last executing test programs:

7m24.485038939s ago: executing program 4 (id=316):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x2, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x14, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}, 0x1, 0x1000000, 0x600000000000000}, 0x0)

7m24.415882828s ago: executing program 4 (id=317):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020, 0x0, 0x0, <r0=>0x0, 0x0, <r1=>0x0}, 0x2020)
ptrace$ARCH_MAP_VDSO_32(0x1e, r1, 0x6, 0x2002)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af25, &(0x7f0000000940))
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x1a, 0xa}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
sendmsg$nl_route_sched(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000002440)=@newqdisc={0x50, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffe0, 0xa}, {0xf, 0x10}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x1c, 0x2, [@TCA_FQ_CODEL_MEMORY_LIMIT={0x8, 0x9, 0xffffffff}, @TCA_FQ_CODEL_CE_THRESHOLD={0x8, 0x7, 0x3}, @TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x101}]}}]}, 0x50}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES64=r0, @ANYRESDEC=r0, @ANYRES64=r2], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r6}, 0x10)
r7 = getpid()
sched_setscheduler(0x0, 0x3, &(0x7f0000000200)=0x7)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r7, 0x6, &(0x7f0000000300)=""/237)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r9, 0x0, 0x0, 0x0)
recvmmsg(r8, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
pipe(0x0)
kexec_load(0x7, 0x1, &(0x7f0000003200)=[{0x0, 0x0, 0x8000, 0x8000}], 0x3e0000)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, 0x0)
r10 = syz_genetlink_get_family_id$tipc2(0x0, r2)
sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000002700)={&(0x7f00000024c0), 0xc, &(0x7f00000026c0)={&(0x7f0000002500)={0x178, r10, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0x11, 0x1, @l2={'eth', 0x3a, 'macvtap0\x00'}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x81}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x400}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x4c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4bc3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xe990}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}]}]}, 0x178}, 0x1, 0x0, 0x0, 0x50}, 0x40010)
bpf$MAP_CREATE(0x0, &(0x7f0000002740)=ANY=[@ANYBLOB="1e000000000000000c0000000200000000000400", @ANYRES32=0x1, @ANYBLOB="1900000000000000002985a91be25353e80a2415570000000000000000000000c3d93e1c6afad46744d243830fbbde38cf30fcf6a5030e2ee73138b27908120a5e89f31c3b3bb2068642e75735bde4a5af69a2d7cdd9068b7488df3b836cb9989016097b6992294d5f2785", @ANYRES32=r5, @ANYRES32, @ANYBLOB="0100000004000000000000000d00"/28], 0x50)
pipe2$9p(&(0x7f00000000c0)={0xffffffffffffffff, <r11=>0xffffffffffffffff}, 0x4000)
write$P9_RGETLOCK(r11, &(0x7f0000000140)={0x2b, 0x37, 0x2, {0x1, 0x6, 0x5, r7, 0xd, 'sched_switch\x00'}}, 0x2b)

7m23.438500164s ago: executing program 4 (id=321):
r0 = fsopen(&(0x7f0000000040)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x8, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x18, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
io_setup(0x7fff, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
r4 = getpid()
r5 = syz_pidfd_open(r4, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f0000000440)='net/tcp\x00')
pread64(r7, &(0x7f0000000000)=""/65, 0x41, 0x96)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r8=>0x0})
r9 = syz_open_dev$loop(&(0x7f00000000c0), 0x9, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f00000002c0)={r10, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd499286199000000000000000000ba00", "f4bd0007008019000000000000000000000000af1e4ccfb7b3cad800", [0x0, 0x2000000000001]}})
close(0x3)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r6, 0x3ba0, &(0x7f00000007c0)={0x48, 0x2, r8})
ioctl$IOMMU_IOAS_MAP$PAGES(r6, 0x3b85, &(0x7f0000000100)={0x28, 0x4, r8, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
close_range(r5, 0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r3, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x1e})
kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0)

7m22.513624331s ago: executing program 4 (id=328):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000400), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000019480)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYRESOCT=r0, @ANYRES8=r0, @ANYBLOB="583db032791d10c2a4424fe1b5588aea9596437048d03af826147af7cb6455a529831dd42686dd3d2408b11792b970e5fae54fbbaa812edb35be8f38aca529ac80944b9b99586c8b2d8bfb5ac0b439ad500fc15c8a18546ceb3cc74984ad4c47ed5fc388746b791bdec51b6d6ed0801f5320846638ea966e807f3944afc9d9f0bc0738fbcaf481e0652d9ba03f110c760fbba3b7cd9ae1f31036aa212105fa27d24af6f2763ae1ac6363921f5d3b57117e9bc076d9860f0134402779da3beefab05cfdfae504c76e243c1c5c941d98e8aa7e5e"], 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x10)
r2 = syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x0, 0xffffffff, 0x89}, &(0x7f00000001c0)=<r3=>0x0, &(0x7f0000000440)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, r5)
prlimit64(0x0, 0xe, 0x0, 0x0)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000019300)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000010003c0003010000000000000000000010002b00000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002", @ANYRES64=r4], 0x80}}, 0x0)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000019380)=0x8000)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r7 = getpid()
syz_pidfd_open(r7, 0x0)
setns(0xffffffffffffffff, 0x20000)
syz_clone3(&(0x7f0000000300)={0x136820100, 0x0, 0x0, 0x0, {0x2c}, 0x0, 0x0, 0x0, 0x0}, 0x58)
umount2(&(0x7f0000000040)='.\x00', 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r9 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={@fallback=r9, 0xb, 0x0, 0x9, &(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000040)=[0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40)
read$msr(r8, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x44, 0x0, 0x0, 0x4d00, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r2, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f)

7m20.902065234s ago: executing program 4 (id=335):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000003540)={[0x7fffffff]}, 0x8)
fchown(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b00011100000009"], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00000029000b00ffffffff0000000005000000180001"], 0x2c}}, 0x0)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
clock_gettime(0x0, &(0x7f0000000000)={<r7=>0x0, <r8=>0x0})
timer_settime(r6, 0x1, &(0x7f0000000040)={{r7, r8+60000000}, {0x77359400}}, &(0x7f0000000100))
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r9, 0x0, 0x0, 0x20000841, 0x0, 0x0)
r10 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r10, 0xc008ae05, &(0x7f00000003c0)={0xa, 0x0, [{0x0, 0x2, 0x1, 0x9, 0x7, 0x1, 0xffffff00}, {0x2, 0x0, 0x2, 0x6, 0x3, 0x6, 0xfffffffd}, {0x40000001, 0x47aeace4, 0x3, 0x401, 0x5, 0x13, 0x3}, {0x40000000, 0xa7b, 0x1, 0x4, 0x2, 0x7, 0x7}, {0x0, 0x4, 0x0, 0x1000000, 0xa46, 0x4, 0x5}, {0x2, 0xfffffffc, 0x6, 0x7cb, 0x80000000, 0x7, 0x800}, {0x40000001, 0x7fffffff, 0x2, 0x1, 0x100, 0x9, 0x2}, {0x0, 0x80, 0x2, 0x0, 0x800, 0x6, 0x80000000}, {0x80000007, 0x9, 0x0, 0x6b, 0x4, 0xfffffffe, 0x4}, {0x80000000, 0xfffff001, 0x4, 0xfff, 0x0, 0x2, 0x401}]})
socket$packet(0x11, 0x3, 0x300)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r11, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000006c0)={0x88, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa, 0x0, 0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x30, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}]}, @CTA_TIMEOUT={0x8}]}, 0x88}}, 0x0)

7m20.490482433s ago: executing program 4 (id=337):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in=@rand_addr=0x64010101, 0x0, 0x2b}, @in=@rand_addr=0x64010100, {0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x1}, {0x7fffffff, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@tfcpad={0x8, 0x16, 0x8}]}, 0xf8}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
r3 = memfd_create(0x0, 0x2)
ftruncate(r3, 0xffff)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) (fail_nth: 1)

7m20.230532651s ago: executing program 32 (id=337):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)=@newsa={0xf8, 0x1a, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x20, 0x0, 0x2, 0x0, 0xee00}, {@in=@rand_addr=0x64010101, 0x0, 0x2b}, @in=@rand_addr=0x64010100, {0x0, 0x0, 0x2, 0x0, 0x3, 0x0, 0x0, 0x1}, {0x7fffffff, 0x200000, 0x7}, {0x40000, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@tfcpad={0x8, 0x16, 0x8}]}, 0xf8}}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x10)
socket$nl_rdma(0x10, 0x3, 0x14)
r3 = memfd_create(0x0, 0x2)
ftruncate(r3, 0xffff)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x80280, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0)
r5 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
socket$xdp(0x2c, 0x3, 0x0)
ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3}) (fail_nth: 1)

11.580944083s ago: executing program 2 (id=2056):
mlockall(0x7)
munlockall()
openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000002a82, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
epoll_create1(0x0)
statx(0xffffffffffffff9c, &(0x7f0000002cc0)='./file0\x00', 0x6000, 0x800, &(0x7f0000002d00))
newfstatat(0xffffffffffffff9c, &(0x7f0000002e00)='./file0\x00', &(0x7f0000002e40), 0x800)
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, <r1=>0x0}, &(0x7f00000000c0)=0xc)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000100)={0x28, 0x18, 0x1, 0x0, 0x0, {0x2}, [@typed={0x8, 0x800, 0x0, 0x0, @ipv4=@multicast2}, @nested={0xc, 0x8, 0x0, 0x1, [@typed={0x8, 0xc, 0x0, 0x0, @uid=r1}]}]}, 0x28}}, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
statx(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x4000, 0x0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
fchown(r3, 0x0, r4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
quotactl$Q_GETINFO(0xffffffff80000502, &(0x7f0000000040)=@rnullb, r6, &(0x7f0000000200))
getgroups(0x2, &(0x7f00000033c0)=[0x0, 0xffffffffffffffff])
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x400000000080803, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newtaction={0x6c, 0x30, 0xb, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ct={0x54, 0x1, 0x0, 0x0, {{0x7}, {0x2c, 0x21, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_MARK={0x8}]}, {0xfffffffffffffe4b}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)
socket$kcm(0x10, 0x2, 0x10)

10.157881668s ago: executing program 2 (id=2060):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r5 = dup(r4)
write$UHID_INPUT(r5, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000985802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)

8.94551195s ago: executing program 2 (id=2062):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000170900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}}, 0x2000c450)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYBLOB="1800000000000000000000000100"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94)
r1 = bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
pwritev(r1, 0x0, 0x0, 0x2, 0x1b)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
syz_emit_ethernet(0x1e, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000004c00)=""/102392, 0x18ff8)
syz_io_uring_setup(0x10d, 0x0, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r4 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
lseek(r4, 0xff, 0x0)
getdents64(r4, 0xffffffffffffffff, 0x18)
r5 = socket(0x10, 0x3, 0x0)
getsockopt$sock_buf(r5, 0x1, 0xccd4453e7e835cf8, &(0x7f00000000c0)=""/43, &(0x7f0000000080)=0x2b)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300)={<r7=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x0, @loopback}, {0xa, 0x4e22, 0xffbffffe, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, r7}}, 0x48)
write$RDMA_USER_CM_CMD_QUERY(r6, &(0x7f0000000040)={0x13, 0x10, 0xfa00, {&(0x7f0000000780), r7}}, 0x18)
semget$private(0x0, 0x1, 0x8)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)

8.412060733s ago: executing program 2 (id=2065):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x0)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f00000000c0)={&(0x7f0000000080), 0x23})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, r0, 0x35d48000)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, 0x0, 0x6, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r4, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r5, 0x0, <r6=>0xffffffffffffffff, 0x1})
mknod$loop(&(0x7f0000000140)='./file0\x00', 0xfff, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3", 0x13}], 0x1}, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x3a)
bind(r7, &(0x7f0000000000)=@hci={0xa, 0x2}, 0x80)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r6, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b})
setsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000040)="440910bc996c301c8107070400", 0x28)

7.720576901s ago: executing program 1 (id=2067):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x2, 0x4, 0x3, 0x0, 0x1}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x74, 0x74, 0x7, [@func={0x4, 0x0, 0x0, 0xc, 0x4}, @ptr={0x0, 0x0, 0x0, 0x2, 0x5}, @decl_tag={0x9, 0x0, 0x0, 0x11, 0x2, 0x2}, @union={0x9, 0x4, 0x0, 0x5, 0x0, 0x0, [{0x7, 0x4, 0x1}, {0x0, 0x5, 0x3}, {0x4, 0x4, 0x3}, {0xf, 0x4, 0x5}]}, @int={0xc, 0x0, 0x0, 0x1, 0x0, 0x70, 0x0, 0x61, 0x7}]}, {0x0, [0x0, 0x2e, 0x0, 0x2e, 0x0]}}, &(0x7f00000014c0)=""/4096, 0x93, 0x1000, 0x0, 0x7330, 0x10000}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={r4, 0x20, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000140)}}, 0x10)

7.030018278s ago: executing program 1 (id=2069):
syz_io_uring_setup(0x109, &(0x7f0000000240)={0x0, 0x114df, 0x2000, 0xffffffdf, 0x4008d}, &(0x7f0000000040)=<r0=>0x0, &(0x7f0000000100))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r1 = syz_io_uring_setup(0x7d0, 0x0, &(0x7f0000000080), 0x0)
r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r1, 0xa, 0x0, r2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = syz_open_dev$media(&(0x7f00000001c0), 0x0, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r4, 0xc0487c04, &(0x7f0000000700)={0x0, 0x0, 0x0, &(0x7f0000000480), 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x0, 0x0, 0x0})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendmmsg$unix(r5, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r6, 0x0, 0xc8, &(0x7f0000003d40), 0x4)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000003d80)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10)
r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000000c0)={0x8, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev={0xac, 0x14, 0x14, 0x40}}, 0x10)
setsockopt$inet_mreq(r7, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x2e, &(0x7f0000000180)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x80, 0x2, 0x0, @empty, @multicast1=0xe0000300, {[@timestamp_addr={0x44, 0x4, 0x7f}]}}, @echo_reply={0x0, 0x0, 0x0, 0x64, 0xd2}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, &(0x7f0000000200)={@empty, @multicast2=0xe0000300, 0x0, "028a3f6c58b274e6d8451697efe42811ee1df06e9264f7d866b1970548fc3c7b", 0xb2, 0xfffffff7, 0x4, 0x40000006}, 0x3c)

6.908447961s ago: executing program 5 (id=2070):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bind$bt_sco(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6)
io_setup(0x5, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)
r1 = fsopen(&(0x7f00000001c0)='bpf\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_COALESCE(r2, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r3, 0x200, 0x70bd26, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x27}, @val={0x8, 0x3, r4}, @void}}, ["", "", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
fsmount(r1, 0x1, 0x0)

6.694455743s ago: executing program 5 (id=2071):
r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
r1 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0)
fcntl$setlease(r1, 0x400, 0x1)
fcntl$getflags(r1, 0x401)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0xfff}})
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x3, 0x2, 0x4, 0x0, 0x12})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x0, 0x30383653, 0x4, 0x800, 0x4, 0x5, 0x4, 0x0, 0x4, 0x1, 0x6}})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x16, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000069114e0000000000850000000600000095"], &(0x7f0000000000)='GPL\x00'}, 0x94)

6.616299816s ago: executing program 5 (id=2072):
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6(0xa, 0x2, 0x0)
mount$binderfs(0x0, &(0x7f00000023c0)='./binderfs\x00', &(0x7f0000002400), 0x4000, 0x0)
sendmmsg$unix(r2, &(0x7f0000001a40), 0x0, 0x40)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085003358d01109998c91e5cac1587f9a0000b700"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x2d)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r6, 0x6, 0x21, &(0x7f0000000000)="ca02016eba2d52b5f2ac03cc9f38f9d9", 0x10)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000018, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)
r7 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33)
write(r7, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500080002000000", 0x24)
r8 = fsopen(&(0x7f0000000340)='ocfs2_dlmfs\x00', 0x0)
syz_open_dev$sndmidi(&(0x7f0000000140), 0xfffffffffffffffa, 0x18000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_PROTOCOL(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x1c, 0x1, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000018}, 0x4004850)
fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0)

5.616836542s ago: executing program 5 (id=2074):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r0, &(0x7f00000003c0)=[{{&(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000440)="d58d4d02b5215ff33f9e95d98d9f9b8589e0b89f48eac9f527b4f667fa7f0555e8180a3e785ccdce1342aa50234c184dc92688305e54bcaeab881d18d13e5418474c06850b52a2f2dd3120bc571c24beb7", 0x51}, {&(0x7f00000004c0)="73da54c4d54cd955cddba10455af9da1d0ddb1fd4ef05c0db56bace0374e1c770794cd9ea73bcdd90f5b729daf980600621acd7c03c41eac7ca1d5d003d9adf574b647ef9df1b2b4db1d36a196665b0c3f6ff0f4143698291b38879617027d256ba9914c4ab6035252f3f83d2338ab072be88e9ab89629cf49d8e2fa3fac4154992922a83314728d3fe7ff833b5cec0fd9d36018c0233685cfdce111a7a5230943f24c6f5f9a0e0d064636280e992f357392d77b8f5702c0e2fac22faecb710fccd1715cbcbff4be74a4df909b1bbe434bffdcaf59a013a91810bbcf916f23be2ea689b5ecfb76117ee960fabb96221b6200bee5383a1d5af4ddc7fc14ad4093307b06acf462db78ae14425354bd075e61ce2ba98bb9b89676c0c6b06b799c7f6e4bd40e0d6abceb9015df340448270965ceefb3e6632eaa00761ea4dbfbeba405bbb51f92ca0b28f864e2c9f8b181108710fb997f13bbcb9f1f018eef415d33c455976774405b8ea72ea2136a66bd3fa821d176ab5a58ba5efbc33eb29d14fa5cbdec6db72e26b0f3025ef86cc7daf6a65c1bef5056f39f46da172e29c3b7714d93965e90267e17286342db21cc87656f5966c8851aaa9ecb788c9b6d9aaf5eadeeee5720ba36c7c3b41266710ecbc7eff3c908e37e3c08a7ca2c34b9c6db4e4dbb56c4f218f86baad6f2d59381afd00fc510247ca4e83809a28e3b9d5173628a7c34ef10ff50d60046b25449176261f324bba442cef07a14339e220bf405f22757f5e09ff2b4389ccba9debba9ce14db3c19e750b8bbe037a963a85b8d79865e227c9b3c037cffe9548e66f1e281f6f6a8ae9350b38662451d2399f894e2f4eadcd4d1e6586989a74024563e8ce32e107553e557d14e11fa540eda6287dec4d476bf79b279346816d19973d7b99d77152a3af031d5daa252c8d362d119bd4facee4cb8e1030acebc7d7cae9584d0f7e13e87ab95294f9950b0fa5add9ff1f20f00a6b07e896cfc91c3b5b0d319a2da473c89a6ed4a8a7fa0a6af5212b36365f1119bfc1d550b7cefa64d6791a6d5b521add416e8299ec8478ce7997bb78bf2c25c3570bf8bb2ef7e3fcb9dd4cc87e7f462f8c34713c033d0c2766120ba262e3264807864378c641ff3c3393dc93751f104064f80b29ccc48579a3a4edf68fdbb65f106e2c6c939c997a31f3f7ea9dc871d08b5d5595e70ddb150a3133176b272fd54a3f52b2b35768770775700f243c31685608a9eeedf496df190d0da0c5279e583605014bcdf26da8813238a914493c329a6dde02434df3576756fc25da332cb49ccba3cfed3073491cb13532a4560a887cbcc9ccea9eebe0b6bf0f2b8954d78a5fbecf1b7f7c7f3c365c19bde9a14e177520bd743cbf85502684de814fe9833a940d514fa7d82ff9e1b19eda90ac10c01eb5310f4515606d4762b49182348b70c643c6640c62c8a670866021cfa4c2925ba8a69297d670adb3938842a35d6e2b9187e7edb83e7e329e770ec821521fc6d64f6a13f332f4c277d001917840c48c8f967791e47a23b2d2ebcfeaf78c2cc896eabcbfed3dc58d34070b2e03458bb0c19b5262f5eb78f069aba75936ad62ea19771e6a63f6814a97c6b5cf21a9bb9f625533ed78aaaf24bac3a9fefe88e92ccd4180bf4f4888a82e4a09d10ef67105e65a959e00d896e9b6758f0b9544be15e997f419e43f12ace8a60f648142134796d24352575ea13144af8d320c80aa05efdcc3a02b24bd5ce26ec9f5fb210d45a29cb3f40599d91c8da21eb5f2a28d223db16b0b64d4655617035d63c55f80dc5e2ee5ddfb1ced2b46afbfc40f962d062a28d8cff917627e445a758f52cfbf3daa443f766ba411dbbae52da5f71715f89a76309fe7b2a96353b9ad3527327bcf98ab9011d2eda7db3b823d5ce3932e15eb122054165d389d4a8e547f072d4f73c49f95dba7d13a8f5a80df89ad596507f542c765900212df12754e0a4c5cf57a605cefd4ac6332c4ee746a3aee31ea20876d8ef0b20e2452d9a8ba29cab4d8099af9ae245be8b2ca9c1624a79970c70c533be08cabdbfd911af98cea22b51a08454c5ab7615cb61a2258a533a0b2ba795040c13156fe3dba3e525042699ae8e01af128919298cd4e8f1b07ee4f2763a7a380af074208e1306379c7f8e91f5729fde181484bd81d82175c35f1b9cfe80d9927fbd07ce6fda3ea45cb3918d7207cb4f944584c7843a8ca6e085f2090d7245e57b87c35e104485089666d8f7a51ba05fbb5e86807ac8b14f2943de138029a84c9bae527434aef4df013bf917f13f459b1763cb6ef03a923baa02423d9bf9b2c7b223da2288eee22e2c372d70b84f69fed207fa40e44a156113d6f6c5c23cbb9ca60e317a125aa94e005d27ba2ce69b70f0f636ae5b0f74ea983a1a5f77d7ee447a99b622175f6c1974437ed15319897b59ee66814dc573cc252b397859f338f53a6bebde2a75dd0e827c6dd5c521cce843e39ec0622f87de8415ecb42c7a621aba067da2b30eb8898ec06d4b02d4a02491eafdfd8e2a7a5e2855d3da73530b1f1fb75875e84f62826b0c743dd178eefec7a533f1e2842537787d7c9c2ed104988997f7cf9c53607945403802dd679b1125bce160efd91ea6f4f59101cac9f6b60f71abcdd6db38e7266699d621450c97a97b602147e918f0db42345be754e1d32817f44295d58039939f2e3d31759df6be18dd1c3f439c34088ba99ed042f6cc07d18224d71a86af35654a1e81bbc7749dc43c0bf8c613cc24cf97599b8b97bd75325c093830b8593189acef56b420e8a23417c9ca0d077a110e191422d26eb5f1b3ef88af3eecc8adc9f109d000f806f385321e0a785c23b130608b77cd98a5d84e0381058fc9128021c03a34c629fdfc00c509ce5cd01bd407577abbc8085f2c5ca8bdd7a0d9122dcb81257af7a8d1ca96cc23d68a75edd5a5179fe5677cfa11dd1417cc85694a3b9e172a2b2f801622a3c083a4854510f72932ae3d589fa6019add7073f611ba25828786746aa70ecb932f2ca5f850fc4642039857fbd78b54b149cffc858d75a36cd0a763b3a37618acde797c227b60bf86a93bb0775b197d8177ee60c44c339be1834eb970a1b22b8e52fcec8869aff31379ca4729076223f03871baeca515071ee68899e126af2141a04c44ca6b635b74c747e8097bd30b7d569fb7ac3b34b13f7fd1648bd141bcecf3d4d2c49f009ea38eb4458b9c9f1524004479b3c75c81d8eb8c72123e889b0efc5e90797a624d9b803811230ba397b322dc683b76455f52d9aa934444624d93def5834b6cff3e6743db18b2ede23cb575f798b498f76a427addc1b250bfdeaf9d77465363ee60285244a58e493b1d9f4574925d0fd3d165753583dd7c3190ff976c9aed543910f95cfbda8089c7c62308187c087abc08bb80d41045f99f3188a22b5421bc05f32008fe78684c2c0d0f7c7bcddc9bc1a0f78987a34c8881d65fe166c77e6a40292ce34e17af27b024d65c28d8256f90158de99b0f53c1b1dd83127f5ad3dc80573c79cddc7ab44ec616833622c503ff038ab2f8bd86ff39ece99995e354e143c05bdd50135b58d9123f10caee5874d466e8c1106f0c003a64522ff80a8c80eb2c1932861709d0b3bbf718358f49d3abebfa8ad6ec310badd8ae7cedea70b588547867fb7d01fa35153d1b8d33701319c8307014db11b9e0676ed37f70f5d74927cacdf2ab5a57280ee230a3071066e40f2162870bce8b463be3a913d16379e4db29df30fe8c3ca98d38bc6f0c74008204911ed7f28251535d9347dfa2f1f64f61205a653c8d3f0a7c469f6eb1bd6cf8a40a4a332df87e6ed0ce93200112ed93ebd3a5c6df43f28a1bb3cf555cd83890c3b1b357b9bfbef244540301212821b6d218254196e6df156227530e05e84980ec27e3dd8180f1cdfba590ff589d25c285acc6626f189f7dbb63d7f9592f887d2444aa96c1b40d8367643cfd53570868e7dfb3093a776f232a9cc3e9e5afa1880912a1cb683eb9f2f55b445dfffaac2f20b34273e06704172a2f4d349a25a567c7d34acc874f42b7210911ee52d270b2bd57e4b69f77b0ce0467b34c333752592212574004e9e3f2370b40c11d8172b4808f5973aa167223f95ec0124e47a8d836b5d4737542ef8a3c6b2e3fba79733ee9486c3689df648d09d28adf933be86092dcfd1c178c4c1eba1abde5c215abcc21f74ff0c177339c0e1542267d11e6bff9600929a35b758389b21f6942b112498a20ac8dd7428684154c6c7f0a9be52a7152ed35869086109e0553a72fc2ed3ca0f5265c45cdacfedc77215ddcf45ec6ba0e3369aff89975dc9dc99f78c470b2a90792c246e865315ac38d1422c3e81df5d17bc25cfb294ca73d1c1ebdc12ff9c483e07e461d8d80087891662203f9afb9d2acfff9dfa1f100c4c431897b6865c2a5245e27df2855f632d4ff47c6a6d79b7e6854c39fb214203460bdd9b4227e7255996f4ad59d9eea4f40cf0bf02d5eae0a6646a5b6c44bd1764baa8204d0fc519eb152756f7805c758f961afce923c6f595c484743c0ccfcdd52fad46b85102b60cea9766eb45b00ebbec4f628fabbed837e5abe4dbd6e80b7291389f6f5c1e8d89107b5e00403bc46212cde423317daa9f79f0f2896e3185d2b0f7100eb464accb729c3c69b03563d7304659cba9247eb295354c43c7dcd7098236fca87499a60d413ada282b429abf22677b05533635d5e4b8105daa9855dc5ae3d4479ba361a1212a93c118c73fa4b210606421c21a86061fe37ea88259878ea0448c67e5c7f351b17985c5c54d8bd1e6111f98da96c3be512356390b9322f27574f2e8eb74e88a2cb32c2dcb1e41e456d7b3c2c90142101ae03c892f92ead40cab7204d12f07d46adaaceee7a1fabe5cf276b98d09c6a38a1b8269a0ed9464c3320804f93530ffbc0f811c534af29853227c4a82283a0d3925a61eb6641acdb4569dd7a4a47f728713170b7cd40c9785b31cf2c77bc4c064aa46a416eea86dca552811d5f47e0817f74b69fb5a23cbe4a5a617d2248e8cfb60fe4551d1323361a1168db8996dceacb87614a920f961634558980aaa389786e22250b67481534d789f9e0540fea358e078af0f5f2ddd04a226eeb0d235098a22f4daf91c7a27be3f442e3124704a52fab36c70047f554de630e808d8fe9e513b00e38f91e7735e3d1c3a3953c2e82cd7866bd53464751eb3f6d245f3211e49ef47e6a1acd02db079d7500af7092671f3b83d00a8b95cf43c367da20bef077254f9bcfb23e503561388d2d3df4fa9218c90d1dcce2d98d13daf71ccefba7d29b720d32f9946d033955a537fdbbf2eaa92ff84b3ba710b7cc72c88b84b08d9cdf357c412e18ea4c7c2b2d21cb280ec276c2a93299684b35aa378ef076bc8f27c43f40b27c079d112ad06a8cdef0f15f3d6b6be440dcd8195e14cc565f07f19b3888f6e102bc231f0d2a1771593bab3e587325e1518974f3770ba0d4894baff95e24eba24d21014ed13669b9b7c54d135e3d32a3ed05cc07179e8689cf3b9b586a6b280437986a651f65aca8e062a39687966537e4ec44efe639052700f487b087a821ec1a19f5859564faa33e7244ba21af80f26465ef09e149ba96a910d1909f09c4a969827699180942c35a56da081082abefa7705db1475bc5369a79d90cc77b59c74ffc0a30dd4269ae6b579e73055e4fbe1717d9db7e7681354b1ebda1ed71c1f27ae8e7db6fedbfda7c02f73a47ad24f661dafeba74e7c4febd3561af", 0x1000}, {&(0x7f00000014c0)="b80be0b47f562b87224386b84f20d6047462a68dcf38ee798c0f7ec483b99e57d125edb81d833c8e169d563062cca840c321cc347e51dc578e2ea641f5e3c2b594ccd7651946f828001b69cd2e6e14c3a1448ae04ca932b48b01a09404", 0x5d}], 0x3, 0x0, 0x0, 0x4044094}}], 0x1, 0x10000081)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x80000001, 0x400000, 0xfffffdfffffffffe, 0xfa11, 0x3}, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
r1 = fsopen(&(0x7f0000000180)='proc\x00', 0x1)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140), 0x520001, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x10)
ioctl$VT_SETMODE(r2, 0x5602, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = inotify_init1(0x80c00)
inotify_add_watch(r3, 0x0, 0x70000d3f)
r4 = fsmount(r1, 0x0, 0x81)
fchdir(r4)
openat$cgroup_ro(r4, &(0x7f0000000000)='blkio.bfq.idle_time\x00', 0x275a, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
syz_open_dev$char_usb(0xc, 0xb4, 0x3)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast2, 0x7, 0x0, 0x1, 0x5, 0x5, 0x63e9}, 0x20)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x109800, 0x0)
ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r7, 0x8008f511, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = add_key$keyring(&(0x7f0000000300), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r8, &(0x7f0000000380)='asymmetric\x00', &(0x7f00000002c0)=@keyring)

5.207740818s ago: executing program 1 (id=2077):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
gettid()
tkill(0x0, 0x800d)
r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205649, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x980001, 0x8000, '\x00', @ptr=0x8}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002000)=""/102400, 0x19000)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
sendmmsg$inet6(r2, 0x0, 0x0, 0x8008801)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
r3 = syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0)
ioctl$EVIOCSREP(r3, 0x40084503, &(0x7f0000000040)=[0x0, 0xffffff6f])
r4 = getpid()
r5 = syz_open_dev$evdev(&(0x7f0000000080), 0x9, 0x307240)
ioctl$EVIOCGKEYCODE(r5, 0x80084504, &(0x7f0000000280)=""/193)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, 0x0, 0x0, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x14, 0x0, 0x4, 0x70bd29}, 0x14}}, 0x40000)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r8)
r9 = syz_genetlink_get_family_id$nl802154(0x0, r8)
sendmsg$NL802154_CMD_NEW_INTERFACE(r8, &(0x7f0000000480)={0x0, 0x11, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000eeff120000000a0004007778616e3300000008001500", @ANYRES32=0x0, @ANYBLOB="080001"], 0x30}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000)

4.79447878s ago: executing program 0 (id=2079):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f00000004c0)=[@ioring_restriction_register_op={0x0, 0x13}], 0x1)
io_uring_register$IORING_REGISTER_ENABLE_RINGS(0xffffffffffffffff, 0xc, 0x0, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, 0x0, 0x2)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x50)
mount(&(0x7f0000000100)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000180)='nilfs2\x00', 0x2208004, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r4, 0x8b2c, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6a, '\x00', 0x0, @sk_reuseport=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
getsockopt(0xffffffffffffffff, 0x28, 0x1, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

4.664169114s ago: executing program 1 (id=2080):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000280)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0xffffffffffffff61, 0x0, 0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x10000000000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f00000001c0)={0x30, 0x30, 0x30}}, 0x1000}], 0x0, 0x0, 0x0})

4.105490049s ago: executing program 1 (id=2082):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(0xffffffffffffffff, &(0x7f0000000480)={0x2, 0x4e21, @multicast2}, 0x10)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000200)={0xc, r3})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r2, 0x3b70, &(0x7f00000000c0)={0x50, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}]}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@link_local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x14, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0x0, "a78c"}]}}}}}}, 0x0)
r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000010d11800940000000000010902240001ca002018269d5f9a0fdf6281278f8773a89d00100103000100092105000001"], 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
fstatfs(0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r5], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r7, 0x702, 0xe, 0x0, &(0x7f0000000380)="e460334470b8d480eb00c1520800", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
sendmmsg(r1, &(0x7f0000007fc0), 0x0, 0xc0)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

3.526959208s ago: executing program 0 (id=2083):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001c00110c0000001400000f0007000000", @ANYRES32=r1, @ANYBLOB="800202000a0002"], 0x48}, 0x1, 0xefff}, 0x0)

3.334484104s ago: executing program 0 (id=2084):
syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x5, 0xd0, 0x4f, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x9, 0x7, 0xb4}, {0x6, 0x24, 0x1a, 0x1, 0x18}}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x8, 0x0, 0x4}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x40, 0xc6, 0x4, 0x5}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0xcf, 0x81, 0x2c}}}}}}}]}}, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2e, &(0x7f0000000200)=@string={0x2e, 0x3, "d482674f19861f29745a52f366ae95a52761b96ae8d78664f6fdb3ba644ee04e1656f0c3e808feeb3e954b93"}}, {0x100, &(0x7f0000000300)=@string={0x100, 0x3, "beeb07de8f7c17f6fa8fa3e0190d0f773e13c5877b3f7033392722427bcbbc9f1328ce54b729394c91f9019cc3af74bcd35d5a932923fd83a960e324f08d0266fc418bc74f6d1b99b3e8676c216938e8eb9d25bd19f4c85c3ff9adc3b405f92deaffa092d0ea68fd1a01f4305288c0f2a5687237c1d37a25b982fd6dc7f0a4986257af776438656d0464b68bd81ecbcb8b3754b233e6e9973dd355dd3c0eaf339c5f100638abf92cb40ae6afb4ee6084c94e81c3b9f8ff4653cac9dd0ecb559f016c5da0cad2b6f9cb3bf9bfa67d4f3b8a6c19527eff11121809e0223d59d2f007bb8bda0aa85a236cefc927a0b01a2d5ad6089e33ce5cc5c511f3fe3c8c"}}]})
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @broadcast=0xac14140a, @multicast1}, "040088beffffffff"}}}}}, 0x0)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4)
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa)

3.162340686s ago: executing program 3 (id=2085):
rt_tgsigqueueinfo(0x0, 0x0, 0x7, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_auto}]})

3.120582883s ago: executing program 5 (id=2086):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r0 = gettid()
ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r0, 0x6, 0x4002)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
mount$tmpfs(0x0, &(0x7f0000000540)='./cgroup\x00', &(0x7f0000000580), 0x0, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x4000800)
r2 = socket(0x2, 0x3, 0xff)
sendmmsg$inet(r2, &(0x7f0000007140), 0x0, 0x4800)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
set_mempolicy(0x3, &(0x7f00000000c0)=0x7, 0xa)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x3, &(0x7f00000001c0)=[{0x81, 0xfc, 0x7f}, {0x2, 0x0, 0x0, 0x80ffffff}, {0x6, 0x0, 0x0, 0xf00}]})
syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_KEY(r3, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x801}, 0x45)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000100)}}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x10, 0x5, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.082081605s ago: executing program 3 (id=2087):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x40806685, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x8}, 0x48)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040), &(0x7f00000004c0), 0xce, r1}, 0x38)
socket$unix(0x1, 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x128000, 0x800, 0x0, 0x700}, 0x20)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r0, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000080)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
bind$xdp(r0, &(0x7f00000002c0)={0x2c, 0x0, r4}, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
socket$inet(0x2b, 0x801, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f0000000200), 0x2, 0x141101)
r6 = dup(r5)
write$6lowpan_enable(r6, &(0x7f0000000000)='0', 0xfffffd2c)
pselect6(0x40, &(0x7f0000000600)={0x11, 0xfffffffffffffffc, 0x2, 0x0, 0xfffffffffffffffe, 0x0, 0x4, 0x8}, 0x0, &(0x7f0000000680)={0x7fc, 0x2, 0x800000, 0x0, 0x0, 0xc3ad}, 0x0, 0x0)

2.650511902s ago: executing program 5 (id=2088):
r0 = socket$kcm(0x10, 0x2, 0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r1 = socket$kcm(0x2, 0x5, 0x84)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8}, 0xc, 0x0}, 0x24004010)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
syz_open_dev$ndb(&(0x7f0000000400), 0x0, 0x240202)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
syz_usb_connect(0x6, 0x3b, &(0x7f0000000100)=ANY=[], 0x0)
setsockopt(0xffffffffffffffff, 0x84, 0x81, &(0x7f00000002c0)="b206000000000000", 0x8)
close(0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r6, 0x40000000af01, 0x0)
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r6, 0x4004af07, &(0x7f0000000000)={{0x0, 0x0, 0xc1, 0x5, 0x9, 0x7ff, 0x7, 0x9, 0xb, 0x7, 0x5, 0xfff, 0x6, 0x2d, 0x6}})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, r7, {}, {0xfff1}}}, 0x24}, 0x1, 0xfffe}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000000)="89000000120081ae08060cdc030000007f1be3f74001000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e281ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00120c00014006040400030404009bbc7a46e3988285dcdf12f213e6f768fec601955fed0009d78f0a947ee2b49e33538afa8af92347514f0b56a20ff27fff", 0x89}], 0x1}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="a0eb180000003e000701feffff"], 0x18}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)

2.567893102s ago: executing program 2 (id=2089):
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000), 0x9, 0x34002)
r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000feb000/0x14000)=nil, 0x14000, 0x1000000, 0x810, r1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x108, &(0x7f0000000100)=0x9, 0x0, 0x4)
ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f00000000c0))
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r0, 0xc01864b0, &(0x7f0000000740)={0x0, 0x0, 0xc, 0x0, 0x8})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=@newlink={0x34, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}, @IFLA_BROADCAST={0xa, 0x2, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}]}, 0x34}}, 0x800)

2.320208201s ago: executing program 2 (id=2090):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000040d90455a018000000000109022400010000000009040100010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000ac0)={0x2c, &(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x1804)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r5 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
write$tun(r4, &(0x7f0000000100)={@val, @void, @eth={@random="8c5d673ef776", @local, @val={@val={0x88a8, 0x5, 0x1, 0x4}, {0x8100, 0x6, 0x0, 0x6}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x6, 0x14, 0xe4, 0x0, 0x8, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0x29}, @loopback}}}}}}, 0x2e)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_GET(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)={0x2c, r7, 0x1, 0x70bd28, 0x25dfdbff, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20008800}, 0x200488c0)

2.051963088s ago: executing program 3 (id=2091):
r0 = openat$selinux_load(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000045, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="0100000004000000ff0f000005"], 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r3}, 0x10)
syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
msgsnd(0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX], 0x8, 0x800)
setsockopt$netrom_NETROM_N2(r1, 0x103, 0x3, &(0x7f0000000000)=0xffffffff, 0x4)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000003640)={0x0, 0x0, &(0x7f0000003600)={&(0x7f00000036c0)={0x18, 0x0, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_FEATURES_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40080}, 0x8014)
write$selinux_load(r0, &(0x7f0000000000)=ANY=[], 0x603f)

1.691776224s ago: executing program 3 (id=2092):
r0 = memfd_secret(0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xe, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x18, 0x2, {{0x9}, [@TCA_NETEM_RATE={0x14, 0xe, {0x0, 0x5}}]}}}]}, 0x60}}, 0x20048020) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0) (async)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000"], 0x110)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) (async)
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x2205, 0x0) (async)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
sendmsg(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) (async)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000008142000000000000009500000000000000"], 0x0, 0x2}, 0x94)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000080)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e) (async)
r9 = socket$kcm(0x10, 0x2, 0x0) (async)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
preadv(r10, &(0x7f0000010440)=[{&(0x7f0000000040)=""/160, 0x3fd}], 0x1, 0xc03, 0x0) (async)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x12, &(0x7f0000000200)=ANY=[@ANYBLOB="1836cb3f870b44e2570f2d3ce929d7845dd418f1b600000018000000000000000101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000008520000002000000c806200010000000d30a0c001000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000000d34289a30e000085100000020000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x11, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffbff}, 0x94)

1.382549435s ago: executing program 0 (id=2093):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x3000000, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)

1.353397251s ago: executing program 0 (id=2094):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, 0x0, 0x0)
getsockopt$netlink(r3, 0x10e, 0x9, 0x0, &(0x7f0000000100))
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)={0x64, r4, 0x1, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x50, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "8d2c854f4efc5da4428801e7e23f155457a45c1d4eb78d2936d280ad8456b2d8b3bdab59"}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x40400}, 0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x80)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080), 0x7f03)

1.352618182s ago: executing program 3 (id=2095):
socket$inet6(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0xffffffdf, 0x0, 0x0, 0x41100, 0x54, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x1000003, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10000000, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

58.801514ms ago: executing program 0 (id=2096):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x485, 0x40000)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x4dc8aa39}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe0b5bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0xf500)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000080)={0x9, 0x1, 0x7, {0x400e802, 0x3, 0x400, 0x4}})

10.429213ms ago: executing program 3 (id=2097):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
stat(&(0x7f00000003c0)='./file0\x00', 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
r3 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000280), 0x42000, 0x0)
read$FUSE(r3, &(0x7f0000002600)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
setreuid(r4, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000600)={0x0, <r5=>0x0}, &(0x7f0000000640)=0xc)
lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0})
sendmsg$netlink(r0, &(0x7f00000007c0)={&(0x7f0000000180)=@proc={0x10, 0x0, 0x25dfdbfc, 0x4000000}, 0xc, &(0x7f00000005c0)=[{&(0x7f0000000380)={0x10, 0x27, 0x12, 0x70bd28, 0x25dfdbff}, 0x10}], 0x1, &(0x7f0000000740)=[@rights={{0x1c, 0x1, 0x1, [r2, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r1, r4, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {r1, r5, r6}}}], 0x60, 0x4040800}, 0x20000810)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000010000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00"], 0xa8}}, 0x0)

0s ago: executing program 1 (id=2098):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, 0x0, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x28)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
symlinkat(&(0x7f0000000240)='./file0\x00', 0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00')
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r6, 0x4140aecd, &(0x7f0000000140)={{0xe566c797b7515b9, 0xffff1000, 0xf000, 0x9, 0x7f, 0x7, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0xd000, 0xd000, 0x10, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0xfa, 0x5}, {0xf000, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x4, 0x92, 0x80}, {0x10000, 0xeeef0000, 0xe, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x9}, {0xeeee8000, 0xdddd0000, 0xf, 0x9, 0x5, 0x2, 0x7, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xad, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0xa}, {0x10000, 0x10000, 0xb, 0x0, 0xcd, 0x5, 0x5, 0x26, 0x8, 0x6, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x40, 0x3, 0x0, 0x7f, 0x1, 0x0, 0x8}, {0x100000, 0x5}, {0x80a0000, 0xff81}, 0x80000003, 0x0, 0x6000, 0x21, 0x5, 0xa800, 0x8000900, 0x1, [0x6, 0x2, 0x3, 0x3]})
syz_open_dev$tty1(0xc, 0x4, 0x1)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r7], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

kernel console output (not intermixed with test programs):

oth: hci4: Error when powering off device on rfkill (-4)
[  428.704160][T11126] CIFS mount error: No usable UNC path provided in device string!
[  428.704160][T11126] 
[  428.815847][T11126] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  429.294664][T11127] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1296'.
[  430.800503][   T30] audit: type=1400 audit(1756648824.830:522): avc:  denied  { accept } for  pid=11179 comm="syz.1.1301" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  432.052653][    T9] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  432.082336][   T30] audit: type=1326 audit(1756648826.018:523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.127761][   T30] audit: type=1326 audit(1756648826.056:524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.154333][   T30] audit: type=1326 audit(1756648826.084:525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.180554][   T30] audit: type=1326 audit(1756648826.084:526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.206974][   T30] audit: type=1326 audit(1756648826.084:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.214312][    T9] usb 1-1: config 1 has an invalid interface number: 7 but max is 0
[  432.238153][   T30] audit: type=1326 audit(1756648826.103:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.266710][    T9] usb 1-1: config 1 has no interface number 0
[  432.278669][    T9] usb 1-1: config 1 interface 7 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  432.290716][   T30] audit: type=1326 audit(1756648826.103:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.299112][    T9] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  432.336226][   T30] audit: type=1326 audit(1756648826.103:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.369871][   T30] audit: type=1326 audit(1756648826.103:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11220 comm="syz.5.1310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f4ef3f8ebe9 code=0x7ffc0000
[  432.407569][    T9] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  432.417918][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.425870][    T9] usb 1-1: Product: syz
[  432.430138][    T9] usb 1-1: Manufacturer: syz
[  432.434697][    T9] usb 1-1: SerialNumber: syz
[  432.443577][T11212] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  432.759377][T11212] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  433.056045][    T9] sierra_net 1-1:1.7 wwan0: register 'sierra_net' at usb-dummy_hcd.0-1, Sierra Wireless USB-to-WWAN Modem, 00:00:00:00:01:07
[  433.410506][ T5935] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  433.581162][ T5935] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  433.591817][ T5935] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  433.605386][ T5935] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  433.605411][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.806058][   T92] usb 6-1: new full-speed USB device number 24 using dummy_hcd
[  433.833699][ T5935] usb 2-1: GET_CAPABILITIES returned 0
[  433.891438][ T5935] usbtmc 2-1:16.0: can't read capabilities
[  433.978253][   T92] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.988479][   T92] usb 6-1: config 0 has no interfaces?
[  433.998795][   T92] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  434.010469][   T92] usb 6-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  434.019770][   T92] usb 6-1: Product: syz
[  434.025424][   T92] usb 6-1: Manufacturer: syz
[  434.030473][   T92] usb 6-1: SerialNumber: syz
[  434.043431][   T92] usb 6-1: config 0 descriptor??
[  434.122113][T11236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  434.136325][T11236] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  434.176074][   T10] usb 2-1: USB disconnect, device number 28
[  434.282419][   T92] usb 6-1: USB disconnect, device number 24
[  435.046850][T11275] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=11275 comm=syz.1.1327
[  435.086878][    T9] sierra_net 1-1:1.7 wwan0: Submit SYNC failed -71
[  435.104674][    T9] sierra_net 1-1:1.7 wwan0: Send SYNC failed, status -71
[  436.292749][    T9] usb 1-1: USB disconnect, device number 41
[  436.438174][    T9] sierra_net 1-1:1.7 wwan0: unregister 'sierra_net' usb-dummy_hcd.0-1, Sierra Wireless USB-to-WWAN Modem
[  436.630619][    T9] sierra_net 1-1:1.7 wwan0 (unregistered): usb_control_msg failed, status -19
[  437.028147][T11288] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1331'.
[  437.600807][T11309] evm: overlay not supported
[  437.814994][    T9] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  437.890083][   T92] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  438.061464][    T9] usb 1-1: Using ep0 maxpacket: 32
[  438.062745][   T92] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  438.128818][   T92] usb 3-1: config 0 has no interfaces?
[  438.202238][    T9] usb 1-1: config 0 has an invalid interface number: 153 but max is 0
[  438.208563][   T92] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  438.210494][    T9] usb 1-1: config 0 has no interface number 0
[  438.220080][   T92] usb 3-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  438.225704][    T9] usb 1-1: config 0 interface 153 has no altsetting 0
[  438.227600][    T9] usb 1-1: New USB device found, idVendor=0742, idProduct=200a, bcdDevice=c1.31
[  438.249792][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  438.257845][    T9] usb 1-1: Product: syz
[  438.262071][    T9] usb 1-1: Manufacturer: syz
[  438.268376][    T9] usb 1-1: SerialNumber: syz
[  438.268390][   T92] usb 3-1: Product: syz
[  438.277706][   T92] usb 3-1: Manufacturer: syz
[  438.279117][    T9] usb 1-1: config 0 descriptor??
[  438.282392][   T92] usb 3-1: SerialNumber: syz
[  438.293826][   T92] usb 3-1: config 0 descriptor??
[  438.298753][    T9] HFC-S_USB 1-1:0.153: probe with driver HFC-S_USB failed with error -5
[  438.347367][T11324] program syz.1.1344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  438.363014][T11324] program syz.1.1344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  438.545154][   T92] usb 3-1: USB disconnect, device number 27
[  440.187852][   T92] usb 1-1: USB disconnect, device number 42
[  440.533066][T11365] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1354'.
[  440.569750][T11364] tmpfs: Bad value for 'nr_blocks'
[  440.801954][   T30] kauditd_printk_skb: 7 callbacks suppressed
[  440.801971][   T30] audit: type=1400 audit(1756649090.191:539): avc:  denied  { mounton } for  pid=11366 comm="syz.2.1355" path="/file0" dev="ramfs" ino=41071 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1
[  442.946391][   T92] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  443.120936][   T92] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  443.131160][   T92] usb 6-1: config 0 has no interfaces?
[  443.140703][   T92] usb 6-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  443.157167][   T92] usb 6-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3
[  443.169007][   T92] usb 6-1: Product: syz
[  443.173223][   T92] usb 6-1: Manufacturer: syz
[  443.178754][   T92] usb 6-1: SerialNumber: syz
[  443.192852][   T92] usb 6-1: config 0 descriptor??
[  443.363422][ T5935] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  443.494053][    T9] usb 6-1: USB disconnect, device number 25
[  443.578376][ T5935] usb 1-1: config 0 has an invalid interface number: 255 but max is 0
[  443.587743][ T5935] usb 1-1: config 0 has no interface number 0
[  443.593842][ T5935] usb 1-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  443.626112][ T5935] usb 1-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  443.645386][ T5935] usb 1-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79
[  443.654488][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.662614][ T5935] usb 1-1: Product: syz
[  443.668605][ T5935] usb 1-1: Manufacturer: syz
[  443.676354][ T5935] usb 1-1: SerialNumber: syz
[  443.684740][ T5935] usb 1-1: config 0 descriptor??
[  443.712404][ T5935] vmk80xx 1-1:0.255: driver 'vmk80xx' failed to auto-configure device.
[  443.730596][ T5935] vmk80xx 1-1:0.255: probe with driver vmk80xx failed with error -22
[  443.908002][T11408] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  443.935260][    T9] usb 1-1: USB disconnect, device number 43
[  443.969829][   T30] audit: type=1400 audit(1756649093.156:540): avc:  denied  { mounton } for  pid=11407 comm="syz.1.1365" path="/318/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1
[  445.210109][T11408] orangefs_mount: mount request failed with -4
[  445.228219][   T30] audit: type=1400 audit(1756649094.335:541): avc:  denied  { unmount } for  pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[  446.091087][T11465] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  446.179489][T11463] block nbd5: NBD_DISCONNECT
[  446.188839][T11463] block nbd5: Send disconnect failed -107
[  446.214778][T11459] block nbd5: Send control failed (result -107)
[  446.223704][T11459] block nbd5: Request send failed, requeueing
[  446.235614][T11459] block nbd5: Disconnected due to user request.
[  446.262056][ T6021] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  447.129129][T11486] NILFS (loop2): device size too small
[  447.924801][    T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  448.093085][    T9] usb 2-1: Using ep0 maxpacket: 8
[  448.114121][    T9] usb 2-1: config 127 has an invalid interface number: 171 but max is 1
[  448.142077][    T9] usb 2-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  448.174541][    T9] usb 2-1: config 127 has 1 interface, different from the descriptor's value: 2
[  448.186501][    T9] usb 2-1: config 127 has no interface number 0
[  448.193658][    T9] usb 2-1: config 127 interface 171 has no altsetting 0
[  448.202449][    T9] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  448.211572][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  448.219896][    T9] usb 2-1: Product: syz
[  448.224079][    T9] usb 2-1: Manufacturer: syz
[  448.228675][    T9] usb 2-1: SerialNumber: syz
[  450.275406][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  450.282893][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  450.322289][    T9] usb 2-1: USB disconnect, device number 29
[  450.330119][T11526] use of bytesused == 0 is deprecated and will be removed in the future,
[  450.338750][T11526] use the actual size instead.
[  452.536517][T11550] NILFS (loop1): device size too small
[  454.757448][T11596] debugfs: 'ttyS3' already exists in 'caif_serial'
[  455.090688][   T30] audit: type=1326 audit(1756649103.549:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.118649][   T30] audit: type=1326 audit(1756649103.549:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.160794][   T30] audit: type=1326 audit(1756649103.549:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.299273][   T30] audit: type=1326 audit(1756649103.549:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.390681][   T30] audit: type=1326 audit(1756649103.586:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.437346][   T30] audit: type=1326 audit(1756649103.614:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  455.515151][T11599] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  455.595725][T11599] CPU: 0 UID: 0 PID: 11599 Comm: syz.0.1425 Not tainted syzkaller #0 PREEMPT(full) 
[  455.595754][T11599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  455.595774][T11599] Call Trace:
[  455.595780][T11599]  <TASK>
[  455.595788][T11599]  dump_stack_lvl+0x16c/0x1f0
[  455.595815][T11599]  sysfs_warn_dup+0x7f/0xa0
[  455.595840][T11599]  sysfs_do_create_link_sd+0x124/0x140
[  455.595864][T11599]  sysfs_create_link+0x61/0xc0
[  455.595885][T11599]  device_add+0x62c/0x1aa0
[  455.595912][T11599]  ? __pfx_device_add+0x10/0x10
[  455.595934][T11599]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  455.595957][T11599]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  455.595991][T11599]  wiphy_register+0x1df4/0x29f0
[  455.596010][T11599]  ? netdev_run_todo+0x864/0x1320
[  455.596032][T11599]  ? __dev_printk+0x230/0x270
[  455.596054][T11599]  ? __pfx_wiphy_register+0x10/0x10
[  455.596083][T11599]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  455.596108][T11599]  ieee80211_register_hw+0x24a9/0x4060
[  455.596140][T11599]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  455.596165][T11599]  ? find_held_lock+0x2b/0x80
[  455.596187][T11599]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  455.596207][T11599]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  455.596224][T11599]  ? __hrtimer_setup+0x176/0x280
[  455.596239][T11599]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  455.596263][T11599]  ? trace_kmalloc+0x2b/0xd0
[  455.596276][T11599]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  455.596289][T11599]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  455.596304][T11599]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  455.596319][T11599]  ? __asan_memcpy+0x3c/0x60
[  455.596337][T11599]  hwsim_new_radio_nl+0xb51/0x12c0
[  455.596354][T11599]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  455.596374][T11599]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  455.596390][T11599]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  455.596409][T11599]  genl_family_rcv_msg_doit+0x206/0x2f0
[  455.596425][T11599]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  455.596446][T11599]  ? bpf_lsm_capable+0x9/0x10
[  455.596461][T11599]  ? security_capable+0x7e/0x260
[  455.596475][T11599]  ? ns_capable+0xd7/0x110
[  455.596490][T11599]  genl_rcv_msg+0x55c/0x800
[  455.596506][T11599]  ? __pfx_genl_rcv_msg+0x10/0x10
[  455.596524][T11599]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  455.596550][T11599]  netlink_rcv_skb+0x155/0x420
[  455.596570][T11599]  ? __pfx_genl_rcv_msg+0x10/0x10
[  455.596594][T11599]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  455.596617][T11599]  ? netlink_deliver_tap+0x1ae/0xd30
[  455.596631][T11599]  genl_rcv+0x28/0x40
[  455.596647][T11599]  netlink_unicast+0x5aa/0x870
[  455.596671][T11599]  ? __pfx_netlink_unicast+0x10/0x10
[  455.596694][T11599]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  455.596715][T11599]  netlink_sendmsg+0x8d1/0xdd0
[  455.596730][T11599]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.596749][T11599]  ____sys_sendmsg+0xa98/0xc70
[  455.596771][T11599]  ? copy_msghdr_from_user+0x10a/0x160
[  455.596783][T11599]  ? __pfx_____sys_sendmsg+0x10/0x10
[  455.596804][T11599]  ___sys_sendmsg+0x134/0x1d0
[  455.596817][T11599]  ? __pfx____sys_sendmsg+0x10/0x10
[  455.596849][T11599]  __sys_sendmsg+0x16d/0x220
[  455.596861][T11599]  ? __pfx___sys_sendmsg+0x10/0x10
[  455.596881][T11599]  ? __secure_computing+0x28e/0x3b0
[  455.596900][T11599]  do_syscall_64+0xcd/0x4c0
[  455.596915][T11599]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.596927][T11599] RIP: 0033:0x7fefc398ebe9
[  455.596937][T11599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.596947][T11599] RSP: 002b:00007fefc4788038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  455.596958][T11599] RAX: ffffffffffffffda RBX: 00007fefc3bc6180 RCX: 00007fefc398ebe9
[  455.596965][T11599] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  455.596973][T11599] RBP: 00007fefc3a11e19 R08: 0000000000000000 R09: 0000000000000000
[  455.596979][T11599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  455.596986][T11599] R13: 00007fefc3bc6218 R14: 00007fefc3bc6180 R15: 00007ffda28f1e88
[  455.597001][T11599]  </TASK>
[  456.279038][   T30] audit: type=1326 audit(1756649104.625:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  456.544434][   T30] audit: type=1326 audit(1756649104.625:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  456.600679][   T30] audit: type=1326 audit(1756649104.971:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  456.625406][   T30] audit: type=1326 audit(1756649104.990:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11593 comm="syz.0.1425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefc398ebe9 code=0x7ffc0000
[  457.250792][T11620] netlink: 'syz.1.1430': attribute type 4 has an invalid length.
[  457.846350][T11633] netlink: 172 bytes leftover after parsing attributes in process `syz.5.1435'.
[  458.618428][  T976] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  458.974925][  T976] usb 1-1: Using ep0 maxpacket: 8
[  458.983583][  T976] usb 1-1: config 127 has an invalid interface number: 171 but max is 1
[  458.991989][  T976] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  459.003837][  T976] usb 1-1: config 127 has 1 interface, different from the descriptor's value: 2
[  459.012839][  T976] usb 1-1: config 127 has no interface number 0
[  459.020389][  T976] usb 1-1: config 127 interface 171 has no altsetting 0
[  459.032101][  T976] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  459.046265][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.054251][  T976] usb 1-1: Product: syz
[  459.084678][  T976] usb 1-1: Manufacturer: syz
[  459.099694][  T976] usb 1-1: SerialNumber: syz
[  460.052763][  T976] usb 1-1: USB disconnect, device number 44
[  460.228253][T11659] binder: 11658:11659 ioctl c0306201 200000000080 returned -14
[  460.958429][T11677] overlayfs: failed to resolve './file1': -2
[  463.398056][T11693] netlink: 'syz.3.1453': attribute type 1 has an invalid length.
[  463.467956][T11693] bond0: entered promiscuous mode
[  463.493283][T11693] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.550882][T11697] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.561271][T11697] bond0: (slave vcan2): The slave device specified does not support setting the MAC address
[  463.571617][T11697] bond0: (slave vcan2): Setting fail_over_mac to active for active-backup mode
[  463.668790][T11697] bond0: (slave vcan2): making interface the new active one
[  463.677604][T11697] vcan2: entered promiscuous mode
[  463.698585][T11697] bond0: (slave vcan2): Enslaving as an active interface with an up link
[  463.789445][T11705] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1456'.
[  463.973031][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  463.973044][   T30] audit: type=1400 audit(1756649111.865:554): avc:  denied  { shutdown } for  pid=11708 comm="syz.2.1458" lport=17 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  464.281157][   T30] audit: type=1400 audit(1756649112.155:555): avc:  denied  { append } for  pid=11708 comm="syz.2.1458" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  464.315147][T11717] loop9: detected capacity change from 0 to 7
[  464.329745][T11717] buffer_io_error: 4 callbacks suppressed
[  464.329777][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.344935][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.353560][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.362400][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.372336][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.380311][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.388672][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.397446][T11717] ldm_validate_partition_table(): Disk read failed.
[  464.405143][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.413594][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.421866][T11717] Buffer I/O error on dev loop9, logical block 0, async page read
[  464.430513][T11717] Dev loop9: unable to read RDB block 0
[  464.438468][T11717]  loop9: unable to read partition table
[  464.445360][T11717] loop9: partition table beyond EOD, truncated
[  464.527670][T11717] loop_reread_partitions: partition scan of loop9 (�被x����k�ڬ��dG�����ݡ�����) failed (rc=-5)
[  464.627537][  T976] usb 1-1: new high-speed USB device number 45 using dummy_hcd
[  464.797201][  T976] usb 1-1: Using ep0 maxpacket: 8
[  464.806912][  T976] usb 1-1: config 127 has an invalid interface number: 171 but max is 1
[  464.815353][  T976] usb 1-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  464.825795][  T976] usb 1-1: config 127 has 1 interface, different from the descriptor's value: 2
[  464.838952][  T976] usb 1-1: config 127 has no interface number 0
[  464.851695][  T976] usb 1-1: config 127 interface 171 has no altsetting 0
[  464.876303][  T976] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  464.885715][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.893888][  T976] usb 1-1: Product: syz
[  464.899287][  T976] usb 1-1: Manufacturer: syz
[  464.905135][  T976] usb 1-1: SerialNumber: syz
[  465.409640][  T976] usb 1-1: USB disconnect, device number 45
[  466.099492][T11745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1467'.
[  466.111864][T11745] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1467'.
[  466.125057][T11745] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1467'.
[  466.753704][T11753] netlink: 'syz.0.1472': attribute type 4 has an invalid length.
[  468.475783][   T10] usb 1-1: new high-speed USB device number 46 using dummy_hcd
[  468.592231][  T976] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[  468.689403][   T10] usb 1-1: Using ep0 maxpacket: 8
[  468.700229][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.718970][   T10] usb 1-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00
[  468.729883][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.742754][   T10] usb 1-1: config 0 descriptor??
[  468.748818][T11783] loop6: detected capacity change from 0 to 524288000
[  468.763862][  T976] usb 6-1: Using ep0 maxpacket: 8
[  468.770049][  T976] usb 6-1: config 127 has an invalid interface number: 171 but max is 1
[  468.779778][  T976] usb 6-1: config 127 has an invalid descriptor of length 0, skipping remainder of the config
[  468.788886][T11783] ldm_validate_partition_table(): Disk read failed.
[  468.805994][  T976] usb 6-1: config 127 has 1 interface, different from the descriptor's value: 2
[  468.815033][  T976] usb 6-1: config 127 has no interface number 0
[  468.821381][  T976] usb 6-1: config 127 interface 171 has no altsetting 0
[  468.840064][  T976] usb 6-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9
[  468.849139][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.857108][  T976] usb 6-1: Product: syz
[  468.861800][T11783] Dev loop6: unable to read RDB block 0
[  468.868760][  T976] usb 6-1: Manufacturer: syz
[  468.873428][  T976] usb 6-1: SerialNumber: syz
[  468.877512][T11783]  loop6: unable to read partition table
[  468.887911][T11772] warn_alloc: 1 callbacks suppressed
[  468.887921][T11772] syz.2.1473: vmalloc error: size 283115520, failed to allocated page array size 552960, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null)
[  468.894767][T11783] loop_reread_partitions: partition scan of loop6 (3��x��C) failed (rc=-5)
[  468.895483][T11772] ,cpuset=/,mems_allowed=0-1
[  468.929246][T11772] CPU: 0 UID: 0 PID: 11772 Comm: syz.2.1473 Not tainted syzkaller #0 PREEMPT(full) 
[  468.929264][T11772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  468.929271][T11772] Call Trace:
[  468.929275][T11772]  <TASK>
[  468.929280][T11772]  dump_stack_lvl+0x16c/0x1f0
[  468.929296][T11772]  warn_alloc+0x248/0x3a0
[  468.929309][T11772]  ? __pfx_warn_alloc+0x10/0x10
[  468.929326][T11772]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  468.929342][T11772]  ? __vmalloc_node_noprof+0xad/0xf0
[  468.929367][T11772]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  468.929388][T11772]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  468.929408][T11772]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  468.929429][T11772]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  468.929445][T11772]  vmalloc_user_noprof+0x9e/0xe0
[  468.929461][T11772]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  468.929477][T11772]  vb2_vmalloc_alloc+0x135/0x3f0
[  468.929493][T11772]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  468.929509][T11772]  __vb2_queue_alloc+0x8c9/0x1280
[  468.929531][T11772]  vb2_core_reqbufs+0xa90/0xfe0
[  468.929549][T11772]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  468.929573][T11772]  __vb2_init_fileio+0x3f1/0x1100
[  468.929587][T11772]  ? __futex_wait+0x24c/0x2f0
[  468.929601][T11772]  ? __pfx___futex_wait+0x10/0x10
[  468.929613][T11772]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  468.929626][T11772]  ? lockdep_hardirqs_on+0x7c/0x110
[  468.929639][T11772]  __vb2_perform_fileio+0x9c2/0x1660
[  468.929658][T11772]  ? __pfx___vb2_perform_fileio+0x10/0x10
[  468.929679][T11772]  vb2_fop_write+0x207/0x3f0
[  468.929695][T11772]  v4l2_write+0x229/0x360
[  468.929707][T11772]  ? __pfx_v4l2_write+0x10/0x10
[  468.929717][T11772]  vfs_write+0x29d/0x11d0
[  468.929731][T11772]  ? __pfx_vfs_write+0x10/0x10
[  468.929741][T11772]  ? find_held_lock+0x2b/0x80
[  468.929755][T11772]  ? __fget_files+0x204/0x3c0
[  468.929770][T11772]  ? __fget_files+0x20e/0x3c0
[  468.929786][T11772]  ksys_write+0x12a/0x250
[  468.929797][T11772]  ? __pfx_ksys_write+0x10/0x10
[  468.929812][T11772]  do_syscall_64+0xcd/0x4c0
[  468.929826][T11772]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  468.929838][T11772] RIP: 0033:0x7f491778ebe9
[  468.929848][T11772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  468.929858][T11772] RSP: 002b:00007f49155f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  468.929868][T11772] RAX: ffffffffffffffda RBX: 00007f49179c6270 RCX: 00007f491778ebe9
[  468.929875][T11772] RDX: 000000000000012f RSI: 00002000000002c0 RDI: 0000000000000007
[  468.929882][T11772] RBP: 00007f4917811e19 R08: 0000000000000000 R09: 0000000000000000
[  468.929889][T11772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  468.929895][T11772] R13: 00007f49179c6308 R14: 00007f49179c6270 R15: 00007ffee1644aa8
[  468.929908][T11772]  </TASK>
[  468.929926][T11772] Mem-Info:
[  469.030489][T11785] loop6: detected capacity change from 524288000 to 0
[  469.304419][T11772] active_anon:12932 inactive_anon:0 isolated_anon:0
[  469.304419][T11772]  active_file:16769 inactive_file:41178 isolated_file:0
[  469.304419][T11772]  unevictable:772 dirty:500 writeback:0
[  469.304419][T11772]  slab_reclaimable:12977 slab_unreclaimable:100125
[  469.304419][T11772]  mapped:35168 shmem:9355 pagetables:1494
[  469.304419][T11772]  sec_pagetables:0 bounce:0
[  469.304419][T11772]  kernel_misc_reclaimable:0
[  469.304419][T11772]  free:1281315 free_pcp:15130 free_cma:0
[  469.366753][  T976] usb 6-1: USB disconnect, device number 26
[  469.384485][T11772] Node 0 active_anon:51728kB inactive_anon:0kB active_file:67052kB inactive_file:164480kB unevictable:1552kB isolated(anon):0kB isolated(file):0kB mapped:140672kB dirty:2000kB writeback:0kB shmem:35884kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12992kB pagetables:5752kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  469.424003][T11772] Node 1 active_anon:0kB inactive_anon:0kB active_file:24kB inactive_file:232kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  469.472371][T11772] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  469.504255][T11772] lowmem_reserve[]: 0 2479 2481 2481 2481
[  469.520467][T11772] Node 0 DMA32 free:1214160kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:51704kB inactive_anon:0kB active_file:67052kB inactive_file:163160kB unevictable:1552kB writepending:2000kB present:3129332kB managed:2539368kB mlocked:0kB bounce:0kB free_pcp:42252kB local_pcp:26848kB free_cma:0kB
[  469.568816][T11772] lowmem_reserve[]: 0 0 1 1 1
[  469.577913][T11772] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB
[  469.639888][T11772] lowmem_reserve[]: 0 0 0 0 0
[  469.644588][T11772] Node 1 Normal free:3895508kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:24kB inactive_file:232kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18588kB local_pcp:10876kB free_cma:0kB
[  469.721700][T11772] lowmem_reserve[]: 0 0 0 0 0
[  469.727919][T11779] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  469.750713][T11772] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  469.759716][T11779] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  469.780792][T11772] Node 0 DMA32: 2*4kB (ME) 1*8kB (E) 183*16kB (UM) 1300*32kB (UME) 409*64kB (UME) 195*128kB (UME) 85*256kB (UME) 30*512kB (UME) 16*1024kB (UM) 10*2048kB (UM) 255*4096kB (UM) = 1214144kB
[  469.801484][T11772] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  469.815598][T11772] Node 1 Normal: 181*4kB (UME) 50*8kB (UE) 39*16kB (UE) 198*32kB (UE) 49*64kB (UME) 12*128kB (UME) 3*256kB (UME) 4*512kB (UME) 3*1024kB (UME) 1*2048kB (U) 946*4096kB (M) = 3895508kB
[  469.836019][T11772] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  469.847907][T11772] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  469.859021][T11772] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  469.872605][   T10] usbhid 1-1:0.0: can't add hid device: -71
[  469.880387][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  469.889765][   T10] usb 1-1: USB disconnect, device number 46
[  469.898004][T11772] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  469.910828][T11772] 64448 total pagecache pages
[  469.923742][T11772] 0 pages in swap cache
[  469.927947][T11772] Free swap  = 124996kB
[  469.936673][T11772] Total swap = 124996kB
[  469.987771][T11772] 2097051 pages RAM
[  469.992702][T11772] 0 pages HighMem/MovableOnly
[  469.997357][T11772] 430247 pages reserved
[  470.009805][T11772] 0 pages cma reserved
[  470.095422][T11799] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1487'.
[  470.109642][T11799] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1487'.
[  470.288840][T11809] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1488'.
[  470.882686][T11821] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=5 sclass=netlink_route_socket pid=11821 comm=syz.3.1492
[  471.037907][   T10] kernel write not supported for file /dsp (pid: 10 comm: kworker/0:1)
[  471.110671][T11831] fuseblk: Bad value for 'fd'
[  471.420944][T11836] IPVS: set_ctl: invalid protocol: 47 0.0.0.0:20003
[  471.799229][ T5935] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  471.971566][ T5935] usb 1-1: Using ep0 maxpacket: 16
[  471.978562][ T5935] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  471.986891][ T5935] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  471.997025][ T5935] usb 1-1: config 0 has no interface number 0
[  472.003122][ T5935] usb 1-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  472.013008][ T5935] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  472.023486][ T5935] usb 1-1: config 0 descriptor??
[  472.031544][ T5935] usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  472.038470][ T5935] usb 1-1: No valid video chain found.
[  472.562554][ T5935] usb 1-1: USB disconnect, device number 47
[  474.651268][T11881] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1509'.
[  475.232603][ T5935] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  475.412458][ T5935] usb 6-1: Using ep0 maxpacket: 32
[  475.419252][ T5935] usb 6-1: config 0 has an invalid interface number: 135 but max is 0
[  475.427482][ T5935] usb 6-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  475.438359][ T5935] usb 6-1: config 0 has no interface number 0
[  475.444591][ T5935] usb 6-1: config 0 interface 135 altsetting 89 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  475.457797][   T30] audit: type=1400 audit(1756649122.595:556): avc:  denied  { read } for  pid=11889 comm="syz.1.1514" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  475.481615][ T5935] usb 6-1: config 0 interface 135 has no altsetting 0
[  475.491476][ T5935] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  475.508774][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  475.522132][ T5935] usb 6-1: Product: syz
[  475.526324][ T5935] usb 6-1: Manufacturer: syz
[  475.531007][ T5935] usb 6-1: SerialNumber: syz
[  475.543513][ T5935] usb 6-1: config 0 descriptor??
[  475.871241][T11903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1518'.
[  476.426105][T11912] CIFS mount error: No usable UNC path provided in device string!
[  476.426105][T11912] 
[  476.437519][T11912] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  478.410647][ T5935] em28xx 6-1:0.135: audio device (0ccd:10af): interface 135, class 1
[  478.420191][ T5935] usb 6-1: USB disconnect, device number 27
[  478.887015][ T5935] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  479.222666][ T5935] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  479.248098][ T5935] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  479.262281][ T5935] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  479.273635][ T5935] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.286052][ T5935] usb 6-1: Product: syz
[  479.291335][ T5935] usb 6-1: Manufacturer: syz
[  479.556289][ T5935] usb 6-1: SerialNumber: syz
[  479.566298][ T5935] cdc_mbim 6-1:1.0: skipping garbage
[  479.800550][T11950] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  480.699225][T11950] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  480.706812][ T5935] cdc_mbim 6-1:1.0: setting tx_max = 16384
[  480.713622][ T5935] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  480.726037][ T5935] wwan wwan0: port wwan0mbim0 attached
[  480.739300][ T5935] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 2a:96:b4:e4:2e:69
[  480.959763][ T5935] usb 6-1: USB disconnect, device number 28
[  480.966273][ T5935] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[  481.102034][ T5935] wwan wwan0: port wwan0mbim0 disconnected
[  481.623389][T11990] NILFS (loop0): device size too small
[  482.655101][T12012] NILFS (loop2): device size too small
[  483.145213][T12008] netlink: 14 bytes leftover after parsing attributes in process `syz.5.1547'.
[  484.013590][T12026] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1554'.
[  484.041659][T12028] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  484.237784][T12034] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1557'.
[  485.360472][   T92] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  485.546750][   T92] usb 2-1: Using ep0 maxpacket: 32
[  485.553817][   T92] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8E has an invalid bInterval 193, changing to 7
[  485.568850][   T92] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x8E has invalid maxpacket 18038, setting to 1024
[  485.584454][   T92] usb 2-1: config 0 interface 0 altsetting 16 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  485.598644][   T92] usb 2-1: config 0 interface 0 has no altsetting 0
[  485.606353][   T92] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  485.621067][   T92] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.640212][   T92] usb 2-1: config 0 descriptor??
[  486.367792][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.458625][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.479987][T12072] netlink: 'syz.2.1567': attribute type 5 has an invalid length.
[  486.809536][T12046] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  486.883869][T12046] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  486.929826][   T92] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0
[  486.940727][   T92] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0
[  486.950061][   T92] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0
[  486.964617][   T92] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0
[  486.978548][   T92] hid-thrustmaster 0003:044F:B65D.0008: unknown main item tag 0x0
[  486.997700][   T92] hid-thrustmaster 0003:044F:B65D.0008: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0
[  487.020787][   T92] hid-thrustmaster 0003:044F:B65D.0008: Unexpected non-int endpoint
[  487.233343][T12086] netlink: 'syz.3.1570': attribute type 12 has an invalid length.
[  487.329552][    C1] hid-thrustmaster 0003:044F:B65D.0008: URB to get model id failed with error -71
[  487.339673][   T92] usb 2-1: USB disconnect, device number 30
[  488.184809][T12092] random: crng reseeded on system resumption
[  488.191820][   T30] audit: type=1400 audit(1756649134.512:557): avc:  denied  { append } for  pid=12083 comm="syz.5.1571" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  488.245750][   T30] audit: type=1400 audit(1756649134.568:558): avc:  denied  { ioctl } for  pid=12083 comm="syz.5.1571" path="/dev/snapshot" dev="devtmpfs" ino=92 ioctlcmd=0x3305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  488.324698][T12092] Restarting kernel threads ...
[  488.332904][T12092] Done restarting kernel threads.
[  488.383433][   T30] audit: type=1400 audit(1756649134.699:559): avc:  denied  { append } for  pid=12100 comm="syz.1.1576" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  488.412866][T12101] SELinux:  Context system_u:object_r:mount_tmp_t:s0 is not valid (left unmapped).
[  488.422767][   T30] audit: type=1400 audit(1756649134.737:560): avc:  denied  { relabelfrom } for  pid=12100 comm="syz.1.1576" name="NETLINK" dev="sockfs" ino=42830 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  488.506373][   T30] audit: type=1400 audit(1756649134.812:561): avc:  denied  { relabelto } for  pid=12100 comm="syz.1.1576" name="NETLINK" dev="sockfs" ino=42830 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:mount_tmp_t:s0"
[  491.328533][   T30] audit: type=1400 audit(1756649137.449:562): avc:  denied  { accept } for  pid=12154 comm="syz.2.1590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  491.868339][T12167] netlink: 'syz.5.1593': attribute type 4 has an invalid length.
[  491.902005][T12170] sctp: [Deprecated]: syz.0.1595 (pid 12170) Use of int in max_burst socket option deprecated.
[  491.902005][T12170] Use struct sctp_assoc_value instead
[  492.098964][T12179] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1598'.
[  492.110322][T12179] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1598'.
[  492.300744][   T30] audit: type=1326 audit(1756649138.366:563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.2.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f491778ebe9 code=0x7ffc0000
[  492.363827][   T30] audit: type=1326 audit(1756649138.394:564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.2.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f491778ebe9 code=0x7ffc0000
[  492.387612][   T30] audit: type=1326 audit(1756649138.394:565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.2.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f491778ebe9 code=0x7ffc0000
[  492.414706][   T30] audit: type=1326 audit(1756649138.394:566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12175 comm="syz.2.1597" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f491778ebe9 code=0x7ffc0000
[  492.461963][T12185] debugfs: '!' already exists in 'ieee80211'
[  494.828443][T12227] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1612'.
[  495.244849][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  495.244866][   T30] audit: type=1400 audit(1756649141.126:572): avc:  denied  { write } for  pid=12241 comm="syz.2.1615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  495.791273][ T5935] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  496.005581][ T5935] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  496.016590][ T5935] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  496.042452][ T5935] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  496.055668][ T5935] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  496.072733][ T5935] usb 6-1: config 0 descriptor??
[  496.083064][ T5935] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  497.706221][T12279] loop8: detected capacity change from 0 to 8
[  497.743889][T12279] Dev loop8: unable to read RDB block 8
[  497.778458][T12279]  loop8: unable to read partition table
[  498.075723][T12279] loop8: partition table beyond EOD, truncated
[  498.098604][T12279] loop_reread_partitions: partition scan of loop8 (�被x�^>��� ) failed (rc=-5)
[  499.243973][ T5935] usb 6-1: USB disconnect, device number 29
[  499.401743][T12303] netlink: 'syz.2.1634': attribute type 27 has an invalid length.
[  499.658117][   T30] audit: type=1400 audit(1756649145.251:573): avc:  denied  { map } for  pid=12319 comm="syz.5.1640" path="socket:[44392]" dev="sockfs" ino=44392 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  499.682438][   T30] audit: type=1400 audit(1756649145.251:574): avc:  denied  { read } for  pid=12319 comm="syz.5.1640" path="socket:[44392]" dev="sockfs" ino=44392 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  499.845121][   T54] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  499.925293][   T92] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  500.105274][   T54] usb 1-1: Using ep0 maxpacket: 32
[  500.175602][   T54] usb 1-1: config 0 has an invalid interface number: 184 but max is 0
[  500.193011][   T54] usb 1-1: config 0 has no interface number 0
[  500.263661][   T54] usb 1-1: config 0 interface 184 has no altsetting 0
[  500.352493][   T92] usb 3-1: Using ep0 maxpacket: 16
[  500.374299][   T54] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  500.383529][   T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.391581][   T92] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  500.412505][   T92] usb 3-1: config 0 has no interface number 0
[  500.433300][   T54] usb 1-1: Product: syz
[  500.455769][   T54] usb 1-1: Manufacturer: syz
[  500.463938][   T54] usb 1-1: SerialNumber: syz
[  500.469876][T12303] bridge0: port 2(bridge_slave_1) entered disabled state
[  500.477166][T12303] bridge0: port 1(bridge_slave_0) entered disabled state
[  500.486692][   T54] usb 1-1: config 0 descriptor??
[  500.495616][   T92] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  500.514015][   T54] smsc75xx v1.0.0
[  500.526481][   T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.534537][   T92] usb 3-1: Product: syz
[  500.539653][   T92] usb 3-1: Manufacturer: syz
[  500.544524][   T92] usb 3-1: SerialNumber: syz
[  500.553131][   T92] usb 3-1: config 0 descriptor??
[  500.559997][   T92] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  500.719692][T12303] 0�X���: left allmulticast mode
[  501.147247][T12303] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  501.218078][T12303] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  501.591328][   T92] gspca_spca1528: reg_w err -110
[  501.602676][T12303] veth0_macvtap: left allmulticast mode
[  501.609825][T12303] macvtap0: left allmulticast mode
[  501.646227][   T92] spca1528 3-1:0.1: probe with driver spca1528 failed with error -110
[  501.818123][T12316] 8021q: adding VLAN 0 to HW filter on device team0
[  501.850747][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71
[  501.870453][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  501.880230][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  501.891201][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  501.900844][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  501.911221][   T54] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  501.920795][T12316] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  501.924254][   T54] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71
[  501.950408][   T54] usb 1-1: USB disconnect, device number 48
[  502.014926][T10674] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.029842][T10674] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.044328][T10674] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.073477][T10674] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  502.656016][T12342] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1645'.
[  503.058220][   T10] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  503.251088][   T10] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  503.279223][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.272822][   T10] usb 6-1: config 0 descriptor??
[  504.586706][T12359] ALSA: seq fatal error: cannot create timer (-22)
[  504.601614][  T976] usb 3-1: USB disconnect, device number 28
[  505.638591][   T10] ath6kl: Failed to submit usb control message: -110
[  505.656286][   T10] ath6kl: unable to send the bmi data to the device: -110
[  505.695947][   T10] ath6kl: Unable to send get target info: -110
[  505.714646][   T10] ath6kl: Failed to init ath6kl core: -110
[  505.723013][   T10] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -110
[  505.779448][T12376] @: renamed from vlan0
[  506.082088][   T30] audit: type=1400 audit(1756649151.257:575): avc:  denied  { execute } for  pid=12348 comm="syz.5.1648" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=44486 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  506.084114][T12381] syzkaller0: entered promiscuous mode
[  506.118393][T12381] syzkaller0: entered allmulticast mode
[  506.405156][T12402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1663'.
[  506.448812][   T30] audit: type=1400 audit(1756649151.603:576): avc:  denied  { ioctl } for  pid=12403 comm="syz.0.1664" path="socket:[44531]" dev="sockfs" ino=44531 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  506.484517][   T30] audit: type=1400 audit(1756649151.631:577): avc:  denied  { read } for  pid=12403 comm="syz.0.1664" path="socket:[44531]" dev="sockfs" ino=44531 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  506.745493][ T5985] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  506.873667][T12413] : Can't lookup blockdev
[  507.001955][ T5985] usb 2-1: Using ep0 maxpacket: 8
[  507.010120][ T5985] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  507.023053][ T5985] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.032221][ T5985] usb 2-1: Product: syz
[  507.039263][ T5985] usb 2-1: Manufacturer: syz
[  507.044785][ T5985] usb 2-1: SerialNumber: syz
[  507.057642][ T5985] usb 2-1: config 0 descriptor??
[  507.065586][ T5985] gspca_main: se401-2.14.0 probing 047d:5003
[  507.535883][   T10] usb 6-1: USB disconnect, device number 30
[  507.604336][T12420] binder: 12419:12420 ioctl c0306201 200000000080 returned -14
[  507.657691][T12421] netlink: 292 bytes leftover after parsing attributes in process `syz.0.1668'.
[  507.668666][   T30] audit: type=1400 audit(1756649152.716:578): avc:  denied  { create } for  pid=12418 comm="syz.0.1668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  507.746733][ T5985] gspca_se401: write req failed req 0x57 val 0x00 error -71
[  507.758421][ T5985] se401 2-1:0.0: probe with driver se401 failed with error -71
[  507.987973][ T5985] usb 2-1: USB disconnect, device number 31
[  508.172482][   T30] audit: type=1400 audit(1756649153.212:579): avc:  denied  { execute } for  pid=12429 comm="syz.5.1672" path="/sys/kernel/debug/binder/transaction_log" dev="debugfs" ino=3498 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=file permissive=1
[  508.217566][   T30] audit: type=1326 audit(1756649153.249:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12429 comm="syz.5.1672" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4ef3f8ebe9 code=0x0
[  508.617226][T12447] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1676'.
[  508.940744][T12459] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=7 sclass=netlink_route_socket pid=12459 comm=syz.1.1680
[  509.322196][   T10] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  509.481916][   T10] usb 1-1: Using ep0 maxpacket: 8
[  509.488865][   T10] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  509.516195][   T10] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  509.526868][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  509.540222][   T10] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  509.566609][   T10] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  509.581938][   T10] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  509.592324][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  509.821879][   T10] usb 1-1: GET_CAPABILITIES returned 0
[  509.836937][   T10] usbtmc 1-1:16.0: can't read capabilities
[  510.081462][   T10] usb 1-1: USB disconnect, device number 49
[  510.299044][T12489] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12489 comm=syz.5.1691
[  510.821667][T12494] netlink: 'syz.5.1692': attribute type 4 has an invalid length.
[  511.704734][T12504] netlink: 'syz.5.1695': attribute type 1 has an invalid length.
[  511.744970][T12504] bond1: entered promiscuous mode
[  511.757761][T12504] 8021q: adding VLAN 0 to HW filter on device bond1
[  511.758551][T12509] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=12509 comm=syz.5.1695
[  511.853858][   T30] audit: type=1400 audit(1756649156.648:581): avc:  denied  { watch } for  pid=12501 comm="syz.3.1694" path="/371/file0" dev="tmpfs" ino=2012 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  511.908618][ T5985] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  511.989284][T12513] netlink: 'syz.5.1697': attribute type 5 has an invalid length.
[  512.111993][ T5985] usb 3-1: Using ep0 maxpacket: 32
[  512.118547][  T976] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  512.119918][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  512.214835][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  512.230564][ T5985] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  512.239881][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.264453][ T5985] usb 3-1: config 0 descriptor??
[  512.369636][  T976] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  512.383317][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  512.395688][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  512.416401][  T976] usb 2-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  512.427833][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  512.436663][  T976] usb 2-1: Product: syz
[  512.441117][  T976] usb 2-1: Manufacturer: syz
[  512.449675][  T976] usb 2-1: SerialNumber: syz
[  512.456773][  T976] usb 2-1: config 0 descriptor??
[  512.463599][T12508] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  512.764345][   T10] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  512.915929][   T10] usb 6-1: device descriptor read/64, error -71
[  513.124132][ T5985] usbhid 3-1:0.0: can't add hid device: -71
[  513.132384][ T5985] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  513.143464][ T5985] usb 3-1: USB disconnect, device number 29
[  513.170207][   T10] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  513.320111][   T10] usb 6-1: device descriptor read/64, error -71
[  513.440298][   T10] usb usb6-port1: attempt power cycle
[  513.719511][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1701'.
[  513.730264][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1701'.
[  514.527760][   T10] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  514.563006][   T10] usb 6-1: device descriptor read/8, error -71
[  514.691262][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  514.697598][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  514.837801][   T10] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  514.859896][   T10] usb 6-1: device descriptor read/8, error -71
[  514.977993][   T10] usb usb6-port1: unable to enumerate USB device
[  515.009500][  T976] powermate: unknown product id 0240
[  515.014839][  T976] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  515.023858][  T976] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input17
[  515.041132][   T54] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  515.050241][    C0] powermate: config urb returned -71
[  515.057057][    C0] powermate: config urb returned -71
[  515.063389][    C0] powermate: config urb returned -71
[  515.069897][    C0] powermate: config urb returned -71
[  515.086633][  T976] usb 2-1: USB disconnect, device number 32
[  515.086684][    C0] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  515.121309][   T30] audit: type=1400 audit(1756649159.716:582): avc:  denied  { create } for  pid=12546 comm="syz.1.1708" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  515.187893][   T30] audit: type=1400 audit(1756649159.744:583): avc:  denied  { setattr } for  pid=12546 comm="syz.1.1708" name="file0" dev="tmpfs" ino=2067 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  515.355269][T12548] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.1708'.
[  515.597467][   T54] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  515.607982][   T54] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  515.621097][   T54] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  515.630283][   T54] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.657155][   T54] usb 3-1: config 0 descriptor??
[  515.667878][   T54] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  515.708813][T12550] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1709'.
[  515.818465][T12552] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1710'.
[  515.886683][T12552] bridge3: port 1(veth3) entered blocking state
[  515.937210][T12552] bridge3: port 1(veth3) entered disabled state
[  515.957877][T12552] veth3: entered allmulticast mode
[  515.971812][T12552] veth3: entered promiscuous mode
[  516.583946][T12555] vlan0: entered allmulticast mode
[  516.625409][T12555] veth0_to_hsr: entered allmulticast mode
[  516.641296][T12555] bridge3: port 2(vlan0) entered blocking state
[  516.656683][T12555] bridge3: port 2(vlan0) entered disabled state
[  516.675129][T12555] vlan0: entered promiscuous mode
[  516.682572][T12555] veth0_to_hsr: entered promiscuous mode
[  518.537469][   T10] usb 3-1: USB disconnect, device number 30
[  518.633269][  T976] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  518.810072][T12589] netlink: 'syz.2.1719': attribute type 1 has an invalid length.
[  518.860427][T12589] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1719'.
[  518.875064][  T976] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  518.885759][  T976] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  518.932020][  T976] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  518.966023][  T976] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.978367][  T976] usb 6-1: config 0 descriptor??
[  518.983482][T12589] netlink: 'syz.2.1719': attribute type 2 has an invalid length.
[  519.033087][T12589] netlink: 'syz.2.1719': attribute type 1 has an invalid length.
[  519.033656][  T976] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  519.169008][   T54] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  519.362793][   T54] usb 3-1: Using ep0 maxpacket: 16
[  519.372535][   T54] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  519.384375][   T54] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  519.400253][   T54] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  519.411767][   T54] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.421508][   T54] usb 3-1: Product: syz
[  519.427443][   T54] usb 3-1: Manufacturer: syz
[  519.433387][   T54] usb 3-1: SerialNumber: syz
[  519.482200][T12608] misc userio: Invalid payload size
[  519.494401][   T30] audit: type=1400 audit(1756649163.804:584): avc:  denied  { create } for  pid=12607 comm="syz.1.1725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  519.743873][T12609] overlayfs: failed to resolve './file1': -2
[  519.999878][   T54] usb 3-1: 0:2 : does not exist
[  520.018131][   T54] usb 3-1: USB disconnect, device number 31
[  522.769645][   T54] usb 6-1: USB disconnect, device number 35
[  526.586913][   T54] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  526.779481][   T54] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  526.789615][   T54] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  526.813382][   T54] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  526.833135][   T54] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.842761][   T54] usb 6-1: config 0 descriptor??
[  526.851255][   T54] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  526.886869][   T30] audit: type=1400 audit(1756649170.726:585): avc:  denied  { setopt } for  pid=12676 comm="syz.2.1745" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  526.935960][T12677] Bluetooth: MGMT ver 1.23
[  527.684634][T12684] netlink: 'syz.1.1747': attribute type 1 has an invalid length.
[  527.758217][T12684] bond0: entered promiscuous mode
[  528.007380][T12684] 8021q: adding VLAN 0 to HW filter on device bond0
[  528.015262][T12690] FAULT_INJECTION: forcing a failure.
[  528.015262][T12690] name failslab, interval 1, probability 0, space 0, times 0
[  528.027897][T12690] CPU: 1 UID: 0 PID: 12690 Comm: syz.0.1748 Not tainted syzkaller #0 PREEMPT(full) 
[  528.027912][T12690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  528.027918][T12690] Call Trace:
[  528.027922][T12690]  <TASK>
[  528.027926][T12690]  dump_stack_lvl+0x16c/0x1f0
[  528.027942][T12690]  should_fail_ex+0x512/0x640
[  528.027957][T12690]  should_failslab+0xc2/0x120
[  528.027971][T12690]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  528.027983][T12690]  ? skb_clone+0x190/0x3f0
[  528.027998][T12690]  skb_clone+0x190/0x3f0
[  528.028010][T12690]  netlink_deliver_tap+0xabd/0xd30
[  528.028026][T12690]  netlink_unicast+0x64c/0x870
[  528.028041][T12690]  ? __pfx_netlink_unicast+0x10/0x10
[  528.028054][T12690]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  528.028071][T12690]  netlink_sendmsg+0x8d1/0xdd0
[  528.028086][T12690]  ? __pfx_netlink_sendmsg+0x10/0x10
[  528.028104][T12690]  ____sys_sendmsg+0xa98/0xc70
[  528.028120][T12690]  ? copy_msghdr_from_user+0x10a/0x160
[  528.028132][T12690]  ? __pfx_____sys_sendmsg+0x10/0x10
[  528.028153][T12690]  ___sys_sendmsg+0x134/0x1d0
[  528.028166][T12690]  ? __pfx____sys_sendmsg+0x10/0x10
[  528.028194][T12690]  __sys_sendmsg+0x16d/0x220
[  528.028206][T12690]  ? __pfx___sys_sendmsg+0x10/0x10
[  528.028227][T12690]  do_syscall_64+0xcd/0x4c0
[  528.028241][T12690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.028253][T12690] RIP: 0033:0x7fefc398ebe9
[  528.028261][T12690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.028272][T12690] RSP: 002b:00007fefc47ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  528.028282][T12690] RAX: ffffffffffffffda RBX: 00007fefc3bc5fa0 RCX: 00007fefc398ebe9
[  528.028289][T12690] RDX: 00000000200488c0 RSI: 0000200000000140 RDI: 0000000000000005
[  528.028296][T12690] RBP: 00007fefc47ca090 R08: 0000000000000000 R09: 0000000000000000
[  528.028302][T12690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.028308][T12690] R13: 00007fefc3bc6038 R14: 00007fefc3bc5fa0 R15: 00007ffda28f1e88
[  528.028322][T12690]  </TASK>
[  528.269666][T12683] 8021q: adding VLAN 0 to HW filter on device bond0
[  528.282326][T12683] bond0: (slave vcan1): The slave device specified does not support setting the MAC address
[  528.293691][T12683] bond0: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  528.337640][T12683] bond0: (slave vcan1): making interface the new active one
[  528.522172][T12683] vcan1: entered promiscuous mode
[  528.534785][T12683] bond0: (slave vcan1): Enslaving as an active interface with an up link
[  528.589379][T12699] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  528.823993][T12703] netlink: 'syz.0.1754': attribute type 4 has an invalid length.
[  529.989870][T12725] NILFS (loop0): device size too small
[  530.490642][  T976] usb 6-1: USB disconnect, device number 36
[  531.365503][   T54] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  532.136593][   T54] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  532.146878][   T54] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  532.170417][   T54] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  532.180502][   T54] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  532.188492][   T54] usb 1-1: Product: syz
[  532.234248][   T54] usb 1-1: Manufacturer: syz
[  532.247868][   T54] usb 1-1: SerialNumber: syz
[  532.306431][ T5985] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  532.480169][ T5985] usb 6-1: Using ep0 maxpacket: 32
[  532.488913][ T5985] usb 6-1: too many configurations: 102, using maximum allowed: 8
[  532.649257][ T5985] usb 6-1: unable to read config index 0 descriptor/start: -61
[  532.656963][ T5985] usb 6-1: can't read configurations, error -61
[  532.683771][T12737] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  532.711101][T12737] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  532.877560][ T5985] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  532.893980][   T54] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  532.904799][   T54] usb 1-1: USB disconnect, device number 50
[  533.097575][ T5985] usb 6-1: Using ep0 maxpacket: 32
[  533.398102][ T5985] usb 6-1: too many configurations: 102, using maximum allowed: 8
[  533.407479][ T5985] usb 6-1: unable to read config index 0 descriptor/start: -61
[  533.415249][ T5985] usb 6-1: can't read configurations, error -61
[  533.422015][ T5985] usb usb6-port1: attempt power cycle
[  533.642766][   T54] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  534.001184][   T30] audit: type=1326 audit(1756649177.377:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.006050][   T54] usb 1-1: Using ep0 maxpacket: 8
[  534.032833][   T30] audit: type=1326 audit(1756649177.405:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.061660][   T54] usb 1-1: config index 0 descriptor too short (expected 301, got 72)
[  534.069927][   T54] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  534.080866][   T54] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  534.090632][   T54] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  534.101040][   T54] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  534.111578][   T54] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.117922][T12778] NILFS (loop2): device size too small
[  534.436514][   T30] audit: type=1326 audit(1756649177.405:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.460434][   T30] audit: type=1326 audit(1756649177.405:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.490588][   T54] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  534.506209][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.523959][   T30] audit: type=1326 audit(1756649177.405:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.529901][ T5985] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  534.558351][T12775] debugfs: '!' already exists in 'ieee80211'
[  534.572426][   T54] usb 1-1: can't set config #16, error -71
[  534.581007][   T54] usb 1-1: USB disconnect, device number 51
[  534.590438][   T30] audit: type=1326 audit(1756649177.405:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.818582][   T30] audit: type=1326 audit(1756649177.405:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.844172][ T5985] usb 6-1: device descriptor read/8, error -71
[  534.872089][   T30] audit: type=1326 audit(1756649177.405:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.899663][   T30] audit: type=1326 audit(1756649177.405:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  534.924938][T12787] mkiss: ax0: crc mode is auto.
[  534.935568][   T30] audit: type=1326 audit(1756649178.022:595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12769 comm="syz.1.1774" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  535.121225][T12782] bridge0: port 2(bridge_slave_1) entered disabled state
[  535.128383][T12782] bridge0: port 1(bridge_slave_0) entered disabled state
[  535.315555][T12782] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  535.330741][T12782] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  535.424754][T12782] batman_adv: batadv0: Interface deactivated: vxlan0
[  535.437593][T10672] netdevsim netdevsim0 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  535.449667][T10672] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  535.458590][T10672] netdevsim netdevsim0 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  535.469624][T10672] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  535.479166][T10672] netdevsim netdevsim0 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  535.489647][T10672] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  535.498975][T10672] netdevsim netdevsim0 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  535.509161][T10672] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  536.306516][T12806] IPv6: sit1: Disabled Multicast RS
[  537.138397][  T976] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  537.320850][  T976] usb 2-1: Using ep0 maxpacket: 16
[  537.333713][  T976] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  537.347608][  T976] usb 2-1: config 0 has no interface number 0
[  537.413864][  T976] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  537.426467][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.440874][  T976] usb 2-1: Product: syz
[  537.445124][  T976] usb 2-1: Manufacturer: syz
[  537.449851][  T976] usb 2-1: SerialNumber: syz
[  537.459744][  T976] usb 2-1: config 0 descriptor??
[  537.831063][  T976] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  538.739440][T12843] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  538.993367][T12847] batman_adv: batadv0: Adding interface: vxlan0
[  539.001370][T12847] batman_adv: batadv0: The MTU of interface vxlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  539.026953][T12847] batman_adv: batadv0: Interface activated: vxlan0
[  539.029251][   T36] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  539.045494][   T36] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  539.054443][   T36] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  539.063734][   T36] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  539.073200][T12817] netlink: 'syz.1.1787': attribute type 1 has an invalid length.
[  539.164167][T12817] 8021q: adding VLAN 0 to HW filter on device bond1
[  539.375820][T12849] bond1: (slave veth5): Enslaving as an active interface with a down link
[  539.414827][T12859] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1800'.
[  539.580454][T12817] bond1: (slave dummy0): making interface the new active one
[  539.874635][T12817] dummy0: entered promiscuous mode
[  539.886098][T12817] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  540.034892][T12873] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1803'.
[  540.457850][  T976] gspca_spca1528: reg_w err -110
[  540.462875][  T976] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110
[  540.486495][T12873] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1803'.
[  541.005906][   T30] kauditd_printk_skb: 36 callbacks suppressed
[  541.005923][   T30] audit: type=1400 audit(1756649183.513:632): avc:  denied  { mount } for  pid=12869 comm="syz.2.1804" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  541.056408][T12879] netlink: 'syz.3.1805': attribute type 12 has an invalid length.
[  541.064283][T12879] netlink: 9472 bytes leftover after parsing attributes in process `syz.3.1805'.
[  541.515012][T12889] NILFS (loop5): device size too small
[  541.871781][   T54] usb 2-1: USB disconnect, device number 33
[  542.030016][   T30] audit: type=1326 audit(1756649184.878:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.073296][   T30] audit: type=1326 audit(1756649184.878:634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.102545][   T30] audit: type=1326 audit(1756649184.878:635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.133363][   T30] audit: type=1326 audit(1756649184.878:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.157543][T12895] sysfs: cannot create duplicate filename '/class/ieee80211/!'
[  542.165192][   T30] audit: type=1326 audit(1756649184.878:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.195065][   T30] audit: type=1326 audit(1756649184.878:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.257952][   T30] audit: type=1326 audit(1756649184.878:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.300825][   T30] audit: type=1326 audit(1756649184.925:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.348754][T12895] CPU: 1 UID: 0 PID: 12895 Comm: syz.1.1810 Not tainted syzkaller #0 PREEMPT(full) 
[  542.348779][T12895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  542.348790][T12895] Call Trace:
[  542.348795][T12895]  <TASK>
[  542.348802][T12895]  dump_stack_lvl+0x16c/0x1f0
[  542.348827][T12895]  sysfs_warn_dup+0x7f/0xa0
[  542.348857][T12895]  sysfs_do_create_link_sd+0x124/0x140
[  542.348881][T12895]  sysfs_create_link+0x61/0xc0
[  542.348902][T12895]  device_add+0x62c/0x1aa0
[  542.348927][T12895]  ? __pfx_device_add+0x10/0x10
[  542.348946][T12895]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  542.348967][T12895]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  542.348999][T12895]  wiphy_register+0x1df4/0x29f0
[  542.349017][T12895]  ? netdev_run_todo+0x864/0x1320
[  542.349036][T12895]  ? __dev_printk+0x230/0x270
[  542.349057][T12895]  ? __pfx_wiphy_register+0x10/0x10
[  542.349085][T12895]  ? ieee80211_init_rate_ctrl_alg+0x125/0x6b0
[  542.349109][T12895]  ieee80211_register_hw+0x24a9/0x4060
[  542.349137][T12895]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  542.349161][T12895]  ? find_held_lock+0x2b/0x80
[  542.349182][T12895]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  542.349201][T12895]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  542.349218][T12895]  ? __hrtimer_setup+0x176/0x280
[  542.349238][T12895]  mac80211_hwsim_new_radio+0x3034/0x54d0
[  542.349274][T12895]  ? trace_kmalloc+0x2b/0xd0
[  542.349293][T12895]  ? __kmalloc_node_track_caller_noprof+0x23e/0x510
[  542.349312][T12895]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  542.349334][T12895]  ? hwsim_new_radio_nl+0xa0e/0x12c0
[  542.349358][T12895]  ? __asan_memcpy+0x3c/0x60
[  542.349385][T12895]  hwsim_new_radio_nl+0xb51/0x12c0
[  542.349412][T12895]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  542.349444][T12895]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  542.349467][T12895]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  542.349497][T12895]  genl_family_rcv_msg_doit+0x206/0x2f0
[  542.349521][T12895]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  542.349552][T12895]  ? bpf_lsm_capable+0x9/0x10
[  542.349575][T12895]  ? security_capable+0x7e/0x260
[  542.349594][T12895]  ? ns_capable+0xd7/0x110
[  542.349615][T12895]  genl_rcv_msg+0x55c/0x800
[  542.349639][T12895]  ? __pfx_genl_rcv_msg+0x10/0x10
[  542.349663][T12895]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  542.349689][T12895]  ? __lock_acquire+0x62e/0x1ce0
[  542.349717][T12895]  netlink_rcv_skb+0x155/0x420
[  542.349741][T12895]  ? __pfx_genl_rcv_msg+0x10/0x10
[  542.349766][T12895]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  542.349799][T12895]  ? netlink_deliver_tap+0x1ae/0xd30
[  542.349816][T12895]  ? selinux_netlink_send+0x578/0x830
[  542.349840][T12895]  ? is_vmalloc_addr+0x86/0xa0
[  542.349859][T12895]  genl_rcv+0x28/0x40
[  542.349879][T12895]  netlink_unicast+0x5aa/0x870
[  542.349903][T12895]  ? __pfx_netlink_unicast+0x10/0x10
[  542.349923][T12895]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  542.349949][T12895]  netlink_sendmsg+0x8d1/0xdd0
[  542.349974][T12895]  ? __pfx_netlink_sendmsg+0x10/0x10
[  542.350003][T12895]  ____sys_sendmsg+0xa98/0xc70
[  542.350026][T12895]  ? copy_msghdr_from_user+0x10a/0x160
[  542.350044][T12895]  ? __pfx_____sys_sendmsg+0x10/0x10
[  542.350078][T12895]  ___sys_sendmsg+0x134/0x1d0
[  542.350097][T12895]  ? __pfx____sys_sendmsg+0x10/0x10
[  542.350148][T12895]  __sys_sendmsg+0x16d/0x220
[  542.350168][T12895]  ? __pfx___sys_sendmsg+0x10/0x10
[  542.350199][T12895]  ? __secure_computing+0x28e/0x3b0
[  542.350232][T12895]  do_syscall_64+0xcd/0x4c0
[  542.350254][T12895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  542.350273][T12895] RIP: 0033:0x7f578298ebe9
[  542.350289][T12895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  542.350307][T12895] RSP: 002b:00007f5780bb4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  542.350326][T12895] RAX: ffffffffffffffda RBX: 00007f5782bc6180 RCX: 00007f578298ebe9
[  542.350339][T12895] RDX: 0000000000000310 RSI: 0000200000000040 RDI: 0000000000000006
[  542.350350][T12895] RBP: 00007f5782a11e19 R08: 0000000000000000 R09: 0000000000000000
[  542.350360][T12895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  542.350370][T12895] R13: 00007f5782bc6218 R14: 00007f5782bc6180 R15: 00007ffcc7b68ce8
[  542.350396][T12895]  </TASK>
[  542.793835][   T30] audit: type=1326 audit(1756649185.589:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12890 comm="syz.1.1810" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f578298ebe9 code=0x7ffc0000
[  542.877170][T12902] netlink: 'syz.5.1812': attribute type 4 has an invalid length.
[  543.334865][T12917] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1814'.
[  544.420603][T12924] netlink: 'syz.2.1819': attribute type 11 has an invalid length.
[  546.381478][T12949] binder: 12947:12949 ioctl c0306201 200000000080 returned -14
[  546.871589][   T10] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  548.300608][   T10] usb 1-1: Using ep0 maxpacket: 32
[  548.307131][   T10] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  548.317565][   T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  548.336951][   T10] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  548.384991][   T10] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  548.398737][   T10] usb 1-1: config 0 interface 0 has no altsetting 0
[  548.480267][   T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  548.489380][   T10] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  548.501567][   T10] usb 1-1: Product: syz
[  548.509180][   T10] usb 1-1: Manufacturer: syz
[  548.532266][   T10] usb 1-1: SerialNumber: syz
[  548.543940][   T10] usb 1-1: config 0 descriptor??
[  548.552531][   T10] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  548.566847][   T10] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  549.420489][   T10] usb 1-1: USB disconnect, device number 52
[  549.428743][   T10] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  549.783114][T12993] binder: 12992:12993 ioctl c0306201 200000000080 returned -14
[  550.138183][  T976] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  550.309203][  T976] usb 2-1: Using ep0 maxpacket: 16
[  550.333657][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.347999][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.362429][  T976] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  550.463097][  T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.593324][  T976] usb 2-1: config 0 descriptor??
[  550.826152][T13017] bridge1: the hash_elasticity option has been deprecated and is always 16
[  550.991385][T13021] netlink: 'syz.2.1848': attribute type 1 has an invalid length.
[  551.012931][T13021] bond0: entered promiscuous mode
[  551.018286][T13021] 8021q: adding VLAN 0 to HW filter on device bond0
[  551.029639][T13021] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=47 sclass=netlink_route_socket pid=13021 comm=syz.2.1848
[  552.150583][T13043] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  553.063610][T13049] overlayfs: failed to resolve './file1': -2
[  553.894223][T13055] binder: 13051:13055 ioctl c0306201 200000000540 returned -22
[  554.693722][T13060] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  555.115867][T13067] block nbd2: Attempted send on invalid socket
[  555.122237][T13067] I/O error, dev nbd2, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1
[  555.132247][T13067] EXT4-fs (nbd2): unable to read superblock
[  555.437334][  T976] usbhid 2-1:0.0: can't add hid device: -71
[  555.443813][  T976] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  555.457646][  T976] usb 2-1: USB disconnect, device number 34
[  555.557736][T13073] binder: 13072:13073 ioctl c0306201 200000000080 returned -14
[  555.753782][T13081] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1866'.
[  555.786281][T13081] netlink: 'syz.5.1866': attribute type 21 has an invalid length.
[  555.794777][T13081] netlink: 156 bytes leftover after parsing attributes in process `syz.5.1866'.
[  555.930694][T13085] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1869'.
[  556.832255][T13112] binder: 13109:13112 ioctl c0306201 200000000080 returned -14
[  557.003741][T10629] dummy0: left promiscuous mode
[  557.931694][  T976] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  558.100110][  T976] usb 6-1: config 0 has an invalid interface number: 160 but max is 0
[  558.111958][  T976] usb 6-1: config 0 has no interface number 0
[  558.120031][  T976] usb 6-1: config 0 interface 160 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7
[  558.152558][  T976] usb 6-1: New USB device found, idVendor=05ac, idProduct=8101, bcdDevice=9e.4e
[  558.173166][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  558.184114][  T976] usb 6-1: Product: syz
[  558.194160][  T976] usb 6-1: Manufacturer: syz
[  558.199212][  T976] usb 6-1: SerialNumber: syz
[  558.209898][  T976] usb 6-1: config 0 descriptor??
[  558.217145][  T976] usb 6-1: Found UVC 0.00 device syz (05ac:8101)
[  558.223562][  T976] usb 6-1: No valid video chain found.
[  558.556967][   T30] kauditd_printk_skb: 38 callbacks suppressed
[  558.556985][   T30] audit: type=1400 audit(1756649200.341:680): avc:  denied  { getopt } for  pid=13124 comm="syz.2.1880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  559.310285][   T54] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  559.484113][   T54] usb 1-1: config 0 has no interfaces?
[  559.492672][   T54] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  559.504668][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.527727][   T54] usb 1-1: config 0 descriptor??
[  559.749351][  T976] usb 6-1: USB disconnect, device number 41
[  559.937153][   T30] audit: type=1400 audit(1756649201.632:681): avc:  denied  { bind } for  pid=13140 comm="syz.1.1886" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  560.075156][T13150] binder: 13149:13150 ioctl c0306201 200000000080 returned -14
[  560.207109][   T54] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  560.248959][   T30] audit: type=1400 audit(1756649201.922:682): avc:  denied  { bind } for  pid=13147 comm="syz.2.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  560.495088][T13160] overlayfs: failed to resolve './file1': -2
[  560.915918][   T54] usb 2-1: config 3 has an invalid interface number: 185 but max is 2
[  560.928177][   T54] usb 2-1: config 3 contains an unexpected descriptor of type 0x2, skipping
[  560.937332][   T54] usb 2-1: config 3 has an invalid interface number: 112 but max is 2
[  560.945506][   T54] usb 2-1: config 3 has an invalid interface number: 143 but max is 2
[  560.956444][   T54] usb 2-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[  560.965589][   T54] usb 2-1: config 3 contains an unexpected descriptor of type 0x1, skipping
[  560.976751][   T54] usb 2-1: config 3 has no interface number 0
[  560.983353][   T54] usb 2-1: config 3 has no interface number 1
[  560.990890][   T54] usb 2-1: config 3 has no interface number 2
[  560.996981][   T54] usb 2-1: config 3 interface 185 altsetting 7 bulk endpoint 0x7 has invalid maxpacket 1024
[  561.007449][   T54] usb 2-1: config 3 interface 185 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.019955][   T54] usb 2-1: config 3 interface 185 altsetting 7 endpoint 0x8 has invalid maxpacket 512, setting to 64
[  561.034399][   T54] usb 2-1: config 3 interface 185 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.051379][   T54] usb 2-1: config 3 interface 185 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.066218][   T54] usb 2-1: config 3 interface 185 altsetting 7 has a duplicate endpoint with address 0xF, skipping
[  561.077255][   T54] usb 2-1: config 3 interface 112 altsetting 7 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  561.091551][   T54] usb 2-1: config 3 interface 112 altsetting 7 has a duplicate endpoint with address 0x8F, skipping
[  561.105659][   T54] usb 2-1: config 3 interface 112 altsetting 7 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  561.121588][   T54] usb 2-1: config 3 interface 112 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.184707][   T54] usb 2-1: config 3 interface 112 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.195812][   T54] usb 2-1: config 3 interface 112 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.208526][   T54] usb 2-1: config 3 interface 112 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.219391][   T54] usb 2-1: config 3 interface 112 altsetting 7 has a duplicate endpoint with address 0x6, skipping
[  561.232560][   T54] usb 2-1: config 3 interface 112 altsetting 7 bulk endpoint 0x1 has invalid maxpacket 8
[  561.244352][   T54] usb 2-1: config 3 interface 112 altsetting 7 has 9 endpoint descriptors, different from the interface descriptor's value: 10
[  561.264077][   T54] usb 2-1: config 3 interface 143 altsetting 7 endpoint 0xC has an invalid bInterval 95, changing to 10
[  561.284653][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  561.297366][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0xF, skipping
[  561.317018][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0xA, skipping
[  561.329601][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x5, skipping
[  561.346605][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  561.359891][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x2, skipping
[  561.375862][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x8, skipping
[  561.389859][   T54] usb 2-1: config 3 interface 143 altsetting 7 has an invalid descriptor for endpoint zero, skipping
[  561.405797][   T54] usb 2-1: config 3 interface 143 altsetting 7 endpoint 0xB has an invalid bInterval 78, changing to 10
[  561.407318][   T30] audit: type=1400 audit(1756649203.007:683): avc:  denied  { firmware_load } for  pid=13163 comm="syz.3.1891" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  561.451234][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0xA, skipping
[  561.467424][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x3, skipping
[  561.515979][   T54] usb 2-1: config 3 interface 143 altsetting 7 has a duplicate endpoint with address 0x1, skipping
[  561.528189][T13164] syz.3.1891 (13164) used greatest stack depth: 19384 bytes left
[  561.533972][   T54] usb 2-1: config 3 interface 185 has no altsetting 0
[  561.543771][   T54] usb 2-1: config 3 interface 112 has no altsetting 0
[  561.551892][   T54] usb 2-1: config 3 interface 143 has no altsetting 0
[  561.565170][   T54] usb 2-1: New USB device found, idVendor=1608, idProduct=020c, bcdDevice=cd.94
[  561.578046][   T54] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.586758][   T54] usb 2-1: Product: 墏㏪㬟믷ﭥǝ薎ょ뤋⛲믡趻仁醞Ỡ鰁즞땹콰襄웒銄ꃫ䀣謒衰棧죆릡ᛅ柂隷둬쿲䎜髲傀ꊆ肇魿腦⧴韝厨앿Չ鷀潣⯇⍸짋腁୎蔮횔ᐝ䕗阾飽൑ﵸ쟡턜쉗껁癔蔭繍⧤ᑮᅊ魣뗀◢えꮶ韗ᕆ綵럄꽬燃㊂愧≥褫䑋覅潺燍겗
[  561.618724][   T54] usb 2-1: Manufacturer: Л洴ᘑ梵ᚰ䞚ୖ벅鉯콖鑊쪔䄲璘䑇妤㓔⨛岾퇯囑쀻ܺ䮷뺪⏭뭙襌뛢⪈麺렮罟햧⼯챞㭶ຽ
[  561.635929][   T54] usb 2-1: SerialNumber: й
[  561.642425][T13141] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  561.649769][T13141] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  561.864366][T13171] netlink: 'syz.2.1894': attribute type 4 has an invalid length.
[  561.926178][T13176] Set syz0 is full, maxelem 0 reached
[  561.932536][   T54] io_ti 2-1:3.185: required endpoints missing
[  561.986317][   T54] io_ti 2-1:3.112: required endpoints missing
[  562.078637][   T54] io_ti 2-1:3.143: required endpoints missing
[  562.096486][   T54] usb 2-1: USB disconnect, device number 35
[  562.301546][  T976] usb 1-1: USB disconnect, device number 53
[  562.740224][T13184] binder: 13183:13184 ioctl c0306201 200000000080 returned -14
[  563.373356][T13202] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1905'.
[  563.460971][T13206] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1907'.
[  563.470361][T13206] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1907'.
[  563.511427][   T54] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  563.693289][  T976] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  563.696300][   T54] usb 2-1: Using ep0 maxpacket: 16
[  563.707617][   T54] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  563.718607][   T54] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  563.728485][   T54] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  563.739556][   T54] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  563.750907][   T54] usb 2-1: config 0 descriptor??
[  563.854592][  T976] usb 6-1: Using ep0 maxpacket: 8
[  563.861086][  T976] usb 6-1: config 162 has an invalid interface number: 197 but max is 0
[  563.872804][  T976] usb 6-1: config 162 has no interface number 0
[  563.879853][  T976] usb 6-1: config 162 interface 197 has no altsetting 0
[  563.892293][  T976] usb 6-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7
[  563.901456][  T976] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.913415][  T976] usb 6-1: Product: syz
[  563.918633][  T976] usb 6-1: Manufacturer: syz
[  563.924780][  T976] usb 6-1: SerialNumber: syz
[  564.162898][  T976] usb 6-1: USB disconnect, device number 42
[  564.190219][   T54] hid (null): unknown global tag 0x9c
[  564.205034][   T54] hid (null): unknown global tag 0xc
[  564.212533][   T54] hid (null): unknown global tag 0xd
[  564.218032][   T54] hid (null): unknown global tag 0xc
[  564.223780][   T54] hid (null): unknown global tag 0xe
[  564.229310][   T54] hid (null): unknown global tag 0xe9
[  564.235072][   T54] hid (null): global environment stack underflow
[  564.241433][   T54] hid (null): unknown global tag 0xc
[  564.248206][   T54] hid (null): invalid report_size 39531
[  564.253956][   T54] hid (null): invalid report_count 16579
[  564.262613][   T54] hid (null): unknown global tag 0xe
[  564.267918][   T54] hid (null): unknown global tag 0xe
[  564.273289][   T54] hid (null): unknown global tag 0x4c
[  564.406383][   T54] usb 2-1: string descriptor 0 read error: -71
[  564.441578][   T54] usb 2-1: Max retries (5) exceeded reading string descriptor 200
[  564.449597][   T54] letsketch 0003:6161:4D15.0009: probe with driver letsketch failed with error -32
[  564.466412][   T54] usb 2-1: USB disconnect, device number 36
[  564.633842][ T5985] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  564.806497][ T5985] usb 1-1: Using ep0 maxpacket: 16
[  564.819324][ T5985] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  564.828172][ T5985] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  564.838324][ T5985] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  564.851576][ T5985] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  564.860693][ T5985] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  564.870399][ T5985] usb 1-1: Product: syz
[  564.874535][ T5985] usb 1-1: Manufacturer: syz
[  564.879100][ T5985] usb 1-1: SerialNumber: syz
[  565.160954][T13241] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  566.141603][T13241] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  566.479926][ T5985] usb 1-1: 0:2 : does not exist
[  566.495480][ T5985] usb 1-1: 1:0: failed to get current value for ch 0 (-22)
[  566.559306][ T5985] usb 1-1: USB disconnect, device number 54
[  566.633027][T13251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1919'.
[  566.747128][T13257] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1922'.
[  567.387272][   T30] audit: type=1400 audit(1756649208.592:684): avc:  denied  { setopt } for  pid=13255 comm="syz.1.1923" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  568.466025][T13287] bridge_slave_0: left allmulticast mode
[  568.475241][T13287] bridge_slave_0: left promiscuous mode
[  568.484314][T13287] bridge0: port 1(bridge_slave_0) entered disabled state
[  568.837907][T13287] bridge_slave_1: left allmulticast mode
[  568.846245][T13287] bridge_slave_1: left promiscuous mode
[  568.863968][T13287] bridge0: port 2(bridge_slave_1) entered disabled state
[  568.929769][T13287] batman_adv: batadv0: Removing interface: batadv_slave_0
[  568.971844][T13289] netlink: 'syz.0.1929': attribute type 10 has an invalid length.
[  568.997041][T13287] batman_adv: batadv0: Removing interface: batadv_slave_1
[  569.044026][T13287] batman_adv: batadv0: Removing interface: vxlan0
[  569.062104][T13287] veth3: left allmulticast mode
[  569.067493][T13287] veth3: left promiscuous mode
[  569.080337][T13287] bridge3: port 1(veth3) entered disabled state
[  569.193142][T13287] vlan0: left promiscuous mode
[  569.200035][T13287] veth0_to_hsr: left promiscuous mode
[  569.207246][T13287] bridge3: port 2(vlan0) entered disabled state
[  573.295381][T13363] FAULT_INJECTION: forcing a failure.
[  573.295381][T13363] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  573.308477][T13363] CPU: 1 UID: 0 PID: 13363 Comm: syz.0.1949 Not tainted syzkaller #0 PREEMPT(full) 
[  573.308500][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  573.308510][T13363] Call Trace:
[  573.308522][T13363]  <TASK>
[  573.308529][T13363]  dump_stack_lvl+0x16c/0x1f0
[  573.308554][T13363]  should_fail_ex+0x512/0x640
[  573.308578][T13363]  _copy_from_user+0x2e/0xd0
[  573.308602][T13363]  move_addr_to_kernel+0x65/0x170
[  573.308629][T13363]  __sys_bind+0x11b/0x260
[  573.308655][T13363]  ? __pfx___sys_bind+0x10/0x10
[  573.308678][T13363]  ? __fget_files+0x20e/0x3c0
[  573.308713][T13363]  __x64_sys_bind+0x72/0xb0
[  573.308737][T13363]  ? lockdep_hardirqs_on+0x7c/0x110
[  573.308757][T13363]  do_syscall_64+0xcd/0x4c0
[  573.308779][T13363]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  573.308797][T13363] RIP: 0033:0x7fefc398ebe9
[  573.308811][T13363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  573.308828][T13363] RSP: 002b:00007fefc4788038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[  573.308846][T13363] RAX: ffffffffffffffda RBX: 00007fefc3bc6180 RCX: 00007fefc398ebe9
[  573.308857][T13363] RDX: 0000000000000048 RSI: 0000200000000100 RDI: 000000000000000d
[  573.308868][T13363] RBP: 00007fefc4788090 R08: 0000000000000000 R09: 0000000000000000
[  573.308878][T13363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  573.308888][T13363] R13: 00007fefc3bc6218 R14: 00007fefc3bc6180 R15: 00007ffda28f1e88
[  573.308911][T13363]  </TASK>
[  574.195824][T13368] FAULT_INJECTION: forcing a failure.
[  574.195824][T13368] name failslab, interval 1, probability 0, space 0, times 0
[  574.254300][T13368] CPU: 0 UID: 0 PID: 13368 Comm: syz.5.1952 Not tainted syzkaller #0 PREEMPT(full) 
[  574.254327][T13368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  574.254338][T13368] Call Trace:
[  574.254344][T13368]  <TASK>
[  574.254351][T13368]  dump_stack_lvl+0x16c/0x1f0
[  574.254375][T13368]  should_fail_ex+0x512/0x640
[  574.254394][T13368]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  574.254416][T13368]  should_failslab+0xc2/0x120
[  574.254437][T13368]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  574.254455][T13368]  ? __alloc_skb+0x2b2/0x380
[  574.254476][T13368]  __alloc_skb+0x2b2/0x380
[  574.254493][T13368]  ? __pfx___alloc_skb+0x10/0x10
[  574.254520][T13368]  alloc_skb_with_frags+0xe0/0x860
[  574.254548][T13368]  sock_alloc_send_pskb+0x7fb/0x990
[  574.254565][T13368]  ? avc_has_perm_noaudit+0x117/0x3b0
[  574.254591][T13368]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  574.254607][T13368]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  574.254630][T13368]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  574.254653][T13368]  ? __pfx_avc_has_perm+0x10/0x10
[  574.254678][T13368]  unix_dgram_sendmsg+0x3e9/0x17f0
[  574.254703][T13368]  ? __pfx_sock_has_perm+0x10/0x10
[  574.254726][T13368]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  574.254759][T13368]  ? __import_iovec+0x1dd/0x650
[  574.254782][T13368]  ? __might_fault+0xe3/0x190
[  574.254798][T13368]  ? __might_fault+0x13b/0x190
[  574.254819][T13368]  unix_seqpacket_sendmsg+0x12a/0x1c0
[  574.254843][T13368]  ____sys_sendmsg+0xa98/0xc70
[  574.254868][T13368]  ? copy_msghdr_from_user+0x10a/0x160
[  574.254887][T13368]  ? __pfx_____sys_sendmsg+0x10/0x10
[  574.254920][T13368]  ? __pfx__kstrtoull+0x10/0x10
[  574.254941][T13368]  ___sys_sendmsg+0x134/0x1d0
[  574.254961][T13368]  ? __pfx____sys_sendmsg+0x10/0x10
[  574.254993][T13368]  ? find_held_lock+0x2b/0x80
[  574.255031][T13368]  __sys_sendmmsg+0x200/0x420
[  574.255053][T13368]  ? __pfx___sys_sendmmsg+0x10/0x10
[  574.255080][T13368]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  574.255111][T13368]  ? fput+0x9b/0xd0
[  574.255134][T13368]  ? ksys_write+0x1ac/0x250
[  574.255153][T13368]  ? __pfx_ksys_write+0x10/0x10
[  574.255175][T13368]  __x64_sys_sendmmsg+0x9c/0x100
[  574.255193][T13368]  ? lockdep_hardirqs_on+0x7c/0x110
[  574.255212][T13368]  do_syscall_64+0xcd/0x4c0
[  574.255234][T13368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  574.255257][T13368] RIP: 0033:0x7f4ef3f8ebe9
[  574.255271][T13368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  574.255287][T13368] RSP: 002b:00007f4ef4daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  574.255303][T13368] RAX: ffffffffffffffda RBX: 00007f4ef41c5fa0 RCX: 00007f4ef3f8ebe9
[  574.255315][T13368] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003
[  574.255326][T13368] RBP: 00007f4ef4daf090 R08: 0000000000000000 R09: 0000000000000000
[  574.255339][T13368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  574.255349][T13368] R13: 00007f4ef41c6038 R14: 00007f4ef41c5fa0 R15: 00007ffd7f9f0458
[  574.255372][T13368]  </TASK>
[  576.142690][T13399] binder: 13397:13399 ioctl c0306201 200000000080 returned -14
[  576.193567][T13399] binder: 13397:13399 ioctl c0306201 0 returned -14
[  576.604153][T13405] NILFS (loop1): device size too small
[  578.328034][   T30] audit: type=1400 audit(1756649218.846:685): avc:  denied  { mount } for  pid=13419 comm="syz.1.1967" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  578.418992][   T30] audit: type=1400 audit(1756649218.920:686): avc:  denied  { unmount } for  pid=5855 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  579.604013][   T30] audit: type=1800 audit(1756649220.015:687): pid=13442 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1973" name="bus" dev="ramfs" ino=50026 res=0 errno=0
[  579.768910][T13454] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1977'.
[  580.098702][   T30] audit: type=1400 audit(1756649220.473:688): avc:  denied  { nlmsg_read } for  pid=13451 comm="syz.0.1976" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  580.389831][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  580.396127][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  581.470987][T13479] netlink: 'syz.5.1986': attribute type 10 has an invalid length.
[  581.479493][T13481] binder: 13480:13481 ioctl c0306201 200000000080 returned -14
[  581.487339][T13479] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1986'.
[  581.661571][   T54] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  581.918405][   T54] usb 3-1: Using ep0 maxpacket: 8
[  581.942206][   T54] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  581.952228][   T54] usb 3-1: config 179 has no interface number 0
[  581.958511][   T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  581.970687][   T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  582.014223][   T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  582.027287][   T54] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  582.039258][   T54] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  582.075517][   T54] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  582.094082][   T54] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  582.124352][T13473] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  584.443651][   T10] usb 3-1: USB disconnect, device number 32
[  584.443696][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  584.458626][    C1] dummy_hcd dummy_hcd.2: timer fired with no URBs pending?
[  584.465863][T13522] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1997'.
[  584.661029][   T30] audit: type=1400 audit(1756649224.758:689): avc:  denied  { watch } for  pid=13527 comm="syz.1.2000" path="/proc/1526/fdinfo" dev="proc" ino=50700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  584.703296][   T30] audit: type=1400 audit(1756649224.805:690): avc:  denied  { audit_control } for  pid=13527 comm="syz.1.2000" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  584.729419][   T54] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  585.103423][   T54] usb 1-1: Using ep0 maxpacket: 8
[  585.146137][   T54] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  585.362223][   T54] usb 1-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00
[  585.371874][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.384636][   T54] usb 1-1: config 0 descriptor??
[  585.510034][ T5985] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  585.683564][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  585.694542][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  585.704304][ T5985] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  585.718075][ T5985] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  585.727141][ T5985] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  585.737252][ T5985] usb 3-1: config 0 descriptor??
[  585.819645][ T5996] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  585.964739][T13533] netlink: 'syz.2.2002': attribute type 8 has an invalid length.
[  585.996506][ T5996] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  586.007679][ T5996] usb 6-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  586.023596][ T5996] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  586.033062][ T5996] usb 6-1: config 0 descriptor??
[  586.043027][T13522] netlink: 'syz.0.1997': attribute type 21 has an invalid length.
[  586.050944][T13522] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1997'.
[  586.060660][T13522] netlink: 'syz.0.1997': attribute type 4 has an invalid length.
[  586.068643][T13522] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1997'.
[  586.083347][T13522] batadv2: entered promiscuous mode
[  586.090803][T13522] 8021q: adding VLAN 0 to HW filter on device batadv2
[  586.203330][ T5985] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[  586.228067][ T5985] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  586.254886][T13538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.264951][T13538] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.566819][ T5996] logitech-djreceiver 0003:046D:C52F.000B: item fetching failed at offset 0/6
[  586.587091][ T5996] logitech-djreceiver 0003:046D:C52F.000B: logi_dj_probe: parse failed
[  586.599943][ T5996] logitech-djreceiver 0003:046D:C52F.000B: probe with driver logitech-djreceiver failed with error -22
[  586.754612][ T5996] usb 3-1: USB disconnect, device number 33
[  587.092907][T13561] NILFS (loop1): device size too small
[  587.462595][   T54] usbhid 1-1:0.0: can't add hid device: -71
[  587.469781][   T54] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  587.484203][   T54] usb 1-1: USB disconnect, device number 55
[  587.510464][T13563] netlink: 'syz.0.2011': attribute type 11 has an invalid length.
[  587.868675][T13571] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2015'.
[  588.010922][   T54] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  589.315030][T13581] tipc: Started in network mode
[  589.319918][T13581] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  589.329090][T13581] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  589.421175][   T54] usb 1-1: device descriptor read/64, error -71
[  589.713408][   T54] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  589.732519][T13588] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2018'.
[  589.740206][T13591] 9pnet_fd: Insufficient options for proto=fd
[  589.741373][T13588] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2018'.
[  589.863153][   T54] usb 1-1: device descriptor read/64, error -71
[  589.988652][   T54] usb usb1-port1: attempt power cycle
[  590.736621][   T54] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  590.812693][   T54] usb 1-1: device descriptor read/8, error -71
[  591.249377][T13609] netlink: 292 bytes leftover after parsing attributes in process `syz.0.2025'.
[  591.461711][T13608] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2023'.
[  591.808022][T13617] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2026'.
[  591.816990][T13617] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2026'.
[  592.188129][T13618] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2027'.
[  593.306147][   T30] audit: type=1400 audit(1756649232.850:691): avc:  denied  { mount } for  pid=13642 comm="syz.0.2036" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  593.558576][   T54] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  593.740402][   T54] usb 1-1: Using ep0 maxpacket: 8
[  593.898128][   T54] usb 1-1: config 0 has an invalid descriptor of length 34, skipping remainder of the config
[  593.967531][   T54] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  593.988292][   T54] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00
[  593.998351][   T54] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.021715][   T54] usb 1-1: config 0 descriptor??
[  594.033659][   T54] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  594.062327][T13648] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2038'.
[  594.094429][T13648] netem: change failed
[  594.114932][T13648] /dev/nullb0: Can't lookup blockdev
[  595.062464][   T30] audit: type=1400 audit(1756649234.497:692): avc:  denied  { map } for  pid=13657 comm="syz.3.2043" path="socket:[51151]" dev="sockfs" ino=51151 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  595.282747][T13670] qrtr: Invalid version 0
[  596.519527][  T976] usb 1-1: USB disconnect, device number 60
[  596.755271][   T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  598.092618][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  598.099274][   T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=3264, bcdDevice= 0.00
[  598.110301][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  598.123772][   T10] usb 3-1: config 0 descriptor??
[  598.520019][T13691] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2046'.
[  598.597233][T13691] batman_adv: batadv0: Removing interface: batadv_slave_0
[  598.677902][T13691] batman_adv: batadv0: Removing interface: batadv_slave_1
[  598.978110][   T54] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  599.037501][T13691] batman_adv: batadv0: Interface deactivated: vxlan0
[  599.052782][T13691] batman_adv: batadv0: Removing interface: vxlan0
[  599.117097][   T54] usb 2-1: device descriptor read/64, error -71
[  599.394862][   T54] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  599.533824][   T54] usb 2-1: device descriptor read/64, error -71
[  599.655579][   T54] usb usb2-port1: attempt power cycle
[  599.871034][T13699] 9pnet_fd: Insufficient options for proto=fd
[  600.014857][   T54] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  600.036695][   T54] usb 2-1: device descriptor read/8, error -71
[  600.295558][   T54] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  600.326935][   T54] usb 2-1: device descriptor read/8, error -71
[  600.453358][   T54] usb usb2-port1: unable to enumerate USB device
[  600.805980][   T10] usbhid 3-1:0.0: can't add hid device: -71
[  600.811983][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  600.822447][   T10] usb 3-1: USB disconnect, device number 34
[  601.922181][T13722] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2056'.
[  601.931275][T13722] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2056'.
[  606.172678][T13774] bridge0: entered promiscuous mode
[  606.190097][T13774] 8021q: adding VLAN 0 to HW filter on device team0
[  606.259782][   T30] audit: type=1400 audit(1756649244.769:693): avc:  denied  { mounton } for  pid=13770 comm="syz.5.2072" path="/dev/binderfs" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  606.405548][   T30] audit: type=1326 audit(1756649245.106:694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  606.431449][T13774] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  606.489299][   T30] audit: type=1326 audit(1756649245.106:695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  606.554598][T13773] pim6reg: entered allmulticast mode
[  606.602867][   T30] audit: type=1326 audit(1756649245.171:696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=28 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  606.670487][T13773] pim6reg: left allmulticast mode
[  606.677513][   T30] audit: type=1326 audit(1756649245.171:697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  606.722338][   T30] audit: type=1326 audit(1756649245.171:698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  606.808404][   T30] audit: type=1326 audit(1756649245.480:699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13736 comm="syz.3.2063" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f69f978ebe9 code=0x7ffc0000
[  607.854462][T13796] NILFS (loop0): device size too small
[  608.261659][T13798] binder: 13797:13798 ioctl c0306201 200000000080 returned -14
[  608.546009][T13804] overlayfs: failed to resolve './file1': -2
[  608.919034][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  608.992741][T13810] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2083'.
[  609.082808][   T10] usb 2-1: Using ep0 maxpacket: 16
[  609.089621][   T10] usb 2-1: config 202 has an invalid descriptor of length 38, skipping remainder of the config
[  609.105508][   T10] usb 2-1: config 202 has 0 interfaces, different from the descriptor's value: 1
[  609.114906][   T10] usb 2-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  609.127613][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  609.279351][T13814] overlayfs: failed to clone upperpath
[  609.314583][  T976] usb 1-1: new full-speed USB device number 61 using dummy_hcd
[  609.646779][  T976] usb 1-1: unable to get BOS descriptor or descriptor too short
[  609.655054][  T976] usb 1-1: not running at top speed; connect to a high speed hub
[  609.666410][  T976] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  609.677311][  T976] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  609.692672][  T976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  609.703116][  T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  609.720792][  T976] usb 1-1: Product: syz
[  609.730402][  T976] usb 1-1: SerialNumber: syz
[  609.738804][T13812] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  609.954132][T13825] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2088'.
[  609.992444][   T30] audit: type=1400 audit(1756649248.464:700): avc:  denied  { read } for  pid=13811 comm="syz.0.2084" name="loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  610.017711][   T30] audit: type=1400 audit(1756649248.464:701): avc:  denied  { open } for  pid=13811 comm="syz.0.2084" path="/dev/loop-control" dev="devtmpfs" ino=646 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  610.068684][   T30] audit: type=1400 audit(1756649248.511:702): avc:  denied  { ioctl } for  pid=13811 comm="syz.0.2084" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c81 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  610.304097][  T976] cdc_ncm 1-1:1.0: bind() failure
[  610.311754][  T976] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found
[  610.318640][  T976] cdc_ncm 1-1:1.1: bind() failure
[  610.326271][  T976] usb 1-1: USB disconnect, device number 61
[  610.564247][   T10] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  610.907268][   T10] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  610.916328][   T10] usb 3-1: config 0 has no interface number 0
[  610.926019][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  610.939340][   T10] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  610.949246][   T10] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  610.988059][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  611.006100][   T10] usb 3-1: config 0 descriptor??
[  611.352166][T13851] overlayfs: failed to resolve './file1': -2
[  612.282146][   T10] input: HID 04d9:a055 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:04D9:A055.000C/input/input20
[  612.374265][   T10] holtek_kbd 0003:04D9:A055.000C: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.2-1/input1
[  612.405980][   T10] usb 2-1: USB disconnect, device number 41
[  613.205332][    C1] ------------[ cut here ]------------
[  613.211130][    C1] ODEBUG: free active (active state 0) object: ffff888055257490 object type: timer_list hint: rose_t0timer_expiry+0x0/0x150
[  613.224427][    C1] WARNING: CPU: 1 PID: 13833 at lib/debugobjects.c:612 debug_print_object+0x1a2/0x2b0
[  613.234003][    C1] Modules linked in:
[  613.238058][    C1] CPU: 1 UID: 0 PID: 13833 Comm: syz.2.2090 Not tainted syzkaller #0 PREEMPT(full) 
[  613.247423][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.257486][    C1] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  613.263296][    C1] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 60 3a 16 8c 4c 89 e6 48 c7 c7 e0 2e 16 8c e8 8f 6c 8f fc 90 <0f> 0b 90 90 58 83 05 26 bf c0 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  613.282909][    C1] RSP: 0018:ffffc90000a08a28 EFLAGS: 00010286
[  613.288964][    C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a3358
[  613.296944][    C1] RDX: ffff888035928000 RSI: ffffffff817a3365 RDI: 0000000000000001
[  613.304926][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  613.312897][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8c163580
[  613.320853][    C1] R13: ffffffff8bafed40 R14: ffffffff8a817c30 R15: ffffc90000a08b28
[  613.328824][    C1] FS:  00007f491857f6c0(0000) GS:ffff8881247b8000(0000) knlGS:0000000000000000
[  613.337737][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  613.344305][    C1] CR2: 0000200000020000 CR3: 000000007d0e4000 CR4: 00000000003526f0
[  613.352257][    C1] Call Trace:
[  613.355517][    C1]  <IRQ>
[  613.358346][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  613.363961][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  613.369756][    C1]  debug_check_no_obj_freed+0x4b7/0x600
[  613.375281][    C1]  ? look_up_lock_class+0x59/0x150
[  613.380394][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  613.386441][    C1]  kfree+0x28f/0x4d0
[  613.390318][    C1]  ? lock_acquire+0x179/0x350
[  613.394969][    C1]  ? rose_timer_expiry+0x53f/0x630
[  613.400068][    C1]  rose_timer_expiry+0x53f/0x630
[  613.404980][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  613.410420][    C1]  call_timer_fn+0x197/0x620
[  613.414986][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  613.420085][    C1]  ? mark_held_locks+0x49/0x80
[  613.424824][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  613.430268][    C1]  __run_timers+0x6ef/0x960
[  613.434749][    C1]  ? __pfx___run_timers+0x10/0x10
[  613.439756][    C1]  run_timer_base+0x114/0x190
[  613.444427][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  613.449602][    C1]  run_timer_softirq+0x1a/0x40
[  613.454349][    C1]  handle_softirqs+0x216/0x8e0
[  613.459089][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  613.464356][    C1]  __irq_exit_rcu+0x109/0x170
[  613.469005][    C1]  irq_exit_rcu+0x9/0x30
[  613.473228][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  613.478838][    C1]  </IRQ>
[  613.481743][    C1]  <TASK>
[  613.484657][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  613.490615][    C1] RIP: 0010:__kasan_check_read+0xa/0x20
[  613.496143][    C1] Code: c7 c7 b0 f5 c9 8d 5b 5d 41 5c e9 91 4b 78 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 89 f6 <31> d2 e9 5f f0 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[  613.515729][    C1] RSP: 0018:ffffc90016767818 EFLAGS: 00000283
[  613.521764][    C1] RAX: ffffea0001270dc0 RBX: ffffea0001270dc0 RCX: ffffffff82096030
[  613.529714][    C1] RDX: 0000000000080000 RSI: 0000000000000008 RDI: ffffea0001270dc0
[  613.537666][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  613.545608][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  613.553555][    C1] R13: ffffea0001270dc0 R14: ffffc90016767998 R15: 0000000000000000
[  613.561510][    C1]  ? do_pte_missing+0x22c0/0x3ba0
[  613.566512][    C1]  do_pte_missing+0x22c0/0x3ba0
[  613.571345][    C1]  ? find_held_lock+0x2b/0x80
[  613.576008][    C1]  __handle_mm_fault+0x152a/0x2a50
[  613.581104][    C1]  ? mt_find+0x3ef/0xa30
[  613.585319][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  613.590758][    C1]  ? __pfx_mt_find+0x10/0x10
[  613.595327][    C1]  ? find_vma+0xbf/0x140
[  613.599540][    C1]  ? __pfx_find_vma+0x10/0x10
[  613.604197][    C1]  handle_mm_fault+0x589/0xd10
[  613.608939][    C1]  ? __bpf_trace_exceptions+0x1/0x40
[  613.614210][    C1]  do_user_addr_fault+0x7a6/0x1370
[  613.619292][    C1]  ? rcu_is_watching+0x12/0xc0
[  613.624039][    C1]  exc_page_fault+0x5c/0xb0
[  613.628525][    C1]  asm_exc_page_fault+0x26/0x30
[  613.633355][    C1] RIP: 0010:rep_movs_alternative+0x33/0x90
[  613.639134][    C1] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  613.658727][    C1] RSP: 0018:ffffc90016767c38 EFLAGS: 00050246
[  613.664768][    C1] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
[  613.672725][    C1] RDX: fffff52002cecf97 RSI: ffffc90016767cb0 RDI: 0000200000020000
[  613.680684][    C1] RBP: 0000200000020000 R08: 0000000000000000 R09: fffff52002cecf96
[  613.688636][    C1] R10: ffffc90016767cb7 R11: 0000000000000000 R12: ffffc90016767cb0
[  613.696581][    C1] R13: 0000200000020008 R14: 00007ffffffff000 R15: 0000000000000000
[  613.704550][    C1]  _copy_to_user+0xbb/0xd0
[  613.708954][    C1]  msr_read+0x14e/0x250
[  613.713084][    C1]  ? __pfx_msr_read+0x10/0x10
[  613.717739][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[  613.723094][    C1]  ? security_file_permission+0x71/0x210
[  613.728706][    C1]  ? rw_verify_area+0xcf/0x6c0
[  613.733453][    C1]  ? __pfx_msr_read+0x10/0x10
[  613.738111][    C1]  vfs_read+0x1e4/0xcf0
[  613.742247][    C1]  ? __pfx_vfs_read+0x10/0x10
[  613.746893][    C1]  ? find_held_lock+0x2b/0x80
[  613.751551][    C1]  ? __fget_files+0x204/0x3c0
[  613.756207][    C1]  ? __fget_files+0x20e/0x3c0
[  613.760865][    C1]  ksys_read+0x12a/0x250
[  613.765087][    C1]  ? __pfx_ksys_read+0x10/0x10
[  613.769824][    C1]  do_syscall_64+0xcd/0x4c0
[  613.774312][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.780174][    C1] RIP: 0033:0x7f491778ebe9
[  613.784565][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.804149][    C1] RSP: 002b:00007f491857f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  613.812532][    C1] RAX: ffffffffffffffda RBX: 00007f49179c5fa0 RCX: 00007f491778ebe9
[  613.820486][    C1] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000004
[  613.828438][    C1] RBP: 00007f4917811e19 R08: 0000000000000000 R09: 0000000000000000
[  613.836389][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  613.844329][    C1] R13: 00007f49179c6038 R14: 00007f49179c5fa0 R15: 00007ffee1644aa8
[  613.852289][    C1]  </TASK>
[  613.855283][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  613.862530][    C1] CPU: 1 UID: 0 PID: 13833 Comm: syz.2.2090 Not tainted syzkaller #0 PREEMPT(full) 
[  613.871866][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  613.881888][    C1] Call Trace:
[  613.885139][    C1]  <IRQ>
[  613.887955][    C1]  dump_stack_lvl+0x3d/0x1f0
[  613.892528][    C1]  vpanic+0x6e8/0x7a0
[  613.896484][    C1]  ? __pfx_vpanic+0x10/0x10
[  613.900978][    C1]  ? debug_print_object+0x1a2/0x2b0
[  613.906149][    C1]  panic+0xca/0xd0
[  613.909845][    C1]  ? __pfx_panic+0x10/0x10
[  613.914242][    C1]  ? check_panic_on_warn+0x1f/0xb0
[  613.919322][    C1]  check_panic_on_warn+0xab/0xb0
[  613.924234][    C1]  __warn+0xf6/0x3c0
[  613.928107][    C1]  ? debug_print_object+0x1a2/0x2b0
[  613.933277][    C1]  report_bug+0x3c3/0x580
[  613.937576][    C1]  ? debug_print_object+0x1a2/0x2b0
[  613.942748][    C1]  handle_bug+0x184/0x210
[  613.947051][    C1]  exc_invalid_op+0x17/0x50
[  613.951524][    C1]  asm_exc_invalid_op+0x1a/0x20
[  613.956342][    C1] RIP: 0010:debug_print_object+0x1a2/0x2b0
[  613.962122][    C1] Code: fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 54 41 56 48 8b 14 dd 60 3a 16 8c 4c 89 e6 48 c7 c7 e0 2e 16 8c e8 8f 6c 8f fc 90 <0f> 0b 90 90 58 83 05 26 bf c0 0b 01 48 83 c4 18 5b 5d 41 5c 41 5d
[  613.981697][    C1] RSP: 0018:ffffc90000a08a28 EFLAGS: 00010286
[  613.987733][    C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: ffffffff817a3358
[  613.995675][    C1] RDX: ffff888035928000 RSI: ffffffff817a3365 RDI: 0000000000000001
[  614.003614][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  614.011551][    C1] R10: 0000000000000000 R11: 0000000000000001 R12: ffffffff8c163580
[  614.019502][    C1] R13: ffffffff8bafed40 R14: ffffffff8a817c30 R15: ffffc90000a08b28
[  614.027445][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  614.033052][    C1]  ? __warn_printk+0x198/0x350
[  614.037788][    C1]  ? __warn_printk+0x1a5/0x350
[  614.042530][    C1]  ? debug_print_object+0x1a1/0x2b0
[  614.047699][    C1]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  614.053302][    C1]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  614.059087][    C1]  debug_check_no_obj_freed+0x4b7/0x600
[  614.064615][    C1]  ? look_up_lock_class+0x59/0x150
[  614.069704][    C1]  ? __pfx_debug_check_no_obj_freed+0x10/0x10
[  614.075751][    C1]  kfree+0x28f/0x4d0
[  614.079620][    C1]  ? lock_acquire+0x179/0x350
[  614.084269][    C1]  ? rose_timer_expiry+0x53f/0x630
[  614.089357][    C1]  rose_timer_expiry+0x53f/0x630
[  614.094268][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  614.099700][    C1]  call_timer_fn+0x197/0x620
[  614.104268][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  614.109360][    C1]  ? mark_held_locks+0x49/0x80
[  614.114105][    C1]  ? __pfx_rose_timer_expiry+0x10/0x10
[  614.119549][    C1]  __run_timers+0x6ef/0x960
[  614.124033][    C1]  ? __pfx___run_timers+0x10/0x10
[  614.129041][    C1]  run_timer_base+0x114/0x190
[  614.133689][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  614.138869][    C1]  run_timer_softirq+0x1a/0x40
[  614.143613][    C1]  handle_softirqs+0x216/0x8e0
[  614.148350][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  614.153608][    C1]  __irq_exit_rcu+0x109/0x170
[  614.158254][    C1]  irq_exit_rcu+0x9/0x30
[  614.162468][    C1]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  614.168069][    C1]  </IRQ>
[  614.170979][    C1]  <TASK>
[  614.173891][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  614.179842][    C1] RIP: 0010:__kasan_check_read+0xa/0x20
[  614.185362][    C1] Code: c7 c7 b0 f5 c9 8d 5b 5d 41 5c e9 91 4b 78 ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 0c 24 89 f6 <31> d2 e9 5f f0 ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00
[  614.204939][    C1] RSP: 0018:ffffc90016767818 EFLAGS: 00000283
[  614.210977][    C1] RAX: ffffea0001270dc0 RBX: ffffea0001270dc0 RCX: ffffffff82096030
[  614.220822][    C1] RDX: 0000000000080000 RSI: 0000000000000008 RDI: ffffea0001270dc0
[  614.228774][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[  614.236717][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000
[  614.244658][    C1] R13: ffffea0001270dc0 R14: ffffc90016767998 R15: 0000000000000000
[  614.252603][    C1]  ? do_pte_missing+0x22c0/0x3ba0
[  614.257610][    C1]  do_pte_missing+0x22c0/0x3ba0
[  614.262436][    C1]  ? find_held_lock+0x2b/0x80
[  614.267088][    C1]  __handle_mm_fault+0x152a/0x2a50
[  614.272185][    C1]  ? mt_find+0x3ef/0xa30
[  614.276401][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  614.281832][    C1]  ? __pfx_mt_find+0x10/0x10
[  614.286402][    C1]  ? find_vma+0xbf/0x140
[  614.290615][    C1]  ? __pfx_find_vma+0x10/0x10
[  614.295264][    C1]  handle_mm_fault+0x589/0xd10
[  614.300001][    C1]  ? __bpf_trace_exceptions+0x1/0x40
[  614.305277][    C1]  do_user_addr_fault+0x7a6/0x1370
[  614.310365][    C1]  ? rcu_is_watching+0x12/0xc0
[  614.315103][    C1]  exc_page_fault+0x5c/0xb0
[  614.319587][    C1]  asm_exc_page_fault+0x26/0x30
[  614.324430][    C1] RIP: 0010:rep_movs_alternative+0x33/0x90
[  614.330210][    C1] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb
[  614.349788][    C1] RSP: 0018:ffffc90016767c38 EFLAGS: 00050246
[  614.355824][    C1] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000000008
[  614.363767][    C1] RDX: fffff52002cecf97 RSI: ffffc90016767cb0 RDI: 0000200000020000
[  614.371708][    C1] RBP: 0000200000020000 R08: 0000000000000000 R09: fffff52002cecf96
[  614.379647][    C1] R10: ffffc90016767cb7 R11: 0000000000000000 R12: ffffc90016767cb0
[  614.387589][    C1] R13: 0000200000020008 R14: 00007ffffffff000 R15: 0000000000000000
[  614.395537][    C1]  _copy_to_user+0xbb/0xd0
[  614.399931][    C1]  msr_read+0x14e/0x250
[  614.404062][    C1]  ? __pfx_msr_read+0x10/0x10
[  614.408712][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[  614.414055][    C1]  ? security_file_permission+0x71/0x210
[  614.419663][    C1]  ? rw_verify_area+0xcf/0x6c0
[  614.424404][    C1]  ? __pfx_msr_read+0x10/0x10
[  614.429060][    C1]  vfs_read+0x1e4/0xcf0
[  614.433210][    C1]  ? __pfx_vfs_read+0x10/0x10
[  614.437858][    C1]  ? find_held_lock+0x2b/0x80
[  614.442509][    C1]  ? __fget_files+0x204/0x3c0
[  614.447157][    C1]  ? __fget_files+0x20e/0x3c0
[  614.451807][    C1]  ksys_read+0x12a/0x250
[  614.456024][    C1]  ? __pfx_ksys_read+0x10/0x10
[  614.460777][    C1]  do_syscall_64+0xcd/0x4c0
[  614.465254][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  614.471117][    C1] RIP: 0033:0x7f491778ebe9
[  614.475503][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  614.495089][    C1] RSP: 002b:00007f491857f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  614.503471][    C1] RAX: ffffffffffffffda RBX: 00007f49179c5fa0 RCX: 00007f491778ebe9
[  614.511412][    C1] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000004
[  614.519355][    C1] RBP: 00007f4917811e19 R08: 0000000000000000 R09: 0000000000000000
[  614.527298][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  614.535239][    C1] R13: 00007f49179c6038 R14: 00007f49179c5fa0 R15: 00007ffee1644aa8
[  614.543189][    C1]  </TASK>
[  614.546369][    C1] Kernel Offset: disabled
[  614.550673][    C1] Rebooting in 86400 seconds..