last executing test programs:

11m35.252408976s ago: executing program 4 (id=1849):
socket(0x200000000000011, 0x2, 0x0)
sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xffffffffffffffb4, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000499000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f320f300f20e06635800000000f22e02b6aa6c8", 0x4a}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x14)
setpriority(0x0, 0x1, 0xa7a8)
ioctl$KVM_GET_SUPPORTED_HV_CPUID_sys(r2, 0xc008aec1, &(0x7f0000000340)={0x3, 0x0, [{0xc0000001, 0x4, 0x5, 0x5, 0x5, 0x6, 0x7}, {0x40000001, 0x40, 0x5, 0x101, 0x1, 0x1, 0xfff}, {0x40000000, 0xffffffff, 0x0, 0x7, 0xafd, 0x7f, 0x7}]})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x2a7, 0x0, 0x0, 0x41100, 0x24, '\x00', 0x0, 0x0, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff}, 0x94)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

11m33.873419706s ago: executing program 4 (id=1853):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a60800000f00510066b87a000f02d86161300f300fc79d53bf0000c4b961edc30101220f01c3", 0x64}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000580)={0xffffffffffffffff, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f0000000040)=0x90000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x3, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"04dfc86351907bcbc9293982262069af775bedfb0a63cb8031ecdc5351097e022d45a9640a4a4b506dc328f61ac030dacac442d82b9e81e6847961e65610b8f6e25f9eaf1a9f48ac011b67d68f871246c6424cd7837f6bfc47209662ba0d0f44149fcefbbf6fa5b40644bce6cf7210107f57b850d0c9af06c766af1c637aa057167a6910e2e185b8d972e49eeda481d9a58394ef43958ce7407e73d6460653fc672aa4ab6a26bd1a631fa3a0f2b025ba137b8e3f933af28e1ea9984bc0438ea00b5f5b16893a22bb83ff1c92407a946d4dc7d347d526db0e71bb38f873937ca7343fb7248867adf5decd52e74f05c768c3b1c8282b9b1b1bc0f7ae08917b2abe3d3305e32b8db562d19dd7c83fde6dbe03ef72aa7ddc00144895b2a1981105046a28ca0852521afbcd2b6cdb0bbed4670d746c45fb5589f279cfd594911cb11f2a7336af10b2332e731f2eec8287c735f2346449f1629fde95d6c78bed90645bb280e222976d5721ee6dd6068c1d6274d2382e524672a2656eed5cf34eff27c2974deebf2aa6226e3fa2f15ea8db5891a062d422607a450a32cfdfaaeadfb2498e79fe9e47089b2a8bbdbdcbb076ebbd9c8fdc6246c00a34176a1c46a924ab4c3877215e5666c7b384e9238b3ad6ac559d90e22170d6915c7150a1858eb3f20a1847642018840b49c335074496991fb3193914f5213846ff8bf5b389298d797dfdd4a1d116caec17f13152c9699caab72a96d364134266030e67ada0de8d2bb05091f7d855fe1c435574856b0f8de9dc6af14ce179e3c0b6b563ccb8e02900fa9412784b0e5fa71a6e4499fecd1343d289daeb929d0cbd96f9f4501bc9d6d9d0b4f462aaf2556ce92ae6438bb307aa258c8c4ba6646f99f5a3d4e14f677353722cc81a8ef1f68d41ad1bef785b248faee830613461239487bee1b53724eb28301420ced16a8110a8680c91c665f8eff65e2d48f95db7ad4f30d079a39a2286fb3df3472d330f6f11fc7d1939a923c50263b3e03140f7cec279df5785fa2124d1650563799defc378cb9506ee7142eb108b3f4125ade3d9a73646bddac795c753895b2ad51d358eff496d1c1a885c30b85b50eca89bf15ae50ae3301805f1691b3a391d7575c9a0a514710ad3e590491c60bdab122222c66cbb155452a01cb9750da7450900000000000000bf38c8185c769c1409eb0b1c613eac8101d6784c9510790dd1df8fa6f2b4dbdbde3bdcbf6bfc456f68b680f2595853178e89a32e9c56d66fd2210fb0fc0e3cda61e6980e16e47ae8071182af80950c43ba221fe072e6945107a6edcd38bfeb201a657969bf340960a67e30987e56c953a177404fdf67b5d99bbc06d705a0fc9659336b458ea0d575ddfe59706738d1e65c505272000000000000004000"})
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11m31.601557675s ago: executing program 4 (id=1861):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/devices.allow\x00', 0x2, 0xc8)
open_by_handle_at(r3, &(0x7f0000000140)=@ceph_nfs_fh={0x8, 0xfe, {0x7}}, 0x2241c2)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
setresgid(0x0, 0xee01, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
dup3(r5, r6, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="5800000002060108000000bca3000000000000400500010006000000050005000200000005000400000000000900020073797a31000000000c000780080012400000000211000300686173683a69702c6d61726b"], 0x58}}, 0x0)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
setsockopt$inet_tcp_int(r8, 0x6, 0x2, &(0x7f00000001c0)=0x9f, 0x4)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
setsockopt$inet_tcp_TCP_CONGESTION(r8, 0x6, 0xd, &(0x7f0000000040)='yeah', 0x4)

11m29.73475464s ago: executing program 4 (id=1865):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000300)='./file0/../file0\x00', 0x0, 0x2151090, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(&(0x7f0000000000)='./file0/file0\x00', &(0x7f0000000140)='./file0/../file0\x00', 0x0, 0x2001080, 0x0) (fail_nth: 3)

11m29.125140391s ago: executing program 4 (id=1867):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x40)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x0, 0x3, 0x0, 0x0, 0x4}})
ioctl$SNDRV_TIMER_IOCTL_STATUS32(r0, 0x80585414, &(0x7f00000001c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/comedi4\x00', 0x101000, 0x0)
ioctl$COMEDI_CMD(r1, 0x80506409, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
msgsnd(0x0, 0x0, 0x0, 0x0)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$xdp(0x2c, 0x3, 0x0)
syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042)
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x300, 0x20000000000, 0xfffffffffffffffd, 0x5, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0x10, 0x80000006, 0x400000}, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0)
syz_open_procfs(0x0, 0x0)

11m27.359273598s ago: executing program 4 (id=1872):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000280)=""/180, 0xb4}], 0x2, 0x91, 0x2)
memfd_create(&(0x7f0000000800)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd \xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\x83P\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\xd66hv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfa\x87$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xb9F,e\xfa\xd7\xa2\xeb\xb1\xc9\xbe#\x92\xf3\x19\xe6\x83(\xfe\xf8i\xb9\xc1\xa0w\xea\xbf\xe5\x8d\xe9\x14\x130\xc3\xa5|/_\t\x98\xc3\xa7\x95!\xdf*\a\xd7\xfcv|\xb3Zc\xcf~\xf6\xe2\xa86Q\x9a$\x80\x85\x8b\t\xbf\xe6(\x12\xe0\xe1e\x81x]a\x145\xa7\xd2\n\x11h\xb9\xf5g\xc4%&\xbaRy\x8f\x85Q\xb9W\xe5\x06\xe2\xb3ryk}\x86\xc6\x04\x03i\x10\xa8\xc4\xcd`\xb8\xcfT))\xb7\x15\b%\xc8uC(C\x01\x1by\xbf \x10\xe8k\xea\x80\xd0P|\x11\xe5\xb9\x1d^\x92j\xb0\xa7\x1d', 0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

11m27.138259895s ago: executing program 32 (id=1872):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r0, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000280)=""/180, 0xb4}], 0x2, 0x91, 0x2)
memfd_create(&(0x7f0000000800)='\xff\x00l\x1e\xa0</\x00\x8eO4._\x14zC\x8a\xe8\xe0u\xe0\xff\xf1\xb2\xfd\xf6nz\x05-]\xc2Vk\xaeky\xd3\x83\xe2\xc7\xd3\xe6M^\x98ox\x14\t\xe9Q1\x1dK\x9a\x045\xd37\xb22\xfdD(\xd2\xdd \xa0\xff\x0f\x00\x00\x00\x00\x00\x00v\n\xd8?]k\x14N\x18\xf4\xc2j\xed6g\xfd\xd2\xd4\xe3\x1f\xa6 \xa0\x8d\xb5\x9aE<2`]<\x8cR\xd69\x0fO\xbf\xc3\xbd\xb0\x96\x90\x91k\x86\x1a\x10\xd2\xf5\x8b\xfc\x83P\xf4\xd0[\x12\xf5+\x1aS\x02/Yx\xf2jJb\x97\x9c/\x1f5i\xc6\x861\x9a\xff\xc3\xe7\xbfU\xd5\xac\xccB=\x8f\xfd\x84\xeepQ\x93nn\x0f\xc6\xa9?\xad\x8b~\xd66hv\xd3$\x13s\xa0\xbfi\xfaFS\xa9=Xe\xf8tI\x15\x882\x8b\x8e-X\xb8\xf2\x9du\x15S^\xec\xce\xfa\x87$S\x9f\xe7Ed\n\x84\\ u\xd2\x16\xc1\xa5\xa0\xaa\xe8.i\xc8\x0e\vt\xe2\xf1lA\x93\xdd\xce\x8f$\x06v\xbe\xe7\x95nN\xc5\xaa\x1ev\xc6P\x9c\\G&y\x8bYA\xc3}\xd9\x86[\xb2\xf3\x0f\x90%\xcb\x81\xe8\xea\xbcs\x95\xe9\x8eXH\x19m\xdfOY\xf1E9-\xc8\xe7\x13^+(\x034\x82\xafiOO\x14\x8f^\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\xb9F,e\xfa\xd7\xa2\xeb\xb1\xc9\xbe#\x92\xf3\x19\xe6\x83(\xfe\xf8i\xb9\xc1\xa0w\xea\xbf\xe5\x8d\xe9\x14\x130\xc3\xa5|/_\t\x98\xc3\xa7\x95!\xdf*\a\xd7\xfcv|\xb3Zc\xcf~\xf6\xe2\xa86Q\x9a$\x80\x85\x8b\t\xbf\xe6(\x12\xe0\xe1e\x81x]a\x145\xa7\xd2\n\x11h\xb9\xf5g\xc4%&\xbaRy\x8f\x85Q\xb9W\xe5\x06\xe2\xb3ryk}\x86\xc6\x04\x03i\x10\xa8\xc4\xcd`\xb8\xcfT))\xb7\x15\b%\xc8uC(C\x01\x1by\xbf \x10\xe8k\xea\x80\xd0P|\x11\xe5\xb9\x1d^\x92j\xb0\xa7\x1d', 0x7)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000003, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_clone(0x100, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)

13.704590273s ago: executing program 2 (id=3896):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = userfaultfd(0x801)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000001c0)={0xaa, 0x380})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000000)={&(0x7f000029d000/0x3000)=nil, &(0x7f0000113000/0x3000)=nil, 0x3000, 0x3, 0x2})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x0, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000d8ca8d40d10521200031010203010902120001000000000904"], 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00'}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
pipe(&(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r4, 0x0, r6, 0x0, 0x8000f28, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r7=>0xffffffffffffffff})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000540)=[{{&(0x7f00000002c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000240)="c1df", 0x2}, {&(0x7f0000000440)="cfb0c297511f4ec6735affbdaaece591758c25faa7e142bd3f2036b3e51a9d4b46c7fcd652c27d406b836f2f4bc00182a605b9a4bb77d926b66f1e6967ab9f46003da0776e8e1bed722b7b2bb92a796182cb6826b6bbf2ac97e361c7cacc417cd4863b4fa317b9463044398a8c8db60f673407ce27b67d0139397ccd3911e6c063f30a8f2b6e5914d161ba46014837927df77600fe611ddc92ce93d93e1c6a2ab28a103a91fc0da198fb248e3046bd07c0", 0xb1}], 0x2, &(0x7f0000000500)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r2, r7, r3]}}], 0x40, 0x890}}], 0x1, 0x800)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r8 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r8, 0x6, 0x4, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x7, 0x0)
fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000100)={0x1, 0x0, 0x2, 0x2})
fcntl$lock(0xffffffffffffffff, 0x6, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xffff7e0000000001, 0x8, 0xffffffff}, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0)
sched_setattr(0x0, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)

11.566794906s ago: executing program 0 (id=3906):
mkdir(&(0x7f0000000040)='./file1\x00', 0x20)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}}]})
openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0)
chdir(&(0x7f00000001c0)='./bus\x00')
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000850000002a000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10)
lsm_list_modules(0x0, 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x1, 0x4000003e, r2, 0x0)
r4 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x2280, 0x82)

9.391162684s ago: executing program 0 (id=3909):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000300)={{0xeeef0000, 0xdddd1000, 0x0, 0x2, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xd000, 0xc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7, 0x0, 0xff}, {0x3000, 0x0, 0x9, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0x0, 0x4, 0xff}, {0xdddd0000, 0x10000, 0x9, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x8000000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x4000}, {0xdddd1000, 0xff}, 0xddfdffeb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd801, 0x0, [0x0, 0x0, 0x1]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_GET_SREGS2(r3, 0x8140aecc, &(0x7f0000000700))
syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
syz_io_uring_setup(0x10d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0x3}, &(0x7f00000003c0), &(0x7f0000000140))
syz_emit_ethernet(0x3e, &(0x7f00000006c0)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x0, 0x0, @broadcast=0x1000000, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @private, @empty}}}}}}, 0x0)

9.372915221s ago: executing program 2 (id=3910):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000008400), 0x400, 0x0)
ioctl$TCXONC(r0, 0x540a, 0x3)

8.786040114s ago: executing program 2 (id=3911):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000b80)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {0xf, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0xa0) (fail_nth: 5)

8.343498128s ago: executing program 3 (id=3913):
socket$inet(0x2, 0x4000000000000001, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84)
set_mempolicy(0x4005, 0x0, 0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000013c0)=ANY=[@ANYBLOB="5c000000000000000a004e200000000500000000000000000000000000000000040000000000000000000000000000000000000000000000000008bb3154baba6e444dc8a63f270912000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000a0000000a004e2400000d652001000000000000000000000000000202000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e24000000082001000000000000000000000000000240000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e220000000200000000000000000000000000000001090000000000000000000000000000000000000000e2fe00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e230000000100000000000000000000000000000000ec000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22000000cf00000000000000000000ffffac1e020108000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2300000006fe8000000000000000000000000000bb07000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22fffffffffe80000000000000000000000000002506000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e22000000062001000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e24000000040000000000000000000000000000000092d7f00d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e2100000005fe8000000000000000000000000000bb00"/1426], 0x590)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e00000004000000040000000300000000000400", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000480)={0x2, 0x4, 0x8, 0x1, 0x80, r2, 0x0, '\x00', 0x0, 0x0}, 0x50)
r3 = open(0x0, 0x601, 0x82)
ioctl$mixer_OSS_GETVERSION(r3, 0x40086602, &(0x7f00000000c0))
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r5, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r6 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10)
sendmsg$tipc(r6, &(0x7f0000000100)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x0, {{0x43}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffff92}, 0x4000010)
setsockopt$TIPC_GROUP_LEAVE(r6, 0x10f, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
syz_usb_connect(0x0, 0x62, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000fb5d7d086d04c308166b0102030109025000010000000009041f0000ff0100000a24010400050201020724070500000508240805040004960d24060101030200010006000609240305050306058109240306010304050507240405"], 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)

7.384186954s ago: executing program 2 (id=3914):
r0 = syz_open_dev$video(&(0x7f00000001c0), 0x7, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000340)={0x1d, r2, 0x0, {0x1, 0xff, 0x6}}, 0x18)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
r3 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80000)
sendmmsg$alg(r3, &(0x7f0000001800)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmmsg(r3, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)=""/133, 0x85}], 0x1}, 0x10000}], 0x1, 0x28101, 0x0)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x68f1, 0x80, 0x0, 0x359}, &(0x7f0000000040)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r8, 0xc02464bb, &(0x7f0000000240)={0x2, 0x0, 0x6, 0x8000, 0x7, 0x2, 0x2, 0x0, 0xb3})
syz_io_uring_setup(0x3eb7, &(0x7f0000000140)={0x0, 0xaee2, 0x800, 0xffffffff, 0xbfe00000}, &(0x7f0000000000)=<r9=>0x0, &(0x7f0000000280))
syz_io_uring_submit(r9, r7, &(0x7f0000000140)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x40, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47ba, 0x3e82, 0x60, 0x0, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="340000001000010828bd7053026605b0f1bbd300", @ANYRES32=0x0, @ANYBLOB="00000000042004000c002b80080003001900000008001b0000000000"], 0x34}}, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000100)={0x2, 0x34524742, 0x4, 0x168, 0x0, @stepwise={{0x77, 0x1ff}, {0xe, 0x6}, {0x9eff, 0x3}}})

7.318016778s ago: executing program 0 (id=3915):
syz_emit_vhci(0x0, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c00018006210600903900"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4004890}, 0xc080)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r2, 0x942e, 0x0)
writev(r5, &(0x7f0000000880)=[{&(0x7f0000000600)="18dff49858454fa491119b39f4ec02351402d69d02218513b580502ab73969fbcb8a40bb1a64809c163303e86c133317f29d7e6e36c73e48253f01c272ec92fbc348244d10ce2c6bf23ea037d0557d84d20daea2bf3c058abfe432abbd8e9caa85ad0b8735520934a1d67b761b5dc37cf6e5f8c97d4bd70594b5a70a07775b2be008eed722b8555654b1c7bf539c5971e42a4a77b80a520022826b00b1ef2c9847787cac29cbaa00434abf377f953fe1f06ff3cbe07550b622bde2bc7d5c5b68753a4d94bdeb60c704ec50fc674079ea876dfba754ac108a5b9c6ad9dfbf1b1349e3df786438ca6398943f11669967824c3e4300", 0xf4}, {&(0x7f0000000d00)="845a6ee005638b2ad5dfa946f0633199a56cfa28b954f52ce3bc96ed1ffc361391d7d17045334ce9d5bce43aec5764594c6990570a911f8e19b67ac28237444f36db4d873eb720364e02738406b1db285123e01365ddb94decdbe7fb481edcddf8fc77a271c54201dd827c7283600fda09663bac7efb887e41cb330805bbba05cea8248bad80d8c3df57d2b83ce207239a2f0efd1c414d737315e3a650cd62caad58b3f1bb8b3732b3fa1ed3d38a9088490ba4a8c694e3c07f5953bdff4a145188e9c60155529b3ba1595fbce830268d5a21eec04c46e1950d2f167ff9fff49cd6111017294bf8c5d2", 0xe9}, {&(0x7f0000000f00)}, {&(0x7f0000000200)="202bb0415639f0c1e98ad3c35ba126faa9e43e618c9679bae2c30304d1850473f4302215ea2a192d9901b0781473c381e7904a63aba8ed92e2c3d816ba0ccb9c36956022c1f7656660e573c38b9cf98d3e6ea19ea82ffab1ff10efc0b8351d0fe7423a3e5158c1e0e4831ecc8df81a0f8827e5c49556cabf334789727d6414d056bd6fb1a1311c748dfdc72879c6091c30be23580eecd40e8c4071375d5b4dc64f1a7c409c90", 0xa6}, {&(0x7f0000000e80)="94d1f2e1ab95afe67e299cbc47530ccadacb8ecabe3c73ac55d925a0d52a79ceedae83cf90a1789f07fbde8a75991d1e775ce7bdb15e59273429", 0x3a}, {&(0x7f0000002300)}], 0x6)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x2, 0x0, 0x101, 0x0})

5.248832492s ago: executing program 5 (id=3918):
r0 = socket$netlink(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, &(0x7f0000000300)=""/102392, 0x18ff8)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r2, 0x8922, &(0x7f0000000180)={'veth1_vlan\x00', 0x8a})
sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0xf000000)
setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'fo\x00', 0x0, 0x2, 0x2a}, 0x2c)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, 0x0, 0x8800)
socket$kcm(0x10, 0x2, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ppoll(&(0x7f0000000800)=[{r3, 0x2000}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r3, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r4 = syz_open_pts(r3, 0x0)
ioctl$TCFLSH(r4, 0x540b, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

5.228699527s ago: executing program 0 (id=3919):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002080)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
mount$overlay(0x0, 0x0, 0x0, 0x40000, &(0x7f0000000040)={[], [{@dont_appraise}], 0x3a})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000009000000000000000000000018110000", @ANYRESOCT=r0, @ANYBLOB="0bb1000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040200020000000095000000000000", @ANYBLOB="04c870e9200b1b1e585fe756011aa99dbbb5f1333051ed18a9d93e2bfc06ad747b4ccad39ae04dfe24726040eb6f70fa8d386427112c8d33e52ebe1f4e636f535e89d140d9fdd5b00e576f364ee500e715459a5b973412a8172ef516ec7630f41293edd52b4daddaf6234a4194a0d7"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000180), 0x4)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x6, 0x4, &(0x7f0000000680)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x17}]}, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8922, &(0x7f0000000280)={'dummy0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
ptrace$PTRACE_SETSIGMASK(0x420b, r4, 0x8, &(0x7f0000000000)={[0xee35]})
r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000500), 0x40002, 0x0)
preadv(r5, &(0x7f0000000200)=[{&(0x7f0000002e00)=""/156, 0x9c}, {&(0x7f0000000340)=""/176, 0xb0}], 0x2, 0x401, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0500000004000000030000000400000000000000", @ANYRES32, @ANYBLOB="030000000000000000000000000db5f709fb0000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = semget(0x0, 0x4, 0x39c)
semop(r6, &(0x7f0000000080)=[{0x3, 0x8001, 0x1000}], 0x1)
semop(r6, &(0x7f0000000000)=[{0x1, 0xffff, 0x1000}, {0x0, 0x7fc0, 0x800}], 0x2)
semctl$SETALL(r6, 0x0, 0x11, &(0x7f0000000240)=[0x7fff])
socket$nl_netfilter(0x10, 0x3, 0xc)

5.18673619s ago: executing program 2 (id=3920):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20, 0x3e, 0x4, 0x4}, {0x6, 0x6, 0xe, 0x5}]})
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
recvmmsg(r0, &(0x7f0000001f80)=[{{&(0x7f0000000000)=@tipc=@id, 0x80, &(0x7f0000000400)=[{&(0x7f0000000080)=""/129, 0x81}, {&(0x7f0000000140)=""/30, 0x1e}, {&(0x7f0000000180)=""/166, 0xa6}, {&(0x7f0000000240)=""/186, 0xba}, {&(0x7f0000000300)=""/222, 0xde}], 0x5, &(0x7f0000000480)=""/73, 0x49}}, {{&(0x7f0000000500)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000580)=""/52, 0x34}, {&(0x7f00000005c0)=""/139, 0x8b}, {&(0x7f0000000680)=""/221, 0xdd}], 0x3, &(0x7f0000000e00)=""/4096, 0x1000}, 0x9}, {{&(0x7f00000007c0)=@phonet, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000840)}, {&(0x7f0000000880)=""/252, 0xfc}, {&(0x7f0000001e00)=""/42, 0x2a}, {&(0x7f0000001e40)=""/184, 0xb8}], 0x4, &(0x7f0000001f40)=""/18, 0x12}, 0x7}], 0x3, 0x14163, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000980)=@raw={'raw\x00', 0x3c1, 0x3, 0x3f0, 0x0, 0xc8, 0x8, 0x1c0, 0x5803, 0x320, 0x2e8, 0x2e8, 0x320, 0x2e8, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast1}, @mcast1, [], [], 'erspan0\x00', 'geneve1\x00', {}, {0xff}}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f34a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x0, {0x8}}}, @common=@inet=@socket3={{0x28}, 0x6}]}, @common=@unspec=@CONNMARK={0x30}}, {{@uncond, 0x0, 0xf8, 0x160, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x13}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x450)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/mdstat\x00', 0x0, 0x0)
unshare(0x2040400)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000840), 0x101000, 0x0)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000200)=ANY=[@ANYBLOB="440000001000370400000000000000edffffff00", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028005001d00000000000500010004"], 0x44}}, 0x0)
r6 = syz_io_uring_setup(0x118d, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff, 0xc2}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000200)=<r8=>0x0)
epoll_create1(0x80000)
syz_open_procfs(0x0, &(0x7f0000000000)='mountinfo\x00')
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r4, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r6, 0x47f5, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r9=>0x0, &(0x7f0000000040)=<r10=>0x0)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r11)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r11, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x48, r12, 0x1, 0x0, 0xffffffff, {}, [@ETHTOOL_A_FEATURES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}]}, @ETHTOOL_A_FEATURES_WANTED={0x1c, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2}]}]}]}]}, 0x48}}, 0x40804)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x48, 0x4007, @fd=r2, 0xffffffffffffffff, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1})
read$FUSE(r2, &(0x7f0000002040)={0x2020}, 0x2020)

4.49648988s ago: executing program 1 (id=3922):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/custom0\x00', 0x0, 0x0)
gettid()
r1 = socket$kcm(0x10, 0x2, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc03a6000000000004000000006ee2ffca1b1f0000000004c00e72f750375ed08a563319bf9ed720000000d6e747033a0093b837dc6cc01e32efaec8c7a6ec9bbc0000000000000000000000000000424d46bc24a4fab8d80feb11b59bca9ff248f51c9c971689d6cc08542bc6ac886fc487773ef883b89d565c86eec1df27893b11544973e22c8e507559", 0x96}], 0x1}, 0x8000)
openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)

4.261643439s ago: executing program 5 (id=3923):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, 0x0, 0x0)
connect$inet(r1, &(0x7f0000ccb000)={0x2, 0x4e20, @local}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001a00)=ANY=[@ANYBLOB="18000000030000000000000026d0000095002b000000000093adff012255f674412d02000000880b5f04596a5e99fce658be2f200c699223886d8be4b50000005ab527ee3697f98125f30e6326996a3cfee33025a30b45bdcf2c69d105e5e55a1d273683623f1a5dc6e3c7e20eb7a98ecf3bd2cf898e924abe26ac296f660e69ba982fd76e00dcff7f0000ca6b78ad833488cfe4109eaf009eddcf21f5c63cde2f00150200000001000000520a0000151d010000000100bf00000000cc587424363da52001a3cdf2000000db74596fd72c002a60c1bc7dc8c38b7d2e13c50424b9dd1145d03ff45f70685c6bd9ff41c69b7de406e89dcbb7677e65a88a8407a9e7f9c0e91028b0856eb1ed9474480737a55ebb0bd701f7fb21135c6172eba7eb8a341f07e5a2d1e88b3cfc22df01e4bac9d97328fa2a82b5e8741e02056d93a433f50479387467824262852c7939db5672d07cdbe8e14abf56497e5d56dbe37551b870b2851c3f0a1a9ebfcba105a6ccdd01b0f04edb256c0200000073f6db43661bd7f0e2536ffbfe5ca31b4083145531458b7d1e341c6b351ebc5223f54d6bec93f4ef088e5d1be2515226988d664709ff03f1aa3dc7f1580ace9bf2afd28d0700000000000000d6eb372713255012e028cb2654d493a0b43bf21375709f348f5eda2967199cc936859a538100070000000000dc10e13ef227f627a40000ad1fa253d33fa74f172d3407ae4e1e347c0c6ef9dd2b6bb700000000000000000c586272c3f4d79bc36315745cb149f3cb385e6add14652003c7cdd3324f07d134d3a6c718bbd1aafe1140cff0be4c6f8df084c5e9734ae30aa9af030025f01ab03a9b1074407136bc506031f0916a39d3057d55183612b39e73ae8e6dc30356886a831836469e2051d937eb85f3f2d5ae2c1dca476b97419a3b76ed62409d004d7fbe362145d19605d760df4c5124ca325d374b371867a79b35c6617fc3327191fbf514573f0e30d1d60be2168fffc2f3dccd599a2cb77f124e22f87673675805494db821f39b50d938d5fd8c6b2a3a324c257bc9110971b749ccd74089ed6b86f81ca3ba47d8f71d290ed1b1a11f7a67125170c88c3b6a50692cc0064fc6bbd312536ac15016c85c6332226401b110da9c786eeca22debc99335587b54c13c3107008fa069af8223b38ced735c2d906551004d8dc10d88738488da01ffa4add56474573c964a270000f2f16625c0c10200000000c7a5ca60fdad159f2e44171f39638410020000004825d081f2d987f05c534187738655d7dc958f2046fa0c1619a6554b82d9c162eb61ca74f1ffdaccf0ea5f06e0fca8b27ff3983ab74fd3d560700a1fab44e77e312b3b129e000302d613916c9bcf9f0000fac73a5b6bfb27f88dba816020be760f7b45e001efada8000000000000fdaf4660402f7b3b79a433e08074ea2462974a00040000eb01352638f56dae0249d15ba8767259658878b7492cfbacde9b57cf4de00788adce638190f3570e0b4c80ef682df22201270955afb6008846557ee3bc09fda6dbb6550d597300eb82a184c96ffde5a30e5433e866665b98ca2002c804c22ff2634b7bfbf5c0d586cda5b45fd00dede1e88a4d41dee7cc76d7a23d06acb1d2d4c58faea84158bb440df2a694f4cdcaa4f65c22efffffffffffdd00000000d503d79986958115ae07b70f991430b7fb475d77b869ee02000000000000000000001ffff0ef89b2a68d2b05c995445d8a7700bcdfbec74fb2dd163e863315e84498dfb52bb93f6c9084659ce777ddac563c8596c2b1d8180289a61faa95a82bf1cfb7f2fd7252e9322abe282c33445d443a67467893b9bf0d1c8130ae6b226900000635376413c29f7c6f7b7e29b9a0c64e68328661f0c06e21f7d7dc22174ea4447a6f60edef3a4168d40200fbc71104512efe8e5d7d934aa289b4bd2b870000000000000000000007000000002000000000009b777883a02f0593dfc4cb4114b9f9cf4ad155110cc6ace2b322ac31bfa27847c799c8009a1ea5b98e525e6383ad7fd9795170e7b11e247603c2ff49a11459c7f606d729d3979676bffb3049166bb84a0f061991bd57c2566c10c282352aba05b6164ef876915a3f2491e4793e590dcc71de10da96366c1e992c0068c940dd4422c9882d3aa0f8a797b8fea6efcfb5276b7679f15559edaa977504cc0b2f777acb907ebf5fc14add71d0bca37405ded69b77ab4a3d7487fd04000000de17e1e13b93669b79556abb722d9c085b189b5fd1f30e8dc813f608830b110001732135e8e7262f290000923bfb6b41ff3792cee2fc37eee739c3e36a4bc80112968ec0d8902eced1fe552018014a463abbbf7ccd6a92a5734e3ebfca9b6e88e031f31de2183652e77c164c646a1cfd3710aa4205d8d4d4f974133ccb1e49feb42664eccd809c0ba8917eda87489e8946d5c8156197bcb66fd5606c63e3389ee9e8552381646365066ef9a36a449c96485c22ad1aa423b7b89efbc6cd54000bb0ea5f4f1e8773144fb6ac9a44d43593d77e66aa7ed7f3d4e7b211590c738888d02b2dbb0b2ba73ec72e1d8d7360a128499dd19e1e7b9b0671f4f58515b45ecb9964f3c4ddb8234391d514f8d996d8d6dd7f8fadfee2d7a0035638ce27c2936cb04b30a0eb0cde0000000000000040000000ec3c12ecee8fc3a40000000000000000e215b00ce2570b930723cbadb4033d1b8aaa2cfb3fb89e4a6e89737fd6232218a9e0c099d1eb59d60b3cca089785642f327139bc4394fb6d547a9b3c22599e780c1da7433fb47615d372e3fffe9703e37d5c87d513165278650738efcc04d27b766cf7f60066edd292f6c8a2174f391ed164bb1816819ceb3e378e776d422bc946cd9501accebeac3a5b31d8abc68ae537cd44a04e6bc21c35a7beab2610c51e593676bf635a20f597f4631b91454d182f826071f5210bd6d93173589929b23801e63c2266fde13b5a04b8d48be057c752bc415a756ea9b4d34156c4f73dd5e5924ef101a5fcdaf37c7ba2c4a9de9b000000000000000000000000000000a73b862e4b63c245616b522345587d0ee65a6902bdd0abd941e8aba37510b222ae544f395edd1b92ad53fc68f08ea00edc5e10d768836169dd296d56b306e8b75778c37571792a6c3d8b02ef378ebd59422cdd008bef6f80a80a68641ea5ed4f1126bb676098c10bf663eb3fb8c839364d28fd046dc64b35f9c3397ce6f4ad357b0000000000090000000088c7a8e2638f650a6f04a6f33a090f59414d6ebcbc687e66d600000000bd0a58ea6d36fc2cf9b9a71c137a2a22adb1006f371d4faf47285fd66fe0389afb96854bb360edcdf11b4ff6dd578bba93e949d240cde9b5836cb46032484dc19c93db7b6e5afa10547c78e76a3111557346e52566df196fd630561bb908fff4d2e19562aabd43742a26a43799f8636fa04ceb40c9e4ca1cfbbc7b949cd245a3ee118fd0d4f639444539af8766028d4ac4d4c548e290199e0dacbb4f6796b39bf32934d941ba2f88e3ebd0cf8e24f99eca86e4ca9b2cd2b54044a7fc4631572a6378a32df288785f146275c1f548e2a0c1016744e05f9de5044373d7650125027547eefe7b2d8c8871bb65395fae99d8456883705bfdfb00001854b2e5efa8aaf25827d659f592b1575281ec125de7fb91cd81d91dcb19f5cdf1e1e2b4a8a1389753a09110538689e38e07fb2dc72bd4fd11d7bc16aac5d85c6101bb722895248e463a5fb45ce0e564e90cb19d5993b471687ae4165e29cf2f58082115f5f8569896eedfd798733223e6d6584997510c374912ab798bd4af4654c01bb2c411bc36468ddd62b4eba5cfc8953526e0e5b1359797956152d0098ce47c62c3fe5a23219389622b7f65bf03527d25c3941b9cf1ffeedf6d99082bb57ea871c12213cc40900f83033bc18c529171fae324c315bc6ce358831d0230412212acfd5fc8d5cb0d028cf568e8bb40e27befe2ff01f7c6674a4d86d900633ea36641e0a781ea0ea7f2d928b8b22e2f97dd13348927375baea6863bef4acf4299096ada5cdd2a0eaafaa760a79d102d1e0c0000000000000000007926653b8d79ce16a432f124786a0bc3c5b7d196822492ae1ccf91aeac16406ad6f9cd3d96d57fceba8360ae49f73351814c9c2972f11064aaf3739d9100f9c0e4d0cb17d50c82e305ba7d62cf1cc6da26e34982a8c74dd8122cf5b5e7c34fd2712a0cef05e4d8ec7dd363219676bd9b19943185b132eb35a695e208dfa5cecdb1d6425c8879063c0f11bd64291a4209ee6dc1d9e9010013f6148c603e6a335e298efd6ab5cccc47a2c568c6afec54f8251bd840752addf200371361c9eedf05ed98585cf6d99e9e56055064bda2d373369761238c278147cd0eb7799f6b9c9fcaa3fd282154994f5b25420c86db9b6401e885de1c615a719a1c83e8fbbb181282dbaf3313a4e4a4877e9f37607e2cd6da0cf6371ec06a75f5a4206b2418ad8897ae149085d63f01f22eca44033234b3930b4d5da756669a1d59d69e7de54abf439988ed7ec33c2d0a901bb0985a24878984d8a4340fa9a356d100926fb5f2ef9976366a61b8cc2bcb1c072b0e9c564852388e1edff10d75b3832792e471cc15b40380f94d834243080158603fbc9134d6983c540525447478984611c0d9666941bfc0a30db47a8828b6e5c51aee2094599b4ce52795750e1764f1657ca8c5633c71287239dddf5c651496f7bbd148c937f083d2e4e0197dbc6ff0649c749707b17399b1d7efad23abb8b40b38704737e15662ae4913a4a001cd3b71c7af75b5ffad9780650c800a40ca80ddc41987919142fd28dbf22db5f4c435415a03455e1d55d1783ccef97d7e4655cf839d06f06e137bbe462a03b3100231914b19739dd57b4f12d026ad0c7fd3"], &(0x7f00002bf000)='GPL\x00', 0x4, 0xb7, &(0x7f0000000040)=""/183, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0, 0xffac}, 0x94)
r3 = socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f0000000180)={r1, r2})
close_range(r0, 0xffffffffffffffff, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f00000001c0)=0x5, 0x4)

4.209549791s ago: executing program 1 (id=3924):
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x29, 0x6f, 0xb6, 0x8, 0x9022, 0xd484, 0xff88, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x0, 0x81, [{{0x9, 0x4, 0x1e, 0x80, 0x0, 0x56, 0xa7, 0xf6, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000480)=[{0x9, 0xa200, 0x0, 0x0}], 0x1}) (fail_nth: 5)

4.151213131s ago: executing program 0 (id=3925):
unshare(0x6a040000)
munmap(&(0x7f00006b0000/0x4000)=nil, 0x4000)
socket$pppoe(0x18, 0x1, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/bus/input/devices\x00', 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0x0)
r1 = add_key$user(&(0x7f0000000100), &(0x7f0000000300)={'syz', 0x0}, &(0x7f00000005c0)="6b0cfd89cd4b4d8d416306d952db808cd3dbbe60ccaa611c4f8ea97c9d9ee7204f859a6f3da756897c3271d234e14602a63b2c06436508ed63e2352f29e7e425d585b115aa2109cd753dc04d816e89e1f8cfcfd7b6345253fd09d93cb21ba3aeceed245f437ef2d5fe2bef818da1001365716e0d86f5b8f5290283344a4331f7a3fb8ce75507d71efe8b35ce671fe0003fbf754404fd298719468c45bffcffc66195dc88d5f96033f12ebf8ab00400000000000000fedf1c0e42250cfa08f8b79a0069439115debe292936006c1709d30ed6396fecd118e438241c752e5c6e2fadd9e3d55e9b7fe162ea34771009f3265d95d23aa32f5a73bb182bffde7520fa94d122cdfecee7361b7526e116376afe9c3645c6b5ea4efa3e467f6a065e68930dbe7c258aba3a7f6f1e18cebaf13a61e7a003a8d6569886ad5bd8c13e3cad777aca", 0x142, r0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r6)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r7, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r9 = accept(r6, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1)
close_range(r2, 0xffffffffffffffff, 0x0)
r10 = add_key$user(&(0x7f0000000000), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r10, r1}, 0x0, 0x0, 0x0)

3.920315226s ago: executing program 1 (id=3926):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f0000000200)=[{0x6, 0xff, 0x7, 0x7fc00002}]})
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000a0000060800084000000001"], 0x1c}, 0x1, 0x0, 0x0, 0x4004008}, 0x880)
getpid()
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
syz_open_procfs(0x0, &(0x7f00000020c0)='net/wireless\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="180010000c000000030000950000000000000000c1f3d900000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)

3.342423412s ago: executing program 3 (id=3927):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="100000402a2f67a906db46b56d8e96aad04c27c21b"], 0x10}, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
unlink(&(0x7f0000000580)='./file0\x00')
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002d00)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000000c0)={0x2c, 0x0, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x5}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x6}]}, 0x2c}}, 0x10)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000013c0)="0617d2d503b14bbc2737ddc1796a5b1f7702ffe273f1ba3add98a39ff0e30f9de584b4f78af7f5fdd34db9395be6fb99cb9806faab593b55a010b9b22ebb3088c42e96f2e4de49ef5974dda9d9e8d2afde7d0a41e4ff1674cb04196502c858be537c9f0cb8f1ef6d3725f61de0e08ce21763a064fb5df7fdac89da0d005cf7d6bc7e01e6cf4e662fb7e63052891e8d1bcc7b6cc3c395235a24e56c9ccde678329c3faa829b807f6a14c8e3cebb488ed024a8c07460b2c42a39417b30652d6b47e7c3982c71616d1b5a0fa195292509d8a0111c6d400422199776ca0ff0e44719828f112069b4ad37df284cdbd2766f645463f4130ba65af0db60fa919be089fb13e89194f9e193081cfc730966685a98b69e3b91fa42a940f0ab2026d4c5b7bd8d7a5094a17b5a4f261b1b8a384339ae968557ab460d1a5cdadc0332664b1ebbbd914538d90e7505f7f0cc9af9102280ef2c580c910e3b1b23b13c8d4a868ccaa9de65d98ac801a78baba602fafeeb6d55bb53656746b01e4258da2d88dffc1140d5ccb6348d12389ee21c5f16180fc6cb7890ad409240bd82733bc6c403512c59ba0cd2d92682bbce7b61487fadd2c2edee21cc9d12f4848a954880b183dcff076b0fe064aafc9c766db199fd80e14036a511d2f3d601990b864994081d13b1b0ea2f40f3b0dd979e9eb11e666f4b1c2e1fe52269158040c51b1d89c1b679b664d7c691ada7bd4d9ebce504e38a410db9cbcfb28033eb865cd00bd424a300fa60ec30af4f27ae3b60392a29a34f4439c0171e59e962b19b3814ed3e961ebfd7fa6228c217fa7d5045c4eab1573790b217dc7450ced4901eac5a546cf9575a2997c2025bbdddca62520072b5f8a6a603cca8c1d8cb4502df3f2f4a96e5099cd0f20ab3dd5d5d44846cfc9135138378c8a946d0770f70e2b34858944b1b46a0d3f4626a748b8a829a315f1d14af97b22fa964fbf1d1f09a4ec0e7e06311d76c253e8cfad9be8d7f2baa80b328613d65f463a7d00b3d5ba7a825507bb1f6f5569dbf388ce0215905b97f3bd8d2b39638e02c1cadf2d5170a017d0b3b7f04dfa2e85bd8a280a3e8809408a9e9d8d250869d5e254b274472d1f68f19ed4b324ed228d052f74114ee4e4595fe6534f92d7ba10b7d5971b4714045b22a481b0dea68c7c8d238870d979a91c384f0bfb50582143aef76346972eb58b040568691e133a39aa9716d3262ddac1a1f64bbd554f010c7d354fc9e671dbb0e7327467baf64337d1d3d6254259529fa5bb982da1eb8335649b6f9eb78b91e60702ef781323f3659ee7faa868575daa315f28d5b3dc790004c6efc83c7a5a54b6eed679a3b615b0e0e3e86b9d39726f966e9db62fc45c2e192f2621f6eabc28484ae3b075d4ea6c92f5e04985094458a42b091c906bb22164fe6cc736217872dbb019dd605c2929a39ef871858d2d87dde53ba2dd6a290d67da54092976d0a2a512a9b5cae4f8e096e05b0d2400e486340b3ebcb138f08cee224ea17158759cbdf936e510dde2b8c3abd4d219209dfe46448af8a580797e7adf4a29d8dd860ace10eb1752ebbe7eb018023db26bf891596443910d3eeec6e6a5bf2a11de9397c26f4895ed54e50fdf883a4234ca37df5389cca96c0e9244b9b7627c505c1cd3de89a4fa19af5b3957e0bcef468c8ffe24a22862f11e45713cd3f4d7e17a32235f881ebe5b6675e5302a82cd94e2af8a6bd24e50e403e2e03d0e709cbbcb2d75544fdcfe5fecd37cd946f4fbf63f218be16bac2bf8026f8ed9aa76d757b03dc9d1e8dcbd869daaf8481c47256f5fc48e74acfb03488356cf6962ac077b3a792c05d42649299fce11cd15663cd12c3188bdd7a8bd9c1a2b236d97a430c79e93399dff1aae022b14e415ac346441dcf0794a4b146058aed0b48392d93652c9386ea1fe34c8e2c40636f892e978b1e22e00996b9e001fccc1a0c3729c496ad1c4fa303e17788e2fcbf3f66ab6fe0f0627e38e25aedb7d97759cd57693816649256a73e54a9b5fe87b2f6832384be609685522ea74f5524ae30a20bb37440dfc1793f39d1b46762b47e00843b71b05cc4bd429ab35740d5c62f32a7fe4693f609386cce049f957274bb4b41333b2f60e5ad330fc7d7ed9d322381838e5ac879815288ec0e3bf4feb67fe76c442ef3eb56a7f28face9099ffadafcf27d4839fc9b47b7d4b26aec96e3437b351ce3930edaa1f9aa39a461d75bdd730f3376d178d4489d3a1981e927686ce294dd1393a0bf73764970bbb09b44c79e272736a85ba4fcc29641874cc81c884437c146ec380511653eda102330bc17e015c9c02ff8294c323332158f518bd58811e8fb05a4f5808f57eead8b17ebcaa16351c38568492e5dcb51acfb950503948ba48bca1f4376baefedde02bc966f60eb25c01196c0436660df1d7e110c9a32222f8e9b0068d60f8472e187564f22e85b76dd8e999641e43623112d8e26c427b54c22923773fe7108989a607f97bf56c268f841f02e2395cd5e6972e350c7a28d5282c39079649dab733d4dd856c94d26bac345960d8c9f747b919f70fe4ddca41e569663f44205dbbac1aa2ac5e714633fe89f46e62fe5f6791ea32e0f2872e25ff3dac391925e57fcd8020f2055078a02538e967d5d92031449258a4bc84963997d2ca4a48b47924776108134131e6ef838fa93cac56ea7a36ca91f11d9e8377896d2f311b52aacbf0bd73103c1ae0354f475eed88f5f8101cfcf3c662c2565aa95e15570ded30f125637e8a14e3dc21f0ab85ea52e969e3c7c0b431f05f88e82b1df3477cada2041e1194a2b18d25be7c53cb74f0cdaf1fcfac483158e8994cb57cdf118ce233e24daeba4e8f31b91ee6286248d1a3cc5b24e99e8318e4379462658d87680513d1cb48d2114f2d355029262840ab99e6e5fdaa00157564e89986a1f0954502652cbbb66669f30f5daebb24ca09c6010097b50341fe51128479f6e4985f3193faccd67bbd55290ac003d276d5c161a7f6c93f0d7b98f07c24bb8f53ee53e6fed3eec1de81f6548bac6abd379c8ec5c60f9fc330cf4c5b0483b528b47d434c470a74c044405fc85e91cad490fa63baeef432ea933409ee6568c16e89434624ed8d03db26a130405544c9c52f18551327515975e1e5371e585fe080c42bd6f0b6c70af5fadc85a001ac24eb2a90881a9fd0c36d032a420b42aba56ed6a3137df63c89e8712af4eb7f2da5851c01720759975eb1f70f1a87d7fc01db882ca9b470a2aa4b40a2f579179693a58bc191bdce1315a9bc59abb461503e49d92cb5b193e1050e630f02440b2c5662603b64b38874a64f94a8c2ac6e641fd7ee9c09f0d69a9a4dbcfcbde3cd39040e05f77a889e69e16404a0c9df41dfe8300b8e7c1b3c5f2aae0c92d82dd2e7c0ffe8c4c71dde369d08c8de66d41ecd91d42376e0af2371bbaa65ed2dcd9138723f2d12d041abae9c5f032542d6f674810880ca1399906eb1b30b85396a57059dfa57e1192f452ec19623db6db4d68eecac8f7961198c4bd8ba8e053678f537d36039f0d83deb20fdc597fbfa14337935921a5bbbdab55bd170e023666cfb77faecbdc43c0976164986ec478dc731c9c6f39a631f6f485abcb2208113fe53f9fcad51728f931e646a7aff82a35501ffc1a198c34e3f5fc221274e6f0b28ea2fdc92054e2d7350b3a0b146a467eadd47d1d34181b846e77ab25509d33804658d4a384a276dbdcd31cf73dc4005922b61ab798b8d6f8f9c60352a4615efe70491f90e685c2a05f2225cd4ae22083d166c6e72f08e09c9730af2537f22c16621cd88b69e2d3cf1afbb26beec644e30420b2f66d77c54743c7885081c685e5da70a5707de423bcb9059adcf3e9485b58f1294e1e8abd807f333f0a0182a2fe961414c14491e3f27292c1f1989ca503afcba6097dd7d4d1f386ff14215e7c448b5fe4dc69c8e06aacee84664b4ea01cbc5bcd6743003e9299679e170282c97d31c0b8ef61bff8646c091d0aea7679f6c4e348ab0c93873365a195a65477522a50126eaec4220ddde00233f3441906a4dd49f8ea33528cc13afeaac21dc4b9fd71872ccfde4c39911de463ca954145b00007758d254e3ebee50677d0016c1b92d28bf17274b2d3b2d92a209e173e1da514732ebd23b1e0dcdf6f720cfd3a06613597cdedebe5531823e295a86fc41df3fda31956742a81e039c3a08e3abaa580b695619256e41f4e2ee1ddc89b8d637902d8f3a62865a5d681acaf7aa6206c2589d50128da6afc9a64e804cb98e8efe3eb6f3156f8b29bd6298d4d684f6a787f1737ef98dbabdbef8bdd4cef47768cebacd3706ce90a017a70980ab41f9fe4468d153b73e6549233e586810054b85d17e61f8a81e6f7d090292994c5ea3edd094a421a4b4b1a1765e5757eee2513199561e36c8f537fdfb9339e1a41f57a7fd55b5cf8c4c6771223229f96188696a12c190df766750f422d17c9b086d3a7812befa0d14ba54d486fa42cad27c92ca16bb1cfa60bffa895c9affb3d948407f1ab47113c4e11058815e71a7b877643b9b435b3b401050769c290ce07e546a345634cd2469df9eb055eb455bbdd523b13c737d04cf94b2cdc191432338129f98cd4c32269d92beb0604f8a779fa5dc7a43e8b4fbc3030bb0694ca140e3bbec5fe51ffc3fa9b39cb82b6d2dcf83b2e934d7da0c92e5c0fa0f31fb6142ecdb5cc5b665b5144ed510cc6bb7f0a74fd9e67fa3d37b6645afea3d5126724908283f7b7f42bfbe1ce12caea4323ea1a2d6290418dd4f14c982220eb0aebe589a04ca157a4f546c0d55734e98ba7b804658f96973c3129c33bc5050aac8bc0b6999a5013d2edd1fd58256d73ae3635d49afc4c9d460f384cdede2c80ae1139d2029f1b56f17e207d6b2d0d8676cce2ee81ae8babcef53ffc70a09ec6c21492dc984b30412a3c6283924e3f9987a6f3999c278c53466bc15f6cec37a9ea642b26bd4a6ecde6532843c1ac1fdfb64335d14abf469ea048f1df8c8b0cc8e5746bb377356428dad5593ca81684d42a7660bd7effdbb8fcf419196fc5baacbb7a726b33f5d3140412015c85412fee210093dcc95b19455e3f4ff86d53f6e348672f851a1d0b8d831239df3fc4fa3d3afb6bf0286a72daa2635d51da81aea014d070526a97db0f58c5c3892744fe0f77e838d4d016d98c047865b3a9e059ae5a24b16c230474dc24526d9caa8f5838ef320cc10a52f867faf17853e350f6fe9cd8cbfbbfd8da55e888298397f8f69266238f28f815b8b1b8d5ebafd1ea0cc6ba14e623e4fc2d61072bed04c3e8b3c2e961aaab632eed5c5a3833c9f9a2906cb15156796d44a8b743e63c0c05ba34a64d171252efe9ecda7fb5fa33426941e88eb280ca5652b0f2e5b2853ff1921321b0ffeff22abbee185d8e895b42af804764f87d460321453f04ce3bb6125acb186010364fbe6f099b4bd55ffba7b21e480353341506c3e7ed0980a828235859fbdbefe02ae2e1c24919d3cf6910fbcb8e084e09a7aeed69c4da655ef88aa5036572f0c9ab80fde558af22f42099c7371ec68b16058a9d7140e855bd5304b6a7142e6598ae0b8bffb114dbb7c79a4d656a9f13c38f450209ed93f5d34666ae3a392186f3f85d4f1a672ad9d4c2a6b8e3017e4bad2f759a6d5da7fe95c00705d4986d72184cb37a936a9231ef28c9c8f25f4daa184346b342bf4a2c358bee66153fa3e626f176b9e2eec77b321beb313ae2b887e915f20b3fde59a033656050f0b8b471a00278e1fe7fe725", 0x1000}, {&(0x7f00000006c0)="9059d63642dc873e5afc1954c0111ca9814807ee58921a6d8f748baac62ea8a24a04b57d8c37f3992d3df0ee741820a7c691d48c38247fd44c618835fb6035b42f213f7047a3575f46099c1e7210777f95cff505690c87a68aa665b8f37fcebe4552bfe0e55cfda15312e96bb07e7961c9b6581e5967df61a4e3cf7f374e2aa6fb9af07c5eeab3cc161882c34dbaf68c958b9f650b04ebfab8dcab50f047adc8144e4e0991d85d8f395e732dee63fb06a5c85ae9b6207e464e2771d60cb23fa160b32fbc1fdf3c502757b8bc00ce99b82101e1915a6c23963e1a3db1c27f19dc", 0xe0}], 0x2, &(0x7f0000000300)=[@assoc={0x18, 0x117, 0x4, 0xfffffffd}], 0x18, 0x81}, 0x40011)
r3 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.209957649s ago: executing program 5 (id=3928):
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0xdd, 0xa}, 0x50)
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000400)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=ANY=[@ANYBLOB="18080000e0000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca900000000000035090100000000009500000000000000b7020000000000007b9af8ff00000000b509020001000000dbaaf8ff50400000bf8200000000000007080000f8ffffffbfa400000000000007090000f0ffffffc70200000800000018220000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7050000080000004608f1ff76000000bf9800000000000056080000000000008500000007000000b7000000000000009500000000000000"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0))
mknod(&(0x7f0000000080)='./bus\x00', 0x20, 0x6)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./bus\x00', &(0x7f0000000100)='jfs\x00', 0x400080, &(0x7f00000001c0)='discard')
syz_open_dev$ttys(0xc, 0x2, 0x1)
syz_open_dev$ptys(0xc, 0x3, 0x1)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r6, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r6, 0x84, 0x15, &(0x7f0000000080), 0x1)
sendto$inet6(r6, &(0x7f0000000040)='l', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.171018544s ago: executing program 3 (id=3929):
syz_emit_vhci(0x0, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff00000000017c0000040042800c00018006210600903900"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4004890}, 0xc080)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r2, 0x942e, 0x0)
writev(r5, &(0x7f0000000880)=[{&(0x7f0000000600)="18dff49858454fa491119b39f4ec02351402d69d02218513b580502ab73969fbcb8a40bb1a64809c163303e86c133317f29d7e6e36c73e48253f01c272ec92fbc348244d10ce2c6bf23ea037d0557d84d20daea2bf3c058abfe432abbd8e9caa85ad0b8735520934a1d67b761b5dc37cf6e5f8c97d4bd70594b5a70a07775b2be008eed722b8555654b1c7bf539c5971e42a4a77b80a520022826b00b1ef2c9847787cac29cbaa00434abf377f953fe1f06ff3cbe07550b622bde2bc7d5c5b68753a4d94bdeb60c704ec50fc674079ea876dfba754ac108a5b9c6ad9dfbf1b1349e3df786438ca6398943f11669967824c3e4300", 0xf4}, {&(0x7f0000000d00)="845a6ee005638b2ad5dfa946f0633199a56cfa28b954f52ce3bc96ed1ffc361391d7d17045334ce9d5bce43aec5764594c6990570a911f8e19b67ac28237444f36db4d873eb720364e02738406b1db285123e01365ddb94decdbe7fb481edcddf8fc77a271c54201dd827c7283600fda09663bac7efb887e41cb330805bbba05cea8248bad80d8c3df57d2b83ce207239a2f0efd1c414d737315e3a650cd62caad58b3f1bb8b3732b3fa1ed3d38a9088490ba4a8c694e3c07f5953bdff4a145188e9c60155529b3ba1595fbce830268d5a21eec04c46e1950d2f167ff9fff49cd6111017294bf8c5d2", 0xe9}, {&(0x7f0000000f00)="f48ed488b79c19020b12c847a2b2bd6910d9e9dde186c648318dcc169dff39a3990286898efed16221dab719543a20fc028c0d910d5faa93e1681842fa9c6d5fe96a168e3320464326fbfd8a129db351f0d5f9a328a4358e5c0334de68436dd2b6c2502f45f248d2a7f0ebaafd021a8b306e63dd563b492896f4c09e6d5dc738b5", 0x81}, {&(0x7f0000000200)="202bb0415639f0c1e98ad3c35ba126faa9e43e618c9679bae2c30304d1850473f4302215ea2a192d9901b0781473c381e7904a63aba8ed92e2c3d816ba0ccb9c36956022c1f7656660e573c38b9cf98d3e6ea19ea82ffab1ff10efc0b8351d0fe7423a3e5158c1e0e4831ecc8df81a0f8827e5c49556cabf334789727d6414d056bd6fb1a1311c748dfdc72879c6091c30be23580eecd40e8c4071375d5b4dc64f1a7c409c90", 0xa6}, {&(0x7f0000000e80)="94d1f2e1ab95afe67e299cbc47530ccadacb8ecabe3c73ac55d925a0d52a79ceedae83cf90a1789f07fbde8a75991d1e775ce7bdb15e59273429", 0x3a}, {&(0x7f0000002300)}], 0x6)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x2, 0x0, 0x101, 0x0})

2.216854475s ago: executing program 1 (id=3930):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000100)="d8df0f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a60800000f00510066b87a000f02d86161300f300fc79d53bf0000c4b961edc30101220f01c3", 0x64}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000580)={0xffffffffffffffff, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x50)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6(0xa, 0x3, 0x4)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$evdev(0x0, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x14, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x4040800)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f00000001c0)={"04dfc86351907bcbc9293982262069af775bedfb0a63cb8031ecdc5351097e022d45a9640a4a4b506dc328f61ac030dacac442d82b9e81e6847961e65610b8f6e25f9eaf1a9f48ac011b67d68f871246c6424cd7837f6bfc47209662ba0d0f44149fcefbbf6fa5b40644bce6cf7210107f57b850d0c9af06c766af1c637aa057167a6910e2e185b8d972e49eeda481d9a58394ef43958ce7407e73d6460653fc672aa4ab6a26bd1a631fa3a0f2b025ba137b8e3f933af28e1ea9984bc0438ea00b5f5b16893a22bb83ff1c92407a946d4dc7d347d526db0e71bb38f873937ca7343fb7248867adf5decd52e74f05c768c3b1c8282b9b1b1bc0f7ae08917b2abe3d3305e32b8db562d19dd7c83fde6dbe03ef72aa7ddc00144895b2a1981105046a28ca0852521afbcd2b6cdb0bbed4670d746c45fb5589f279cfd594911cb11f2a7336af10b2332e731f2eec8287c735f2346449f1629fde95d6c78bed90645bb280e222976d5721ee6dd6068c1d6274d2382e524672a2656eed5cf34eff27c2974deebf2aa6226e3fa2f15ea8db5891a062d422607a450a32cfdfaaeadfb2498e79fe9e47089b2a8bbdbdcbb076ebbd9c8fdc6246c00a34176a1c46a924ab4c3877215e5666c7b384e9238b3ad6ac559d90e22170d6915c7150a1858eb3f20a1847642018840b49c335074496991fb3193914f5213846ff8bf5b389298d797dfdd4a1d116caec17f13152c9699caab72a96d364134266030e67ada0de8d2bb05091f7d855fe1c435574856b0f8de9dc6af14ce179e3c0b6b563ccb8e02900fa9412784b0e5fa71a6e4499fecd1343d289daeb929d0cbd96f9f4501bc9d6d9d0b4f462aaf2556ce92ae6438bb307aa258c8c4ba6646f99f5a3d4e14f677353722cc81a8ef1f68d41ad1bef785b248faee830613461239487bee1b53724eb28301420ced16a8110a8680c91c665f8eff65e2d48f95db7ad4f30d079a39a2286fb3df3472d330f6f11fc7d1939a923c50263b3e03140f7cec279df5785fa2124d1650563799defc378cb9506ee7142eb108b3f4125ade3d9a73646bddac795c753895b2ad51d358eff496d1c1a885c30b85b50eca89bf15ae50ae3301805f1691b3a391d7575c9a0a514710ad3e590491c60bdab122222c66cbb155452a01cb9750da7450900000000000000bf38c8185c769c1409eb0b1c613eac8101d6784c9510790dd1df8fa6f2b4dbdbde3bdcbf6bfc456f68b680f2595853178e89a32e9c56d66fd2210fb0fc0e3cda61e6980e16e47ae8071182af80950c43ba221fe072e6945107a6edcd38bfeb201a657969bf340960a67e30987e56c953a177404fdf67b5d99bbc06d705a0fc9659336b458ea0d575ddfe59706738d1e65c505272000000000000004000"})
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.215055617s ago: executing program 5 (id=3931):
syz_emit_vhci(0x0, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000002"], 0x34}, 0x1, 0x0, 0x0, 0x4004890}, 0xc080)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r1, 0x80047c05, 0x0)
ioctl$vim2m_VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x4)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r3, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket(0x10, 0x80002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r5, 0x8008976)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r2, 0x942e, 0x0)
writev(r5, &(0x7f0000000880)=[{&(0x7f0000000600)="18dff49858454fa491119b39f4ec02351402d69d02218513b580502ab73969fbcb8a40bb1a64809c163303e86c133317f29d7e6e36c73e48253f01c272ec92fbc348244d10ce2c6bf23ea037d0557d84d20daea2bf3c058abfe432abbd8e9caa85ad0b8735520934a1d67b761b5dc37cf6e5f8c97d4bd70594b5a70a07775b2be008eed722b8555654b1c7bf539c5971e42a4a77b80a520022826b00b1ef2c9847787cac29cbaa00434abf377f953fe1f06ff3cbe07550b622bde2bc7d5c5b68753a4d94bdeb60c704ec50fc674079ea876dfba754ac108a5b9c6ad9dfbf1b1349e3df786438ca6398943f11669967824c3e4300", 0xf4}, {&(0x7f0000000d00)="845a6ee005638b2ad5dfa946f0633199a56cfa28b954f52ce3bc96ed1ffc361391d7d17045334ce9d5bce43aec5764594c6990570a911f8e19b67ac28237444f36db4d873eb720364e02738406b1db285123e01365ddb94decdbe7fb481edcddf8fc77a271c54201dd827c7283600fda09663bac7efb887e41cb330805bbba05cea8248bad80d8c3df57d2b83ce207239a2f0efd1c414d737315e3a650cd62caad58b3f1bb8b3732b3fa1ed3d38a9088490ba4a8c694e3c07f5953bdff4a145188e9c60155529b3ba1595fbce830268d5a21eec04c46e1950d2f167ff9fff49cd6111017294bf8c5d2", 0xe9}, {&(0x7f0000000f00)="f48ed488b79c19020b12c847a2b2bd6910d9e9dde186c648318dcc169dff39a3990286898efed16221dab719543a20fc028c0d910d5faa93e1681842fa9c6d5fe96a168e3320464326fbfd8a129db351f0d5f9a328a4358e5c0334de68436dd2b6c2502f45f248d2a7f0ebaafd021a8b306e63dd563b492896f4c09e6d5dc738b5bdc947bc7d209c1b04445155481e33fc1ef3329e34267522cae90ee707e7cbb9ca3065d53f2e86949582355a7b2cca99e1504cb2ff0c6ad674e7ceb632351c38ff3aacd22c389c43bcfeb4a4cbec9d41813f520eace7e54347a8dc9e44cd8687a9", 0xe2}, {&(0x7f0000000200)="202bb0415639f0c1e98ad3c35ba126faa9e43e618c9679bae2c30304d1850473f4302215ea2a192d9901b0781473c381e7904a63aba8ed92e2c3d816ba0ccb9c36956022c1f7656660e573c38b9cf98d3e6ea19ea82ffab1ff10efc0b8351d0fe7423a3e5158c1e0e4831ecc8df81a0f8827e5c49556cabf334789727d6414d056bd6fb1a1311c748dfdc72879c6091c30be23580eecd40e8c4071375d5b4dc64f1a7c409c904b6ea93b2e9fabfe6ced7c0f03624557addd7d4329b5a8bb86b164c377202f2c41b910d6fe0009b5c29030e62ef0d0359a430000000000", 0xdd}, {&(0x7f0000000e80)="94d1f2e1ab95afe67e299cbc47530ccadacb8ecabe3c73ac55d925a0d52a79ceedae83cf90a1789f07fbde8a75991d1e775ce7bdb15e59273429b52a246643318051f60e", 0x44}, {&(0x7f0000002300)="9d2aba98f0b975bf7210f7e7d7d3e223f4d186282fe89a5b99d5c2ea2863634e543819ec0ae3fcdfd6c5ad048df8fe8110603326b3fd088763e7d695fcff918a8c5c1f7ea86505918c7773e5d247f6d714fb99e7a86dc53673d48d61d079cbf2c7298d22ddedc4103338fd0af6f0b5308ca1c7d34f26fb9f964c1d2b42173024df139d7b2146635a6002ce9d439265593fda27820c4899009d0e9e64542b5eae59df7a197bb1dfff597e2886a314b6b00b56664a0829b5bac45860aa6c1f7be92f29cd82a3ac64d6cd312390bd6cd3535dd6f9ecc3c92cb40196d68e610e4e7e99b9e9aaceeb9887ecbeb0c369c44b6aae92a0b646e48fec4280c10a1f1cc2fe4d1d51c72b983e2f2c3a05cb91d26c7132d821b05e26bafcd4c7699639f7003d62d112f5c2f6f8c6939bd812e16e6a6927ebb45ab6a66e4630f1476f48a113f0a89235a085e14b166a7ce525308ae322aea9b9805b6392c4280b509679503ccbbe137d6185ff25437e5e4e6240a4a07e4051c6d030da271f946171b1ade790bdf2289c5e0ddcb33de11961264734ce77e04f94c330dac130362d5af3a5754cd69f72271157c82dd4ecf473f8b1bebcb5b9eaff0933322ca28291c278bd7f623eefc3779d980b9c39c1753488fb90ff8f4e0ce31b6e7f945f1feb0e0089b9e375c52218fbc945459f3861a6b197c74afafd944167eb991ea18ca878b59212e8d7172f6a64969eb647282588e5a54f2bc01b8f6bc43a407ce57ff99cd078e9865e2dbd0f546358448dcf5f57f1e0449ca903f7b4d2751c4ab5c5de", 0x23a}], 0x6)
r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_CONTROL(r6, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x301, 0x2, 0x0, 0x101, 0x0})
syz_open_dev$video4linux(&(0x7f0000000040), 0x8, 0x208040)

2.185254769s ago: executing program 3 (id=3932):
r0 = socket$alg(0x26, 0x5, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="100000402a2f67a906db46"], 0x10}, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2", 0x17)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
unlink(&(0x7f0000000580)='./file0\x00')
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000002d00)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_BSS(0xffffffffffffffff, &(0x7f0000002e00)={0x0, 0x0, &(0x7f0000002dc0)={&(0x7f00000000c0)={0x24, r2, 0x1, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x5}]}, 0x24}}, 0x10)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000013c0)="0617d2d503b14bbc2737ddc1796a5b1f7702ffe273f1ba3add98a39ff0e30f9de584b4f78af7f5fdd34db9395be6fb99cb9806faab593b55a010b9b22ebb3088c42e96f2e4de49ef5974dda9d9e8d2afde7d0a41e4ff1674cb04196502c858be537c9f0cb8f1ef6d3725f61de0e08ce21763a064fb5df7fdac89da0d005cf7d6bc7e01e6cf4e662fb7e63052891e8d1bcc7b6cc3c395235a24e56c9ccde678329c3faa829b807f6a14c8e3cebb488ed024a8c07460b2c42a39417b30652d6b47e7c3982c71616d1b5a0fa195292509d8a0111c6d400422199776ca0ff0e44719828f112069b4ad37df284cdbd2766f645463f4130ba65af0db60fa919be089fb13e89194f9e193081cfc730966685a98b69e3b91fa42a940f0ab2026d4c5b7bd8d7a5094a17b5a4f261b1b8a384339ae968557ab460d1a5cdadc0332664b1ebbbd914538d90e7505f7f0cc9af9102280ef2c580c910e3b1b23b13c8d4a868ccaa9de65d98ac801a78baba602fafeeb6d55bb53656746b01e4258da2d88dffc1140d5ccb6348d12389ee21c5f16180fc6cb7890ad409240bd82733bc6c403512c59ba0cd2d92682bbce7b61487fadd2c2edee21cc9d12f4848a954880b183dcff076b0fe064aafc9c766db199fd80e14036a511d2f3d601990b864994081d13b1b0ea2f40f3b0dd979e9eb11e666f4b1c2e1fe52269158040c51b1d89c1b679b664d7c691ada7bd4d9ebce504e38a410db9cbcfb28033eb865cd00bd424a300fa60ec30af4f27ae3b60392a29a34f4439c0171e59e962b19b3814ed3e961ebfd7fa6228c217fa7d5045c4eab1573790b217dc7450ced4901eac5a546cf9575a2997c2025bbdddca62520072b5f8a6a603cca8c1d8cb4502df3f2f4a96e5099cd0f20ab3dd5d5d44846cfc9135138378c8a946d0770f70e2b34858944b1b46a0d3f4626a748b8a829a315f1d14af97b22fa964fbf1d1f09a4ec0e7e06311d76c253e8cfad9be8d7f2baa80b328613d65f463a7d00b3d5ba7a825507bb1f6f5569dbf388ce0215905b97f3bd8d2b39638e02c1cadf2d5170a017d0b3b7f04dfa2e85bd8a280a3e8809408a9e9d8d250869d5e254b274472d1f68f19ed4b324ed228d052f74114ee4e4595fe6534f92d7ba10b7d5971b4714045b22a481b0dea68c7c8d238870d979a91c384f0bfb50582143aef76346972eb58b040568691e133a39aa9716d3262ddac1a1f64bbd554f010c7d354fc9e671dbb0e7327467baf64337d1d3d6254259529fa5bb982da1eb8335649b6f9eb78b91e60702ef781323f3659ee7faa868575daa315f28d5b3dc790004c6efc83c7a5a54b6eed679a3b615b0e0e3e86b9d39726f966e9db62fc45c2e192f2621f6eabc28484ae3b075d4ea6c92f5e04985094458a42b091c906bb22164fe6cc736217872dbb019dd605c2929a39ef871858d2d87dde53ba2dd6a290d67da54092976d0a2a512a9b5cae4f8e096e05b0d2400e486340b3ebcb138f08cee224ea17158759cbdf936e510dde2b8c3abd4d219209dfe46448af8a580797e7adf4a29d8dd860ace10eb1752ebbe7eb018023db26bf891596443910d3eeec6e6a5bf2a11de9397c26f4895ed54e50fdf883a4234ca37df5389cca96c0e9244b9b7627c505c1cd3de89a4fa19af5b3957e0bcef468c8ffe24a22862f11e45713cd3f4d7e17a32235f881ebe5b6675e5302a82cd94e2af8a6bd24e50e403e2e03d0e709cbbcb2d75544fdcfe5fecd37cd946f4fbf63f218be16bac2bf8026f8ed9aa76d757b03dc9d1e8dcbd869daaf8481c47256f5fc48e74acfb03488356cf6962ac077b3a792c05d42649299fce11cd15663cd12c3188bdd7a8bd9c1a2b236d97a430c79e93399dff1aae022b14e415ac346441dcf0794a4b146058aed0b48392d93652c9386ea1fe34c8e2c40636f892e978b1e22e00996b9e001fccc1a0c3729c496ad1c4fa303e17788e2fcbf3f66ab6fe0f0627e38e25aedb7d97759cd57693816649256a73e54a9b5fe87b2f6832384be609685522ea74f5524ae30a20bb37440dfc1793f39d1b46762b47e00843b71b05cc4bd429ab35740d5c62f32a7fe4693f609386cce049f957274bb4b41333b2f60e5ad330fc7d7ed9d322381838e5ac879815288ec0e3bf4feb67fe76c442ef3eb56a7f28face9099ffadafcf27d4839fc9b47b7d4b26aec96e3437b351ce3930edaa1f9aa39a461d75bdd730f3376d178d4489d3a1981e927686ce294dd1393a0bf73764970bbb09b44c79e272736a85ba4fcc29641874cc81c884437c146ec380511653eda102330bc17e015c9c02ff8294c323332158f518bd58811e8fb05a4f5808f57eead8b17ebcaa16351c38568492e5dcb51acfb950503948ba48bca1f4376baefedde02bc966f60eb25c01196c0436660df1d7e110c9a32222f8e9b0068d60f8472e187564f22e85b76dd8e999641e43623112d8e26c427b54c22923773fe7108989a607f97bf56c268f841f02e2395cd5e6972e350c7a28d5282c39079649dab733d4dd856c94d26bac345960d8c9f747b919f70fe4ddca41e569663f44205dbbac1aa2ac5e714633fe89f46e62fe5f6791ea32e0f2872e25ff3dac391925e57fcd8020f2055078a02538e967d5d92031449258a4bc84963997d2ca4a48b47924776108134131e6ef838fa93cac56ea7a36ca91f11d9e8377896d2f311b52aacbf0bd73103c1ae0354f475eed88f5f8101cfcf3c662c2565aa95e15570ded30f125637e8a14e3dc21f0ab85ea52e969e3c7c0b431f05f88e82b1df3477cada2041e1194a2b18d25be7c53cb74f0cdaf1fcfac483158e8994cb57cdf118ce233e24daeba4e8f31b91ee6286248d1a3cc5b24e99e8318e4379462658d87680513d1cb48d2114f2d355029262840ab99e6e5fdaa00157564e89986a1f0954502652cbbb66669f30f5daebb24ca09c6010097b50341fe51128479f6e4985f3193faccd67bbd55290ac003d276d5c161a7f6c93f0d7b98f07c24bb8f53ee53e6fed3eec1de81f6548bac6abd379c8ec5c60f9fc330cf4c5b0483b528b47d434c470a74c044405fc85e91cad490fa63baeef432ea933409ee6568c16e89434624ed8d03db26a130405544c9c52f18551327515975e1e5371e585fe080c42bd6f0b6c70af5fadc85a001ac24eb2a90881a9fd0c36d032a420b42aba56ed6a3137df63c89e8712af4eb7f2da5851c01720759975eb1f70f1a87d7fc01db882ca9b470a2aa4b40a2f579179693a58bc191bdce1315a9bc59abb461503e49d92cb5b193e1050e630f02440b2c5662603b64b38874a64f94a8c2ac6e641fd7ee9c09f0d69a9a4dbcfcbde3cd39040e05f77a889e69e16404a0c9df41dfe8300b8e7c1b3c5f2aae0c92d82dd2e7c0ffe8c4c71dde369d08c8de66d41ecd91d42376e0af2371bbaa65ed2dcd9138723f2d12d041abae9c5f032542d6f674810880ca1399906eb1b30b85396a57059dfa57e1192f452ec19623db6db4d68eecac8f7961198c4bd8ba8e053678f537d36039f0d83deb20fdc597fbfa14337935921a5bbbdab55bd170e023666cfb77faecbdc43c0976164986ec478dc731c9c6f39a631f6f485abcb2208113fe53f9fcad51728f931e646a7aff82a35501ffc1a198c34e3f5fc221274e6f0b28ea2fdc92054e2d7350b3a0b146a467eadd47d1d34181b846e77ab25509d33804658d4a384a276dbdcd31cf73dc4005922b61ab798b8d6f8f9c60352a4615efe70491f90e685c2a05f2225cd4ae22083d166c6e72f08e09c9730af2537f22c16621cd88b69e2d3cf1afbb26beec644e30420b2f66d77c54743c7885081c685e5da70a5707de423bcb9059adcf3e9485b58f1294e1e8abd807f333f0a0182a2fe961414c14491e3f27292c1f1989ca503afcba6097dd7d4d1f386ff14215e7c448b5fe4dc69c8e06aacee84664b4ea01cbc5bcd6743003e9299679e170282c97d31c0b8ef61bff8646c091d0aea7679f6c4e348ab0c93873365a195a65477522a50126eaec4220ddde00233f3441906a4dd49f8ea33528cc13afeaac21dc4b9fd71872ccfde4c39911de463ca954145b00007758d254e3ebee50677d0016c1b92d28bf17274b2d3b2d92a209e173e1da514732ebd23b1e0dcdf6f720cfd3a06613597cdedebe5531823e295a86fc41df3fda31956742a81e039c3a08e3abaa580b695619256e41f4e2ee1ddc89b8d637902d8f3a62865a5d681acaf7aa6206c2589d50128da6afc9a64e804cb98e8efe3eb6f3156f8b29bd6298d4d684f6a787f1737ef98dbabdbef8bdd4cef47768cebacd3706ce90a017a70980ab41f9fe4468d153b73e6549233e586810054b85d17e61f8a81e6f7d090292994c5ea3edd094a421a4b4b1a1765e5757eee2513199561e36c8f537fdfb9339e1a41f57a7fd55b5cf8c4c6771223229f96188696a12c190df766750f422d17c9b086d3a7812befa0d14ba54d486fa42cad27c92ca16bb1cfa60bffa895c9affb3d948407f1ab47113c4e11058815e71a7b877643b9b435b3b401050769c290ce07e546a345634cd2469df9eb055eb455bbdd523b13c737d04cf94b2cdc191432338129f98cd4c32269d92beb0604f8a779fa5dc7a43e8b4fbc3030bb0694ca140e3bbec5fe51ffc3fa9b39cb82b6d2dcf83b2e934d7da0c92e5c0fa0f31fb6142ecdb5cc5b665b5144ed510cc6bb7f0a74fd9e67fa3d37b6645afea3d5126724908283f7b7f42bfbe1ce12caea4323ea1a2d6290418dd4f14c982220eb0aebe589a04ca157a4f546c0d55734e98ba7b804658f96973c3129c33bc5050aac8bc0b6999a5013d2edd1fd58256d73ae3635d49afc4c9d460f384cdede2c80ae1139d2029f1b56f17e207d6b2d0d8676cce2ee81ae8babcef53ffc70a09ec6c21492dc984b30412a3c6283924e3f9987a6f3999c278c53466bc15f6cec37a9ea642b26bd4a6ecde6532843c1ac1fdfb64335d14abf469ea048f1df8c8b0cc8e5746bb377356428dad5593ca81684d42a7660bd7effdbb8fcf419196fc5baacbb7a726b33f5d3140412015c85412fee210093dcc95b19455e3f4ff86d53f6e348672f851a1d0b8d831239df3fc4fa3d3afb6bf0286a72daa2635d51da81aea014d070526a97db0f58c5c3892744fe0f77e838d4d016d98c047865b3a9e059ae5a24b16c230474dc24526d9caa8f5838ef320cc10a52f867faf17853e350f6fe9cd8cbfbbfd8da55e888298397f8f69266238f28f815b8b1b8d5ebafd1ea0cc6ba14e623e4fc2d61072bed04c3e8b3c2e961aaab632eed5c5a3833c9f9a2906cb15156796d44a8b743e63c0c05ba34a64d171252efe9ecda7fb5fa33426941e88eb280ca5652b0f2e5b2853ff1921321b0ffeff22abbee185d8e895b42af804764f87d460321453f04ce3bb6125acb186010364fbe6f099b4bd55ffba7b21e480353341506c3e7ed0980a828235859fbdbefe02ae2e1c24919d3cf6910fbcb8e084e09a7aeed69c4da655ef88aa5036572f0c9ab80fde558af22f42099c7371ec68b16058a9d7140e855bd5304b6a7142e6598ae0b8bffb114dbb7c79a4d656a9f13c38f450209ed93f5d34666ae3a392186f3f85d4f1a672ad9d4c2a6b8e3017e4bad2f759a6d5da7fe95c00705d4986d72184cb37a936a9231ef28c9c8f25f4daa184346b342bf4a2c358bee66153fa3e626f176b9e2eec77b321beb313ae2b887e915f20b3fde59a033656050f0b8b471a00278e1fe7fe725", 0x1000}, {&(0x7f00000006c0)="9059d63642dc873e5afc1954c0111ca9814807ee58921a6d8f748baac62ea8a24a04b57d8c37f3992d3df0ee741820a7c691d48c38247fd44c618835fb6035b42f213f7047a3575f46099c1e7210777f95cff505690c87a68aa665b8f37fcebe4552bfe0e55cfda15312e96bb07e7961c9b6581e5967df61a4e3cf7f374e2aa6fb9af07c5eeab3cc161882c34dbaf68c958b9f650b04ebfab8dcab50f047adc8144e4e0991d85d8f395e732dee63fb06a5c85ae9b6207e464e2771d60cb23fa160b32fbc1fdf3c502757b8bc00ce99b82101e1915a6c23963e1a3db1c27f19dc", 0xe0}], 0x2, &(0x7f0000000300)=[@assoc={0x18, 0x117, 0x4, 0xfffffffd}], 0x18, 0x81}, 0x40011)
r4 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000540)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.071746645s ago: executing program 5 (id=3933):
r0 = socket$netlink(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file4/file6\x00', 0x1c0)
renameat2(0xffffffffffffff9c, &(0x7f0000000580)='./file1/file4/file6\x00', 0xffffffffffffff9c, 0x0, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r3 = socket(0x400000000010, 0x3, 0x0)
ioctl$SIOCSIFMTU(r3, 0x8922, &(0x7f0000000180)={'veth1_vlan\x00', 0x8a})
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0xf000000)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000280)={0x100000011, @multicast2, 0x0, 0x0, 'fo\x00', 0x0, 0x2, 0x2a}, 0x2c)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, 0x0, 0x8800)
socket$kcm(0x10, 0x2, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8d40, 0x0)
ppoll(&(0x7f0000000800)=[{r4, 0x2000}], 0x1, 0x0, 0x0, 0x0)
ioctl$TIOCPKT(r4, 0x5420, &(0x7f0000000080)=0xfffffffa)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"})
r5 = syz_open_pts(r4, 0x0)
ioctl$TCFLSH(r5, 0x540b, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

1.987830903s ago: executing program 0 (id=3934):
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x29, 0x6f, 0xb6, 0x8, 0x9022, 0xd484, 0xff88, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x95, 0x0, 0x81, [{{0x9, 0x4, 0x1e, 0x80, 0x0, 0x56, 0xa7, 0xf6, 0x2}}]}}]}}, &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x16})
r0 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000080)={&(0x7f0000000480)=[{0x1a00, 0xa200, 0x0, 0x0}], 0x1})

1.949527031s ago: executing program 2 (id=3935):
ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x40, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000480)={0xaa, 0x600})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x1000, 0x0, 0x2}, 0x20)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})
read$FUSE(r2, &(0x7f00000021c0)={0x2020}, 0x2020)
setsockopt$MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x20, 0x2e, 0x9, 0x70bd27, 0x0, {0x4}, [@typed={0xc, 0x18, 0x0, 0x0, @binary="0aac0f0004ac0f00"}]}, 0x20}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076003008cb89e08f086dd", 0x0, 0xfe6, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0xd, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x61}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x5}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2a, &(0x7f00000000c0), 0x4)
bind$inet(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10)

1.908217662s ago: executing program 3 (id=3936):
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = getpgrp(0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = memfd_create(0x0, 0x1)
r7 = dup(r6)
write$binfmt_elf32(r7, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x58)
r8 = fanotify_init(0x200, 0x0)
fanotify_mark(r8, 0x1, 0x8001021, r7, 0x0)
execveat(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
pwrite64(r7, &(0x7f0000000340)="2054e16eba42f750d2f75b2176a146fe30c43e7ea8669bbba4b10571e012487531cbcbf94fd43ad25ffb14f437bee31c88809457e4eb729bee23984b400258b2f4f729115579155d2f8d952cf8f1b16cd70ed7a765dd2dec493db1cd147bc97550dab4689be3bbf3a7f4665506693545d6988eeab1adbb08f5de6f941b9548327b94ddca8c2dd016d1ba60b8c088574c7b9b01e97036e37c2c3f1d6ce91263e072cb28f1a81a65803c6c5dcd5717e29ca81ac293659d86f8738dc85081dfc480b11eba557807a1f7", 0xc8, 0x6)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f00000002c0)={0x54, 0x2, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x60000}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x54}}, 0x8800)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x104, 0x486, 0x0, 0x0)

981.927445ms ago: executing program 3 (id=3937):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a30000000005c000000060a010400000000000000000100000008000b40000000000900010073797a300000000034000480300001800a0001006d61746368"], 0xd0}}, 0x0) (fail_nth: 5)

912.424549ms ago: executing program 5 (id=3938):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000a00)=ANY=[@ANYRESDEC], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7ffffffc}, 0x94)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x4008040, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103)
r5 = socket(0x840000000002, 0x3, 0xff)
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x7ffffffff002, 0x7ffffffff002, 0x0, &(0x7f0000000000/0x4000)=nil)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,use', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r6 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000880)={{{@in=@empty, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@loopback}, 0x0, @in=@initdev}}, &(0x7f00000005c0)=0xe8)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000006c0)={0x0, <r8=>0x0}, &(0x7f0000000700)=0xc)
setreuid(r7, r8)
ioctl$EVIOCSKEYCODE_V2(r6, 0x40284504, &(0x7f0000000200)={0x0, 0x1, 0x0, 0x0, "4620f63a4e6b5c9b4410b99e0e549fcfdeb92566761ad1c34ca4a1abe476fa96"})
syz_io_uring_setup(0x79a4, &(0x7f0000000300)={0x0, 0x7de3, 0x100, 0x0, 0x305}, &(0x7f00000000c0), &(0x7f0000000480))
syz_open_dev$loop(&(0x7f0000000540), 0x5, 0x309000)

394.50444ms ago: executing program 1 (id=3939):
r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_elf64(r0, &(0x7f0000000000)={{0x7f, 0x45, 0x4c, 0x46, 0x72, 0x9, 0xc, 0x9, 0x2, 0x3, 0x3, 0x1ff, 0x10c, 0x40, 0x340, 0x9, 0x3, 0x38, 0x1, 0x401, 0x3, 0x6}, [{0x70000000, 0x81, 0xfffffffffffffff9, 0x6ae, 0x5, 0x400000000000, 0x7, 0x2}], "2aef326f41bba6d5c907483dd44b044c5459f217f8bc24a5709cdcf57fa2928c86015622167b88bf532b3c0edb1d4c291a40bf817d9a264111275e4281e32fe146beb22dc1da5d4cecf06198125c24d3fd7f03f25ebbb2817dfd3259857560aa13a76c8cc983a89e469b8e8342a69e53126ed83266c712a27b5662e691a7b1861b12b386ea8456243f91b33fcbfc89f51d2e6b37dacf3adc004d2ae35a5aac5e57fc3324dcdbdced016ab11644e7ea0d9ab4c28776a52b132f6da1eba70a9eccbdb45a5640cefd68b8fa5ab50430eaedfddd"}, 0x14a)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000180)={0x8000, 0x1, {<r1=>0xffffffffffffffff}, {0xffffffffffffffff}, 0x7c, 0x7})
prctl$PR_SCHED_CORE(0x3e, 0x0, r1, 0x0, &(0x7f00000001c0))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000200)=<r2=>0x0)
prlimit64(r2, 0x62bfdd4a64603194, &(0x7f0000000240)={0x6, 0x40}, &(0x7f0000000280))
prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, &(0x7f00000002c0))
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_GET(r3, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x1406, 0x2, 0x6, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x4)
openat$cuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000500)={0x1c, r5, 0x5a9, 0x70bd2a, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x9}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
ioctl$VIDIOC_CROPCAP(r4, 0xc02c563a, &(0x7f00000005c0)={0xc, {0x4, 0x6, 0x4, 0x1}, {0x8, 0x2, 0x2, 0xa0c}, {0x5, 0xffffcdb4}})
ptrace$ARCH_SHSTK_STATUS(0x1e, r2, &(0x7f0000000600), 0x5005)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f00000007c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000780)={&(0x7f0000000680)={0xcc, 0x0, 0x8, 0x301, 0x0, 0x0, {0x2, 0x0, 0x9}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x11}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x88be}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x4c, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8, 0x1, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x81c}, @CTA_TIMEOUT_DCCP_PARTOPEN={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_TIMEOUT_DCCP_CLOSING={0x8}, @CTA_TIMEOUT_DCCP_RESPOND={0x8}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8}, @CTA_TIMEOUT_DCCP_TIMEWAIT={0x8}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x8917}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8001}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6b9a}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x10}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xd4d}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xad3}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
write$6lowpan_enable(r4, &(0x7f0000000800)='1', 0x1)
r6 = creat(&(0x7f0000000840)='./file0\x00', 0x2)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f00000008c0), r4)
sendmsg$NL80211_CMD_DISCONNECT(r6, &(0x7f0000000980)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x140}, 0xc, &(0x7f0000000940)={&(0x7f0000000900)={0x34, r7, 0x100, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x26}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x37}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x33}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x30}]}, 0x34}}, 0xc055)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000a00)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r8, &(0x7f0000000b00)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a40)={0x60, r7, 0x20, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r9}, @val={0xc, 0x99, {0xfffffff8, 0x66}}}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x6}, @NL80211_ATTR_AP_ISOLATE={0x5, 0x60, 0x6}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x1}, @NL80211_ATTR_BSS_CTS_PROT={0x5}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x69}]}, 0x60}, 0x1, 0x0, 0x0, 0x8004}, 0x24004004)
ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000b40)=<r10=>0x0)
ptrace$cont(0x9, r10, 0x4, 0x8)
sendmsg$IPSET_CMD_ADD(r6, &(0x7f0000000d00)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x80311002}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000bc0)={0xdc, 0x9, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x2}, [@IPSET_ATTR_ADT={0x34, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x1}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x6}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_CIDR={0x5}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x1}}]}, @IPSET_ATTR_DATA={0x30, 0x7, 0x0, 0x1, [@IPSET_ATTR_COMMENT={0x9, 0x1a, 'syz0\x00'}, @IPSET_ATTR_SKBMARK={0xc, 0x1b, 0x1, 0x0, 0x8000000000000001}, @IPSET_ATTR_IFACE={0x14, 0x17, 'macvlan0\x00'}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x38, 0x7, 0x0, 0x1, [@IPSET_ATTR_BYTES={0xc, 0x18, 0x1, 0x0, 0x4}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast1}}, @IPSET_ATTR_IFACE={0x14, 0x17, 'sit0\x00'}, @IPSET_ATTR_MARK={0x8, 0xa, 0x1, 0x0, 0xe}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8ef}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x8}]}, 0xdc}, 0x1, 0x0, 0x0, 0x20000001}, 0x4000090)
fcntl$setflags(r4, 0x2, 0x1)
r11 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000d40), 0x44201, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000dc0)={&(0x7f0000000d80)=[0x0, 0x0, 0x0, 0x0, <r12=>0x0, 0x0], 0x6})
ioctl$DRM_IOCTL_MODE_GETPLANE(r11, 0xc02064b6, &(0x7f0000000f40)={r12, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000f00)=[0x0, 0x0, 0x0, 0x0, 0x0]})

0s ago: executing program 1 (id=3940):
r0 = syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x200, 0x4, &(0x7f0000000080)={0x80, 0x0, 0x0, 0x0, 0x7995}, 0x8, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

 2 family 0 port 6081 - 0
[ 1200.354039][   T30] audit: type=1400 audit(1765984704.148:1801): avc:  denied  { watch } for  pid=18076 comm="syz.5.3114" path="/284" dev="tmpfs" ino=1547 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[ 1200.391886][T14755] usb 3-1: USB disconnect, device number 68
[ 1201.424207][   T30] audit: type=1400 audit(1765984704.148:1802): avc:  denied  { watch_sb } for  pid=18076 comm="syz.5.3114" path="/284" dev="tmpfs" ino=1547 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[ 1201.703422][T17812] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1201.832775][T18086] JFS: discard option not supported on device
[ 1201.841616][T18086] Mount JFS Failure: -22
[ 1201.845914][T18086] jfs_mount failed w/return code = -22
[ 1202.876161][T18094] JFS: discard option not supported on device
[ 1202.886883][T18094] Mount JFS Failure: -22
[ 1202.891280][T18094] jfs_mount failed w/return code = -22
[ 1203.558412][T17812] bridge_slave_1: left allmulticast mode
[ 1203.638681][T14755] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[ 1203.689670][T17812] bridge_slave_1: left promiscuous mode
[ 1203.835087][T14755] usb 4-1: too many configurations: 151, using maximum allowed: 8
[ 1203.882453][T14755] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7
[ 1203.901772][T14755] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130
[ 1203.914233][T14755] usb 4-1: Product: syz
[ 1203.918397][T14755] usb 4-1: Manufacturer: syz
[ 1203.932729][T14755] usb 4-1: SerialNumber: syz
[ 1204.055422][T17812] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1204.081043][T17812] bridge_slave_0: left allmulticast mode
[ 1204.089260][T17812] bridge_slave_0: left promiscuous mode
[ 1204.098462][T14755] usb 4-1: config 0 descriptor??
[ 1204.115771][T17812] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1205.112570][   T30] audit: type=1400 audit(1765984709.848:1803): avc:  denied  { setopt } for  pid=18096 comm="syz.3.3119" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[ 1205.324467][ T3444] smc: removing ib device syz2
[ 1205.477431][   T30] audit: type=1326 audit(1765984710.218:1804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18126 comm="syz.1.3126" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6f2b78f749 code=0x0
[ 1205.556700][T17812] team0: Port device bridge1 removed
[ 1205.593802][ T5958] erspan0 speed is unknown, defaulting to 1000
[ 1205.603612][ T5958] syz2: Port: 1 Link DOWN
[ 1205.603704][T14755] erspan0 speed is unknown, defaulting to 1000
[ 1206.150753][T14755] usb 4-1: USB disconnect, device number 64
[ 1206.185400][T18131] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1206.694577][T18147] input: syz1 as /devices/virtual/input/input56
[ 1206.845484][T18149] netlink: 79 bytes leftover after parsing attributes in process `syz.1.3129'.
[ 1207.075630][T18153] overlayfs: failed to clone upperpath
[ 1207.205968][T17892] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1207.352233][T17892] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1207.845376][T17892] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1207.909349][T17892] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1208.266978][T18169] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[ 1208.326576][T18169] block device autoloading is deprecated and will be removed.
[ 1208.378745][T17892] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1208.467111][T17892] 8021q: adding VLAN 0 to HW filter on device team0
[ 1208.546889][   T76] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1208.554028][   T76] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1208.630955][   T76] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1208.638125][   T76] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1209.661676][T17892] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1209.751457][T17812] tipc: Left network mode
[ 1210.051299][T18211] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input57
[ 1210.157987][   T30] audit: type=1400 audit(1765984714.898:1805): avc:  denied  { watch watch_reads } for  pid=18212 comm="syz.2.3142" path="pipe:[61906]" dev="pipefs" ino=61906 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[ 1210.183713][T18213] netlink: zone id is out of range
[ 1210.235853][T18217] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[ 1210.293420][T17892] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1211.483166][T18230] __vm_enough_memory: pid: 18230, comm: syz.2.3144, bytes: 21200512712704 not enough memory for the allocation
[ 1211.495627][T18230] __vm_enough_memory: pid: 18230, comm: syz.2.3144, bytes: 11727962341376 not enough memory for the allocation
[ 1211.941449][T17892] veth0_vlan: entered promiscuous mode
[ 1211.976764][T17892] veth1_vlan: entered promiscuous mode
[ 1212.525814][T18239] Bluetooth: MGMT ver 1.23
[ 1212.937697][T17892] veth0_macvtap: entered promiscuous mode
[ 1212.984502][T17892] veth1_macvtap: entered promiscuous mode
[ 1213.137885][T17892] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1213.159349][T17892] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1213.212469][T17812] hsr_slave_0: left promiscuous mode
[ 1213.238022][T17812] hsr_slave_1: left promiscuous mode
[ 1213.243639][T18256] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3151'.
[ 1213.265083][T17812] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1213.293131][T17812] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1213.320064][T17812] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1213.332653][T17812] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1213.368612][T17812] batman_adv: batadv0: Interface deactivated: dummy0
[ 1213.391550][T17812] batman_adv: batadv0: Removing interface: dummy0
[ 1213.500197][T17812] veth1_macvtap: left promiscuous mode
[ 1213.514252][T17812] veth0_macvtap: left promiscuous mode
[ 1213.525767][T17812] veth1_vlan: left promiscuous mode
[ 1213.535124][T17812] veth0_vlan: left promiscuous mode
[ 1214.266006][T17812] team0 (unregistering): Port device team_slave_1 removed
[ 1214.306241][T17812] team0 (unregistering): Port device team_slave_0 removed
[ 1214.727133][T14740] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1214.769827][T14740] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1214.795319][T14740] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1214.992546][T14740] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1217.819919][T18287] __vm_enough_memory: pid: 18287, comm: syz.2.3157, bytes: 21200512712704 not enough memory for the allocation
[ 1217.832332][T18287] __vm_enough_memory: pid: 18287, comm: syz.2.3157, bytes: 11727962341376 not enough memory for the allocation
[ 1218.062291][ T5973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.144305][ T5973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.163294][T18292] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3160'.
[ 1218.232034][T18295] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3160'.
[ 1218.254020][T18296] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3162'.
[ 1218.381191][T17812] IPVS: stop unused estimator thread 0...
[ 1218.397644][ T5973] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1218.422739][ T5973] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1218.581006][T18299] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1219.017235][T18302] JFS: discard option not supported on device
[ 1219.085682][T18302] Mount JFS Failure: -22
[ 1219.102151][T18302] jfs_mount failed w/return code = -22
[ 1219.178352][T18308] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3062'.
[ 1221.137684][T17429] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1221.146724][T17429] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1221.155719][T17429] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1221.165989][T17429] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1221.175210][T17429] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1221.488886][T18327] JFS: discard option not supported on device
[ 1221.496817][T18327] Mount JFS Failure: -22
[ 1221.501099][T18327] jfs_mount failed w/return code = -22
[ 1221.941813][   T30] audit: type=1400 audit(1765984726.678:1806): avc:  denied  { bind } for  pid=18318 comm="syz.0.3169" lport=12928 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1221.962422][   T30] audit: type=1400 audit(1765984726.678:1807): avc:  denied  { name_bind } for  pid=18318 comm="syz.0.3169" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1222.109181][   T30] audit: type=1400 audit(1765984726.678:1808): avc:  denied  { node_bind } for  pid=18318 comm="syz.0.3169" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[ 1222.275042][T18319] chnl_net:caif_netlink_parms(): no params data found
[ 1222.404244][T14755] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[ 1222.574234][T14755] usb 4-1: Using ep0 maxpacket: 16
[ 1222.589933][T14755] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1222.690954][T14755] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1222.859585][T14755] usb 4-1: Product: syz
[ 1222.937778][T14755] usb 4-1: Manufacturer: syz
[ 1222.947668][T18319] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1222.954959][T14755] usb 4-1: SerialNumber: syz
[ 1222.959759][T18319] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1222.969353][T14755] usb 4-1: config 0 descriptor??
[ 1222.983702][T18319] bridge_slave_0: entered allmulticast mode
[ 1222.991103][T18319] bridge_slave_0: entered promiscuous mode
[ 1223.001777][T18319] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1223.010594][T18319] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1223.051877][T18319] bridge_slave_1: entered allmulticast mode
[ 1223.069930][T18319] bridge_slave_1: entered promiscuous mode
[ 1223.176363][T18319] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1223.190962][T18319] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1223.294204][ T5826] Bluetooth: hci2: command tx timeout
[ 1223.417692][T18319] team0: Port device team_slave_0 added
[ 1224.213617][T18319] team0: Port device team_slave_1 added
[ 1224.620721][T18319] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1224.785297][T18319] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1224.862278][T18319] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1224.896700][T18319] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1224.993152][T18319] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1225.029663][T18319] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1225.323418][T18319] hsr_slave_0: entered promiscuous mode
[ 1225.363788][T18319] hsr_slave_1: entered promiscuous mode
[ 1225.374218][T18319] debugfs: 'hsr0' already exists in 'hsr'
[ 1225.380083][T18319] Cannot create hsr debugfs directory
[ 1225.386657][ T5826] Bluetooth: hci2: command tx timeout
[ 1225.736636][T18319] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1225.858786][T18319] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.033118][ T5958] usb 4-1: USB disconnect, device number 65
[ 1226.088811][T18319] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.347527][T18319] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1226.423962][T18381] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1226.431188][T18381] overlayfs: failed to set xattr on upper
[ 1226.436978][T18381] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1226.443840][T18381] overlayfs: ...falling back to index=off.
[ 1226.449686][T18381] overlayfs: ...falling back to uuid=null.
[ 1226.455598][T18381] overlayfs: maximum fs stacking depth exceeded
[ 1227.455273][ T5826] Bluetooth: hci2: command tx timeout
[ 1228.414270][ T5958] usb 4-1: new low-speed USB device number 66 using dummy_hcd
[ 1228.786588][ T5958] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1228.809548][ T5958] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1228.940184][ T5958] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00
[ 1228.984563][ T5958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1229.071462][T18391] JFS: discard option not supported on device
[ 1229.079518][T18391] Mount JFS Failure: -22
[ 1229.083806][T18391] jfs_mount failed w/return code = -22
[ 1229.360565][ T5958] usb 4-1: config 0 descriptor??
[ 1229.414956][ T5958] usb 4-1: can't set config #0, error -71
[ 1229.423468][ T5958] usb 4-1: USB disconnect, device number 66
[ 1229.441385][   T30] audit: type=1400 audit(1765984734.178:1809): avc:  denied  { mount } for  pid=18392 comm="syz.5.3188" name="/" dev="configfs" ino=1114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[ 1229.489886][T18319] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1229.501341][T18319] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1229.708236][ T5826] Bluetooth: hci2: command tx timeout
[ 1230.508494][T18319] netdevsim netdevsim1 netdevsim2: renamed from eth2
[ 1230.549634][T18319] netdevsim netdevsim1 netdevsim3: renamed from eth3
[ 1230.829676][T18319] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1230.850373][T18319] 8021q: adding VLAN 0 to HW filter on device team0
[ 1231.451716][T18319] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1231.470499][T18319] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1231.602745][ T6078] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1231.609852][ T6078] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1231.642135][ T6078] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1231.649225][ T6078] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1232.144921][T18427] wireguard0: entered promiscuous mode
[ 1232.687323][T18319] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1232.717819][   T30] audit: type=1400 audit(1765984737.448:1810): avc:  denied  { create } for  pid=18442 comm="syz.5.3198" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 1232.757028][T18443] VFS: Mount too revealing
[ 1232.792198][   T30] audit: type=1400 audit(1765984737.488:1811): avc:  denied  { sys_admin } for  pid=18442 comm="syz.5.3198" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 1232.821062][T18439] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1232.961040][ T5958] IPVS: starting estimator thread 0...
[ 1232.969881][   T30] audit: type=1400 audit(1765984737.578:1812): avc:  denied  { associate } for  pid=18444 comm="syz.5.3198" name="core" scontext=root:object_r:etc_runtime_t tcontext=system_u:object_r:root_t tclass=filesystem permissive=1
[ 1233.085889][T18446] IPVS: using max 38 ests per chain, 91200 per kthread
[ 1233.471764][T18319] veth0_vlan: entered promiscuous mode
[ 1233.501109][T18319] veth1_vlan: entered promiscuous mode
[ 1233.538344][T18319] veth0_macvtap: entered promiscuous mode
[ 1233.555137][T18319] veth1_macvtap: entered promiscuous mode
[ 1233.583419][T18319] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1233.620867][T18319] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1233.640520][ T5973] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.794301][ T5973] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.803098][ T5973] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.824463][ T5973] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1233.930800][T18458] JFS: discard option not supported on device
[ 1233.938867][T18458] Mount JFS Failure: -22
[ 1233.943158][T18458] jfs_mount failed w/return code = -22
[ 1234.377832][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.402618][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1234.535626][   T38] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1234.560149][   T38] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1235.004387][ T6012] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1235.681757][ T6012] usb 3-1: Using ep0 maxpacket: 8
[ 1235.688670][ T6012] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 1235.697734][ T6012] usb 3-1: config 2 has an invalid interface number: 33 but max is 0
[ 1235.707197][ T6012] usb 3-1: config 2 has no interface number 0
[ 1235.713317][ T6012] usb 3-1: config 2 interface 33 has no altsetting 0
[ 1235.723281][ T6012] usb 3-1: string descriptor 0 read error: -22
[ 1235.729851][ T6012] usb 3-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=83.d4
[ 1235.741756][ T6012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1235.754964][ T6012] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[ 1235.775509][ T6012] dvb-usb: bulk message failed: -22 (2/0)
[ 1235.781267][ T6012] dvb-usb: will use the device's hardware PID filter (table count: 15).
[ 1235.790380][ T6012] dvbdev: DVB: registering new adapter (WideView WT-220U PenType Receiver (based on ZL353))
[ 1235.799855][ T5925] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[ 1235.809910][ T6012] usb 3-1: media controller created
[ 1235.819831][ T6012] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1235.846035][ T6012] usb 3-1: DVB: registering adapter 1 frontend 0 (WideView USB DVB-T)...
[ 1235.865590][ T6012] dvbdev: dvb_create_media_entity: media entity 'WideView USB DVB-T' registered.
[ 1235.964162][ T5925] usb 4-1: Using ep0 maxpacket: 8
[ 1235.985373][ T5925] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[ 1236.008171][ T5925] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1236.047281][ T6012] rc_core: IR keymap rc-dtt200u not found
[ 1236.052884][ T5925] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 1236.062958][ T6012] Registered IR keymap rc-empty
[ 1236.073411][ T5925] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 1236.099468][ T5925] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1236.147045][ T5925] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 1236.164602][ T5925] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1236.192137][ T6012] rc rc0: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0
[ 1236.208259][ T6012] input: WideView WT-220U PenType Receiver (based on ZL353) as /devices/platform/dummy_hcd.2/usb3/3-1/rc/rc0/input58
[ 1236.228955][ T6012] dvb-usb: schedule remote query interval to 300 msecs.
[ 1236.236979][ T6012] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) successfully initialized and connected.
[ 1236.255092][ T6012] usb 3-1: USB disconnect, device number 69
[ 1236.410490][ T5925] usb 4-1: GET_CAPABILITIES returned 0
[ 1236.444982][ T5925] usbtmc 4-1:16.0: can't read capabilities
[ 1236.656299][ T5925] usb 4-1: USB disconnect, device number 67
[ 1237.398967][T18494] FAULT_INJECTION: forcing a failure.
[ 1237.398967][T18494] name failslab, interval 1, probability 0, space 0, times 0
[ 1237.411790][T18494] CPU: 0 UID: 0 PID: 18494 Comm: syz.3.3214 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1237.411815][T18494] Tainted: [L]=SOFTLOCKUP
[ 1237.411821][T18494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1237.411831][T18494] Call Trace:
[ 1237.411836][T18494]  <TASK>
[ 1237.411843][T18494]  dump_stack_lvl+0x16c/0x1f0
[ 1237.411870][T18494]  should_fail_ex+0x512/0x640
[ 1237.411894][T18494]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 1237.411911][T18494]  should_failslab+0xc2/0x120
[ 1237.411925][T18494]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 1237.411935][T18494]  ? __alloc_skb+0x156/0x410
[ 1237.411954][T18494]  ? __alloc_skb+0x156/0x410
[ 1237.411974][T18494]  __alloc_skb+0x156/0x410
[ 1237.411988][T18494]  ? __alloc_skb+0x35d/0x410
[ 1237.412004][T18494]  ? __pfx___alloc_skb+0x10/0x10
[ 1237.412019][T18494]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1237.412032][T18494]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1237.412049][T18494]  netlink_alloc_large_skb+0x69/0x140
[ 1237.412064][T18494]  netlink_sendmsg+0x698/0xdd0
[ 1237.412079][T18494]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1237.412097][T18494]  ____sys_sendmsg+0xa5d/0xc30
[ 1237.412112][T18494]  ? copy_msghdr_from_user+0x10a/0x160
[ 1237.412122][T18494]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1237.412142][T18494]  ___sys_sendmsg+0x134/0x1d0
[ 1237.412153][T18494]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1237.412180][T18494]  __sys_sendmsg+0x16d/0x220
[ 1237.412191][T18494]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1237.412210][T18494]  do_syscall_64+0xcd/0xf80
[ 1237.412227][T18494]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1237.412238][T18494] RIP: 0033:0x7f08bc98f749
[ 1237.412247][T18494] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1237.412257][T18494] RSP: 002b:00007f08bd765038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1237.412267][T18494] RAX: ffffffffffffffda RBX: 00007f08bcbe5fa0 RCX: 00007f08bc98f749
[ 1237.412274][T18494] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[ 1237.412280][T18494] RBP: 00007f08bd765090 R08: 0000000000000000 R09: 0000000000000000
[ 1237.412286][T18494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1237.412292][T18494] R13: 00007f08bcbe6038 R14: 00007f08bcbe5fa0 R15: 00007ffdf4fcd138
[ 1237.412306][T18494]  </TASK>
[ 1238.107463][T18492] JFS: discard option not supported on device
[ 1238.113779][T18492] Mount JFS Failure: -22
[ 1238.118058][T18492] jfs_mount failed w/return code = -22
[ 1238.393091][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.399475][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1239.599215][ T6012] dvb-usb: WideView WT-220U PenType Receiver (base successfully deinitialized and disconnected.
[ 1239.975719][ T6012] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1240.154209][ T6012] usb 3-1: Using ep0 maxpacket: 16
[ 1240.178413][ T6012] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1240.196050][ T6012] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1240.215616][ T6012] usb 3-1: Product: syz
[ 1240.220216][ T6012] usb 3-1: Manufacturer: syz
[ 1240.262618][ T6012] usb 3-1: SerialNumber: syz
[ 1240.295386][ T6012] usb 3-1: config 0 descriptor??
[ 1240.322568][ T6012] usb 3-1: can't set config #0, error -71
[ 1240.359947][ T6012] usb 3-1: USB disconnect, device number 70
[ 1240.387815][T18518] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3222'.
[ 1242.084181][T18535] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=537 sclass=netlink_xfrm_socket pid=18535 comm=syz.1.3219
[ 1242.762875][   T30] audit: type=1326 audit(1765984747.498:1813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18539 comm="syz.3.3228" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f08bc98f749 code=0x0
[ 1243.334185][ T5928] usb 2-1: new high-speed USB device number 65 using dummy_hcd
[ 1243.380732][T18549] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1243.388896][T18549] overlayfs: failed to set xattr on upper
[ 1243.394662][T18549] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1243.401499][T18549] overlayfs: ...falling back to index=off.
[ 1243.407344][T18549] overlayfs: ...falling back to uuid=null.
[ 1243.413144][T18549] overlayfs: maximum fs stacking depth exceeded
[ 1244.827236][ T5928] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[ 1244.863555][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=67
[ 1244.894151][ T5928] usb 2-1: Product: syz
[ 1244.898353][ T5928] usb 2-1: Manufacturer: syz
[ 1244.902955][ T5928] usb 2-1: SerialNumber: syz
[ 1244.951593][ T5928] usb 2-1: config 0 descriptor??
[ 1245.090289][ T5928] ch341 2-1:0.0: ch341-uart converter detected
[ 1245.112914][T18561] xt_hashlimit: max too large, truncated to 1048576
[ 1245.150629][T18559] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3233'.
[ 1245.650362][ T5928] usb 2-1: failed to receive control message: -71
[ 1245.673573][ T5928] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71
[ 1245.696691][ T5928] usb 2-1: USB disconnect, device number 65
[ 1245.706876][ T5928] ch341 2-1:0.0: device disconnected
[ 1245.956737][T18568] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3236'.
[ 1245.974390][   T30] audit: type=1326 audit(1765984750.698:1814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18571 comm="syz.0.3238" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f399338f749 code=0x0
[ 1246.139624][T18578] 9p: Bad value for 'rfdno'
[ 1247.308280][T18591] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1247.315334][T18591] overlayfs: failed to set xattr on upper
[ 1247.321046][T18591] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1247.327934][T18591] overlayfs: ...falling back to index=off.
[ 1247.333734][T18591] overlayfs: ...falling back to uuid=null.
[ 1247.339575][T18591] overlayfs: maximum fs stacking depth exceeded
[ 1250.057835][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.064885][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.071563][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.151249][T18590] infiniband syz2: set active
[ 1250.162792][T18590] infiniband syz2: added erspan0
[ 1250.168686][T18590] workqueue: Failed to create a rescuer kthread for wq "ib_mad1": -EINTR
[ 1250.171857][T18590] infiniband syz2: Couldn't open port 1
[ 1250.190354][ T5977] erspan0 speed is unknown, defaulting to 1000
[ 1250.201746][T18590] RDS/IB: syz2: added
[ 1250.207025][T18590] smc: adding ib device syz2 with port count 1
[ 1250.213348][T18590] smc:    ib device syz2 port 1 has pnetid S (user defined)
[ 1250.224231][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.237487][ T9950] erspan0 speed is unknown, defaulting to 1000
[ 1250.351829][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.431863][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.514546][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.595845][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.677051][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.758713][T18590] erspan0 speed is unknown, defaulting to 1000
[ 1250.946802][T18605] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3246'.
[ 1251.013997][T18607] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3247'.
[ 1251.035313][T18607] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3247'.
[ 1251.427813][T18609] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3248'.
[ 1251.487766][T18618] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3248'.
[ 1251.842785][   T30] audit: type=1400 audit(1765984756.578:1815): avc:  denied  { mount } for  pid=18612 comm="syz.3.3249" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1252.683604][T18639] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1252.690796][T18639] overlayfs: failed to set xattr on upper
[ 1252.696697][T18639] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1252.704035][T18639] overlayfs: ...falling back to index=off.
[ 1252.710388][T18639] overlayfs: ...falling back to uuid=null.
[ 1252.716309][T18639] overlayfs: maximum fs stacking depth exceeded
[ 1255.369030][T18663] tipc: Started in network mode
[ 1255.387363][T18663] tipc: Node identity fe60299491fb, cluster identity 4711
[ 1255.421635][T18663] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1255.444830][T18665] syzkaller0: entered promiscuous mode
[ 1255.466579][T18665] syzkaller0: entered allmulticast mode
[ 1255.598887][T18663] tipc: Resetting bearer <eth:syzkaller0>
[ 1255.618663][ T6274] gretap0: left allmulticast mode
[ 1255.639193][ T6274] gretap0: left promiscuous mode
[ 1255.654500][ T6274] bridge0: port 3(gretap0) entered disabled state
[ 1255.745397][ T6274] bridge_slave_1: left allmulticast mode
[ 1255.766421][ T6274] bridge_slave_1: left promiscuous mode
[ 1255.790067][ T6274] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1256.048474][ T6274] bridge_slave_0: left allmulticast mode
[ 1256.060871][ T6274] bridge_slave_0: left promiscuous mode
[ 1256.087553][ T6274] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1256.130685][ T6274] batman_adv: batadv0: Interface deactivated: gretap1
[ 1256.429759][ T6274] batman_adv: batadv0: Removing interface: gretap1
[ 1256.581509][ T6274] bond0 (unregistering): Released all slaves
[ 1256.760273][ T6274] bond1 (unregistering): Released all slaves
[ 1256.777592][T18654] tipc: Resetting bearer <eth:syzkaller0>
[ 1256.801205][T18654] tipc: Disabling bearer <eth:syzkaller0>
[ 1256.811175][ T5928] tipc: Node number set to 1872439700
[ 1256.924238][ T5925] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1257.834208][ T5925] usb 1-1: Using ep0 maxpacket: 8
[ 1257.948447][ T5925] usb 1-1: config 16 has an invalid descriptor of length 55, skipping remainder of the config
[ 1257.968351][ T5925] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 1257.992694][ T5925] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 1258.120395][ T5925] usb 1-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1258.135089][ T5925] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1258.144258][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1258.165179][ T5925] usbtmc 1-1:16.0: bulk endpoints not found
[ 1258.297721][T18693] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1258.304762][T18693] overlayfs: failed to set xattr on upper
[ 1258.310474][T18693] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1258.317349][T18693] overlayfs: ...falling back to index=off.
[ 1258.323142][T18693] overlayfs: ...falling back to uuid=null.
[ 1258.328970][T18693] overlayfs: maximum fs stacking depth exceeded
[ 1259.644197][ T9950] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[ 1260.794283][ T9950] usb 4-1: Using ep0 maxpacket: 16
[ 1260.802945][ T9950] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1260.812675][ T9950] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1260.821845][ T9950] usb 4-1: Product: syz
[ 1260.826404][ T9950] usb 4-1: Manufacturer: syz
[ 1260.831128][ T9950] usb 4-1: SerialNumber: syz
[ 1260.851922][ T9950] usb 4-1: config 0 descriptor??
[ 1260.934174][ T5928] usb 2-1: new high-speed USB device number 66 using dummy_hcd
[ 1261.203915][ T5925] usb 4-1: USB disconnect, device number 68
[ 1261.211242][ T5928] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1261.237364][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1261.274285][ T5928] usb 2-1: Product: syz
[ 1261.283575][ T5928] usb 2-1: Manufacturer: syz
[ 1261.292831][ T5928] usb 2-1: SerialNumber: syz
[ 1261.359175][ T5928] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1261.398385][T16250] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1261.661261][ T5925] usb 1-1: USB disconnect, device number 69
[ 1262.192235][ T6274] hsr_slave_0: left promiscuous mode
[ 1262.207539][ T6274] hsr_slave_1: left promiscuous mode
[ 1262.265911][ T6274] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1262.284620][ T6274] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1262.308870][ T6274] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1262.334891][ T6274] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1262.405677][ T6274] veth1_macvtap: left allmulticast mode
[ 1262.424412][ T6274] veth1_macvtap: left promiscuous mode
[ 1262.441047][ T6274] veth0_macvtap: left promiscuous mode
[ 1262.452736][ T6274] veth1_vlan: left promiscuous mode
[ 1262.464807][ T6274] veth0_vlan: left promiscuous mode
[ 1262.496850][T16250] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[ 1262.578401][T16250] ath9k_htc: Failed to initialize the device
[ 1262.778386][T16250] usb 2-1: ath9k_htc: USB layer deinitialized
[ 1263.363481][   T30] audit: type=1400 audit(1765984768.098:1816): avc:  denied  { setattr } for  pid=18732 comm="syz.2.3276" name="route" dev="proc" ino=4026534433 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[ 1264.194409][T18744] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1264.201451][T18744] overlayfs: failed to set xattr on upper
[ 1264.207279][T18744] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1264.214239][T18744] overlayfs: ...falling back to index=off.
[ 1264.220084][T18744] overlayfs: ...falling back to uuid=null.
[ 1264.225991][T18744] overlayfs: maximum fs stacking depth exceeded
[ 1266.964054][T18747] mmap: syz.2.3286 (18747): VmData 25841664 exceed data ulimit 3. Update limits or use boot option ignore_rlimit_data.
[ 1268.108041][   T30] audit: type=1400 audit(1765984772.848:1817): avc:  denied  { create } for  pid=18764 comm="syz.2.3292" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1268.165440][ T6274] team0 (unregistering): Port device team_slave_1 removed
[ 1268.372376][ T6274] team0 (unregistering): Port device team_slave_0 removed
[ 1269.217865][T18784] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1269.225208][T18784] overlayfs: failed to set xattr on upper
[ 1269.230933][T18784] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1269.237801][T18784] overlayfs: ...falling back to index=off.
[ 1269.243593][T18784] overlayfs: ...falling back to uuid=null.
[ 1269.249426][T18784] overlayfs: maximum fs stacking depth exceeded
[ 1270.566506][T18708] bond0: (slave bond_slave_0): Releasing backup interface
[ 1270.731946][ T6012] usb 2-1: USB disconnect, device number 66
[ 1272.355571][ T6274] IPVS: stop unused estimator thread 0...
[ 1273.120860][T18816] ubi: mtd0 is already attached to ubi31
[ 1273.491324][T18820] support for cryptoloop has been removed.  Use dm-crypt instead.
[ 1274.500619][T18825] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3308'.
[ 1275.874227][ T9950] usb 3-1: new full-speed USB device number 71 using dummy_hcd
[ 1276.164192][ T9950] usb 3-1: device descriptor read/64, error -71
[ 1276.174355][T18851] input: syz1 as /devices/virtual/input/input59
[ 1276.321639][T18854] erspan0 speed is unknown, defaulting to 1000
[ 1276.425558][ T9950] usb 3-1: new full-speed USB device number 72 using dummy_hcd
[ 1276.878714][ T9950] usb 3-1: device descriptor read/64, error -71
[ 1277.025517][ T9950] usb usb3-port1: attempt power cycle
[ 1277.414167][ T9950] usb 3-1: new full-speed USB device number 73 using dummy_hcd
[ 1277.445061][ T9950] usb 3-1: device descriptor read/8, error -71
[ 1277.747930][T18871] JFS: discard option not supported on device
[ 1277.756219][T18871] Mount JFS Failure: -22
[ 1277.760498][T18871] jfs_mount failed w/return code = -22
[ 1277.985152][ T5925] usb 1-1: new full-speed USB device number 70 using dummy_hcd
[ 1278.310218][ T9950] usb 3-1: new full-speed USB device number 74 using dummy_hcd
[ 1278.345966][ T9950] usb 3-1: device descriptor read/8, error -71
[ 1278.760257][ T9950] usb usb3-port1: unable to enumerate USB device
[ 1278.826243][T18878] sch_tbf: burst 6 is lower than device ip6gre0 mtu (1448) !
[ 1278.975964][ T5925] usb 1-1: config 8 has an invalid interface number: 177 but max is 0
[ 1278.984550][ T5925] usb 1-1: config 8 has no interface number 0
[ 1278.990799][ T5925] usb 1-1: config 8 interface 177 altsetting 9 has an endpoint descriptor with address 0xAD, changing to 0x8D
[ 1279.408298][ T5925] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x8D has invalid maxpacket 1023, setting to 64
[ 1279.419899][ T5925] usb 1-1: config 8 interface 177 altsetting 9 endpoint 0x87 has invalid wMaxPacketSize 0
[ 1279.431113][ T5925] usb 1-1: config 8 interface 177 has no altsetting 0
[ 1279.437980][ T5925] usb 1-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[ 1279.447070][ T5925] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1279.590696][T18869] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[ 1279.767928][T18889] FAULT_INJECTION: forcing a failure.
[ 1279.767928][T18889] name failslab, interval 1, probability 0, space 0, times 0
[ 1279.810727][T18869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1279.819287][T18889] CPU: 1 UID: 0 PID: 18889 Comm: syz.1.3331 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1279.819314][T18889] Tainted: [L]=SOFTLOCKUP
[ 1279.819319][T18889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1279.819329][T18889] Call Trace:
[ 1279.819335][T18889]  <TASK>
[ 1279.819342][T18889]  dump_stack_lvl+0x16c/0x1f0
[ 1279.819367][T18889]  should_fail_ex+0x512/0x640
[ 1279.819391][T18889]  ? kmem_cache_alloc_node_noprof+0x65/0x800
[ 1279.819411][T18889]  should_failslab+0xc2/0x120
[ 1279.819433][T18889]  kmem_cache_alloc_node_noprof+0x86/0x800
[ 1279.819449][T18889]  ? __alloc_skb+0x156/0x410
[ 1279.819472][T18889]  ? __alloc_skb+0x35d/0x410
[ 1279.819498][T18889]  ? __alloc_skb+0x156/0x410
[ 1279.819520][T18889]  __alloc_skb+0x156/0x410
[ 1279.819541][T18889]  ? __alloc_skb+0x35d/0x410
[ 1279.819562][T18889]  ? __pfx___alloc_skb+0x10/0x10
[ 1279.819584][T18889]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1279.819604][T18889]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1279.819630][T18889]  netlink_alloc_large_skb+0x69/0x140
[ 1279.819652][T18889]  netlink_sendmsg+0x698/0xdd0
[ 1279.819675][T18889]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1279.819703][T18889]  __sys_sendto+0x4a3/0x520
[ 1279.819728][T18889]  ? __pfx___sys_sendto+0x10/0x10
[ 1279.819759][T18889]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[ 1279.819778][T18889]  ? count_memcg_events+0x122/0x290
[ 1279.819815][T18889]  __x64_sys_sendto+0xe0/0x1c0
[ 1279.819838][T18889]  ? do_syscall_64+0x91/0xf80
[ 1279.819856][T18889]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1279.819875][T18889]  do_syscall_64+0xcd/0xf80
[ 1279.819896][T18889]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1279.819911][T18889] RIP: 0033:0x7f63271915dc
[ 1279.819924][T18889] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[ 1279.819939][T18889] RSP: 002b:00007f6327f42ec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[ 1279.819955][T18889] RAX: ffffffffffffffda RBX: 00007f6327f42fc0 RCX: 00007f63271915dc
[ 1279.819966][T18889] RDX: 0000000000000020 RSI: 00007f6327f43010 RDI: 0000000000000008
[ 1279.819975][T18889] RBP: 0000000000000000 R08: 00007f6327f42f14 R09: 000000000000000c
[ 1279.819984][T18889] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[ 1279.819993][T18889] R13: 00007f6327f42f68 R14: 00007f6327f43010 R15: 0000000000000000
[ 1279.820016][T18889]  </TASK>
[ 1280.069240][T18869] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1280.191529][   T30] audit: type=1400 audit(1765984784.858:1818): avc:  denied  { map } for  pid=18890 comm="syz.2.3332" path="socket:[68507]" dev="sockfs" ino=68507 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1280.216025][   T30] audit: type=1400 audit(1765984784.858:1819): avc:  denied  { read accept } for  pid=18890 comm="syz.2.3332" path="socket:[68507]" dev="sockfs" ino=68507 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[ 1280.227046][T18896] binder: 18890:18896 ioctl c018620c 2000000002c0 returned -1
[ 1280.988277][ T5888] erspan0 speed is unknown, defaulting to 1000
[ 1281.117448][T18896] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3332'.
[ 1281.395323][T17429] Bluetooth: hci5: command 0x0406 tx timeout
[ 1282.664582][ T5925] usb 1-1: string descriptor 0 read error: -71
[ 1282.737082][ T5925] ir_toy 1-1:8.177: required endpoints not found
[ 1282.761928][ T5925] usb 1-1: USB disconnect, device number 70
[ 1282.941581][   T30] audit: type=1326 audit(1765984787.678:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.057082][   T30] audit: type=1326 audit(1765984787.678:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.191000][   T30] audit: type=1326 audit(1765984787.718:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.266344][   T30] audit: type=1326 audit(1765984787.718:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.354417][T18908] kvm: kvm [18907]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[ 1283.365952][T18908] kvm: kvm [18907]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[ 1283.425182][   T30] audit: type=1326 audit(1765984787.718:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.521755][   T30] audit: type=1326 audit(1765984787.718:1825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.640888][   T30] audit: type=1326 audit(1765984787.718:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1283.813783][   T30] audit: type=1326 audit(1765984787.718:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18910 comm="syz.1.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f632718f749 code=0x7ffc0000
[ 1284.085787][T18923] overlayfs: failed to clone upperpath
[ 1286.500864][ T5826] Bluetooth: hci4: command 0x0406 tx timeout
[ 1289.884962][T16250] usb 3-1: new high-speed USB device number 75 using dummy_hcd
[ 1290.114336][T16250] usb 3-1: Using ep0 maxpacket: 16
[ 1290.123385][T16250] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1290.143528][T16250] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1290.159035][T16250] usb 3-1: Product: syz
[ 1290.163235][T16250] usb 3-1: Manufacturer: syz
[ 1290.209944][T16250] usb 3-1: SerialNumber: syz
[ 1290.255166][T16250] usb 3-1: config 0 descriptor??
[ 1290.648474][T19000] netlink: 208 bytes leftover after parsing attributes in process `syz.3.3360'.
[ 1290.772302][T19009] nfs: Bad value for 'source'
[ 1291.703440][T19022] overlayfs: failed to resolve './bus': -2
[ 1293.384744][T14755] usb 3-1: USB disconnect, device number 75
[ 1293.622686][T19021] batadv_slave_1: entered promiscuous mode
[ 1293.715101][T19027] dvmrp1: entered allmulticast mode
[ 1294.049095][T19014] batadv_slave_1: left promiscuous mode
[ 1294.094310][ T9950] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[ 1294.430762][ T9950] usb 4-1: Using ep0 maxpacket: 16
[ 1294.576355][ T9950] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1294.601237][ T9950] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1294.635151][ T9950] usb 4-1: Product: syz
[ 1294.639431][ T9950] usb 4-1: Manufacturer: syz
[ 1294.644028][ T9950] usb 4-1: SerialNumber: syz
[ 1294.670754][ T9950] usb 4-1: config 0 descriptor??
[ 1295.599342][T19050] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=19050 comm=syz.0.3374
[ 1296.105142][T19060] JFS: discard option not supported on device
[ 1296.113271][T19060] Mount JFS Failure: -22
[ 1296.117605][T19060] jfs_mount failed w/return code = -22
[ 1296.377481][T19062] overlayfs: failed to resolve './bus': -2
[ 1298.868782][   T30] kauditd_printk_skb: 62 callbacks suppressed
[ 1298.868797][   T30] audit: type=1326 audit(1765984803.608:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19076 comm="syz.2.3385" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f128498f749 code=0x0
[ 1299.033491][T14755] usb 4-1: USB disconnect, device number 69
[ 1299.488214][T19088] team0: Port device team_slave_0 removed
[ 1299.504763][T11749] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[ 1299.525486][T19088] team0: Port device team_slave_1 removed
[ 1299.557605][T19088] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1299.565096][T19088] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1299.575408][T19088] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1299.603625][T19088] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1299.616200][T19088] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[ 1299.679767][T11749] usb 4-1: Using ep0 maxpacket: 32
[ 1299.686207][T11749] usb 4-1: config 0 has an invalid interface number: 242 but max is 0
[ 1299.695370][T11749] usb 4-1: config 0 has no interface number 0
[ 1299.707928][T11749] usb 4-1: New USB device found, idVendor=040d, idProduct=6205, bcdDevice= 0.03
[ 1299.717614][T11749] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1299.725707][T11749] usb 4-1: Product: syz
[ 1299.730210][T11749] usb 4-1: Manufacturer: syz
[ 1299.736419][T11749] usb 4-1: SerialNumber: syz
[ 1299.747264][T11749] usb 4-1: config 0 descriptor??
[ 1299.754452][T11749] usb-storage 4-1:0.242: USB Mass Storage device detected
[ 1299.778079][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1299.784487][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1299.802532][T11749] usb-storage 4-1:0.242: Quirks match for vid 040d pid 6205: 20
[ 1300.161929][T19086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1300.178624][T19086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1300.230799][   T30] audit: type=1400 audit(1765984804.968:1891): avc:  denied  { setopt } for  pid=19085 comm="syz.3.3387" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1300.261080][T11749] usb 4-1: USB disconnect, device number 70
[ 1304.663842][   T30] audit: type=1326 audit(1765984809.398:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19131 comm="syz.5.3398" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4a70b8f749 code=0x0
[ 1304.698940][T19127] erspan0 speed is unknown, defaulting to 1000
[ 1304.857304][T19139] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3400'.
[ 1307.103391][T19164] JFS: discard option not supported on device
[ 1307.111397][T19164] Mount JFS Failure: -22
[ 1307.115726][T19164] jfs_mount failed w/return code = -22
[ 1307.460163][T19160] tc_dump_action: action bad kind
[ 1307.577075][T19167] FAULT_INJECTION: forcing a failure.
[ 1307.577075][T19167] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1307.754253][T19167] CPU: 1 UID: 0 PID: 19167 Comm: syz.0.3409 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1307.754283][T19167] Tainted: [L]=SOFTLOCKUP
[ 1307.754289][T19167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1307.754299][T19167] Call Trace:
[ 1307.754305][T19167]  <TASK>
[ 1307.754312][T19167]  dump_stack_lvl+0x16c/0x1f0
[ 1307.754339][T19167]  should_fail_ex+0x512/0x640
[ 1307.754368][T19167]  _copy_from_user+0x2e/0xd0
[ 1307.754393][T19167]  msr_io+0x93/0x480
[ 1307.754412][T19167]  ? __pfx_do_set_msr+0x10/0x10
[ 1307.754439][T19167]  ? __pfx_msr_io+0x10/0x10
[ 1307.754467][T19167]  kvm_arch_vcpu_ioctl+0x1455/0x54b0
[ 1307.754487][T19167]  ? kvm_arch_vcpu_ioctl+0x1430/0x54b0
[ 1307.754510][T19167]  ? stack_trace_save+0x8e/0xc0
[ 1307.754529][T19167]  ? __pfx_stack_trace_save+0x10/0x10
[ 1307.754548][T19167]  ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10
[ 1307.754569][T19167]  ? __lock_acquire+0x436/0x2890
[ 1307.754591][T19167]  ? kasan_save_stack+0x42/0x60
[ 1307.754609][T19167]  ? kasan_save_stack+0x33/0x60
[ 1307.754625][T19167]  ? kasan_save_track+0x14/0x30
[ 1307.754643][T19167]  ? kasan_save_free_info+0x3b/0x60
[ 1307.754672][T19167]  ? __lock_acquire+0x436/0x2890
[ 1307.754703][T19167]  ? lock_acquire+0x179/0x330
[ 1307.754725][T19167]  ? __pfx___might_resched+0x10/0x10
[ 1307.754743][T19167]  ? rcu_is_watching+0x12/0xc0
[ 1307.754759][T19167]  ? trace_contention_end+0xdd/0x110
[ 1307.754780][T19167]  ? __mutex_lock+0x27b/0x1ca0
[ 1307.754808][T19167]  ? kvm_vcpu_ioctl+0x316/0x16d0
[ 1307.754838][T19167]  ? __pfx___mutex_lock+0x10/0x10
[ 1307.754878][T19167]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1307.754903][T19167]  ? kvm_vcpu_ioctl+0x1293/0x16d0
[ 1307.754926][T19167]  kvm_vcpu_ioctl+0x1293/0x16d0
[ 1307.754954][T19167]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1307.754980][T19167]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1307.755002][T19167]  ? do_vfs_ioctl+0x128/0x14f0
[ 1307.755022][T19167]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1307.755042][T19167]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1307.755073][T19167]  ? hook_file_ioctl_common+0x144/0x410
[ 1307.755106][T19167]  ? selinux_file_ioctl+0x180/0x270
[ 1307.755126][T19167]  ? selinux_file_ioctl+0xb4/0x270
[ 1307.755150][T19167]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[ 1307.755176][T19167]  __x64_sys_ioctl+0x18e/0x210
[ 1307.755198][T19167]  do_syscall_64+0xcd/0xf80
[ 1307.755222][T19167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1307.755239][T19167] RIP: 0033:0x7f399338f749
[ 1307.755253][T19167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1307.755270][T19167] RSP: 002b:00007f39941a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1307.755288][T19167] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1307.755300][T19167] RDX: 0000200000000080 RSI: 000000004008ae89 RDI: 0000000000000005
[ 1307.755310][T19167] RBP: 00007f39941a2090 R08: 0000000000000000 R09: 0000000000000000
[ 1307.755320][T19167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1307.755330][T19167] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1307.755356][T19167]  </TASK>
[ 1308.499758][   T30] audit: type=1800 audit(1765984813.238:1893): pid=19173 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.3411" name="bus" dev="overlay" ino=396 res=0 errno=0
[ 1308.754317][T19180] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.3413'.
[ 1310.282146][T19200] JFS: discard option not supported on device
[ 1310.291353][T19200] Mount JFS Failure: -22
[ 1310.542971][T19200] jfs_mount failed w/return code = -22
[ 1310.551543][T19203] JFS: discard option not supported on device
[ 1310.559033][T19203] Mount JFS Failure: -22
[ 1310.563279][T19203] jfs_mount failed w/return code = -22
[ 1311.527571][   T30] audit: type=1400 audit(1765984816.258:1894): avc:  denied  { search } for  pid=19204 comm="syz.5.3419" name="/" dev="configfs" ino=1114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[ 1312.418980][T19221] netlink: 1752 bytes leftover after parsing attributes in process `syz.1.3425'.
[ 1313.520758][T19232] rdma_rxe: rxe_newlink: failed to add erspan0
[ 1314.285515][T19236] JFS: discard option not supported on device
[ 1314.293227][T19236] Mount JFS Failure: -22
[ 1314.297542][T19236] jfs_mount failed w/return code = -22
[ 1315.633767][T19252] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3434'.
[ 1316.117096][ T9950] libceph: connect (1)[c::]:6789 error -101
[ 1316.123128][ T9950] libceph: mon0 (1)[c::]:6789 connect error
[ 1316.253325][T19257] ceph: No mds server is up or the cluster is laggy
[ 1316.282540][T19267] ref_tracker: memory allocation failure, unreliable refcount tracker.
[ 1317.848082][T19286] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3441'.
[ 1319.484171][T13710] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[ 1320.215870][T13710] usb 4-1: too many configurations: 9, using maximum allowed: 8
[ 1320.259599][T13710] usb 4-1: unable to read config index 0 descriptor/start: -61
[ 1320.894311][T13710] usb 4-1: can't read configurations, error -61
[ 1321.065490][T13710] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[ 1321.920397][T13710] usb 4-1: device descriptor read/all, error -71
[ 1321.962497][T13710] usb usb4-port1: attempt power cycle
[ 1322.580061][   T30] audit: type=1400 audit(1765984827.238:1895): avc:  denied  { write } for  pid=19331 comm="syz.2.3459" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1322.614229][   T30] audit: type=1400 audit(1765984827.238:1896): avc:  denied  { open } for  pid=19331 comm="syz.2.3459" path="/94/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1322.638185][   T30] audit: type=1400 audit(1765984827.248:1897): avc:  denied  { set_context_mgr } for  pid=19331 comm="syz.2.3459" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[ 1322.759626][T19339] gfs2: block size(16384) > page size(4096) not supported by filesystem
[ 1322.803672][T19339] binder: 19333:19339 ioctl c0306201 200000000040 returned -14
[ 1323.135978][   T30] audit: type=1400 audit(1765984827.248:1898): avc:  denied  { ioctl } for  pid=19331 comm="syz.2.3459" path="/94/file0/file0" dev="fuse" ino=64 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1323.180862][   T30] audit: type=1400 audit(1765984827.918:1899): avc:  denied  { read write } for  pid=17578 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1323.208606][   T30] audit: type=1400 audit(1765984827.928:1900): avc:  denied  { open } for  pid=17578 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1323.341057][   T30] audit: type=1400 audit(1765984827.928:1901): avc:  denied  { ioctl } for  pid=17578 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1323.439165][T19344] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3461'.
[ 1323.696393][   T30] audit: type=1400 audit(1765984828.368:1902): avc:  denied  { bpf } for  pid=19345 comm="syz.0.3453" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1323.821861][   T30] audit: type=1400 audit(1765984828.368:1903): avc:  denied  { perfmon } for  pid=19345 comm="syz.0.3453" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1324.195698][   T30] audit: type=1400 audit(1765984828.938:1904): avc:  denied  { create } for  pid=19355 comm="syz.1.3462" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[ 1325.125105][T19379] vivid-001: disconnect
[ 1325.356622][T19382] FAULT_INJECTION: forcing a failure.
[ 1325.356622][T19382] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1325.425871][T19377] vivid-001: reconnect
[ 1325.472565][T19382] CPU: 0 UID: 0 PID: 19382 Comm: syz.2.3467 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1325.472593][T19382] Tainted: [L]=SOFTLOCKUP
[ 1325.472599][T19382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1325.472609][T19382] Call Trace:
[ 1325.472614][T19382]  <TASK>
[ 1325.472620][T19382]  dump_stack_lvl+0x16c/0x1f0
[ 1325.472644][T19382]  should_fail_ex+0x512/0x640
[ 1325.472668][T19382]  _copy_from_user+0x2e/0xd0
[ 1325.472692][T19382]  snd_ctl_elem_add_user+0x9b/0x170
[ 1325.472720][T19382]  ? __pfx_snd_ctl_elem_add_user+0x10/0x10
[ 1325.472736][T19382]  ? find_held_lock+0x2b/0x80
[ 1325.472776][T19382]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1325.472795][T19382]  ? do_vfs_ioctl+0x128/0x14f0
[ 1325.472815][T19382]  snd_ctl_ioctl+0x3a3/0x13e0
[ 1325.472832][T19382]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1325.472854][T19382]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1325.472875][T19382]  ? hook_file_ioctl_common+0x144/0x410
[ 1325.472908][T19382]  ? selinux_file_ioctl+0x180/0x270
[ 1325.472926][T19382]  ? selinux_file_ioctl+0xb4/0x270
[ 1325.472947][T19382]  ? __pfx_snd_ctl_ioctl+0x10/0x10
[ 1325.472966][T19382]  __x64_sys_ioctl+0x18e/0x210
[ 1325.472986][T19382]  do_syscall_64+0xcd/0xf80
[ 1325.473010][T19382]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1325.473027][T19382] RIP: 0033:0x7f128498f749
[ 1325.473041][T19382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1325.473057][T19382] RSP: 002b:00007f12857e2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1325.473073][T19382] RAX: ffffffffffffffda RBX: 00007f1284be6180 RCX: 00007f128498f749
[ 1325.473084][T19382] RDX: 0000200000000040 RSI: 00000000c1105518 RDI: 000000000000000f
[ 1325.473094][T19382] RBP: 00007f12857e2090 R08: 0000000000000000 R09: 0000000000000000
[ 1325.473103][T19382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1325.473113][T19382] R13: 00007f1284be6218 R14: 00007f1284be6180 R15: 00007fffd175c458
[ 1325.473136][T19382]  </TASK>
[ 1326.209810][T19393] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3474'.
[ 1328.333535][T19413] JFS: discard option not supported on device
[ 1328.341749][T19413] Mount JFS Failure: -22
[ 1328.346271][T19413] jfs_mount failed w/return code = -22
[ 1328.890929][   T30] kauditd_printk_skb: 4 callbacks suppressed
[ 1328.890940][   T30] audit: type=1326 audit(1765984833.628:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19416 comm="syz.2.3482" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f128498f749 code=0x0
[ 1329.324193][ T5928] usb 3-1: new high-speed USB device number 76 using dummy_hcd
[ 1329.606731][T19435] 
: renamed from bridge_slave_0 (while UP)
[ 1329.662229][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1329.692443][ T5928] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1329.825049][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1329.857960][ T5928] usb 3-1: config 0 descriptor??
[ 1329.869777][ T5928] pwc: Askey VC010 type 2 USB webcam detected.
[ 1330.515918][ T5926] usb 4-1: new high-speed USB device number 74 using dummy_hcd
[ 1330.552119][   T30] audit: type=1800 audit(1765984834.928:1910): pid=19444 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.5.3486" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[ 1330.724664][ T5928] pwc: send_video_command error -71
[ 1330.739557][ T5928] pwc: Failed to set video mode CIF@30 fps; return code = -71
[ 1330.785219][ T5928] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[ 1330.814989][ T5928] usb 3-1: USB disconnect, device number 76
[ 1330.876516][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1330.958606][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1331.054302][ T5926] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1331.064178][ T5926] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1331.078142][ T5926] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1331.087630][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.171111][ T5926] usb 4-1: config 0 descriptor??
[ 1331.435447][ T5928] usb 3-1: new high-speed USB device number 77 using dummy_hcd
[ 1331.632558][ T5928] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1331.658506][ T5928] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1331.660400][ T5926] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max
[ 1331.667781][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1331.698586][ T5928] usb 3-1: config 0 descriptor??
[ 1331.709050][ T5928] pwc: Askey VC010 type 2 USB webcam detected.
[ 1331.720073][ T5926] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1331.987395][T19468] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3487'.
[ 1331.998802][   T30] audit: type=1400 audit(1765984836.748:1911): avc:  denied  { read append } for  pid=19463 comm="syz.0.3492" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[ 1332.035132][T19468] 9p: Bad value for 'rfdno'
[ 1332.115752][ T5928] pwc: recv_control_msg error -32 req 02 val 2b00
[ 1332.123830][ T5928] pwc: recv_control_msg error -32 req 02 val 2700
[ 1332.131361][ T5928] pwc: recv_control_msg error -32 req 02 val 2c00
[ 1332.139296][ T5928] pwc: recv_control_msg error -32 req 04 val 1000
[ 1332.147354][ T5928] pwc: recv_control_msg error -32 req 04 val 1300
[ 1332.155730][ T5928] pwc: recv_control_msg error -32 req 04 val 1400
[ 1332.166958][ T5928] pwc: recv_control_msg error -32 req 02 val 2000
[ 1332.174716][ T5928] pwc: recv_control_msg error -32 req 02 val 2100
[ 1332.191867][ T5928] pwc: recv_control_msg error -32 req 04 val 1500
[ 1332.904160][ T5926] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 1333.065405][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1333.078101][ T5926] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1333.089626][ T5926] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1333.098834][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1333.108719][ T5926] usb 1-1: config 0 descriptor??
[ 1333.477695][ T5928] pwc: recv_control_msg error -71 req 02 val 2400
[ 1333.500272][ T5928] pwc: recv_control_msg error -71 req 02 val 2600
[ 1333.511438][ T5928] pwc: recv_control_msg error -71 req 02 val 2900
[ 1333.518955][ T5928] pwc: recv_control_msg error -71 req 02 val 2800
[ 1333.526385][ T5928] pwc: recv_control_msg error -71 req 04 val 1100
[ 1333.533355][ T5928] pwc: recv_control_msg error -71 req 04 val 1200
[ 1333.541709][ T5928] pwc: Registered as video103.
[ 1333.548348][ T5928] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input60
[ 1333.577412][ T5926] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0
[ 1333.600345][ T5926] cp2112 0003:10C4:EA90.0007: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0
[ 1333.635969][ T5928] usb 3-1: USB disconnect, device number 77
[ 1334.048062][ T5887] usb 4-1: USB disconnect, device number 74
[ 1334.069024][ T5926] cp2112 0003:10C4:EA90.0007: Part Number: 0x82 Device Version: 0xFE
[ 1334.304011][T19478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1334.316269][T19478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1334.384189][ T5928] usb 3-1: new high-speed USB device number 78 using dummy_hcd
[ 1334.799149][ T5926] cp2112 0003:10C4:EA90.0007: error setting SMBus config
[ 1334.833594][T19499] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3502'.
[ 1334.845338][ T5926] cp2112 0003:10C4:EA90.0007: probe with driver cp2112 failed with error -71
[ 1334.845868][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1334.869230][ T5926] usb 1-1: USB disconnect, device number 71
[ 1334.912269][ T5928] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1335.020941][ T5928] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[ 1335.044143][ T5928] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1335.127382][ T5928] usb 3-1: config 0 descriptor??
[ 1335.142264][   T30] audit: type=1400 audit(1765984839.878:1912): avc:  denied  { write } for  pid=19503 comm="syz.5.3504" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[ 1336.262238][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.289874][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.565715][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.577372][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.584713][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.591856][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.631253][ T5928] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0
[ 1336.641907][ T5928] cp2112 0003:10C4:EA90.0008: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[ 1336.707002][ T5928] cp2112 0003:10C4:EA90.0008: Part Number: 0x82 Device Version: 0xFE
[ 1337.116774][T19490] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1337.128248][ T5928] cp2112 0003:10C4:EA90.0008: error setting SMBus config
[ 1337.139766][ T5928] cp2112 0003:10C4:EA90.0008: probe with driver cp2112 failed with error -71
[ 1337.158885][ T5928] usb 3-1: USB disconnect, device number 78
[ 1337.291782][T19523] JFS: discard option not supported on device
[ 1337.300811][T19523] Mount JFS Failure: -22
[ 1337.305330][T19523] jfs_mount failed w/return code = -22
[ 1337.682651][T19527] binder: 19525:19527 ioctl 4018620d 0 returned -22
[ 1338.338310][ T5826] Bluetooth: hci0: command 0x0406 tx timeout
[ 1340.791813][T19576] FAULT_INJECTION: forcing a failure.
[ 1340.791813][T19576] name failslab, interval 1, probability 0, space 0, times 0
[ 1340.842831][T19576] CPU: 0 UID: 0 PID: 19576 Comm: syz.0.3525 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1340.842861][T19576] Tainted: [L]=SOFTLOCKUP
[ 1340.842867][T19576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1340.842875][T19576] Call Trace:
[ 1340.842880][T19576]  <TASK>
[ 1340.842885][T19576]  dump_stack_lvl+0x16c/0x1f0
[ 1340.842904][T19576]  should_fail_ex+0x512/0x640
[ 1340.842920][T19576]  ? __kmalloc_noprof+0xca/0x910
[ 1340.842939][T19576]  should_failslab+0xc2/0x120
[ 1340.842953][T19576]  __kmalloc_noprof+0xeb/0x910
[ 1340.842969][T19576]  ? path_get+0x61/0x80
[ 1340.842985][T19576]  ? do_handle_open+0x554/0xd10
[ 1340.843004][T19576]  ? do_handle_open+0x554/0xd10
[ 1340.843019][T19576]  ? nsfs_export_permission+0x9/0x10
[ 1340.843035][T19576]  do_handle_open+0x554/0xd10
[ 1340.843051][T19576]  ? __fget_files+0x20e/0x3c0
[ 1340.843067][T19576]  ? __pfx_do_handle_open+0x10/0x10
[ 1340.843086][T19576]  ? ksys_write+0x1ac/0x250
[ 1340.843104][T19576]  ? do_syscall_64+0xcd/0xf80
[ 1340.843117][T19576]  do_syscall_64+0xcd/0xf80
[ 1340.843131][T19576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.843141][T19576] RIP: 0033:0x7f399338f749
[ 1340.843150][T19576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1340.843160][T19576] RSP: 002b:00007f39941a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[ 1340.843171][T19576] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1340.843178][T19576] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000006
[ 1340.843184][T19576] RBP: 00007f39941a2090 R08: 0000000000000000 R09: 0000000000000000
[ 1340.843190][T19576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1340.843196][T19576] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1340.843209][T19576]  </TASK>
[ 1341.974154][ T5888] usb 1-1: new full-speed USB device number 72 using dummy_hcd
[ 1342.135446][ T5888] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[ 1342.145807][T19588] 9p: Bad value for 'wfdno'
[ 1342.152503][T19588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3529'.
[ 1342.161844][ T5888] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[ 1342.176006][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1342.195208][ T5888] gspca_main: stv0680-2.14.0 probing 041e:4007
[ 1342.292025][T19593] netlink: 'syz.1.3531': attribute type 2 has an invalid length.
[ 1342.328823][T19593] : entered promiscuous mode
[ 1342.655828][T19600] loop9: detected capacity change from 0 to 7
[ 1342.686294][T19600] Dev loop9: unable to read RDB block 7
[ 1342.692089][T19600]  loop9: unable to read partition table
[ 1342.698577][T19600] loop9: partition table beyond EOD, truncated
[ 1342.704839][T19600] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[ 1343.162412][T19604] netlink: 'syz.5.3528': attribute type 5 has an invalid length.
[ 1343.343656][T19608] bond1 (unregistering): Released all slaves
[ 1343.459383][T19610] batadv_slave_1: entered promiscuous mode
[ 1343.804543][ T5888] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -110
[ 1343.830151][ T5888] stv0680 1-1:4.0: STV(e): camera ping failed!!
[ 1343.840900][ T5888] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -32
[ 1343.849629][ T5888] stv0680 1-1:4.0: last error: 0,  command = 0x0
[ 1344.590554][   T30] audit: type=1400 audit(1765984849.248:1913): avc:  denied  { setopt } for  pid=19619 comm="syz.3.3538" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1344.791724][ T5888] usb 1-1: USB disconnect, device number 72
[ 1344.806078][T19602] batadv_slave_1: left promiscuous mode
[ 1347.040220][T19645] JFS: discard option not supported on device
[ 1347.048586][T19645] Mount JFS Failure: -22
[ 1347.052914][T19645] jfs_mount failed w/return code = -22
[ 1347.385664][T19653] FAULT_INJECTION: forcing a failure.
[ 1347.385664][T19653] name failslab, interval 1, probability 0, space 0, times 0
[ 1347.441369][T19653] CPU: 0 UID: 0 PID: 19653 Comm: syz.2.3548 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1347.441401][T19653] Tainted: [L]=SOFTLOCKUP
[ 1347.441407][T19653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1347.441418][T19653] Call Trace:
[ 1347.441424][T19653]  <TASK>
[ 1347.441432][T19653]  dump_stack_lvl+0x16c/0x1f0
[ 1347.441459][T19653]  should_fail_ex+0x512/0x640
[ 1347.441485][T19653]  ? __kmalloc_noprof+0xca/0x910
[ 1347.441515][T19653]  should_failslab+0xc2/0x120
[ 1347.441538][T19653]  __kmalloc_noprof+0xeb/0x910
[ 1347.441565][T19653]  ? lsm_blob_alloc+0x68/0x90
[ 1347.441586][T19653]  ? lsm_blob_alloc+0x68/0x90
[ 1347.441600][T19653]  lsm_blob_alloc+0x68/0x90
[ 1347.441616][T19653]  security_sk_alloc+0x2f/0x270
[ 1347.441638][T19653]  sk_prot_alloc+0x1c7/0x2a0
[ 1347.441663][T19653]  sk_alloc+0x36/0xe30
[ 1347.441692][T19653]  bpf_prog_test_run_skb+0x4cd/0x31a0
[ 1347.441719][T19653]  ? find_held_lock+0x2b/0x80
[ 1347.441754][T19653]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1347.441777][T19653]  ? fput+0x70/0xf0
[ 1347.441795][T19653]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[ 1347.441816][T19653]  __sys_bpf+0x1035/0x4980
[ 1347.441845][T19653]  ? __pfx___sys_bpf+0x10/0x10
[ 1347.441868][T19653]  ? find_held_lock+0x2b/0x80
[ 1347.441899][T19653]  ? find_held_lock+0x2b/0x80
[ 1347.441930][T19653]  ? __mutex_unlock_slowpath+0x161/0x790
[ 1347.441969][T19653]  ? fput+0x70/0xf0
[ 1347.441985][T19653]  ? ksys_write+0x1ac/0x250
[ 1347.442006][T19653]  ? __pfx_ksys_write+0x10/0x10
[ 1347.442032][T19653]  __x64_sys_bpf+0x78/0xc0
[ 1347.442056][T19653]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1347.442077][T19653]  do_syscall_64+0xcd/0xf80
[ 1347.442101][T19653]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.442118][T19653] RIP: 0033:0x7f128498f749
[ 1347.442134][T19653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1347.442150][T19653] RSP: 002b:00007f1285824038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1347.442168][T19653] RAX: ffffffffffffffda RBX: 00007f1284be5fa0 RCX: 00007f128498f749
[ 1347.442180][T19653] RDX: 0000000000000050 RSI: 0000200000000540 RDI: 000000000000000a
[ 1347.442190][T19653] RBP: 00007f1285824090 R08: 0000000000000000 R09: 0000000000000000
[ 1347.442200][T19653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1347.442210][T19653] R13: 00007f1284be6038 R14: 00007f1284be5fa0 R15: 00007fffd175c458
[ 1347.442236][T19653]  </TASK>
[ 1348.014225][ T5826] Bluetooth: hci2: command 0x0406 tx timeout
[ 1348.738836][T19678] batadv_slave_1: entered promiscuous mode
[ 1349.217711][   T30] audit: type=1400 audit(1765984853.698:1914): avc:  denied  { wake_alarm } for  pid=19669 comm="syz.3.3553" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1350.148052][T19673] batadv_slave_1: left promiscuous mode
[ 1350.669256][T19688] erspan0 speed is unknown, defaulting to 1000
[ 1350.712924][T19695] overlayfs: missing 'lowerdir'
[ 1352.191360][   T30] audit: type=1800 audit(1765984856.898:1915): pid=19712 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.3561" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1352.362387][T19716] FAULT_INJECTION: forcing a failure.
[ 1352.362387][T19716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1352.442052][T19716] CPU: 1 UID: 0 PID: 19716 Comm: syz.0.3563 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1352.442082][T19716] Tainted: [L]=SOFTLOCKUP
[ 1352.442088][T19716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1352.442098][T19716] Call Trace:
[ 1352.442105][T19716]  <TASK>
[ 1352.442111][T19716]  dump_stack_lvl+0x16c/0x1f0
[ 1352.442137][T19716]  should_fail_ex+0x512/0x640
[ 1352.442167][T19716]  _copy_to_user+0x32/0xd0
[ 1352.442193][T19716]  simple_read_from_buffer+0xcb/0x170
[ 1352.442218][T19716]  proc_fail_nth_read+0x197/0x240
[ 1352.442238][T19716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1352.442257][T19716]  ? rw_verify_area+0xcf/0x6c0
[ 1352.442276][T19716]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1352.442294][T19716]  vfs_read+0x1e4/0xcf0
[ 1352.442316][T19716]  ? __pfx___mutex_lock+0x10/0x10
[ 1352.442346][T19716]  ? __pfx_vfs_read+0x10/0x10
[ 1352.442373][T19716]  ? __fget_files+0x20e/0x3c0
[ 1352.442404][T19716]  ksys_read+0x12a/0x250
[ 1352.442425][T19716]  ? __pfx_ksys_read+0x10/0x10
[ 1352.442443][T19716]  ? v4l2_ioctl+0x1c5/0x250
[ 1352.442462][T19716]  ? fput+0x70/0xf0
[ 1352.442481][T19716]  do_syscall_64+0xcd/0xf80
[ 1352.442504][T19716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1352.442522][T19716] RIP: 0033:0x7f399338e15c
[ 1352.442537][T19716] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1352.442553][T19716] RSP: 002b:00007f39941a2030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1352.442570][T19716] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338e15c
[ 1352.442582][T19716] RDX: 000000000000000f RSI: 00007f39941a20a0 RDI: 0000000000000004
[ 1352.442592][T19716] RBP: 00007f39941a2090 R08: 0000000000000000 R09: 0000000000000000
[ 1352.442602][T19716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1352.442613][T19716] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1352.442638][T19716]  </TASK>
[ 1353.054188][ T5976] usb 3-1: new high-speed USB device number 79 using dummy_hcd
[ 1353.072105][   T30] audit: type=1400 audit(1765984857.808:1916): avc:  denied  { create } for  pid=19721 comm="syz.0.3567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1353.211648][   T30] audit: type=1400 audit(1765984857.818:1917): avc:  denied  { bind } for  pid=19721 comm="syz.0.3567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1353.304169][ T5976] usb 3-1: Using ep0 maxpacket: 16
[ 1353.394834][ T5976] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1353.416150][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1353.875415][ T5976] usb 3-1: Product: syz
[ 1353.880074][ T5976] usb 3-1: Manufacturer: syz
[ 1353.892928][ T5976] usb 3-1: SerialNumber: syz
[ 1353.911821][ T5976] usb 3-1: config 0 descriptor??
[ 1353.943057][T19738] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3571'.
[ 1353.958927][T19738] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3571'.
[ 1353.971341][T19738] netlink: 'syz.1.3571': attribute type 6 has an invalid length.
[ 1354.010325][T19738] netlink: 'syz.1.3571': attribute type 5 has an invalid length.
[ 1354.021675][T19738] netlink: 43 bytes leftover after parsing attributes in process `syz.1.3571'.
[ 1354.031782][   T30] audit: type=1400 audit(1765984858.768:1918): avc:  denied  { create } for  pid=19737 comm="syz.1.3571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[ 1355.855892][ T5928] usb 3-1: USB disconnect, device number 79
[ 1356.165378][T19782] JFS: discard option not supported on device
[ 1356.171806][T19782] Mount JFS Failure: -22
[ 1356.176267][T19782] jfs_mount failed w/return code = -22
[ 1356.190511][   T30] audit: type=1400 audit(1765984860.888:1919): avc:  denied  { read } for  pid=19762 comm="syz.0.3577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1356.623322][T19794] netlink: 44 bytes leftover after parsing attributes in process `syz.5.3583'.
[ 1357.355005][T19806] ubi: mtd0 is already attached to ubi31
[ 1358.671533][T19817] JFS: discard option not supported on device
[ 1358.679450][T19817] Mount JFS Failure: -22
[ 1358.683769][T19817] jfs_mount failed w/return code = -22
[ 1359.389099][   T30] audit: type=1400 audit(1765984864.128:1920): avc:  denied  { name_bind } for  pid=19820 comm="syz.5.3592" src=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1
[ 1360.204148][   T30] audit: type=1400 audit(1765984864.918:1921): avc:  denied  { setattr } for  pid=19823 comm="syz.0.3595" path="/dev/mixer" dev="devtmpfs" ino=1293 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[ 1360.350447][   T30] audit: type=1400 audit(1765984865.078:1922): avc:  denied  { listen } for  pid=19825 comm="syz.3.3593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1360.441463][   T30] audit: type=1400 audit(1765984865.078:1923): avc:  denied  { accept } for  pid=19825 comm="syz.3.3593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[ 1360.503597][   T30] audit: type=1400 audit(1765984865.128:1924): avc:  denied  { accept } for  pid=19825 comm="syz.3.3593" path="socket:[72847]" dev="sockfs" ino=72847 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1360.664328][   T30] audit: type=1400 audit(1765984865.398:1925): avc:  denied  { name_connect } for  pid=19827 comm="syz.2.3594" dest=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1360.681103][T19833] overlay: ./file1 is not a directory
[ 1361.234779][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.241180][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.513427][T19860] netlink: 252 bytes leftover after parsing attributes in process `syz.2.3603'.
[ 1362.302868][T19865] could not allocate digest TFM handle sha3-224-ce
[ 1362.340173][T19881] netlink: 36 bytes leftover after parsing attributes in process `syz.5.3607'.
[ 1362.395142][T19880] xt_hashlimit: size too large, truncated to 1048576
[ 1362.444660][T17429] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:201'
[ 1362.457442][T17429] CPU: 1 UID: 0 PID: 17429 Comm: kworker/u9:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1362.457475][T17429] Tainted: [L]=SOFTLOCKUP
[ 1362.457482][T17429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1362.457494][T17429] Workqueue: hci2 hci_rx_work
[ 1362.457517][T17429] Call Trace:
[ 1362.457523][T17429]  <TASK>
[ 1362.457530][T17429]  dump_stack_lvl+0x16c/0x1f0
[ 1362.457554][T17429]  sysfs_warn_dup+0x7f/0xa0
[ 1362.457574][T17429]  sysfs_create_dir_ns+0x24b/0x2b0
[ 1362.457593][T17429]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1362.457609][T17429]  ? find_held_lock+0x2b/0x80
[ 1362.457637][T17429]  ? do_raw_spin_unlock+0x172/0x230
[ 1362.457662][T17429]  kobject_add_internal+0x2c4/0x9d0
[ 1362.457691][T17429]  kobject_add+0x16e/0x240
[ 1362.457715][T17429]  ? __pfx_kobject_add+0x10/0x10
[ 1362.457739][T17429]  ? kobject_put+0xaf/0x6f0
[ 1362.457758][T17429]  ? _raw_spin_unlock+0x28/0x50
[ 1362.457784][T17429]  device_add+0x288/0x1980
[ 1362.457804][T17429]  ? __pfx_dev_set_name+0x10/0x10
[ 1362.457822][T17429]  ? __pfx_device_add+0x10/0x10
[ 1362.457843][T17429]  ? mgmt_send_event_skb+0x2fb/0x460
[ 1362.457870][T17429]  hci_conn_add_sysfs+0x1a8/0x260
[ 1362.457891][T17429]  le_conn_complete_evt+0x11ed/0x1fa0
[ 1362.457914][T17429]  ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1362.457938][T17429]  hci_le_conn_complete_evt+0x23c/0x3a0
[ 1362.457963][T17429]  hci_le_meta_evt+0x357/0x610
[ 1362.457982][T17429]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1362.458003][T17429]  hci_event_packet+0x685/0x1210
[ 1362.458021][T17429]  ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1362.458041][T17429]  ? __pfx_hci_event_packet+0x10/0x10
[ 1362.458059][T17429]  ? kcov_remote_start+0x399/0x680
[ 1362.458077][T17429]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1362.458103][T17429]  hci_rx_work+0x2c9/0x1020
[ 1362.458125][T17429]  process_one_work+0x9ba/0x1b20
[ 1362.458156][T17429]  ? __pfx_process_one_work+0x10/0x10
[ 1362.458186][T17429]  ? assign_work+0x1a0/0x250
[ 1362.458210][T17429]  worker_thread+0x6c8/0xf10
[ 1362.458240][T17429]  ? __kthread_parkme+0x19e/0x250
[ 1362.458258][T17429]  ? __pfx_worker_thread+0x10/0x10
[ 1362.458278][T17429]  kthread+0x3c5/0x780
[ 1362.458298][T17429]  ? __pfx_kthread+0x10/0x10
[ 1362.458329][T17429]  ? rcu_is_watching+0x12/0xc0
[ 1362.458348][T17429]  ? __pfx_kthread+0x10/0x10
[ 1362.458372][T17429]  ret_from_fork+0x983/0xb10
[ 1362.458395][T17429]  ? __pfx_ret_from_fork+0x10/0x10
[ 1362.458418][T17429]  ? __switch_to+0x7af/0x10d0
[ 1362.458441][T17429]  ? __pfx_kthread+0x10/0x10
[ 1362.458462][T17429]  ret_from_fork_asm+0x1a/0x30
[ 1362.458503][T17429]  </TASK>
[ 1362.458602][T17429] kobject: kobject_add_internal failed for hci2:201 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1362.734369][T17429] Bluetooth: hci2: failed to register connection device
[ 1362.764459][   T30] audit: type=1400 audit(1765984867.508:1926): avc:  denied  { nlmsg_write } for  pid=19879 comm="syz.1.3608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[ 1364.653497][T19901] syzkaller0: entered promiscuous mode
[ 1364.693397][T19901] syzkaller0: entered allmulticast mode
[ 1364.703115][   T13] syzkaller0: tun_net_xmit 70
[ 1364.925277][T19912] xt_cluster: node mask cannot exceed total number of nodes
[ 1365.051022][   T30] audit: type=1400 audit(1765984869.738:1927): avc:  denied  { bind } for  pid=19906 comm="syz.5.3617" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1365.093204][   T30] audit: type=1326 audit(1765984869.818:1928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19911 comm="syz.2.3619" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f128498f749 code=0x0
[ 1365.464144][ T5928] usb 4-1: new low-speed USB device number 75 using dummy_hcd
[ 1365.614149][ T5928] usb 4-1: device descriptor read/64, error -71
[ 1365.864152][ T5928] usb 4-1: new low-speed USB device number 76 using dummy_hcd
[ 1366.027794][ T5928] usb 4-1: device descriptor read/64, error -71
[ 1366.194925][ T5928] usb usb4-port1: attempt power cycle
[ 1366.564248][ T5928] usb 4-1: new low-speed USB device number 77 using dummy_hcd
[ 1366.665357][T19949] JFS: discard option not supported on device
[ 1366.674628][T19949] Mount JFS Failure: -22
[ 1366.678929][T19949] jfs_mount failed w/return code = -22
[ 1367.046623][ T5928] usb 4-1: device descriptor read/8, error -71
[ 1367.242118][T19948] batadv_slave_1: entered promiscuous mode
[ 1367.471403][ T5928] usb 4-1: new low-speed USB device number 78 using dummy_hcd
[ 1367.494721][ T5928] usb 4-1: device descriptor read/8, error -71
[ 1367.624946][ T5928] usb usb4-port1: unable to enumerate USB device
[ 1368.413446][T19968] rdma_rxe: rxe_newlink: failed to add erspan0
[ 1368.917493][T19942] batadv_slave_1: left promiscuous mode
[ 1368.938577][T19977] input: syz1 as /devices/virtual/input/input62
[ 1370.685536][ T5927] libceph: connect (1)[c::]:6789 error -101
[ 1370.774475][ T5887] usb 3-1: new high-speed USB device number 80 using dummy_hcd
[ 1370.883063][T19997] ceph: No mds server is up or the cluster is laggy
[ 1370.920466][ T5927] libceph: mon0 (1)[c::]:6789 connect error
[ 1371.136772][ T5887] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[ 1371.155811][   T30] audit: type=1400 audit(1765984875.898:1929): avc:  denied  { block_suspend } for  pid=20005 comm="syz.5.3647" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[ 1371.162548][ T5887] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[ 1371.296409][ T5887] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[ 1371.306092][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1371.316324][ T5887] usb 3-1: Product: syz
[ 1371.320599][ T5887] usb 3-1: Manufacturer: syz
[ 1371.325388][ T5887] usb 3-1: SerialNumber: syz
[ 1372.494685][ T5887] usb 3-1: config 0 descriptor??
[ 1372.503869][T19994] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1372.573042][T19994] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1372.573069][T20018] FAULT_INJECTION: forcing a failure.
[ 1372.573069][T20018] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1372.601804][T20018] CPU: 0 UID: 0 PID: 20018 Comm: syz.0.3650 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1372.601830][T20018] Tainted: [L]=SOFTLOCKUP
[ 1372.601836][T20018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1372.601845][T20018] Call Trace:
[ 1372.601850][T20018]  <TASK>
[ 1372.601856][T20018]  dump_stack_lvl+0x16c/0x1f0
[ 1372.601883][T20018]  should_fail_ex+0x512/0x640
[ 1372.601911][T20018]  __fpu_restore_sig+0xfe/0x1370
[ 1372.601941][T20018]  ? __lock_acquire+0x436/0x2890
[ 1372.601961][T20018]  ? __pfx___fpu_restore_sig+0x10/0x10
[ 1372.602000][T20018]  ? __might_fault+0xe3/0x190
[ 1372.602016][T20018]  ? __might_fault+0x13b/0x190
[ 1372.602036][T20018]  fpu__restore_sig+0x151/0x190
[ 1372.602064][T20018]  restore_sigcontext+0x4c9/0x6a0
[ 1372.602089][T20018]  ? __pfx_restore_sigcontext+0x10/0x10
[ 1372.602130][T20018]  ? __pfx_restore_altstack+0x10/0x10
[ 1372.602151][T20018]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1372.602170][T20018]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1372.602195][T20018]  __do_sys_rt_sigreturn+0x229/0x2c0
[ 1372.602224][T20018]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[ 1372.602257][T20018]  do_syscall_64+0xcd/0xf80
[ 1372.602280][T20018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1372.602297][T20018] RIP: 0033:0x7f399338f747
[ 1372.602315][T20018] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89
[ 1372.602331][T20018] RSP: 002b:00007f39941a2038 EFLAGS: 00000246
[ 1372.602344][T20018] RAX: 0000000000000147 RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1372.602354][T20018] RDX: 0000000000000001 RSI: 0000200000000180 RDI: 0000000000000003
[ 1372.602364][T20018] RBP: 00007f39941a2090 R08: 0000000000000004 R09: 0000000000000001
[ 1372.602374][T20018] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001
[ 1372.602384][T20018] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1372.602408][T20018]  </TASK>
[ 1372.847982][T19994] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1372.857269][T19994] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1372.902424][T20024] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3653'.
[ 1373.268536][T20027] erspan0 speed is unknown, defaulting to 1000
[ 1373.783979][T20035] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3643'.
[ 1374.080064][T20040] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3658'.
[ 1374.096408][T20045] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20045 comm=syz.2.3643
[ 1374.232674][ T5887] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading MODE_CTRL
[ 1374.254434][T20049] batadv_slave_1: entered promiscuous mode
[ 1374.340771][ T5887] usb 3-1: USB disconnect, device number 80
[ 1375.065964][T20042] batadv_slave_1: left promiscuous mode
[ 1375.324561][T20088] Falling back ldisc for ttyS3.
[ 1376.004174][ T5888] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 1376.245629][ T5888] usb 4-1: Using ep0 maxpacket: 16
[ 1376.545927][ T5888] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[ 1376.560306][ T5888] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[ 1376.574723][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1376.594104][ T5888] usb 4-1: Product: syz
[ 1376.604141][ T5888] usb 4-1: Manufacturer: syz
[ 1376.612677][ T5888] usb 4-1: SerialNumber: syz
[ 1376.625147][ T5888] usb 4-1: config 0 descriptor??
[ 1376.665274][ T5888] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[ 1376.685424][ T5888] em28xx 4-1:0.0: DVB interface 0 found: bulk
[ 1377.669729][ T5888] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 1377.692580][   T30] audit: type=1400 audit(1765984882.428:1930): avc:  denied  { write } for  pid=20128 comm="syz.5.3677" name="file0" dev="tmpfs" ino=2167 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[ 1378.618840][ T5888] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[ 1378.635120][ T5888] em28xx 4-1:0.0: board has no eeprom
[ 1378.732687][T20140] JFS: discard option not supported on device
[ 1378.742150][T20140] Mount JFS Failure: -22
[ 1378.746617][T20140] jfs_mount failed w/return code = -22
[ 1379.079606][ T5888] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[ 1379.087748][ T5888] em28xx 4-1:0.0: dvb set to bulk mode.
[ 1379.093650][ T5928] em28xx 4-1:0.0: Binding DVB extension
[ 1379.154178][ T5888] usb 4-1: USB disconnect, device number 79
[ 1379.161089][ T5888] em28xx 4-1:0.0: Disconnecting em28xx
[ 1379.367841][ T5928] em28xx 4-1:0.0: Registering input extension
[ 1379.387411][ T5888] em28xx 4-1:0.0: Closing input extension
[ 1379.423805][ T5888] em28xx 4-1:0.0: Freeing device
[ 1379.677920][T20148] rdma_rxe: rxe_newlink: failed to add erspan0
[ 1380.854761][   T30] audit: type=1326 audit(1765984885.598:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20160 comm="syz.0.3688" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f399338f749 code=0x0
[ 1382.066935][T20185] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3695'.
[ 1382.086028][T20185] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1382.094333][T20185] bridge0: port 1(
) entered disabled state
[ 1384.863249][T20223] block nbd2: NBD_DISCONNECT
[ 1385.650530][T20226] JFS: discard option not supported on device
[ 1385.656913][T20226] Mount JFS Failure: -22
[ 1385.661149][T20226] jfs_mount failed w/return code = -22
[ 1386.293753][T20233] erspan0 speed is unknown, defaulting to 1000
[ 1386.488169][T20241] netlink: 'syz.2.3710': attribute type 12 has an invalid length.
[ 1387.241464][T20250] JFS: discard option not supported on device
[ 1387.247820][T20250] Mount JFS Failure: -22
[ 1387.252070][T20250] jfs_mount failed w/return code = -22
[ 1387.920423][T20252] erspan0 speed is unknown, defaulting to 1000
[ 1389.833278][T20267] kvm: kvm [20266]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[ 1389.914410][T20267] kvm: kvm [20266]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[ 1390.389653][T20282] loop2: detected capacity change from 0 to 7
[ 1390.427095][T20282] Dev loop2: unable to read RDB block 7
[ 1390.446438][T20282]  loop2: AHDI p1 p2 p3
[ 1390.450670][T20282] loop2: partition table partially beyond EOD, truncated
[ 1390.464322][T20282] loop2: p1 start 1601398130 is beyond EOD, truncated
[ 1390.481854][T20282] loop2: p2 start 1702059890 is beyond EOD, truncated
[ 1392.363186][T20303] batadv_slave_1: entered promiscuous mode
[ 1392.482768][T20313] JFS: discard option not supported on device
[ 1392.491005][T20313] Mount JFS Failure: -22
[ 1392.495722][T20313] jfs_mount failed w/return code = -22
[ 1392.934944][T20315] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3730'.
[ 1392.963879][T20315] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3730'.
[ 1393.336302][T20299] batadv_slave_1: left promiscuous mode
[ 1393.473203][T20322] erspan0 speed is unknown, defaulting to 1000
[ 1394.584543][T20337] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20337 comm=syz.3.3734
[ 1395.240900][T20349] netlink: 132 bytes leftover after parsing attributes in process `syz.5.3738'.
[ 1395.906897][T20360] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1395.915662][T20360] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1398.234163][ T5927] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[ 1398.407527][ T5927] usb 4-1: New USB device found, idVendor=04b4, idProduct=6830, bcdDevice=86.cf
[ 1398.420612][ T5927] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1398.451135][ T5927] ums-cypress 4-1:1.0: USB Mass Storage device detected
[ 1398.458182][ T5926] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1398.625982][ T5926] usb 1-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00
[ 1398.650472][T20369] FAULT_INJECTION: forcing a failure.
[ 1398.650472][T20369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1398.775514][T20369] CPU: 0 UID: 0 PID: 20369 Comm: syz.3.3743 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1398.775547][T20369] Tainted: [L]=SOFTLOCKUP
[ 1398.775553][T20369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1398.775564][T20369] Call Trace:
[ 1398.775570][T20369]  <TASK>
[ 1398.775578][T20369]  dump_stack_lvl+0x16c/0x1f0
[ 1398.775604][T20369]  should_fail_ex+0x512/0x640
[ 1398.775633][T20369]  _copy_to_user+0x32/0xd0
[ 1398.775661][T20369]  simple_read_from_buffer+0xcb/0x170
[ 1398.775688][T20369]  proc_fail_nth_read+0x197/0x240
[ 1398.775708][T20369]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1398.775727][T20369]  ? rw_verify_area+0xcf/0x6c0
[ 1398.775747][T20369]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1398.775765][T20369]  vfs_read+0x1e4/0xcf0
[ 1398.775787][T20369]  ? __pfx___mutex_lock+0x10/0x10
[ 1398.775813][T20369]  ? __pfx_vfs_read+0x10/0x10
[ 1398.775840][T20369]  ? __fget_files+0x20e/0x3c0
[ 1398.775872][T20369]  ksys_read+0x12a/0x250
[ 1398.775893][T20369]  ? __pfx_ksys_read+0x10/0x10
[ 1398.775922][T20369]  do_syscall_64+0xcd/0xf80
[ 1398.775945][T20369]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1398.775963][T20369] RIP: 0033:0x7f08bc98e15c
[ 1398.775978][T20369] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1398.775994][T20369] RSP: 002b:00007f08bd765030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1398.776010][T20369] RAX: ffffffffffffffda RBX: 00007f08bcbe5fa0 RCX: 00007f08bc98e15c
[ 1398.776021][T20369] RDX: 000000000000000f RSI: 00007f08bd7650a0 RDI: 0000000000000008
[ 1398.776030][T20369] RBP: 00007f08bd765090 R08: 0000000000000000 R09: 0000000000000000
[ 1398.776040][T20369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1398.776050][T20369] R13: 00007f08bcbe6038 R14: 00007f08bcbe5fa0 R15: 00007ffdf4fcd138
[ 1398.776075][T20369]  </TASK>
[ 1399.030708][ T5926] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1399.208232][ T5926] usb 1-1: config 0 descriptor??
[ 1399.214810][ T5928] usb 4-1: USB disconnect, device number 80
[ 1399.398670][T20392] erspan0 speed is unknown, defaulting to 1000
[ 1400.620773][    C1] raw-gadget.1 gadget.0: ignoring, device is not running
[ 1400.628321][    C1] raw-gadget.1 gadget.0: ignoring, device is not running
[ 1400.634103][   T30] audit: type=1400 audit(1765984904.848:1932): avc:  denied  { getopt } for  pid=20374 comm="syz.0.3746" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1400.635715][    C1] raw-gadget.1 gadget.0: ignoring, device is not running
[ 1400.664247][ T5926] usbhid 1-1:0.0: can't add hid device: -32
[ 1400.674219][ T5926] usbhid 1-1:0.0: probe with driver usbhid failed with error -32
[ 1400.756322][ T5926] usb 1-1: USB disconnect, device number 73
[ 1401.551353][T20414] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.3752'.
[ 1402.072744][T20417] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20417 comm=syz.5.3754
[ 1402.256672][T13710] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[ 1402.323083][T20420] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3755'.
[ 1402.450966][T13710] usb 4-1: config index 0 descriptor too short (expected 28277, got 36)
[ 1402.464615][T13710] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1402.486484][T13710] usb 4-1: config 0 has no interfaces?
[ 1402.498426][T13710] usb 4-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[ 1402.523043][T13710] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1402.543961][T13710] usb 4-1: config 0 descriptor??
[ 1404.322969][T20447] erspan0 speed is unknown, defaulting to 1000
[ 1404.411968][T20450] netlink: 'syz.0.3764': attribute type 1 has an invalid length.
[ 1404.489374][ T6012] usb 4-1: USB disconnect, device number 81
[ 1404.507495][   T30] audit: type=1400 audit(1765984909.248:1933): avc:  denied  { create } for  pid=20449 comm="syz.0.3764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1404.609125][T20460] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=63127 sclass=netlink_xfrm_socket pid=20460 comm=syz.3.3765
[ 1404.631748][T20460] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3765'.
[ 1404.726144][   T30] audit: type=1400 audit(1765984909.278:1934): avc:  denied  { write } for  pid=20449 comm="syz.0.3764" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[ 1404.830457][T20451] bond1 (unregistering): Released all slaves
[ 1404.890862][T20464] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20464 comm=syz.5.3767
[ 1404.997660][T20450] bond1: entered promiscuous mode
[ 1405.049687][T20450] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1405.634117][T16250] usb 1-1: new full-speed USB device number 74 using dummy_hcd
[ 1405.804148][T16250] usb 1-1: device descriptor read/64, error -71
[ 1405.952093][   T30] audit: type=1400 audit(1765984910.688:1935): avc:  denied  { shutdown } for  pid=20484 comm="syz.2.3776" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1406.051665][T16250] usb 1-1: new full-speed USB device number 75 using dummy_hcd
[ 1406.172776][T20504] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20504 comm=syz.3.3778
[ 1406.229072][T16250] usb 1-1: device descriptor read/64, error -71
[ 1406.655782][T16250] usb usb1-port1: attempt power cycle
[ 1407.004263][T16250] usb 1-1: new full-speed USB device number 76 using dummy_hcd
[ 1407.067967][T16250] usb 1-1: device descriptor read/8, error -71
[ 1407.364429][   T30] audit: type=1400 audit(1765984912.098:1936): avc:  denied  { name_bind } for  pid=20514 comm="syz.5.3784" src=128 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[ 1407.484226][T16250] usb 1-1: new full-speed USB device number 77 using dummy_hcd
[ 1407.514731][T16250] usb 1-1: device descriptor read/8, error -71
[ 1407.624960][T16250] usb usb1-port1: unable to enumerate USB device
[ 1407.705435][T20521] rdma_rxe: rxe_newlink: failed to add erspan0
[ 1408.332195][T20525] erspan0 speed is unknown, defaulting to 1000
[ 1409.078336][   T30] audit: type=1400 audit(1765984913.348:1937): avc:  denied  { lock } for  pid=20526 comm="syz.5.3788" path="socket:[75900]" dev="sockfs" ino=75900 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[ 1409.910920][T20540] kthread_run failed with err -4
[ 1410.230229][T20565] FAULT_INJECTION: forcing a failure.
[ 1410.230229][T20565] name failslab, interval 1, probability 0, space 0, times 0
[ 1410.243489][T20565] CPU: 1 UID: 0 PID: 20565 Comm: syz.0.3798 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1410.243516][T20565] Tainted: [L]=SOFTLOCKUP
[ 1410.243522][T20565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1410.243531][T20565] Call Trace:
[ 1410.243537][T20565]  <TASK>
[ 1410.243543][T20565]  dump_stack_lvl+0x16c/0x1f0
[ 1410.243570][T20565]  should_fail_ex+0x512/0x640
[ 1410.243593][T20565]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1410.243621][T20565]  should_failslab+0xc2/0x120
[ 1410.243643][T20565]  kmem_cache_alloc_noprof+0x83/0x770
[ 1410.243662][T20565]  ? skb_clone+0x190/0x3f0
[ 1410.243684][T20565]  ? skb_clone+0x190/0x3f0
[ 1410.243699][T20565]  skb_clone+0x190/0x3f0
[ 1410.243717][T20565]  netlink_deliver_tap+0xabd/0xd30
[ 1410.243742][T20565]  netlink_unicast+0x64c/0x870
[ 1410.243766][T20565]  ? __pfx_netlink_unicast+0x10/0x10
[ 1410.243795][T20565]  netlink_sendmsg+0x8c8/0xdd0
[ 1410.243819][T20565]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1410.243849][T20565]  ____sys_sendmsg+0xa5d/0xc30
[ 1410.243873][T20565]  ? copy_msghdr_from_user+0x10a/0x160
[ 1410.243890][T20565]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1410.243922][T20565]  ___sys_sendmsg+0x134/0x1d0
[ 1410.243940][T20565]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1410.243989][T20565]  __sys_sendmsg+0x16d/0x220
[ 1410.244006][T20565]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1410.244040][T20565]  do_syscall_64+0xcd/0xf80
[ 1410.244061][T20565]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1410.244077][T20565] RIP: 0033:0x7f399338f749
[ 1410.244092][T20565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1410.244106][T20565] RSP: 002b:00007f39941a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1410.244122][T20565] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1410.244133][T20565] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003
[ 1410.244142][T20565] RBP: 00007f39941a2090 R08: 0000000000000000 R09: 0000000000000000
[ 1410.244150][T20565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1410.244159][T20565] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1410.244182][T20565]  </TASK>
[ 1410.755317][T20575] rdma_rxe: rxe_newlink: failed to add erspan0
[ 1411.272174][T20585] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20585 comm=syz.0.3800
[ 1411.294644][T20587] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3802'.
[ 1411.871732][   T30] audit: type=1400 audit(1765984916.608:1938): avc:  denied  { ioctl } for  pid=20579 comm="syz.3.3802" path="socket:[75359]" dev="sockfs" ino=75359 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[ 1413.517981][T20612] batadv_slave_1: entered promiscuous mode
[ 1413.560732][T20616] batadv_slave_1: entered promiscuous mode
[ 1413.989189][T20623] batadv_slave_1: entered promiscuous mode
[ 1414.428868][T20613] batadv_slave_1: left promiscuous mode
[ 1414.471582][T20631] netlink: 'syz.3.3816': attribute type 12 has an invalid length.
[ 1414.704760][T20609] batadv_slave_1: left promiscuous mode
[ 1416.088867][T20618] batadv_slave_1: left promiscuous mode
[ 1416.277530][T20656] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=4635 sclass=netlink_xfrm_socket pid=20656 comm=syz.0.3824
[ 1416.534293][T16250] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[ 1416.723865][T20661] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3821'.
[ 1416.785276][T20645] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3821'.
[ 1416.797476][   T30] audit: type=1400 audit(1765984921.538:1939): avc:  denied  { setattr } for  pid=20643 comm="syz.5.3821" path="socket:[75573]" dev="sockfs" ino=75573 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[ 1416.824093][T16250] usb 4-1: Using ep0 maxpacket: 32
[ 1416.854706][T16250] usb 4-1: config 0 has an invalid interface number: 188 but max is 0
[ 1416.867599][T16250] usb 4-1: config 0 has no interface number 0
[ 1416.881515][T16250] usb 4-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[ 1416.910119][T16250] usb 4-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[ 1416.924929][T16250] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1416.982081][T16250] usb 4-1: Product: syz
[ 1416.994195][T16250] usb 4-1: Manufacturer: syz
[ 1416.999594][T16250] usb 4-1: SerialNumber: syz
[ 1417.012306][T16250] usb 4-1: config 0 descriptor??
[ 1417.186737][T20658] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1417.467006][T20667] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3830'.
[ 1417.496301][T20672] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[ 1417.678105][T20679] FAULT_INJECTION: forcing a failure.
[ 1417.678105][T20679] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1417.714157][T20679] CPU: 1 UID: 0 PID: 20679 Comm: syz.0.3833 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1417.714186][T20679] Tainted: [L]=SOFTLOCKUP
[ 1417.714191][T20679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1417.714200][T20679] Call Trace:
[ 1417.714210][T20679]  <TASK>
[ 1417.714216][T20679]  dump_stack_lvl+0x16c/0x1f0
[ 1417.714241][T20679]  should_fail_ex+0x512/0x640
[ 1417.714274][T20679]  _copy_from_user+0x2e/0xd0
[ 1417.714298][T20679]  do_ip_setsockopt+0xf00/0x38a0
[ 1417.714327][T20679]  ? __pfx_do_ip_setsockopt+0x10/0x10
[ 1417.714350][T20679]  ? get_pid_task+0x106/0x250
[ 1417.714367][T20679]  ? proc_fail_nth_write+0x9f/0x220
[ 1417.714387][T20679]  ? sock_has_perm+0x258/0x2f0
[ 1417.714404][T20679]  ? __pfx_sock_has_perm+0x10/0x10
[ 1417.714420][T20679]  ? selinux_netlbl_socket_setsockopt+0x183/0x470
[ 1417.714445][T20679]  ip_setsockopt+0x59/0xf0
[ 1417.714470][T20679]  raw_setsockopt+0xb7/0x2a0
[ 1417.714486][T20679]  ? __pfx_raw_setsockopt+0x10/0x10
[ 1417.714502][T20679]  ? selinux_socket_setsockopt+0x6a/0x80
[ 1417.714518][T20679]  ? sock_common_setsockopt+0x2e/0xf0
[ 1417.714538][T20679]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1417.714559][T20679]  do_sock_setsockopt+0xf3/0x1d0
[ 1417.714581][T20679]  __sys_setsockopt+0x1a0/0x230
[ 1417.714599][T20679]  __x64_sys_setsockopt+0xbd/0x160
[ 1417.714613][T20679]  ? do_syscall_64+0x91/0xf80
[ 1417.714631][T20679]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1417.714649][T20679]  do_syscall_64+0xcd/0xf80
[ 1417.714669][T20679]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1417.714685][T20679] RIP: 0033:0x7f399338f749
[ 1417.714697][T20679] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1417.714712][T20679] RSP: 002b:00007f39941a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1417.714727][T20679] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1417.714737][T20679] RDX: 0000000000000016 RSI: 0000000000000000 RDI: 0000000000000003
[ 1417.714745][T20679] RBP: 00007f39941a2090 R08: 0000000000000004 R09: 0000000000000000
[ 1417.714754][T20679] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1417.714763][T20679] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1417.714786][T20679]  </TASK>
[ 1417.993955][T20674] JFS: discard option not supported on device
[ 1418.000562][T20674] Mount JFS Failure: -22
[ 1418.004892][T20674] jfs_mount failed w/return code = -22
[ 1418.294133][ T6012] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 1418.424114][ T6012] usb 1-1: device descriptor read/64, error -71
[ 1418.654066][   T30] audit: type=1326 audit(1765984923.388:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20693 comm="syz.5.3840" exe="/root/syz-executor" sig=9 arch=c000003e syscall=157 compat=0 ip=0x7f4a70b8f749 code=0x0
[ 1418.684149][ T6012] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 1419.552585][ T6012] usb 1-1: device descriptor read/64, error -71
[ 1419.599758][T20716] overlayfs: failed to clone upperpath
[ 1419.668467][ T6012] usb usb1-port1: attempt power cycle
[ 1419.844943][T16250] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[ 1419.861999][T16250] asix 4-1:0.188 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x00b0: ffffffb9
[ 1419.884488][T16250] asix 4-1:0.188: probe with driver asix failed with error -71
[ 1419.896937][T16250] usb 4-1: USB disconnect, device number 82
[ 1420.464110][ T6012] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 1420.494678][ T6012] usb 1-1: device descriptor read/8, error -71
[ 1421.328098][ T6012] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 1421.368804][   T30] audit: type=1400 audit(1765984926.108:1941): avc:  denied  { getopt } for  pid=20735 comm="syz.1.3852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1421.406645][ T6012] usb 1-1: device descriptor read/8, error -71
[ 1421.524387][ T6012] usb usb1-port1: unable to enumerate USB device
[ 1421.743681][T20757] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3858'.
[ 1421.934126][ T6012] usb 3-1: new full-speed USB device number 81 using dummy_hcd
[ 1422.024464][ T5887] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 1422.099684][ T6012] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 1422.108624][ T6012] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 1422.118875][ T6012] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1422.129626][ T6012] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1422.139779][ T6012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1422.147911][ T6012] usb 3-1: Product: syz
[ 1422.152208][ T6012] usb 3-1: Manufacturer: syz
[ 1422.157009][ T6012] usb 3-1: SerialNumber: syz
[ 1422.164337][T14755] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[ 1422.174126][ T5887] usb 1-1: Using ep0 maxpacket: 16
[ 1422.182615][ T5887] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[ 1422.191800][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1422.199906][ T5887] usb 1-1: Product: syz
[ 1422.206484][ T5887] usb 1-1: Manufacturer: syz
[ 1422.211084][ T5887] usb 1-1: SerialNumber: syz
[ 1422.217941][ T5887] usb 1-1: config 0 descriptor??
[ 1422.314214][T14755] usb 4-1: Using ep0 maxpacket: 16
[ 1422.322445][T14755] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[ 1422.331712][T14755] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[ 1422.339950][T14755] usb 4-1: Product: syz
[ 1422.344262][T14755] usb 4-1: Manufacturer: syz
[ 1422.348880][T14755] usb 4-1: SerialNumber: syz
[ 1422.355284][T14755] usb 4-1: config 0 descriptor??
[ 1422.369124][ T6012] usb 3-1: 0:2 : does not exist
[ 1422.380714][ T6012] usb 3-1: USB disconnect, device number 81
[ 1422.692945][ T1293] ieee802154 phy0 wpan0: encryption failed: -22
[ 1422.702078][ T1293] ieee802154 phy1 wpan1: encryption failed: -22
[ 1422.713456][ T5887] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[ 1422.722919][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1422.733314][T20774] tipc: Started in network mode
[ 1422.738489][T20774] tipc: Node identity ac1414aa, cluster identity 4711
[ 1422.771455][ T5887] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[ 1422.781405][ T5887] usb 1-1: media controller created
[ 1422.949175][T20757] dtv5100: wlen = 0, aborting.
[ 1423.213088][T20774] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1423.239538][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1423.270119][T20779] veth1_to_bond: entered allmulticast mode
[ 1423.274877][T20780] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3867'.
[ 1423.316344][ T5887] zl10353_read_register: readreg error (reg=127, ret==0)
[ 1423.332223][ T5887] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[ 1423.341424][ T5887] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[ 1423.341579][T20780] bond0: (slave bond_slave_1): Releasing backup interface
[ 1423.448492][ T5887] usb 1-1: USB disconnect, device number 82
[ 1423.482363][T20780] veth1_to_bond (unregistering): left allmulticast mode
[ 1423.529478][ T5887] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[ 1423.742544][T20783] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1423.944573][   T30] audit: type=1400 audit(1765984928.588:1942): avc:  denied  { accept } for  pid=20781 comm="syz.2.3868" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[ 1424.340371][ T5887] tipc: Node number set to 2886997162
[ 1424.582164][T20789] trusted_key: encrypted_key: insufficient parameters specified
[ 1425.235853][ T5887] usb 4-1: USB disconnect, device number 83
[ 1426.191375][   T30] audit: type=1800 audit(1765984930.928:1943): pid=20808 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.0.3878" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[ 1426.830292][   T30] audit: type=1400 audit(1765984931.478:1944): avc:  denied  { bind } for  pid=20806 comm="syz.0.3878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1427.041828][   T30] audit: type=1400 audit(1765984931.488:1945): avc:  denied  { connect } for  pid=20806 comm="syz.0.3878" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[ 1427.216135][   T30] audit: type=1400 audit(1765984931.958:1946): avc:  denied  { getopt } for  pid=20828 comm="syz.2.3885" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[ 1427.784918][   T30] audit: type=1400 audit(1765984932.428:1947): avc:  denied  { read } for  pid=20835 comm="syz.0.3887" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1427.830650][   T30] audit: type=1400 audit(1765984932.428:1948): avc:  denied  { open } for  pid=20835 comm="syz.0.3887" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[ 1428.209301][T20852] netlink: 296 bytes leftover after parsing attributes in process `syz.5.3889'.
[ 1428.261852][T20856] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3892'.
[ 1428.281677][T20856] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3892'.
[ 1428.420569][T20860] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1428.940846][T20865] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1429.982763][T20870] erspan0 speed is unknown, defaulting to 1000
[ 1430.420080][T20878] netlink: 32 bytes leftover after parsing attributes in process `syz.0.3899'.
[ 1430.818636][T20891] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3903'.
[ 1430.859617][T20891] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3903'.
[ 1431.016596][ T5887] usb 3-1: new high-speed USB device number 82 using dummy_hcd
[ 1432.064234][ T5887] usb 3-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00
[ 1432.131803][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1432.164923][ T5887] usb 3-1: Product: syz
[ 1432.187223][ T5887] usb 3-1: Manufacturer: syz
[ 1432.213727][ T5887] usb 3-1: SerialNumber: syz
[ 1432.330975][ T5887] usb 3-1: config 0 descriptor??
[ 1432.406924][ T5887] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[ 1432.458191][ T5887] usb 3-1: Detected FT4232HP
[ 1433.985272][ T5887] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[ 1433.992433][ T5887] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[ 1434.015312][ T5887] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[ 1434.074304][ T5887] usb 3-1: USB disconnect, device number 82
[ 1434.139194][ T5887] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[ 1434.195775][T20915] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1434.253547][ T5887] ftdi_sio 3-1:0.0: device disconnected
[ 1435.230318][T20919] FAULT_INJECTION: forcing a failure.
[ 1435.230318][T20919] name failslab, interval 1, probability 0, space 0, times 0
[ 1435.336606][T20919] CPU: 1 UID: 0 PID: 20919 Comm: syz.2.3911 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1435.336636][T20919] Tainted: [L]=SOFTLOCKUP
[ 1435.336642][T20919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1435.336653][T20919] Call Trace:
[ 1435.336659][T20919]  <TASK>
[ 1435.336666][T20919]  dump_stack_lvl+0x16c/0x1f0
[ 1435.336694][T20919]  should_fail_ex+0x512/0x640
[ 1435.336719][T20919]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1435.336749][T20919]  should_failslab+0xc2/0x120
[ 1435.336772][T20919]  kmem_cache_alloc_noprof+0x83/0x770
[ 1435.336792][T20919]  ? skb_clone+0x190/0x3f0
[ 1435.336815][T20919]  ? skb_clone+0x190/0x3f0
[ 1435.336831][T20919]  skb_clone+0x190/0x3f0
[ 1435.336855][T20919]  netlink_deliver_tap+0xabd/0xd30
[ 1435.336880][T20919]  netlink_unicast+0x64c/0x870
[ 1435.336906][T20919]  ? __pfx_netlink_unicast+0x10/0x10
[ 1435.336942][T20919]  netlink_sendmsg+0x8c8/0xdd0
[ 1435.336968][T20919]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1435.337000][T20919]  ____sys_sendmsg+0xa5d/0xc30
[ 1435.337023][T20919]  ? copy_msghdr_from_user+0x10a/0x160
[ 1435.337041][T20919]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1435.337070][T20919]  ? __lock_acquire+0x436/0x2890
[ 1435.337094][T20919]  ___sys_sendmsg+0x134/0x1d0
[ 1435.337114][T20919]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1435.337132][T20919]  ? lock_acquire+0x179/0x330
[ 1435.337180][T20919]  __sys_sendmsg+0x16d/0x220
[ 1435.337199][T20919]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1435.337215][T20919]  ? __pfx___schedule+0x10/0x10
[ 1435.337242][T20919]  ? rcu_is_watching+0x12/0xc0
[ 1435.337266][T20919]  do_syscall_64+0xcd/0xf80
[ 1435.337290][T20919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1435.337307][T20919] RIP: 0033:0x7f128498f749
[ 1435.337323][T20919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1435.337339][T20919] RSP: 002b:00007f1285824038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1435.337357][T20919] RAX: ffffffffffffffda RBX: 00007f1284be5fa0 RCX: 00007f128498f749
[ 1435.337368][T20919] RDX: 00000000000000a0 RSI: 0000200000000b80 RDI: 0000000000000003
[ 1435.337378][T20919] RBP: 00007f1285824090 R08: 0000000000000000 R09: 0000000000000000
[ 1435.337388][T20919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1435.337398][T20919] R13: 00007f1284be6038 R14: 00007f1284be5fa0 R15: 00007fffd175c458
[ 1435.337422][T20919]  </TASK>
[ 1436.823340][T20938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3915'.
[ 1436.895151][T20938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3915'.
[ 1436.972835][T13710] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[ 1437.144189][T13710] usb 4-1: Using ep0 maxpacket: 8
[ 1437.161198][T13710] usb 4-1: config 0 has an invalid interface number: 31 but max is 0
[ 1437.498594][T13710] usb 4-1: config 0 has no interface number 0
[ 1437.537703][T13710] usb 4-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[ 1438.242450][   T30] audit: type=1326 audit(1765984942.978:1949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20948 comm="syz.2.3920" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f128498f749 code=0x0
[ 1438.242834][T13710] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1438.575994][T20957] ip6t_rpfilter: unknown options
[ 1438.584150][T20953] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1438.594359][T20958] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3917'.
[ 1438.616263][T13710] usb 4-1: Product: syz
[ 1438.620530][T13710] usb 4-1: Manufacturer: syz
[ 1438.625372][T13710] usb 4-1: SerialNumber: syz
[ 1438.681971][T13710] usb 4-1: config 0 descriptor??
[ 1438.792670][T20963] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3921'.
[ 1439.498780][T20977] erspan0 speed is unknown, defaulting to 1000
[ 1439.521713][T13710] usb 4-1: can't set config #0, error -71
[ 1440.057027][T13710] usb 4-1: USB disconnect, device number 84
[ 1440.316025][T21001] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3929'.
[ 1440.326210][T21001] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3929'.
[ 1441.241437][T21008] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3931'.
[ 1441.385707][T21012] IPVS: fo: UDP 224.0.0.2:0 - no destination available
[ 1442.742967][T11749] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 1443.024122][T11749] usb 1-1: Using ep0 maxpacket: 8
[ 1443.036700][T11749] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1443.051773][T11749] usb 1-1: config 4 has an invalid interface number: 30 but max is 0
[ 1443.079289][T11749] usb 1-1: config 4 has no interface number 0
[ 1443.093810][T11749] usb 1-1: config 4 interface 30 has no altsetting 0
[ 1443.108028][T11749] usb 1-1: string descriptor 0 read error: -22
[ 1443.117169][T11749] usb 1-1: New USB device found, idVendor=9022, idProduct=d484, bcdDevice=ff.88
[ 1443.152733][T11749] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1443.175931][T11749] dvb-usb: found a 'TeVii S482 (tuner 2)' in warm state.
[ 1443.184259][T11749] dw2102: su3000_power_ctrl: 1, initialized 0
[ 1443.191479][T11749] dvb-usb: bulk message failed: -22 (2/0)
[ 1443.198767][   T30] audit: type=1400 audit(1765984947.938:1950): avc:  denied  { ioctl } for  pid=21033 comm="syz.1.3939" path="socket:[78300]" dev="sockfs" ino=78300 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1443.270932][T11749] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1443.284744][T11749] dvbdev: DVB: registering new adapter (TeVii S482 (tuner 2))
[ 1443.307884][T11749] usb 1-1: media controller created
[ 1443.339636][T11749] dvb-usb: bulk message failed: -22 (6/0)
[ 1443.358546][T11749] dw2102: i2c transfer failed.
[ 1443.379386][T21019] dvb-usb: bulk message failed: -22 (1/0)
[ 1443.391755][T21019] dw2102: i2c transfer failed.
[ 1443.401099][T21019] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI
[ 1443.413149][T21019] KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
[ 1443.421550][T21019] CPU: 1 UID: 0 PID: 21019 Comm: syz.0.3934 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1443.432465][T21019] Tainted: [L]=SOFTLOCKUP
[ 1443.436763][T21019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[ 1443.446798][T21019] RIP: 0010:su3000_i2c_transfer+0x52a/0xea0
[ 1443.452683][T21019] Code: 08 0f b6 00 83 e2 07 38 d0 7f 08 84 c0 0f 85 30 08 00 00 48 8d 7d 01 45 0f b6 6c 24 02 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 59 08 00 00 49 8d 7c 24 03
[ 1443.472271][T21019] RSP: 0018:ffffc9000c30fc30 EFLAGS: 00010202
[ 1443.478317][T21019] RAX: 0000000000000002 RBX: ffff88805ed180e0 RCX: ffffc9000cdba000
[ 1443.486267][T21019] RDX: 0000000000000001 RSI: ffffffff87d2a01e RDI: 0000000000000011
[ 1443.494220][T21019] RBP: 0000000000000010 R08: 0000000000000005 R09: 0000000000000000
[ 1443.502168][T21019] R10: 0000000080000000 R11: ffffffffffff8148 R12: ffff88806accfc00
[ 1443.510117][T21019] R13: 0000000000000010 R14: 0000000000000001 R15: dffffc0000000000
[ 1443.518068][T21019] FS:  00007f39941a26c0(0000) GS:ffff8881249f6000(0000) knlGS:0000000000000000
[ 1443.526975][T21019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1443.533539][T21019] CR2: 00007f6327251761 CR3: 000000004b862000 CR4: 00000000003526f0
[ 1443.541491][T21019] Call Trace:
[ 1443.544753][T21019]  <TASK>
[ 1443.547666][T21019]  __i2c_transfer+0x6b6/0x2100
[ 1443.552413][T21019]  ? task_blocks_on_rt_mutex.constprop.0.isra.0+0x1be7/0x1cc0
[ 1443.559862][T21019]  ? __pfx___i2c_transfer+0x10/0x10
[ 1443.565042][T21019]  i2c_transfer+0x1da/0x380
[ 1443.569532][T21019]  i2cdev_ioctl_rdwr+0x373/0x710
[ 1443.574541][T21019]  i2cdev_ioctl+0x628/0x840
[ 1443.579032][T21019]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1443.584044][T21019]  ? selinux_file_ioctl+0x180/0x270
[ 1443.589233][T21019]  ? __pfx_i2cdev_ioctl+0x10/0x10
[ 1443.594240][T21019]  __x64_sys_ioctl+0x18e/0x210
[ 1443.598989][T21019]  do_syscall_64+0xcd/0xf80
[ 1443.603474][T21019]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1443.609435][T21019] RIP: 0033:0x7f399338f749
[ 1443.613838][T21019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1443.633426][T21019] RSP: 002b:00007f39941a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1443.641819][T21019] RAX: ffffffffffffffda RBX: 00007f39935e5fa0 RCX: 00007f399338f749
[ 1443.649769][T21019] RDX: 0000200000000080 RSI: 0000000000000707 RDI: 0000000000000004
[ 1443.657715][T21019] RBP: 00007f3993413f91 R08: 0000000000000000 R09: 0000000000000000
[ 1443.665662][T21019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1443.673611][T21019] R13: 00007f39935e6038 R14: 00007f39935e5fa0 R15: 00007ffdcc3d11e8
[ 1443.681563][T21019]  </TASK>
[ 1443.684558][T21019] Modules linked in:
[ 1443.689401][T21019] ---[ end trace 0000000000000000 ]---
[ 1443.776410][   T30] audit: type=1400 audit(1765984948.518:1951): avc:  denied  { read } for  pid=5168 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1443.800968][T21019] RIP: 0010:su3000_i2c_transfer+0x52a/0xea0
[ 1443.809338][T21019] Code: 08 0f b6 00 83 e2 07 38 d0 7f 08 84 c0 0f 85 30 08 00 00 48 8d 7d 01 45 0f b6 6c 24 02 48 89 f8 48 89 fa 48 c1 e8 03 83 e2 07 <42> 0f b6 04 38 38 d0 7f 08 84 c0 0f 85 59 08 00 00 49 8d 7c 24 03
[ 1443.854139][   T30] audit: type=1400 audit(1765984948.518:1952): avc:  denied  { search } for  pid=5168 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1443.876185][T21019] RSP: 0018:ffffc9000c30fc30 EFLAGS: 00010202
[ 1443.894132][T21019] RAX: 0000000000000002 RBX: ffff88805ed180e0 RCX: ffffc9000cdba000
[ 1443.902808][T21019] RDX: 0000000000000001 RSI: ffffffff87d2a01e RDI: 0000000000000011
[ 1443.904086][   T30] audit: type=1400 audit(1765984948.518:1953): avc:  denied  { search } for  pid=5168 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1443.911570][T21019] RBP: 0000000000000010 R08: 0000000000000005 R09: 0000000000000000
[ 1443.946172][T21019] R10: 0000000080000000 R11: ffffffffffff8148 R12: ffff88806accfc00
[ 1443.954962][T21019] R13: 0000000000000010 R14: 0000000000000001 R15: dffffc0000000000
[ 1443.963034][T21019] FS:  00007f39941a26c0(0000) GS:ffff8881249f6000(0000) knlGS:0000000000000000
[ 1443.972010][   T30] audit: type=1400 audit(1765984948.518:1954): avc:  denied  { add_name } for  pid=5168 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1443.972042][   T30] audit: type=1400 audit(1765984948.518:1955): avc:  denied  { create } for  pid=5168 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1443.972068][   T30] audit: type=1400 audit(1765984948.518:1956): avc:  denied  { append open } for  pid=5168 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1443.996255][T21019] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1444.015172][   T30] audit: type=1400 audit(1765984948.518:1957): avc:  denied  { getattr } for  pid=5168 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1444.040177][T21019] CR2: 000000110c375679 CR3: 000000004b862000 CR4: 00000000003526f0
[ 1444.075861][T21043] FAULT_INJECTION: forcing a failure.
[ 1444.075861][T21043] name failslab, interval 1, probability 0, space 0, times 0
[ 1444.076284][   T30] audit: type=1400 audit(1765984948.788:1958): avc:  denied  { prog_load } for  pid=21039 comm="syz.1.3941" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[ 1444.089118][T21019] Kernel panic - not syncing: Fatal exception
[ 1444.108102][T21019] Kernel Offset: disabled