last executing test programs:

8.566480506s ago: executing program 3 (id=1854):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
syz_emit_ethernet(0x1d5, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa1c86dd6000ed04019f3afffe8000000000000000000000000000bbff02000000000000000000000000000186009078000000000000000000000000050aa78c000005dc8080a2030003004023493b87aafaffffffffffffff237324720000000000000000748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af050200010000050000000000e39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad847062499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d0d70f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc9000d06aa85"], 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010029bd7000fbdbdf256800000008000300", @ANYRES32=r2, @ANYBLOB="1800c7"], 0x34}}, 0x0)

8.473004123s ago: executing program 3 (id=1856):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-blowfish-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000004c0)=',8Zz', 0x4)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1, &(0x7f0000000380)}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0xab, @loopback, 0x10001}, 0x1c)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @loopback, 0x23}, 0x1c)
r3 = dup(r0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[], 0x78}, 0x1, 0x0, 0x0, 0x4080}, 0x8080)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffe, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="00001f178e8baa740264d6ff348f000000010000140012800900010076e70ef6097f666c584558e38ca52a1218883c06c5ff5e0cd332076fc2aabb664f115b789d95d5dab3f4a9ce52c341c53860b585ddbc77d22cdd", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000000300)={'ip_vti0\x00', &(0x7f0000000240)={'syztnl2\x00', <r5=>0x0, 0x10, 0x700, 0x5, 0x3, {{0x1e, 0x4, 0x1, 0x2, 0x78, 0x65, 0x0, 0x1, 0x29, 0x0, @loopback, @empty, {[@rr={0x7, 0x7, 0x3f, [@dev={0xac, 0x14, 0x14, 0x30}]}, @noop, @timestamp_prespec={0x44, 0x1c, 0xd7, 0x3, 0x5, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x800}, {@remote, 0xd}, {@remote, 0x6}]}, @timestamp_addr={0x44, 0x14, 0x10, 0x1, 0xf, [{@multicast1, 0xe2}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3d9}]}, @rr={0x7, 0x2b, 0xa2, [@broadcast, @multicast2, @empty, @empty, @multicast2, @rand_addr=0x64010100, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}})
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd2b, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x5, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_matchall={{0xd}, {0x58, 0x2, [@TCA_MATCHALL_ACT={0x54, 0x2, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x6fe2}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xb380, 0x4, 0x0, 0x100d87, 0x6}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r4, 0x8933, &(0x7f0000000340)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x220}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0x440, 0x0, 0x220, 0x70bd29, 0x25dfdbfe, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x679}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x48}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x100}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}]}}, {{0x8}, {0x8c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x1, 0xc, 0x33, 0x7fff}, {0x2, 0x3, 0x4, 0x11ca}, {0x9, 0x0, 0xd6, 0x72b}]}}}]}}, {{0x8, 0x1, r9}, {0xf0, 0x2, 0x0, 0x1, [{0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x4, 0xe, 0x6c, 0x4}, {0x2, 0x9, 0x0, 0x6}, {0x1, 0xc0, 0x3, 0x6d7}, {0xdd5, 0x8, 0x40, 0x5}, {0x9, 0x0, 0x6d, 0x7a4}, {0x9, 0x7, 0x6, 0x7}, {0x7, 0x8, 0x3, 0x2}, {0x9, 0x9, 0x40, 0x80}, {0x3b, 0xfe, 0xed, 0x6}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}]}}, {{0x8}, {0x4}}]}, 0x440}, 0x1, 0x0, 0x0, 0x5}, 0x2004c094)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000200)=@gcm_128={{0x303}, "f64d87da603fa09a", "ec9580400006000000ba6a6b247009d4", "be164209", '\x00\x00\x00\x00\x00\x00\b\x00'}, 0x28)
sendmsg(r4, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[{0x10, 0x11a, 0x5}], 0x10}, 0x80)
r10 = socket(0xa, 0x3, 0xff)
connect$inet6(r10, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty, 0x4000002}, 0x1c)
syz_emit_ethernet(0x6e, &(0x7f00000001c0)={@random="cfb14e407d33", @broadcast, @void, {@ipv6={0x86dd, @icmpv6={0x9, 0x6, 'z&-', 0x38, 0x3a, 0xfe, @local, @mcast2, {[], @pkt_toobig={0x2, 0x0, 0x0, 0x8001, {0x2, 0x6, "081331", 0x9, 0xff, 0x0, @loopback, @loopback, [@fragment={0x3b, 0x0, 0xa, 0x0, 0x0, 0x3, 0x65}]}}}}}}}, 0x0)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f00000000c0)={0x7, 0xffffffffffffffa0, 0xfa00, {0xffffffffffffffff, 0x10c}}, 0xfffffd88)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8.069854248s ago: executing program 0 (id=1857):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000f30000000000000000000000384d4b6d67d60f6c00"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f00000001c0)={&(0x7f0000000100)=[0x0, 0x0], 0x2, 0x0, 0x0, <r1=>0xffffffffffffffff})
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
ioctl$KVM_GET_LAPIC(0xffffffffffffffff, 0x8400ae8e, &(0x7f0000000880))
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x3000, 0x1000004, 0x42031, 0xffffffffffffffff, 0x4000000)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
ioctl$TCSETS2(0xffffffffffffffff, 0x402c542b, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000100)='bfs\x00', 0x4, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount(&(0x7f0000000180)=@filename='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000300)='pvfs2\x00', 0x11, 0x0)
sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x54, 0xd, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'list:set\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x3}]}, 0x54}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000003100010325bd7000fcffffff08"], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x0)

7.054524134s ago: executing program 0 (id=1861):
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='l%\x86\xce6\xdb\f\xcf\x19|\xc9O\x7f\xce\x8f\x7f\x1c\xeay\x06\x00\x00\x00\a0\r\x13\xaa\x84r\xd7^\xe82\x0f\x1a\xf1\x02\x00\x1e&{\xee2\x95I\xca\xbevl\x12\xb6 \xd4')
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r0, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/179, 0xb3}], 0x1, 0x189, 0x100)
sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYBLOB="00042cbd7000fedbdf2510000000080005000b000000300003801400020069703667726574617030000000000000"], 0x98}, 0x1, 0x0, 0x0, 0x8010}, 0x40400c0)
r1 = socket(0x400000000010, 0x3, 0x0)
mount$binderfs(0x0, &(0x7f0000000340)='./binderfs\x00', &(0x7f0000000380), 0x402, &(0x7f0000000000)={[{@stats}]})
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x3, 0x8}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=@newtfilter={0x90, 0x2c, 0xd27, 0x70bd28, 0x6000000, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_fw={{0x7}, {0x5c, 0x2, [@TCA_FW_ACT={0x58, 0x4, [@m_nat={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x3, 0x8, 0x10000000, 0x200000b, 0x101}, @broadcast, @local, 0xff, 0x1}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xffffffffffffff60, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x11, 0x8}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x20000084)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0x20, &(0x7f0000000480)={&(0x7f0000000400)=""/74, 0x4a, <r4=>0x0, &(0x7f0000000240)=""/61, 0x3d}}, 0x10)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000540)=@generic={&(0x7f0000000500)='./file0\x00', 0x0, 0x10}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x8, 0x1a, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000070000000000000001000000b7080000000000007b8af8ff00000000b7080000ffff00007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b70500000800000085000000a500000018280000", @ANYRES32=r0, @ANYBLOB="00000000400000001801d9ae1204226395ef9e1a80c67d00002020782500000000002020207b1af8ff00000007000000000000000007010000f8ffffffb702000008000000b7030000fdffffff85000000060000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x5c, &(0x7f0000000100)=""/92, 0x41000, 0x4, '\x00', r3, @cgroup_skb=0x1, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000200)={0x2, 0xc, 0x1, 0x4}, 0x10, r4, r5, 0x3, 0x0, &(0x7f0000000580)=[{0x5, 0x3, 0x7, 0x5}, {0x0, 0x2, 0x3, 0x1}, {0x0, 0x1, 0xf, 0xa}], 0x10, 0x10000}, 0x94)
mlock(&(0x7f0000ffa000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil)
r6 = socket$netlink(0x10, 0x3, 0x0)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x42ac00, 0x0)
ioctl$KVM_GET_STATS_FD_cpu(r7, 0xaece)
r8 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_int(r8, 0x6, 0x19, 0x0, &(0x7f0000000040))
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f0000000080))
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

6.711021068s ago: executing program 0 (id=1864):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000003c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c000905020200fd020000090582020002000000df053ea51af0f67692ade655091de97cb5d316ef45875f212aa3bc022915ba863beb0cce9085ea7811c9e7f5e751c3c135c9edf8b26a3237cad9ba9a592c912257acd840c8690ee652cacd208506439585c27aa23f67715339ccdf5da6b752dbefff320705239f33506ddba6ac2ca0e54912d57401164f3408d5c673877a09c1b5cbb60dd8c82377b6498d55dd77908dc97bc146cd69403e13c6913a9628572d0b00f863a5d83214b059f1297c1d59864927370d61e217cdd3349ca5f77a16e57d29b99eceef4412a072fb5764df3064202319361a4cd7c1bfa6c5c02d261773869544df943866774ee63fcd94a734bd71fe6d4a8c25c72cf85f73cc8053da36e67751ec04a4fc"], 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
fcntl$setsig(r3, 0xa, 0x2f)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000"})
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_init_net_socket$x25(0x9, 0x5, 0x0)

6.646864433s ago: executing program 3 (id=1865):
ioctl$BTRFS_IOC_INO_LOOKUP_USER(0xffffffffffffffff, 0xd000943e, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
sendto$inet6(r3, 0x0, 0x0, 0x20004041, 0x0, 0x1700)
syz_emit_vhci(&(0x7f0000001040)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0xc}, @l2cap_cid_le_signaling={{0x8}, @l2cap_disconn_rsp={{0x7, 0xc6, 0x4}, {0x676d, 0xfffb}}}}, 0x11)

6.583268607s ago: executing program 4 (id=1867):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0xc, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x50}, @printk={@lx, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x9b}}]}, &(0x7f0000000080)='GPL\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(0xffffffffffffffff, 0x0, 0x800)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x0)
bind$tipc(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000e40)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_SCAN(r0, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="210f00000000000000002000000008000300", @ANYRES32=r2, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x44000)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="010080000000000000000800000008000300", @ANYRES32=r4], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x2000c000)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0)

5.932566295s ago: executing program 4 (id=1868):
mknodat$loop(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1004, 0x1)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000083c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
sched_setscheduler(r1, 0x6, &(0x7f0000000200)=0x4)
setsockopt$WPAN_WANTLQI(0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000040), 0x4)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f000001b700)=""/102392, 0x18ff8)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x70}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x5, 0x0}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x4, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0xa0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.891988341s ago: executing program 2 (id=1869):
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="2d5a8bfaec0503d4ee82255ccc79459d336c02f6846ffa083727a27fef8e41f33ff61428dc81376619b5746876cab40bea6b76e7a18d9f0f45c5f33c3f3e548879927a89cca1b9829ff887d45cae3a0012b8eec038b982c41410eb0cffe4204a0387ae9ad2d2eb6f904feaea4325a355611cfdb7ac6c3495a4bcfa6a2c3285bf50ca4a25c77f383bdb14c2f038ba311fefcbe3d334550fb18a5f462cec0e41bf00e3ef37c78bb0086cbdc72b561eb2e285a15002dbb8b7a858d33bdfef916ce90eca18739db369eb9aa302efdba714da8bbd0baaeb55eb585585542cdfe62755b7dd303c01c44de59f83de2b9edf1e60279b16bc7ee4c277e23701b7d58fdad36e8d91c111be46581f230b4cbbe8b9ad764cd3e067d7b7c5e1082a55c86f7cbc77e049085b2749b2ead86b176e4c8d2498a331f1118c5ed72ab0fc4228c8214e0e48fd1f265ccfd3311eff1f9548d1217c02de43ebc6c896afbf6065592ce3bafbc138524c4ffa429c33265cc8ebfc69e1adf360f97ec2edbab35cdc965dfadfa522a591734e25f91a44023ceeaac091534ec097d7a6f9a8efe84829719e41c101ee103c7b8c6d7fb630da2ffdd692d13e9212539b8484ea7fbccc74ecd6b44e08852505badf79984da7ffd06e78b05b453e89bbeb44fb0e72d527ee63aee52eebf2e4049705c41ead90017d7a512146287226941b20b4a603d1f5d9e6c559d55c5f6de7e9159e121dbbabdcdae8f359f66c218fb24d20c3b56ca3b4a2639b4b54e0775f29c731a3fd33331a76c280df2bea7fb0778648bc55257c42cb1a4ae173a21e33a782943d733e570595aea49f391ced7df117548032f44d611d1fcafe7c08fcca48ef9bb719d41c2cde9eca1727feb7bcc14757316a3fb315eb0adf3b60f5d6cfe231e4dca32f1cd2a74a68e44b1c09471f135d6abf0d7d417a42323923ced88d39902998a177bda4d7ac9e5479f0ae49f5fe51818fa13dd9131d219658ed2de42587f415396aa610998f2b166a053cd272ef751e5447122c03f33800268f63503a237fd62235c65fa995ced4facfc61959a7b64f7ef4bced8cbc10222a18aaee1fcc282163cafc4bf899a7de76ac61499fa1bdf6e6599a9b6e46d202230ee0be421b38ba66b85c7e5cb73e26085f8b62b4141f8728515f12019e1738bc5b278074c56be74033511b21e97a727c8a5f9c186af9777574f52d957082122dcadefe3c376f73a33e41094ad7cd404b50e963a200b57cbf4329e59c5b5a42f8700613e30af94109d5562262792e77df91e7e75c40080f8ca071449bc999762d483c30a4eee68e89be2d138a4b64af3c0211c3540227d85801dc16d1bb669a16b243fa98ef40edb5b5fe05c50f8702434c4d2663e874aec996463c6d946fd1391096b02198e88f5e568300d6c4848b4fe7273af633cc6fbf6a5e37feea56cfc20a0b42a5c6266c805823bac41f8d4eb43c6c4673a4b6a8dd303fe922ade7af649cb21c2919390a9ee62a08131ea21840adc9cc023e2aab908ea6bf2d41e52918ed6423677933cd1729cfda6423e540aae3f043a1296b6eb9350d38e07abed7d1ea7249b1b67d17322050d01589c9787f4e5a904c5cfb25e047f3e46de5222121c2af122bd3a3b2b0f35ea0a81d3a862d77217e992cc74f678617223cad5ba21afdc58e6af17e7b4ee3a506f34069d2931ac62d47f86f1983d7204a32544ae0b738cd5ab3efb940ad752ebbb59cd28d98cd6e0441f020ab2d68cbe90fa44be7f7191c2f5748c418dde668ee87d579baed4358b5c47e03a89ddb98fd4209fda85a277460ca20cc6de67c0f35e39d3fcfc070530140f648b50dbd3236d8e5b5e63be12191cd67b9ef128440d8794dc452b5a16f250c9e378d52b1132efc4b1ec8a7a3fd04ef82154de056ee5054fb15dff8df06bdca1dc8b1c1d4175c967445105954d10f0fc94acf39b68105d188593584333312eb6fad6371cdbbbf16e88bed86600d9dac851661dd3cc64f9bac0b2b81ad2564274b5bcc040f065f3fc055f7e254f8954304140782b9a2390bb61fd82d7a99ddf96468f3ef43113b767552969d71190265b76c1358c4e16a21ff959631a19c6f5a686b7884d75aca2810decbfd9fe0520f3b322a80838a2e633e1c2a79df01786f605750b84e2b04b7204ca6022973fca4ab0c8c67caee2349a6b839aa6bebc862f2f8246fc293e0f14a375581036becf081e4fd6b0cc2f7465fe7f932890884794215838558c0ae6de81efd624c5290bdf52e95e4d5b1eaf280d76eb0ceddf438bcf1d4b83e8eec3aaacbd7ea0421ac84f08a480ae48edb7c23c3f94dc59a44b3c5712800789fa3b2b938bed137505d2b247a4c4a9bd5ceddb900cb9a502d10dbd620a7ef84fbf49081d52419e5d08ddd5a1873f6d3ea6a822400ffdad29899bfaf73ce3d8ff182b3ca8ef1c39fc34b93767b9a13401427c440edd2e5f801655e60dc4c5b4ba84e504421b758e0b4c743fd1a1b6be27702e751960b431f1d7a7fd68a9ab198a5c6dbbee137283e6d6c69eedba5345e551e4421f3dfc1c957bbf413c48f64871521789487707278c69eb71c33a6999d7e497dc3d7d022f008addc112c116637f6d29c9247de134eb860cd3e5af369ee474883e7a20c40ba02160ec19dcb717cd3f4f3f0293195242fa814042ad751c774728a797a8c483e0562a2cca698053c1b66c0310affdb6e5767ab6db583ac415119f1760bed5f405c5cfb63b2ccfd5dc9d119fc82a86f98551d92f02410fdddd450f0a661ce041fa39aaba50cda470d3080dec7345a54abe2a7630a7fac84bf95c30a0dff1225f7b1aebb41daec68ceff2b0f502e7433f395aeea75c1ba88229b44fa5c6fa2647e44db139eca1f2b7142b6c23d4879603bb5617e94de0d5353d1b17dfb960eb1c11c67d0d1e1cae94699cc9397b79150dacbbc7361261d5445f237210d2ab8120fe721072394b77df46894595b8fd56f034318e90e3cad94f1655911b9bcc0bd15c628c0248e134295f3ff69cf8ea536b4b7a6c11b4e04955f9f1d9bac2ad39d81ec929b0d29999ae5a865bcc2cffc8fb42af6e486ca12a4c83461c6a72b3c88e4f3d1a9c1f13adc6defbf0110746e39b1d01a5129f996a2af48bc52f06a32764d8d8dd984c5dc4e8bca0ffbbc7e4cd226cc278b35ed16bed6e8aca4a1c18120eef0966dd5327f252462477d43cbd1497654ddd3358d24883d9ddde40f1bc8c5610370841b1cb13e84162cc6d0818987350c22362b12c0f315dbc5dbc33c224bf8d57410f2621b9c45d6857b0bed5aae750db0dd4c6cf50bfd6d5e0c816a9d8951402a1c50ad8169fd94427b42c58399c6d72b1f213e009af4f650e5ef67d2f48c7dc3ef74a8ee453ab84118f2f0e4ff2b8130169ccac37198b337205cae506e8d70acba86aab28caa8117b1231d9c4b631fa3aeceb3c236182e25299392f1ed986106071097314a9b9bd0f30d853e8b4044c00f04b45b2923b572a6a41cb5293cc8dfdbeff56a1375a33bac7b220056a6f6a292035b17a3c3fd55897548c68ad7886ef432cef353da3da8deaea09df078569c042258dfc0763d54be89302b11a6d24f4086028b82520fb6d967b78b611a7e9661a92b1a8f12d407d2289e85a82bd0b7c742055acd2396ba8d101e91ce2e9f387e909fe6da3109e1937b1e12515f23c8f1b739d4c40a287cae3bf59e901fff2ba0de0a36a304428e9febe42a01dea2eacae9416a72ddabb98d2e69c70ea9edfc57cd81fc4217ec353caf01a1a61b925102f866b4090b6447cfd8eeff2a3a49e30fe0a4fff77fe1a225dbdb2fac338526c7438631b69ead8781b86801f530b04b1544be2c22aff4ac89b0ce4353526905e59e18f7f01c221e42354a5269e0e28afa29f38bcab3923fe8d64fbf81433991b0bb9df6fc4c28ba175871d87bb5ce6cf5bf4572bb873c044f0aeb2981e34a005df55d354db0353f6433f76adde2c124793a1da43aca0e62a744992ed8efa8571a26857aa65a21cfc3507471ab75525cedb559c430b5d03a5c4e923f7fbec50d0eb10fc40b3d7986245f4c6888a53df7fe7fdcc11261e70d8cca04baff938f8446bd9048baba31085f20746c5f0e00d816dca934804ea2877cca51b5c0e31dfeefb9e91e41189d67412a09af16b4cb709e6fee71b2766a71c8397578516b656633bb620dfc8bc15de4ea5f75f6845ea44805442125adef9377e98b5d8e73f3a0bfbd330467daf10d9f7a95cd6fd4827fa1b062898fa454437bf185b9e0d98c9d10a5db80364bca446205739b23a1e7e860647ed30e2b72524da94a5f70dcbcd67d8df08f0d57583011d5487669c5a45905125186590322dbe481e820a6a6c29c136fa4301ade06baddca45f0d5ce913b5b763d293da4afaa450b17ff4933e4478fbba9ad9e6e5eafe9fdeb82b7d65bc92f6690d03a49923810558b5e0f5bf47e7d000a5e132217c174445565d57d29f02e71d7205b8ec10330fea51d972fc5c81b1b36775816082f979b5b1fe3601c9c8e8fa0c3504bfa30e3603d5a0f3a7cbd27d744b27cdbf318acbed70697519605453df106123e1a6148c9146154986e288d8a70b6fed1667cc1e0b199067c704a6d41ba751b53102ebca01b3ce90226847808646c95f3eb231b6af0b0f329bd997db5a4d3ff18edf0203e351fcfa8c8ae2be6953472bbb3f40bb6ab3f8f2128d11a3bba133f0204e2e0df189cc8d2cb8af81d0941a37c2165112ed452008930bcc607fa6fe3ad1def902d89c7330e6042f6f86c3a75665ec603b6e392b417a0d907d42e6534db72adbad4266c6601d7b8bf8d9cde807088f76b07c06840d0806eb89aa545292284bf050e732e547ed54417b3ec7e7a7c5e8454a56f5092ea8cb27e74e0672c2951647e29dadbdea86d2a4d9e53ab01c9d21e902fc9c6ff4c317b3c0398561364e880e2b079d79a27d6dcc3d586abc043477981bd36746f5570840536bef104a158e2461296717d247b6004565ffb8eb9bb5258c65032f0b472c4f3667a17e3ff65b45c91e2411b5990f054e0c2a05fc175d2db7fb32ca32e4c11b46f08bae1614e2add96133ab383c1e78f4e3f21ed3010a35c76ad88714b526d3a5ba799e6f7bf9d5696e7b42c8c264162a28831baaef180f40489ad681af6c0a674cc7b65e8b8ab704d15546f70ed1e67f7643bbc8d0b8482024b8f320b5bdccb1014f5e1a34c6c795428660f026d93dd5dcabf2330dc62894bfe48fde6b931ba55dc2a222a27a3906ba5b98476321b6d27217fd58ad93b616aac91b139729d91de6f8ef49402e2741b8dd821f4cbaf7c4662ac782b255dc438164e54c417044e9bf5e13a8247777726dacea4341d8ba03bad17070dd0f07da13179d29ac00aefa41aaf4688e99eb395205f6d6d71999b3718f7f2d618117334977a92b15ed52e45e7d5df7a22be9cf0e008c41257d99b2426068c48de100b8e3019b624ce2f2849c35b74fe5ecc4478b2968a97cfcb759fc73c8cd21bda084646dadee926a4f606768749a89e11be2a23985631c922a73ba93f3619dcc4621c8da57697420859210aa43ec06feb649b9f1362fe9553f9d552b77203085d9a4da629f03fbf339bd8ccae6c411f6d8f131232575d28af2a2690529080f02a5a74fe59d1255039f09b8d565a4838930f88d6129389f2312a2ebcf0fe7d8b6dea3484cea9a1628349218b8ccefdea2b6c37676acc2a082fb73b19705e98079c1de7776cb830e79c0081a2da4059714f19587d10223fc50ea8434f1c7919a77acd7c5b20ac9fe8ad9d348e2c5bdb57fac1ec0c31a1688e22aab4f1a81826f3a47bd364505d35975c105a152aa8e42b2422a100ad3d3184d286884552143051b79294aba34bfc5cc332f0b6aa3bf186776ceb8861336ed97b85b9a7d548bf7b7a907256c7c6a2427d92aff68ba18544b95a75564029387fd2569943f8d54e64cc621123105eb56bcfaea06e38af31a05ef38302d2b6178121d52309865c5ec1147159c07b4d4e1ece24f6a1f63a492c617870c96dcabf43b73055d749e465cdbb965b18091eee65bd423f249d934ae904c2129b93d116353fe014e1afbcab5f74766a806451855bc28494653b9a863b9707c2a0fce3eb4b55c4220078651a94d3b9c6e92f4995dd56ec17d144b07bfb1b955b557d14774e64f400e0075781381b33d73a60f6b96cddbda0962b2a609e6bca56a109847bc13798be711d3779d5a8c6541bd247fe3b7477a1378cdafece044db3f31810bc95f8fb4ae7a8815303faac03651a13924308c06c8e86506b7d186a717a1bda1d7cdea2b8b682d37f954f488a8e0d65f868a81b1af4b8f7331ba84414a7ada82e81e06e76ddfa0aca0ca9a53a5de0bcdcbb77284bab522ffb6f803e95f116ac1670c50acd36d80f170e8e7e05163f050dc89dd93bf9160a545174472376e1fcbb945e9294f796a09ca78452683b8bd39049d118acc24ef0dc18ef88899dd7c27a3585e914e6f6bc8bb1950c061c722134243cf151785bc19dada45b90d97cb83bc60885a908d0c13be9e54f1929fe1f76fb9886808caf0442aca4539a42078bfee82418d611f4c432fcbc5242c35a396c17c1b93b98b277a9c8ef0143643e120c0de4b7c6beb0a582789b81a9d3a0b8f96a332c89764283d84ec5e6b8350683a2b4eebcb214a7ad430ff9ebcfc1d850717a8d38b8e35e67fea4b8f14938cc3eeacbee30616c09e848ebae3cefb8f2a904f2b3d1252019ec914278942d9b914f95574031cf21f412aa7500f3955db7b9ef9403750058d75e53d16803d4463f7884df1e361d34ce646e20b3427a45cd307283f1ff00cca6c841fb9b06543bf1a254b21ff421331facb2f08a484904ea25e049597c8b0a2140e8ed2906d574e73165ec5591c89b5dc08e5943ff7399f76b1df90947a9479b1aab40abf8ebadfa1455b6dcac672f495a64b6230fd3fe948ce6c16cb87e11ac7affc9047ef33fa64585c1dce3bab4fecc0c7d81b5ea73aed3ef63fafc880b6e2ba09d0df6d626e817075d5f330d91cec4bcf4829c20192bc0ef7f728f52dd3e074bafda4f8cd8465311a9124baad61bd73ca76a0d0d1b80cb7a5e429067ed4707b64d38613008c8af3ffcedfeb8cda26def8bef7cf947af23939d18adbf56715f90c2df716eb037d536cd36bc2b832c57f4a319f392e1ab37e02dfb392bd52b02801665c8ea28edfcb153f267dcfbd671d4eaa0d56335f7ce5eccda6b9f74621a1b322f1f3a60b00196a65327b36419394e776b2e1c1479f5f902c5918adfa5b112bfaf786eeea1abae7c8c9d3e3fe737c23092143376808b5e26cf896fb5202572533facacaac10ec26cab819f74cd372c95d50a9b6560da69c1b22d5c15759b7ab1d8118e672bea9af7e8a30458ccaa1586ed2720d5465e139fe3dfc0bc95107061471cdf28a42aa8149848a147a1710407021d13e611b36ad3624de35c4dc5a02ba8ae724b2d8cd85f15094e1893c98052cee135d0c1c11a73297775fb517abbb471a8b100cb51d8815acac16703b56f8aadae334601a84fc306efa08aeb2afbad94632b5f209603cf5e5ca634bd74ed2e525580ddd2f2ee65241788f5e867b44d7ecd71f5858d269ffda98d93860d8f1c26c47df1199f95991b54808bc26c0ab67b40745b8dfed41838e2c5594413d2c6022abe3c1f132e9f7c8c69e50729325d37e7502519d53d7e1bf0bc8f62d216fc9c88b197cfa1571ce8368cc1b4b625559cab7e8397c6c7bf537bc8b9d604f4bdb04cab86d349e4a33f92eaa07378eac07ed8d51aea9c15ef4c4b0e0a16f9c794701a1b74b58beb15cc165a4dc1a13a0886f55cba2b977447b61c01e1295a4221e19321201f1df0d25c9e14bc4433678e48a5081de7c81f79a6370843bf0d6e3e5192c1ddc0bad14a11ada8006e4f6549da3a877a991351610eb0c5bb6228d266baa27eab2b9bf4455fc54aed3c74c12590835e498c11efdc63dde52a62d8f3a3c978152018182b3e4cbd00fff317d06f8e9475b4c7506dcc5547d8ace2b71024aa0e2220936d2bd05163b8f15bc429378fec52ac39d167200758884056dc14d3329b1d47f477a217eabb651fa97e05451cd6e861996648ab439c9aa6fa032e9083b8c0f87890c88c50dd5a6e6be8c4a4361f3b4c3181c570407dd1d2d835a87dd4b24f55a649c3e478bc002f30894d06411dc4dd8277f796976b8b2884ed371013225bbd95955827741331777da30b1b3370fb4d0bb914d97660f7e06759ba54b5697a4f7cfb67035867f39e53306eb55b31ba660769ce6993b2f44a7173576766ed20992d04e6b4aff20c138102537a142ceeac3804fb0a4eaddeddb6bcc69007c5531f0ba6851854d8d836a51e8d644c7b79e071f19986090d2404b562a17e1ec1da775c171373bcf5d2c3d7dd64a587d66e42b6963d892df898766648f37c8d10ca249e28368c388f4e70a80b2992a0a390a2d51a17a0c1774fec2d399a2b0a99c802012fff6300c4275d1305b9a9d0f8144df64da9016f16369e813dafc7cff55c5a60602141fcaa62d9fc0b93df6524d8692be3c7ded5354b63014686e98ef2b5947eda93e0cd232d3fdea943d3bc92a6f2835c55aca33dcd087b7260bc68def6ce96ef5d536b61006a595219382d8b8365eb92eab44e677109971bc4dfd077a56ff1f27e9b80edffb5ecac7bde5dc2a74c30a24b9cd1b0d4356ec424350e364d0dc929d657a8626a22111d4a0f360fe33be72a1f2c4f5c1b9843145ddff70d583a9b433cab33b10d93531aab7bb8a53c738aae79222481b135eca9441f47068299deabdc9c4f77e5d4ea286e8300eb5956368d0499691dbab1499baef30bb6c4a9bb0159635dc1774203fda828bf804e8f526ffb55abd8700915232964b7f219a7bb221efa6428089263ab753eb421a1952bc780289a85ebb9b510dec67a826ccce1cdfbb29a3a55f4e1068ca2c077544efac686d77c67c927430c3ac78c7c8b1f834be9a689fdab38f1401797dba32a284f5c5f9ed13d34d8a001cfeeeb7de12aaeae7706004f96a293e52106fd945428e7e98915070b1584a323bd8f00b9803ce189c9c0af032752d979df57a5098458c7de034db79f43d27bcb720078b05e5f364f2d789343fb6fc8b2cab810b1745fa36aaccf5d27fc7f06ab821268d83e697870632814319533373f24584b35b2ba9dd9b52a4a2e559c90b1b87549530a64fdbba5587242535fd0d600fa6e8497369a5587627182c62da4a47bc6ea99f7aaa765e3b74b7d9c48e779c8b13a2535d03ef8ac4bf3fc9e6eda5628034e7e453fbd6153b8b8e9f693c5dfa37f6a0a2542e6f86ebd2ae926822d7b31963c8879557dfa2a869ba3c5dc2dfcb60bc0a0c9816c2c4c58bdc09c2d76a007e68c38fd8b88709e5c49341630e333e13413c3e60c0d768d4c98bcb297e819ceb0f8b229d3037ac95639344bf42ee7f77922a6ac039837356dfd7c0ba3c5393548369bd71b4824326eaeb80a9c249504a08bfc164af220047cdf054d928a8d929a2fb621665122062dbd5cdde82b8289e0d510246e0bc30d34d8e96703f75c75328f99437be474315d8cb55066badbc0ee852c8ef28e1de7f5b58dda97742db5f708c6be3279d700ba147f1519485020336c260d825920870739fdb288f22b980fb7bcbf147b1a95fcc3d8d1899749d928eea8d47cccc1fbbdd5729a3f2f73d2ae352eb3e043405bcb7fa12b2a80d6a3f0178a18cbc5794fd65f0caddaff57616dfed94884a48b27b181c55200d9ecdfbb082dcd2952089938e134eecb40c2f95cb7808fc7da09282787edb1939e75bc8e284c01239a895246be025c8e0168ae83f5adc62f4f81ddbf6ba9b5fce3ddd111eb61c42777a8c303abe291aa9ef383ef1d6c26c4f8698375cc76a7e078ac948f2e84de084fdb380d38d2e1810ce8118999554c06f8d583bd37003b407dd7b41a3b14f10a5ae7c2e8fdd087cc322ddc399fe38cc542bc957b38b0fda34a3ee5c6a97d25629d26a75de211fe1cc4ca63880caa8f85f3bd489c39cf30eac81784e4456a775dee3045df2a1875623a4fbf227cf90cd237721a6dff29d26a16306e4033cc644e35cba3cc4e45cfd0cefc9c8d8a0f35bf31a8319b54fb549554c7089b9334a9867d51d71aae1f342d5602ef2d394e6c8a8aa6c15121d8c8b3abe3416367dcc276c048c65311ad70df0ecf0cf817a1a27e1dc50fedea83de8a8bb7746e23be2f335c9cda9a7f08d72b9debc35d49e9ec4c9815040c38c11375dd7f2897b20479343b86b51c317e0e90f9465d8c425857e1831931714284c60f68036134304558e53d2d42813a42a3017ab21feab6132f3a2f8c5670a1076dab6136cd6836b52d7ee54639758085438831dcd8157ccae47784a35364babff9299e4eaa389931199b4901f12185a0d228473d4a147d88e55bd11f8ed2957b7f2f3efb3e444f0aec9bef1f68cffbdac04698cc277706f2ffdd263586b84c645f1721ee3008b398918fdfb9b06b98078447c0edd7c058524825a1124e9af37fa9cb77302aded60eca394c866397c3bc18f8277d9277921abd06b61b1445f43cd7f0b5b2c023832f6d67f86d9b6ff9985edee1ec2572486b43d3be834d5b60d208b1187ca7cc8b17133f55314ee640268d5337d7dcdf1742cb543d63ae3c09e312ac05b5d585d9437bf16bd560ef739f12c878178757e1f675a8671becae2bf03f87de4bc40b4b7a3aa6e2f28f015332b10b9fe426ebd45d7a26e769bb05eb2866bb34c56b079a5bd23352bcb08c379b400512b0d8438ee5371171ccbf2921c1e150fffb5885286f933f4393088ba21c47b15d1a35de27dbd02e58859aa080f87d0a857e92d0f52c549c04cd9368c94a8024e184773cb3431d854c2855e93ac9f24d5e45d11c2acfb03755e7f279b368e2e31b3653a7d7e2e102ac67f363c195272e2896bec544f669f2d25ae8638ac30da6ed52404b32b8ee9f0f2909ef6b4e2db3a6ea88b8a6f2f2c025959efb7b94005eb307aae01af8a19ee6178270be09d93837793b43bcdab98b9c04b6bfea7ac2217c11aeec277bc199b67ac24b7352299e7fec85aa151029d14441b56bb6031cdc72a1a90ef537c6d2bce7ffc7c366a88f8bc87cd8ef4e91b5ad9d85ed84f9b85f029252ad5ff13d564d842ef310feaba90974e40889e7cb753eb44ef96bc4c25b021fe50e9957a9c3cc9904aa920fc8a8e82a826b945559b57591fa1a26c380afe65d930f9bd9a3d93f57324d28c2741e728cbd106dccdf66863e49db8a0df1398ba8594fa5102b8157e4b987f4339820df5a7aa2b1c47ed0211437ee3d81dcbffa500dc4b743d49028581234c7e9db2e951d5bf3e3c448ce58bf94a2f7ef95eda07daae00bef1794d27330927b2460778fdee580efe431ee244aae452cd60100b6c9f0cd5e79e170a7b149abfcc26b77d33c35311c95e3ba0752eabce3d1310a8aa45ecd1659e4e855919d153ebeb434581a6d352508771b030acd3fee51badf6767a7931bbba2cf195bd98fd096a6be14d7172cf1dbe3a82bae73a29223c623c090cbc5fffe8f3291", 0x2000, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x8000, 0x0, 0x2b4}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000002140)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYBLOB="5fbe7916036fa72222a7b4658bdba8479f45a0e3fef464db4bf8aaf993642e4685650d05bd3ba894a3d864ecd500529f51e4fc68f5d0ecf1b52689289438b60cbede76c11c4553e6a03501ed32bcae4e0420ef67e22b3b3fcc393b063dfab9f19bb9e4d617fce10c29eee5ff5110bc4ccb8bf4dbb5719e8f3e30f4121218de0db98639aef0b136a4f0c71359544726ea6b1ebe5f3be06dc97b9627881509a60df8d144478cef91203398d636766ccf619a7fe146142def2cb020c36a81f0154356f72364af13fa8efe79ee0c8d7aa8c0fdc9d43ff6d655eb6ecf7298e9bcac0a99cd4ccf9a84", @ANYRESOCT=0x0], 0x48)
close(0x3)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14b1d71a9f59e0c284bd7000fddb03"], 0x14}, 0x1, 0x0, 0x0, 0x449d7}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0xfffffffffffffd85, 0x0}, 0x40000040)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6000000010004b042cbd7000fcdbdf", @ANYRES32=0x0, @ANYBLOB], 0x60}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x1d, 0x2, 0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
timer_create(0xb, 0x0, &(0x7f00000000c0)=<r5=>0x0)
timer_settime(r5, 0x0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
timer_settime(r5, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

5.557601074s ago: executing program 0 (id=1870):
io_uring_register$IORING_REGISTER_EVENTFD(0xffffffffffffffff, 0x4, &(0x7f00000003c0), 0x1)
prctl$PR_SCHED_CORE(0x4d, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="06000000040000009c0000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r2)
sendmsg$IEEE802154_SCAN_REQ(r2, &(0x7f0000002980)={0x0, 0x0, &(0x7f0000002940)={&(0x7f00000028c0)=ANY=[@ANYBLOB="1c150000", @ANYRES16=r3, @ANYBLOB="01002cbd7000fddbdf25090000000500130005000000"], 0x1c}, 0x1, 0x0, 0x0, 0x161b060f1432d4f2}, 0x4000080)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r5 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x6)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f0000000c00)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8, 0x0, 0x1}, 0x18)
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x2054000, 0x0)
rseq(&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x4}, 0x20, 0x0, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0xa)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240), 0x101100, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='sys_enter\x00', r1, 0x0, 0x1000}, 0x18)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000040)=0x81, 0x5, 0x0)
set_mempolicy_home_node(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x0)

5.557071404s ago: executing program 3 (id=1871):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000300)={0x28, 0x0, 0x2710}, 0x10)
getsockopt(r0, 0x1, 0x4, 0x0, &(0x7f0000000900)=0x63)
add_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key(&(0x7f0000000040)='logon\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000380)="09e7c5762fa21c9dc275ba2c2ac6ada3fa776389585e80b1d60d413e9ef43e6c750f6cc29ce3e2643f42dedf623a7bf24a0fc07b166e179d92cf34", 0x3b, 0x0)
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r1)
syz_emit_ethernet(0x76, &(0x7f0000000080)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6012000800403a01fe8000000000000000000000000000bbfe8000000000000000000000000000aa040090e67a8d8001a1970e4c0f2b03780000000468e632fd00008800fc000000000000000000000000000000fc00000cd0f33a00000000008800000000000000"], 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
unshare(0x2a020400)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000540)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x28}, 0x1, 0x0, 0x0, 0x140c1}, 0x44)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x0, 0x8, 0x0)
fsopen(&(0x7f0000000140)='ext3\x00', 0x1)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000000)={0x20, 0x0, 0x9, 0x101, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x48004)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000000200)=@file={0x1, './file0\x00'}, 0x6e)
r5 = landlock_create_ruleset(&(0x7f0000000080)={0xc97a, 0x1, 0x3}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
listen(r4, 0xa)
landlock_restrict_self(r5, 0x0)
r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x802, 0x0)
ioctl$SNDCTL_DSP_SETTRIGGER(r6, 0x40045010, &(0x7f0000000000))
listen(r4, 0x0)

5.416244469s ago: executing program 4 (id=1872):
openat$tun(0xffffffffffffff9c, 0x0, 0x22100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
rt_sigaction(0xd, 0x0, 0x0, 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000001c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d05c164a534308", 0x10)
r6 = accept4(r5, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/140, 0x8c}], 0x1}, 0x3}], 0x1, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="c35f5d304fafd6afa43607bb8278e70d53a9ffa22d6e5f8626398b9cdcf7f68a551216548b4c20517caec532c1a77f95cf9a92ce830a8f5a15aaf106d1380d6f8a652b6caab094ddac32e931c7258ac6d8a87e0a7bf8463b3eac8195c6219458f849fa82063cc4ffc1da166ea8a7a34383d1cbb8d05f3d5a917e16eb", @ANYRES16=0x0, @ANYBLOB="290027bd7000fcdbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x4040810)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r7 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r7, 0x6b, 0x3, &(0x7f0000000040)=0x5, 0x4)
fanotify_mark(0xffffffffffffffff, 0x1, 0x4800003e, 0xffffffffffffffff, 0x0)
sendmsg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, 0x0, 0x0)

5.274534888s ago: executing program 3 (id=1874):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) (async)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) (async)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000240), 0x103182, 0x0)
socket(0x1, 0x1, 0x0)
ioctl$SIOCGETSGCNT(0xffffffffffffffff, 0x89a0, &(0x7f0000000200)={@rand_addr=0x64010100, @empty})
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121403, 0x0)
mount(&(0x7f0000000000)=@nullb, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='cramfs\x00', 0x800, 0x0)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(0x0) (async)
chdir(0x0)
syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
r2 = syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000f0200006706000020000000620a00fe0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815dcf0066d7ded3c5c49a08a503ea6d54f7f3125a8200578ac0836d6454745e70a27444003c5b20451b624db6f5320e9befc1e00b8b32917c4d30d16b7edb732bc3ac330b16c442aff70d27659bc58e296b16750c5577c848754b4894b07f15bab1c640a5c0c4fd62f9db829b301ef67fd2b2736f3af0c54af2412313b17c4c8081c4ed0572261960e227d34cfbfdb247bc2351c9d8363a8cb18b7330604da78b0aba47545f9a25a80dd7d28a5ae41824f611dd2de6dd581c52698f9542a444a8a3969946faded5275c00"/420], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
setpgid(r2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
setpgid(0x0, r2) (async)
setpgid(0x0, r2)
open_tree(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x901)
mount(0x0, 0x0, 0x0, 0x22000, 0x0)
bind$can_j1939(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x6a)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
setxattr$security_selinux(&(0x7f0000000140)='./file1\x00', &(0x7f00000003c0), &(0x7f0000000440)='system_u:object_r:inetd_child_exec_t:s0\x00', 0x28, 0x1) (async)
setxattr$security_selinux(&(0x7f0000000140)='./file1\x00', &(0x7f00000003c0), &(0x7f0000000440)='system_u:object_r:inetd_child_exec_t:s0\x00', 0x28, 0x1)
r4 = openat$cgroup_procs(r3, &(0x7f0000000480)='cgroup.threads\x00', 0x2, 0x0)
sendfile(r4, r4, 0x0, 0x1)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

4.374114449s ago: executing program 0 (id=1875):
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce)
r2 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_MM(0x23, 0x7, &(0x7f0000ffe000/0x1000)=nil)
msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYRES16], 0x2000, 0x0)
msgrcv(0x0, &(0x7f0000001080)={0x0, ""/1}, 0x2000, 0x2, 0x3000)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000006c0)=ANY=[], 0x80}, 0x1, 0x0, 0x0, 0x4000011}, 0x4000000)
sendmsg$can_bcm(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0xa, 0x0, 0x300}})
r5 = syz_open_dev$dri(&(0x7f0000001280), 0xf0, 0x402)
ioctl$DRM_IOCTL_MODE_CURSOR2(r5, 0xc02464bb, &(0x7f0000001600)={0x1, 0x0, 0x16e1, 0xfffffffa, 0x3, 0x1, 0x2, 0x5, 0x2fd})
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r0, 0x4)
r6 = io_uring_setup(0xf08, &(0x7f00000003c0)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
io_uring_register$IORING_REGISTER_FILES(r6, 0x20, &(0x7f0000000000)=[r6], 0x1)

4.327078346s ago: executing program 2 (id=1876):
setsockopt(0xffffffffffffffff, 0x84, 0x81, 0x0, 0x0)
syz_usb_connect(0x4, 0x3b6, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0xfe, 0x22, 0x63, 0x40, 0x19d2, 0x1275, 0x566a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x3a4, 0x1, 0x0, 0x0, 0x40, 0x6, [{{0x9, 0x4, 0x3, 0x0, 0xa, 0x46, 0xe5, 0xff, 0x0, [], [{{0x9, 0x5, 0x0, 0x8, 0x400, 0x7, 0x0, 0x1, [@generic={0x41, 0x21, "1c6708380e836fc7671bf27853abb9420388e3b7e52759e0ec3b15248bbd92e234e0cfe450e7fad34cc4e779815aeeaaf54dd5c5a097446b445ed42b38a3c6"}]}}, {{0x9, 0x5, 0xf, 0x3, 0x40, 0x4, 0x93, 0xa, [@generic={0x3f, 0x4, "75652a553f1d5586fc04d806cef9282786ccdd950758db5399a1b8665bce12202647a63de3339e389ce2898489265c60587f5517e6fa4549488692d2dc"}, @generic={0xff, 0x2, "15eadea86d812f1efb292819e84a1ad49472d82da490ab57a6749b4060466e617c222655828874589d85fbd7e087ee12f41c13de82d72c38d9239588b8e92ea3877859e994604fbfbffe3753d67c7a6aa08d626224f6b4f531960949b181f07c063062e2b54c680e01388dbf8599e7f0a59d0407aadcccdd60bc2d33a4e1b35ff56c22f25bb990fba068fa08de98aac6d35d23ba91e926e1736ccaa26a0dff1c43f674151d1b31a655b905c0174431ef957e8b910ae47ad2b778d816617fb31daab13e5d3a389c94816e0953aee68387faf25c3abc98a2b2def5972d3c848bd3b087e9e5ffd8d0445974c8ef274b2dc95cadb7009ce5ce5f1ee2cc5a3b"}]}}, {{0x9, 0x5, 0x2, 0x0, 0x3ff, 0x2, 0x8, 0x4, [@generic={0x39, 0x21, "7143b484b45de334a937e318c02a2369caa8b913b057bc96c9a00fb311c1a47474ba3ac1f0aa7a13ce68d4e9504b774d6b1cfb06bdb66e"}]}}, {{0x9, 0x5, 0xa, 0xc, 0x10, 0xd, 0x2, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x7032}]}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0x2, 0x8, 0xf3, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x0, 0x5}]}}, {{0x9, 0x5, 0xc, 0x0, 0x200, 0x5, 0x50, 0x7, [@generic={0x5, 0xa, "753903"}]}}, {{0x9, 0x5, 0x1, 0x8, 0x40, 0x8, 0x4, 0x4}}, {{0x9, 0x5, 0x6, 0x0, 0x10, 0x6, 0x0, 0x0, [@generic={0xd1, 0xe, "ca1f081e56154a8f784a043f08d1614dfe47f2af92e14020effd6f0b9117bc5a6e00840a763c4def81f1e86a05f790408107d9af2b379ebb643f7ad572c4ffe2a0afbe4e3931f809e3c1797b37e898977ebe57d1e6f62229daced0132be393f9c132bc3cfba8a6c76442d7982c82b584c142a8dd80a4c73a2156909cb32de803ef0b9a2ed92313ac2630ea5bae40917f5d51a14de4209a9325a24299ae670f23dc474848e2aa627028eee511779bb6fc8a44cb599ed92216a8e9df7147744a39a15a2c0e73ef56ece1d31e18a41171"}, @generic={0x80, 0xe, "9be9c9475aa1fc2e40ad35c9c156114adb9679416771b98b76b5b9b15116c7558c514e32831a7249b0385c0423f8106450afe78e06c14a72e63c5208ee1d2fe58ee9ed13f36653fe2aaaabfef24c78b0a03ed2caca469c203f5392aa5e3bb15375317718833e0444e4a2c17ac2462d306c6c61398353f736439624641b31"}]}}, {{0x9, 0x5, 0x83, 0x0, 0x200, 0x0, 0x7, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x80}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0xc, 0x40}]}}, {{0x9, 0x5, 0xb, 0x2, 0x200, 0x8, 0x8, 0x2c, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x2, 0xfff}]}}]}}]}}]}}, 0x0)

2.876220199s ago: executing program 1 (id=1878):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x401, @loopback}], 0x1c)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [<r2=>0x0]}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000480)={r2}, &(0x7f0000000340)=0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1a, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000400048000000000000000008500000041000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)

2.767134731s ago: executing program 1 (id=1879):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, 0x0, 0x0, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r5, 0x29, 0x45, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0500000004000000040000000400000000000000", @ANYRES32, @ANYBLOB='}\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000000000000081e2bb5f2f5891f02faa37c7a029053a4fe1c5d06a2f182b28e9908c7d692e7e3249e0d4221f2819a0ab33e9f2f6940f"], 0x50)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000000)=ANY=[@ANYBLOB="1400000010001176"], 0x44}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7)
r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$binfmt_misc(r7, &(0x7f0000000000), 0xd)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0x17, &(0x7f00000003c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x1ffffc}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x6, 0x0, 0x6, 0x9, 0x0, 0x6, 0xe7030000}, {0x4, 0x0, 0x0, 0x6}}, [@printk={@p, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x4, 0x1, 0xa, 0x1, 0x9}, {0x7, 0x0, 0x3}, {}, {}, {0x14}}], {{0x5, 0x1, 0x5, 0x3}, {0x5, 0x0, 0xb, 0x3, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x19}}}, &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
listen(r0, 0x4)
connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000080), 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2}, 0x94)

2.378796434s ago: executing program 3 (id=1880):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x1, 0xbfdffffc}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000003c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000f2303920422c021240850102030109022400010000100009040c0202c17f0c000905020200fd020000090582020002000000df053ea51af0f67692ade655091de97cb5d316ef45875f212aa3bc022915ba863beb0cce9085ea7811c9e7f5e751c3c135c9edf8b26a3237cad9ba9a592c912257acd840c8690ee652cacd208506439585c27aa23f67715339ccdf5da6b752dbefff320705239f33506ddba6ac2ca0e54912d57401164f3408d5c673877a09c1b5cbb60dd8c82377b6498d55dd77908dc97bc146cd69403e13c6913a9628572d0b00f863a5d83214b059f1297c1d59864927370d61e217cdd3349ca5f77a16e57d29b99eceef4412a072fb5764df3064202319361a4cd7c1bfa6c5c02d261773869544df943866774ee63fcd94a734bd71fe6d4a8c25c72cf85f73cc8053da36e67751ec04a4fc"], 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
fcntl$setsig(r3, 0xa, 0x2f)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000"})
openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)

2.378184153s ago: executing program 4 (id=1881):
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_io_uring_setup(0x60db, &(0x7f0000000140)={0x0, 0x7cc, 0x40, 0x3, 0x2c0}, &(0x7f00000001c0), 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040), 0x4)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x7fff)
keyctl$set_reqkey_keyring(0xf, 0xfffffffb)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(&(0x7f0000004000)=0x2, 0x4, 0x0, 0x0, &(0x7f0000004000), 0xb201fffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c080}, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x78, 0xd, 0x66, 0x0, 0x3}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
write(r3, &(0x7f0000000080)="1400000052004f030e789e7ee2ce2fa4ff612d27", 0x14)
recvmmsg(r3, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)

2.340690407s ago: executing program 2 (id=1882):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
mount(0x0, 0x0, 0x0, 0x8000, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$inet_mptcp(0x2, 0x1, 0x106)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x58f7, &(0x7f0000000880)={0x0, 0x0, 0x10100, 0x0, 0x104a}, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

2.165005014s ago: executing program 2 (id=1883):
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0xfffffffffffffea7, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0x0, @mcast2, 0x5}, {0xa, 0x3, 0x20000207, @private2={0xfc, 0x2, '\x00', 0x1}, 0x800086}, r1}}, 0x48)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = openat$nvme_fabrics(0xffffff9c, &(0x7f00000001c0), 0x121002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
getpid()
io_uring_setup(0x30a7, &(0x7f0000000000)={0x0, 0x9dd9, 0x2000, 0x2, 0x373})
socket$rds(0x15, 0x5, 0x0)
socket(0x10, 0x803, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x4)
write$binfmt_register(r3, &(0x7f0000000240)={0x3a, 'syz1', 0x3a, 'E', 0x3a, 0x9, 0x3a, '\x00', 0x3a, '/dev/kvm\x00', 0x3a, './file0/file0'}, 0x37)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f00000001c0)=0x8, 0x4)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback={0x2000000}}, 0x1c)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000001c0)={<r5=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000400)={0x8, 0x120, 0xfa00, {0x3, {0x527b, 0x9, "d9b2f9c34eec825c56270ee0996ce93778f903bd60c37c592834b2364b70f8c7ccf5b1a8c3c967827040a31ffbb51179c3154c3200019eb0674b2781513f5fcecfa7736aa5dec1b9f64c1bef040c1a42c4d5f472498036ba9ae7b6f93adad26809d0867a08e6574f279190f7c8a6e0d78f35fa4957d1437e623cc9985339d1806c42d4beda82145455ea54cf5400043a620257cbc1264e727bc0df74675bdbb5cb6e7cce465d8b6d00c5ab1a7477a89270424f69dfba1409380f4e8de2d40e609f7456689de198785f4fd316412157c0d7995c7bb98c5249b9680fe9ca4c96010c9e4153cc05a71f88147e0c0f1d59921876b28703a09988f01403849ea88e71", 0x6, 0x0, 0x9, 0x4, 0x3, 0x2, 0x10, 0x1}, r5}}, 0x128)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1.590825255s ago: executing program 1 (id=1884):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1221}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_LIMIT={0x5, 0xb, 0xd8}]}}}]}, 0x3c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f00000000c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f00000000c0)={'wlan1\x00', @random="0134010100bf"})
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r5, 0x8983, &(0x7f0000000040)={0x6, 'bond_slave_1\x00', {0x1}, 0xff7f})
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r5, 0x8982, &(0x7f00000023c0)={0x0, 'veth0_vlan\x00', {0xffe}, 0x2b1})
sendmsg$BATADV_CMD_GET_HARDIF(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, 0x0, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x84)

1.502210861s ago: executing program 0 (id=1885):
socket$key(0xf, 0x3, 0x2)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x22100, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYRES8], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b00000095"], 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10)
socket$packet(0x11, 0x2, 0x300)
close_range(r2, r2, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r6, 0x1, 0x4800003e, r5, 0x0)
sendmsg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
capget(&(0x7f0000000140)={0x19980330}, &(0x7f0000000300)={0xffffffff, 0x7, 0x9, 0x9, 0x7f, 0x80000204})

894.497491ms ago: executing program 4 (id=1886):
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="2d5a8bfaec0503d4ee82255ccc79459d336c02f6846ffa083727a27fef8e41f33ff61428dc81376619b5746876cab40bea6b76e7a18d9f0f45c5f33c3f3e548879927a89cca1b9829ff887d45cae3a0012b8eec038b982c41410eb0cffe4204a0387ae9ad2d2eb6f904feaea4325a355611cfdb7ac6c3495a4bcfa6a2c3285bf50ca4a25c77f383bdb14c2f038ba311fefcbe3d334550fb18a5f462cec0e41bf00e3ef37c78bb0086cbdc72b561eb2e285a15002dbb8b7a858d33bdfef916ce90eca18739db369eb9aa302efdba714da8bbd0baaeb55eb585585542cdfe62755b7dd303c01c44de59f83de2b9edf1e60279b16bc7ee4c277e23701b7d58fdad36e8d91c111be46581f230b4cbbe8b9ad764cd3e067d7b7c5e1082a55c86f7cbc77e049085b2749b2ead86b176e4c8d2498a331f1118c5ed72ab0fc4228c8214e0e48fd1f265ccfd3311eff1f9548d1217c02de43ebc6c896afbf6065592ce3bafbc138524c4ffa429c33265cc8ebfc69e1adf360f97ec2edbab35cdc965dfadfa522a591734e25f91a44023ceeaac091534ec097d7a6f9a8efe84829719e41c101ee103c7b8c6d7fb630da2ffdd692d13e9212539b8484ea7fbccc74ecd6b44e08852505badf79984da7ffd06e78b05b453e89bbeb44fb0e72d527ee63aee52eebf2e4049705c41ead90017d7a512146287226941b20b4a603d1f5d9e6c559d55c5f6de7e9159e121dbbabdcdae8f359f66c218fb24d20c3b56ca3b4a2639b4b54e0775f29c731a3fd33331a76c280df2bea7fb0778648bc55257c42cb1a4ae173a21e33a782943d733e570595aea49f391ced7df117548032f44d611d1fcafe7c08fcca48ef9bb719d41c2cde9eca1727feb7bcc14757316a3fb315eb0adf3b60f5d6cfe231e4dca32f1cd2a74a68e44b1c09471f135d6abf0d7d417a42323923ced88d39902998a177bda4d7ac9e5479f0ae49f5fe51818fa13dd9131d219658ed2de42587f415396aa610998f2b166a053cd272ef751e5447122c03f33800268f63503a237fd62235c65fa995ced4facfc61959a7b64f7ef4bced8cbc10222a18aaee1fcc282163cafc4bf899a7de76ac61499fa1bdf6e6599a9b6e46d202230ee0be421b38ba66b85c7e5cb73e26085f8b62b4141f8728515f12019e1738bc5b278074c56be74033511b21e97a727c8a5f9c186af9777574f52d957082122dcadefe3c376f73a33e41094ad7cd404b50e963a200b57cbf4329e59c5b5a42f8700613e30af94109d5562262792e77df91e7e75c40080f8ca071449bc999762d483c30a4eee68e89be2d138a4b64af3c0211c3540227d85801dc16d1bb669a16b243fa98ef40edb5b5fe05c50f8702434c4d2663e874aec996463c6d946fd1391096b02198e88f5e568300d6c4848b4fe7273af633cc6fbf6a5e37feea56cfc20a0b42a5c6266c805823bac41f8d4eb43c6c4673a4b6a8dd303fe922ade7af649cb21c2919390a9ee62a08131ea21840adc9cc023e2aab908ea6bf2d41e52918ed6423677933cd1729cfda6423e540aae3f043a1296b6eb9350d38e07abed7d1ea7249b1b67d17322050d01589c9787f4e5a904c5cfb25e047f3e46de5222121c2af122bd3a3b2b0f35ea0a81d3a862d77217e992cc74f678617223cad5ba21afdc58e6af17e7b4ee3a506f34069d2931ac62d47f86f1983d7204a32544ae0b738cd5ab3efb940ad752ebbb59cd28d98cd6e0441f020ab2d68cbe90fa44be7f7191c2f5748c418dde668ee87d579baed4358b5c47e03a89ddb98fd4209fda85a277460ca20cc6de67c0f35e39d3fcfc070530140f648b50dbd3236d8e5b5e63be12191cd67b9ef128440d8794dc452b5a16f250c9e378d52b1132efc4b1ec8a7a3fd04ef82154de056ee5054fb15dff8df06bdca1dc8b1c1d4175c967445105954d10f0fc94acf39b68105d188593584333312eb6fad6371cdbbbf16e88bed86600d9dac851661dd3cc64f9bac0b2b81ad2564274b5bcc040f065f3fc055f7e254f8954304140782b9a2390bb61fd82d7a99ddf96468f3ef43113b767552969d71190265b76c1358c4e16a21ff959631a19c6f5a686b7884d75aca2810decbfd9fe0520f3b322a80838a2e633e1c2a79df01786f605750b84e2b04b7204ca6022973fca4ab0c8c67caee2349a6b839aa6bebc862f2f8246fc293e0f14a375581036becf081e4fd6b0cc2f7465fe7f932890884794215838558c0ae6de81efd624c5290bdf52e95e4d5b1eaf280d76eb0ceddf438bcf1d4b83e8eec3aaacbd7ea0421ac84f08a480ae48edb7c23c3f94dc59a44b3c5712800789fa3b2b938bed137505d2b247a4c4a9bd5ceddb900cb9a502d10dbd620a7ef84fbf49081d52419e5d08ddd5a1873f6d3ea6a822400ffdad29899bfaf73ce3d8ff182b3ca8ef1c39fc34b93767b9a13401427c440edd2e5f801655e60dc4c5b4ba84e504421b758e0b4c743fd1a1b6be27702e751960b431f1d7a7fd68a9ab198a5c6dbbee137283e6d6c69eedba5345e551e4421f3dfc1c957bbf413c48f64871521789487707278c69eb71c33a6999d7e497dc3d7d022f008addc112c116637f6d29c9247de134eb860cd3e5af369ee474883e7a20c40ba02160ec19dcb717cd3f4f3f0293195242fa814042ad751c774728a797a8c483e0562a2cca698053c1b66c0310affdb6e5767ab6db583ac415119f1760bed5f405c5cfb63b2ccfd5dc9d119fc82a86f98551d92f02410fdddd450f0a661ce041fa39aaba50cda470d3080dec7345a54abe2a7630a7fac84bf95c30a0dff1225f7b1aebb41daec68ceff2b0f502e7433f395aeea75c1ba88229b44fa5c6fa2647e44db139eca1f2b7142b6c23d4879603bb5617e94de0d5353d1b17dfb960eb1c11c67d0d1e1cae94699cc9397b79150dacbbc7361261d5445f237210d2ab8120fe721072394b77df46894595b8fd56f034318e90e3cad94f1655911b9bcc0bd15c628c0248e134295f3ff69cf8ea536b4b7a6c11b4e04955f9f1d9bac2ad39d81ec929b0d29999ae5a865bcc2cffc8fb42af6e486ca12a4c83461c6a72b3c88e4f3d1a9c1f13adc6defbf0110746e39b1d01a5129f996a2af48bc52f06a32764d8d8dd984c5dc4e8bca0ffbbc7e4cd226cc278b35ed16bed6e8aca4a1c18120eef0966dd5327f252462477d43cbd1497654ddd3358d24883d9ddde40f1bc8c5610370841b1cb13e84162cc6d0818987350c22362b12c0f315dbc5dbc33c224bf8d57410f2621b9c45d6857b0bed5aae750db0dd4c6cf50bfd6d5e0c816a9d8951402a1c50ad8169fd94427b42c58399c6d72b1f213e009af4f650e5ef67d2f48c7dc3ef74a8ee453ab84118f2f0e4ff2b8130169ccac37198b337205cae506e8d70acba86aab28caa8117b1231d9c4b631fa3aeceb3c236182e25299392f1ed986106071097314a9b9bd0f30d853e8b4044c00f04b45b2923b572a6a41cb5293cc8dfdbeff56a1375a33bac7b220056a6f6a292035b17a3c3fd55897548c68ad7886ef432cef353da3da8deaea09df078569c042258dfc0763d54be89302b11a6d24f4086028b82520fb6d967b78b611a7e9661a92b1a8f12d407d2289e85a82bd0b7c742055acd2396ba8d101e91ce2e9f387e909fe6da3109e1937b1e12515f23c8f1b739d4c40a287cae3bf59e901fff2ba0de0a36a304428e9febe42a01dea2eacae9416a72ddabb98d2e69c70ea9edfc57cd81fc4217ec353caf01a1a61b925102f866b4090b6447cfd8eeff2a3a49e30fe0a4fff77fe1a225dbdb2fac338526c7438631b69ead8781b86801f530b04b1544be2c22aff4ac89b0ce4353526905e59e18f7f01c221e42354a5269e0e28afa29f38bcab3923fe8d64fbf81433991b0bb9df6fc4c28ba175871d87bb5ce6cf5bf4572bb873c044f0aeb2981e34a005df55d354db0353f6433f76adde2c124793a1da43aca0e62a744992ed8efa8571a26857aa65a21cfc3507471ab75525cedb559c430b5d03a5c4e923f7fbec50d0eb10fc40b3d7986245f4c6888a53df7fe7fdcc11261e70d8cca04baff938f8446bd9048baba31085f20746c5f0e00d816dca934804ea2877cca51b5c0e31dfeefb9e91e41189d67412a09af16b4cb709e6fee71b2766a71c8397578516b656633bb620dfc8bc15de4ea5f75f6845ea44805442125adef9377e98b5d8e73f3a0bfbd330467daf10d9f7a95cd6fd4827fa1b062898fa454437bf185b9e0d98c9d10a5db80364bca446205739b23a1e7e860647ed30e2b72524da94a5f70dcbcd67d8df08f0d57583011d5487669c5a45905125186590322dbe481e820a6a6c29c136fa4301ade06baddca45f0d5ce913b5b763d293da4afaa450b17ff4933e4478fbba9ad9e6e5eafe9fdeb82b7d65bc92f6690d03a49923810558b5e0f5bf47e7d000a5e132217c174445565d57d29f02e71d7205b8ec10330fea51d972fc5c81b1b36775816082f979b5b1fe3601c9c8e8fa0c3504bfa30e3603d5a0f3a7cbd27d744b27cdbf318acbed70697519605453df106123e1a6148c9146154986e288d8a70b6fed1667cc1e0b199067c704a6d41ba751b53102ebca01b3ce90226847808646c95f3eb231b6af0b0f329bd997db5a4d3ff18edf0203e351fcfa8c8ae2be6953472bbb3f40bb6ab3f8f2128d11a3bba133f0204e2e0df189cc8d2cb8af81d0941a37c2165112ed452008930bcc607fa6fe3ad1def902d89c7330e6042f6f86c3a75665ec603b6e392b417a0d907d42e6534db72adbad4266c6601d7b8bf8d9cde807088f76b07c06840d0806eb89aa545292284bf050e732e547ed54417b3ec7e7a7c5e8454a56f5092ea8cb27e74e0672c2951647e29dadbdea86d2a4d9e53ab01c9d21e902fc9c6ff4c317b3c0398561364e880e2b079d79a27d6dcc3d586abc043477981bd36746f5570840536bef104a158e2461296717d247b6004565ffb8eb9bb5258c65032f0b472c4f3667a17e3ff65b45c91e2411b5990f054e0c2a05fc175d2db7fb32ca32e4c11b46f08bae1614e2add96133ab383c1e78f4e3f21ed3010a35c76ad88714b526d3a5ba799e6f7bf9d5696e7b42c8c264162a28831baaef180f40489ad681af6c0a674cc7b65e8b8ab704d15546f70ed1e67f7643bbc8d0b8482024b8f320b5bdccb1014f5e1a34c6c795428660f026d93dd5dcabf2330dc62894bfe48fde6b931ba55dc2a222a27a3906ba5b98476321b6d27217fd58ad93b616aac91b139729d91de6f8ef49402e2741b8dd821f4cbaf7c4662ac782b255dc438164e54c417044e9bf5e13a8247777726dacea4341d8ba03bad17070dd0f07da13179d29ac00aefa41aaf4688e99eb395205f6d6d71999b3718f7f2d618117334977a92b15ed52e45e7d5df7a22be9cf0e008c41257d99b2426068c48de100b8e3019b624ce2f2849c35b74fe5ecc4478b2968a97cfcb759fc73c8cd21bda084646dadee926a4f606768749a89e11be2a23985631c922a73ba93f3619dcc4621c8da57697420859210aa43ec06feb649b9f1362fe9553f9d552b77203085d9a4da629f03fbf339bd8ccae6c411f6d8f131232575d28af2a2690529080f02a5a74fe59d1255039f09b8d565a4838930f88d6129389f2312a2ebcf0fe7d8b6dea3484cea9a1628349218b8ccefdea2b6c37676acc2a082fb73b19705e98079c1de7776cb830e79c0081a2da4059714f19587d10223fc50ea8434f1c7919a77acd7c5b20ac9fe8ad9d348e2c5bdb57fac1ec0c31a1688e22aab4f1a81826f3a47bd364505d35975c105a152aa8e42b2422a100ad3d3184d286884552143051b79294aba34bfc5cc332f0b6aa3bf186776ceb8861336ed97b85b9a7d548bf7b7a907256c7c6a2427d92aff68ba18544b95a75564029387fd2569943f8d54e64cc621123105eb56bcfaea06e38af31a05ef38302d2b6178121d52309865c5ec1147159c07b4d4e1ece24f6a1f63a492c617870c96dcabf43b73055d749e465cdbb965b18091eee65bd423f249d934ae904c2129b93d116353fe014e1afbcab5f74766a806451855bc28494653b9a863b9707c2a0fce3eb4b55c4220078651a94d3b9c6e92f4995dd56ec17d144b07bfb1b955b557d14774e64f400e0075781381b33d73a60f6b96cddbda0962b2a609e6bca56a109847bc13798be711d3779d5a8c6541bd247fe3b7477a1378cdafece044db3f31810bc95f8fb4ae7a8815303faac03651a13924308c06c8e86506b7d186a717a1bda1d7cdea2b8b682d37f954f488a8e0d65f868a81b1af4b8f7331ba84414a7ada82e81e06e76ddfa0aca0ca9a53a5de0bcdcbb77284bab522ffb6f803e95f116ac1670c50acd36d80f170e8e7e05163f050dc89dd93bf9160a545174472376e1fcbb945e9294f796a09ca78452683b8bd39049d118acc24ef0dc18ef88899dd7c27a3585e914e6f6bc8bb1950c061c722134243cf151785bc19dada45b90d97cb83bc60885a908d0c13be9e54f1929fe1f76fb9886808caf0442aca4539a42078bfee82418d611f4c432fcbc5242c35a396c17c1b93b98b277a9c8ef0143643e120c0de4b7c6beb0a582789b81a9d3a0b8f96a332c89764283d84ec5e6b8350683a2b4eebcb214a7ad430ff9ebcfc1d850717a8d38b8e35e67fea4b8f14938cc3eeacbee30616c09e848ebae3cefb8f2a904f2b3d1252019ec914278942d9b914f95574031cf21f412aa7500f3955db7b9ef9403750058d75e53d16803d4463f7884df1e361d34ce646e20b3427a45cd307283f1ff00cca6c841fb9b06543bf1a254b21ff421331facb2f08a484904ea25e049597c8b0a2140e8ed2906d574e73165ec5591c89b5dc08e5943ff7399f76b1df90947a9479b1aab40abf8ebadfa1455b6dcac672f495a64b6230fd3fe948ce6c16cb87e11ac7affc9047ef33fa64585c1dce3bab4fecc0c7d81b5ea73aed3ef63fafc880b6e2ba09d0df6d626e817075d5f330d91cec4bcf4829c20192bc0ef7f728f52dd3e074bafda4f8cd8465311a9124baad61bd73ca76a0d0d1b80cb7a5e429067ed4707b64d38613008c8af3ffcedfeb8cda26def8bef7cf947af23939d18adbf56715f90c2df716eb037d536cd36bc2b832c57f4a319f392e1ab37e02dfb392bd52b02801665c8ea28edfcb153f267dcfbd671d4eaa0d56335f7ce5eccda6b9f74621a1b322f1f3a60b00196a65327b36419394e776b2e1c1479f5f902c5918adfa5b112bfaf786eeea1abae7c8c9d3e3fe737c23092143376808b5e26cf896fb5202572533facacaac10ec26cab819f74cd372c95d50a9b6560da69c1b22d5c15759b7ab1d8118e672bea9af7e8a30458ccaa1586ed2720d5465e139fe3dfc0bc95107061471cdf28a42aa8149848a147a1710407021d13e611b36ad3624de35c4dc5a02ba8ae724b2d8cd85f15094e1893c98052cee135d0c1c11a73297775fb517abbb471a8b100cb51d8815acac16703b56f8aadae334601a84fc306efa08aeb2afbad94632b5f209603cf5e5ca634bd74ed2e525580ddd2f2ee65241788f5e867b44d7ecd71f5858d269ffda98d93860d8f1c26c47df1199f95991b54808bc26c0ab67b40745b8dfed41838e2c5594413d2c6022abe3c1f132e9f7c8c69e50729325d37e7502519d53d7e1bf0bc8f62d216fc9c88b197cfa1571ce8368cc1b4b625559cab7e8397c6c7bf537bc8b9d604f4bdb04cab86d349e4a33f92eaa07378eac07ed8d51aea9c15ef4c4b0e0a16f9c794701a1b74b58beb15cc165a4dc1a13a0886f55cba2b977447b61c01e1295a4221e19321201f1df0d25c9e14bc4433678e48a5081de7c81f79a6370843bf0d6e3e5192c1ddc0bad14a11ada8006e4f6549da3a877a991351610eb0c5bb6228d266baa27eab2b9bf4455fc54aed3c74c12590835e498c11efdc63dde52a62d8f3a3c978152018182b3e4cbd00fff317d06f8e9475b4c7506dcc5547d8ace2b71024aa0e2220936d2bd05163b8f15bc429378fec52ac39d167200758884056dc14d3329b1d47f477a217eabb651fa97e05451cd6e861996648ab439c9aa6fa032e9083b8c0f87890c88c50dd5a6e6be8c4a4361f3b4c3181c570407dd1d2d835a87dd4b24f55a649c3e478bc002f30894d06411dc4dd8277f796976b8b2884ed371013225bbd95955827741331777da30b1b3370fb4d0bb914d97660f7e06759ba54b5697a4f7cfb67035867f39e53306eb55b31ba660769ce6993b2f44a7173576766ed20992d04e6b4aff20c138102537a142ceeac3804fb0a4eaddeddb6bcc69007c5531f0ba6851854d8d836a51e8d644c7b79e071f19986090d2404b562a17e1ec1da775c171373bcf5d2c3d7dd64a587d66e42b6963d892df898766648f37c8d10ca249e28368c388f4e70a80b2992a0a390a2d51a17a0c1774fec2d399a2b0a99c802012fff6300c4275d1305b9a9d0f8144df64da9016f16369e813dafc7cff55c5a60602141fcaa62d9fc0b93df6524d8692be3c7ded5354b63014686e98ef2b5947eda93e0cd232d3fdea943d3bc92a6f2835c55aca33dcd087b7260bc68def6ce96ef5d536b61006a595219382d8b8365eb92eab44e677109971bc4dfd077a56ff1f27e9b80edffb5ecac7bde5dc2a74c30a24b9cd1b0d4356ec424350e364d0dc929d657a8626a22111d4a0f360fe33be72a1f2c4f5c1b9843145ddff70d583a9b433cab33b10d93531aab7bb8a53c738aae79222481b135eca9441f47068299deabdc9c4f77e5d4ea286e8300eb5956368d0499691dbab1499baef30bb6c4a9bb0159635dc1774203fda828bf804e8f526ffb55abd8700915232964b7f219a7bb221efa6428089263ab753eb421a1952bc780289a85ebb9b510dec67a826ccce1cdfbb29a3a55f4e1068ca2c077544efac686d77c67c927430c3ac78c7c8b1f834be9a689fdab38f1401797dba32a284f5c5f9ed13d34d8a001cfeeeb7de12aaeae7706004f96a293e52106fd945428e7e98915070b1584a323bd8f00b9803ce189c9c0af032752d979df57a5098458c7de034db79f43d27bcb720078b05e5f364f2d789343fb6fc8b2cab810b1745fa36aaccf5d27fc7f06ab821268d83e697870632814319533373f24584b35b2ba9dd9b52a4a2e559c90b1b87549530a64fdbba5587242535fd0d600fa6e8497369a5587627182c62da4a47bc6ea99f7aaa765e3b74b7d9c48e779c8b13a2535d03ef8ac4bf3fc9e6eda5628034e7e453fbd6153b8b8e9f693c5dfa37f6a0a2542e6f86ebd2ae926822d7b31963c8879557dfa2a869ba3c5dc2dfcb60bc0a0c9816c2c4c58bdc09c2d76a007e68c38fd8b88709e5c49341630e333e13413c3e60c0d768d4c98bcb297e819ceb0f8b229d3037ac95639344bf42ee7f77922a6ac039837356dfd7c0ba3c5393548369bd71b4824326eaeb80a9c249504a08bfc164af220047cdf054d928a8d929a2fb621665122062dbd5cdde82b8289e0d510246e0bc30d34d8e96703f75c75328f99437be474315d8cb55066badbc0ee852c8ef28e1de7f5b58dda97742db5f708c6be3279d700ba147f1519485020336c260d825920870739fdb288f22b980fb7bcbf147b1a95fcc3d8d1899749d928eea8d47cccc1fbbdd5729a3f2f73d2ae352eb3e043405bcb7fa12b2a80d6a3f0178a18cbc5794fd65f0caddaff57616dfed94884a48b27b181c55200d9ecdfbb082dcd2952089938e134eecb40c2f95cb7808fc7da09282787edb1939e75bc8e284c01239a895246be025c8e0168ae83f5adc62f4f81ddbf6ba9b5fce3ddd111eb61c42777a8c303abe291aa9ef383ef1d6c26c4f8698375cc76a7e078ac948f2e84de084fdb380d38d2e1810ce8118999554c06f8d583bd37003b407dd7b41a3b14f10a5ae7c2e8fdd087cc322ddc399fe38cc542bc957b38b0fda34a3ee5c6a97d25629d26a75de211fe1cc4ca63880caa8f85f3bd489c39cf30eac81784e4456a775dee3045df2a1875623a4fbf227cf90cd237721a6dff29d26a16306e4033cc644e35cba3cc4e45cfd0cefc9c8d8a0f35bf31a8319b54fb549554c7089b9334a9867d51d71aae1f342d5602ef2d394e6c8a8aa6c15121d8c8b3abe3416367dcc276c048c65311ad70df0ecf0cf817a1a27e1dc50fedea83de8a8bb7746e23be2f335c9cda9a7f08d72b9debc35d49e9ec4c9815040c38c11375dd7f2897b20479343b86b51c317e0e90f9465d8c425857e1831931714284c60f68036134304558e53d2d42813a42a3017ab21feab6132f3a2f8c5670a1076dab6136cd6836b52d7ee54639758085438831dcd8157ccae47784a35364babff9299e4eaa389931199b4901f12185a0d228473d4a147d88e55bd11f8ed2957b7f2f3efb3e444f0aec9bef1f68cffbdac04698cc277706f2ffdd263586b84c645f1721ee3008b398918fdfb9b06b98078447c0edd7c058524825a1124e9af37fa9cb77302aded60eca394c866397c3bc18f8277d9277921abd06b61b1445f43cd7f0b5b2c023832f6d67f86d9b6ff9985edee1ec2572486b43d3be834d5b60d208b1187ca7cc8b17133f55314ee640268d5337d7dcdf1742cb543d63ae3c09e312ac05b5d585d9437bf16bd560ef739f12c878178757e1f675a8671becae2bf03f87de4bc40b4b7a3aa6e2f28f015332b10b9fe426ebd45d7a26e769bb05eb2866bb34c56b079a5bd23352bcb08c379b400512b0d8438ee5371171ccbf2921c1e150fffb5885286f933f4393088ba21c47b15d1a35de27dbd02e58859aa080f87d0a857e92d0f52c549c04cd9368c94a8024e184773cb3431d854c2855e93ac9f24d5e45d11c2acfb03755e7f279b368e2e31b3653a7d7e2e102ac67f363c195272e2896bec544f669f2d25ae8638ac30da6ed52404b32b8ee9f0f2909ef6b4e2db3a6ea88b8a6f2f2c025959efb7b94005eb307aae01af8a19ee6178270be09d93837793b43bcdab98b9c04b6bfea7ac2217c11aeec277bc199b67ac24b7352299e7fec85aa151029d14441b56bb6031cdc72a1a90ef537c6d2bce7ffc7c366a88f8bc87cd8ef4e91b5ad9d85ed84f9b85f029252ad5ff13d564d842ef310feaba90974e40889e7cb753eb44ef96bc4c25b021fe50e9957a9c3cc9904aa920fc8a8e82a826b945559b57591fa1a26c380afe65d930f9bd9a3d93f57324d28c2741e728cbd106dccdf66863e49db8a0df1398ba8594fa5102b8157e4b987f4339820df5a7aa2b1c47ed0211437ee3d81dcbffa500dc4b743d49028581234c7e9db2e951d5bf3e3c448ce58bf94a2f7ef95eda07daae00bef1794d27330927b2460778fdee580efe431ee244aae452cd60100b6c9f0cd5e79e170a7b149abfcc26b77d33c35311c95e3ba0752eabce3d1310a8aa45ecd1659e4e855919d153ebeb434581a6d352508771b030acd3fee51badf6767a7931bbba2cf195bd98fd096a6be14d7172cf1dbe3a82bae73a29223c623c090cbc5fffe8f3291", 0x2000, 0x0)
syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x8000, 0x0, 0x2b4}, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
bpf$MAP_CREATE(0x0, &(0x7f0000002140)=ANY=[@ANYBLOB="0b00000008000000020000000400000005000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=r1, @ANYBLOB="5fbe7916036fa72222a7b4658bdba8479f45a0e3fef464db4bf8aaf993642e4685650d05bd3ba894a3d864ecd500529f51e4fc68f5d0ecf1b52689289438b60cbede76c11c4553e6a03501ed32bcae4e0420ef67e22b3b3fcc393b063dfab9f19bb9e4d617fce10c29eee5ff5110bc4ccb8bf4dbb5719e8f3e30f4121218de0db98639aef0b136a4f0c71359544726ea6b1ebe5f3be06dc97b9627881509a60df8d144478cef91203398d636766ccf619a7fe146142def2cb020c36a81f0154356f72364af13fa8efe79ee0c8d7aa8c0fdc9d43ff6d655eb6ecf7298e9bcac0a99cd4ccf9a84", @ANYRESOCT=0x0], 0x48)
close(0x3)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000000340)=ANY=[@ANYBLOB="14b1d71a9f59e0c284bd7000fddb03"], 0x14}, 0x1, 0x0, 0x0, 0x449d7}, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0xfffffffffffffd85, 0x0}, 0x40000040)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000002000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6000000010004b042cbd7000fcdbdf", @ANYRES32=0x0, @ANYBLOB], 0x60}}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket(0x1d, 0x2, 0x6)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0003}]})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
timer_create(0xb, 0x0, &(0x7f00000000c0)=<r5=>0x0)
timer_settime(r5, 0x0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
timer_settime(r5, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)

641.762499ms ago: executing program 1 (id=1887):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
dup(r0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r1, 0x40000000af01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000200)={0x1, 0x1, 0x0, &(0x7f0000000740)=""/51, 0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000340))
r3 = dup(r2)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)={0x1, r3})
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f00000001c0)=0x304008000)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[], 0x60}}, 0x0) (fail_nth: 1)

432.342078ms ago: executing program 2 (id=1888):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x800, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x1000001, 0x5069f481, 0xfffe, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef10542a2201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42731b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c32768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e179100a0000000000000021e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90a14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9edb6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc83cccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x24c01, 0x41)
r3 = gettid()
timer_create(0x0, &(0x7f0000000180)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f00000000c0))
timer_settime(0x0, 0x5, &(0x7f00000001c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xa0001000, 0x0, 0x700, 0xffffffffffffffff, 0x0, 0x0)
dup3(r2, r0, 0x0)

190.248072ms ago: executing program 1 (id=1889):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x68, 0x2, 0x6, 0x100, 0x0, 0x0, {0x7}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_MAXELEM={0x8, 0x13, 0x1, 0x0, 0x80000001}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xd1}, @IPSET_ATTR_TIMEOUT={0x8}, @IPSET_ATTR_NETMASK={0x5, 0x14, 0xa9}]}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x20004000)

70.185086ms ago: executing program 1 (id=1890):
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000140)=<r0=>0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000000)='mountstats\x00')
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1)
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x0, 0x0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000040), &(0x7f0000000280)}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @local}, &(0x7f0000000240)=0x10)
r5 = socket$kcm(0x2, 0x5, 0x84)
remap_file_pages(&(0x7f0000abb000/0x3000)=nil, 0x3000, 0x1000001, 0xb8, 0x20020)
sendmsg$inet(r5, &(0x7f0000000280)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r6 = socket$kcm(0x10, 0x2, 0x4)
recvmsg(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000006c0)=""/4096, 0x1000}, {&(0x7f0000001f40)=""/4091, 0xffb}], 0x2}, 0x2)
sendmsg$inet(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
prctl$PR_SET_TSC(0x1a, 0x2)
pread64(r1, &(0x7f0000002240)=""/234, 0xea, 0x4eb)

3.15053ms ago: executing program 2 (id=1891):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000000), 0x180, 0x0)
ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0)
r1 = open(&(0x7f0000000300)='./file1\x00', 0x141042, 0xa3)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x2000002, 0x4052, r1, 0x0)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8001})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000001680)={&(0x7f0000000340)=@delqdisc={0x4c, 0x25, 0x10, 0x70bd29, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x6, 0x10}, {0x9, 0x9}, {0x3}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0xd}, @qdisc_kind_options=@q_blackhole={0xe}, @TCA_RATE={0x6, 0x5, {0x2, 0x9}}, @TCA_RATE={0x6, 0x5, {0x8, 0x7}}]}, 0x4c}}, 0x4)
socket$inet(0x2, 0x1, 0x0)
socket(0x2, 0x80805, 0x0)
r3 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_elf32(r3, &(0x7f0000000e40)=ANY=[@ANYBLOB="7f454c460407000304000000000000000200030003000000"], 0x258)
close(r3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
r7 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0)
ioctl$COMEDI_DEVCONFIG(r7, 0x40946400, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0x5)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x28, 0x0, &(0x7f0000000000))
r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r8, r8, r8}, &(0x7f0000001cc0)=""/194, 0xc2, 0x0)

0s ago: executing program 4 (id=1892):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000280)={0x0, 0x275, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000600)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2020)
sendmsg$rds(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000800}, 0x4000008)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x5, 0x12, 0x0, 0x3}, 0x9c)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000001c0)=ANY=[@ANYBLOB='3'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x38, 0x0, @fd=r2, 0x100000001, 0x0, 0x0, 0x2, 0x1})
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r6 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r6, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000040)={0x30, 0x1412, 0x400, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x54}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}, @RDMA_NLDEV_ATTR_RES_LQPN={0x8, 0x15, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000001c0)={0x70, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x40}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x26}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x8}]}]}, 0x70}}, 0x44000)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000980), r7)
r9 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r7, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x64, r9, 0x100, 0x70bd2c, 0x25dfdbff, {}, [@NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x2e}}, @NLBL_UNLABEL_A_ACPTFLG={0x5}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @broadcast}, @NLBL_UNLABEL_A_SECCTX={0x1f, 0x7, 'system_u:object_r:tmp_t:s0\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010101}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x4004)

kernel console output (not intermixed with test programs):

973]  netlink_ack+0x696/0xb80
[  457.760280][ T9973]  netlink_rcv_skb+0x332/0x420
[  457.760302][ T9973]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  457.760326][ T9973]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  457.760359][ T9973]  ? netlink_deliver_tap+0x1ae/0xd30
[  457.760387][ T9973]  netlink_unicast+0x5aa/0x870
[  457.760413][ T9973]  ? __pfx_netlink_unicast+0x10/0x10
[  457.760447][ T9973]  netlink_sendmsg+0x8c8/0xdd0
[  457.760475][ T9973]  ? __pfx_netlink_sendmsg+0x10/0x10
[  457.760509][ T9973]  ____sys_sendmsg+0xa98/0xc70
[  457.760536][ T9973]  ? copy_msghdr_from_user+0x10a/0x160
[  457.760557][ T9973]  ? __pfx_____sys_sendmsg+0x10/0x10
[  457.760595][ T9973]  ___sys_sendmsg+0x134/0x1d0
[  457.760618][ T9973]  ? __pfx____sys_sendmsg+0x10/0x10
[  457.760636][ T9973]  ? __lock_acquire+0x622/0x1c90
[  457.760693][ T9973]  __sys_sendmsg+0x16d/0x220
[  457.760715][ T9973]  ? __pfx___sys_sendmsg+0x10/0x10
[  457.760754][ T9973]  do_syscall_64+0xcd/0xfa0
[  457.760777][ T9973]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.760795][ T9973] RIP: 0033:0x7f84e278eec9
[  457.760811][ T9973] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  457.760828][ T9973] RSP: 002b:00007f84e36af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  457.760846][ T9973] RAX: ffffffffffffffda RBX: 00007f84e29e5fa0 RCX: 00007f84e278eec9
[  457.760857][ T9973] RDX: 0000000020048040 RSI: 0000200000000280 RDI: 0000000000000003
[  457.760868][ T9973] RBP: 00007f84e36af090 R08: 0000000000000000 R09: 0000000000000000
[  457.760878][ T9973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.760888][ T9973] R13: 00007f84e29e6038 R14: 00007f84e29e5fa0 R15: 00007ffca5dca668
[  457.760915][ T9973]  </TASK>
[  459.038022][ T5812] Bluetooth: hci1: unexpected event for opcode 0x0000
[  461.130026][ T5881] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  461.204534][T10000] comedi comedi3: 8255: I/O port conflict (0x4f27,4)
[  461.240152][T10000] comedi comedi3: 8255: I/O port conflict (0x7,4)
[  461.251869][T10000] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  461.266353][T10000] comedi comedi3: 8255: I/O port conflict (0x16,4)
[  461.396200][   T30] audit: type=1400 audit(1760505846.044:1234): avc:  denied  { mount } for  pid=10003 comm="syz.4.1041" name="/" dev="cgroup" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  461.456249][T10000] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  461.462153][T10004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1039'.
[  461.463359][   T30] audit: type=1400 audit(1760505846.114:1235): avc:  denied  { unmount } for  pid=5820 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  461.474183][ T5881] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.492980][T10000] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  461.966650][T10000] comedi comedi3: 8255: I/O port conflict (0x100008,4)
[  462.010385][T10000] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  462.103757][ T5881] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  462.112852][ T5881] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  462.122233][T10000] comedi comedi3: 8255: I/O port conflict (0xa,4)
[  462.128955][T10000] comedi comedi3: 8255: I/O port conflict (0xfd,4)
[  462.149631][ T5881] usb 3-1: config 0 descriptor??
[  462.190550][T10000] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  462.216782][T10000] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  462.284452][T10000] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  462.291369][T10000] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  462.297919][T10000] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  462.305080][T10000] comedi comedi3: 8255: I/O port conflict (0x80009,4)
[  462.312350][T10000] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  462.326235][T10000] comedi comedi3: 8255: I/O port conflict (0x7f,4)
[  462.338528][T10000] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  462.351881][T10000] comedi comedi3: 8255: I/O port conflict (0x40000003,4)
[  462.359788][T10000] comedi comedi3: 8255: I/O port conflict (0x89,4)
[  462.374009][T10000] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  462.380797][T10000] comedi comedi3: 8255: I/O port conflict (0x20001e58,4)
[  462.388016][T10000] comedi comedi3: 8255: I/O port conflict (0xb,4)
[  462.398872][T10000] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  462.405598][T10000] comedi comedi3: 8255: I/O port conflict (0x995d000,4)
[  462.627821][ T5881] keytouch 0003:0926:3333.0017: fixing up Keytouch IEC report descriptor
[  462.666907][ T5881] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0017/input/input39
[  462.781107][ T5881] keytouch 0003:0926:3333.0017: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  462.817566][T10030] netlink: 'syz.1.1047': attribute type 1 has an invalid length.
[  462.827109][ T9994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.840610][ T9994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  462.871668][T10030] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1047'.
[  462.905971][ T9994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  462.934946][ T9994] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  463.004551][ T5182] udevd[5182]: worker [8579] terminated by signal 33 (Unknown signal 33)
[  463.014587][ T5182] udevd[5182]: worker [8579] failed while handling '/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.0017/hidraw/hidraw0'
[  463.050053][T10038] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  463.058200][   T30] audit: type=1400 audit(1760505847.694:1236): avc:  denied  { write } for  pid=10031 comm="syz.4.1049" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  463.083128][ T5812] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  463.083193][ T5812] Bluetooth: hci1: Injecting HCI hardware error event
[  463.084502][ T9070] Bluetooth: hci1: hardware error 0x00
[  463.129643][T10038] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  463.279678][ T5865] usb 3-1: USB disconnect, device number 44
[  464.274305][   T30] audit: type=1400 audit(1760505848.924:1237): avc:  denied  { write } for  pid=10059 comm="syz.2.1056" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  464.299020][   T30] audit: type=1400 audit(1760505848.944:1238): avc:  denied  { open } for  pid=10059 comm="syz.2.1056" path="/dev/autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  464.300665][T10060] netlink: 564 bytes leftover after parsing attributes in process `syz.2.1056'.
[  464.404976][T10062] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  464.420347][T10062] VFS: Can't find a romfs filesystem on dev nullb0.
[  464.420347][T10062] 
[  464.485582][   T30] audit: type=1400 audit(1760505849.124:1239): avc:  denied  { ioctl } for  pid=10059 comm="syz.2.1056" path="/dev/autofs" dev="devtmpfs" ino=98 ioctlcmd=0x937b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  464.775968][T10067] FAULT_INJECTION: forcing a failure.
[  464.775968][T10067] name failslab, interval 1, probability 0, space 0, times 0
[  464.789091][T10067] CPU: 1 UID: 0 PID: 10067 Comm: syz.4.1058 Not tainted syzkaller #0 PREEMPT(full) 
[  464.789116][T10067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  464.789127][T10067] Call Trace:
[  464.789134][T10067]  <TASK>
[  464.789140][T10067]  dump_stack_lvl+0x16c/0x1f0
[  464.789167][T10067]  should_fail_ex+0x512/0x640
[  464.789188][T10067]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  464.789215][T10067]  should_failslab+0xc2/0x120
[  464.789241][T10067]  __kvmalloc_node_noprof+0x141/0x9c0
[  464.789266][T10067]  ? bucket_table_alloc.isra.0+0x88/0x460
[  464.789292][T10067]  ? bucket_table_alloc.isra.0+0x88/0x460
[  464.789310][T10067]  bucket_table_alloc.isra.0+0x88/0x460
[  464.789332][T10067]  rhashtable_init_noprof+0x41a/0x7e0
[  464.789356][T10067]  rhltable_init_noprof+0x20/0x60
[  464.789376][T10067]  nf_tables_newtable+0xfa7/0x1b50
[  464.789408][T10067]  ? __pfx___nla_validate_parse+0x10/0x10
[  464.789437][T10067]  ? __pfx_nf_tables_newtable+0x10/0x10
[  464.789471][T10067]  ? __nla_parse+0x40/0x60
[  464.789500][T10067]  nfnetlink_rcv_batch+0x190d/0x2350
[  464.789544][T10067]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  464.789591][T10067]  ? avc_has_perm_noaudit+0x149/0x3b0
[  464.789638][T10067]  ? __nla_parse+0x40/0x60
[  464.789667][T10067]  nfnetlink_rcv+0x3c1/0x430
[  464.789684][T10067]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  464.789720][T10067]  netlink_unicast+0x5aa/0x870
[  464.789748][T10067]  ? __pfx_netlink_unicast+0x10/0x10
[  464.789782][T10067]  netlink_sendmsg+0x8c8/0xdd0
[  464.789810][T10067]  ? __pfx_netlink_sendmsg+0x10/0x10
[  464.789843][T10067]  ____sys_sendmsg+0xa98/0xc70
[  464.789874][T10067]  ? copy_msghdr_from_user+0x10a/0x160
[  464.789896][T10067]  ? __pfx_____sys_sendmsg+0x10/0x10
[  464.789934][T10067]  ___sys_sendmsg+0x134/0x1d0
[  464.789962][T10067]  ? __pfx____sys_sendmsg+0x10/0x10
[  464.789979][T10067]  ? __lock_acquire+0x622/0x1c90
[  464.790041][T10067]  __sys_sendmsg+0x16d/0x220
[  464.790064][T10067]  ? __pfx___sys_sendmsg+0x10/0x10
[  464.790107][T10067]  do_syscall_64+0xcd/0xfa0
[  464.790132][T10067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  464.790149][T10067] RIP: 0033:0x7f84e278eec9
[  464.790164][T10067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  464.790180][T10067] RSP: 002b:00007f84e36af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  464.790198][T10067] RAX: ffffffffffffffda RBX: 00007f84e29e5fa0 RCX: 00007f84e278eec9
[  464.790209][T10067] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  464.790219][T10067] RBP: 00007f84e36af090 R08: 0000000000000000 R09: 0000000000000000
[  464.790229][T10067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  464.790239][T10067] R13: 00007f84e29e6038 R14: 00007f84e29e5fa0 R15: 00007ffca5dca668
[  464.790265][T10067]  </TASK>
[  465.064661][    C1] vkms_vblank_simulate: vblank timer overrun
[  465.261685][T10070] ubi: mtd0 is already attached to ubi31
[  465.383718][ T9070] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  465.576768][T10073] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1059'.
[  465.610832][T10073] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  466.353232][   T30] audit: type=1400 audit(1760505850.584:1240): avc:  denied  { listen } for  pid=10079 comm="syz.4.1061" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  466.955887][   T30] audit: type=1400 audit(1760505851.554:1241): avc:  denied  { write } for  pid=10098 comm="syz.2.1067" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  467.267268][T10112] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3821099475 (7642198950 ns) > initial count (2842047336 ns). Using initial count to start timer.
[  467.291434][T10112] kvm: pic: non byte read
[  467.296374][T10112] kvm: pic: level sensitive irq not supported
[  467.296429][T10112] kvm: pic: non byte read
[  467.308915][T10112] kvm: pic: non byte read
[  467.313939][T10112] kvm: pic: single mode not supported
[  467.314003][T10112] kvm: pic: non byte read
[  467.325115][T10112] kvm: pic: non byte read
[  467.331053][T10112] kvm: pic: non byte read
[  467.336157][T10112] kvm: pic: non byte read
[  467.341325][T10112] kvm: pic: non byte read
[  468.047800][T10125] sp0: Synchronizing with TNC
[  468.074502][   T30] audit: type=1400 audit(1760505852.714:1242): avc:  denied  { bind } for  pid=10118 comm="syz.2.1073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  468.369772][ T5812] Bluetooth: hci4: command 0x0c1a tx timeout
[  468.395104][   T30] audit: type=1400 audit(1760505852.714:1243): avc:  denied  { name_bind } for  pid=10118 comm="syz.2.1073" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  468.436562][   T30] audit: type=1400 audit(1760505852.714:1244): avc:  denied  { node_bind } for  pid=10118 comm="syz.2.1073" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  468.457747][   T30] audit: type=1400 audit(1760505853.004:1245): avc:  denied  { mount } for  pid=10120 comm="syz.3.1074" name="/" dev="rpc_pipefs" ino=30305 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  468.630340][T10118] [U] è`
[  468.859556][   T30] audit: type=1400 audit(1760505853.504:1246): avc:  denied  { unmount } for  pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  469.060372][   T30] audit: type=1400 audit(1760505853.684:1247): avc:  denied  { accept } for  pid=10132 comm="syz.0.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=udp_socket permissive=1
[  469.100553][T10141] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1080'.
[  469.458131][T10147] netlink: 'syz.2.1083': attribute type 4 has an invalid length.
[  469.475824][T10147] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.1083'.
[  470.639751][T10160] ubi: mtd0 is already attached to ubi31
[  471.151653][   T30] audit: type=1400 audit(1760505855.804:1248): avc:  denied  { override_creds } for  pid=10167 comm="syz.0.1088" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  471.347180][T10171] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  471.732252][   T30] audit: type=1400 audit(1760505856.384:1249): avc:  denied  { listen } for  pid=10176 comm="syz.0.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  471.930087][   T30] audit: type=1400 audit(1760505856.404:1250): avc:  denied  { read } for  pid=10176 comm="syz.0.1092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  472.671937][T10192] tipc: Started in network mode
[  472.676812][T10192] tipc: Node identity 3af7a8404223, cluster identity 4711
[  472.694031][T10192] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  472.705137][T10192] syzkaller0: entered promiscuous mode
[  472.712675][T10192] syzkaller0: entered allmulticast mode
[  472.726315][T10192] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  472.813980][T10192] tipc: Resetting bearer <eth:syzkaller0>
[  472.823660][T10191] tipc: Resetting bearer <eth:syzkaller0>
[  472.841524][T10191] tipc: Disabling bearer <eth:syzkaller0>
[  473.971021][T10216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.001541][T10216] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.066262][T10220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.090374][T10220] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.156069][ T5881] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  474.340421][ T5881] usb 4-1: Using ep0 maxpacket: 8
[  474.515681][ T5881] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  474.526428][ T5881] usb 4-1: config 0 has no interface number 0
[  474.532750][ T5881] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  474.544527][ T5881] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  474.556249][ T5881] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  474.568893][ T5881] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  474.580019][ T5935] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  474.582197][ T5881] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  474.598504][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.613694][ T5881] usb 4-1: config 0 descriptor??
[  474.632143][ T5881] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  474.651372][T10228] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  474.660081][T10228] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  474.741376][ T5935] usb 3-1: config 0 interface 0 has no altsetting 0
[  474.748065][ T5935] usb 3-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=a9.d7
[  474.757287][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  474.769007][ T5935] usb 3-1: config 0 descriptor??
[  474.786893][ T5935] ftdi_sio 3-1:0.0: Ignoring interface reserved for JTAG
[  474.911707][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  474.911722][   T30] audit: type=1400 audit(1760505859.565:1275): avc:  denied  { write } for  pid=10213 comm="syz.3.1101" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  474.942226][   T30] audit: type=1400 audit(1760505859.565:1276): avc:  denied  { open } for  pid=10213 comm="syz.3.1101" path="/217/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  475.176946][T10214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  475.293110][T10239] ubi: mtd0 is already attached to ubi31
[  475.491989][T10214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  475.516901][ T9070] Bluetooth: hci3: unexpected event 0x08 length: 17 > 4
[  475.528406][   T30] audit: type=1400 audit(1760505860.175:1277): avc:  denied  { ioctl } for  pid=10213 comm="syz.3.1101" path="/217/file0/file0" dev="fuse" ino=64 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  475.561858][ T1206] usb 4-1: USB disconnect, device number 45
[  475.595298][ T5935] usb 3-1: USB disconnect, device number 45
[  475.600850][ T1206] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  475.845450][   T30] audit: type=1326 audit(1760505860.495:1278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.869845][   T30] audit: type=1326 audit(1760505860.495:1279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.894559][   T30] audit: type=1326 audit(1760505860.495:1280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.920230][   T30] audit: type=1326 audit(1760505860.495:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.944056][   T30] audit: type=1326 audit(1760505860.495:1282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.970105][   T30] audit: type=1326 audit(1760505860.505:1283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  475.996518][   T30] audit: type=1326 audit(1760505860.505:1284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10242 comm="syz.0.1112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x7ffc0000
[  476.291329][T10262] Unsupported ieee802154 address type: 0
[  476.329907][T10264] Unsupported ieee802154 address type: 0
[  476.500032][ T5881] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  476.671932][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.687548][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  476.697357][ T5881] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  476.710382][ T5881] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  476.719424][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.729098][ T5881] usb 4-1: config 0 descriptor??
[  477.295010][ T5881] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  477.495287][T10276] FAULT_INJECTION: forcing a failure.
[  477.495287][T10276] name failslab, interval 1, probability 0, space 0, times 0
[  477.508951][T10276] CPU: 0 UID: 0 PID: 10276 Comm: syz.2.1122 Not tainted syzkaller #0 PREEMPT(full) 
[  477.508976][T10276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  477.508986][T10276] Call Trace:
[  477.508992][T10276]  <TASK>
[  477.508999][T10276]  dump_stack_lvl+0x16c/0x1f0
[  477.509025][T10276]  should_fail_ex+0x512/0x640
[  477.509046][T10276]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  477.509071][T10276]  should_failslab+0xc2/0x120
[  477.509098][T10276]  kmem_cache_alloc_noprof+0x75/0x6e0
[  477.509118][T10276]  ? sk_prot_alloc+0x60/0x2a0
[  477.509148][T10276]  ? sk_prot_alloc+0x60/0x2a0
[  477.509169][T10276]  ? find_held_lock+0x2b/0x80
[  477.509184][T10276]  sk_prot_alloc+0x60/0x2a0
[  477.509210][T10276]  sk_alloc+0x36/0xc20
[  477.509231][T10276]  inet_create+0x3a1/0x1040
[  477.509251][T10276]  ? inet_create+0x93/0x1040
[  477.509273][T10276]  __sock_create+0x338/0x8d0
[  477.509305][T10276]  udp_sock_create4+0xa6/0x450
[  477.509331][T10276]  ? __pfx_udp_sock_create4+0x10/0x10
[  477.509357][T10276]  ? lockdep_hardirqs_on+0x7c/0x110
[  477.509379][T10276]  ? crng_make_state+0x48e/0x6d0
[  477.509401][T10276]  rxrpc_open_socket+0x4f5/0x6b0
[  477.509429][T10276]  ? __pfx_rxrpc_open_socket+0x10/0x10
[  477.509466][T10276]  ? __pfx_rxrpc_client_conn_reap_timeout+0x10/0x10
[  477.509494][T10276]  ? rcu_is_watching+0x12/0xc0
[  477.509516][T10276]  rxrpc_lookup_local+0xa01/0x1220
[  477.509548][T10276]  ? __pfx_rxrpc_lookup_local+0x10/0x10
[  477.509576][T10276]  ? __local_bh_enable_ip+0xa4/0x120
[  477.509597][T10276]  rxrpc_sendmsg+0x37e/0x680
[  477.509628][T10276]  ____sys_sendmsg+0xa98/0xc70
[  477.509661][T10276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  477.509699][T10276]  ___sys_sendmsg+0x134/0x1d0
[  477.509722][T10276]  ? __pfx____sys_sendmsg+0x10/0x10
[  477.509740][T10276]  ? __lock_acquire+0x622/0x1c90
[  477.509797][T10276]  __sys_sendmsg+0x16d/0x220
[  477.509819][T10276]  ? __pfx___sys_sendmsg+0x10/0x10
[  477.509858][T10276]  do_syscall_64+0xcd/0xfa0
[  477.509881][T10276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  477.509899][T10276] RIP: 0033:0x7fb8f9f8eec9
[  477.509913][T10276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  477.509934][T10276] RSP: 002b:00007fb8fade6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  477.509951][T10276] RAX: ffffffffffffffda RBX: 00007fb8fa1e5fa0 RCX: 00007fb8f9f8eec9
[  477.509962][T10276] RDX: 000000000000ff4c RSI: 0000200000000000 RDI: 0000000000000003
[  477.509972][T10276] RBP: 00007fb8fade6090 R08: 0000000000000000 R09: 0000000000000000
[  477.509981][T10276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  477.509991][T10276] R13: 00007fb8fa1e6038 R14: 00007fb8fa1e5fa0 R15: 00007ffed56f90f8
[  477.510017][T10276]  </TASK>
[  477.811465][    C1] plantronics 0003:047F:FFFF.0018: hid_field_extract() called with n (132) > 32! (kworker/u8:12)
[  477.923374][T10281] wg1: entered promiscuous mode
[  477.928365][T10281] wg1: entered allmulticast mode
[  477.976723][T10281] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.989482][T10281] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  478.340378][ T5935] usb 4-1: USB disconnect, device number 46
[  483.932631][T10319] : entered promiscuous mode
[  484.515569][ T9070] Bluetooth: hci2: unexpected event for opcode 0x0000
[  485.670067][ T5881] IPVS: starting estimator thread 0...
[  487.230951][T10334] IPVS: using max 44 ests per chain, 105600 per kthread
[  487.789033][T10353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  487.798596][T10353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  487.956738][T10358] overlayfs: failed to clone upperpath
[  488.199768][ T5935] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  488.362203][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  488.373511][ T5935] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  488.384045][ T5935] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  488.397666][ T5935] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  488.407368][ T5935] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.418530][ T5935] usb 3-1: config 0 descriptor??
[  488.433323][T10369] SQUASHFS error: Failed to read block 0x0: -5
[  488.440250][   T10] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  488.440873][T10369] unable to read squashfs_super_block
[  488.497141][ T1206] kernel write not supported for file /uhid (pid: 1206 comm: kworker/1:2)
[  488.520731][ T9070] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  488.530354][ T9070] Bluetooth: hci2: Injecting HCI hardware error event
[  488.538377][ T5812] Bluetooth: hci2: hardware error 0x00
[  488.828573][   T10] usb 4-1: config 0 interface 0 has no altsetting 0
[  488.845033][   T10] usb 4-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=a9.d7
[  488.855162][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  488.880449][   T10] usb 4-1: config 0 descriptor??
[  488.894708][   T10] ftdi_sio 4-1:0.0: Ignoring interface reserved for JTAG
[  488.904870][T10379] netlink: 'syz.0.1147': attribute type 8 has an invalid length.
[  489.077399][   T30] kauditd_printk_skb: 17 callbacks suppressed
[  489.077410][   T30] audit: type=1400 audit(1760505873.725:1302): avc:  denied  { read } for  pid=10373 comm="syz.1.1146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  489.190932][T10384] overlayfs: failed to clone lowerpath
[  490.077328][ T5935] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  490.281120][ T5935] usb 4-1: USB disconnect, device number 47
[  490.285937][ T5881] usb 3-1: USB disconnect, device number 46
[  490.366488][T10387] fido_id[10387]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  490.406358][T10391] netlink: 'syz.1.1150': attribute type 8 has an invalid length.
[  490.600021][ T5812] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  490.663303][T10394] can: request_module (can-proto-0) failed.
[  490.839698][T10399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.876980][T10399] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  491.079996][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1155'.
[  491.322855][ T1206] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  491.460016][ T1206] usb 4-1: device descriptor read/64, error -71
[  492.244799][ T1206] usb 4-1: new full-speed USB device number 49 using dummy_hcd
[  492.770237][T10418] sp0: Synchronizing with TNC
[  492.839261][ T1206] usb 4-1: device descriptor read/64, error -71
[  492.972727][T10427] fuse: Bad value for 'fd'
[  493.017702][ T1206] usb usb4-port1: attempt power cycle
[  493.471506][T10429] netlink: 'syz.1.1161': attribute type 8 has an invalid length.
[  493.720509][ T1206] usb 4-1: new full-speed USB device number 50 using dummy_hcd
[  493.761205][T10439] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  493.770370][T10439] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  493.801121][ T1206] usb 4-1: device descriptor read/8, error -71
[  494.008260][T10444] Bluetooth: MGMT ver 1.23
[  494.014132][    T9] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  494.050077][ T1206] usb 4-1: new full-speed USB device number 51 using dummy_hcd
[  494.130425][ T1206] usb 4-1: device descriptor read/8, error -71
[  494.240257][ T1206] usb usb4-port1: unable to enumerate USB device
[  494.252155][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.263465][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.273595][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  494.302521][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  494.316247][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.331565][    T9] usb 3-1: config 0 descriptor??
[  494.657533][T10454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  494.668032][T10454] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  495.343304][    T9] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  495.677105][T10464] netlink: 'syz.3.1172': attribute type 8 has an invalid length.
[  496.362607][    T9] usb 3-1: USB disconnect, device number 47
[  496.694728][T10474] tmpfs: Unknown parameter ''
[  496.695210][   T30] audit: type=1400 audit(1760505881.345:1303): avc:  denied  { mounton } for  pid=10473 comm="syz.1.1175" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=178 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  496.725018][T10475] tmpfs: Unknown parameter ''
[  496.769062][T10477] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1176'.
[  496.799103][   T30] audit: type=1400 audit(1760505881.445:1304): avc:  denied  { bind } for  pid=10476 comm="syz.0.1176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  496.869592][ T5881] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  497.101705][ T5881] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  497.112686][ T5881] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  497.122483][ T5881] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  497.142510][ T5881] usb 4-1: config 0 descriptor??
[  497.768354][ T5881] keytouch 0003:0926:3333.001B: fixing up Keytouch IEC report descriptor
[  497.840151][ T5881] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001B/input/input43
[  497.972201][ T5881] keytouch 0003:0926:3333.001B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  497.985287][T10472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.071935][T10472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.097447][T10502] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.144060][T10502] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  498.623171][T10472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  498.635483][T10472] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  500.378472][   T10] usb 4-1: USB disconnect, device number 52
[  500.463391][T10520] input: syz0 as /devices/virtual/input/input44
[  500.513813][T10521] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  500.525043][T10521] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  500.923021][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  502.183342][T10536] ip6t_rpfilter: unknown options
[  502.515954][T10548] netlink: 'syz.1.1198': attribute type 1 has an invalid length.
[  502.525585][T10548] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1198'.
[  503.097032][T10552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1197'.
[  503.203573][   T30] audit: type=1400 audit(1760505887.845:1305): avc:  denied  { mount } for  pid=10556 comm="syz.1.1199" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[  503.225269][    C0] vkms_vblank_simulate: vblank timer overrun
[  503.548742][T10566] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  503.725102][T10566] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  505.009121][T10584] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1206'.
[  505.218188][   T30] audit: type=1400 audit(1760505889.865:1306): avc:  denied  { write } for  pid=10588 comm="syz.1.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  505.289512][T10593] ubi: mtd0 is already attached to ubi31
[  505.602552][   T30] audit: type=1400 audit(1760505890.255:1307): avc:  denied  { mount } for  pid=10594 comm="syz.3.1210" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  505.772483][T10601] lo speed is unknown, defaulting to 1000
[  505.922248][    T9] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  506.902930][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.912349][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.925099][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.933967][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  506.943343][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  506.952096][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.413170][T10626] batadv_slave_1: entered promiscuous mode
[  507.419771][   T30] audit: type=1400 audit(1760505892.065:1308): avc:  denied  { ioctl } for  pid=10625 comm="syz.0.1220" path="socket:[33103]" dev="sockfs" ino=33103 ioctlcmd=0x5522 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  507.442083][T10625] batadv_slave_1: left promiscuous mode
[  507.658750][T10639] veth0_to_bridge: entered promiscuous mode
[  507.707347][   T30] audit: type=1400 audit(1760505892.355:1309): avc:  denied  { mount } for  pid=10635 comm="syz.2.1225" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  508.108902][T10645] pim6reg: entered allmulticast mode
[  508.674758][T10655] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  510.037968][T10669] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  510.150809][   T30] audit: type=1400 audit(1760505894.745:1310): avc:  denied  { ioctl } for  pid=10663 comm="syz.1.1233" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 ioctlcmd=0x3ba0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  511.668653][T10692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1240'.
[  512.158746][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1242'.
[  512.177211][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1242'.
[  512.631064][   T10] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  512.814605][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  512.853618][T10718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  512.863862][   T10] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  512.873494][T10718] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  512.881549][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  512.893657][   T10] usb 4-1: config 0 descriptor??
[  513.729184][   T10] keytouch 0003:0926:3333.001C: fixing up Keytouch IEC report descriptor
[  513.777211][   T10] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.001C/input/input46
[  513.981010][T10711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.044282][T10739] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  514.052605][T10739] VFS: Can't find a romfs filesystem on dev nullb0.
[  514.052605][T10739] 
[  514.064069][T10739] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  514.288844][T10741] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  514.295995][T10741] VFS: Can't find a romfs filesystem on dev nullb0.
[  514.295995][T10741] 
[  514.340915][T10711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.371533][T10711] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.373330][   T10] keytouch 0003:0926:3333.001C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0
[  514.385724][T10711] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.932982][ T1206] usb 4-1: USB disconnect, device number 54
[  515.583262][T10756] comedi comedi3: aio_iiro_16: I/O port conflict (0x4f27,8)
[  516.157529][T10762] lo speed is unknown, defaulting to 1000
[  516.159706][T10764] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1259'.
[  516.404420][T10764] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  518.820054][T10812] FAULT_INJECTION: forcing a failure.
[  518.820054][T10812] name failslab, interval 1, probability 0, space 0, times 0
[  518.842713][T10814] binder: 10813:10814 ioctl 4018620d 0 returned -22
[  518.944004][T10812] CPU: 0 UID: 0 PID: 10812 Comm: syz.2.1270 Not tainted syzkaller #0 PREEMPT(full) 
[  518.944029][T10812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  518.944040][T10812] Call Trace:
[  518.944046][T10812]  <TASK>
[  518.944053][T10812]  dump_stack_lvl+0x16c/0x1f0
[  518.944079][T10812]  should_fail_ex+0x512/0x640
[  518.944100][T10812]  ? fs_reclaim_acquire+0xae/0x150
[  518.944128][T10812]  should_failslab+0xc2/0x120
[  518.944154][T10812]  __kmalloc_noprof+0xdd/0x880
[  518.944173][T10812]  ? tomoyo_encode2+0x100/0x3e0
[  518.944202][T10812]  ? tomoyo_encode2+0x100/0x3e0
[  518.944223][T10812]  tomoyo_encode2+0x100/0x3e0
[  518.944252][T10812]  tomoyo_encode+0x29/0x50
[  518.944274][T10812]  tomoyo_realpath_from_path+0x18f/0x6e0
[  518.944307][T10812]  tomoyo_path_number_perm+0x245/0x580
[  518.944326][T10812]  ? tomoyo_path_number_perm+0x237/0x580
[  518.944350][T10812]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  518.944377][T10812]  ? find_held_lock+0x2b/0x80
[  518.944419][T10812]  ? find_held_lock+0x2b/0x80
[  518.944434][T10812]  ? hook_file_ioctl_common+0x145/0x410
[  518.944457][T10812]  ? __fget_files+0x20e/0x3c0
[  518.944484][T10812]  security_file_ioctl+0x9b/0x240
[  518.944511][T10812]  __x64_sys_ioctl+0xb7/0x210
[  518.944532][T10812]  do_syscall_64+0xcd/0xfa0
[  518.944554][T10812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  518.944572][T10812] RIP: 0033:0x7fb8f9f8eec9
[  518.944586][T10812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  518.944603][T10812] RSP: 002b:00007fb8fade6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  518.944621][T10812] RAX: ffffffffffffffda RBX: 00007fb8fa1e5fa0 RCX: 00007fb8f9f8eec9
[  518.944632][T10812] RDX: 0000200000000380 RSI: 00000000000007a4 RDI: 0000000000000003
[  518.944643][T10812] RBP: 00007fb8fade6090 R08: 0000000000000000 R09: 0000000000000000
[  518.944653][T10812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  518.944664][T10812] R13: 00007fb8fa1e6038 R14: 00007fb8fa1e5fa0 R15: 00007ffed56f90f8
[  518.944691][T10812]  </TASK>
[  518.944723][T10812] ERROR: Out of memory at tomoyo_realpath_from_path.
[  519.217252][T10816] Error: Driver 'c6xdigio' is already registered, aborting...
[  519.231310][T10816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1271'.
[  519.798091][   T30] audit: type=1400 audit(1760505904.435:1311): avc:  denied  { ioctl } for  pid=10822 comm="syz.1.1274" path="socket:[33528]" dev="sockfs" ino=33528 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  522.087720][T10846] netlink: 'syz.3.1279': attribute type 64 has an invalid length.
[  522.095586][T10846] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1279'.
[  522.404286][T10852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  522.414458][T10852] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  522.433548][   T30] audit: type=1400 audit(1760505907.085:1312): avc:  denied  { setopt } for  pid=10850 comm="syz.4.1282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  523.312253][T10865] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  523.323679][T10865] VFS: Can't find a romfs filesystem on dev nullb0.
[  523.323679][T10865] 
[  523.337870][T10865] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  525.121143][T10892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.131057][T10892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.143588][T10892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.153496][T10892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.667531][   T30] audit: type=1400 audit(1760505910.095:1313): avc:  denied  { append } for  pid=10883 comm="syz.2.1290" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  525.695218][T10888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  525.703766][T10888] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  525.725926][   T30] audit: type=1400 audit(1760505910.305:1314): avc:  denied  { map } for  pid=10883 comm="syz.2.1290" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  525.750478][   T30] audit: type=1400 audit(1760505910.305:1315): avc:  denied  { write execute } for  pid=10883 comm="syz.2.1290" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  525.899973][   T10] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  526.049982][   T10] usb 3-1: Using ep0 maxpacket: 32
[  526.058829][   T10] usb 3-1: config 0 has an invalid interface number: 239 but max is 0
[  526.076603][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  526.087489][   T10] usb 3-1: config 0 has no interface number 0
[  526.093824][   T10] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x2 has invalid maxpacket 8
[  526.104725][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  526.134358][   T10] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xA9, changing to 0x89
[  526.167437][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x89 has invalid maxpacket 28648, setting to 1024
[  526.183246][   T10] usb 3-1: config 0 interface 239 altsetting 4 bulk endpoint 0x89 has invalid maxpacket 1024
[  526.203614][   T10] usb 3-1: config 0 interface 239 altsetting 4 has an endpoint descriptor with address 0xD5, changing to 0x85
[  526.231278][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  526.293505][   T10] usb 3-1: config 0 interface 239 altsetting 4 endpoint 0x85 has invalid wMaxPacketSize 0
[  526.376663][   T10] usb 3-1: config 0 interface 239 has no altsetting 0
[  526.386722][   T30] audit: type=1400 audit(1760505911.035:1316): avc:  denied  { connect } for  pid=10908 comm="syz.0.1300" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  526.482480][ T5927] IPVS: starting estimator thread 0...
[  526.503806][   T10] usb 3-1: New USB device found, idVendor=105b, idProduct=1799, bcdDevice=36.e9
[  526.512953][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  526.523559][   T10] usb 3-1: Product: syz
[  526.527768][   T10] usb 3-1: Manufacturer: syz
[  526.532983][   T10] usb 3-1: SerialNumber: syz
[  526.546513][   T10] usb 3-1: config 0 descriptor??
[  526.610063][T10912] IPVS: using max 76 ests per chain, 182400 per kthread
[  526.619137][T10891] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  526.859102][T10891] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22
[  526.893769][ T5812] Bluetooth: hci5: urb ffff888041dac500 submission failed (90)
[  527.561416][T10934] fuse: Bad value for 'user_id'
[  527.566288][T10934] fuse: Bad value for 'user_id'
[  527.730011][   T30] audit: type=1400 audit(1760505912.335:1317): avc:  denied  { ioctl } for  pid=10939 comm="syz.4.1310" path="socket:[34111]" dev="sockfs" ino=34111 ioctlcmd=0x8904 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  527.983515][T10946] overlayfs: failed to clone upperpath
[  528.111811][   T10] usb 3-1: USB disconnect, device number 48
[  528.261610][T10950] FAULT_INJECTION: forcing a failure.
[  528.261610][T10950] name failslab, interval 1, probability 0, space 0, times 0
[  528.274761][T10950] CPU: 0 UID: 0 PID: 10950 Comm: syz.4.1314 Not tainted syzkaller #0 PREEMPT(full) 
[  528.274783][T10950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  528.274794][T10950] Call Trace:
[  528.274800][T10950]  <TASK>
[  528.274807][T10950]  dump_stack_lvl+0x16c/0x1f0
[  528.274831][T10950]  should_fail_ex+0x512/0x640
[  528.274852][T10950]  ? fs_reclaim_acquire+0xae/0x150
[  528.274880][T10950]  should_failslab+0xc2/0x120
[  528.274906][T10950]  __kmalloc_noprof+0xdd/0x880
[  528.274925][T10950]  ? tomoyo_encode2+0x100/0x3e0
[  528.274954][T10950]  ? tomoyo_encode2+0x100/0x3e0
[  528.274977][T10950]  tomoyo_encode2+0x100/0x3e0
[  528.275005][T10950]  tomoyo_encode+0x29/0x50
[  528.275028][T10950]  tomoyo_realpath_from_path+0x18f/0x6e0
[  528.275056][T10950]  ? tomoyo_profile+0x47/0x60
[  528.275091][T10950]  tomoyo_path_number_perm+0x245/0x580
[  528.275112][T10950]  ? tomoyo_path_number_perm+0x237/0x580
[  528.275135][T10950]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  528.275187][T10950]  ? hook_file_ioctl_common+0x145/0x410
[  528.275207][T10950]  ? __rcu_read_unlock+0x2bc/0x550
[  528.275234][T10950]  ? __fget_files+0x20e/0x3c0
[  528.275263][T10950]  security_file_ioctl+0x9b/0x240
[  528.275289][T10950]  __x64_sys_ioctl+0xb7/0x210
[  528.275310][T10950]  do_syscall_64+0xcd/0xfa0
[  528.275333][T10950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  528.275352][T10950] RIP: 0033:0x7f84e278eec9
[  528.275366][T10950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  528.275383][T10950] RSP: 002b:00007f84e368e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  528.275400][T10950] RAX: ffffffffffffffda RBX: 00007f84e29e6090 RCX: 00007f84e278eec9
[  528.275412][T10950] RDX: 0000200000000080 RSI: 000000008030ae7c RDI: 0000000000000009
[  528.275423][T10950] RBP: 00007f84e368e090 R08: 0000000000000000 R09: 0000000000000000
[  528.275433][T10950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  528.275443][T10950] R13: 00007f84e29e6128 R14: 00007f84e29e6090 R15: 00007ffca5dca668
[  528.275470][T10950]  </TASK>
[  528.275553][T10950] ERROR: Out of memory at tomoyo_realpath_from_path.
[  532.390142][   T30] audit: type=1400 audit(1760505917.025:1318): avc:  denied  { bind } for  pid=10979 comm="syz.0.1323" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  532.888659][T10989] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10989 comm=syz.0.1326
[  533.130621][T11001] random: crng reseeded on system resumption
[  533.176184][   T30] audit: type=1400 audit(1760505917.775:1319): avc:  denied  { write } for  pid=10991 comm="syz.3.1327" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  533.250007][   T30] audit: type=1400 audit(1760505917.785:1320): avc:  denied  { open } for  pid=10991 comm="syz.3.1327" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  533.910108][ T5881] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  534.077893][ T5881] usb 3-1: config 0 has an invalid interface number: 117 but max is 0
[  534.099868][ T5881] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  534.179973][ T5881] usb 3-1: config 0 has no interface number 0
[  534.186098][ T5881] usb 3-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  534.226475][ T5881] usb 3-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  534.266561][ T5881] usb 3-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  534.291938][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  534.313735][ T5881] usb 3-1: Product: syz
[  534.327935][ T5881] usb 3-1: Manufacturer: syz
[  534.357310][ T5881] usb 3-1: SerialNumber: syz
[  534.384090][ T5881] usb 3-1: config 0 descriptor??
[  535.024491][ T5881] usb 3-1: USB disconnect, device number 49
[  535.771543][T11041] netlink: 'syz.4.1343': attribute type 1 has an invalid length.
[  535.779347][   T30] audit: type=1400 audit(1760505920.425:1321): avc:  denied  { write } for  pid=11040 comm="syz.4.1343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  535.897376][T11047] bond2: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  535.921650][T11047] bond2: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  535.932083][T11047] bond2: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  537.221622][T11082] input: syz1 as /devices/virtual/input/input48
[  537.291475][ T5935] IPVS: starting estimator thread 0...
[  537.381020][T11084] IPVS: using max 76 ests per chain, 182400 per kthread
[  537.456781][T11090] fuse: Bad value for 'fd'
[  537.838599][T11102] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  537.851995][T11102] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.364666][T11103] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1358'.
[  538.830185][T11117] IPVS: set_ctl: invalid protocol: 59 172.20.20.55:20002
[  538.911662][T11123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  538.938469][T11123] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  539.155586][T11135] SELinux:  policydb magic number 0xd3064388 does not match expected magic number 0xf97cff8c
[  539.166106][T11135] SELinux: failed to load policy
[  539.171632][   T30] audit: type=1400 audit(1760505923.805:1322): avc:  denied  { map } for  pid=11131 comm="syz.1.1367" path="/dev/video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  539.235702][   T30] audit: type=1400 audit(1760505923.805:1323): avc:  denied  { execute } for  pid=11131 comm="syz.1.1367" path="/dev/video1" dev="devtmpfs" ino=931 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  539.276224][T11138] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1368'.
[  539.277908][   T30] audit: type=1400 audit(1760505923.805:1324): avc:  denied  { load_policy } for  pid=11131 comm="syz.1.1367" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  539.557712][T11142] netlink: 156 bytes leftover after parsing attributes in process `syz.1.1369'.
[  540.373117][T11154] ALSA: mixer_oss: invalid OSS volume ''
[  540.390002][ T5935] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  540.562945][ T5935] usb 4-1: config 0 interface 0 has no altsetting 0
[  540.579745][ T5935] usb 4-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=a9.d7
[  540.592033][ T5935] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.634026][ T5935] usb 4-1: config 0 descriptor??
[  540.715434][ T5935] ftdi_sio 4-1:0.0: Ignoring interface reserved for JTAG
[  540.795963][T11164] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1377'.
[  541.019027][ T5935] usb 4-1: USB disconnect, device number 55
[  541.652521][T11179] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  541.661412][T11179] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  541.725890][T11170] syz.4.1378 (11170) used greatest stack depth: 19224 bytes left
[  541.870729][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1383'.
[  541.879648][T11184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1383'.
[  542.090302][T11169] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1379'.
[  542.602434][   T30] audit: type=1400 audit(1760505927.245:1325): avc:  denied  { map } for  pid=11188 comm="syz.2.1385" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  543.475985][T11194] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  543.487952][T11194] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  543.701934][T11198] netlink: 'syz.2.1386': attribute type 7 has an invalid length.
[  543.825170][T11200] netlink: 'syz.2.1386': attribute type 8 has an invalid length.
[  543.920213][ T5881] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  544.072302][ T5881] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  544.082546][ T5881] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  544.148849][ T5881] usb 4-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  544.158368][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.167518][ T5881] usb 4-1: Product: syz
[  544.172064][ T5881] usb 4-1: Manufacturer: syz
[  544.176775][ T5881] usb 4-1: SerialNumber: syz
[  544.188765][ T5881] usb 4-1: config 0 descriptor??
[  544.194753][T11196] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  544.202587][T11196] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  544.416615][T11196] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  544.429878][T11196] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22
[  544.481865][T11225] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1390'.
[  544.511599][T11198] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  544.519734][T11198] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  544.531745][T11198] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  544.545108][T11198] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  544.567175][T11198] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  544.579858][T11198] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  544.881754][T11196] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  544.923850][T11196] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  545.251819][T11247] Invalid ELF header type: 3 != 1
[  545.669481][ T5881] Error reading MAC address
[  545.707281][ T5881] usb 4-1: USB disconnect, device number 56
[  546.678182][   T30] audit: type=1400 audit(1760505931.045:1326): avc:  denied  { read } for  pid=11264 comm="syz.4.1396" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  547.044783][T11273] kAFS: unable to lookup cell '/'
[  547.514992][T11283] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  547.523547][T11283] VFS: Can't find a romfs filesystem on dev nullb0.
[  547.523547][T11283] 
[  548.662479][T11312] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  549.160500][T11316] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«=
[  549.190456][T11315] [U] J"—e:ÀÆ"


[  549.461257][   T30] audit: type=1400 audit(1760505934.105:1327): avc:  denied  { mount } for  pid=11322 comm="syz.2.1406" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  549.475928][T11324] pimreg: entered allmulticast mode
[  549.656429][   T30] audit: type=1400 audit(1760505934.305:1328): avc:  denied  { nlmsg_read } for  pid=11327 comm="syz.3.1408" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  549.656520][T11329] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1408'.
[  550.366307][T11322] pimreg: left allmulticast mode
[  550.431107][ T5881] libceph: connect (1)[c::]:6789 error -101
[  550.438314][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  550.527681][T11355] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1409'.
[  550.701123][ T5881] libceph: connect (1)[c::]:6789 error -101
[  550.707190][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  551.243123][ T5881] libceph: connect (1)[c::]:6789 error -101
[  551.653003][ T5881] libceph: mon0 (1)[c::]:6789 connect error
[  551.668224][T11348] ceph: No mds server is up or the cluster is laggy
[  552.329958][ T5935] usb 3-1: new full-speed USB device number 50 using dummy_hcd
[  552.343813][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.355143][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.368622][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.411005][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.464092][T11405] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.500558][T11405] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.525217][T11409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  552.536073][T11409] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  552.566052][ T5935] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  552.575041][ T5935] usb 3-1: config 1 has no interface number 0
[  552.583484][ T5935] usb 3-1: config 1 interface 105 has no altsetting 0
[  552.641895][ T5935] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=31.6d
[  552.651105][ T5935] usb 3-1: New USB device strings: Mfr=107, Product=102, SerialNumber=146
[  552.683956][ T5935] usb 3-1: Product: syz
[  553.506215][ T5935] usb 3-1: Manufacturer: syz
[  553.564288][ T5935] usb 3-1: SerialNumber: syz
[  554.381898][T11418] netlink: 'syz.4.1429': attribute type 4 has an invalid length.
[  555.565006][   T30] audit: type=1400 audit(1760505940.215:1329): avc:  denied  { getopt } for  pid=11425 comm="syz.3.1432" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  555.596527][T11424] siw: device registration error -23
[  556.167161][T11442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1434'.
[  556.179782][T11441] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1434'.
[  556.192709][T11442] bridge_slave_1: left allmulticast mode
[  556.199658][T11442] bridge_slave_1: left promiscuous mode
[  556.208729][ T5935] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x20) reg index 0x0000: -71
[  556.220897][T11442] bridge0: port 2(bridge_slave_1) entered disabled state
[  556.251090][ T5935] aqc111 3-1:1.105: probe with driver aqc111 failed with error -71
[  556.291599][T11442] bridge_slave_0: left allmulticast mode
[  556.301799][ T5935] usb 3-1: USB disconnect, device number 50
[  556.304081][T11442] bridge_slave_0: left promiscuous mode
[  556.322916][   T30] audit: type=1400 audit(1760505940.965:1330): avc:  denied  { accept } for  pid=11444 comm="syz.2.1435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  556.344158][T11442] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.038753][T11451] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1436'.
[  557.881273][T11477] IPVS: length: 24 != 8
[  558.119099][T11486] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1450'.
[  558.156095][T11489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  558.171468][T11489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  558.304591][T11489] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  558.340229][T11489] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  558.780235][    T9] usb 3-1: new high-speed USB device number 51 using dummy_hcd
[  558.895284][T11509] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1456'.
[  558.965055][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  558.976098][    T9] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  558.985226][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.338053][    T9] usb 3-1: config 0 descriptor??
[  559.889094][T11522] serio: Serial port pty27
[  559.924494][   T30] audit: type=1400 audit(1760505944.575:1331): avc:  denied  { create } for  pid=11523 comm="syz.0.1461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  560.055338][    T9] keytouch 0003:0926:3333.001D: fixing up Keytouch IEC report descriptor
[  560.546881][T11529] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  560.555800][    T9] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.001D/input/input49
[  560.560244][T11529] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  560.616588][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  560.628223][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  561.017581][    T9] keytouch 0003:0926:3333.001D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0
[  561.090786][    T9] usb 3-1: USB disconnect, device number 51
[  561.200922][T11537] fido_id[11537]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory
[  561.382679][   T30] audit: type=1400 audit(1760505945.965:1332): avc:  denied  { unmount } for  pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  562.415378][    T9] hid-generic 0000:0000:0000.001E: unknown main item tag 0x0
[  562.460367][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  562.515287][    T9] hid-generic 0000:0000:0000.001E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  562.674327][T11561] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1472'.
[  564.575703][T11583] fuse: Invalid rootmode
[  564.794048][T11588] block nbd3: NBD_DISCONNECT
[  564.800578][T11588] block nbd3: Send disconnect failed -32
[  565.183634][T11602] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  565.190791][T11602] VFS: Can't find a romfs filesystem on dev nullb0.
[  565.190791][T11602] 
[  565.557968][   T30] audit: type=1326 audit(1760505950.205:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11600 comm="syz.0.1484" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6c7358eec9 code=0x0
[  565.665717][T11603] TCP: TCP_TX_DELAY enabled
[  567.772237][T11582] block nbd3: Disconnected due to user request.
[  567.801167][T11582] block nbd3: shutting down sockets
[  568.290642][T11641] random: crng reseeded on system resumption
[  568.734597][   T30] audit: type=1400 audit(1760505952.935:1334): avc:  denied  { read append } for  pid=11636 comm="syz.1.1495" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  568.838254][   T30] audit: type=1400 audit(1760505952.935:1335): avc:  denied  { ioctl } for  pid=11636 comm="syz.1.1495" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  569.205499][T11649] comedi comedi3: aio_iiro_16: I/O port conflict (0x4f27,8)
[  570.120131][ T5874] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  570.269927][ T5874] usb 4-1: Using ep0 maxpacket: 32
[  570.280431][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  570.308741][ T5874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  570.330759][ T5874] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  570.370000][ T5874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.413844][ T5874] usb 4-1: config 0 descriptor??
[  570.836564][ T5874] ft260 0003:0403:6030.001F: unknown main item tag 0x7
[  571.002410][T11679] ubi: mtd0 is already attached to ubi31
[  571.086643][ T5874] ft260 0003:0403:6030.001F: chip code: 6424 8183
[  571.234623][ T5874] ft260 0003:0403:6030.001F: failed to retrieve system status
[  571.242845][ T5874] ft260 0003:0403:6030.001F: probe with driver ft260 failed with error -5
[  572.437400][T11693] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1513'.
[  572.505349][T11698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.370905][T11698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.397109][T11698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  573.412168][T11698] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  573.497270][T11702] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1515'.
[  573.560453][ T5935] usb 4-1: USB disconnect, device number 57
[  575.687994][T11731] fuse: Bad value for 'fd'
[  576.593186][T11738] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  576.602084][T11738] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  576.930923][T11745] ubi: mtd0 is already attached to ubi31
[  577.945183][T11756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.954338][T11756] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.659827][T11767] netlink: 'syz.1.1536': attribute type 1 has an invalid length.
[  578.667967][T11767] netlink: 244 bytes leftover after parsing attributes in process `syz.1.1536'.
[  578.691167][T11767] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  578.827337][T11770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.836164][T11770] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  580.372483][T11787] FAULT_INJECTION: forcing a failure.
[  580.372483][T11787] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  580.385801][T11787] CPU: 0 UID: 0 PID: 11787 Comm: syz.4.1542 Not tainted syzkaller #0 PREEMPT(full) 
[  580.385824][T11787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  580.385833][T11787] Call Trace:
[  580.385839][T11787]  <TASK>
[  580.385850][T11787]  dump_stack_lvl+0x16c/0x1f0
[  580.385874][T11787]  should_fail_ex+0x512/0x640
[  580.385898][T11787]  _copy_from_iter+0x29f/0x1720
[  580.385922][T11787]  ? __lock_acquire+0x622/0x1c90
[  580.385941][T11787]  ? __pfx__copy_from_iter+0x10/0x10
[  580.385954][T11787]  ? __lock_acquire+0x622/0x1c90
[  580.385973][T11787]  copy_page_from_iter+0xde/0x180
[  580.385988][T11787]  tun_build_skb.constprop.0+0x2e8/0x1510
[  580.386009][T11787]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  580.386023][T11787]  ? unwind_get_return_address+0x59/0xa0
[  580.386044][T11787]  ? find_held_lock+0x2b/0x80
[  580.386057][T11787]  ? avc_has_perm_noaudit+0x149/0x3b0
[  580.386072][T11787]  tun_get_user+0x149c/0x3cc0
[  580.386093][T11787]  ? __pfx_tun_get_user+0x10/0x10
[  580.386109][T11787]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  580.386127][T11787]  ? find_held_lock+0x2b/0x80
[  580.386137][T11787]  ? tun_get+0x191/0x370
[  580.386154][T11787]  tun_chr_write_iter+0xdc/0x210
[  580.386170][T11787]  vfs_write+0x7d3/0x11d0
[  580.386184][T11787]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  580.386200][T11787]  ? __pfx_vfs_write+0x10/0x10
[  580.386212][T11787]  ? find_held_lock+0x2b/0x80
[  580.386230][T11787]  ksys_write+0x12a/0x250
[  580.386243][T11787]  ? __pfx_ksys_write+0x10/0x10
[  580.386260][T11787]  do_syscall_64+0xcd/0xfa0
[  580.386275][T11787]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.386285][T11787] RIP: 0033:0x7f84e278d97f
[  580.386294][T11787] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  580.386305][T11787] RSP: 002b:00007f84e36af000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  580.386315][T11787] RAX: ffffffffffffffda RBX: 00007f84e29e5fa0 RCX: 00007f84e278d97f
[  580.386322][T11787] RDX: 000000000000004a RSI: 00002000000005c0 RDI: 00000000000000c8
[  580.386329][T11787] RBP: 00007f84e36af090 R08: 0000000000000000 R09: 0000000000000000
[  580.386336][T11787] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[  580.386342][T11787] R13: 00007f84e29e6038 R14: 00007f84e29e5fa0 R15: 00007ffca5dca668
[  580.386356][T11787]  </TASK>
[  581.503009][T11803] FAULT_INJECTION: forcing a failure.
[  581.503009][T11803] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  581.516226][T11803] CPU: 1 UID: 0 PID: 11803 Comm: syz.3.1546 Not tainted syzkaller #0 PREEMPT(full) 
[  581.516249][T11803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  581.516259][T11803] Call Trace:
[  581.516266][T11803]  <TASK>
[  581.516273][T11803]  dump_stack_lvl+0x16c/0x1f0
[  581.516298][T11803]  should_fail_ex+0x512/0x640
[  581.516324][T11803]  _copy_from_user+0x2e/0xd0
[  581.516347][T11803]  __sys_bpf+0x248/0x4980
[  581.516368][T11803]  ? irqentry_exit+0x3b/0x90
[  581.516387][T11803]  ? lockdep_hardirqs_on+0x7c/0x110
[  581.516410][T11803]  ? __pfx___sys_bpf+0x10/0x10
[  581.516429][T11803]  ? find_held_lock+0x2b/0x80
[  581.516452][T11803]  ? find_held_lock+0x2b/0x80
[  581.516475][T11803]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  581.516512][T11803]  ? fput+0x9b/0xd0
[  581.516528][T11803]  ? ksys_write+0x1ac/0x250
[  581.516549][T11803]  ? __pfx_ksys_write+0x10/0x10
[  581.516574][T11803]  __x64_sys_bpf+0x78/0xc0
[  581.516594][T11803]  ? lockdep_hardirqs_on+0x7c/0x110
[  581.516614][T11803]  do_syscall_64+0xcd/0xfa0
[  581.516643][T11803]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  581.516662][T11803] RIP: 0033:0x7fee3178eec9
[  581.516676][T11803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  581.516693][T11803] RSP: 002b:00007fee325b0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  581.516710][T11803] RAX: ffffffffffffffda RBX: 00007fee319e6180 RCX: 00007fee3178eec9
[  581.516722][T11803] RDX: 0000000000000020 RSI: 0000200000000280 RDI: 0000000000000008
[  581.516732][T11803] RBP: 00007fee325b0090 R08: 0000000000000000 R09: 0000000000000000
[  581.516742][T11803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.516752][T11803] R13: 00007fee319e6218 R14: 00007fee319e6180 R15: 00007fff706d8ad8
[  581.516778][T11803]  </TASK>
[  582.917101][T11811] FAULT_INJECTION: forcing a failure.
[  582.917101][T11811] name failslab, interval 1, probability 0, space 0, times 0
[  582.929963][T11811] CPU: 0 UID: 0 PID: 11811 Comm: syz.3.1550 Not tainted syzkaller #0 PREEMPT(full) 
[  582.929978][T11811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  582.929985][T11811] Call Trace:
[  582.929989][T11811]  <TASK>
[  582.929993][T11811]  dump_stack_lvl+0x16c/0x1f0
[  582.930009][T11811]  should_fail_ex+0x512/0x640
[  582.930022][T11811]  ? fs_reclaim_acquire+0xae/0x150
[  582.930040][T11811]  should_failslab+0xc2/0x120
[  582.930056][T11811]  __kmalloc_noprof+0xdd/0x880
[  582.930068][T11811]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  582.930086][T11811]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  582.930100][T11811]  tomoyo_realpath_from_path+0xc2/0x6e0
[  582.930117][T11811]  ? tomoyo_profile+0x47/0x60
[  582.930135][T11811]  tomoyo_path_number_perm+0x245/0x580
[  582.930147][T11811]  ? tomoyo_path_number_perm+0x237/0x580
[  582.930161][T11811]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  582.930175][T11811]  ? find_held_lock+0x2b/0x80
[  582.930198][T11811]  ? find_held_lock+0x2b/0x80
[  582.930207][T11811]  ? hook_file_ioctl_common+0x145/0x410
[  582.930221][T11811]  ? __fget_files+0x20e/0x3c0
[  582.930238][T11811]  security_file_ioctl+0x9b/0x240
[  582.930253][T11811]  __x64_sys_ioctl+0xb7/0x210
[  582.930266][T11811]  do_syscall_64+0xcd/0xfa0
[  582.930279][T11811]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.930290][T11811] RIP: 0033:0x7fee3178eec9
[  582.930299][T11811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.930310][T11811] RSP: 002b:00007fee325f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  582.930320][T11811] RAX: ffffffffffffffda RBX: 00007fee319e5fa0 RCX: 00007fee3178eec9
[  582.930327][T11811] RDX: 00002000000004c0 RSI: 0000000000002285 RDI: 0000000000000009
[  582.930333][T11811] RBP: 00007fee325f2090 R08: 0000000000000000 R09: 0000000000000000
[  582.930339][T11811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  582.930345][T11811] R13: 00007fee319e6038 R14: 00007fee319e5fa0 R15: 00007fff706d8ad8
[  582.930360][T11811]  </TASK>
[  582.930364][T11811] ERROR: Out of memory at tomoyo_realpath_from_path.
[  583.807099][   T30] audit: type=1326 audit(1760505968.455:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11817 comm="syz.1.1551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  583.880865][   T30] audit: type=1326 audit(1760505968.455:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11817 comm="syz.1.1551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  583.904695][   T30] audit: type=1326 audit(1760505968.505:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11817 comm="syz.1.1551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  583.931738][   T30] audit: type=1326 audit(1760505968.505:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11817 comm="syz.1.1551" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  584.762238][T11839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  584.779082][T11839] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.892329][T11871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  585.911717][T11871] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  585.961185][T11874] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1566'.
[  586.085418][T11864] hsr0: entered allmulticast mode
[  586.095555][T11864] hsr_slave_0: entered allmulticast mode
[  586.115280][T11864] hsr_slave_1: entered allmulticast mode
[  588.119967][    T9] usb 3-1: new high-speed USB device number 52 using dummy_hcd
[  588.290828][    T9] usb 3-1: Using ep0 maxpacket: 8
[  588.297555][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  588.308033][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  588.319241][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  588.332243][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  588.342478][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  588.355730][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  588.365348][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  588.379830][    T9] usb 3-1: config 0 descriptor??
[  588.449392][   T30] audit: type=1400 audit(1760505973.035:1340): avc:  denied  { watch_sb } for  pid=11913 comm="syz.4.1578" path="/317/file1" dev="tmpfs" ino=1746 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  588.980008][ T1206] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  589.130219][ T1206] usb 4-1: device descriptor read/64, error -71
[  589.568786][ T1206] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  589.626674][T11930] mkiss: ax0: crc mode is auto.
[  589.720054][ T1206] usb 4-1: device descriptor read/64, error -71
[  589.830215][ T1206] usb usb4-port1: attempt power cycle
[  589.837665][    T9] usb 3-1: USB disconnect, device number 52
[  589.971286][T11938] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1586'.
[  590.683891][ T1206] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  590.753147][ T1206] usb 4-1: device descriptor read/8, error -71
[  590.779546][T11946] x_tables: duplicate underflow at hook 1
[  591.194192][ T5874] usb 3-1: new high-speed USB device number 53 using dummy_hcd
[  591.208490][ T1206] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  591.440387][ T1206] usb 4-1: device descriptor read/8, error -71
[  591.550596][ T1206] usb usb4-port1: unable to enumerate USB device
[  591.572548][ T5874] usb 3-1: unable to get BOS descriptor or descriptor too short
[  591.602290][ T5874] usb 3-1: config 6 has an invalid interface number: 200 but max is 0
[  591.612105][ T5874] usb 3-1: config 6 has no interface number 0
[  591.618563][ T5874] usb 3-1: config 6 interface 200 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  591.631954][ T5874] usb 3-1: config 6 interface 200 has no altsetting 0
[  591.642134][ T5874] usb 3-1: string descriptor 0 read error: -22
[  591.648718][ T5874] usb 3-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f
[  592.311155][ T5874] usb 3-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3
[  592.371523][ T5874] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state.
[  592.653594][T11971] QAT: Device 197 not found
[  593.001074][   T30] audit: type=1400 audit(1760505977.235:1341): avc:  denied  { name_bind } for  pid=11944 comm="syz.2.1588" src=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  593.022556][   T30] audit: type=1400 audit(1760505977.235:1342): avc:  denied  { name_connect } for  pid=11944 comm="syz.2.1588" dest=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  593.046998][   T30] audit: type=1400 audit(1760505977.695:1343): avc:  denied  { connect } for  pid=11964 comm="syz.1.1594" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  593.072712][ T5874] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  593.095297][ T5874] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T)
[  593.104829][ T5874] usb 3-1: media controller created
[  593.120871][ T5874] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  593.497484][   T30] audit: type=1326 audit(1760505978.125:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.544624][   T30] audit: type=1326 audit(1760505978.125:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.642134][   T30] audit: type=1326 audit(1760505978.125:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.700642][   T30] audit: type=1326 audit(1760505978.125:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.725624][   T30] audit: type=1326 audit(1760505978.125:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.788146][   T30] audit: type=1326 audit(1760505978.125:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  593.815922][   T30] audit: type=1326 audit(1760505978.125:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11978 comm="syz.1.1598" exe="/root/syz-executor" sig=0 arch=c000003e syscall=315 compat=0 ip=0x7fcb00b8eec9 code=0x7ffc0000
[  594.086782][ T5874] dvb-usb: bulk message failed: -71 (6/0)
[  594.154871][ T5874] dvb-usb: bulk message failed: -71 (6/0)
[  594.172379][ T5874] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T'
[  594.219433][ T5874] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input50
[  594.300524][ T5874] dvb-usb: schedule remote query interval to 150 msecs.
[  594.364723][ T5874] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected.
[  594.449940][ T5874] usb 3-1: USB disconnect, device number 53
[  594.690963][ T5874] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  594.976719][T12012] FAULT_INJECTION: forcing a failure.
[  594.976719][T12012] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  595.206210][T12012] CPU: 0 UID: 0 PID: 12012 Comm: syz.4.1607 Not tainted syzkaller #0 PREEMPT(full) 
[  595.206235][T12012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  595.206243][T12012] Call Trace:
[  595.206247][T12012]  <TASK>
[  595.206251][T12012]  dump_stack_lvl+0x16c/0x1f0
[  595.206268][T12012]  should_fail_ex+0x512/0x640
[  595.206284][T12012]  _copy_from_user+0x2e/0xd0
[  595.206299][T12012]  __sys_bpf+0x248/0x4980
[  595.206314][T12012]  ? __pfx___sys_bpf+0x10/0x10
[  595.206326][T12012]  ? find_held_lock+0x2b/0x80
[  595.206340][T12012]  ? find_held_lock+0x2b/0x80
[  595.206353][T12012]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  595.206376][T12012]  ? fput+0x9b/0xd0
[  595.206386][T12012]  ? ksys_write+0x1ac/0x250
[  595.206399][T12012]  ? __pfx_ksys_write+0x10/0x10
[  595.206414][T12012]  __x64_sys_bpf+0x78/0xc0
[  595.206427][T12012]  ? lockdep_hardirqs_on+0x7c/0x110
[  595.206440][T12012]  do_syscall_64+0xcd/0xfa0
[  595.206453][T12012]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.206464][T12012] RIP: 0033:0x7f84e278eec9
[  595.206473][T12012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.206484][T12012] RSP: 002b:00007f84e36af038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  595.206494][T12012] RAX: ffffffffffffffda RBX: 00007f84e29e5fa0 RCX: 00007f84e278eec9
[  595.206501][T12012] RDX: 000000000000000c RSI: 0000200000000380 RDI: 0000000000000009
[  595.206507][T12012] RBP: 00007f84e36af090 R08: 0000000000000000 R09: 0000000000000000
[  595.206513][T12012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  595.206519][T12012] R13: 00007f84e29e6038 R14: 00007f84e29e5fa0 R15: 00007ffca5dca668
[  595.206534][T12012]  </TASK>
[  595.564899][T12015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.577680][T12015] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.695329][ T5874] usb 3-1: new high-speed USB device number 54 using dummy_hcd
[  595.847272][T12027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  595.855807][T12027] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  595.865604][ T5874] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  595.875951][ T5874] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  595.884698][ T5874] usb 3-1: can't read configurations, error -22
[  595.896216][T12024] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1611'.
[  596.022419][ T5874] usb 3-1: new high-speed USB device number 55 using dummy_hcd
[  596.181230][ T5874] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  596.211124][ T5874] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  596.219595][ T5874] usb 3-1: can't read configurations, error -22
[  596.228421][ T5874] usb usb3-port1: attempt power cycle
[  596.581632][ T5874] usb 3-1: new high-speed USB device number 56 using dummy_hcd
[  596.622385][ T5874] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  596.644055][ T5874] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  596.686827][ T5874] usb 3-1: can't read configurations, error -22
[  596.849952][ T5874] usb 3-1: new high-speed USB device number 57 using dummy_hcd
[  596.901600][ T5874] usb 3-1: config index 0 descriptor too short (expected 2304, got 36)
[  596.911843][ T5874] usb 3-1: invalid descriptor for config index 0: type = 0x2, length = 0
[  596.921822][ T5874] usb 3-1: can't read configurations, error -22
[  596.929446][ T5874] usb usb3-port1: unable to enumerate USB device
[  597.310327][T12073] comedi comedi3: aio_iiro_16: I/O port conflict (0x4f27,8)
[  597.837275][T12081] netlink: 'syz.1.1619': attribute type 1 has an invalid length.
[  597.876059][T12082] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  597.883154][T12082] VFS: Can't find a romfs filesystem on dev nullb0.
[  597.883154][T12082] 
[  597.893079][T12082] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  598.115742][T12081] 8021q: adding VLAN 0 to HW filter on device bond2
[  598.153761][T12083] bond2: (slave geneve2): making interface the new active one
[  598.159396][T12081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1619'.
[  598.163873][T12083] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  598.207181][T12081] bond2: entered promiscuous mode
[  598.226726][T12081] geneve2: entered promiscuous mode
[  598.296754][   T30] kauditd_printk_skb: 26 callbacks suppressed
[  598.296769][   T30] audit: type=1400 audit(1760505982.945:1377): avc:  denied  { accept } for  pid=12080 comm="syz.1.1619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  598.451436][T12089] overlayfs: missing 'workdir'
[  598.571452][T12083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.581280][T12083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  598.905467][T12083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  598.989533][T12083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  599.284063][T12103] fuse: Bad value for 'fd'
[  599.374802][   T30] audit: type=1400 audit(1760505984.025:1378): avc:  denied  { shutdown } for  pid=12106 comm="syz.0.1627" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  600.712017][T12123] fuse: Bad value for 'fd'
[  603.519330][T12143] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  603.526476][T12143] VFS: Can't find a romfs filesystem on dev nullb0.
[  603.526476][T12143] 
[  603.536626][T12143] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  603.767650][T12149] ubi: mtd0 is already attached to ubi31
[  604.632292][T12166] FAULT_INJECTION: forcing a failure.
[  604.632292][T12166] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  604.805358][T12166] CPU: 1 UID: 0 PID: 12166 Comm: syz.2.1640 Not tainted syzkaller #0 PREEMPT(full) 
[  604.805384][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  604.805394][T12166] Call Trace:
[  604.805401][T12166]  <TASK>
[  604.805408][T12166]  dump_stack_lvl+0x16c/0x1f0
[  604.805434][T12166]  should_fail_ex+0x512/0x640
[  604.805461][T12166]  _copy_from_user+0x2e/0xd0
[  604.805484][T12166]  copy_msghdr_from_user+0x98/0x160
[  604.805512][T12166]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  604.805551][T12166]  ___sys_sendmsg+0xfe/0x1d0
[  604.805572][T12166]  ? __pfx____sys_sendmsg+0x10/0x10
[  604.805591][T12166]  ? __lock_acquire+0x622/0x1c90
[  604.805644][T12166]  __sys_sendmsg+0x16d/0x220
[  604.805666][T12166]  ? __pfx___sys_sendmsg+0x10/0x10
[  604.805703][T12166]  do_syscall_64+0xcd/0xfa0
[  604.805725][T12166]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.805742][T12166] RIP: 0033:0x7fb8f9f8eec9
[  604.805756][T12166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.805772][T12166] RSP: 002b:00007fb8fadc5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  604.805789][T12166] RAX: ffffffffffffffda RBX: 00007fb8fa1e6090 RCX: 00007fb8f9f8eec9
[  604.805800][T12166] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[  604.805810][T12166] RBP: 00007fb8fadc5090 R08: 0000000000000000 R09: 0000000000000000
[  604.805821][T12166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  604.805831][T12166] R13: 00007fb8fa1e6128 R14: 00007fb8fa1e6090 R15: 00007ffed56f90f8
[  604.805856][T12166]  </TASK>
[  605.897222][T12180] loop4: detected capacity change from 0 to 63
[  605.910382][T12180] buffer_io_error: 11 callbacks suppressed
[  605.910393][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  605.939983][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  605.960268][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  605.963421][   T30] audit: type=1400 audit(1760505990.615:1379): avc:  denied  { map } for  pid=12179 comm="syz.2.1646" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  606.020300][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.028273][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.117498][   T30] audit: type=1400 audit(1760505990.615:1380): avc:  denied  { execute } for  pid=12179 comm="syz.2.1646" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  606.143877][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.158067][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.179296][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.196965][T12180] ldm_validate_partition_table(): Disk read failed.
[  606.206779][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.225152][T12180] Buffer I/O error on dev loop4, logical block 0, async page read
[  606.254222][T12180] Dev loop4: unable to read RDB block 0
[  606.292653][T12180]  loop4: unable to read partition table
[  606.310060][T12180] loop_reread_partitions: partition scan of loop4 (3Ÿ¾‚³˜) failed (rc=-5)
[  606.394038][T12184] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1647'.
[  606.464459][T12184] bond0: Unable to set up delay as MII monitoring is disabled
[  607.245698][T12196] netlink: 'syz.4.1651': attribute type 5 has an invalid length.
[  607.270007][T12196] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1651'.
[  608.560358][T12220] netlink: 'syz.2.1656': attribute type 10 has an invalid length.
[  608.694804][T12220] bond0: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  608.792734][T12220] 8021q: adding VLAN 0 to HW filter on device bond0
[  608.930393][T12220] bond0: (slave lo): Enslaving as an active interface with an up link
[  610.145220][   T30] audit: type=1326 audit(1760505994.795:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12232 comm="syz.2.1659" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb8f9f8eec9 code=0x0
[  610.182802][   T10] usb 4-1: new full-speed USB device number 62 using dummy_hcd
[  610.466420][ T5874] usb 3-1: new high-speed USB device number 58 using dummy_hcd
[  610.673863][   T10] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  610.804086][   T10] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  610.819902][ T5874] usb 3-1: Using ep0 maxpacket: 32
[  610.893484][   T10] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=31.6d
[  610.902657][   T10] usb 4-1: New USB device strings: Mfr=107, Product=102, SerialNumber=146
[  610.922867][   T10] usb 4-1: Product: syz
[  610.927039][   T10] usb 4-1: Manufacturer: syz
[  610.933181][ T5874] usb 3-1: unable to get BOS descriptor or descriptor too short
[  610.950077][   T10] usb 4-1: SerialNumber: syz
[  610.959926][ T5874] usb 3-1: config 0 has no interfaces?
[  610.970433][ T5874] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  610.979700][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.010056][ T5874] usb 3-1: Product: syz
[  611.067444][ T5874] usb 3-1: Manufacturer: syz
[  611.082015][ T5874] usb 3-1: SerialNumber: syz
[  611.187574][ T5874] usb 3-1: config 0 descriptor??
[  611.297264][T12248] overlayfs: failed to clone lowerpath
[  611.383945][   T30] audit: type=1400 audit(1760505995.905:1382): avc:  denied  { ioctl } for  pid=12223 comm="syz.3.1657" path="/332/file0/file0" dev="fuse" ino=64 ioctlcmd=0x921 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=blk_file permissive=1
[  612.315534][T12227] md: could not open device unknown-block(0,0).
[  612.322264][T12227] md: md_import_device returned -6
[  612.363132][    T9] usb 4-1: USB disconnect, device number 62
[  612.790798][T12236] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  613.175914][   T30] audit: type=1800 audit(1760505995.955:1383): pid=12228 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1657" name="SYSV00000000" dev="hugetlbfs" ino=1 res=0 errno=0
[  613.240614][T12236] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  613.262678][ T1206] usb 3-1: USB disconnect, device number 58
[  613.414081][T12259] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1666'.
[  613.423863][T12261] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1665'.
[  613.446666][T12261] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1665'.
[  613.456096][T12261] FAULT_INJECTION: forcing a failure.
[  613.456096][T12261] name failslab, interval 1, probability 0, space 0, times 0
[  613.473947][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1665 Not tainted syzkaller #0 PREEMPT(full) 
[  613.473969][T12261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  613.473978][T12261] Call Trace:
[  613.473985][T12261]  <TASK>
[  613.473991][T12261]  dump_stack_lvl+0x16c/0x1f0
[  613.474016][T12261]  should_fail_ex+0x512/0x640
[  613.474036][T12261]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  613.474062][T12261]  should_failslab+0xc2/0x120
[  613.474087][T12261]  __kvmalloc_node_noprof+0x141/0x9c0
[  613.474110][T12261]  ? lockdep_init_map_type+0x5c/0x280
[  613.474133][T12261]  ? alloc_netdev_mqs+0xc91/0x1550
[  613.474159][T12261]  ? alloc_netdev_mqs+0xc91/0x1550
[  613.474176][T12261]  alloc_netdev_mqs+0xc91/0x1550
[  613.474203][T12261]  rtnl_create_link+0xc08/0xf90
[  613.474229][T12261]  rtnl_newlink+0xb69/0x2000
[  613.474257][T12261]  ? __pfx_rtnl_newlink+0x10/0x10
[  613.474277][T12261]  ? find_held_lock+0x2b/0x80
[  613.474294][T12261]  ? avc_has_perm_noaudit+0x117/0x3b0
[  613.474316][T12261]  ? avc_has_perm_noaudit+0x149/0x3b0
[  613.474355][T12261]  ? find_held_lock+0x2b/0x80
[  613.474370][T12261]  ? __pfx_rtnl_newlink+0x10/0x10
[  613.474388][T12261]  ? __pfx_rtnl_newlink+0x10/0x10
[  613.474407][T12261]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  613.474429][T12261]  ? __pfx_rtnl_newlink+0x10/0x10
[  613.474451][T12261]  rtnetlink_rcv_msg+0x95e/0xe90
[  613.474475][T12261]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  613.474505][T12261]  ? ref_tracker_free+0x37c/0x830
[  613.474538][T12261]  netlink_rcv_skb+0x158/0x420
[  613.474560][T12261]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  613.474584][T12261]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  613.474616][T12261]  ? netlink_deliver_tap+0x1ae/0xd30
[  613.474643][T12261]  netlink_unicast+0x5aa/0x870
[  613.474669][T12261]  ? __pfx_netlink_unicast+0x10/0x10
[  613.474701][T12261]  netlink_sendmsg+0x8c8/0xdd0
[  613.474727][T12261]  ? __pfx_netlink_sendmsg+0x10/0x10
[  613.474760][T12261]  ____sys_sendmsg+0xa98/0xc70
[  613.474786][T12261]  ? copy_msghdr_from_user+0x10a/0x160
[  613.474806][T12261]  ? __pfx_____sys_sendmsg+0x10/0x10
[  613.474835][T12261]  ? __pfx__kstrtoull+0x10/0x10
[  613.474867][T12261]  ___sys_sendmsg+0x134/0x1d0
[  613.474888][T12261]  ? __pfx____sys_sendmsg+0x10/0x10
[  613.474921][T12261]  ? find_held_lock+0x2b/0x80
[  613.474952][T12261]  __sys_sendmmsg+0x200/0x420
[  613.474975][T12261]  ? __pfx___sys_sendmmsg+0x10/0x10
[  613.474999][T12261]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  613.475019][T12261]  ? fput+0x9b/0xd0
[  613.475029][T12261]  ? ksys_write+0x1ac/0x250
[  613.475042][T12261]  ? __pfx_ksys_write+0x10/0x10
[  613.475058][T12261]  __x64_sys_sendmmsg+0x9c/0x100
[  613.475070][T12261]  ? lockdep_hardirqs_on+0x7c/0x110
[  613.475083][T12261]  do_syscall_64+0xcd/0xfa0
[  613.475104][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  613.475127][T12261] RIP: 0033:0x7fee3178eec9
[  613.475142][T12261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  613.475158][T12261] RSP: 002b:00007fee325f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  613.475173][T12261] RAX: ffffffffffffffda RBX: 00007fee319e5fa0 RCX: 00007fee3178eec9
[  613.475180][T12261] RDX: 0492492492492627 RSI: 00002000000000c0 RDI: 0000000000000003
[  613.475187][T12261] RBP: 00007fee325f2090 R08: 0000000000000000 R09: 0000000000000000
[  613.475193][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  613.475199][T12261] R13: 00007fee319e6038 R14: 00007fee319e5fa0 R15: 00007fff706d8ad8
[  613.475214][T12261]  </TASK>
[  614.009946][ T1206] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  614.520676][ T1206] usb 3-1: device descriptor read/all, error -71
[  616.032482][T12301] lo speed is unknown, defaulting to 1000
[  616.071405][T12305] FAULT_INJECTION: forcing a failure.
[  616.071405][T12305] name failslab, interval 1, probability 0, space 0, times 0
[  616.107679][T12305] CPU: 0 UID: 0 PID: 12305 Comm: syz.3.1678 Not tainted syzkaller #0 PREEMPT(full) 
[  616.107704][T12305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  616.107714][T12305] Call Trace:
[  616.107720][T12305]  <TASK>
[  616.107726][T12305]  dump_stack_lvl+0x16c/0x1f0
[  616.107751][T12305]  should_fail_ex+0x512/0x640
[  616.107772][T12305]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  616.107795][T12305]  should_failslab+0xc2/0x120
[  616.107820][T12305]  kmem_cache_alloc_noprof+0x75/0x6e0
[  616.107839][T12305]  ? __anon_vma_prepare+0xae/0x5e0
[  616.107862][T12305]  ? __anon_vma_prepare+0xae/0x5e0
[  616.107879][T12305]  __anon_vma_prepare+0xae/0x5e0
[  616.107895][T12305]  ? __pfx___pte_alloc+0x10/0x10
[  616.107921][T12305]  __vmf_anon_prepare+0x11c/0x240
[  616.107949][T12305]  do_pte_missing+0x10b7/0x3ba0
[  616.107969][T12305]  ? do_raw_spin_unlock+0x172/0x230
[  616.107997][T12305]  ? __pmd_alloc+0x64f/0x8b0
[  616.108023][T12305]  __handle_mm_fault+0x1556/0x2aa0
[  616.108042][T12305]  ? mt_find+0x3e2/0xa20
[  616.108065][T12305]  ? __pfx___handle_mm_fault+0x10/0x10
[  616.108081][T12305]  ? __pfx_mt_find+0x10/0x10
[  616.108118][T12305]  ? find_vma+0xbf/0x140
[  616.108140][T12305]  ? __pfx_find_vma+0x10/0x10
[  616.108166][T12305]  handle_mm_fault+0x589/0xd10
[  616.108185][T12305]  ? __pkru_allows_pkey+0x11/0xb0
[  616.108211][T12305]  do_user_addr_fault+0x7a6/0x1370
[  616.108238][T12305]  ? rcu_is_watching+0x12/0xc0
[  616.108259][T12305]  exc_page_fault+0x64/0xc0
[  616.108280][T12305]  asm_exc_page_fault+0x26/0x30
[  616.108297][T12305] RIP: 0010:__put_user_4+0xd/0x20
[  616.108317][T12305] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 0f 1f 80 00 00 00 00 90 90 90
[  616.108334][T12305] RSP: 0018:ffffc90003b6fa38 EFLAGS: 00050206
[  616.108350][T12305] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000200000000000
[  616.108361][T12305] RDX: ffff88802691a480 RSI: ffffffff8b499c3d RDI: ffffffff8bf1e2c0
[  616.108372][T12305] RBP: ffffc90003b6fb10 R08: b9524bc18546ca28 R09: 0000000000000000
[  616.108383][T12305] R10: 0000000000000000 R11: 0000000000000001 R12: 1ffff9200076df48
[  616.108393][T12305] R13: ffff8880547ec800 R14: 0000200000000000 R15: ffff8880547ec8e8
[  616.108414][T12305]  ? qrtr_ioctl+0x19d/0x3f0
[  616.108439][T12305]  qrtr_ioctl+0x1a7/0x3f0
[  616.108465][T12305]  ? __pfx_qrtr_ioctl+0x10/0x10
[  616.108508][T12305]  sock_do_ioctl+0x118/0x280
[  616.108535][T12305]  ? __pfx_sock_do_ioctl+0x10/0x10
[  616.108561][T12305]  ? kasan_quarantine_put+0x10a/0x240
[  616.108591][T12305]  ? find_held_lock+0x2b/0x80
[  616.108611][T12305]  sock_ioctl+0x227/0x6b0
[  616.108638][T12305]  ? __pfx_sock_ioctl+0x10/0x10
[  616.108662][T12305]  ? avc_has_perm_noaudit+0x149/0x3b0
[  616.108684][T12305]  ? avc_has_perm+0x144/0x1f0
[  616.108702][T12305]  ? __pfx_avc_has_perm+0x10/0x10
[  616.108721][T12305]  ? __pfx_sock_ioctl+0x10/0x10
[  616.108746][T12305]  do_vfs_ioctl+0x1099/0x14f0
[  616.108766][T12305]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  616.108784][T12305]  ? inode_has_perm+0x16f/0x1d0
[  616.108804][T12305]  ? file_has_perm+0x27d/0x350
[  616.108824][T12305]  ? __pfx_file_has_perm+0x10/0x10
[  616.108841][T12305]  ? find_held_lock+0x2b/0x80
[  616.108868][T12305]  ? selinux_file_ioctl+0xb4/0x270
[  616.108897][T12305]  __x64_sys_ioctl+0x114/0x210
[  616.108919][T12305]  do_syscall_64+0xcd/0xfa0
[  616.108941][T12305]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  616.108959][T12305] RIP: 0033:0x7fee3178eec9
[  616.108973][T12305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  616.108989][T12305] RSP: 002b:00007fee325f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  616.109004][T12305] RAX: ffffffffffffffda RBX: 00007fee319e5fa0 RCX: 00007fee3178eec9
[  616.109015][T12305] RDX: 0000200000000000 RSI: 000000000000541b RDI: 0000000000000003
[  616.109026][T12305] RBP: 00007fee325f2090 R08: 0000000000000000 R09: 0000000000000000
[  616.109035][T12305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  616.109045][T12305] R13: 00007fee319e6038 R14: 00007fee319e5fa0 R15: 00007fff706d8ad8
[  616.109072][T12305]  </TASK>
[  616.169245][T12307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  616.680221][T12307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.059896][T12301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  617.080581][T12301] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  617.403942][T12322] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1683'.
[  617.424946][   T30] audit: type=1400 audit(1760506002.065:1384): avc:  denied  { read } for  pid=12319 comm="syz.0.1682" path="socket:[40284]" dev="sockfs" ino=40284 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  617.629498][T12325] lo speed is unknown, defaulting to 1000
[  617.936447][T12326] lo speed is unknown, defaulting to 1000
[  618.197817][T12331] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1685'.
[  618.323311][T12337] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.353243][T12337] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  618.443215][T12341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  618.486296][T12341] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  620.131070][T12360] geneve3: entered allmulticast mode
[  620.934370][   T30] audit: type=1400 audit(1760506005.335:1385): avc:  denied  { kexec_image_load } for  pid=12366 comm="syz.0.1695" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  623.055040][T12396] random: crng reseeded on system resumption
[  623.122504][T12401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1706'.
[  623.256870][T12406] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1707'.
[  623.307968][   T30] audit: type=1400 audit(1760506007.955:1386): avc:  denied  { accept } for  pid=12405 comm="syz.1.1707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  623.812913][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  625.219699][T12429] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1712'.
[  625.263937][T12429] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1712'.
[  625.794231][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1714'.
[  625.908675][T12431] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1713'.
[  625.981507][   T10] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  626.422786][T12444] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1717'.
[  626.539878][   T10] usb 3-1: Using ep0 maxpacket: 8
[  626.573489][   T10] usb 3-1: config 0 has an invalid interface number: 31 but max is 0
[  626.590418][   T10] usb 3-1: config 0 has no interface number 0
[  626.591545][   T30] audit: type=1400 audit(1760506011.245:1387): avc:  denied  { accept } for  pid=12452 comm="syz.4.1719" lport=53441 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  626.714766][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  626.734034][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.789993][   T10] usb 3-1: Product: syz
[  626.796647][   T10] usb 3-1: Manufacturer: syz
[  626.804021][   T10] usb 3-1: SerialNumber: syz
[  626.820910][   T10] usb 3-1: config 0 descriptor??
[  626.895594][T12460] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  626.905683][T12460] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  628.074818][   T10] uvcvideo 3-1:0.31: Found UVC 0.04 device syz (046d:08c3)
[  628.087408][   T10] uvcvideo 3-1:0.31: Entity type for entity Output 6 was not initialized!
[  628.106370][   T10] usb 3-1: USB disconnect, device number 61
[  631.239572][T12525] netlink: 'syz.3.1739': attribute type 1 has an invalid length.
[  631.248818][T12521] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  631.255960][T12521] VFS: Can't find a romfs filesystem on dev nullb0.
[  631.255960][T12521] 
[  631.266103][T12521] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  631.320447][T12525] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1739'.
[  631.384122][T12528] binder: 12526:12528 ioctl 4018620d 0 returned -22
[  632.347901][T12543] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1741'.
[  633.489149][   T30] audit: type=1400 audit(1760506018.025:1388): avc:  denied  { write } for  pid=12554 comm="syz.4.1746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  634.420720][ T5935] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  634.759909][ T5935] usb 3-1: Using ep0 maxpacket: 32
[  634.775527][ T5935] usb 3-1: config 0 has an invalid interface number: 12 but max is 0
[  634.841191][ T5935] usb 3-1: config 0 has no interface number 0
[  634.859334][ T5935] usb 3-1: config 0 interface 12 altsetting 2 endpoint 0x2 has invalid maxpacket 64768, setting to 1024
[  634.874357][ T5935] usb 3-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 1024
[  634.886429][ T5935] usb 3-1: config 0 interface 12 has no altsetting 0
[  634.989076][ T5935] usb 3-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  635.001825][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.010240][ T5935] usb 3-1: Product: syz
[  635.014484][ T5935] usb 3-1: Manufacturer: syz
[  635.019073][ T5935] usb 3-1: SerialNumber: syz
[  635.090837][T12585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.099686][T12585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.121224][ T5935] usb 3-1: config 0 descriptor??
[  635.138837][T12562] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  635.147578][ T5935] f81534 3-1:0.12: unsupported endpoint max packet size
[  635.351964][ T5874] usb 3-1: USB disconnect, device number 62
[  635.426970][   T30] audit: type=1400 audit(1760506020.075:1389): avc:  denied  { bind } for  pid=12589 comm="syz.4.1758" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  635.443093][T12590] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.455854][T12590] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.719422][T12594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  635.730298][T12594] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  635.748761][   T30] audit: type=1400 audit(1760506020.395:1390): avc:  denied  { map } for  pid=12593 comm="syz.1.1759" path="socket:[40900]" dev="sockfs" ino=40900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  635.807686][   T30] audit: type=1400 audit(1760506020.395:1391): avc:  denied  { accept } for  pid=12593 comm="syz.1.1759" path="socket:[40900]" dev="sockfs" ino=40900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  636.273709][T12609] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1764'.
[  637.008865][T12615] netlink: 'syz.3.1765': attribute type 4 has an invalid length.
[  637.016886][T12615] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1765'.
[  637.220628][T12619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  637.292479][T12619] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  638.768812][T12650] binder: 12649:12650 ioctl c0306201 0 returned -14
[  638.896222][T12656] No control pipe specified
[  639.150669][   T30] audit: type=1804 audit(1760506023.795:1392): pid=12661 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.1.1779" name="/newroot/364/file0" dev="tmpfs" ino=1986 res=1 errno=0
[  639.211743][T12661] FAULT_INJECTION: forcing a failure.
[  639.211743][T12661] name failslab, interval 1, probability 0, space 0, times 0
[  639.308809][T12661] CPU: 1 UID: 0 PID: 12661 Comm: syz.1.1779 Not tainted syzkaller #0 PREEMPT(full) 
[  639.308835][T12661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  639.308845][T12661] Call Trace:
[  639.308851][T12661]  <TASK>
[  639.308858][T12661]  dump_stack_lvl+0x16c/0x1f0
[  639.308886][T12661]  should_fail_ex+0x512/0x640
[  639.308907][T12661]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  639.308930][T12661]  should_failslab+0xc2/0x120
[  639.308955][T12661]  kmem_cache_alloc_noprof+0x75/0x6e0
[  639.308975][T12661]  ? vm_area_alloc+0x1f/0x160
[  639.308998][T12661]  ? vm_area_alloc+0x1f/0x160
[  639.309014][T12661]  vm_area_alloc+0x1f/0x160
[  639.309032][T12661]  __mmap_region+0xf85/0x27a0
[  639.309053][T12661]  ? rcu_is_watching+0x12/0xc0
[  639.309071][T12661]  ? __pfx___mmap_region+0x10/0x10
[  639.309089][T12661]  ? find_held_lock+0x2b/0x80
[  639.309108][T12661]  ? process_measurement+0xf92/0x23e0
[  639.309136][T12661]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  639.309167][T12661]  ? rcu_is_watching+0x12/0xc0
[  639.309231][T12661]  ? mm_get_unmapped_area+0x95/0xe0
[  639.309264][T12661]  mmap_region+0x1ab/0x3f0
[  639.309284][T12661]  ? __get_unmapped_area+0x267/0x440
[  639.309311][T12661]  do_mmap+0xa3e/0x1210
[  639.309340][T12661]  ? __pfx_do_mmap+0x10/0x10
[  639.309365][T12661]  ? __pfx_down_write_killable+0x10/0x10
[  639.309394][T12661]  vm_mmap_pgoff+0x29e/0x470
[  639.309424][T12661]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  639.309454][T12661]  ? __fget_files+0x20e/0x3c0
[  639.309553][T12661]  ksys_mmap_pgoff+0x32c/0x5c0
[  639.309582][T12661]  ? __pfx_ksys_write+0x10/0x10
[  639.309608][T12661]  __x64_sys_mmap+0x125/0x190
[  639.309635][T12661]  do_syscall_64+0xcd/0xfa0
[  639.309658][T12661]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  639.309676][T12661] RIP: 0033:0x7fcb00b8eec9
[  639.309700][T12661] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  639.309717][T12661] RSP: 002b:00007fcb01a03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  639.309734][T12661] RAX: ffffffffffffffda RBX: 00007fcb00de5fa0 RCX: 00007fcb00b8eec9
[  639.309746][T12661] RDX: 000000000000001f RSI: 0000000000002000 RDI: 0000200000ffc000
[  639.309757][T12661] RBP: 00007fcb01a03090 R08: 0000000000000004 R09: 0000000000000000
[  639.309767][T12661] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001
[  639.309777][T12661] R13: 00007fcb00de6038 R14: 00007fcb00de5fa0 R15: 00007ffdfdadf818
[  639.309800][T12661]  </TASK>
[  642.087015][ T5935] usb 4-1: new low-speed USB device number 63 using dummy_hcd
[  642.650055][ T5935] usb 4-1: device descriptor read/64, error -71
[  642.863801][T12713] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1791'.
[  642.899929][ T5935] usb 4-1: new low-speed USB device number 64 using dummy_hcd
[  642.971255][T12718] random: crng reseeded on system resumption
[  643.040061][ T5935] usb 4-1: device descriptor read/64, error -71
[  643.176983][ T5935] usb usb4-port1: attempt power cycle
[  643.291680][T12727] overlayfs: failed to resolve './file0': -2
[  645.204245][T12744] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1800'.
[  645.320125][T12744] netlink: 'syz.3.1800': attribute type 7 has an invalid length.
[  645.329884][T12744] netlink: 'syz.3.1800': attribute type 8 has an invalid length.
[  645.340516][T12744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1800'.
[  645.810599][T12744] ip6gretap0: entered promiscuous mode
[  645.834016][T12744] syz_tun: entered promiscuous mode
[  645.908696][T12744] ip6gretap0: left promiscuous mode
[  645.936860][T12744] syz_tun: left promiscuous mode
[  645.975342][T12739] syz.4.1798 (12739): drop_caches: 2
[  646.202772][T12766] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1805'.
[  646.256677][T12766] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  646.411495][T12766] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  646.497225][T12779] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  646.504185][T12779] VFS: Can't find a romfs filesystem on dev nullb0.
[  646.504185][T12779] 
[  646.514100][T12779] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  648.776716][T12801] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  648.793014][T12801] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  649.422644][T12809] overlayfs: overlapping lowerdir path
[  649.937640][T12817] syzkaller0: entered promiscuous mode
[  649.976454][T12817] syzkaller0: entered allmulticast mode
[  650.887754][T12827] fuse: Bad value for 'group_id'
[  650.896733][T12827] fuse: Bad value for 'group_id'
[  651.350040][ T1206] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  651.550287][ T1206] usb 4-1: Using ep0 maxpacket: 16
[  651.954489][T12855] : Can't lookup blockdev
[  652.552961][ T1206] usb 4-1: config 0 has an invalid interface number: 71 but max is 0
[  652.669878][ T1206] usb 4-1: config 0 has no interface number 0
[  652.794272][ T1206] usb 4-1: New USB device found, idVendor=04cb, idProduct=011b, bcdDevice=23.c5
[  653.086255][ T1206] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  653.094441][ T1206] usb 4-1: Product: syz
[  653.098685][ T1206] usb 4-1: Manufacturer: syz
[  653.214153][ T1206] usb 4-1: SerialNumber: syz
[  653.226391][ T1206] usb 4-1: config 0 descriptor??
[  653.745429][ T1206] gspca_main: finepix-2.14.0 probing 04cb:011b
[  653.775782][ T1206] usb 4-1: USB disconnect, device number 66
[  653.793504][T12872] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  653.807103][T12875] fuse: Bad value for 'group_id'
[  653.812359][T12875] fuse: Bad value for 'group_id'
[  654.267923][   T30] audit: type=1400 audit(1760538807.915:1393): avc:  denied  { execute } for  pid=12882 comm="syz.1.1841" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  654.427697][T12887] loop3: detected capacity change from 0 to 7
[  654.497141][T12887] Dev loop3: unable to read RDB block 7
[  654.509419][T12887]  loop3: unable to read partition table
[  654.515644][T12887] loop3: partition table beyond EOD, truncated
[  654.693026][T12887] loop_reread_partitions: partition scan of loop3 (þ被xü—ŸÑà– ) failed (rc=-5)
[  655.806105][   T30] audit: type=1400 audit(1760538809.455:1394): avc:  denied  { lock } for  pid=12909 comm="syz.2.1850" path="socket:[42600]" dev="sockfs" ino=42600 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  655.963507][T12913] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1849'.
[  656.191437][T12913] bond0 (unregistering): (slave macvlan0): Releasing backup interface
[  656.213883][T12913] bond0 (unregistering): Released all slaves
[  656.632481][T12922] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1852'.
[  658.161020][T12934] orangefs_mount: mount request failed with -4
[  659.894489][T12986] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1869'.
[  659.941858][   T30] audit: type=1326 audit(1760538813.565:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.116891][   T30] audit: type=1326 audit(1760538813.565:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.246890][T12995] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1870'.
[  660.591466][   T30] audit: type=1326 audit(1760538813.565:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.615793][   T30] audit: type=1326 audit(1760538813.565:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.645271][   T30] audit: type=1326 audit(1760538813.565:1399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.686661][   T30] audit: type=1326 audit(1760538813.565:1400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.787039][   T30] audit: type=1326 audit(1760538813.565:1401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  660.937935][   T30] audit: type=1326 audit(1760538813.575:1402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  661.180703][   T30] audit: type=1326 audit(1760538813.575:1403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  662.284437][   T30] audit: type=1326 audit(1760538813.575:1404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12987 comm="syz.3.1871" exe="/root/syz-executor" sig=0 arch=c000003e syscall=237 compat=0 ip=0x7fee3178eec9 code=0x7ffc0000
[  663.750508][ T5935] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  663.932108][ T5935] usb 4-1: Using ep0 maxpacket: 32
[  663.986414][T13045] mac80211_hwsim hwsim7 
4

: renamed from wlan1
[  664.291315][T13046] nvme_fabrics: unknown parameter or missing value ':syz1:E:00000000000000000009:' in ctrl creation request
[  664.305868][ T5935] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  664.319917][ T5935] usb 4-1: config 0 has no interface number 0
[  664.343123][ T5935] usb 4-1: config 0 interface 12 altsetting 2 endpoint 0x2 has invalid maxpacket 64768, setting to 1024
[  664.458427][ T5935] usb 4-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 1024
[  664.499618][ T5935] usb 4-1: config 0 interface 12 has no altsetting 0
[  664.527434][T13051] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1886'.
[  664.547148][ T5935] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  664.556698][ T5935] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  664.564831][ T5935] usb 4-1: Product: syz
[  664.571110][ T5935] usb 4-1: Manufacturer: syz
[  664.678506][T13055] FAULT_INJECTION: forcing a failure.
[  664.678506][T13055] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  664.693322][T13055] CPU: 0 UID: 0 PID: 13055 Comm: syz.1.1887 Not tainted syzkaller #0 PREEMPT(full) 
[  664.693344][T13055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  664.693356][T13055] Call Trace:
[  664.693362][T13055]  <TASK>
[  664.693369][T13055]  dump_stack_lvl+0x16c/0x1f0
[  664.693391][T13055]  should_fail_ex+0x512/0x640
[  664.693407][T13055]  _copy_from_user+0x2e/0xd0
[  664.693421][T13055]  copy_msghdr_from_user+0x98/0x160
[  664.693435][T13055]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  664.693455][T13055]  ___sys_sendmsg+0xfe/0x1d0
[  664.693468][T13055]  ? __pfx____sys_sendmsg+0x10/0x10
[  664.693479][T13055]  ? __lock_acquire+0x622/0x1c90
[  664.693510][T13055]  __sys_sendmsg+0x16d/0x220
[  664.693522][T13055]  ? __pfx___sys_sendmsg+0x10/0x10
[  664.693543][T13055]  do_syscall_64+0xcd/0xfa0
[  664.693556][T13055]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  664.693567][T13055] RIP: 0033:0x7fcb00b8eec9
[  664.693577][T13055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  664.693587][T13055] RSP: 002b:00007fcb01a03038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  664.693602][T13055] RAX: ffffffffffffffda RBX: 00007fcb00de5fa0 RCX: 00007fcb00b8eec9
[  664.693609][T13055] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 000000000000000a
[  664.693615][T13055] RBP: 00007fcb01a03090 R08: 0000000000000000 R09: 0000000000000000
[  664.693621][T13055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  664.693627][T13055] R13: 00007fcb00de6038 R14: 00007fcb00de5fa0 R15: 00007ffdfdadf818
[  664.693641][T13055]  </TASK>
[  665.064822][ T5935] usb 4-1: SerialNumber: syz
[  665.094849][ T5935] usb 4-1: config 0 descriptor??
[  665.112942][T13032] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  665.126485][ T5935] f81534 4-1:0.12: unsupported endpoint max packet size
[  665.336203][ T5927] usb 4-1: USB disconnect, device number 67
[  665.577730][T13072] ==================================================================
[  665.585808][T13072] BUG: KASAN: slab-use-after-free in sysfs_remove_file_ns+0x63/0x70
[  665.593793][T13072] Read of size 8 at addr ffff88802b011430 by task syz.2.1891/13072
[  665.601669][T13072] 
[  665.603983][T13072] CPU: 0 UID: 0 PID: 13072 Comm: syz.2.1891 Not tainted syzkaller #0 PREEMPT(full) 
[  665.604006][T13072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  665.604017][T13072] Call Trace:
[  665.604023][T13072]  <TASK>
[  665.604030][T13072]  dump_stack_lvl+0x116/0x1f0
[  665.604054][T13072]  print_report+0xcd/0x630
[  665.604080][T13072]  ? __virt_addr_valid+0x81/0x610
[  665.604100][T13072]  ? __phys_addr+0xe8/0x180
[  665.604120][T13072]  ? sysfs_remove_file_ns+0x63/0x70
[  665.604146][T13072]  kasan_report+0xe0/0x110
[  665.604172][T13072]  ? sysfs_remove_file_ns+0x63/0x70
[  665.604201][T13072]  sysfs_remove_file_ns+0x63/0x70
[  665.604226][T13072]  driver_remove_file+0x4a/0x60
[  665.604248][T13072]  bus_remove_driver+0x224/0x2c0
[  665.604276][T13072]  driver_unregister+0x76/0xb0
[  665.604296][T13072]  comedi_device_detach_locked+0x12f/0xa50
[  665.604320][T13072]  do_devconfig_ioctl+0x555/0x710
[  665.604349][T13072]  ? __mutex_lock+0x1c5/0x1060
[  665.604374][T13072]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  665.604406][T13072]  ? find_held_lock+0x2b/0x80
[  665.604425][T13072]  comedi_unlocked_ioctl+0x165d/0x2f00
[  665.604456][T13072]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  665.604486][T13072]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  665.604517][T13072]  ? do_vfs_ioctl+0x128/0x14f0
[  665.604536][T13072]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  665.604554][T13072]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  665.604585][T13072]  ? hook_file_ioctl_common+0x145/0x410
[  665.604606][T13072]  ? selinux_file_ioctl+0x180/0x270
[  665.604629][T13072]  ? selinux_file_ioctl+0xb4/0x270
[  665.604654][T13072]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  665.604682][T13072]  __x64_sys_ioctl+0x18e/0x210
[  665.604701][T13072]  do_syscall_64+0xcd/0xfa0
[  665.604724][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.604742][T13072] RIP: 0033:0x7fb8f9f8eec9
[  665.604757][T13072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.604774][T13072] RSP: 002b:00007fb8fada4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  665.604792][T13072] RAX: ffffffffffffffda RBX: 00007fb8fa1e6180 RCX: 00007fb8f9f8eec9
[  665.604805][T13072] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 000000000000000a
[  665.604816][T13072] RBP: 00007fb8fa011f91 R08: 0000000000000000 R09: 0000000000000000
[  665.604827][T13072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  665.604837][T13072] R13: 00007fb8fa1e6218 R14: 00007fb8fa1e6180 R15: 00007ffed56f90f8
[  665.604857][T13072]  </TASK>
[  665.604863][T13072] 
[  665.856170][T13072] Allocated by task 12909:
[  665.860567][T13072]  kasan_save_stack+0x33/0x60
[  665.865240][T13072]  kasan_save_track+0x14/0x30
[  665.869908][T13072]  __kasan_kmalloc+0xaa/0xb0
[  665.874489][T13072]  __kmalloc_noprof+0x32f/0x880
[  665.879323][T13072]  security_inode_init_security+0x13f/0x390
[  665.885208][T13072]  shmem_symlink+0x135/0x9f0
[  665.889788][T13072]  vfs_symlink+0x403/0x680
[  665.894192][T13072]  do_symlinkat+0x261/0x310
[  665.898690][T13072]  __x64_sys_symlinkat+0x93/0xc0
[  665.903627][T13072]  do_syscall_64+0xcd/0xfa0
[  665.908120][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.913998][T13072] 
[  665.916304][T13072] Freed by task 12909:
[  665.920358][T13072]  kasan_save_stack+0x33/0x60
[  665.925024][T13072]  kasan_save_track+0x14/0x30
[  665.929725][T13072]  __kasan_save_free_info+0x3b/0x60
[  665.934910][T13072]  __kasan_slab_free+0x5f/0x80
[  665.939664][T13072]  kfree+0x2b8/0x6d0
[  665.943550][T13072]  security_inode_init_security+0x2eb/0x390
[  665.949436][T13072]  shmem_symlink+0x135/0x9f0
[  665.954001][T13072]  vfs_symlink+0x403/0x680
[  665.958398][T13072]  do_symlinkat+0x261/0x310
[  665.962885][T13072]  __x64_sys_symlinkat+0x93/0xc0
[  665.967800][T13072]  do_syscall_64+0xcd/0xfa0
[  665.972277][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.978143][T13072] 
[  665.980439][T13072] The buggy address belongs to the object at ffff88802b011400
[  665.980439][T13072]  which belongs to the cache kmalloc-256 of size 256
[  665.994467][T13072] The buggy address is located 48 bytes inside of
[  665.994467][T13072]  freed 256-byte region [ffff88802b011400, ffff88802b011500)
[  666.008147][T13072] 
[  666.010446][T13072] The buggy address belongs to the physical page:
[  666.016832][T13072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2b010
[  666.025568][T13072] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  666.034042][T13072] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  666.041557][T13072] page_type: f5(slab)
[  666.045509][T13072] raw: 00fff00000000040 ffff88813ff26b40 ffffea0001e87300 dead000000000004
[  666.054069][T13072] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  666.062628][T13072] head: 00fff00000000040 ffff88813ff26b40 ffffea0001e87300 dead000000000004
[  666.071275][T13072] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  666.079927][T13072] head: 00fff00000000001 ffffea0000ac0401 00000000ffffffff 00000000ffffffff
[  666.088569][T13072] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  666.097203][T13072] page dumped because: kasan: bad access detected
[  666.103584][T13072] page_owner tracks the page as allocated
[  666.109264][T13072] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5986, tgid 5986 (syz-executor), ts 78436266836, free_ts 78408942267
[  666.129810][T13072]  post_alloc_hook+0x1c0/0x230
[  666.134561][T13072]  get_page_from_freelist+0x10a3/0x3a30
[  666.140076][T13072]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  666.145943][T13072]  alloc_pages_mpol+0x1fb/0x550
[  666.150777][T13072]  new_slab+0x24a/0x360
[  666.154906][T13072]  ___slab_alloc+0xdc4/0x1ae0
[  666.159555][T13072]  __slab_alloc.constprop.0+0x63/0x110
[  666.164986][T13072]  __kmalloc_noprof+0x501/0x880
[  666.169816][T13072]  security_inode_init_security+0x13f/0x390
[  666.175693][T13072]  shmem_symlink+0x135/0x9f0
[  666.180254][T13072]  vfs_symlink+0x403/0x680
[  666.184642][T13072]  do_symlinkat+0x261/0x310
[  666.189122][T13072]  __x64_sys_symlinkat+0x93/0xc0
[  666.194033][T13072]  do_syscall_64+0xcd/0xfa0
[  666.198507][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.204367][T13072] page last free pid 5795 tgid 5795 stack trace:
[  666.210666][T13072]  __free_frozen_pages+0x7df/0x1160
[  666.215847][T13072]  qlist_free_all+0x4d/0x120
[  666.220419][T13072]  kasan_quarantine_reduce+0x195/0x1e0
[  666.225856][T13072]  __kasan_slab_alloc+0x69/0x90
[  666.230680][T13072]  kmem_cache_alloc_node_noprof+0x28a/0x770
[  666.236549][T13072]  __alloc_skb+0x2b2/0x380
[  666.240943][T13072]  tcp_stream_alloc_skb+0x34/0x560
[  666.246027][T13072]  tcp_sendmsg_locked+0x12d9/0x42e0
[  666.251201][T13072]  tcp_sendmsg+0x2e/0x50
[  666.255419][T13072]  inet_sendmsg+0xb9/0x140
[  666.259811][T13072]  sock_write_iter+0x509/0x610
[  666.264584][T13072]  vfs_write+0x7d3/0x11d0
[  666.268886][T13072]  ksys_write+0x1f8/0x250
[  666.273189][T13072]  do_syscall_64+0xcd/0xfa0
[  666.277667][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.283541][T13072] 
[  666.285843][T13072] Memory state around the buggy address:
[  666.291459][T13072]  ffff88802b011300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  666.299511][T13072]  ffff88802b011380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  666.307552][T13072] >ffff88802b011400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  666.315584][T13072]                                      ^
[  666.321190][T13072]  ffff88802b011480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  666.329223][T13072]  ffff88802b011500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  666.337252][T13072] ==================================================================
[  666.345785][T13072] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  666.352975][T13072] CPU: 0 UID: 0 PID: 13072 Comm: syz.2.1891 Not tainted syzkaller #0 PREEMPT(full) 
[  666.362329][T13072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  666.372357][T13072] Call Trace:
[  666.375611][T13072]  <TASK>
[  666.378515][T13072]  dump_stack_lvl+0x3d/0x1f0
[  666.383083][T13072]  vpanic+0x640/0x6f0
[  666.387040][T13072]  panic+0xca/0xd0
[  666.390732][T13072]  ? __pfx_panic+0x10/0x10
[  666.395120][T13072]  ? sysfs_remove_file_ns+0x63/0x70
[  666.400295][T13072]  ? preempt_schedule_common+0x44/0xc0
[  666.405726][T13072]  ? preempt_schedule_thunk+0x16/0x30
[  666.411074][T13072]  check_panic_on_warn+0xab/0xb0
[  666.415984][T13072]  end_report+0x107/0x170
[  666.420291][T13072]  kasan_report+0xee/0x110
[  666.424683][T13072]  ? sysfs_remove_file_ns+0x63/0x70
[  666.429856][T13072]  sysfs_remove_file_ns+0x63/0x70
[  666.434854][T13072]  driver_remove_file+0x4a/0x60
[  666.439678][T13072]  bus_remove_driver+0x224/0x2c0
[  666.444596][T13072]  driver_unregister+0x76/0xb0
[  666.449344][T13072]  comedi_device_detach_locked+0x12f/0xa50
[  666.455134][T13072]  do_devconfig_ioctl+0x555/0x710
[  666.460162][T13072]  ? __mutex_lock+0x1c5/0x1060
[  666.464931][T13072]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[  666.470486][T13072]  ? find_held_lock+0x2b/0x80
[  666.475160][T13072]  comedi_unlocked_ioctl+0x165d/0x2f00
[  666.480609][T13072]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  666.486394][T13072]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  666.492264][T13072]  ? do_vfs_ioctl+0x128/0x14f0
[  666.496999][T13072]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  666.501995][T13072]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  666.508819][T13072]  ? hook_file_ioctl_common+0x145/0x410
[  666.514336][T13072]  ? selinux_file_ioctl+0x180/0x270
[  666.519511][T13072]  ? selinux_file_ioctl+0xb4/0x270
[  666.524594][T13072]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  666.530384][T13072]  __x64_sys_ioctl+0x18e/0x210
[  666.535121][T13072]  do_syscall_64+0xcd/0xfa0
[  666.539606][T13072]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  666.545470][T13072] RIP: 0033:0x7fb8f9f8eec9
[  666.549855][T13072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  666.569435][T13072] RSP: 002b:00007fb8fada4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  666.577817][T13072] RAX: ffffffffffffffda RBX: 00007fb8fa1e6180 RCX: 00007fb8f9f8eec9
[  666.585760][T13072] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 000000000000000a
[  666.593699][T13072] RBP: 00007fb8fa011f91 R08: 0000000000000000 R09: 0000000000000000
[  666.601637][T13072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  666.609577][T13072] R13: 00007fb8fa1e6218 R14: 00007fb8fa1e6180 R15: 00007ffed56f90f8
[  666.617522][T13072]  </TASK>
[  666.620730][T13072] Kernel Offset: disabled
[  666.625026][T13072] Rebooting in 86400 seconds..