7454876238f47f6cacd052702eabf1d6e6da4d7d2168666747a1eb8d493927348cbd9810a168c180360bc3bdf01194c87fe57266dc162433c584574eed0aa5939b5491c50d988b31ed54c375adf768adf168b085cc8cef12fe0086d82cf68ff42df0111edd3ce81870fe3d8a8ee8b67946df51721a338a08174095a111cea30f6af04fc8dd541faeb1b2a4e9ef7bae9114927d191c36849dc0691d0a852953ec893a968cc350e7964291451d710e4f4709d89d11e04b6b0f5b3ca7fc3c4357567c4150fc8d550b1402b52bef487d9e9a1bcf0bff644396880895d1b4086e6bccc9f1c40c7f41ab03301e9484acb787cb194241db2b665ad5b14482718dae8ee2b48b5d0ab1afa401d961350b02f8c930ebec6e54f4b8e4d965ad5ad6ef0f278e036b2946daf0308bf684359cf0b0c12b0621d1d673c88248957872936a42dcd6daa5de2b7911c4fc0771418a4776bf6d23b4d86125229898d425498c71205fc04368cf723c24a9bf4852da30f878b31772e7d94d62deaaef5ee029a86746316e0cc0a4e608ba3f037dbcfc33c4e4f9a2d01916f0f6a1232aace6f5082dfbec986258c6b9b708e44aa666e13f5e5b945691537c33b1bae983d50e759fbdc722f91c2aed57b99882991845766167c278900f6d2ecee6d554a5208d22421a15064ccdafa533942df9b57a6ef64d77ad58aeaf7e1e6e9171d850d7ba06d6f4100f8202205b1ab99d69f94a64204b00de488c7547ccd823c012e4bac0ee3c8fa853e3518a9ee57da0add1237234a347bfe4eaa1e3bd5432ec635ccc5ea0e095d16cc3fc07b0ffc935e79a6d61a6c9b170fb2cbde81454d9bf85790a65936384b1b533c2aa171156a58e44682696783762f6469b90e5f0dba28cf16134df24691fad3fd40af77bb6245ee1fb219e1abafc0eb1547f2780fc2ced0487d40be93d697894f761de248881", 0x782}], 0x1}, 0x2000c8d0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
write(0xffffffffffffffff, &(0x7f00000000c0)="24000000200099f0000000000000000002", 0x11)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="021380ee02"], 0x10}}, 0x0)

1.049013952s ago: executing program 4 (id=970):
sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x4c001)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='illinois\x00', 0x9)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x1a, 0x0, &(0x7f0000000080)) (fail_nth: 15)
sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0xa000000)

342.482102ms ago: executing program 4 (id=971):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, &(0x7f0000000040)=ANY=[], 0x0}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket(0x26, 0x800, 0xf)
ioctl$SIOCSIFMTU(r1, 0x541b, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x80, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x0, 0xfa, @scatter={0x4, 0x0, &(0x7f0000000a80)=[{0x0}, {&(0x7f00000006c0)=""/235, 0xeb}, {&(0x7f00000008c0)=""/132, 0x84}, {&(0x7f0000000980)=""/221, 0xdd}]}, 0x0, 0x0, 0x0, 0x0, 0x800001, 0x0})
r4 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000006, 0x10, r4, 0xcf032000)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, r4, 0x8, 0x0, 0xff9e, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffedb, 0x0, 0x0, 0x10, 0x4}, 0x94)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x4, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230000000000061134c0000000000bf2000000000000015000200071b1750bd030100000000009500000000000000bc26080000000000bf67000000000000070300000fff0700670200000300000016060a000ee600f0bf050000000000000f650000000000006507f4ff0200000007070000"], &(0x7f0000000100)='GPL\x00'}, 0x94)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000340), 0x4)
r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00')
r6 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0)
ioctl$TIOCGSID(r5, 0x5429, &(0x7f0000000040))
getdents64(r6, &(0x7f0000001f00)=""/4093, 0xffd)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 2 (id=972):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/timer\x00', 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000380)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, 0x80800, 0x0, <r4=>0xffffffffffffffff})
ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000340)={r1})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r5=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="200000006800e978feffffffffdbdf250a0000000000000008000500", @ANYRES32=r5, @ANYBLOB="dec43c3f5bf547e73965fcb3291c9cd0cbe524b24d139c47c40ab04771664e69f845a63b838bb1b2a968987f666a53119e96f9e9eb757f9d26db3e44934b75c2ae6ea62b884de5c65b107d30ce6981c2489860f1dc26fc188c48b7a1b53083f5b6840022618e60f9d7b041b880f878e9932a0b004e2b69824a78a696fb3b3d3f51986983cad54fc1fabe806098e69cf65960d031b3e19520c6f11902719ae57ffa28999f4fdd1dd60861c18eecee54b27700d7"], 0x20}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x192}}, 0x20}}, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000040)={@loopback, r5}, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xffffffffffffffb3}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
socketpair(0x1, 0x1, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000200)={<r7=>0xffffffffffffffff}, 0x13f, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000180)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0xe, @empty, 0x2}, {0xa, 0x4e23, 0x7, @remote, 0x3}, r7, 0x7}}, 0x48)
r8 = msgget$private(0x0, 0x7fc)
msgrcv(r8, 0xffffffffffffffff, 0x0, 0x3, 0x1000)
msgsnd(r8, &(0x7f0000000000)=ANY=[], 0x8, 0x0)

kernel console output (not intermixed with test programs):

fig 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  283.944294][ T5919] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  284.103103][ T5919] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.127736][ T5919] usb 2-1: config 0 descriptor??
[  284.401041][ T5863] usb 3-1: USB disconnect, device number 13
[  284.590370][ T8293] ntfs3(loop0): try to read out of volume at offset 0x0
[  285.021987][ T5919] usbhid 2-1:0.0: can't add hid device: -71
[  285.029702][ T5919] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  285.063416][ T5919] usb 2-1: USB disconnect, device number 10
[  285.357968][ T8286] netlink: 48 bytes leftover after parsing attributes in process `syz.0.562'.
[  285.370028][ T8286] netlink: 60 bytes leftover after parsing attributes in process `syz.0.562'.
[  285.640270][   T30] audit: type=1326 audit(1757604564.321:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  285.780789][   T30] audit: type=1326 audit(1757604564.321:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  285.809432][   T30] audit: type=1326 audit(1757604564.321:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  285.851671][ T8308] overlayfs: missing 'lowerdir'
[  285.906581][   T30] audit: type=1326 audit(1757604564.321:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.477938][   T30] audit: type=1326 audit(1757604564.331:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.507061][   T30] audit: type=1326 audit(1757604564.331:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.729665][   T30] audit: type=1326 audit(1757604564.331:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.837456][   T30] audit: type=1326 audit(1757604564.331:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.863100][   T30] audit: type=1326 audit(1757604564.331:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.922421][   T30] audit: type=1326 audit(1757604564.331:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8287 comm="syz.4.561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc9c4d8eba9 code=0x7ffc0000
[  286.963714][ T8323] syz.4.571 (8323): drop_caches: 4
[  287.746013][   T56] block nbd3: Possible stuck request ffff888026a0e000: control (read@0,1024B). Runtime 60 seconds
[  287.761599][   T56] block nbd3: Possible stuck request ffff888026a0e1c0: control (read@1024,1024B). Runtime 60 seconds
[  287.777698][   T56] block nbd3: Possible stuck request ffff888026a0e380: control (read@2048,1024B). Runtime 60 seconds
[  287.788757][   T56] block nbd3: Possible stuck request ffff888026a0e540: control (read@3072,1024B). Runtime 60 seconds
[  289.450690][ T5992] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  289.669634][ T8373] netlink: 24 bytes leftover after parsing attributes in process `syz.3.580'.
[  289.680167][ T5992] usb 1-1: Using ep0 maxpacket: 8
[  289.883269][ T5992] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  289.950088][ T5992] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  289.990966][ T5992] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.212026][ T8347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  290.221033][ T8347] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  290.241984][ T5992] usb 1-1: string descriptor 0 read error: -71
[  290.308730][ T5992] hub 1-1:32.0: USB hub found
[  290.340981][ T5992] hub 1-1:32.0: config failed, can't read hub descriptor (err -22)
[  290.524422][ T8382] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  290.538939][ T5992] usb 1-1: USB disconnect, device number 22
[  291.842572][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  291.842584][   T30] audit: type=1400 audit(1757604570.640:449): avc:  denied  { create } for  pid=8397 comm="syz.2.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  291.961592][   T30] audit: type=1400 audit(1757604570.650:450): avc:  denied  { ioctl } for  pid=8397 comm="syz.2.585" path="socket:[19414]" dev="sockfs" ino=19414 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  292.075499][   T30] audit: type=1400 audit(1757604570.650:451): avc:  denied  { bind } for  pid=8397 comm="syz.2.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  292.098926][ T8408] kvm: pic: non byte write
[  292.141232][   T30] audit: type=1400 audit(1757604570.650:452): avc:  denied  { write } for  pid=8397 comm="syz.2.585" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  292.188243][ T8408] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  294.290309][ T8433] nfs: Deprecated parameter 'nointr'
[  294.314703][ T8433] ntfs3(loop0): try to read out of volume at offset 0x0
[  294.629788][ T8432] netlink: 48 bytes leftover after parsing attributes in process `syz.0.592'.
[  294.870646][ T5863] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  295.003334][ T8441] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  295.700602][ T5863] usb 4-1: Using ep0 maxpacket: 16
[  295.717903][ T5863] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  295.738146][ T5863] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  295.790239][ T5863] usb 4-1: config 0 has no interface number 0
[  295.835660][ T5863] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice=81.28
[  295.886090][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=27, SerialNumber=3
[  295.948405][ T5863] usb 4-1: Product: syz
[  295.987182][ T5863] usb 4-1: SerialNumber: syz
[  296.090922][ T5863] usb 4-1: config 0 descriptor??
[  296.209561][ T5863] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[  296.253052][ T5863] usb 4-1: No valid video chain found.
[  296.416315][   T30] audit: type=1326 audit(1757604575.220:453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.596966][   T30] audit: type=1326 audit(1757604575.250:454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.755590][   T30] audit: type=1326 audit(1757604575.250:455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.781891][   T30] audit: type=1326 audit(1757604575.250:456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.806403][   T30] audit: type=1326 audit(1757604575.250:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.834057][   T30] audit: type=1326 audit(1757604575.260:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  296.858909][   T30] audit: type=1326 audit(1757604575.260:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  297.106230][ T8456] FAULT_INJECTION: forcing a failure.
[  297.106230][ T8456] name failslab, interval 1, probability 0, space 0, times 0
[  297.118934][ T8456] CPU: 1 UID: 0 PID: 8456 Comm: syz.0.598 Not tainted syzkaller #0 PREEMPT(full) 
[  297.118964][ T8456] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  297.118976][ T8456] Call Trace:
[  297.118985][ T8456]  <TASK>
[  297.118993][ T8456]  dump_stack_lvl+0x16c/0x1f0
[  297.119026][ T8456]  should_fail_ex+0x512/0x640
[  297.119052][ T8456]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  297.119078][ T8456]  should_failslab+0xc2/0x120
[  297.119102][ T8456]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  297.119123][ T8456]  ? rcu_is_watching+0x12/0xc0
[  297.119149][ T8456]  ? __alloc_skb+0x2b2/0x380
[  297.119177][ T8456]  __alloc_skb+0x2b2/0x380
[  297.119201][ T8456]  ? __pfx___alloc_skb+0x10/0x10
[  297.119224][ T8456]  ? __netlink_create+0x270/0x2c0
[  297.119248][ T8456]  ? __sanitizer_cov_trace_pc+0x8/0x70
[  297.119278][ T8456]  netlink_ack+0x15d/0xb80
[  297.119305][ T8456]  ? irqentry_exit+0x3b/0x90
[  297.119338][ T8456]  netlink_rcv_skb+0x332/0x420
[  297.119364][ T8456]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  297.119394][ T8456]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  297.119420][ T8456]  ? rcu_is_watching+0x12/0xc0
[  297.119464][ T8456]  netlink_unicast+0x5aa/0x870
[  297.119495][ T8456]  ? __pfx_netlink_unicast+0x10/0x10
[  297.119523][ T8456]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  297.119558][ T8456]  netlink_sendmsg+0x8d1/0xdd0
[  297.119588][ T8456]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.119626][ T8456]  ____sys_sendmsg+0xa98/0xc70
[  297.119659][ T8456]  ? copy_msghdr_from_user+0x10a/0x160
[  297.119684][ T8456]  ? __pfx_____sys_sendmsg+0x10/0x10
[  297.119714][ T8456]  ? trace_sched_exit_tp+0xd1/0x120
[  297.119743][ T8456]  ? kvm_sched_clock_read+0x11/0x20
[  297.119773][ T8456]  ___sys_sendmsg+0x134/0x1d0
[  297.119806][ T8456]  ? __pfx____sys_sendmsg+0x10/0x10
[  297.119859][ T8456]  ? __sys_sendmmsg+0x1bc/0x420
[  297.119884][ T8456]  ? __sys_sendmmsg+0x1c9/0x420
[  297.119911][ T8456]  __sys_sendmmsg+0x200/0x420
[  297.119941][ T8456]  ? __pfx___sys_sendmmsg+0x10/0x10
[  297.119974][ T8456]  ? lockdep_hardirqs_on+0x7c/0x110
[  297.120011][ T8456]  ? fput+0x9b/0xd0
[  297.120039][ T8456]  ? ksys_write+0x1ac/0x250
[  297.120060][ T8456]  ? __pfx_ksys_write+0x10/0x10
[  297.120086][ T8456]  __x64_sys_sendmmsg+0x9c/0x100
[  297.120112][ T8456]  ? lockdep_hardirqs_on+0x7c/0x110
[  297.120137][ T8456]  do_syscall_64+0xcd/0x4c0
[  297.120166][ T8456]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.120188][ T8456] RIP: 0033:0x7fed89b8eba9
[  297.120205][ T8456] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.120225][ T8456] RSP: 002b:00007fed8aa89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  297.120244][ T8456] RAX: ffffffffffffffda RBX: 00007fed89dd6180 RCX: 00007fed89b8eba9
[  297.120259][ T8456] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000007
[  297.120272][ T8456] RBP: 00007fed8aa89090 R08: 0000000000000000 R09: 0000000000000000
[  297.120285][ T8456] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.120297][ T8456] R13: 00007fed89dd6218 R14: 00007fed89dd6180 R15: 00007ffd27cccd08
[  297.120325][ T8456]  </TASK>
[  297.890852][   T30] audit: type=1326 audit(1757604575.260:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  297.914258][   T30] audit: type=1326 audit(1757604575.270:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  298.023413][ T8462] FAULT_INJECTION: forcing a failure.
[  298.023413][ T8462] name failslab, interval 1, probability 0, space 0, times 0
[  298.036251][ T8462] CPU: 1 UID: 0 PID: 8462 Comm: syz.0.599 Not tainted syzkaller #0 PREEMPT(full) 
[  298.036268][ T8462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  298.036275][ T8462] Call Trace:
[  298.036281][ T8462]  <TASK>
[  298.036286][ T8462]  dump_stack_lvl+0x16c/0x1f0
[  298.036305][ T8462]  should_fail_ex+0x512/0x640
[  298.036321][ T8462]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  298.036340][ T8462]  should_failslab+0xc2/0x120
[  298.036354][ T8462]  __kmalloc_cache_noprof+0x6a/0x3e0
[  298.036369][ T8462]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  298.036388][ T8462]  ? genl_start+0x1e8/0x980
[  298.036405][ T8462]  genl_start+0x1e8/0x980
[  298.036423][ T8462]  __netlink_dump_start+0x60b/0x990
[  298.036440][ T8462]  genl_family_rcv_msg_dumpit+0x1e2/0x2e0
[  298.036463][ T8462]  ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10
[  298.036484][ T8462]  ? __pfx_genl_get_cmd+0x10/0x10
[  298.036497][ T8462]  ? __pfx_genl_start+0x10/0x10
[  298.036511][ T8462]  ? __pfx_genl_dumpit+0x10/0x10
[  298.036525][ T8462]  ? __pfx_genl_done+0x10/0x10
[  298.036543][ T8462]  ? __radix_tree_lookup+0x21f/0x2c0
[  298.036559][ T8462]  genl_rcv_msg+0x46e/0x800
[  298.036576][ T8462]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.036592][ T8462]  ? __pfx_ethnl_tsinfo_start+0x10/0x10
[  298.036605][ T8462]  ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10
[  298.036616][ T8462]  ? __pfx_ethnl_tsinfo_done+0x10/0x10
[  298.036634][ T8462]  netlink_rcv_skb+0x155/0x420
[  298.036649][ T8462]  ? __pfx_genl_rcv_msg+0x10/0x10
[  298.036665][ T8462]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  298.036686][ T8462]  ? netlink_deliver_tap+0x1ae/0xd30
[  298.036703][ T8462]  genl_rcv+0x28/0x40
[  298.036717][ T8462]  netlink_unicast+0x5aa/0x870
[  298.036733][ T8462]  ? __pfx_netlink_unicast+0x10/0x10
[  298.036748][ T8462]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  298.036767][ T8462]  netlink_sendmsg+0x8d1/0xdd0
[  298.036784][ T8462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  298.036804][ T8462]  ____sys_sendmsg+0xa98/0xc70
[  298.036823][ T8462]  ? copy_msghdr_from_user+0x10a/0x160
[  298.036837][ T8462]  ? __pfx_____sys_sendmsg+0x10/0x10
[  298.036860][ T8462]  ___sys_sendmsg+0x134/0x1d0
[  298.036875][ T8462]  ? __pfx____sys_sendmsg+0x10/0x10
[  298.036908][ T8462]  __sys_sendmsg+0x16d/0x220
[  298.036922][ T8462]  ? __pfx___sys_sendmsg+0x10/0x10
[  298.036941][ T8462]  ? fput+0x9b/0xd0
[  298.036959][ T8462]  do_syscall_64+0xcd/0x4c0
[  298.036975][ T8462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.036987][ T8462] RIP: 0033:0x7fed89b8eba9
[  298.036997][ T8462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  298.037008][ T8462] RSP: 002b:00007fed8aaaa038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  298.037019][ T8462] RAX: ffffffffffffffda RBX: 00007fed89dd6090 RCX: 00007fed89b8eba9
[  298.037027][ T8462] RDX: 0000000000000184 RSI: 0000200000000200 RDI: 0000000000000003
[  298.037033][ T8462] RBP: 00007fed8aaaa090 R08: 0000000000000000 R09: 0000000000000000
[  298.037040][ T8462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.037047][ T8462] R13: 00007fed89dd6128 R14: 00007fed89dd6090 R15: 00007ffd27cccd08
[  298.037062][ T8462]  </TASK>
[  298.478759][   T10] usb 4-1: USB disconnect, device number 20
[  298.497033][   T30] audit: type=1326 audit(1757604575.270:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  298.794636][   T30] audit: type=1326 audit(1757604575.280:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  298.822797][ T8465] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.897701][ T8465] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.978034][   T30] audit: type=1326 audit(1757604575.280:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  299.010650][ T5919] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  299.197922][   T30] audit: type=1326 audit(1757604575.280:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  299.224083][   T30] audit: type=1326 audit(1757604575.290:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  299.266824][   T30] audit: type=1326 audit(1757604575.290:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  299.298661][   T30] audit: type=1326 audit(1757604575.300:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8434 comm="syz.3.594" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f10bbf8eba9 code=0x7ffc0000
[  299.374893][ T5919] usb 1-1: Using ep0 maxpacket: 16
[  300.543035][ T8491] netlink: 24 bytes leftover after parsing attributes in process `syz.3.604'.
[  300.988041][ T8498] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  302.101361][ T5919] usb 1-1: device descriptor read/all, error -71
[  303.659378][ T5169] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  303.701835][ T5169] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  303.710739][ T5169] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  303.720135][ T5169] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  303.728082][ T5169] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  303.837461][ T8530] tmpfs: Unknown parameter '01777777777777777777777'
[  303.866134][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  303.866152][   T30] audit: type=1400 audit(1757604582.620:475): avc:  denied  { mounton } for  pid=8526 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  305.135815][ T8526] chnl_net:caif_netlink_parms(): no params data found
[  306.008288][ T5169] Bluetooth: hci5: command tx timeout
[  306.073039][ T8567] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  306.501020][ T8526] bridge0: port 1(bridge_slave_0) entered blocking state
[  306.602060][ T8526] bridge0: port 1(bridge_slave_0) entered disabled state
[  306.682374][ T8526] bridge_slave_0: entered allmulticast mode
[  306.692136][ T8526] bridge_slave_0: entered promiscuous mode
[  306.707457][ T8526] bridge0: port 2(bridge_slave_1) entered blocking state
[  306.714694][ T8526] bridge0: port 2(bridge_slave_1) entered disabled state
[  306.721920][ T8526] bridge_slave_1: entered allmulticast mode
[  306.729418][ T8526] bridge_slave_1: entered promiscuous mode
[  307.653242][ T8580] =======================================================
[  307.653242][ T8580] WARNING: The mand mount option has been deprecated and
[  307.653242][ T8580]          and is ignored by this kernel. Remove the mand
[  307.653242][ T8580]          option from the mount to silence this warning.
[  307.653242][ T8580] =======================================================
[  308.096840][ T5169] Bluetooth: hci5: command tx timeout
[  308.234728][ T8526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  308.294222][ T8582] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  308.308153][ T8526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  308.706023][ T8582] FAULT_INJECTION: forcing a failure.
[  308.706023][ T8582] name failslab, interval 1, probability 0, space 0, times 0
[  308.786716][ T8582] CPU: 0 UID: 0 PID: 8582 Comm: syz.3.621 Not tainted syzkaller #0 PREEMPT(full) 
[  308.786742][ T8582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  308.786759][ T8582] Call Trace:
[  308.786766][ T8582]  <TASK>
[  308.786774][ T8582]  dump_stack_lvl+0x16c/0x1f0
[  308.786802][ T8582]  should_fail_ex+0x512/0x640
[  308.786825][ T8582]  ? fs_reclaim_acquire+0xae/0x150
[  308.786850][ T8582]  ? tomoyo_encode2+0x100/0x3e0
[  308.786878][ T8582]  should_failslab+0xc2/0x120
[  308.786900][ T8582]  __kmalloc_noprof+0xd2/0x510
[  308.786919][ T8582]  ? d_absolute_path+0x136/0x1a0
[  308.786952][ T8582]  tomoyo_encode2+0x100/0x3e0
[  308.786984][ T8582]  tomoyo_encode+0x29/0x50
[  308.787010][ T8582]  tomoyo_realpath_from_path+0x18f/0x6e0
[  308.787049][ T8582]  tomoyo_check_open_permission+0x2ab/0x3c0
[  308.787075][ T8582]  ? security_file_alloc+0x34/0x2b0
[  308.787106][ T8582]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  308.787132][ T8582]  ? ovl_path_open+0x198/0x1f0
[  308.787150][ T8582]  ? ovl_do_remove+0xcf/0x1040
[  308.787173][ T8582]  ? vfs_rmdir+0x203/0x690
[  308.787225][ T8582]  ? do_raw_spin_lock+0x12c/0x2b0
[  308.787257][ T8582]  tomoyo_file_open+0x6b/0x90
[  308.787278][ T8582]  security_file_open+0x84/0x1e0
[  308.787296][ T8582]  do_dentry_open+0x596/0x1530
[  308.787320][ T8582]  ? lockdep_init_map_type+0x5c/0x280
[  308.787343][ T8582]  vfs_open+0x82/0x3f0
[  308.787374][ T8582]  dentry_open+0x71/0xd0
[  308.787400][ T8582]  ovl_path_open+0x198/0x1f0
[  308.787419][ T8582]  ovl_dir_read_merged+0x175/0x5c0
[  308.787450][ T8582]  ? __pfx_ovl_dir_read_merged+0x10/0x10
[  308.787478][ T8582]  ? do_raw_spin_lock+0x12c/0x2b0
[  308.787499][ T8582]  ? find_held_lock+0x2b/0x80
[  308.787522][ T8582]  ? find_held_lock+0x2b/0x80
[  308.787547][ T8582]  ? __pfx_ovl_fill_merge+0x10/0x10
[  308.787584][ T8582]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  308.787608][ T8582]  ? ovl_revert_creds+0x13/0x50
[  308.787637][ T8582]  ovl_check_empty_dir+0xaf/0x4c0
[  308.787659][ T8582]  ? __pfx_ovl_check_empty_dir+0x10/0x10
[  308.787694][ T8582]  ovl_do_remove+0xcf/0x1040
[  308.787723][ T8582]  ? may_link+0x3a4/0x520
[  308.787750][ T8582]  ? __pfx_may_link+0x10/0x10
[  308.787780][ T8582]  ? __pfx_ovl_do_remove+0x10/0x10
[  308.787812][ T8582]  vfs_rmdir+0x203/0x690
[  308.787844][ T8582]  do_rmdir+0x2e8/0x3c0
[  308.787868][ T8582]  ? __pfx_do_rmdir+0x10/0x10
[  308.787899][ T8582]  ? getname_flags.part.0+0x1c5/0x550
[  308.787929][ T8582]  __x64_sys_rmdir+0xc5/0x110
[  308.787953][ T8582]  do_syscall_64+0xcd/0x4c0
[  308.787981][ T8582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  308.788002][ T8582] RIP: 0033:0x7f10bbf8eba9
[  308.788018][ T8582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  308.788037][ T8582] RSP: 002b:00007f10bce2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000054
[  308.788056][ T8582] RAX: ffffffffffffffda RBX: 00007f10bc1d5fa0 RCX: 00007f10bbf8eba9
[  308.788070][ T8582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  308.788081][ T8582] RBP: 00007f10bce2f090 R08: 0000000000000000 R09: 0000000000000000
[  308.788094][ T8582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  308.788106][ T8582] R13: 00007f10bc1d6038 R14: 00007f10bc1d5fa0 R15: 00007ffc068b3b18
[  308.788135][ T8582]  </TASK>
[  308.788160][ T8582] ERROR: Out of memory at tomoyo_realpath_from_path.
[  309.130164][ T8526] team0: Port device team_slave_0 added
[  309.153153][ T8526] team0: Port device team_slave_1 added
[  309.254254][ T8593] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8593 comm=syz.0.625
[  309.401233][   T24] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65380 sclass=netlink_route_socket pid=24 comm=kworker/1:0
[  309.426280][ T8598] 9pnet: p9_errstr2errno: server reported unknown error 
[  309.510733][ T5926] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  309.741258][ T5926] usb 3-1: device descriptor read/64, error -71
[  309.831001][ T8526] batman_adv: batadv0: Adding interface: batadv_slave_0
[  309.838280][ T8526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.868343][ T8526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  309.885040][ T8598] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  309.885626][ T8526] batman_adv: batadv0: Adding interface: batadv_slave_1
[  309.899504][ T8526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  309.920478][ T8598] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  309.927244][ T8526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  309.997742][ T8526] hsr_slave_0: entered promiscuous mode
[  310.004041][ T8526] hsr_slave_1: entered promiscuous mode
[  310.009979][ T8526] debugfs: 'hsr0' already exists in 'hsr'
[  310.011104][ T5926] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  310.016145][ T8526] Cannot create hsr debugfs directory
[  310.042417][   T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  310.050889][   T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  310.150671][ T5926] usb 3-1: device descriptor read/64, error -71
[  310.210866][   T24] usb 1-1: Using ep0 maxpacket: 16
[  310.220696][ T5169] Bluetooth: hci5: command tx timeout
[  310.226612][   T24] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  310.227119][   T10] usb 4-1: Using ep0 maxpacket: 8
[  310.241037][   T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.248163][   T10] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  310.253287][   T24] usb 1-1: config 0 has no interface number 0
[  310.261627][   T10] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  310.266632][ T5926] usb usb3-port1: attempt power cycle
[  310.281843][   T24] usb 1-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  310.287449][   T10] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  310.294762][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.301881][   T10] usb 4-1: config 250 has no interface number 0
[  310.319299][   T10] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  310.341227][   T10] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  310.341651][   T24] usb 1-1: config 0 descriptor??
[  310.365271][   T24] usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  310.365969][   T10] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  310.373395][   T10] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  310.394079][   T10] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  310.405195][   T24] usb 1-1: No valid video chain found.
[  310.418337][   T10] usb 4-1: config 250 interface 228 has no altsetting 0
[  310.436678][   T10] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  310.445869][   T10] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  310.450327][ T8526] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  310.470642][   T10] usb 4-1: Product: syz
[  310.474102][ T8526] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  310.474816][   T10] usb 4-1: SerialNumber: syz
[  310.495623][ T8526] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  310.512734][   T10] hub 4-1:250.228: bad descriptor, ignoring hub
[  310.519064][   T10] hub 4-1:250.228: probe with driver hub failed with error -5
[  310.527658][ T8526] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  310.787053][   T10] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 21 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  310.789160][ T5926] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  310.832764][ T5926] usb 3-1: device descriptor read/8, error -71
[  310.866476][ T8615] FAULT_INJECTION: forcing a failure.
[  310.866476][ T8615] name failslab, interval 1, probability 0, space 0, times 0
[  310.879613][ T8615] CPU: 1 UID: 0 PID: 8615 Comm: syz.4.629 Not tainted syzkaller #0 PREEMPT(full) 
[  310.879643][ T8615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  310.879656][ T8615] Call Trace:
[  310.879663][ T8615]  <TASK>
[  310.879671][ T8615]  dump_stack_lvl+0x16c/0x1f0
[  310.879702][ T8615]  should_fail_ex+0x512/0x640
[  310.879740][ T8615]  should_failslab+0xc2/0x120
[  310.879766][ T8615]  __kmalloc_cache_noprof+0x6a/0x3e0
[  310.879797][ T8615]  ? selinux_netlbl_sk_security_free+0x12c/0x3e0
[  310.879826][ T8615]  ? selinux_netlbl_sock_genattr+0xe8/0x4f0
[  310.879859][ T8615]  selinux_netlbl_sock_genattr+0xe8/0x4f0
[  310.879891][ T8615]  selinux_netlbl_socket_post_create+0xb0/0x1b0
[  310.879924][ T8615]  security_mptcp_add_subflow+0x1e3/0x210
[  310.879954][ T8615]  mptcp_subflow_create_socket+0x1b1/0xed0
[  310.879991][ T8615]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  310.880032][ T8615]  __mptcp_nmpc_sk+0x182/0x850
[  310.880053][ T8615]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  310.880077][ T8615]  ? __local_bh_enable_ip+0xa4/0x120
[  310.880108][ T8615]  mptcp_getsockopt+0xcf8/0xe20
[  310.880138][ T8615]  ? __pfx_mptcp_getsockopt+0x10/0x10
[  310.880168][ T8615]  ? find_held_lock+0x2b/0x80
[  310.880192][ T8615]  ? __might_fault+0xe3/0x190
[  310.880212][ T8615]  ? __might_fault+0xe3/0x190
[  310.880230][ T8615]  ? __might_fault+0x13b/0x190
[  310.880262][ T8615]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  310.880292][ T8615]  do_sock_getsockopt+0x34a/0x440
[  310.880323][ T8615]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  310.880355][ T8615]  ? __rcu_read_unlock+0x2bc/0x550
[  310.880388][ T8615]  __sys_getsockopt+0x12f/0x260
[  310.880423][ T8615]  __x64_sys_getsockopt+0xbd/0x160
[  310.880446][ T8615]  ? do_syscall_64+0x91/0x4c0
[  310.880473][ T8615]  ? lockdep_hardirqs_on+0x7c/0x110
[  310.880497][ T8615]  do_syscall_64+0xcd/0x4c0
[  310.880530][ T8615]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  310.880549][ T8615] RIP: 0033:0x7fc9c4d8eba9
[  310.880564][ T8615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  310.880583][ T8615] RSP: 002b:00007fc9c2fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  310.880602][ T8615] RAX: ffffffffffffffda RBX: 00007fc9c4fd6180 RCX: 00007fc9c4d8eba9
[  310.880617][ T8615] RDX: 000000000000001a RSI: 0000000000000006 RDI: 0000000000000003
[  310.880629][ T8615] RBP: 00007fc9c2fb4090 R08: 0000200000000080 R09: 0000000000000000
[  310.880642][ T8615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  310.880659][ T8615] R13: 00007fc9c4fd6218 R14: 00007fc9c4fd6180 R15: 00007ffe3d718318
[  310.880689][ T8615]  </TASK>
[  311.280946][ T5926] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  311.312822][ T5926] usb 3-1: device descriptor read/8, error -71
[  311.623192][ T5926] usb usb3-port1: unable to enumerate USB device
[  311.641981][   T10] usb 4-1: USB disconnect, device number 21
[  311.688120][   T10] usblp0: removed
[  312.190937][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  312.226220][ T8526] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.260611][ T8526] 8021q: adding VLAN 0 to HW filter on device team0
[  312.282668][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[  312.289855][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[  312.311041][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[  312.318205][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[  312.327984][ T5169] Bluetooth: hci5: command tx timeout
[  312.505728][ T8628] netlink: 4 bytes leftover after parsing attributes in process `syz.4.631'.
[  312.791035][ T5919] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  312.825438][   T10] usb 4-1: Using ep0 maxpacket: 8
[  312.858447][   T10] usb 4-1: device descriptor read/all, error -71
[  312.899343][   T55] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  312.915018][   T24] usb 1-1: USB disconnect, device number 25
[  313.177303][ T5919] usb 5-1: device descriptor read/64, error -71
[  313.192525][ T8526] 8021q: adding VLAN 0 to HW filter on device batadv0
[  313.206583][   T55] usb 3-1: unable to get BOS descriptor or descriptor too short
[  313.214478][ T8631] nfs: Deprecated parameter 'nointr'
[  313.234572][ T8631] ntfs3(loop0): try to read out of volume at offset 0x0
[  313.668522][   T55] usb 3-1: config 1 has an invalid interface number: 255 but max is 1
[  313.677134][   T55] usb 3-1: config 1 has no interface number 1
[  313.683482][   T55] usb 3-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  313.696575][   T55] usb 3-1: too many endpoints for config 1 interface 255 altsetting 255: 255, using maximum allowed: 30
[  313.707883][   T55] usb 3-1: config 1 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  313.721644][   T55] usb 3-1: config 1 interface 0 has no altsetting 0
[  313.728334][   T55] usb 3-1: config 1 interface 255 has no altsetting 0
[  313.783805][   T55] usb 3-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  313.798162][ T5919] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  313.810931][   T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.820150][   T55] usb 3-1: Product: syz
[  313.826280][   T55] usb 3-1: Manufacturer: syz
[  313.831584][   T55] usb 3-1: SerialNumber: syz
[  313.970602][ T5919] usb 5-1: device descriptor read/64, error -71
[  313.993512][ T8631] netlink: 60 bytes leftover after parsing attributes in process `syz.0.634'.
[  314.103564][ T5919] usb usb5-port1: attempt power cycle
[  314.103729][ T8646] nfs: Deprecated parameter 'nointr'
[  314.420256][   T55] smsusb:smsusb_probe: board id=8, interface number 0
[  314.436941][   T55] smsusb:smsusb_probe: board id=8, interface number 255
[  314.486856][   T55] usb 3-1: USB disconnect, device number 18
[  314.645430][ T8645] netlink: 60 bytes leftover after parsing attributes in process `syz.3.635'.
[  314.668374][ T8526] veth0_vlan: entered promiscuous mode
[  314.696037][ T8526] veth1_vlan: entered promiscuous mode
[  314.759238][ T8526] veth0_macvtap: entered promiscuous mode
[  314.781528][ T5919] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  314.794048][ T8526] veth1_macvtap: entered promiscuous mode
[  314.822531][ T5919] usb 5-1: device descriptor read/8, error -71
[  314.835537][ T8526] batman_adv: batadv0: Interface activated: batadv_slave_0
[  314.865399][ T8526] batman_adv: batadv0: Interface activated: batadv_slave_1
[  314.886782][   T60] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  314.909405][   T60] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  315.025376][   T60] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  315.061111][ T5919] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  315.069062][   T60] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.119644][ T5919] usb 5-1: device descriptor read/8, error -71
[  315.389415][ T5919] usb usb5-port1: unable to enumerate USB device
[  315.747858][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.790674][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.884948][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.894435][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.692810][   T30] audit: type=1400 audit(1757604595.290:476): avc:  denied  { read } for  pid=8668 comm="syz.2.641" name="usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  316.813041][   T30] audit: type=1400 audit(1757604595.290:477): avc:  denied  { open } for  pid=8668 comm="syz.2.641" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  316.905441][   T30] audit: type=1400 audit(1757604595.360:478): avc:  denied  { ioctl } for  pid=8668 comm="syz.2.641" path="/dev/usbmon0" dev="devtmpfs" ino=716 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  316.955454][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  316.963361][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  317.020401][   T30] audit: type=1400 audit(1757604595.500:479): avc:  denied  { read } for  pid=8674 comm="syz.5.606" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  317.135001][ T8686] netlink: 28 bytes leftover after parsing attributes in process `syz.5.642'.
[  317.384434][   T30] audit: type=1400 audit(1757604595.500:480): avc:  denied  { open } for  pid=8674 comm="syz.5.606" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  317.524282][   T30] audit: type=1400 audit(1757604595.540:481): avc:  denied  { shutdown } for  pid=8662 comm="syz.4.639" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  317.568008][   T30] audit: type=1400 audit(1757604595.950:482): avc:  denied  { read write } for  pid=8677 comm="syz.5.642" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  317.628353][   T30] audit: type=1400 audit(1757604595.950:483): avc:  denied  { open } for  pid=8677 comm="syz.5.642" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  318.090806][   T30] audit: type=1400 audit(1757604596.890:484): avc:  denied  { ioctl } for  pid=8695 comm="syz.2.647" path="socket:[21248]" dev="sockfs" ino=21248 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  318.224671][   T56] block nbd3: Possible stuck request ffff888026a0e000: control (read@0,1024B). Runtime 90 seconds
[  318.236306][   T56] block nbd3: Possible stuck request ffff888026a0e1c0: control (read@1024,1024B). Runtime 90 seconds
[  318.247701][   T56] block nbd3: Possible stuck request ffff888026a0e380: control (read@2048,1024B). Runtime 90 seconds
[  318.258931][   T56] block nbd3: Possible stuck request ffff888026a0e540: control (read@3072,1024B). Runtime 90 seconds
[  318.401009][ T8708] netlink: 4 bytes leftover after parsing attributes in process `syz.3.650'.
[  319.551089][   T30] audit: type=1400 audit(1757604597.200:485): avc:  denied  { relabelfrom } for  pid=8703 comm="syz.0.649" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  319.561743][ T8710] FAULT_INJECTION: forcing a failure.
[  319.561743][ T8710] name failslab, interval 1, probability 0, space 0, times 0
[  319.620729][ T8710] CPU: 1 UID: 0 PID: 8710 Comm: syz.2.651 Not tainted syzkaller #0 PREEMPT(full) 
[  319.620747][ T8710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  319.620754][ T8710] Call Trace:
[  319.620758][ T8710]  <TASK>
[  319.620765][ T8710]  dump_stack_lvl+0x16c/0x1f0
[  319.620784][ T8710]  should_fail_ex+0x512/0x640
[  319.620799][ T8710]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[  319.620815][ T8710]  should_failslab+0xc2/0x120
[  319.620827][ T8710]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[  319.620841][ T8710]  ? kvasprintf_const+0x66/0x1a0
[  319.620861][ T8710]  kvasprintf+0xbc/0x160
[  319.620876][ T8710]  ? __pfx_kvasprintf+0x10/0x10
[  319.620893][ T8710]  ? find_held_lock+0x2b/0x80
[  319.620908][ T8710]  ? rcu_read_unlock+0x17/0x60
[  319.620923][ T8710]  kvasprintf_const+0x66/0x1a0
[  319.620940][ T8710]  kobject_set_name_vargs+0x5a/0x140
[  319.620968][ T8710]  dev_set_name+0xc7/0x100
[  319.620987][ T8710]  ? __pfx_dev_set_name+0x10/0x10
[  319.621002][ T8710]  ? rcu_is_watching+0x12/0xc0
[  319.621040][ T8710]  ? rcu_is_watching+0x12/0xc0
[  319.621053][ T8710]  ? trace_kmalloc+0x2b/0xd0
[  319.621066][ T8710]  ? __kmalloc_noprof.cold+0x5c/0x61
[  319.621083][ T8710]  ? wiphy_new_nm+0x797/0x2190
[  319.621099][ T8710]  wiphy_new_nm+0x811/0x2190
[  319.621112][ T8710]  ? __pfx_mac80211_hwsim_add_chanctx+0x10/0x10
[  319.621127][ T8710]  ? __pfx_mac80211_hwsim_change_chanctx+0x10/0x10
[  319.621141][ T8710]  ? __pfx_mac80211_hwsim_remove_chanctx+0x10/0x10
[  319.621155][ T8710]  ieee80211_alloc_hw_nm+0x495/0x2260
[  319.621171][ T8710]  ? __local_bh_enable_ip+0xa4/0x120
[  319.621187][ T8710]  mac80211_hwsim_new_radio+0x1d4/0x54d0
[  319.621211][ T8710]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  319.621227][ T8710]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  319.621249][ T8710]  hwsim_new_radio_nl+0xb51/0x12c0
[  319.621267][ T8710]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  319.621289][ T8710]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  319.621307][ T8710]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  319.621327][ T8710]  genl_family_rcv_msg_doit+0x206/0x2f0
[  319.621345][ T8710]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  319.621367][ T8710]  ? bpf_lsm_capable+0x9/0x10
[  319.621382][ T8710]  ? security_capable+0x7e/0x260
[  319.621397][ T8710]  ? ns_capable+0xd7/0x110
[  319.621411][ T8710]  genl_rcv_msg+0x55c/0x800
[  319.621429][ T8710]  ? __pfx_genl_rcv_msg+0x10/0x10
[  319.621445][ T8710]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  319.621467][ T8710]  netlink_rcv_skb+0x155/0x420
[  319.621482][ T8710]  ? __pfx_genl_rcv_msg+0x10/0x10
[  319.621498][ T8710]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  319.621520][ T8710]  ? netlink_deliver_tap+0x1ae/0xd30
[  319.621536][ T8710]  genl_rcv+0x28/0x40
[  319.621550][ T8710]  netlink_unicast+0x5aa/0x870
[  319.621567][ T8710]  ? __pfx_netlink_unicast+0x10/0x10
[  319.621581][ T8710]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  319.621600][ T8710]  netlink_sendmsg+0x8d1/0xdd0
[  319.621618][ T8710]  ? __pfx_netlink_sendmsg+0x10/0x10
[  319.621638][ T8710]  ____sys_sendmsg+0xa98/0xc70
[  319.621656][ T8710]  ? copy_msghdr_from_user+0x10a/0x160
[  319.621670][ T8710]  ? __pfx_____sys_sendmsg+0x10/0x10
[  319.621693][ T8710]  ___sys_sendmsg+0x134/0x1d0
[  319.621708][ T8710]  ? __pfx____sys_sendmsg+0x10/0x10
[  319.621744][ T8710]  __sys_sendmsg+0x16d/0x220
[  319.621759][ T8710]  ? __pfx___sys_sendmsg+0x10/0x10
[  319.621782][ T8710]  ? rcu_is_watching+0x12/0xc0
[  319.621797][ T8710]  do_syscall_64+0xcd/0x4c0
[  319.621813][ T8710]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.621823][ T8710] RIP: 0033:0x7faffb18eba9
[  319.621834][ T8710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.621845][ T8710] RSP: 002b:00007faffc03b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  319.621856][ T8710] RAX: ffffffffffffffda RBX: 00007faffb3d5fa0 RCX: 00007faffb18eba9
[  319.621863][ T8710] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  319.621870][ T8710] RBP: 00007faffc03b090 R08: 0000000000000000 R09: 0000000000000000
[  319.621877][ T8710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.621883][ T8710] R13: 00007faffb3d6038 R14: 00007faffb3d5fa0 R15: 00007ffc72133f28
[  319.621898][ T8710]  </TASK>
[  319.725585][ T8705] syzkaller0: create flow: hash 2211807192 index 1
[  321.216841][ T8725] netlink: 'syz.5.656': attribute type 2 has an invalid length.
[  321.224704][ T8725] netlink: 68 bytes leftover after parsing attributes in process `syz.5.656'.
[  322.693408][ T8705] syzkaller0: delete flow: hash 2211807192 index 1
[  324.634162][ T8744] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  325.272862][ T8757] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  325.272862][ T8757] The task syz.3.663 (8757) triggered the difference, watch for misbehavior.
[  327.007824][ T8792] netlink: 'syz.4.670': attribute type 4 has an invalid length.
[  327.122058][ T5919] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  327.135591][ T8795] netlink: 'syz.4.670': attribute type 4 has an invalid length.
[  327.311537][ T5919] usb 6-1: Using ep0 maxpacket: 16
[  327.385753][ T5919] usb 6-1: config 0 has an invalid interface number: 64 but max is 0
[  327.431286][ T8796] trusted_key: encrypted_key: insufficient parameters specified
[  327.493902][ T5919] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.624967][ T5919] usb 6-1: config 0 has no interface number 0
[  327.645416][ T5919] usb 6-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  327.723977][ T5919] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.783872][ T5919] usb 6-1: config 0 descriptor??
[  327.818667][ T5919] usb 6-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  327.858361][ T5919] usb 6-1: No valid video chain found.
[  327.919261][ T8801] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  328.149189][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  328.149203][   T30] audit: type=1400 audit(1757604606.950:487): avc:  denied  { setopt } for  pid=8802 comm="syz.0.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  328.199050][   T30] audit: type=1400 audit(1757604606.980:488): avc:  denied  { connect } for  pid=8802 comm="syz.0.674" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  330.077055][ T8817] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  330.511728][ T5926] usb 6-1: USB disconnect, device number 2
[  332.445997][   T30] audit: type=1400 audit(1757604611.240:489): avc:  denied  { read } for  pid=8842 comm="syz.4.682" lport=45045 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  332.450844][ T8846] nfs: Deprecated parameter 'nointr'
[  333.112019][ T5926] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  333.706022][ T8837] netlink: 48 bytes leftover after parsing attributes in process `syz.3.680'.
[  333.717117][ T5926] usb 5-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config
[  333.760638][ T5926] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  333.785327][ T8837] netlink: 60 bytes leftover after parsing attributes in process `syz.3.680'.
[  333.796400][ T5926] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  333.820614][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.836710][ T5926] usb 5-1: Product: syz
[  333.855387][ T5926] usb 5-1: Manufacturer: syz
[  333.993840][ T5926] usb 5-1: SerialNumber: syz
[  334.061132][ T5926] rtl8150 5-1:1.0: couldn't find required endpoints
[  334.068368][ T5926] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  334.126060][ T8868] netlink: 4 bytes leftover after parsing attributes in process `syz.0.686'.
[  334.161271][ T5992] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  334.360708][ T5992] usb 6-1: Using ep0 maxpacket: 8
[  334.390696][   T10] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  334.472483][ T5926] usb 5-1: USB disconnect, device number 17
[  334.479998][ T5992] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  334.500765][ T5992] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  334.521088][ T5992] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  334.669833][   T10] usb 1-1: device descriptor read/64, error -71
[  334.757969][ T8872] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  334.837263][ T5992] usb 6-1: config 250 has no interface number 0
[  334.934817][ T5992] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  334.969623][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  335.002006][ T5992] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0
[  335.012769][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0
[  335.033795][ T5992] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  335.060639][   T10] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  335.105431][ T5992] usb 6-1: config 250 interface 228 has no altsetting 0
[  335.117411][ T5992] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  335.130608][ T5992] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  335.139412][ T5992] usb 6-1: Product: syz
[  335.144025][ T5992] usb 6-1: SerialNumber: syz
[  335.361304][ T5992] hub 6-1:250.228: bad descriptor, ignoring hub
[  335.367844][ T5992] hub 6-1:250.228: probe with driver hub failed with error -5
[  335.732931][   T10] usb 1-1: device descriptor read/64, error -71
[  335.777121][ T5992] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 3 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  335.853546][   T10] usb usb1-port1: attempt power cycle
[  335.861639][ T5926] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  336.032209][ T5926] usb 4-1: Using ep0 maxpacket: 32
[  336.050628][   T30] audit: type=1400 audit(1757604614.850:490): avc:  denied  { read write } for  pid=8863 comm="syz.5.687" name="lp0" dev="devtmpfs" ino=5024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  336.074095][    C1] vkms_vblank_simulate: vblank timer overrun
[  336.110659][ T5926] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  336.119913][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  336.127511][   T30] audit: type=1400 audit(1757604614.850:491): avc:  denied  { open } for  pid=8863 comm="syz.5.687" path="/dev/usb/lp0" dev="devtmpfs" ino=5024 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  336.141606][ T5926] usb 4-1: config 0 descriptor??
[  336.186552][ T5926] gspca_main: nw80x-2.14.0 probing 055f:d001
[  336.187219][   T30] audit: type=1400 audit(1757604614.990:492): avc:  denied  { call } for  pid=8897 comm="syz.2.694" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  336.290628][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  336.371364][   T10] usb 1-1: device descriptor read/8, error -71
[  336.590804][ T5926] gspca_nw80x: reg_r err -71
[  336.595487][ T5926] nw80x 4-1:0.0: probe with driver nw80x failed with error -71
[  336.642087][ T5926] usb 4-1: USB disconnect, device number 24
[  336.650903][   T10] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  336.704024][   T10] usb 1-1: device descriptor read/8, error -71
[  336.761289][ T8864] usb 6-1: reset high-speed USB device number 3 using dummy_hcd
[  336.822871][   T10] usb usb1-port1: unable to enumerate USB device
[  337.087199][   T30] audit: type=1400 audit(1757604615.890:493): avc:  denied  { map } for  pid=8908 comm="syz.2.697" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  337.510837][   T55] usb 6-1: USB disconnect, device number 3
[  337.520185][   T55] usblp0: removed
[  338.298886][ T8939] nfs: Deprecated parameter 'nointr'
[  338.344187][ T8939] ntfs3(loop0): try to read out of volume at offset 0x0
[  338.401241][ T5992] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  338.599077][ T8937] netlink: 48 bytes leftover after parsing attributes in process `syz.0.700'.
[  338.615122][ T8937] netlink: 60 bytes leftover after parsing attributes in process `syz.0.700'.
[  338.737014][ T5992] usb 6-1: Using ep0 maxpacket: 8
[  338.753569][ T5992] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  338.770090][ T5992] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  338.836993][ T5992] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  338.872915][ T5992] usb 6-1: config 250 has no interface number 0
[  338.880653][ T5992] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  338.906738][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  338.961174][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  338.971583][   T55] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  338.998632][ T5992] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  339.078200][ T5992] usb 6-1: config 250 interface 228 has no altsetting 0
[  339.129158][ T5992] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  339.140812][   T55] usb 4-1: Using ep0 maxpacket: 16
[  339.146062][ T5992] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  339.148053][   T55] usb 4-1: unable to get BOS descriptor or descriptor too short
[  339.175995][   T55] usb 4-1: config 0 has an invalid interface number: 232 but max is 0
[  339.188760][   T55] usb 4-1: config 0 has no interface number 0
[  339.194437][ T5992] usb 6-1: Product: syz
[  339.208877][ T5992] usb 6-1: SerialNumber: syz
[  339.216585][   T55] usb 4-1: config 0 interface 232 has no altsetting 0
[  339.324828][ T5992] hub 6-1:250.228: bad descriptor, ignoring hub
[  339.333968][ T5992] hub 6-1:250.228: probe with driver hub failed with error -5
[  339.456700][   T55] usb 4-1: New USB device found, idVendor=06be, idProduct=0800, bcdDevice=ee.23
[  339.468741][   T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.477103][   T55] usb 4-1: Product: syz
[  339.481308][   T55] usb 4-1: Manufacturer: syz
[  339.490613][   T55] usb 4-1: SerialNumber: syz
[  339.501419][   T55] usb 4-1: config 0 descriptor??
[  339.550955][ T5992] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 4 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  339.589621][ T8958] FAULT_INJECTION: forcing a failure.
[  339.589621][ T8958] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.646532][ T5992] usb 6-1: USB disconnect, device number 4
[  339.669694][ T8958] CPU: 1 UID: 0 PID: 8958 Comm: syz.0.707 Not tainted syzkaller #0 PREEMPT(full) 
[  339.669721][ T8958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  339.669732][ T8958] Call Trace:
[  339.669738][ T8958]  <TASK>
[  339.669746][ T8958]  dump_stack_lvl+0x16c/0x1f0
[  339.669779][ T8958]  should_fail_ex+0x512/0x640
[  339.669813][ T8958]  _copy_from_user+0x2e/0xd0
[  339.669843][ T8958]  kstrtouint_from_user+0xd6/0x1d0
[  339.669867][ T8958]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  339.669887][ T8958]  ? __lock_acquire+0xb97/0x1ce0
[  339.669922][ T8958]  ? __pfx___bpf_trace_contention_end+0x10/0x10
[  339.669958][ T8958]  proc_fail_nth_write+0x83/0x220
[  339.669984][ T8958]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  339.670011][ T8958]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  339.670032][ T8958]  vfs_write+0x29d/0x11d0
[  339.670056][ T8958]  ? __pfx___mutex_lock+0x10/0x10
[  339.670079][ T8958]  ? __pfx_vfs_write+0x10/0x10
[  339.670106][ T8958]  ? __fget_files+0x20e/0x3c0
[  339.670138][ T8958]  ksys_write+0x12a/0x250
[  339.670155][ T8958]  ? __pfx_ksys_write+0x10/0x10
[  339.670181][ T8958]  do_syscall_64+0xcd/0x4c0
[  339.670209][ T8958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.670228][ T8958] RIP: 0033:0x7fed89b8d65f
[  339.670245][ T8958] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  339.670264][ T8958] RSP: 002b:00007fed8aacb030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  339.670282][ T8958] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fed89b8d65f
[  339.670294][ T8958] RDX: 0000000000000001 RSI: 00007fed8aacb0a0 RDI: 0000000000000005
[  339.670305][ T8958] RBP: 00007fed8aacb090 R08: 0000000000000000 R09: 0000000000000000
[  339.670317][ T8958] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  339.670328][ T8958] R13: 00007fed89dd6038 R14: 00007fed89dd5fa0 R15: 00007ffd27cccd08
[  339.670353][ T8958]  </TASK>
[  339.860950][    C1] vkms_vblank_simulate: vblank timer overrun
[  339.984490][ T5992] usblp0: removed
[  339.985336][   T55] gspca_main: spca500-2.14.0 probing 06be:0800
[  340.015378][   T55] usb 4-1: USB disconnect, device number 25
[  340.390975][ T5992] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  340.596751][ T5992] usb 6-1: Using ep0 maxpacket: 8
[  340.627380][ T5992] usb 6-1: config index 0 descriptor too short (expected 5924, got 36)
[  340.642498][ T5992] usb 6-1: config 250 has an invalid interface number: 228 but max is -1
[  340.656409][ T5992] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0
[  340.670467][ T5992] usb 6-1: config 250 has no interface number 0
[  340.684853][ T5992] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  340.697264][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  340.715599][ T5992] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  340.727807][ T5992] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  340.744387][ T5992] usb 6-1: config 250 interface 228 has no altsetting 0
[  340.758582][ T5992] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  340.773538][ T5992] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  340.782438][ T5992] usb 6-1: Product: syz
[  340.786854][ T5992] usb 6-1: SerialNumber: syz
[  340.836646][ T5992] hub 6-1:250.228: bad descriptor, ignoring hub
[  340.847874][ T5992] hub 6-1:250.228: probe with driver hub failed with error -5
[  341.043326][ T5992] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 5 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  341.092367][ T5992] usb 6-1: USB disconnect, device number 5
[  341.157982][ T5992] usblp0: removed
[  341.349068][ T8978] input: syz1 as /devices/virtual/input/input9
[  341.398911][ T8978] bond0: (slave bond_slave_0): Releasing backup interface
[  341.410474][ T8978] bond0: (slave bond_slave_1): Releasing backup interface
[  341.431741][ T8978] team0: Port device team_slave_0 removed
[  341.515720][ T8978] team0: Port device team_slave_1 removed
[  341.526099][ T8978] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.535640][ T8978] batman_adv: batadv0: Removing interface: batadv_slave_0
[  341.545605][ T8978] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.565050][ T8978] batman_adv: batadv0: Removing interface: batadv_slave_1
[  341.611847][ T5919] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  341.627773][ T8978] bond1: (slave ip6gretap1): Removing an active aggregator
[  341.637863][ T8978] bond1: (slave ip6gretap1): Releasing backup interface
[  341.970571][ T5926] syz1: Port: 1 Link DOWN
[  342.451537][ T5919] usb 1-1: Using ep0 maxpacket: 16
[  342.686192][ T8992] FAULT_INJECTION: forcing a failure.
[  342.686192][ T8992] name failslab, interval 1, probability 0, space 0, times 0
[  342.724095][ T8992] CPU: 0 UID: 0 PID: 8992 Comm: syz.5.716 Not tainted syzkaller #0 PREEMPT(full) 
[  342.724125][ T8992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  342.724137][ T8992] Call Trace:
[  342.724144][ T8992]  <TASK>
[  342.724152][ T8992]  dump_stack_lvl+0x16c/0x1f0
[  342.724183][ T8992]  should_fail_ex+0x512/0x640
[  342.724219][ T8992]  should_failslab+0xc2/0x120
[  342.724243][ T8992]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  342.724267][ T8992]  ? skb_clone+0x190/0x3f0
[  342.724296][ T8992]  skb_clone+0x190/0x3f0
[  342.724326][ T8992]  netlink_deliver_tap+0xabd/0xd30
[  342.724360][ T8992]  netlink_dump+0xa5f/0xd30
[  342.724389][ T8992]  ? __pfx_netlink_dump+0x10/0x10
[  342.724412][ T8992]  ? rcu_is_watching+0x12/0xc0
[  342.724455][ T8992]  ? kfree_skbmem+0x1a4/0x1f0
[  342.724496][ T8992]  netlink_recvmsg+0x7dc/0xa90
[  342.724524][ T8992]  ? __pfx_netlink_recvmsg+0x10/0x10
[  342.724565][ T8992]  sock_recvmsg+0x1f9/0x250
[  342.724596][ T8992]  ____sys_recvmsg+0x218/0x6b0
[  342.724633][ T8992]  ? __pfx_____sys_recvmsg+0x10/0x10
[  342.724675][ T8992]  ? __lock_acquire+0x62e/0x1ce0
[  342.724712][ T8992]  ___sys_recvmsg+0x114/0x1a0
[  342.724739][ T8992]  ? __pfx____sys_recvmsg+0x10/0x10
[  342.724768][ T8992]  ? find_held_lock+0x2b/0x80
[  342.724812][ T8992]  do_recvmmsg+0x2fe/0x750
[  342.724842][ T8992]  ? __pfx_do_recvmmsg+0x10/0x10
[  342.724875][ T8992]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  342.724913][ T8992]  ? __fget_files+0x20e/0x3c0
[  342.724944][ T8992]  __x64_sys_recvmmsg+0x22a/0x280
[  342.724972][ T8992]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  342.725009][ T8992]  do_syscall_64+0xcd/0x4c0
[  342.725038][ T8992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.725060][ T8992] RIP: 0033:0x7faeb958eba9
[  342.725077][ T8992] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.725097][ T8992] RSP: 002b:00007faeba448038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  342.725117][ T8992] RAX: ffffffffffffffda RBX: 00007faeb97d5fa0 RCX: 00007faeb958eba9
[  342.725131][ T8992] RDX: 0000000000000001 RSI: 0000200000002c00 RDI: 0000000000000003
[  342.725144][ T8992] RBP: 00007faeba448090 R08: 0000000000000000 R09: 0000000000000000
[  342.725157][ T8992] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.725169][ T8992] R13: 00007faeb97d6038 R14: 00007faeb97d5fa0 R15: 00007fff6c0cbd98
[  342.725198][ T8992]  </TASK>
[  342.983811][ T5919] usb 1-1: config 9 has an invalid interface number: 144 but max is 0
[  342.992212][ T5919] usb 1-1: config 9 has no interface number 0
[  342.998306][ T5919] usb 1-1: config 9 interface 144 has no altsetting 0
[  343.008117][ T5919] usb 1-1: New USB device found, idVendor=045e, idProduct=0927, bcdDevice=4b.68
[  343.023215][ T5919] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.031414][ T5919] usb 1-1: Product: syz
[  343.035576][ T5919] usb 1-1: Manufacturer: syz
[  343.040163][ T5919] usb 1-1: SerialNumber: syz
[  343.155205][ T5919] r8152-cfgselector 1-1: Unknown version 0x0000
[  343.380849][ T5926] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  343.384429][   T10] libceph: connect (1)[c::]:6789 error -101
[  343.631502][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  343.641327][ T5926] usb 4-1: Using ep0 maxpacket: 8
[  343.645781][   T10] libceph: connect (1)[c::]:6789 error -101
[  343.652088][ T5926] usb 4-1: config index 0 descriptor too short (expected 5924, got 36)
[  343.668004][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  343.696586][ T5926] usb 4-1: config 250 has an invalid interface number: 228 but max is -1
[  343.796237][ T5926] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0
[  343.819200][ T9001] ceph: No mds server is up or the cluster is laggy
[  343.851241][ T5926] usb 4-1: config 250 has no interface number 0
[  343.886311][ T5926] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  343.921069][ T5926] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  343.935343][ T5926] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  343.946488][   T10] libceph: connect (1)[c::]:6789 error -101
[  343.949176][ T5926] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  343.953661][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  343.970000][ T5926] usb 4-1: config 250 interface 228 has no altsetting 0
[  344.058647][ T5926] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  344.082624][ T9019] netlink: 'syz.5.720': attribute type 2 has an invalid length.
[  344.105925][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  344.119693][ T9019] netlink: 68 bytes leftover after parsing attributes in process `syz.5.720'.
[  344.129301][ T5926] usb 4-1: Product: syz
[  344.139344][ T5926] usb 4-1: SerialNumber: syz
[  344.199975][ T5926] hub 4-1:250.228: bad descriptor, ignoring hub
[  344.231182][ T5926] hub 4-1:250.228: probe with driver hub failed with error -5
[  344.404824][ T5926] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 26 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  344.464145][ T5919] r8152 1-1:9.144: Expected endpoints are not found
[  344.560761][ T5919] r8152-cfgselector 1-1: USB disconnect, device number 30
[  344.592526][ T5926] usb 4-1: USB disconnect, device number 26
[  345.440993][   T10] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  345.451436][ T5926] usblp0: removed
[  345.593967][   T10] usb 3-1: Using ep0 maxpacket: 8
[  345.602914][   T10] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[  345.611418][   T10] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[  345.619849][   T10] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[  345.640630][   T10] usb 3-1: config 250 has no interface number 0
[  345.765339][   T10] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  345.777379][   T10] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  345.783250][ T5926] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  345.787972][   T10] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  345.810659][   T10] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  345.828450][   T10] usb 3-1: config 250 interface 228 has no altsetting 0
[  345.837044][   T10] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  345.846290][   T10] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  345.990590][ T5926] usb 4-1: Using ep0 maxpacket: 8
[  346.284414][   T10] usb 3-1: Product: syz
[  346.288638][   T10] usb 3-1: SerialNumber: syz
[  346.298477][   T10] hub 3-1:250.228: bad descriptor, ignoring hub
[  346.324876][   T10] hub 3-1:250.228: probe with driver hub failed with error -5
[  346.336273][ T5926] usb 4-1: device descriptor read/all, error -71
[  346.770803][   T10] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 19 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  346.877631][   T10] usb 3-1: USB disconnect, device number 19
[  346.902007][   T10] usblp0: removed
[  347.620743][   T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  347.668462][ T9050] netlink: 4 bytes leftover after parsing attributes in process `syz.3.730'.
[  348.197718][ T9056] netlink: 'syz.0.733': attribute type 3 has an invalid length.
[  348.308541][   T56] block nbd3: Possible stuck request ffff888026a0e000: control (read@0,1024B). Runtime 120 seconds
[  348.319356][   T56] block nbd3: Possible stuck request ffff888026a0e1c0: control (read@1024,1024B). Runtime 120 seconds
[  348.330591][   T56] block nbd3: Possible stuck request ffff888026a0e380: control (read@2048,1024B). Runtime 120 seconds
[  348.342132][   T56] block nbd3: Possible stuck request ffff888026a0e540: control (read@3072,1024B). Runtime 120 seconds
[  348.354279][  T978] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  348.952606][  T978] usb 4-1: device descriptor read/64, error -71
[  349.327873][ T9071] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  349.920590][ T5863] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  350.330617][  T978] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  350.386322][ T9075] can: request_module (can-proto-3) failed.
[  350.424544][ T5863] usb 1-1: Using ep0 maxpacket: 8
[  350.440855][ T5863] usb 1-1: config index 0 descriptor too short (expected 5924, got 36)
[  350.449132][ T5863] usb 1-1: config 250 has an invalid interface number: 228 but max is -1
[  350.489937][  T978] usb 4-1: device descriptor read/64, error -71
[  350.600561][ T5863] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0
[  350.625439][  T978] usb usb4-port1: attempt power cycle
[  350.650212][ T5863] usb 1-1: config 250 has no interface number 0
[  350.664995][ T5863] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  350.677468][ T5863] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  350.688532][ T5863] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  350.701454][ T5863] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  350.718177][ T5863] usb 1-1: config 250 interface 228 has no altsetting 0
[  350.728168][ T5863] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  350.755074][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  350.777816][ T5863] usb 1-1: Product: syz
[  350.798977][ T5863] usb 1-1: SerialNumber: syz
[  350.918928][ T5863] hub 1-1:250.228: bad descriptor, ignoring hub
[  350.927307][ T5863] hub 1-1:250.228: probe with driver hub failed with error -5
[  351.050717][  T978] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  351.730845][  T978] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  351.760923][  T978] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  351.789680][ T5863] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 31 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  351.801247][  T978] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  351.900732][  T978] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  351.914742][  T978] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  351.947512][ T5863] usb 1-1: USB disconnect, device number 31
[  352.421202][ T5863] usblp0: removed
[  352.428105][  T978] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  352.449509][  T978] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  352.457724][  T978] usb 4-1: Product: syz
[  352.462414][  T978] usb 4-1: Manufacturer: syz
[  352.482040][  T978] cdc_wdm 4-1:1.0: skipping garbage
[  352.504384][  T978] cdc_wdm 4-1:1.0: skipping garbage
[  352.575950][  T978] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  352.620677][  T978] cdc_wdm 4-1:1.0: Unknown control protocol
[  352.680727][   T30] audit: type=1400 audit(1757604631.490:494): avc:  denied  { read write } for  pid=9082 comm="syz.3.740" name="cdc-wdm0" dev="devtmpfs" ino=5169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  352.839447][   T30] audit: type=1400 audit(1757604631.560:495): avc:  denied  { open } for  pid=9082 comm="syz.3.740" path="/dev/cdc-wdm0" dev="devtmpfs" ino=5169 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  352.890833][ T5863] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  353.412483][ T5863] usb 1-1: Using ep0 maxpacket: 8
[  353.426851][ T5863] usb 1-1: config index 0 descriptor too short (expected 5924, got 36)
[  353.497952][ T5863] usb 1-1: config 250 has an invalid interface number: 228 but max is -1
[  353.630764][  T978] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  353.658788][ T5863] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0
[  353.679835][ T9108] input: syz0 as /devices/virtual/input/input10
[  353.725202][ T5863] usb 1-1: config 250 has no interface number 0
[  353.779772][ T5863] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  353.805648][ T5863] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  353.823387][ T5863] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  353.834733][  T978] usb 6-1: config 0 has an invalid interface number: 128 but max is 0
[  353.843623][  T978] usb 6-1: config 0 has no interface number 0
[  353.850702][ T5863] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  353.865378][ T5863] usb 1-1: config 250 interface 228 has no altsetting 0
[  353.874956][  T978] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  353.886353][ T5863] usb 1-1: string descriptor 0 read error: -71
[  353.892657][  T978] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.902790][ T5863] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  353.912813][  T978] usb 6-1: Product: syz
[  353.924529][  T978] usb 6-1: Manufacturer: syz
[  353.929298][ T5863] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  353.958963][  T978] usb 6-1: SerialNumber: syz
[  353.976334][ T5863] usb 1-1: can't set config #250, error -71
[  353.990051][  T978] usb 6-1: config 0 descriptor??
[  354.007974][ T5863] usb 1-1: USB disconnect, device number 32
[  354.436054][ T5863] usb 4-1: USB disconnect, device number 31
[  354.867131][   T30] audit: type=1400 audit(1757604633.670:496): avc:  denied  { block_suspend } for  pid=9116 comm="syz.2.751" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  355.129337][  T978] usb 6-1: non-Atmel transceiver xxxx8de1
[  355.342217][  T978] usb 6-1: Firmware version (0.0) predates our first public release.
[  355.352674][  T978] usb 6-1: Please update to version 0.2 or newer
[  355.359617][  T978] usb 6-1: atusb_probe: initialization failed, error = -19
[  355.376370][  T978] usb 6-1: USB disconnect, device number 6
[  356.780873][ T5926] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  356.841586][ T9145] FAULT_INJECTION: forcing a failure.
[  356.841586][ T9145] name failslab, interval 1, probability 0, space 0, times 0
[  356.867035][ T9145] CPU: 1 UID: 0 PID: 9145 Comm: syz.0.761 Not tainted syzkaller #0 PREEMPT(full) 
[  356.867066][ T9145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  356.867078][ T9145] Call Trace:
[  356.867086][ T9145]  <TASK>
[  356.867094][ T9145]  dump_stack_lvl+0x16c/0x1f0
[  356.867132][ T9145]  should_fail_ex+0x512/0x640
[  356.867158][ T9145]  ? fs_reclaim_acquire+0xae/0x150
[  356.867188][ T9145]  ? tomoyo_encode2+0x100/0x3e0
[  356.867217][ T9145]  should_failslab+0xc2/0x120
[  356.867242][ T9145]  __kmalloc_noprof+0xd2/0x510
[  356.867263][ T9145]  ? d_absolute_path+0x136/0x1a0
[  356.867299][ T9145]  tomoyo_encode2+0x100/0x3e0
[  356.867333][ T9145]  tomoyo_encode+0x29/0x50
[  356.867362][ T9145]  tomoyo_realpath_from_path+0x18f/0x6e0
[  356.867402][ T9145]  tomoyo_path_number_perm+0x245/0x580
[  356.867428][ T9145]  ? tomoyo_path_number_perm+0x237/0x580
[  356.867458][ T9145]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  356.867487][ T9145]  ? find_held_lock+0x2b/0x80
[  356.867541][ T9145]  ? find_held_lock+0x2b/0x80
[  356.867565][ T9145]  ? hook_file_ioctl_common+0x145/0x410
[  356.867595][ T9145]  ? __fget_files+0x20e/0x3c0
[  356.867623][ T9145]  security_file_ioctl+0x9b/0x240
[  356.867656][ T9145]  __x64_sys_ioctl+0xb7/0x210
[  356.867689][ T9145]  do_syscall_64+0xcd/0x4c0
[  356.867719][ T9145]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.867740][ T9145] RIP: 0033:0x7fed89b8eba9
[  356.867757][ T9145] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.867777][ T9145] RSP: 002b:00007fed8aacb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  356.867798][ T9145] RAX: ffffffffffffffda RBX: 00007fed89dd5fa0 RCX: 00007fed89b8eba9
[  356.867811][ T9145] RDX: 0000020000000008 RSI: 00000000400455cb RDI: 0000000000000003
[  356.867824][ T9145] RBP: 00007fed8aacb090 R08: 0000000000000000 R09: 0000000000000000
[  356.867836][ T9145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.867848][ T9145] R13: 00007fed89dd6038 R14: 00007fed89dd5fa0 R15: 00007ffd27cccd08
[  356.867877][ T9145]  </TASK>
[  357.073130][    C1] vkms_vblank_simulate: vblank timer overrun
[  357.081509][ T9145] ERROR: Out of memory at tomoyo_realpath_from_path.
[  357.312298][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  357.322179][ T5926] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  357.386471][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  357.434692][ T5926] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  357.474451][ T5926] usb 3-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  357.483622][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.512068][ T5926] usb 3-1: config 0 descriptor??
[  357.843154][ T5926] hdpvr 3-1:0.0: firmware version 0x51 dated 
[  357.863600][ T5926] hdpvr 3-1:0.0: untested firmware, the driver might not work.
[  358.185087][   T30] audit: type=1400 audit(1757604636.920:497): avc:  denied  { connect } for  pid=9154 comm="syz.3.764" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  358.506031][ T9159] : Can't lookup blockdev
[  358.628416][ T9160] netlink: 36 bytes leftover after parsing attributes in process `syz.0.763'.
[  358.896917][ T5926] hdpvr 3-1:0.0: Could not setup controls
[  358.919913][ T5926] hdpvr 3-1:0.0: registering videodev failed
[  359.290349][ T5926] hdpvr 3-1:0.0: probe with driver hdpvr failed with error -71
[  359.432104][ T5926] usb 3-1: USB disconnect, device number 21
[  359.509862][ T9166] : Can't lookup blockdev
[  359.611135][   T10] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  359.661350][   T30] audit: type=1400 audit(1757604638.440:498): avc:  denied  { write } for  pid=9171 comm="syz.0.768" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  359.890794][   T10] usb 6-1: device descriptor read/64, error -71
[  360.230685][   T10] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  360.303596][ T9182] binder: 9175:9182 ioctl 4018620d 0 returned -22
[  360.417272][ T9183] binder: 9175:9183 ioctl c0306201 0 returned -14
[  360.442338][ T9183] binder: 9175:9183 ioctl 0 2000000002c0 returned -22
[  360.491211][ T9183] netlink: 16 bytes leftover after parsing attributes in process `syz.4.771'.
[  360.603576][   T10] usb 6-1: device descriptor read/64, error -71
[  360.660777][ T5863] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  360.750964][   T10] usb usb6-port1: attempt power cycle
[  360.821300][   T43] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  360.875401][ T5863] usb 1-1: Using ep0 maxpacket: 16
[  360.939343][ T5863] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  360.965145][ T5863] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  360.990796][ T5926] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  360.998932][ T5863] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  361.003214][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  361.008354][ T5863] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.031535][ T5863] usb 1-1: Product: syz
[  361.036081][ T5863] usb 1-1: Manufacturer: syz
[  361.047162][   T43] usb 4-1: not running at top speed; connect to a high speed hub
[  361.047317][ T5863] usb 1-1: SerialNumber: syz
[  361.070629][ T5863] usb 1-1: config 0 descriptor??
[  361.075135][   T43] usb 4-1: config 1 interface 0 altsetting 2 endpoint 0x81 has invalid maxpacket 1007, setting to 64
[  361.080277][ T5863] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  361.091232][   T43] usb 4-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  361.096010][   T10] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  361.112926][   T43] usb 4-1: config 1 interface 0 has no altsetting 0
[  361.126937][ T5863] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  361.137216][   T43] usb 4-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.40
[  361.146824][ T5926] usb 3-1: Using ep0 maxpacket: 32
[  361.151420][   T10] usb 6-1: device descriptor read/8, error -71
[  361.159665][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.171885][ T5926] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  361.180001][ T5926] usb 3-1: config 0 has no interface number 0
[  361.186424][   T43] usb 4-1: Product: syz
[  361.190650][   T43] usb 4-1: Manufacturer: syz
[  361.195270][   T43] usb 4-1: SerialNumber: syz
[  361.200727][ T5926] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  361.218106][ T9179] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22
[  361.230560][ T5926] usb 3-1: config 0 interface 85 has no altsetting 0
[  361.241474][ T5926] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  361.251078][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.259086][ T5926] usb 3-1: Product: syz
[  361.270855][ T5926] usb 3-1: Manufacturer: syz
[  361.450639][ T5926] usb 3-1: SerialNumber: syz
[  361.458950][ T5926] usb 3-1: config 0 descriptor??
[  361.600662][   T10] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  361.621328][   T10] usb 6-1: device descriptor read/8, error -71
[  361.741145][   T10] usb usb6-port1: unable to enumerate USB device
[  361.854103][ T5863] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  361.861438][ T5863] em28xx 1-1:0.0: Config register raw data: 0x24
[  361.870310][ T5863] em28xx 1-1:0.0: I2S Audio (1 sample rate(s))
[  361.886283][ T5863] em28xx 1-1:0.0: No AC97 audio processor
[  362.074915][ T5863] usb 1-1: USB disconnect, device number 33
[  362.084789][ T5926] appletouch 3-1:0.85: Geyser mode initialized.
[  362.117987][ T5926] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input11
[  362.354743][   T30] audit: type=1400 audit(1757604641.160:499): avc:  denied  { name_bind } for  pid=9184 comm="syz.2.773" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  363.782493][   T43] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input12
[  363.820376][   T43] usb 4-1: USB disconnect, device number 32
[  363.820409][    C0] pxrc 4-1:1.0: pxrc_usb_irq - usb_submit_urb failed with result: -19
[  364.385958][ T5919] usb 3-1: USB disconnect, device number 22
[  364.394613][   T30] audit: type=1400 audit(1757604643.200:500): avc:  denied  { module_request } for  pid=9207 comm="syz.0.779" kmod="netdev-syzkaller0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  364.428597][ T5919] appletouch 3-1:0.85: input: appletouch disconnected
[  365.304386][ T9220] nfs: Deprecated parameter 'nointr'
[  365.340123][ T9220] ntfs3(loop5): try to read out of volume at offset 0x0
[  365.369911][ T9212] : Can't lookup blockdev
[  366.116871][ T9230] netlink: 48 bytes leftover after parsing attributes in process `syz.5.780'.
[  366.133459][ T9230] netlink: 60 bytes leftover after parsing attributes in process `syz.5.780'.
[  366.253883][ T9212] netlink: 36 bytes leftover after parsing attributes in process `syz.3.778'.
[  367.451099][ T9238] netlink: 12 bytes leftover after parsing attributes in process `syz.2.786'.
[  367.460089][ T9238] netlink: 48 bytes leftover after parsing attributes in process `syz.2.786'.
[  368.111172][ T9255] netlink: 4 bytes leftover after parsing attributes in process `syz.3.788'.
[  368.555349][ T5863] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  368.740600][ T5863] usb 4-1: device descriptor read/64, error -71
[  368.980630][ T5863] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  369.110744][ T5863] usb 4-1: device descriptor read/64, error -71
[  369.281655][ T5863] usb usb4-port1: attempt power cycle
[  370.580599][ T5863] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  370.641900][ T9276] loop6: detected capacity change from 0 to 7
[  371.230719][ T5863] usb 4-1: device descriptor read/8, error -71
[  371.245328][ T9276] Dev loop6: unable to read RDB block 7
[  371.296655][ T9276]  loop6: unable to read partition table
[  371.315839][ T9276] loop6: partition table beyond EOD, truncated
[  371.325276][ T9276] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  371.810912][ T5863] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  371.832236][ T9298] loop2: detected capacity change from 0 to 7
[  371.862149][ T5863] usb 4-1: Using ep0 maxpacket: 32
[  371.878289][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.900221][ T5977] Dev loop2: unable to read RDB block 7
[  371.922652][ T5977]  loop2: unable to read partition table
[  371.938795][ T5977] loop2: partition table beyond EOD, truncated
[  372.120338][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.363476][ T9298] Dev loop2: unable to read RDB block 7
[  372.390856][ T9298]  loop2: unable to read partition table
[  372.400642][ T5863] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  372.422410][ T9298] loop2: partition table beyond EOD, truncated
[  372.437043][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.448963][ T9298] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  372.483630][ T5219] Dev loop2: unable to read RDB block 7
[  372.689538][ T5863] usb 4-1: config 0 descriptor??
[  372.704285][ T5219]  loop2: unable to read partition table
[  372.710193][ T5219] loop2: partition table beyond EOD, truncated
[  372.757069][   T30] audit: type=1400 audit(1757604651.551:501): avc:  denied  { bind } for  pid=9302 comm="syz.2.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  372.781141][   T30] audit: type=1400 audit(1757604651.551:502): avc:  denied  { listen } for  pid=9302 comm="syz.2.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  373.105424][ T5860] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  373.450672][ T5860] usb 3-1: Using ep0 maxpacket: 8
[  373.473231][ T5863] hid_parser_main: 7 callbacks suppressed
[  373.473251][ T5863] ft260 0003:0403:6030.0003: unknown main item tag 0x7
[  373.487388][ T5860] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  373.509728][ T5860] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  373.555055][ T5860] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  373.572720][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.587029][ T5860] usb 3-1: Product: syz
[  373.592207][ T5860] usb 3-1: Manufacturer: syz
[  373.597690][ T5860] usb 3-1: SerialNumber: syz
[  373.608266][ T5860] usb 3-1: config 0 descriptor??
[  374.402139][ T5860] streamzap 3-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  374.410747][ T5863] ft260 0003:0403:6030.0003: chip code: 6424 8183
[  374.726808][ T5863] ft260 0003:0403:6030.0003: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.3-1/input0
[  375.124788][ T9329] netlink: 'syz.0.809': attribute type 4 has an invalid length.
[  375.133954][ T9288] QAT: failed to copy from user.
[  375.140325][ T5863] ft260 0003:0403:6030.0003: failed to retrieve status: -71
[  375.143030][ T5919] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  375.162184][ T9329] netlink: 'syz.0.809': attribute type 2 has an invalid length.
[  375.170743][ T5863] ft260 0003:0403:6030.0003: failed to reset I2C controller: -71
[  375.237348][ T5863] usb 4-1: USB disconnect, device number 36
[  375.333673][ T5919] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  375.367750][ T5919] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.395390][ T5919] usb 6-1: Product: syz
[  375.404695][ T5919] usb 6-1: Manufacturer: syz
[  375.416734][ T5919] usb 6-1: SerialNumber: syz
[  375.679453][   T24] usb 3-1: USB disconnect, device number 23
[  375.865468][ T9336] netlink: 4 bytes leftover after parsing attributes in process `syz.0.810'.
[  376.530616][ T5863] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  377.583227][ T5863] usb 1-1: device descriptor read/64, error -71
[  377.920618][ T5863] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  377.930433][ T5919] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  377.970243][ T5919] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  377.993038][ T5919] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  378.124941][ T5919] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[  378.199283][ T5863] usb 1-1: device descriptor read/64, error -71
[  378.384022][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.390351][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.397222][   T56] block nbd3: Possible stuck request ffff888026a0e000: control (read@0,1024B). Runtime 150 seconds
[  378.421750][   T56] block nbd3: Possible stuck request ffff888026a0e1c0: control (read@1024,1024B). Runtime 150 seconds
[  378.433053][   T56] block nbd3: Possible stuck request ffff888026a0e380: control (read@2048,1024B). Runtime 150 seconds
[  378.446178][   T56] block nbd3: Possible stuck request ffff888026a0e540: control (read@3072,1024B). Runtime 150 seconds
[  378.491546][ T5863] usb usb1-port1: attempt power cycle
[  378.515377][ T5919] usb 6-1: USB disconnect, device number 11
[  378.640909][   T24] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  378.874670][ T9360] nfs: Deprecated parameter 'nointr'
[  379.180907][   T24] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee
[  379.276508][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.874996][   T24] usb 3-1: config 0 descriptor??
[  379.913043][ T9366] : Can't lookup blockdev
[  380.014030][   T10] IPVS: starting estimator thread 0...
[  380.020025][ T9367] netlink: 36 bytes leftover after parsing attributes in process `syz.5.815'.
[  380.038654][ T9359] netlink: 48 bytes leftover after parsing attributes in process `syz.0.816'.
[  380.048842][ T9359] netlink: 60 bytes leftover after parsing attributes in process `syz.0.816'.
[  380.063868][   T24] usb 3-1: selecting invalid altsetting 1
[  380.230711][ T9368] IPVS: using max 45 ests per chain, 108000 per kthread
[  380.371471][ T9351] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  380.380099][ T9351] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  380.648473][ T9370] netlink: 48 bytes leftover after parsing attributes in process `syz.3.818'.
[  380.658453][ T9370] netlink: 60 bytes leftover after parsing attributes in process `syz.3.818'.
[  380.873356][   T24] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22
[  380.892632][ T5977] udevd[5977]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  380.966608][   T24] usb 3-1: USB disconnect, device number 24
[  384.670216][ T9415] nfs: Deprecated parameter 'nointr'
[  385.738693][ T9411] netlink: 48 bytes leftover after parsing attributes in process `syz.5.827'.
[  385.763153][ T5919] libceph: connect (1)[c::]:6789 error -101
[  385.769293][ T5919] libceph: mon0 (1)[c::]:6789 connect error
[  385.781961][ T9411] netlink: 60 bytes leftover after parsing attributes in process `syz.5.827'.
[  385.796295][ T9421] ceph: No mds server is up or the cluster is laggy
[  386.280708][ T5919] libceph: connect (1)[c::]:6789 error -101
[  386.286833][ T5919] libceph: mon0 (1)[c::]:6789 connect error
[  386.410576][ T9436] ntfs3(loop0): try to read out of volume at offset 0x0
[  386.556009][ T9438] netlink: 48 bytes leftover after parsing attributes in process `syz.0.833'.
[  386.578195][ T9438] netlink: 60 bytes leftover after parsing attributes in process `syz.0.833'.
[  387.125190][ T9446] QAT: failed to copy from user.
[  388.163012][ T9458] netlink: 4 bytes leftover after parsing attributes in process `syz.4.839'.
[  388.770007][ T5863] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  389.209710][ T5863] usb 5-1: device descriptor read/64, error -71
[  389.554026][ T5863] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  389.724128][ T5863] usb 5-1: device descriptor read/64, error -71
[  389.732967][ T9471] FAULT_INJECTION: forcing a failure.
[  389.732967][ T9471] name failslab, interval 1, probability 0, space 0, times 0
[  389.745643][ T9471] CPU: 1 UID: 0 PID: 9471 Comm: syz.0.843 Not tainted syzkaller #0 PREEMPT(full) 
[  389.745659][ T9471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  389.745666][ T9471] Call Trace:
[  389.745670][ T9471]  <TASK>
[  389.745675][ T9471]  dump_stack_lvl+0x16c/0x1f0
[  389.745695][ T9471]  should_fail_ex+0x512/0x640
[  389.745710][ T9471]  ? fs_reclaim_acquire+0xae/0x150
[  389.745727][ T9471]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  389.745744][ T9471]  should_failslab+0xc2/0x120
[  389.745757][ T9471]  __kmalloc_noprof+0xd2/0x510
[  389.745772][ T9471]  tomoyo_realpath_from_path+0xc2/0x6e0
[  389.745790][ T9471]  ? tomoyo_profile+0x47/0x60
[  389.745803][ T9471]  tomoyo_path_number_perm+0x245/0x580
[  389.745816][ T9471]  ? tomoyo_path_number_perm+0x237/0x580
[  389.745831][ T9471]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  389.745846][ T9471]  ? find_held_lock+0x2b/0x80
[  389.745874][ T9471]  ? find_held_lock+0x2b/0x80
[  389.745886][ T9471]  ? hook_file_ioctl_common+0x145/0x410
[  389.745901][ T9471]  ? __fget_files+0x20e/0x3c0
[  389.745917][ T9471]  security_file_ioctl+0x9b/0x240
[  389.745934][ T9471]  __x64_sys_ioctl+0xb7/0x210
[  389.745952][ T9471]  do_syscall_64+0xcd/0x4c0
[  389.745968][ T9471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  389.745980][ T9471] RIP: 0033:0x7fed89b8eba9
[  389.745989][ T9471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  389.746000][ T9471] RSP: 002b:00007fed8aa89038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  389.746011][ T9471] RAX: ffffffffffffffda RBX: 00007fed89dd6180 RCX: 00007fed89b8eba9
[  389.746018][ T9471] RDX: 00002000000000c0 RSI: 0000000080045503 RDI: 0000000000000003
[  389.746025][ T9471] RBP: 00007fed8aa89090 R08: 0000000000000000 R09: 0000000000000000
[  389.746031][ T9471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  389.746038][ T9471] R13: 00007fed89dd6218 R14: 00007fed89dd6180 R15: 00007ffd27cccd08
[  389.746054][ T9471]  </TASK>
[  389.746058][ T9471] ERROR: Out of memory at tomoyo_realpath_from_path.
[  389.960745][ T5863] usb usb5-port1: attempt power cycle
[  390.340674][ T5863] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  390.442965][ T5863] usb 5-1: device descriptor read/8, error -71
[  390.761901][ T5863] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  390.808541][ T5863] usb 5-1: device descriptor read/8, error -71
[  390.890779][   T30] audit: type=1400 audit(1757604669.681:503): avc:  denied  { read write } for  pid=9481 comm="syz.0.846" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  390.932344][ T9482] netlink: 'syz.0.846': attribute type 1 has an invalid length.
[  390.940060][ T9482] netlink: 3 bytes leftover after parsing attributes in process `syz.0.846'.
[  390.997654][ T5863] usb usb5-port1: unable to enumerate USB device
[  391.025923][   T30] audit: type=1400 audit(1757604669.681:504): avc:  denied  { open } for  pid=9481 comm="syz.0.846" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  391.099612][   T30] audit: type=1400 audit(1757604669.681:505): avc:  denied  { ioctl } for  pid=9481 comm="syz.0.846" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x1286 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  392.634711][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.848'.
[  392.644325][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.848'.
[  392.675621][ T9510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.848'.
[  392.685727][ T9510] netlink: 'syz.4.848': attribute type 5 has an invalid length.
[  395.432600][ T9542] netlink: 12 bytes leftover after parsing attributes in process `syz.3.860'.
[  395.500674][ T5926] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  395.709375][ T5926] usb 6-1: Using ep0 maxpacket: 32
[  395.792928][ T5926] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  395.867421][ T5926] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.910429][ T5926] usb 6-1: config 0 descriptor??
[  395.968760][ T5926] gspca_main: sq930x-2.14.0 probing 041e:403c
[  396.371332][ T9537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  396.380905][ T9537] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  396.810980][ T5926] gspca_sq930x: reg_r 001f failed -110
[  396.833696][ T5926] sq930x 6-1:0.0: probe with driver sq930x failed with error -110
[  397.689233][ T5863] usb 6-1: USB disconnect, device number 12
[  398.989850][ T9582] ntfs3(loop2): try to read out of volume at offset 0x0
[  399.131463][ T9595] netlink: 48 bytes leftover after parsing attributes in process `syz.2.870'.
[  399.624075][ T9590] netlink: 60 bytes leftover after parsing attributes in process `syz.2.870'.
[  399.818427][   T30] audit: type=1400 audit(1757604678.621:506): avc:  denied  { append } for  pid=9602 comm="syz.5.874" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  400.457218][ T9616] netlink: 8 bytes leftover after parsing attributes in process `syz.4.877'.
[  400.758751][   T30] audit: type=1400 audit(1757604679.561:507): avc:  denied  { mounton } for  pid=9619 comm="syz.0.878" path="/proc/645/cgroup" dev="proc" ino=26031 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1
[  400.827301][   T30] audit: type=1400 audit(1757604679.561:508): avc:  denied  { unmount } for  pid=9619 comm="syz.0.878" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=filesystem permissive=1
[  400.847982][   T36] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  400.865575][ T6323] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  400.875277][ T6323] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  400.941964][   T30] audit: type=1400 audit(1757604679.701:509): avc:  denied  { write } for  pid=9602 comm="syz.5.874" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  401.007668][   T30] audit: type=1400 audit(1757604679.711:510): avc:  denied  { remount } for  pid=9602 comm="syz.5.874" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  401.010100][ T6323] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  401.307650][   T30] audit: type=1400 audit(1757604680.111:511): avc:  denied  { create } for  pid=9627 comm="syz.4.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  401.351203][ T9628] netlink: 24 bytes leftover after parsing attributes in process `syz.4.880'.
[  401.379229][ T9635] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  401.399129][   T30] audit: type=1400 audit(1757604680.141:512): avc:  denied  { ioctl } for  pid=9627 comm="syz.4.880" path="socket:[26668]" dev="sockfs" ino=26668 ioctlcmd=0x894c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  401.474055][ T9635] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  401.611919][ T5926] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  402.720545][ T9661] ntfs3(loop5): try to read out of volume at offset 0x0
[  403.119857][ T9657] netlink: 60 bytes leftover after parsing attributes in process `syz.5.886'.
[  404.446352][ T9679] FAULT_INJECTION: forcing a failure.
[  404.446352][ T9679] name failslab, interval 1, probability 0, space 0, times 0
[  404.459503][ T9679] CPU: 1 UID: 0 PID: 9679 Comm: syz.5.890 Not tainted syzkaller #0 PREEMPT(full) 
[  404.459530][ T9679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  404.459542][ T9679] Call Trace:
[  404.459549][ T9679]  <TASK>
[  404.459557][ T9679]  dump_stack_lvl+0x16c/0x1f0
[  404.459586][ T9679]  should_fail_ex+0x512/0x640
[  404.459610][ T9679]  ? fs_reclaim_acquire+0xae/0x150
[  404.459636][ T9679]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  404.459664][ T9679]  should_failslab+0xc2/0x120
[  404.459686][ T9679]  __kmalloc_noprof+0xd2/0x510
[  404.459710][ T9679]  tomoyo_realpath_from_path+0xc2/0x6e0
[  404.459740][ T9679]  ? tomoyo_profile+0x47/0x60
[  404.459760][ T9679]  tomoyo_path_number_perm+0x245/0x580
[  404.459783][ T9679]  ? tomoyo_path_number_perm+0x237/0x580
[  404.459808][ T9679]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  404.459832][ T9679]  ? lockdep_hardirqs_on+0x7c/0x110
[  404.459880][ T9679]  ? find_held_lock+0x2b/0x80
[  404.459902][ T9679]  ? hook_file_ioctl_common+0x145/0x410
[  404.459928][ T9679]  ? __fget_files+0x20e/0x3c0
[  404.459952][ T9679]  security_file_ioctl+0x9b/0x240
[  404.459980][ T9679]  __x64_sys_ioctl+0xb7/0x210
[  404.460010][ T9679]  do_syscall_64+0xcd/0x4c0
[  404.460036][ T9679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.460055][ T9679] RIP: 0033:0x7faeb958eba9
[  404.460070][ T9679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.460087][ T9679] RSP: 002b:00007faeba406038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  404.460105][ T9679] RAX: ffffffffffffffda RBX: 00007faeb97d6180 RCX: 00007faeb958eba9
[  404.460117][ T9679] RDX: 0000200000000180 RSI: 0000000040946400 RDI: 0000000000000007
[  404.460128][ T9679] RBP: 00007faeba406090 R08: 0000000000000000 R09: 0000000000000000
[  404.460140][ T9679] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.460150][ T9679] R13: 00007faeb97d6218 R14: 00007faeb97d6180 R15: 00007fff6c0cbd98
[  404.460176][ T9679]  </TASK>
[  404.657470][ T9679] ERROR: Out of memory at tomoyo_realpath_from_path.
[  405.361631][ T9684] Invalid logical block size (8)
[  406.435593][   T30] audit: type=1400 audit(1757604685.241:513): avc:  denied  { connect } for  pid=9691 comm="syz.5.894" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  406.526881][ T9695] netlink: 'syz.4.893': attribute type 9 has an invalid length.
[  406.638720][ T9696] netlink: 8 bytes leftover after parsing attributes in process `syz.2.888'.
[  406.732620][ T9697] netlink: 8 bytes leftover after parsing attributes in process `syz.5.894'.
[  407.353193][ T9702] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  407.438093][   T30] audit: type=1400 audit(1757604686.241:514): avc:  denied  { listen } for  pid=9705 comm="syz.5.897" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  408.284516][ T9714] ntfs3(loop2): try to read out of volume at offset 0x0
[  408.572340][   T56] block nbd3: Possible stuck request ffff888026a0e000: control (read@0,1024B). Runtime 180 seconds
[  408.583130][   T56] block nbd3: Possible stuck request ffff888026a0e1c0: control (read@1024,1024B). Runtime 180 seconds
[  408.594190][   T56] block nbd3: Possible stuck request ffff888026a0e380: control (read@2048,1024B). Runtime 180 seconds
[  408.605184][   T56] block nbd3: Possible stuck request ffff888026a0e540: control (read@3072,1024B). Runtime 180 seconds
[  408.793970][ T9720] netlink: 48 bytes leftover after parsing attributes in process `syz.2.899'.
[  408.803523][ T9720] netlink: 60 bytes leftover after parsing attributes in process `syz.2.899'.
[  408.960978][ T9728] fuse: Bad value for 'user_id'
[  408.965920][ T9728] fuse: Bad value for 'user_id'
[  408.983405][ T9727] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3597 sclass=netlink_route_socket pid=9727 comm=syz.5.902
[  409.016152][ T9728] hub 9-0:1.0: USB hub found
[  409.201489][ T9728] hub 9-0:1.0: 1 port detected
[  410.021987][ T9741] loop6: detected capacity change from 0 to 7
[  410.043487][ T9741] Dev loop6: unable to read RDB block 7
[  410.061500][ T9741]  loop6: AHDI p3 p4
[  410.071673][ T9741] loop6: partition table partially beyond EOD, truncated
[  410.091677][ T9741] loop6: p3 start 1886353253 is beyond EOD, truncated
[  410.338924][   T30] audit: type=1400 audit(1757604689.071:515): avc:  denied  { getopt } for  pid=9742 comm="syz.4.906" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  411.873834][ T9761] loop6: detected capacity change from 0 to 7
[  412.695363][ T9761] Dev loop6: unable to read RDB block 7
[  412.705814][ T9761]  loop6: unable to read partition table
[  412.714711][ T9761] loop6: partition table beyond EOD, truncated
[  412.808378][ T9761] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  413.090768][   T30] audit: type=1400 audit(1757604691.891:516): avc:  denied  { create } for  pid=9766 comm="syz.2.912" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  413.483814][   T30] audit: type=1400 audit(1757604692.281:517): avc:  denied  { append } for  pid=9773 comm="syz.4.914" name="001" dev="devtmpfs" ino=745 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  413.621492][ T9781] FAULT_INJECTION: forcing a failure.
[  413.621492][ T9781] name failslab, interval 1, probability 0, space 0, times 0
[  413.645177][ T9781] CPU: 1 UID: 0 PID: 9781 Comm: syz.0.916 Not tainted syzkaller #0 PREEMPT(full) 
[  413.645204][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  413.645216][ T9781] Call Trace:
[  413.645223][ T9781]  <TASK>
[  413.645231][ T9781]  dump_stack_lvl+0x16c/0x1f0
[  413.645262][ T9781]  should_fail_ex+0x512/0x640
[  413.645288][ T9781]  ? fs_reclaim_acquire+0xae/0x150
[  413.645317][ T9781]  ? tomoyo_encode2+0x100/0x3e0
[  413.645345][ T9781]  should_failslab+0xc2/0x120
[  413.645369][ T9781]  __kmalloc_noprof+0xd2/0x510
[  413.645391][ T9781]  ? d_absolute_path+0x136/0x1a0
[  413.645431][ T9781]  tomoyo_encode2+0x100/0x3e0
[  413.645466][ T9781]  tomoyo_encode+0x29/0x50
[  413.645494][ T9781]  tomoyo_realpath_from_path+0x18f/0x6e0
[  413.645534][ T9781]  tomoyo_path_number_perm+0x245/0x580
[  413.645560][ T9781]  ? tomoyo_path_number_perm+0x237/0x580
[  413.645589][ T9781]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  413.645620][ T9781]  ? find_held_lock+0x2b/0x80
[  413.645671][ T9781]  ? find_held_lock+0x2b/0x80
[  413.645694][ T9781]  ? hook_file_ioctl_common+0x145/0x410
[  413.645723][ T9781]  ? __fget_files+0x20e/0x3c0
[  413.645750][ T9781]  security_file_ioctl+0x9b/0x240
[  413.645782][ T9781]  __x64_sys_ioctl+0xb7/0x210
[  413.645814][ T9781]  do_syscall_64+0xcd/0x4c0
[  413.645843][ T9781]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  413.645864][ T9781] RIP: 0033:0x7fed89b8eba9
[  413.645880][ T9781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  413.645899][ T9781] RSP: 002b:00007fed8aacb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  413.645918][ T9781] RAX: ffffffffffffffda RBX: 00007fed89dd5fa0 RCX: 00007fed89b8eba9
[  413.645932][ T9781] RDX: 0000200000000380 RSI: 0000000000003ba0 RDI: 0000000000000003
[  413.645944][ T9781] RBP: 00007fed8aacb090 R08: 0000000000000000 R09: 0000000000000000
[  413.645957][ T9781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  413.645969][ T9781] R13: 00007fed89dd6038 R14: 00007fed89dd5fa0 R15: 00007ffd27cccd08
[  413.645998][ T9781]  </TASK>
[  413.646308][ T9781] ERROR: Out of memory at tomoyo_realpath_from_path.
[  414.885093][   T30] audit: type=1400 audit(1757604693.691:518): avc:  denied  { read write } for  pid=9792 comm="syz.3.920" name="mouse0" dev="devtmpfs" ino=948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  414.916191][ T9795] netlink: 256 bytes leftover after parsing attributes in process `syz.0.921'.
[  414.925925][ T9795] netlink: 56 bytes leftover after parsing attributes in process `syz.0.921'.
[  414.993314][   T30] audit: type=1400 audit(1757604693.691:519): avc:  denied  { open } for  pid=9792 comm="syz.3.920" path="/dev/input/mouse0" dev="devtmpfs" ino=948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  415.061498][   T30] audit: type=1400 audit(1757604693.831:520): avc:  denied  { mount } for  pid=9794 comm="syz.2.918" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  415.146293][   T30] audit: type=1400 audit(1757604693.831:521): avc:  denied  { module_load } for  pid=9794 comm="syz.2.918" path="/sys/power/wakeup_count" dev="sysfs" ino=1412 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[  415.321286][ T5863] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  415.334086][ T5926] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  415.517240][ T5863] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  415.518092][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.540711][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.551752][ T5926] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  415.562170][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.577350][ T5926] usb 1-1: config 0 descriptor??
[  415.578954][ T5863] usb 4-1: New USB device found, idVendor=045e, idProduct=00f9, bcdDevice= 0.00
[  415.631463][ T5863] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.662702][ T5863] usb 4-1: config 0 descriptor??
[  415.991116][ T5919] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  416.029568][ T5926] pyra 0003:1E7D:2CF6.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0
[  416.134823][ T9799] netlink: 24 bytes leftover after parsing attributes in process `syz.3.923'.
[  416.135906][   T30] audit: type=1400 audit(1757604694.931:522): avc:  denied  { watch } for  pid=9798 comm="syz.3.923" path="/" dev="ramfs" ino=27199 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  416.169393][ T5919] usb 5-1: Using ep0 maxpacket: 8
[  416.183101][ T5919] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  416.407299][ T5863] usbhid 4-1:0.0: can't add hid device: -71
[  416.420150][ T5863] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  416.547512][ T5863] usb 4-1: USB disconnect, device number 37
[  416.648334][ T5926] pyra 0003:1E7D:2CF6.0004: couldn't init struct pyra_device
[  416.655838][ T5919] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  416.664436][ T5926] pyra 0003:1E7D:2CF6.0004: couldn't install mouse
[  416.671031][ T5919] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  416.680061][ T5919] usb 5-1: config 250 has no interface number 0
[  416.688794][ T5926] pyra 0003:1E7D:2CF6.0004: probe with driver pyra failed with error -5
[  416.700697][ T5919] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  416.712344][ T5919] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  416.723055][ T5919] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  416.733521][ T5919] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  416.749262][ T5919] usb 5-1: config 250 interface 228 has no altsetting 0
[  416.757833][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  416.767103][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  416.776633][ T5919] usb 5-1: Product: syz
[  416.788248][ T5919] usb 5-1: SerialNumber: syz
[  416.827779][ T5919] hub 5-1:250.228: bad descriptor, ignoring hub
[  416.844509][ T5919] hub 5-1:250.228: probe with driver hub failed with error -5
[  416.912265][ T9818] FAULT_INJECTION: forcing a failure.
[  416.912265][ T9818] name failslab, interval 1, probability 0, space 0, times 0
[  416.925231][ T9818] CPU: 0 UID: 0 PID: 9818 Comm: syz.5.929 Not tainted syzkaller #0 PREEMPT(full) 
[  416.925259][ T9818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  416.925271][ T9818] Call Trace:
[  416.925278][ T9818]  <TASK>
[  416.925286][ T9818]  dump_stack_lvl+0x16c/0x1f0
[  416.925317][ T9818]  should_fail_ex+0x512/0x640
[  416.925343][ T9818]  ? fs_reclaim_acquire+0xae/0x150
[  416.925371][ T9818]  ? tomoyo_encode2+0x100/0x3e0
[  416.925399][ T9818]  should_failslab+0xc2/0x120
[  416.925423][ T9818]  __kmalloc_noprof+0xd2/0x510
[  416.925443][ T9818]  ? d_absolute_path+0x136/0x1a0
[  416.925478][ T9818]  tomoyo_encode2+0x100/0x3e0
[  416.925512][ T9818]  tomoyo_encode+0x29/0x50
[  416.925541][ T9818]  tomoyo_realpath_from_path+0x18f/0x6e0
[  416.925580][ T9818]  tomoyo_path_number_perm+0x245/0x580
[  416.925605][ T9818]  ? tomoyo_path_number_perm+0x237/0x580
[  416.925634][ T9818]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  416.925662][ T9818]  ? find_held_lock+0x2b/0x80
[  416.925713][ T9818]  ? find_held_lock+0x2b/0x80
[  416.925737][ T9818]  ? hook_file_ioctl_common+0x145/0x410
[  416.925765][ T9818]  ? __fget_files+0x20e/0x3c0
[  416.925794][ T9818]  security_file_ioctl+0x9b/0x240
[  416.925824][ T9818]  __x64_sys_ioctl+0xb7/0x210
[  416.925858][ T9818]  do_syscall_64+0xcd/0x4c0
[  416.925887][ T9818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  416.925908][ T9818] RIP: 0033:0x7faeb958eba9
[  416.925925][ T9818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  416.925944][ T9818] RSP: 002b:00007faeba448038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  416.925964][ T9818] RAX: ffffffffffffffda RBX: 00007faeb97d5fa0 RCX: 00007faeb958eba9
[  416.925977][ T9818] RDX: 0000200000000100 RSI: 0000000000008925 RDI: 0000000000000003
[  416.925990][ T9818] RBP: 00007faeba448090 R08: 0000000000000000 R09: 0000000000000000
[  416.926003][ T9818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  416.926014][ T9818] R13: 00007faeb97d6038 R14: 00007faeb97d5fa0 R15: 00007fff6c0cbd98
[  416.926043][ T9818]  </TASK>
[  416.926063][ T9818] ERROR: Out of memory at tomoyo_realpath_from_path.
[  417.098442][ T5919] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 22 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  417.226402][ T5919] usb 5-1: USB disconnect, device number 22
[  417.706175][ T5919] usblp0: removed
[  417.996259][ T5860] usb 1-1: USB disconnect, device number 38
[  418.355574][ T5926] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  418.410983][ T5919] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  418.533381][ T5926] usb 4-1: Using ep0 maxpacket: 16
[  418.590732][ T5919] usb 5-1: Using ep0 maxpacket: 8
[  418.674150][ T5926] usb 4-1: unable to get BOS descriptor or descriptor too short
[  418.811424][ T5919] usb 5-1: config index 0 descriptor too short (expected 5924, got 36)
[  418.819710][ T5919] usb 5-1: config 250 has an invalid interface number: 228 but max is -1
[  418.836840][ T5919] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0
[  418.846740][ T5926] usb 4-1: config 42 has an invalid interface number: 214 but max is 0
[  418.872800][ T5919] usb 5-1: config 250 has no interface number 0
[  418.879109][ T5919] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  418.894237][ T5926] usb 4-1: config 42 has no interface number 0
[  418.904899][ T5926] usb 4-1: config 42 interface 214 has no altsetting 0
[  418.960849][ T5919] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  418.972674][ T5926] usb 4-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=42.fb
[  419.052140][ T9849] serio: Serial port ptm0
[  421.869252][ T5926] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.882888][ T5919] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  421.964776][ T5926] usb 4-1: Product: syz
[  422.120618][ T5919] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  422.141176][ T5926] usb 4-1: Manufacturer: syz
[  422.145968][ T5926] usb 4-1: SerialNumber: syz
[  422.660740][ T5919] usb 5-1: config 250 interface 228 has no altsetting 0
[  422.687783][ T5926] usb 4-1: can't set config #42, error -71
[  422.696573][ T5919] usb 5-1: string descriptor 0 read error: -71
[  422.723437][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  422.825498][ T5926] usb 4-1: USB disconnect, device number 38
[  422.927976][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  423.126434][ T5919] usb 5-1: can't set config #250, error -71
[  423.159348][ T5919] usb 5-1: USB disconnect, device number 23
[  423.386598][   T30] audit: type=1800 audit(1757604702.171:523): pid=9873 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.5.940" name="/" dev="fuse" ino=1 res=0 errno=0
[  423.770667][ T5919] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  424.069473][ T9889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  424.783268][ T5919] usb 5-1: Using ep0 maxpacket: 16
[  424.792489][ T5919] usb 5-1: config 0 has an invalid interface number: 64 but max is 0
[  424.809637][ T5919] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  424.932909][ T5919] usb 5-1: config 0 has no interface number 0
[  424.958947][ T5919] usb 5-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  425.143873][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  425.155362][ T5919] usb 5-1: config 0 descriptor??
[  425.166713][ T5919] usb 5-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  425.938430][ T5919] usb 5-1: No valid video chain found.
[  426.887108][ T9916] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  426.888716][ T5169] Bluetooth: hci5: command 0x0406 tx timeout
[  427.891349][   T43] usb 4-1: new full-speed USB device number 39 using dummy_hcd
[  428.138351][ T5919] usb 5-1: USB disconnect, device number 24
[  428.279382][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  428.370257][   T43] usb 4-1: not running at top speed; connect to a high speed hub
[  429.375846][   T43] usb 4-1: config 2 has an invalid interface number: 226 but max is 0
[  429.422046][   T43] usb 4-1: config 2 has no interface number 0
[  429.428180][   T43] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64
[  429.519006][   T43] usb 4-1: config 2 interface 226 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  429.601807][   T43] usb 4-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce
[  429.626098][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.700034][   T43] usb 4-1: Product: syz
[  429.710666][ T5926] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  429.920875][ T5926] usb 3-1: Using ep0 maxpacket: 8
[  430.052335][ T5926] usb 3-1: config index 0 descriptor too short (expected 5924, got 36)
[  430.076866][   T43] usb 4-1: Manufacturer: syz
[  430.171193][ T5926] usb 3-1: config 250 has an invalid interface number: 228 but max is -1
[  430.179821][   T43] usb 4-1: SerialNumber: syz
[  430.223770][ T5926] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0
[  430.280244][   T43] usb 4-1: can't set config #2, error -71
[  430.308448][ T5926] usb 3-1: config 250 has no interface number 0
[  430.364029][   T43] usb 4-1: USB disconnect, device number 39
[  430.388788][ T5926] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024
[  430.545135][ T5926] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024
[  430.702211][ T9957] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  430.723456][ T5926] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 26
[  431.005349][ T9959] netlink: 4 bytes leftover after parsing attributes in process `syz.3.958'.
[  431.104064][ T5926] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17
[  431.198280][ T5926] usb 3-1: config 250 interface 228 has no altsetting 0
[  431.227591][ T5926] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  431.239654][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  431.260839][ T9965] tipc: Started in network mode
[  431.266098][ T9965] tipc: Node identity fa425caf320b, cluster identity 4711
[  431.278780][ T5926] usb 3-1: Product: syz
[  431.284440][ T5926] usb 3-1: SerialNumber: syz
[  431.289466][ T9965] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  431.326239][ T5926] hub 3-1:250.228: bad descriptor, ignoring hub
[  431.336211][ T5926] hub 3-1:250.228: probe with driver hub failed with error -5
[  431.360637][   T43] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  431.426268][ T9969] syzkaller0: entered promiscuous mode
[  431.432051][ T9969] syzkaller0: entered allmulticast mode
[  431.558906][ T5926] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 25 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292
[  431.575812][ T9969] tipc: Resetting bearer <eth:syzkaller0>
[  431.689420][   T43] usb 4-1: device descriptor read/64, error -71
[  432.058829][ T9960] tipc: Resetting bearer <eth:syzkaller0>
[  432.131356][   T43] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  432.215246][ T9960] tipc: Disabling bearer <eth:syzkaller0>
[  432.272822][   T43] usb 4-1: device descriptor read/64, error -71
[  432.392604][   T43] usb usb4-port1: attempt power cycle
[  433.140668][   T43] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  433.161219][   T43] usb 4-1: device descriptor read/8, error -71
[  433.646455][ T5926] usb 3-1: USB disconnect, device number 25
[  433.725927][ T5926] usblp0: removed
[  434.466283][   T30] audit: type=1400 audit(1757604713.211:524): avc:  denied  { connect } for  pid=9991 comm="syz.2.969" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  435.304928][T10012] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.482956][   T43] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  435.483253][   T31] INFO: task syz.1.568:8316 blocked for more than 143 seconds.
[  435.491248][T10012] batadv_slave_0: entered promiscuous mode
[  435.581052][   T31]       Not tainted syzkaller #0
[  435.586013][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  435.614802][   T31] task:syz.1.568       state:D stack:27144 pid:8316  tgid:8312  ppid:5846   task_flags:0x400140 flags:0x00004004
[  435.780954][   T43] usb 5-1: Using ep0 maxpacket: 32
[  435.852284][   T43] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  435.860549][   T31] Call Trace:
[  435.864579][   T31]  <TASK>
[  435.870547][   T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  436.039851][   T31]  __schedule+0x1190/0x5de0
[  436.090596][   T31]  ? __pfx___schedule+0x10/0x10
[  436.095936][   T31]  ? find_held_lock+0x2b/0x80
[  436.102718][   T31]  ? schedule+0x2d7/0x3a0
[  436.113758][   T31]  ? sync_bdevs+0xfd/0x360
[  436.124338][   T31]  schedule+0xe7/0x3a0
[  436.137412][   T31]  schedule_preempt_disabled+0x13/0x30
[  436.139119][   T43] usb 5-1: config 0 descriptor??
[  436.149604][   T31]  __mutex_lock+0x81b/0x1060
[  436.169203][   T31]  ? sync_bdevs+0xfd/0x360
[  436.250859][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  436.256660][   T31]  ? _atomic_dec_and_lock+0xa2/0x120
[  436.264632][   T31]  ? iput+0xd3/0x880
[  436.268553][   T31]  ? sync_bdevs+0xfd/0x360
[  436.281595][   T31]  sync_bdevs+0xfd/0x360
[  436.288050][   T31]  ksys_sync+0xb2/0x150
[  436.294588][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  436.305321][   T31]  ? rcu_is_watching+0x12/0xc0
[  436.310724][   T43] gspca_main: sunplus-2.14.0 probing 041e:400b
[  436.313967][   T31]  ? do_syscall_64+0x91/0x4c0
[  436.326259][   T31]  __do_sys_sync+0xe/0x20
[  436.330748][   T31]  do_syscall_64+0xcd/0x4c0
[  436.336551][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.343848][   T31] RIP: 0033:0x7f07d818eba9
[  436.349003][   T31] RSP: 002b:00007f07d8f38038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  436.357692][   T31] RAX: ffffffffffffffda RBX: 00007f07d83d6090 RCX: 00007f07d818eba9
[  436.365879][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  436.374006][   T31] RBP: 00007f07d83d6090 R08: 0000000000000000 R09: 0000000000000000
[  436.382128][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  436.390098][   T31] R13: 00007f07d83d6128 R14: 00007f07d83d6090 R15: 00007ffdf4a12e58
[  436.398212][   T31]  </TASK>
[  436.401392][   T31] 
[  436.401392][   T31] Showing all locks held in the system:
[  436.409156][   T31] 3 locks held by kworker/u8:0/12:
[  436.417999][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  436.429229][   T31]  #1: ffff8880b8524088 (psi_seq){-.-.}-{0:0}, at: __schedule+0x1861/0x5de0
[  436.440754][   T31]  #2: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: batadv_nc_worker+0x159/0x1030
[  436.450662][   T31] 1 lock held by khungtaskd/31:
[  436.455883][   T31]  #0: ffffffff8e5c1260 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  436.469013][   T31] 5 locks held by kworker/1:1/43:
[  436.474248][   T31]  #0: ffff88801ceb7548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  436.485418][   T31]  #1: ffffc90000b37d10 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  436.499826][   T31]  #2: ffff888144f0c198 (&dev->mutex){....}-{4:4}, at: hub_event+0x1c0/0x4fe0
[  436.513537][   T31]  #3: ffff888022695198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  436.523587][   T31]  #4: ffff88807a627160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x7e/0x4b0
[  436.533107][   T31] 1 lock held by klogd/5208:
[  436.537896][   T31]  #0: ffff8880b843a318 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  436.547955][   T31] 2 locks held by getty/5607:
[  436.552755][   T31]  #0: ffff888035bd00a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  436.562688][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  436.573083][   T31] 1 lock held by udevd/5972:
[  436.577678][   T31]  #0: ffff888026845358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  436.587306][   T31] 4 locks held by kworker/u8:11/6323:
[  436.592814][   T31] 1 lock held by syz.1.568/8316:
[  436.597788][   T31]  #0: ffff888026845358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0xfd/0x360
[  436.607513][   T31] 1 lock held by syz.3.968/9989:
[  436.612577][   T31]  #0: ffffffff8e5cc6c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  436.622887][   T31] 
[  436.625225][   T31] =============================================
[  436.625225][   T31] 
[  436.637602][   T31] NMI backtrace for cpu 1
[  436.637615][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  436.637628][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.637636][   T31] Call Trace:
[  436.637640][   T31]  <TASK>
[  436.637645][   T31]  dump_stack_lvl+0x116/0x1f0
[  436.637663][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  436.637681][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  436.637711][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  436.637733][   T31]  watchdog+0xf0e/0x1260
[  436.637757][   T31]  ? __pfx_watchdog+0x10/0x10
[  436.637777][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  436.637802][   T31]  ? __kthread_parkme+0x19e/0x250
[  436.637840][   T31]  ? __pfx_watchdog+0x10/0x10
[  436.637862][   T31]  kthread+0x3c2/0x780
[  436.637882][   T31]  ? __pfx_kthread+0x10/0x10
[  436.637904][   T31]  ? rcu_is_watching+0x12/0xc0
[  436.637929][   T31]  ? __pfx_kthread+0x10/0x10
[  436.637950][   T31]  ret_from_fork+0x5d4/0x6f0
[  436.637969][   T31]  ? __pfx_kthread+0x10/0x10
[  436.637989][   T31]  ret_from_fork_asm+0x1a/0x30
[  436.638027][   T31]  </TASK>
[  436.638054][   T31] Sending NMI from CPU 1 to CPUs 0:
[  436.756522][    C0] NMI backtrace for cpu 0
[  436.756536][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) 
[  436.756558][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.756575][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  436.756603][    C0] Code: bc 61 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 53 a3 15 00 fb f4 <e9> 8c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  436.756625][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c2
[  436.756640][    C0] RAX: 0000000001511ec7 RBX: 0000000000000000 RCX: ffffffff8b946c29
[  436.756652][    C0] RDX: 0000000000000000 RSI: ffffffff8de52620 RDI: ffffffff8c162d80
[  436.756664][    C0] RBP: fffffbfff1c52ef8 R08: 0000000000000001 R09: ffffed1017086655
[  436.756677][    C0] R10: ffff8880b84332ab R11: 0000000000000000 R12: 0000000000000000
[  436.756688][    C0] R13: ffffffff8e2977c0 R14: ffffffff90ab6d90 R15: 0000000000000000
[  436.756701][    C0] FS:  0000000000000000(0000) GS:ffff8881246b5000(0000) knlGS:0000000000000000
[  436.756718][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  436.756730][    C0] CR2: 000000110c3a2241 CR3: 000000005a844000 CR4: 00000000003526f0
[  436.756742][    C0] DR0: 0000000000000007 DR1: 0000000000000002 DR2: 0000000000000008
[  436.756752][    C0] DR3: 1000000100000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  436.756762][    C0] Call Trace:
[  436.756768][    C0]  <TASK>
[  436.756774][    C0]  default_idle+0x13/0x20
[  436.756799][    C0]  default_idle_call+0x6d/0xb0
[  436.756824][    C0]  do_idle+0x391/0x510
[  436.756848][    C0]  ? __pfx_do_idle+0x10/0x10
[  436.756870][    C0]  ? trace_sched_exit_tp+0x2f/0x120
[  436.756893][    C0]  cpu_startup_entry+0x4f/0x60
[  436.756915][    C0]  rest_init+0x16b/0x2b0
[  436.756940][    C0]  ? acpi_subsystem_init+0x133/0x180
[  436.756962][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  436.756987][    C0]  start_kernel+0x3ee/0x4d0
[  436.757009][    C0]  x86_64_start_reservations+0x18/0x30
[  436.757031][    C0]  x86_64_start_kernel+0x130/0x190
[  436.757054][    C0]  common_startup_64+0x13e/0x148
[  436.757081][    C0]  </TASK>
[  436.758934][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  436.970871][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  436.979965][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  436.989999][   T31] Call Trace:
[  436.993259][   T31]  <TASK>
[  436.996171][   T31]  dump_stack_lvl+0x3d/0x1f0
[  437.000756][   T31]  vpanic+0x6e8/0x7a0
[  437.004737][   T31]  ? __pfx_vpanic+0x10/0x10
[  437.009230][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  437.015296][   T31]  panic+0xca/0xd0
[  437.019006][   T31]  ? __pfx_panic+0x10/0x10
[  437.023411][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  437.028868][   T31]  ? nmi_trigger_cpumask_backtrace+0x1b1/0x300
[  437.035005][   T31]  ? watchdog+0xd78/0x1260
[  437.039403][   T31]  ? watchdog+0xd6b/0x1260
[  437.043804][   T31]  watchdog+0xd89/0x1260
[  437.048044][   T31]  ? __pfx_watchdog+0x10/0x10
[  437.052702][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  437.057888][   T31]  ? __kthread_parkme+0x19e/0x250
[  437.062904][   T31]  ? __pfx_watchdog+0x10/0x10
[  437.067567][   T31]  kthread+0x3c2/0x780
[  437.071621][   T31]  ? __pfx_kthread+0x10/0x10
[  437.076194][   T31]  ? rcu_is_watching+0x12/0xc0
[  437.080944][   T31]  ? __pfx_kthread+0x10/0x10
[  437.085520][   T31]  ret_from_fork+0x5d4/0x6f0
[  437.090093][   T31]  ? __pfx_kthread+0x10/0x10
[  437.094665][   T31]  ret_from_fork_asm+0x1a/0x30
[  437.099429][   T31]  </TASK>
[  437.102641][   T31] Kernel Offset: disabled
[  437.106945][   T31] Rebooting in 86400 seconds..