last executing test programs:

2m45.502817317s ago: executing program 3 (id=741):
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
setrlimit(0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, 0x0, &(0x7f0000000400))
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70)

2m44.222143476s ago: executing program 3 (id=745):
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYBLOB='\x00\x00\x00\x00\x00\x00'], 0x50)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x8, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000300)={0x41, 0x2, 0x0, "444900d730faa901000000000000000000f789981008d7b15b5700e46b8be100", 0x50424752})
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
r4 = dup(r3)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, 0x0, &(0x7f00000002c0))
ioctl$TIOCL_SETSEL(r4, 0x541c, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000001b00)=ANY=[], 0x20}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)
socket$kcm(0x10, 0x5, 0x10)
r6 = socket(0x2, 0x3, 0x6)
sendto$inet(r6, &(0x7f0000000240)="490000800081a8fba96f00ef95da0c9f0f09d841", 0x14, 0x4840, &(0x7f0000002400)={0x2, 0x4e20, @multicast2}, 0x10)
syz_extract_tcp_res(0x0, 0x0, 0x10000)
syz_usb_connect(0x5, 0x2d, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)

2m42.698462897s ago: executing program 3 (id=749):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a38000000030a03000000f0ff00000000020000050900010073797a30004000000c0002400000000000000001"], 0x60}}, 0x0)

2m42.503188285s ago: executing program 3 (id=752):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x8c}, @NFTA_EXTHDR_SREG={0x8, 0x7, 0x1, 0x0, 0xe}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x89}]}}}]}]}], {0x14}}, 0x8c}, 0x1, 0x0, 0x0, 0x8080}, 0x0) (fail_nth: 1)

2m42.041194359s ago: executing program 3 (id=755):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0}, 0x9}, {{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}, 0x8}], 0x2, 0x10002, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x24}}, 0x0)

2m40.809725131s ago: executing program 3 (id=759):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340), &(0x7f0000000280))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRESOCT=r0], &(0x7f0000000600)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x502, 0x41)
r3 = fanotify_init(0x8, 0x80000)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000001c0)={0x9, 0x2, 0x1})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x8, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'BRTI'}, 0x0, 0x1, {}, 0xc93})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058560f, &(0x7f0000000a40)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68ab0498"}, 0x0, 0x1, {0x0}})
fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200448d1}, 0x20040080)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c00028008000140000000020800024000000001050003000000000020000180070001006374000014000280080002400000000d080004400000000c0900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r6, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_DO_IT(r6, 0xab03)

2m24.775750074s ago: executing program 32 (id=759):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000980)={0x0, 0x5885, 0x80, 0x10000000}, &(0x7f0000000340), &(0x7f0000000280))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32=r0, @ANYRESOCT=r0], &(0x7f0000000600)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x502, 0x41)
r3 = fanotify_init(0x8, 0x80000)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, &(0x7f00000001c0)={0x9, 0x2, 0x1})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000000080)=@mmap={0x0, 0x2, 0x4, 0x8, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'BRTI'}, 0x0, 0x1, {}, 0xc93})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r4, 0xc058560f, &(0x7f0000000a40)=@multiplanar_mmap={0x0, 0x2, 0x4, 0xffffff7f, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "68ab0498"}, 0x0, 0x1, {0x0}})
fanotify_mark(r3, 0x105, 0x4800003a, r2, 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x8, 0x1000000000003, 0x5, 0x8, 0x3, 0x1, {0x5, 0x17f, 0x20ff, 0x5, 0x89, 0xd615, 0xb, 0x7fffffff, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x3ff, 0x1}}, {0x0, 0x13}}}, 0xa0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x200448d1}, 0x20040080)
sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b0400000000000000000200fffe4c0004802800018007000100637400001c00028008000140000000020800024000000001050003000000000020000180070001006374000014000280080002400000000d080004400000000c0900010073797a30000000000900020073797a32"], 0xa0}, 0x1, 0x0, 0x0, 0x840}, 0x0)
move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = syz_open_dev$ndb(&(0x7f0000000040), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r6, 0xab07, 0x80000000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r6, 0xab00, r7)
ioctl$NBD_DO_IT(r6, 0xab03)

1m2.385118611s ago: executing program 0 (id=1102):
fsopen(&(0x7f00000000c0)='ceph\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$sndpcmc(0x0, 0x8, 0x14100)
shutdown(0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @in6={0xa, 0x4e20, 0x0, @loopback, 0x3}]}, &(0x7f0000000180)=0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000280), 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x40002)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x34, 0x0, 0x1, 0x0, 0x0, {{}, {}, {0x18, 0x17, {0x4000000, 0x0, @l2={'eth', 0x3a, 'ipvlan1\x00'}}}}}, 0x34}}, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040effff2820"], 0x7)
syz_usb_connect(0x0, 0x5f, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902", @ANYRES16, @ANYRES32], 0x0)

59.285127731s ago: executing program 0 (id=1109):
r0 = syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180))
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000000c0)={0x0, 0x1, 0x10, 0x0, 0x2, 0x2080, 0x6ae0})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x18)
io_setup(0x2, &(0x7f0000000200)=<r3=>0x0)
r4 = eventfd2(0x4, 0x80000)
io_getevents(r3, 0x1, 0x1, &(0x7f0000000400)=[{}], 0x0)
io_submit(r3, 0x1, &(0x7f0000000680)=[&(0x7f0000000000)={0x1802, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x3, r4}])
syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800)
socket(0x10, 0x803, 0x0)
clock_gettime(0x0, &(0x7f0000000280))
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
syz_open_dev$swradio(&(0x7f0000000080), 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
syz_io_uring_setup(0x4172, &(0x7f0000000780), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0xd)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f0000000040)={0x3ff}, 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000080))

58.91393168s ago: executing program 0 (id=1111):
socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
setrlimit(0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, &(0x7f0000000500)=""/214, &(0x7f0000000400)=0xd6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x6b, 0x11, 0x32}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit={0x95, 0x0, 0x33}], {0x95, 0x0, 0x5a5}}, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)

57.866473213s ago: executing program 0 (id=1114):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r0, &(0x7f00000000c0), 0x10)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f00000014c0)={0x2, 0x0, &(0x7f0000000140)={&(0x7f0000001500)={0x2, 0x18, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x5, 0x6c, 0x0, 0x0, @in6={0xa, 0x4e20, 0x3, @dev={0xfe, 0x80, '\x00', 0x14}, 0x431b}}]}, 0x38}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x7c, r3, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfffffc01}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x100}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x3ae7}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x30, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@loopback}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x7}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x8000}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000001600)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x4, [@struct={0x0, 0x0, 0x0, 0x4, 0x0, 0x43000000}, @union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x2, 0x1, 0xfffffffe}]}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x40, 0x0, 0x1}, 0x28)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r5, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xe}, {}, {0x8, 0xffff}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ENC_KEY_ID={0x8, 0x1a, 0x100}]}}]}, 0x3c}}, 0x4000)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', <r7=>0x0})
sendto$packet(r5, &(0x7f0000000180)="10030600e0ff020004004788aa96a13bb100001100007fca1a00", 0x10608, 0x0, &(0x7f0000000140)={0x11, 0x0, r7}, 0x14)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r8 = open(&(0x7f0000000040)='./bus\x00', 0x1c1242, 0x0)
r9 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
sendfile(r9, r8, 0x0, 0x7ffff000)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000700)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = syz_clone(0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$unix(r10, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000ac0)=[@cred={{0x1c, 0x1, 0x2, {r11, 0xee00, 0xee01}}}, @rights={{0x14, 0x1, 0x1, [r4]}}], 0x38, 0x4040}, 0x40040)
statfs(&(0x7f0000000280)='./file1\x00', &(0x7f0000000380)=""/76)
sendto$l2tp(r0, &(0x7f0000000040)="e5786a0d000000000000c83b", 0x5d, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
recvfrom$l2tp(r0, 0x0, 0xffffff9c, 0x40010162, 0x0, 0x0)

57.637135025s ago: executing program 0 (id=1117):
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
socket$unix(0x1, 0x5, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r1, 0x8926, 0xffffffffffff7ffe)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r5, 0x4048aecb, &(0x7f0000000080)=ANY=[])
syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000080))
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000540))
lseek(r2, 0xa, 0x4)
userfaultfd(0x801)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

56.817039467s ago: executing program 0 (id=1121):
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5)
mknod(&(0x7f00000000c0)='./file0\x00', 0x100, 0x8)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpu.stat\x00', 0xf000, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000000)={0x4000, 0x4000, 0x11})

56.14895965s ago: executing program 33 (id=1121):
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000004c0)='cgroup2\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0xd5)
mknod(&(0x7f00000000c0)='./file0\x00', 0x100, 0x8)
openat$cgroup_ro(r0, &(0x7f0000000040)='cpu.stat\x00', 0xf000, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000000)={0x4000, 0x4000, 0x11})

12.236578549s ago: executing program 5 (id=1263):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
unshare(0x20000400)
unshare(0x68020080)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x3fe3aa0262d8c583, 0x4000000, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0xebaea3d5279c9aee}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x4, 0x2, 0xffffffff}}]}, 0x38}}, 0x0)
r3 = creat(&(0x7f0000000080)='./file0\x00', 0xecf86c37d53049cc)
write$binfmt_script(r3, &(0x7f00000003c0)={'#! ', './file0', [{0x20, '\x86\x81\t\n\xac\"\xff4l\xaa\x91\xec\x99M.p\xdc4\x0e\x1c\xdf\xd3\xd4\x8d\xad\x99\x1c\xae\xb2vt\r@0K\x989\x1c\xd7%\x82\x94\x05\x06\xbeJ\x90\xd8&\xa6?~\x88\x01;\r7\xdf\xb7\xfb\x85\x133\x17I\xb4\xbc`7\xda\x91\xefP<f\xdcJ\xcf\xf9\xb1&M\xb9\x88\x8cK6\x89\xe9\xfa\xbfCN\x15\xa1M\xe67\xf5\x0e\a\x061\xb0\x00\xfc~<\xf3Eg\xcd\xd9\xa8\xf0\xbdw\xc6?Vs'}]}, 0x85)
fcntl$setstatus(r3, 0x4, 0x2800)
unshare(0xc040480)
socket$netlink(0x10, 0x3, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), r4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000000)={0x60, r5, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0x5555555555550001}}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x2}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0202}}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_WPAN_PHY={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x2}, 0x300048c0)
close(r3)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect$cdc_ncm(0x6, 0xf3, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xe1, 0x2, 0x1, 0x11, 0x20, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x1, "4812987e"}, {0x5, 0x24, 0x0, 0xdf}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0x3, 0x5}, {0x6, 0x24, 0x1a, 0x401, 0x14}, [@mdlm_detail={0x6e, 0x24, 0x13, 0xee, "518feaf0692c135da9476dc0a5eef1567e69a81e949fcd31f4f7d3c3b4a03d43334ecee80f3f7f40ef9a41d4cc2b43f7aa3d305c6fc23775f803abf2a9fa26b1f5b65555ccd23da8bb42fee32af87080a01fb92dc3d08a95ee561798b7881364c756175786ab8d696ff5"}, @network_terminal={0x7, 0x24, 0xa, 0x5, 0x7, 0x2, 0x80}, @mbim={0xc, 0x24, 0x1b, 0x401, 0x3, 0x5, 0x7, 0x1, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xf1, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x26, 0x0, 0x7}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x41015500, &(0x7f0000000500))
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00'})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000340)={{0x1, 0x1, 0x18, r3}, './file0\x00'})

11.249792904s ago: executing program 5 (id=1265):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58)
r1 = inotify_init()
r2 = inotify_add_watch(r1, &(0x7f0000000280)='.\x00', 0x25000001)
inotify_rm_watch(r1, r2)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c2009d6f18ae7b8c867104151a02ce6b164af9a7b62c8a8c911655331a91c066ebe53eeff6f2fbc56c75fb690d497dcaf9210e4c2c6b6d9d1b6edaa7", 0x52)
accept4(r0, 0x0, 0x0, 0x800)
timer_create(0x3, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ae8000000000a01010000000000000000050000000900010073797a3000000000ba000600e9eec003775c64e64f439fc0b5fb34bcd039590bba579a25436e11f718b64e3e01796b9e930a3d8eefa0bccf8429a311f3ce5ec5a0a7bb9e08c60e03cbcdd726725fb9b1bd1000cf2a77ab6ab91f2294632773ea59b8de2361cdd8045c5fdb81611e843cb814e4cfe672542287ebd3b2ed48dca1a08690b05bb9bbbcc05551bd05e4c6e0625fcae04323e0f29dbad3c57456d2ca020462188e1236ebe6da1442c71ab0a8ebfaacef2710111417370a0f8cd19c5f9e1a00000900010073797a300000000014010000030a"], 0x238}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xc, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r4, 0x0, 0xc8, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a1d010000000000000000020000000900010073797a3000000000080002400000000098000000030a01020000000000000000020000000900010073797a30000000000900030073797a32000000006b00030091abc12404d0c4c731b168d80d1f7f1dbb33f596"], 0xfc}, 0x1, 0x0, 0x0, 0x40010}, 0x4000115)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, &(0x7f0000000080))
r5 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r5, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
r6 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
pwritev(r6, &(0x7f0000000780)=[{&(0x7f00000001c0)="8b7b0aec79948004bb372b0227fdbd55f6f2402b396957fcdf7791e956bea518d131d3b4f5b2ad5202ce", 0x2a}, {0x0}], 0x2, 0x0, 0x9)
r7 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r8 = dup(r7)
write$6lowpan_enable(r8, &(0x7f0000000000)='0', 0xfffffd2c)
r9 = syz_io_uring_setup(0x23b, &(0x7f0000000200)={0x0, 0x9e60, 0x10100, 0x0, 0x0, 0x0, r8}, &(0x7f00000000c0)=<r10=>0x0, &(0x7f0000000340)=<r11=>0x0)
syz_io_uring_submit(r10, r11, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r9, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r12=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
splice(r12, 0x0, r13, 0x0, 0x7, 0x0)
r14 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r14, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32, @ANYBLOB="20000100", @ANYRES32, @ANYBLOB="000000deff"], 0x38}, 0x1, 0x0, 0x0, 0x90010}, 0x0)

9.715999167s ago: executing program 6 (id=1273):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r4 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x90000, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f0000000300)={'sit0\x00', &(0x7f0000000180)={'syztnl1\x00', 0x0, 0x7, 0x700, 0x6, 0xb, {{0x7, 0x4, 0x3, 0x38, 0x1c, 0x66, 0x0, 0x48, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x18}, @broadcast, {[@end, @ssrr={0x89, 0x7, 0xa2, [@multicast2]}]}}}}})
unshare(0x20000400)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000090000402505a8a440000102030109021b00010100000009040000020701010009050102"], 0x0)
syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000000)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0xfffffffffffffc4a}})
syz_open_dev$char_usb(0xc, 0xb4, 0x2000000)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r7 = syz_open_procfs(0x0, &(0x7f0000002140)='fdinfo\x00')
syz_usb_disconnect(r6)
ioctl$SNDCTL_DSP_GETBLKSIZE(r7, 0xc0045004, 0x0)
r8 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@map=r8, r5, 0x7}, 0x10)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)

8.101252859s ago: executing program 1 (id=1279):
r0 = socket$kcm(0x10, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x4002)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_UNLINK(r3, 0x40044160, 0x3)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x1f)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a001000000002800000121f", 0x2e}], 0x1}, 0x0)
pipe(&(0x7f0000000280)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f0000000200)={<r5=>0x0})
ioctl$DRM_IOCTL_RM_CTX(r4, 0xc0086421, &(0x7f00000002c0)={r5, 0x2})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
splice(r6, 0x0, r7, 0x0, 0xf3a, 0x0)
write(r4, &(0x7f0000000240)="94", 0x1)

7.795444083s ago: executing program 5 (id=1282):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e22, @empty}, 0x10)
listen(r0, 0x1ff)
sendto$inet(r0, &(0x7f00000004c0)="ab", 0x1, 0x20c0, &(0x7f00000001c0)={0x2, 0x4e22, @loopback=0x7f0000c0}, 0x10)

7.457229027s ago: executing program 6 (id=1284):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0) (async)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x40, 0x3, 0x5, 0xffff}, 0x8, 0x0, 0x0, 0x0, 0x1, 0x10003, 0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000580)={0x2c, r3, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}]}]}, 0x2c}}, 0x40)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106) (async)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1bfde, 0xe1}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IP6TABLES={0x5}, @IFLA_BR_PRIORITY={0x6, 0x6, 0x6}, @IFLA_BR_MCAST_STARTUP_QUERY_CNT={0x8, 0x1d, 0x80}]}}}]}, 0x4c}}, 0x0)
r7 = socket(0x40000000015, 0x805, 0x0)
getsockopt(r7, 0x114, 0x5, 0x0, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x101842, 0x0) (async)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) (async)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
r8 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) (async)
connect$inet(r4, &(0x7f0000000340)={0x2, 0x4e24, @loopback}, 0x10) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newtaction={0x148, 0x30, 0x1, 0x0, 0x0, {}, [{0x134, 0x1, [@m_csum={0x130, 0x6, 0x0, 0x0, {{0x9}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1ff, 0x8, 0xffffffffffffffff, 0xc9, 0x7}, 0x1e}}, @TCA_CSUM_PARMS={0x1c, 0x1, {{0x2, 0xfffffeff, 0x5, 0x5, 0x2}, 0x12}}]}, {0xcc, 0x6, "1d481fa8378872069fdff9ce21ce913e5eb43e73003352dfcf400452263cfb6d9eda5d5330c71867e87285643d81dcf4273c3ebe4ee54ab317c63e6cc4ec715388a9e8643db24a79f6b12e81f562e97732af6ef0e87dfa700133664d5879814f1e8c43a38870b5a2024798e2039d7062dc7085c02b73e429c98a6d861e5a3dce8467273b1fde9bc49f53681af26c0b50c16beb7f0f5c891a46259ff7c4ee7c2f2b5b994eeb62f9247bc5b754c3b0ab21ead4ee585f364590dc054de5abc6d28b1031e887949292f1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x148}}, 0x0) (async)
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_TRANSLATE(r9, 0xc018ae85, &(0x7f0000000000)={0xffff1000, 0x2000, 0x2, 0xe7})

6.768941038s ago: executing program 6 (id=1285):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r1, 0x0, &(0x7f0000000480)={0x53, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7})
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs})
r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f00000004c0), 0x12)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r1)
close_range(r0, 0xffffffffffffffff, 0x0)

6.7681045s ago: executing program 5 (id=1287):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000040008b404a1bc00000000000109022400010000000009040008010300000009210400020122030009058103"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(0xffffffffffffffff, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200000, 0x2623f0, 0x8000334e8b})
r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="12010000b1bd2f087d0403508c2f010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f00000000c0)={0x14, &(0x7f0000000440)=ANY=[@ANYRES64=r0], 0x0}, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008a04"])
r3 = socket$inet6(0xa, 0x5, 0x0)
listen(r3, 0x4d)
listen(r3, 0x0)
listen(r3, 0x40004)
syz_usb_control_io$cdc_ecm(r1, &(0x7f00000000c0)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="402306"], 0x0}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000180)={0x1, &(0x7f0000000140)=[{0x1ff, 0xf7, 0x1, 0x7}]})
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r4 = syz_usb_connect(0x3, 0x36, &(0x7f0000000300)=ANY=[], 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYRESHEX, @ANYRESOCT=r6], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x44800)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x0, @empty, 0x4000006}, 0x1c)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0)
listen(0xffffffffffffffff, 0xfffffffe)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_open_procfs(0x0, &(0x7f0000000200)='attr/current\x00')
readv(r7, &(0x7f0000001440)=[{&(0x7f0000000040)=""/20, 0x5}, {0x0, 0x2}], 0x2)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000480)=ANY=[@ANYRES32=r2, @ANYRESHEX=r7, @ANYBLOB="19323a5b2088a4ac51ef810409e9565c30bceeebc21b5aebb62e235d392167896245fdd6f5a73c8dbb0445dc1b822171fef87b1caa0ee770744204fe1577eb547ead5f16ded27bdba399d91b8a6d65adbc2dbb499940409ca88780b942b63cfde8f3202eb4878071a7056f751df5b4c1", @ANYRESDEC=r4], 0x0)

6.704146281s ago: executing program 4 (id=1288):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB="7800000010000304000000000000000000007400", @ANYRES32=0x0, @ANYBLOB="00000000600000005800128008000100677470004c00028008000100", @ANYRES32=r0], 0x78}}, 0x20000800)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x3f, &(0x7f0000000180)={@broadcast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1c}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x6, 0x31, 0x1, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x1, 0x4e20, 0x1d, 0x0, @opaque="200000000000000000b222965143313d9126e3f43f"}}}}}, 0x0)

6.223015385s ago: executing program 4 (id=1289):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = creat(0x0, 0x0)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="020000000000000002000000e0"], 0x190)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="020000000000000002000000e001"], 0x190)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r2, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000280)='kfree\x00', r1, 0x0, 0x3}, 0x18)
r5 = socket$xdp(0x2c, 0x3, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f00000ad000/0x3000)=nil)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), r3)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYRES16=r6, @ANYBLOB="020029bd7000fedbdf25810000000c00990000000000530000000e003300c4000900ffffffffffff0000060066000d000000040067000400670006006600e41500007300330048b1a500080211000001ffffffffffff0802110000014553120088418ab964d66c0521eb7d03df9287e5c2c4d6f2d22df2554412edce8da94d4fe3fedd29b9d589dc1a475ad22066e5786bdcf5aff193c074da48ce553d102bbabc5286bdcc39c89bb2362efd7b16899cd98a02a53d00"], 0xbc}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000084)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x201000, 0x1000}, 0x20)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000095000000000001004000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r8)
sendmsg$ETHTOOL_MSG_STRSET_GET(r8, &(0x7f0000002680)={0x0, 0x0, &(0x7f0000002640)={&(0x7f0000000600)={0x2c, r9, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000800}, 0x4000)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="dc1000003e000701feffffff00000000017c00000800428004000800b810018006000600800a000038102080b3f5502e3f49bbd161b96d3e3f351635030c6a8e6ec97e54fe89e00c3d869057340f8b8470cf9c041092005610a059d34c8c220d1d0b4867978f622f795279382db86fed00b3a59a5e3118d0073db5696b61ed9bcc52b8eb3e5dca837128e3ee5157d166f323b6ba2fdc6f5489f4df0fb50854fca9adb67c0be007cc3b637559909adf81403d36acfc547b13deb8f100edb9eb828b7ea2bab9945fe24b60429ec2548b5c273d3c9b34977ad6765603a76996aa236dca3f15b09b6ffb85712c444ac49c50d1c5d740d7087c609e732a15d8455598825162b5b79c9391e89f40db3bf165bf4c0583aed81026b2d0fa7d7961cd97acca6d7a81f4af44781676718ac2c09a5c9266733928e1beebbaef4932337218d82aec9e8b039688c99ca844b48e0f2c70744eb7785c6a93c4d9849c1530d56c93c277b97bb31368635a6210217522dc0bcc3b03597ecdffd073653aba43676bca30c717d0e951b7871a4246404ff29718bd4fcb6d4753f5871d1c1cef0a04f205199137440c1d23c3d3d54e0f56d188e7d3b79019523bee9585a345f937295d7c9430fa2712520110d70a406a52053dfe026b6cf8e2327296d8f3af0a98af0313367c4f5c5fc6ef8d22d3325f2712f491ad8451cdc8d4258fe8b4013200d3f971bcbd9e0ec39df690d4dd5a43efa182f1fd8b9b563ecc67ed1e0ba845a2daca527bc363797a59b89b97a69d4895cff8f7360e1f61c05ed730d769ab57fedc4869a17e6d36f71181975233f3fdc3b20b02dfc55f20724636f566d381667a56926f3d4fad3aae32f87d3b8cb68afcbc48ddd3f8358343672196f6851e7864ccc790093c62b64ecffb3e192e369b73b1a5abff47fc1bdd53e02551999644c930ffd59f4da7ff7dd2d76556b99108aa03edd4bbae92f802ac7434642ca89a9b79dea5f31b1f28a9b56b67e7fedb73b2a6165e2f39ca58592a22084e8c74accb3fa10a51ba57aa56acb6e3bebce201626a16f637ed367f38cf1a798202e2e8687b0e9d3e63015daed0a161f25d0e91cce0543aaef26a9b623fb0d549c5dd47fddb230d709f4655ea9eafb24d61aa6a9a2d36f290b75e9810f5302ff29b4d07de40f265c17523d0fc305a5ca203aef61c9b2c1a2e78bf453e74721f0a7c48cb43194b8e53427b17bc06d71e94a7aebc58e015de75c1fd864ad5e5c877b80517579368124a4e792a3287e0380d6710e138fe2959f67c768a970cbab62e6361690e8c89d0989ed200b1651d7cce964e2454f6a0732457c5036a1097b1eaf2cfc2de1696af4b742a450b6a0fcf97754e1dbc7884abe0f7759ef5a985decc21b91eda1e714725470ab4a911b23d4b94ccc49f63585e591c289efe4b33d4ffdbabec06546f30886e31429d5c93ed4ed01139b9f063e255ce7d53999c662704375745bb2a5ce96aa81a7ced635088df89302f4d3ada2679dd9828885c3487a6fd6c431a9d416d6ee013be5e0082530225fa7519d2d1a0ea1343eca421bf4311a435afc9150ce9d7cd8783e2340547fc64c0386cc50b481aef98b9e324f3f62a3ced5097223391a1d93a78e003707d6f15019be64f8a9f206aaf3a880ab8b7a2b9bf0ebd8168cad864b36d9c18a30dea2161251c198e6996f7bf4446e75a844f4ffcc97be666dec2d1917335628dd33da07dcb7f26f36aa881f76dad2d010654b5edb2ea83088de742adc36ef1e79f0d03bd2dcf7fc9718f2263e7088a3703d6e1d996f49e38f7ab001ca571d5b0898d91e456f0f3292ade1a6634ef1290f81af76aacb2979656fe74f7260804044d26e0aa0aecd1888c22350074a70f6c9e145435fc6fef442be1d087eed43f40f34488fecfad3094785ba45f4c8e78790455e50d63f028700f03eb71f1bc4682b1a11f35028f1e50badc4168eac2930a4e0cdaabbd1490d37be86045835792d74158d4a7877ece14c34900714b6d10326318bd1ddfdcd9b54c15443aac6be3665bbb51afdbaaea9b964397a9f1e20f38ad8932eca43e67a8e2ac110e7b4b1e06ef2bfe0c54a991c4db9fc057dc481b2b058b43b7d45ee8393eb922ab2af58d660e6e659726b114ddff0a5ecd45d029a815026e6dcbb9594f61106122144d2506059925062e8c95125c4f710486b608869b7c5c54c26c87a3749e095f729fffe1276d681527243742764d7313edcf8ee3d16fdfff84295d19aed32ceaaa855a4db733e118d45fc74e9e48096f8639081340cff07405241d611ce78ce7fda92166c7d4661ec753540ac5de803e0a8e226d87e9f865f02cec07ba62f6be554d121bead73d09f9f8eeb64c588089cddf8c1a7d3fc418c124c03b82a45dbfd04bf0643488133236b2ad7aa05f5830dfce2a2678fff10178f0b6d37264ca1a8c26e75635124a6b596949afc2d244caf1a03e14302c184fa477dc2266b4da3837dfb9989a1b8ddf9e24e9875aa8695d3434ae4409c82d7455a719dfb564becc6a5e74369237639389e548c3e559cfa669fca8a9565596ee8214f373d42ee0e43ae944dbc43bf927d3e960f14bf696770ca0a00636dd5b1b00aa2dc42ab9fb3781deb72df0d42c0cce04f2cfa8d13714f234bc5d24990c780c7398bffa9e64afe05bea92a1d1b34665f84d473f364dc1d60f3a1980be3f13d05fe9ab083ad6a7470f92709367930351c2b57829f0636a6665bab0303e0d3979e83c1a971de06f5d0c207f5e053e94c5f2b939962704a94d49c4f4b9199676235e22bd7d8bd149ed2551dcc79834f391964070afb4ccb4dc1f3035630fbd077fe93cc5982217c8228477806c05d4a0cd728ca06b672625a648111db157386cbb78da359c9fe216c8179b09ff5a77091e3f42b0224d0eb0ae7a9722bfc42308d2f08d2b6ff6684bf1870398d55462eb9713d9ce139585bd2d55144a6708f3ce86bc239eab6ea1c06c9a06af749b7581cd14882dcf89874108aa86cd305f41f8c6285454df09f34c61183bc1f7499f3a05a185f40e6ba3eb65e9e1850efe2676b2ec9cc2e64996bf60d6f16287e9d4663808a260f87c4dc377d6f263df7266182caedb644c56da0ef0c0b271e31256e1994037db62a18d66a96620604f4e7a43b8e353d520230e01536faf8cc920385eca7769e89bfecadbd71093d8c5c0fd25207d9efbd3a6722202ee3b1a0da019b7006da0891d18abe4a8af9ef4bf311d95c48ead0f44c826f67096ad46a6c48a6f1f69f27a95f5cfc2e4f23e1408f15ceff9d413b514ed679bd695d0cc340a2f7d711ba050fdb4c159eb309b34c4eea3066373354083edcebd9ce7edae65f4e792f26f447d4615cbd5f51ade0f77a210ca29e6f33d928d55f1a07ce0180494f3cbdd0feb39aeaeb05d480ac291178d37224ff8155922ef50ddd4a9c4a6c10726fa6012dee7b87cc0a25f01dc273fe205d41166cccd1af4b3cfa12f03e3380c7f351d1f7d8435836acc43ac1ed60bf08a635431ff317ac6506dc293f8c2320294df3c062a930c6de4e5118d89304b093308bdb422722371a612ea6a80273f59c34ee7d5f5c8eb3711d888bc9f6b591ada92a03d8738a7fe8709f1c82efdfafdc5e3887ec744374872743f358b66603c3badce42267006663fbde835ce05ac3ce4ed863a45c269e1a244ba07cb34dcf212ae67aee03873157ce4de62b10839988e7178ef13a1a7a9137406ae049f069e61a30ac9a5e01c292b93ec9124de6aefab2e0a6b96168ba03e036c379ea0dd289cc5bb6b3a5a3016f9a2e44ca297e57978ce3528c728efa8ac7d33e8f32caeb4d5acb683b08955593d2c3c66b151c3b564d2e89a949c56a136bc7a28fd34427a04455e71735c8e29cfcce47e6e1520ab2b8f05da260e9c1db2b657a31907c0587947ccd8c811dca22d45bc02f010191f706c105f151bee70351ee8ddce609aa672effdc339421ec64501993b2e837daffc73d3d718eada3465317012287d4b75417dc6db53e7674549c5e4eec25486989a0625372ac26fd04217cd7b0d93c6aa62046b25361969db04a433f622d8d5f5a9121c0737fe511ff924937c577039572e53ff26ff5769cea0830bb3f5aa64900e800cfd473ad6eceb0f852aa52ccfc6dfa5031d21ab04f23b15983c04d2aa0da50de15cbb380ef270e4d280806786897fdc426b694a16bd664965219759209646c81cfa01f79f202f33471b7628f3d47f8db9dcd7262aab93d6385a4001c83645e25449ab220b3e8618d6a70f85a357cd7a881a3449fdecfa86601c49da0ee652d95aaac0808e9c458d46982a30f21ff381d2dd2c2f10a240d64decc0066c19dc8f0e7b476fc5899388adb7123973081351a5d20892b12aa227c568d45b80e0557d83f16e5f554c2b5a536d1f0d5ebaa158bb47a94d3415e22c814ea34dec89f949da60ed22507ab48c61d2617bf2af88494fa440defdd928ebecc27a516efe3bb6d1c66a369fdc43dfb9961a55e79f3edcc2336e4ea115a9d34453305269b4b465e049df8a8ca637f61c6371e0c5bdbc0cbcc2942f4d8bd74e478388b90015faf8cb560d10f429326cf869c09ef881395195c1db1e20cab41cc46bfae1189f0289f94ff363c768afff0ed7fb1e2a65fb014e8fa4dc3805e06b64783ef5fe1c2603a34f4323f2a96a2d6f5448f88fe493095c0b3416dacbc981f4f7e9ede557f1dc1b667a82d1475ebaff4b200381715f3a0082d8d598955678071bcc32e49e97182bcbe0a4af63e1f9cbde7095b3f92721554c024b018392e75d447d382cce26b2b7d06398be6934cb094fae3df45f79f60d14a30ce8967b4dc79056df2bee235b20678e1a13620a99fe1540c5c7b07c029225aed27ce9a227ce7beba1ee82a66314edf5dd1ee32c774f52e7f6fccbb81f8b16624966914b6aed3f3c46d56ecfd814f4c0e54e47af6bcb9ef4c2112e68fa1ecbad76df94ad3d20ed14242f0602464fddfcb10a0bda39466a98caa7f74406a61afbf756037d473c12aaa62bd073dd5e0ac7b3cea8e9b3ece5dfc57f7ef8686e0c995ae058f3cf4e06ad698ed6acaf035d02d3370aff119d6a20ddc164e4aab9f38da52e641e9615404de939c753b383aca4e3141fae2c1f17a17089b21920325f15de91aae9411515b97e7b06d281cb16cd90e74610d880877470572050f990e400733afe4082b7ca561a56d0ee8871548369957c1f2904d9cac9e73f3fc82e28fa4045b58acf02d371c1a51c2dfff30184031fa744f594ed88495c8fda61abbe3a29f20110adc5f3a0d480f61593807839b3c31b1dad3d4fbb2ef55eb71e7d54d3bebe77339c2d45f063c14ce53ac089014d53227467d43a43fbc36de3c57abd2b9ec6b4df1e8d77bc017e5c5d255086a5889e8df99aabadf26f63e7dc2f9ff239153ea6f73137759fdfda7976c3be7b1d8e8413c5eb390fa5a6ebc7284271df7b229deb26c37c984b387cc4eeddfaac57540edd642c6e115e774e35c9a2432888dde8f48a13a55e0d9f8cafb5bc6f76820787fcd859965e0d49630f0f2f8dff2ca75cb1c805d06a7559c749fd6c600a67d1ba99b93fcdd8cdd88bb50aef0a4a2a1cfeebf42645d10baf687f576a940fcdaaa326ae55ae726824bacd3d834bf64c8687b18fa13a1126b518824191320e56f99226cc1afd73309433f9ed22a72384224a3f68e53d932ee71d18b9d8860b6ee621c91031b26e0bb7133d4f775f6f5c7d37f54943e2c0dc317d6ad1f7b26f9a4a82f32b2f71756db9cc377be83bb2cf0b19e9f8e7dae8f3c8dd33c0f12360d8875cee11c2cf2b37b00e4273948e6cf2fc233150e5d84d33d4aced0e77206e90862e77246d2d1562f32fc1cb94f7f6a3ad578b25a03e18b78947c11227ac0bdb5786d2a876f885238cd063607acc276044c77300c880f14737bdabf4b65fedb09536d82fce7f1ac1069fdf698e9baf2d3e3bad18133ee6419561819f8acaa9ed5f548d68c46a67f0e42b8d4f0999198734cd978a1029ae827ed6687cd175338291f8d2a883e4548e876421815f762b8c1a9e6a696dbf075d16265de1e801804bb49bab981200080002"], 0x10dc}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
r12 = openat$selinux_member(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f00000006c0)={{0x1, 0x1, 0x18, <r13=>r10, {0x7f}}, './file0\x00'})
r14 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='vnet_skip_tx_trigger\x00', r4, 0x0, 0x7}, 0x18)
r15 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000340), 0x44000, 0x0)
ppoll(&(0x7f0000000380)=[{r7, 0x202}, {r12, 0x8000}, {r11, 0x100}, {r13, 0x6650}, {r14, 0x301}, {r4, 0x4003}, {0xffffffffffffffff, 0x100}, {r15, 0x100}, {r10}], 0x9, &(0x7f0000000400)={0x77359400}, &(0x7f0000000480)={[0x2]}, 0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x7, 0x0, 0x0, 0x0, 0x2}, 0x94)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000007c0)=ANY=[@ANYBLOB], 0x328}}, 0x40840)
read$FUSE(r5, &(0x7f0000001480)={0x2020}, 0x2020)

5.929963064s ago: executing program 4 (id=1290):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x17ef, 0x6047, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xe9ba1000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60000b, 0x9)
memfd_secret(0x80000)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000100)={0x40, 0x30, 0x7, {0x27, 0x1, "a7ea3163fd"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)

5.857152505s ago: executing program 2 (id=1291):
socket$nl_netfilter(0x10, 0x3, 0xc)
shmget(0x0, 0x1000, 0x78000000, &(0x7f0000ffc000/0x1000)=nil)
fchown(0xffffffffffffffff, 0x0, 0xee01)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sched_switch\x00'}, 0x18)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x400000)
write$sndseq(r1, &(0x7f0000000340)=[{0x0, 0x5, 0xf7, 0x81, @time={0x1fc000, 0x40}, {0x9, 0xc}, {0x73, 0x9}, @addr={0x1, 0xf}}, {0x61, 0x6, 0x70, 0x4, @time={0xc, 0x100}, {0x8, 0x5}, {0xfd, 0x6}, @quote={{0xfe, 0xb3}, 0x8, &(0x7f0000000100)={0x6, 0x5, 0x4, 0x7, @tick=0x1, {0x8, 0x1}, {0xc, 0x39}, @time=@tick=0x6}}}, {0x4, 0x1, 0x5, 0xe, @time={0xf, 0x4}, {0xf, 0x80}, {0xf, 0xd}, @note={0x8, 0x9, 0x7f, 0x3}}, {0xc, 0x55, 0xf5, 0x1, @time={0x10000, 0x7}, {0xc8, 0x4}, {0xc, 0x7}, @queue={0x61, {0x6, 0x7}}}, {0x1, 0x8, 0xa, 0x6, @time={0x3, 0x6850}, {0x2, 0x1}, {0xff, 0xaa}, @queue={0x0, {0xfdce, 0x2}}}], 0x8c)
madvise(&(0x7f00002f7000/0x2000)=nil, 0x2000, 0x3)
socket$inet6(0xa, 0x4, 0x0)
r2 = syz_init_net_socket$ax25(0x3, 0x5, 0xca)
bind$ax25(r2, 0x0, 0x0)
r3 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f0000000100))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x15)
r4 = landlock_create_ruleset(0x0, 0x0, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, 0x0, 0x0)
landlock_restrict_self(r4, 0x0)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r7 = memfd_create(&(0x7f0000000280)='/dev/loop#\x00', 0x3)
r8 = syz_open_dev$swradio(&(0x7f0000000080), 0x0, 0x2)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYRESHEX=r5, @ANYRESHEX, @ANYBLOB=',\x00'])
ioctl$VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f00000000c0)={0xb, @vbi={0x0, 0x0, 0x0, 0x0, [], [0x8000]}})
fallocate(r7, 0x65, 0x0, 0x200401)

4.615849458s ago: executing program 2 (id=1292):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000ac0)={0x28, 0x1e, 0xa01, 0x3, 0x0, {0x7}, [@nested={0x14, 0x7c, 0x0, 0x1, [@nested={0x10, 0x4e, 0x0, 0x1, [@nested={0x9, 0x4a, 0x0, 0x1, [@nested={0x4, 0x2e}, @generic="a2"]}]}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x20008084}, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r2, 0x2)
listen(r1, 0x80)
r3 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
bind$inet(r3, &(0x7f0000000180)={0x2, 0xce20, @local}, 0x10)
listen(r3, 0x3a5)

4.612776189s ago: executing program 1 (id=1293):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_io_uring_setup(0x7cf0, &(0x7f0000000440)={0x0, 0x15d2, 0x30101, 0x2, 0x185}, &(0x7f0000000b80), &(0x7f00000001c0)=<r0=>0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000340)=@IORING_OP_WRITE={0x17, 0x0, 0x4004, @fd_index=0x9, 0x1, 0x0, 0x0, 0xc})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x20}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
pipe2(&(0x7f0000000200)={<r5=>0x0, 0x0}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r6, @ANYRES32=r6, @ANYBLOB="2f000000200000000400e0ff83dfd443bcf7f651b2644485b3723948d986ced50a9d", @ANYRES64=0x0], 0x20)
fanotify_mark(0xffffffffffffffff, 0x1, 0x40001043, r5, 0x0)
mkdirat(r4, 0x0, 0x0)
open(0x0, 0x0, 0x0)
open$dir(0x0, 0x200c0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

4.509149282s ago: executing program 2 (id=1294):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)={0xe73, 0x100001, 0x4, 0x3, 0xd, "0ff884b5d0449ec8f2d8175b5505ddf5201923"})
ioctl$TCXONC(r0, 0x540a, 0x0)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$KDFONTOP_GET(r1, 0x4b72, &(0x7f0000000680)={0x1, 0x1, 0x1b, 0x15, 0x92, &(0x7f0000000280)})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x17)
syz_io_uring_setup(0x1da1, 0x0, 0x0, &(0x7f0000000080)=<r2=>0x0)
r3 = dup(0xffffffffffffffff)
syz_usb_connect(0x6, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12000003f6fdd140402090b975f601010301090224000201005004090400f700c873b808090504105802030d580904", @ANYRES32, @ANYRESOCT=r2, @ANYRES16=r3], &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x4, &(0x7f0000000040)=@lang_id={0x4, 0x3, 0x43f}}, {0x9e, &(0x7f0000000140)=@string={0x9e, 0x3, "e3004c05b252054f613ad9ba9523b3d051510850e663347a68e4f9f7d8ea91de0d6d7a63fa8b36aa9ec333c479ed522718f2038e54671b4893610e4268b8b715f3a9e9ed8ea07b28c31fa67e5745dbb72003308b5b7974ca7d3f64eb0ef2d7730d2e93f03b8d189d9a878c32663293bcf5fb0aa522352d96952e3bcfd0046f01f214f45e2877ec4d1febf8ff9b91d3cf5793596cb16066e1aa3ae8b9"}}]})
epoll_create1(0x0)

4.507185724s ago: executing program 6 (id=1295):
creat(&(0x7f0000000000)='./file0\x00', 0xecf86c37d53049cc)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0xcf6, 0x59455247, 0x2, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x2}})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000380)=0xff, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, 0x0, 0x0)
listen(r5, 0x4000)
close(r5)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000240)=0x1)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@bridge_dellink={0x2c, 0x11, 0x5, 0x0, 0x300, {0x7, 0x0, 0x0, r7, 0x1}, [@IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x4, 0x0, 0x1, {0x4, 0x6}}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

3.512079605s ago: executing program 6 (id=1296):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)="ae7a00073c1dd13b10aa2c9ba7500f60e521d1acfe2cf80185b2c72edca737f881e72f48fe7aeec10ffebf69f54b4b90e184b62991231aedf7dab11981c25d3329bfb8222695cee070b344b54a3671cf7ed5ab85ed8c072d7036c806234edde0c88723ed654ec6a3de623cf419c71dedf15cf348d6b63c888f404542203e5bc4501d3c94a8eb2bf886d6daa05e79b305f3f6cee5ce82d9d9e5e6561eff580365bd878db465c85de95dad61bdacbad5dc4aa911e78dcbc1a759d4055037185103b049433694", 0xc5}], 0x1}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f00000003c0)="79858ecd49827ccc5ebd341ad6d151ddb4e0112312fbc8ef54dc4391607ea40f5fde8594f16b0734f98a3920ad7323c7c1aa400b", 0x34}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f0000000a80)="9b44dd3a1833", 0x6}], 0x1}}], 0x3, 0xc080)
sendto$inet(r0, &(0x7f00000012c0)='\t', 0x1, 0x11, 0x0, 0x0)

3.310277008s ago: executing program 5 (id=1297):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000580)=@framed={{0x18, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffef}, [@call={0x85, 0x0, 0x0, 0x27}, @printk={@llx, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3f}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x44, &(0x7f0000000100)="0000000000000000000051229dc9", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000700)={{0x1, 0x1, 0x18, r0, {<r1=>r0}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'})
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000000)={0x57, 0x3, 0x5, {0x81, 0xe082}, {0x7, 0x2}, @ramp={0x1, 0x4, {0x9, 0x6, 0x3ff}}})

3.260919335s ago: executing program 2 (id=1298):
r0 = openat$kvm(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000014000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000140)=ANY=[@ANYRESDEC=r2])
r3 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r3, 0x0, 0xc8, &(0x7f0000000180), 0x4)
setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000040)={@broadcast, @multicast1, 0x1, "0d5011f02b7fab96e0aa834d3a9e7cfc12178ac0ab1e6227c2b6ddaa5effda90", 0x5, 0x16, 0xfffffffe, 0x1}, 0x3c)
socket(0x10, 0x803, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="193c9f8a595c2fb458000029000000080091f381", @ANYRES32, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0xc, 0x14, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b5af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001e00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000840)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000d80)={r6, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000040)="76ea09000000000000bba56288ca", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$inet(r4, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='bic\x00', 0x4)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r4, 0x6, 0x16, &(0x7f0000000000), 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r4, &(0x7f0000000340)='\x00', 0x1, 0x0, 0x0, 0x0)
sendto$inet(r4, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r4, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r7 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_MFC_PROXY(r7, 0x0, 0xd2, &(0x7f0000000000)={@multicast1, @multicast1, 0x0, "12ceaac82ab7d944e84b6fbd6178697e3b10c9b81bede26c85ee73daab4158e8", 0x2, 0x6, 0x4, 0x4}, 0x3c)
setsockopt$MRT_FLUSH(r7, 0x0, 0xd4, &(0x7f0000000100)=0xe, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)

3.203760597s ago: executing program 5 (id=1299):
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
syz_io_uring_setup(0x7cf0, &(0x7f0000000440)={0x0, 0x15d2, 0x30101, 0x2, 0x185}, &(0x7f0000000b80), &(0x7f00000001c0)=<r0=>0x0)
syz_io_uring_submit(0x0, r0, &(0x7f0000000340)=@IORING_OP_WRITE={0x17, 0x0, 0x4004, @fd_index=0x9, 0x1, 0x0, 0x0, 0xc})
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0xc000)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0x20}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
pipe2(&(0x7f0000000200)={<r5=>0x0, 0x0}, 0x0)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="2f000000200000000400e0ff83dfd443bcf7f651b2644485b3723948d986ced50a9d", @ANYRES64=0x0], 0x20)
r6 = fanotify_init(0x200, 0x0)
fanotify_mark(r6, 0x1, 0x40001043, r5, 0x0)
mkdirat(r4, 0x0, 0x0)
open(0x0, 0x0, 0x0)
open$dir(0x0, 0x200c0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x70, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

3.192499279s ago: executing program 6 (id=1300):
syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
socket$xdp(0x2c, 0x3, 0x0)
socket$rxrpc(0x21, 0x2, 0xa)
socket$unix(0x1, 0x5, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x5)
ioctl$TCFLSH(r1, 0x8926, 0xffffffffffff7ffe)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r3 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94)
ioctl$KVM_SET_CPUID2(r5, 0x4048aecb, &(0x7f0000000080)=ANY=[])
syz_clone(0x62000000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000540))
lseek(r2, 0xa, 0x4)
userfaultfd(0x801)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x1)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)

3.173807687s ago: executing program 1 (id=1301):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000000c0)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010028bd7000fbdbdf251500000008000300", @ANYRES32=r2, @ANYBLOB="08002a00ee"], 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0xc4)

2.634871199s ago: executing program 1 (id=1302):
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(r0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r1, &(0x7f0000000800)=""/102392, 0x18ff8)
mq_unlink(0x0)
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x101002)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')

2.633368108s ago: executing program 2 (id=1303):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_freezer_state(r0, &(0x7f0000000140), 0x2, 0x0)
add_key(0x0, &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$IPSET_CMD_DESTROY(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="14000000030605"], 0x14}}, 0x8081)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x5, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r3, &(0x7f0000004280)={0x2020, 0x0, <r4=>0x0, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, r4, {0x7, 0x1f, 0x1, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
syz_fuse_handle_req(r3, &(0x7f00000066c0)="a062030607792c01386f28a428828947de99f79cc542703d923c7cb9d4e1f6fd95fbf2f747ab32f6fb041861fb3f87a88cb85405b4e73c0b6b12c81e42a9f13d82c32b7ddb172bcba1aac5c38f083747ac179f08d4d6d342a87ba8dd9bb7a9680f27433c3357b4f6ac97b19a973592f1ac6e7853a0b15ba42a28efb9cc30b146346b546018966e94976ca28f26a1950dd64c0adbb0c2e09bbd9caa9e7886a2b3d6e2b6d6616b718f1322ea2881ca59ef73948b1bcdc2dd3970e63cbc1043ce42af0ea1f95d17268cbc3ef062c8c31a537e94a20c1c505a6022d5ece7f51bd9c754d8c47cbe80bbb30b2159991a94dd3a25e64aff8a7a17374b5a71e0c7c241cbfd7f084e18a50bea512ada902210a3881ffcd42071ab09c4d80139d8980d6dc5d12c2595ced445caf22f80d8fb1a4c243da47fadb8e28e9c04fea820a8a2f032f5adff8b7d9269e63db68d196bf7f416405e52b6b8abd8bb9d9694b8b5eddae348209963738cd9710bd6c291af1c8eaf0e52d2f2f24bef8c8bc9f77eed40104e07c8ee1b4cb358fc73e2653fef6232b5e9f5d0be26b91a0b7967ed5e3bf10c449424ff4d11951d963677001d9576425d6a9c4503268a407d74854f5e1caacc0ccc463dc56e684db1d80b370da238915579ab82cdbd7d155adf10b96ed71100ea92834e8a4e4f5b7b831bff6fb4febe01bb398ea4065446f277f107aa3cc06e0b7a6e98434bf57744ba9ecb8effe704d7f852e16bc33ac113649f7540b7a7a67cf5493b400ce06e571d485af1732938b79ded4de7dad97a7e1c0be7bd479dc264647bb76503168423e3f6fc95f8ac8ea35e39f476ab54e88286fcf73eead1f794784465592fe4ad112ac63bbc3b3f35b87c40bc5fa6e3ca6cad878f9772a61a23aa00491a9e2442eb90a32af2bd74e99d075bcda20288bfc30f3b00a7e8e1a0b4791573abd65284bbb53e2b7d667239b95b332dd423e4d7c512de559bd53fde5285add9795bda81ec142620e693af9c787a4499dd76ca0d77d9c7c4043e537ec6c1cd0b9a642b12adc782a0e00f6c1ed7379d5fff4c2feb19182db977f657b195e4710ff00f78e35a146119897495b0e1a0068a6606292ee72bf65adcd2cd29b4e59a4b3f82eac77d5254013d03d2fb2511975558906741912d09304f0d4cf08c8f62690c67968c869f75a4025224d8e84baf7a42e01b4ecf7e55d7c45839778c2266880d1bb73e3aad618d1a4f8d5a16914d64d70438a88512649fd4caa90506e5a2d58a33ecaebc9b2e5f8a4fbeca57c829ae02fd2dc146e939c3d295ada7df4a07e74b356c6ffd7a9c546b9eddf7e013cbcb2b57ae0d225249f7e06a415681d9f597a060fd55e39bd56f04b863efeca458a0cbc54b660db50ca40d27a3fda3416860e691cfc780593f06b467700968bb918c32547e378b14b4e0dcd11cb0b2fb36ea70946ac62290184b4eed38b51c322a75367b50f558e063bf363341a17c28ddcbf9ce53da06f26303fd156423a25f686809bc9845a78e0cc3d94e04bc8da85f22a4a8ece2c4ac2c79e54dcc4eabc61e067060ad880377a71fe0c2c0305256e4f3c637575f086e4ae3d7ab5d106fde03d24c47dccba3da23a244c1f50a4f60cd8d71b77390c5ce6d5612fd0260a2f33389b064ae6acac783eca62874232fd3808fb2188151a43de6cebc7e245106183f7d929f1eeff6f972da3e3d967170247925fb0f04bf38e88d06321f9ff9d2c296553d842b69036a2b6de2aad3879aedee723ff00736f7b0dffe6182104105ff0f0b636f5192d6bb5ae7ef950825827d2f3d6285d83aedca3f31474e0ad50ce6290a0e546c30d900e5b4208ecc8b3aca0ba3d110fc3c0a7e004a53e5d0ba1cc1c2bb42c3dbcbb4ceb6674151932ae56f6b03cc34ce450c292fecd2456ddcf42b075e6fd49305fbf265a36f3cff61321dd60f16e844089d659130947672a2d059e04af9ef653e8afec926b5a5d411f60a2a435437095a1df8dc60a616bd1a1ce7b5251ed8f905becffebd635eee8ff0055c40f146f1350a406b853ecb005c6ede4dc270ce6751cff915aa27f5f6b0736da14c9949de599d57868c29cc97ad03bd89502a34b88ad29c8762d0dc24a6df759821882a32e70531cab51fa1752a4fc49cf0706cb24d203174b2940f29ef8b0ce65b40cfde4e0c7310c685cc8de8384e485a951192fa8c36c11f9b88a48caf027dca480caa4fccae70ea6c837eb82f926ad7691c7709f217220d71f6e374fb8522a84c118b5c25f3d56acfb25afbe676fc9e574b6c5a59c00a0bbeeff61fd82a1677f3da9bb596133db491a8f11b945d930c8a67de9ce80025c764d518efcbae25d9194dc96c31ed02c63b1ac976715f7233ffed7cb6e929bbb5afabd34bc37c095acd0abbbdb1ea48e40a30ac99550f0ccca19ecef5acb2604c48fffb53b352d114fac72d6fc019ddec558406668f773fed9476148133c0f9ca4d1fd7e70dd04bfa089dc57e5940f29a5fd33dc79913ff48853794fdaf891d71de94c4a4fed0544e09f2bd578b07003031b8602f08ca8a79fa5ebfd5477f4d4f031c3efe0db273446a99d0cbe21a3cf43f3b82774e4657bb4f9675adbaf71c52953f0b18a61e05a9c770536fbad215848f8238e8730b9085189ea4621780dac500d7d7dc7815b45e232f86592498f1515ac8c50306013524cc5f0a74b67bc85d435d332ce69f00641c86a3e91be84b78ac358f35b18d69679df4197d3be8554417cf44aee6dc623f68ce3388df18168efa1c87c776cbda792f6110b6af178eb8200a91dfb72c1e23b5e5a66b5a3ee3f4c2bba2ccac939dcb036006b86e894093922a95fd70baba9424a3d0327a0f209fe10b39f3cec3f669d301a2834e58fd56f94d622dccf653f08e776c9f3e1b0e5b3cdef133834b93c41c70438d51a0b127262868d49ca91623c3d8b75c2cce0b771b9ac941bb96029e782224a3686a7c0dd164e162ede667e0e5817e7bde85ad3bf30a6a5bdc420f751679be74a02f84aa93b971c3f45a67d155f7ecb1d5284660918dbf102bc16f496fb62a1290e6b88ddaff55740583cba13076afd623276634e0c11663be50766980949095003ef5bc6f90a98bbad436b67928513e70115224f672ca2a24e27bb98bd5288c49ea23d47ef13c5ff28c43ce53ca16a6caeccc1f601226253c4a38a88a93828f6c800547cadbaa6d7ad26db618cccd38a671507cad5ba0065ce2edba81a059b95c36c5d04ab456fd6fd81ec3738ebe546d973c0886a5e7b83dd9c2f58f5d6c19519e67575b3732a486555f8d8c4ae004a62e8d07ab2c8ef74cdb96aa99d75aeb1c25985996f281d71106910a3c3da17de35e04dbe00e2b7b75ec2fed177a7f2d04fbf68bd0b8af682b30911867d4d1497ba060b662f4e97a8e7fd3613015cc34302377497cd08bcdc29f06dae240820d2ccddbf8c95c76a4ba5d3e1b37a62369ce3f79fb74ebd9bc82c3fa3edad4034b6715c2853fa7781c974b5a4e541e8b69bf4bd653fcce4e4340d9409fe9112e4d253a3b7e9d43f4426127b10f2d5d3fcd2193490f7d933e0cc53dae552f2d7c9d77b8f9b27c59105cfae43a0aab314a0820fbb5684bf20986e3be215688b42938d272c4c0edd17bcdc84a514d2483456d6cfb4f5c1218859ee55bfc77da36c9c75734932a12fd03df38232063ed92024f8ee7c21f314129feb10670bb4d6a0ad4fb3dc57a64cfe6509a0770650cdec0efd5e0b1fd29433cf871c9ddbe648319bd481357326ac1eb32b4bef4ad89ab6122e92dc786decac88624a4a3963ae771f8023b9a92e446114764c53d7efc07e3ea77a9daac5cabbe648a223e249db62102ef7b7b6d06df46b6ff913911b89848a47aecc0563fb06b6d77fe1daf4541cf619105ab68e0bcdf7a05af22b0551323bf33dec8167df2b7fac62dc9e286dd3462f488c82ad194f7fd5d3ca72fe9c0c37cdb6d75684326e5cb30319ab333fc70bb197320acda161d2e685e78ac2cb1417223f64742b12a316d590b18a4173b2a105a381baf6f383ec2e81d04860b5cc536475d7c5d05bd6a7db1a5d93930bacba8c1de63707bd24785e19fc1f15ba724660ac00d0f2ebbcd5528b8cbe4f3ca332e8611e937a310fc79d234be6c1cd09d6a5cb06ab36a9d667188144c81f86aaf0851763573b36cc21462ba4f3d6e95d38d1e9b943085661d234ef6d079bc9d84c7447c85baba88263451ba10559e1ce326fee5074b26b54872e690a9a1e589e1c444daa3224b292bf9ec4a604dc512760084084f27386c89a1190b8905f0d720508c0ed69272f396725805480188aa4602a26e833c16aa5079c0577a8203ec0b2b929ef3b410bb427c168b7fefd1be652f06efc61c7a295a5d07a9fd61bd5bfe67ac5f74e485a66c92950a1b460257084ca3a3489943ad450300967234b487fa3def4010f9b715196562ebb0846b7ac3eba47646af6285582b4402f64aa684dff7d9cf81fbe1aa88959f7906f06839389f2ad56efb5029afe1d5ceac99a3e698f49ff0da7db06d7c9e94a8773a13fab93def139667b4dc6b741bd2769da7786acecbe315f9006bb6b72abe5bdc587d8d5aa8f67aaefef68197fd2e7874d9b7da2c3a5618720c12e8fc31db3e334c47abcbf10c6181ec14af4f9e90e19a35360a793b1e9b336e49b3ed67568a860cd4c298f967ba323d315821959629e5b7aaac367e1ddb8a1c5d61500afa69331a4c90861852f533657b28b97a343bc531a11ff634b157a6d859a35f0d2a595375e11a32457575f1d73da033bf5eeda12337b9fdd46bce192d3aaaa240a8c65bf47704d6aa64a9531f9de14a96fc9fe380db35dd5ec52321c67fb4c18abcaf22fbe8f602ed201232251317e1a1b71e1e2c924a92d84685de348eec97fed954b7f6681ddf521b4ee03a1aeb2e446ee2a7f4dfa37b1c53831139fc624c14dcc4d144ccdf758fd9f344b4cdc1df70f6a24fa78cab136c912d1ebffa7053ccbc9b9445762236dca409820f738370117d5c369dfc50fd42277f14eeaf29110aedcd503008c42914d04e219a8b6c01e337d04724919b07157e2275ba6365a9dba5ebc8019bd1aa1b8668023f64cf47e1b49b4fbcfc10d560bb74405c90751504db8100d8a8a1a3ff84d98f1262fbbd6b962f492b9531a7411c08e7e56eb0f838075f754b6a395b6b58a8e4c47eb46bfaba2ac94800a396749d18ba0e6219f8d616ec71a1e60b3bcc24e19d4a20ddbc6a871e6d7efa50a362610598d892a5adecbcfe217534deee3620dfc88c7992ec2e710e083ef0a50c20621405f654804d1af4f24d22b8ca48f26303e6969127a74f0b276a5624c3b84410d4d5ee3c62605876e60a88df2bd6e8db8c7e486fdb452178563e7add6bc126b721b9ef8b12181989b87031573a4010d88e34f15a2344e4808b74c99ad68f0c2aca4e8d504397c03e1328c4b1ec43fd902d206c3cfb63d7541ac57fdbc70b0033f87514286101231fe7e79668c802e1c23d61540cdf13a5e675b736e221ddc29ab747d9c64f6213f51d3c1ded2e2b0efc4e45183d90468f61ec1720f7a0b87947e2c54125cebe6563ee4415d886bbe869d17d36371c942c11db1e13c1dd40ed24cabaf7ee80eae6c4db934e982d9619d753dcd679c5650cd95d21582e31b259043a0d03371cd294f4cc028042c75070c9b534a2d79f164ab9d773295795280d1584ca664b53b263fe2e23534d27b0d85742fae8061e03187795129dd272041c6eb9c10c3406da1f752f4ca697bdbddd74975cd4dbba5687fb30ac4fd5d2579494eac73053a63821a852cf41a80f6668006f7e1c4e30b48d638ebab470c558d42baeed1adc8fc71f73e95f3ca212a4b009b508e89898727f805685e4e7650a2961d62c117d1ee9017236a6bffa0c36ae11bc52d346c83399e43c42cdb9f443aa307109a97ee66ceb7a29eeb2f1a2bb3ee1492229116db07301b2aa4126aee7775daa2d0eab4d206fae11b3c6b565dcc4c7b4dd1cf2abec81150d0629803f6eb221be384b8772fe6d6c4fa98c928a9d0a02e9ff8bb7a2168dbebe140323d93bee8983c496bccf752c372b795a3493624cefb3cfeb4307bd39826cac1ea3f18912deef1b8c8db30bc016990a477bc0a925fb36453a9e21354b2d7e6e3d4ca4dd20f27a8db05429d44b7a485365191dc4ba977a815958faf6434813a9f4046054763dd55dbb7fae892b746e169ae046ae3361a9f75cf622b03f75b1633da864395bd1c3a594fab0b1fb37f088dd1f2776e2b795c78635c2026a8ce7ff40968a1960786049a217dd8872ac0c01f4bafcf2d3d751dd46a5e1bec00540a9ca7afca3ef37575d4a8b1291d05be94913092890a9b4bfff39edbff307e5654896e79228777c0f8ea46c55bfe19e522bf457ab4e6b0167d776dbcd0160598370a12c4a03e4edc82b245a7608797b03d4ed89dfc2a5bf07b9fcb251fb8608553f3b3774818717a9aabe6b2ded811515ba454b390a6065bbc59552f3bfe51d38f139792e1aae60093a7c5770b52a1730feb1049c14a7d5261d644f6b738e22ee72aafa422bd93f61e1ccac0a5ef4726c66f61bb539acb937bd63da82c700c0860be90ce5621ced22b52b63d041266fc258fbfa6641aef22e97804e5138ad2ce4405eaf76bb0acd7fc61b2d6de4aabc5c28a850fcf219cff77c97d3cb6bec0067c171b912d11d82c56cbad56c0032a9657d4cdd1eacaca53f40f5e3fe911127e1cd30781351f180e1413933cee2d46ca0eea31ee01fe4e99a567edd0b10565d47b87c8a48366143e889e52d0ff13c920aea092c2545fa9b7056204fec156549d3c0a997bc1cf4a01338483bf5c69d6958ae038f1c3e3b84baeb2c1f9e064c0750602c34c6c483c316391d975f94f21f6dfe74e92c33228b408a9e2b9abcda33c497abba9c48a63e5c8f1a8d0f4c24d36a44e1601e8a09e8a5c7179bd4c44b17e542dd99cace87aab60a5e53325d544c991b6fa5deffa49fd886332980deeca9229cb2f67f495a7b743153854ed81e1623b12dbd65512d08a5732fee2db3fb455cf6df5a1701a2b8674633c6792162dc86ac76e30da225b0167a7e704ad33ba694f9c902afbeed58eef609874767053f59414d4d3eccbbcdbc7eba997c71f9b1f5139bb020d5dae1db6e2dcfbb51b5371b08bdbc3312b05ee6d8c03c8b5a7d4f23da45f276394f222b1a0bdf4e2603243cdba60ee0530387c88bb457ca9932f2283a4d55bb1195e6d325ed93f714e21908b1baafa467f1cec7fa26e5c384ee6828e77978bd1abd014de549a5e5966f2b2f4ba000f9d77f1abfe3a6c337cdb852c1ec59f61b63d543f3062dd2616a163ed7ca60168b0347b5c5646a678dafb4c502c333a0a48f0341b47f5c5946e42e571db0bfa0682a449ca64e71b5661a842975182399245c6de241512c67ac918d7e0c5cb66565010e881b8333567ca584321ead1c383b099d8bf1c56dac08cb218cde4226ad420d6d6313f9c4884d6394722304fdaa76e61db8c0d54eb1151344c41ce1130272928eecb2f9f0f23c752622374eb1223a80efcf0b937dff7d813d7be0340226c0a7b163741d9aecafcb7ddae5a219323323f621c802be82399e06d2e1cc582e759ffa303c5103f8a44d7129d2853b02e506abda57ad2836d7ff16f95232149fbeb8b62e586d3536bb4ae042ecd9e25d1dee789353071f9c89d4361000c47b763556e8902f1f25cbd8ae71679e03ff27db0ec75eeee3fccafc7fcf22c377ac60d3c61a43cb53abf6162118f2efc86a5ce80e69a02bc1db80018beeef6d567941232e4412a958ed012bf7a832c1eaf68134ecabc4927ad666b3d0f21d4e8d52fa37e0a9751124efed8bf47544299138a6f69d89e295677f12606c79b72451c263fca3eec22bf0c47c641159a0bbfb3b2b03154af533e5c06a149e52adcfae31bfc55f30064a8903c8d3b828d275a937b1e4adffa0597da5e253b50bd71b33f057ffeff0b2a0829b3bf33350fbe67c7c79034f80d69e6a21be495a848d328f416f15966491b218eab390544e39d498258ad80ddae248634c845cbe6f1c1e93e7c2b02075411e075fe936bcc75f4a4e1a3687cb3dbbb61cb31ddfbbc87a1859b3a48fccdd8e5915c8bf4eebe8f7093cef6a7a91c8682915f9908c854c483e90c9643467292884d284134dbaddafdbc74d94a5f9713719d62b4f6b4236803d210181847ca27129fde264156895f4e1822ef78a3b215ef56d7e36d2b94c93f5e931a0d13a3a3030061ce62de595eecf47eae6bf698530145757700df18f66fd7261a12c119d6679663b3c0f99d1705aebe66dc862eb21ccb7360b93f54507149b577abf521113991e06f345e8282fdc18de673e1ca7b188ee34b14f37f86ddcf97fef0b913c33cf8e5d5d33707dbcdbe4b27cef056670252f186735cdd02f6ed6bfe5318a704f00e34ffc4fda9855bf37c51be6a7423e44dd8a98883c8fa82ca37c90d681fb7a0db915576b50e49aff545b99aa3aa6343b814ba0bf64e53b2a1edcae2231bf20d65e4bb4da6dc8382120ede652adfb7c30a46e0ee784cbde74563d83eb8d89a1573fa104fddca9d4833c49dc904bda905426c7dee3e48b596c8ee201bea57fedb1a0649457eaac3c5b5f4519af3adb66f10b861e711cd4034448890e15047c2f8902588268b5645051f3f3968ed8d630e050ccef0d01b61ffeade51e4e72d8fd46bba4c20009396e984c424d174934a67a1930665fbea04c809e7cda0a2cdfd3a14d6b99c3a8d8b3691825830456876f188ff871fc861e4c6a0ca377dc1f0cb0f929f7eb1f5da045d9a588a393312acacca5c5a3b15bb1b488b08fc40ad65ae2c1df187eccd8377525a81d80df57579ae52f775fb2efdd172a41c370300fcc594c2635dcf50e9eb9d34fa8b4bbfd13078422e3a7734a8ae6cc09e39d07c7ee19838f8da4cbafe4162c8f8dc44e284840bd0a5c80bfc657c22e37e0d9a96dda34a51ce616c9ccdc95955cf85d93860da902ab30f11aa333eacc25c47981d8636038761ed4d84fcbb0ca92dd2e07863b9505b451c3c49e36a172527578123049ff2dc2b4e258a3f698a12ca4705a6fd0ce6bc4f1767b4d9c2e57c9ed1388527964ac96ff5e4cf5ad6fdb6a853b43905df32af8bd788b520fd526cbb95195a1bc00d654cb080acdf67938517a6cdac741d86730358be16465b4e1301f47f6a444c4e8d2980b8bd98a8dcd6617cde0b287e2d1f59167b5c445146fa49728111b8a2729428cabd02facb8fbddbdb2769680f288648d6baac53e0d909335da3e2b4c13ebd41f32820c9f491e9124ca444a0532f60e2816e15a5810baa91f64454aa355f9d362c7d1a461561689d08b1350a216b6f1bda57aae0706b3710a1b8e52a7e3084e600b5ee3dc540bba0c16267d549304a7840659a32e40070715c9bb912792d4a7b84fa06e73b9ddbc2f06c4edc19d25f5a198c7e3fc6226842e6215da5d826fcf5949612889f78e9de39d4e64b86b7033b5717a21f8f2b81c799a3fc0bfe6f5837b252eefa360c91a6148296bd19d50a343d909c1edf5261e70c8dfb2c488940cf236941ad3fd01247e37902a4bbfdd1839f7c92c260a2c494022fac08629303c8e54108d78ae2c94289c7f998ba3b622b48931ee7c17c59f5499d282467a1b8050acc94a0b17b21836c80b69f519b9b077d18e33c027faad562fa09f2cc6120f8cf5ee18cf7db9d729ffbb9de58885713215b7aebb8c98d9fa009be0a9ef3ceccdb2b31968db555b26c5c94e382d06ebf6d356e8caa85def5813dd1596d823924c4fb63dba5bd094cb64f204d1e59d31287715f831a1f0be95d8749f2166ba0b0b6b64a37991be1fe1c1e922835f2da0c074ec9413561d52166576b1c4f1e18f078dc046d1c284964b80217b55c59a474740c3649116b33e927479736bff6005859c7c00598f22cb8eca38af802f4c86836e8330492ac7ef3707890a8ff856dc7786ed769bba75b18484b257b3b022eeb51aa720639f79e6e6bd3d3c9a61f7822abe562867b4693f0b2f61135aaeaa510b31112efeec48d2602c6d4f2ddeeb51bb03ab18c18d8e127a37e22881febca47742b9332d3f2251003b1a46c40eca111d02446466b669568c70971bd33254ca577777f126f86f8a3665f065b645ff261e78e0f532e83a81b99c5de3488de74ca82daa0e4e7404eff911ae955acbb800f9f91b774e472bc14aa92817b6d85877b1861a6ca92c03c83b6f1490068bad8eab1f58c9e91e1029683de2ca45c99966966031ee86d8c9995f0612480e2a6d5396e8ae361d6fd2e24557613a1191f5019d4c8078628013512ea3a59532efffa6cfe4970d28d8c7aa8c866c4275ff2b0b4ef1a7e56854d7ee4bc445713da9349d13e30a4a802cb9db2f10280fd9ea043b5b3480441e8ed2d907eae1259befba9d87a04ce42b0010c70af157b90e0bf72549852fd122edd6cf3475f76852b13b4bf887cf32e25ad34aed7fd5a6e97b307f9b4ff1c07b2b55beef5ef3dd96eeb2a57720c18209d911a55341cee67e6ff577f7acaba01c2c9690b15a3b8aaa5b9d734196467a8c074b2eeeb5ae931ddf3deb15b1a8d603e72125c2e68ad206f2c4252a659f8248ff882a8e54126ebc0c77a46101072272460e683d465279a3695be6b64c9eeb4a576d95fd520be42eab5c95cbace0dfd80e2d67bab9f683a1cc9c006c02f0f90a21a0f51218c628f5608fbf1abc79aa63452bde1002383033578f32980e3779a8edeb226f6d3f9b36d8f07bddd7479b60346a4b4fa883940e3aef8ad8d834dad4405960a4409a6255e8753d0c0ad0960ff3ef48ce93fbe6b165e86eab36fccb8b989f5b54e6ccaa19749ff065a0a732d15c41b9072bbc6f07e1fd5a3df2775874e46b61ed50714e8c403fbed6884ec06f52ab71d2c191fcc56ac0b17ba3c46d2dab3e11c79383bd8867ff14b5fbca73b9ae594b6a09fb73a2e8f15aee59150e8d6d3dad9659025d045bbd1b9ca257c67bb78abe8f7eb9c8b3bc32951c41f7390bacc8c7059a2a9b078ab50413605aec604e4666a6ace765b0e7ab558fe6232f2703d07811e3d0ac5bf9434e87876e99250ee9db6527a8ccb4a3ee3bde738563c9746f941cf2cd7efacdbd2593cafdbe5171864b2982b54dc5a32c86638c0e650a331625033b8dd65851965ae791880349d5cd52548f4422a317f96ed79e7ccf3bd671e6dc70365f521c65206386eb1f99570a544d11b3d36fea285f8a3770ca303a965a0c1d598ebe3696e647be734ccf760d3d47dec75e236d7ac08019b6622a7b9f08bc8f0937ab75e75a047a7386befbd56fc4b2f89c852dadce8df946cb3fafe4eed2678caadf1a913ae32b2c0b8a37984cb700343c5e24609f8c5ddeff5e653837a9332a41c8e21466a13d79224125d5f6a4fef79b5adae7f4ab7d351c55400545edd3c00637bd27164828925e9bb5d79f1f1e6eb3270ab799ae38772f779565d92c47503de695f7aad7ddacda6f6c71e755b3737231b64715bf07849d3466e4f92239f733436ce674389bd16900", 0x2000, &(0x7f0000008b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)={0x90, 0x0, 0x0, {0x100000000404, 0x0, 0xc, 0x0, 0x8000000, 0x0, {0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa000, 0x0, 0x0, r5}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r3, &(0x7f0000008bc0)={0x2020, 0x0, <r6=>0x0}, 0x2020)
readlink(&(0x7f0000000000)='./file0/file0/file0/file0/file0\x00', &(0x7f0000000140)=""/176, 0xb0)
write$FUSE_INIT(r3, &(0x7f0000000400)={0x50, 0xfffffffffffffffe, r6, {0x7, 0x2b, 0xf, 0x41480000, 0x9, 0xfff7, 0x1, 0x3, 0x0, 0x0, 0x2, 0x3}}, 0x50)
syz_emit_ethernet(0x3e, &(0x7f00000003c0)={@local, @random="a15cc14e96b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}}}}}}, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000a40)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e9232f2b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f0d7df9", 0x49}], 0x2)
write$cgroup_freezer_state(r1, &(0x7f0000000040)='FROZEN\x00', 0x7)
mkdirat$cgroup(r0, &(0x7f00000000c0)='syz1\x00', 0x1ff)

2.499545072s ago: executing program 1 (id=1304):
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) (async)
prlimit64(r0, 0x0, &(0x7f0000000140)={0xffffffffffffff7f, 0x1}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='attr/fscreate\x00') (async)
r3 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$inet6_int(r3, 0x29, 0x4a, 0x0, 0x0) (async)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
write$cgroup_pid(r2, 0x0, 0x0)
socket$igmp(0x2, 0x3, 0x2)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) (async)
syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r5 = socket(0x10, 0x3, 0x0) (async)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000400)=@newqdisc={0x3c, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0xc, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0x800be0b}]}}]}, 0x3c}}, 0x0) (async)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000a00), r8)
sendmsg$TIPC_NL_BEARER_GET(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000340)=ANY=[@ANYBLOB="1a012000", @ANYRES16=r9, @ANYBLOB="815c27bd7000ffdbdf250400000090000480340007800800040060960000080004005d0000000800030004000000080002000500000008000400ffff000008000300690000002c000780080003000200000008000200fdffffff08000400fdffffff080002000500000008000400070000001300010062726f6164636173742d6c696e6b00000900010073797a30000000000900010073797a31000000001c000380080003000400000008000100000000800800030001000000100004800c00078008000300050000005400068008000100020000004500040067636d28616573290000000000000000000000000000000000000000000000001d0000000300304097f521487164aafc64455a13a13edc24000e60c05daadbadad000000"], 0x124}, 0x1, 0x0, 0x0, 0x8041}, 0x800) (async)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)={0x14, 0x2d, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
writev(0xffffffffffffffff, &(0x7f00000015c0)=[{&(0x7f00000000c0)='w', 0x1}], 0x1)
r10 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, 0x0, 0x0)
openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x64a80)

2.453084112s ago: executing program 4 (id=1305):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r0, &(0x7f00000004c0)={0x1f, 0xfffd, @none}, 0xe)

2.220987083s ago: executing program 4 (id=1306):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000400)='netfs_rreq_ref\x00', r0, 0x0, 0x9}, 0x18)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
close(r2)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x18000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$tmpfs(0x0, 0x0, 0x0, 0x100000, 0x0)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r8, &(0x7f0000001600)=""/4103, 0x1007, 0x97)
r9 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x220b, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000390f000000000000020000", @ANYRES32=r3], &(0x7f0000000040)='GPL\x00', 0xf, 0x65, &(0x7f0000000280)=""/101, 0x41000, 0x28, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000140)={0x9, 0x4}, 0x8, 0x10, &(0x7f00000003c0)={0x2, 0x9, 0x1, 0x2}, 0x10, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000700)=[{0x1, 0x4, 0xf, 0xc}], 0x10, 0x1}, 0x94)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000800)=@o_path={0x0, r9, 0x4000, r7}, 0x18)

1.092460301s ago: executing program 1 (id=1307):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000002c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x8, 0x1, 0xffff, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x0, 0x52}]}}}}}}}, 0x0)

142.068294ms ago: executing program 2 (id=1308):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000080000000071102b00000000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94) (async, rerun: 32)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) (rerun: 32)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000400)={0x0, r0}, 0x8) (async)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x3, &(0x7f00000008c0)=ANY=[@ANYRES16=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x9b, &(0x7f00000002c0)=""/155, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200)={0xffffffff, 0x6}, 0x10}, 0x94) (async, rerun: 32)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00'], 0x48) (async, rerun: 32)
getpriority(0x3, 0x0) (async)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000500)={'\x00', 0x80, 0x3, 0xa, 0x8, 0x8000, <r4=>0x0})
sched_setscheduler(r4, 0x3, &(0x7f0000000740)=0x7)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32, @ANYBLOB='\x00'/14], 0x22) (async)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r3, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
shutdown(r5, 0x0) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000180)={r6, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0x0, 0x81, 0x693fffd, 0x80, 0x9}, &(0x7f0000000380)=0x9c) (async)
ioctl$AUTOFS_IOC_CATATONIC(r2, 0x9362, 0x0) (async)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r7, &(0x7f0000000180)='./bus\x00', 0x0) (async)
bpf$TOKEN_CREATE(0x24, &(0x7f00000003c0), 0x8) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r8}, 0x10) (async)
renameat2(r7, &(0x7f0000000380)='./file0\x00', r7, &(0x7f0000000200)='./bus/file0\x00', 0x0) (async)
unlinkat(r7, &(0x7f0000000080)='./bus/file0\x00', 0x200) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0x1, <r9=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000100)}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x2d, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000006000000000000000e00000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000840680001d00000018230000", @ANYRES32=r9, @ANYBLOB="000000000600000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c00eafc67c9490000b700000000000050cc06060001000000852000000300000018570000020000000000000000000000186000000900000000000000bc60000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000006000000850000000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff2a}, 0x94)

0s ago: executing program 4 (id=1309):
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x2, 0x5, 0x0, 0x357}, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, &(0x7f0000000100))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xd}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$video4linux(&(0x7f0000000000), 0x100000000006, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x23, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00', r3}, 0x10)
dup(r3)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x388}, 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="08001b"], 0x30}}, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000002800)={0x4, 0x1, 0x0, "833461025a78ffa177be169916ea42232f59496b79b29963084f401a544b75d0"})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000040)={'veth0_to_team\x00', &(0x7f0000000180)=@ethtool_pauseparam={0xa}})

kernel console output (not intermixed with test programs):

  354.417186][ T5921] usb 5-1: SerialNumber: syz
[  354.438967][ T9694] team0: Port device geneve0 added
[  354.442945][ T5921] usb 5-1: config 0 descriptor??
[  354.611765][ T9675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  354.625380][ T5814] usb 6-1: USB disconnect, device number 2
[  354.682084][ T5816] Bluetooth: hci4: command 0x0406 tx timeout
[  354.735255][ T9687] overlay: ./file0 is not a directory
[  355.540865][ T5814] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  355.568822][ T5921] dvb_usb_ec168 5-1:0.1: probe with driver dvb_usb_ec168 failed with error -110
[  355.813706][ T9711] loop8: detected capacity change from 0 to 1
[  355.823198][ T9711] Dev loop8: unable to read RDB block 1
[  355.828873][ T9711]  loop8: unable to read partition table
[  355.835244][ T9711] loop8: partition table beyond EOD, truncated
[  355.841479][ T9711] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  356.135236][ T5814] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  356.162014][ T5814] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  356.182289][ T5814] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  356.196735][ T5921] usb 5-1: USB disconnect, device number 35
[  356.212387][ T5814] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.238678][ T5814] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  356.257442][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  356.277549][   T30] audit: type=1400 audit(1751213668.141:546): avc:  denied  { ioctl } for  pid=9714 comm="syz.0.918" path="socket:[23871]" dev="sockfs" ino=23871 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  356.302981][ T5814] usb 2-1: Product: syz
[  356.308159][ T5814] usb 2-1: Manufacturer: syz
[  356.319641][ T5814] cdc_wdm 2-1:1.0: skipping garbage
[  356.325909][ T5814] cdc_wdm 2-1:1.0: skipping garbage
[  356.326572][ T9716] FAULT_INJECTION: forcing a failure.
[  356.326572][ T9716] name failslab, interval 1, probability 0, space 0, times 0
[  356.346217][ T5814] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  356.352326][ T5814] cdc_wdm 2-1:1.0: Unknown control protocol
[  356.364044][ T9716] CPU: 0 UID: 0 PID: 9716 Comm: syz.4.919 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  356.364065][ T9716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  356.364075][ T9716] Call Trace:
[  356.364086][ T9716]  <TASK>
[  356.364092][ T9716]  dump_stack_lvl+0x16c/0x1f0
[  356.364119][ T9716]  should_fail_ex+0x512/0x640
[  356.364139][ T9716]  ? __kmalloc_noprof+0xbf/0x510
[  356.364160][ T9716]  ? do_sys_poll+0x24a/0xdf0
[  356.364177][ T9716]  should_failslab+0xc2/0x120
[  356.364199][ T9716]  __kmalloc_noprof+0xd2/0x510
[  356.364222][ T9716]  do_sys_poll+0x24a/0xdf0
[  356.364241][ T9716]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  356.364265][ T9716]  ? kernel_text_address+0x8d/0x100
[  356.364283][ T9716]  ? __kernel_text_address+0xd/0x40
[  356.364301][ T9716]  ? __pfx_do_sys_poll+0x10/0x10
[  356.364343][ T9716]  ? find_held_lock+0x2b/0x80
[  356.364408][ T9716]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  356.364438][ T9716]  ? set_user_sigmask+0x21b/0x2b0
[  356.364457][ T9716]  ? __pfx_set_user_sigmask+0x10/0x10
[  356.364475][ T9716]  ? __fget_files+0x20e/0x3c0
[  356.364499][ T9716]  __x64_sys_ppoll+0x254/0x2d0
[  356.364520][ T9716]  ? __pfx___x64_sys_ppoll+0x10/0x10
[  356.364541][ T9716]  ? ksys_write+0x1ac/0x250
[  356.364559][ T9716]  ? __pfx_ksys_write+0x10/0x10
[  356.364584][ T9716]  do_syscall_64+0xcd/0x4c0
[  356.364609][ T9716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.364625][ T9716] RIP: 0033:0x7fb50a58e929
[  356.364637][ T9716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.364652][ T9716] RSP: 002b:00007fb50b463038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f
[  356.364670][ T9716] RAX: ffffffffffffffda RBX: 00007fb50a7b6080 RCX: 00007fb50a58e929
[  356.364681][ T9716] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0
[  356.364690][ T9716] RBP: 00007fb50b463090 R08: 0000000000000000 R09: 0000000000000000
[  356.364699][ T9716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  356.364708][ T9716] R13: 0000000000000000 R14: 00007fb50a7b6080 R15: 00007ffde886de58
[  356.364728][ T9716]  </TASK>
[  356.760868][   T10] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  356.802821][   T30] audit: type=1400 audit(1751213668.671:547): avc:  denied  { read write } for  pid=9698 comm="syz.1.915" name="cdc-wdm0" dev="devtmpfs" ino=2980 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  356.831132][   T30] audit: type=1400 audit(1751213668.671:548): avc:  denied  { open } for  pid=9698 comm="syz.1.915" path="/dev/cdc-wdm0" dev="devtmpfs" ino=2980 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  356.990949][   T10] usb 1-1: Using ep0 maxpacket: 32
[  356.997418][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.020075][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.031752][   T10] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  357.486487][   T30] audit: type=1400 audit(1751213669.001:549): avc:  denied  { recv } for  pid=9719 comm="syz.5.920" saddr=10.128.0.169 src=34514 daddr=10.128.1.107 dest=22 netif=eth0 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  357.511580][    C1] vkms_vblank_simulate: vblank timer overrun
[  357.517826][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.529121][ T9702] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  357.541439][ T9702] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  357.549529][   T10] usb 1-1: config 0 descriptor??
[  357.607056][   T30] audit: type=1400 audit(1751213669.471:550): avc:  denied  { read } for  pid=9728 comm="syz.4.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  357.630021][   T30] audit: type=1400 audit(1751213669.501:551): avc:  denied  { setopt } for  pid=9728 comm="syz.4.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  357.649661][   T30] audit: type=1400 audit(1751213669.501:552): avc:  denied  { read } for  pid=9728 comm="syz.4.924" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  357.672668][   T30] audit: type=1400 audit(1751213669.501:553): avc:  denied  { ioctl } for  pid=9728 comm="syz.4.924" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0x642e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  358.681137][ T9739] netlink: 'syz.5.925': attribute type 10 has an invalid length.
[  358.717816][ T9739] 8021q: adding VLAN 0 to HW filter on device bond0
[  358.833208][   T10] savu 0003:1E7D:2D5A.0006: hiddev1,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  358.926475][ T9739] team0: Port device bond0 added
[  359.040821][ T5814] usb 2-1: USB disconnect, device number 34
[  359.105493][   T10] usb 1-1: USB disconnect, device number 19
[  359.222526][   T30] audit: type=1400 audit(1751213671.081:554): avc:  denied  { map } for  pid=9744 comm="syz.1.927" path="socket:[23924]" dev="sockfs" ino=23924 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  359.233696][ T9743] fido_id[9743]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  360.216706][   T30] audit: type=1400 audit(1751213672.081:555): avc:  denied  { remount } for  pid=9762 comm="syz.2.933" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  360.325076][ T9766] loop8: detected capacity change from 0 to 1
[  360.706888][ T9766] Dev loop8: unable to read RDB block 1
[  360.712563][ T9766]  loop8: unable to read partition table
[  360.718399][ T9766] loop8: partition table beyond EOD, truncated
[  360.724643][ T9766] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  360.964781][ T9773] trusted_key: encrypted_key: insufficient parameters specified
[  361.399393][   T30] audit: type=1400 audit(1751213673.261:556): avc:  denied  { create } for  pid=9779 comm="syz.2.936" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  362.482336][ T9793] hub 9-0:1.0: USB hub found
[  362.492503][ T9793] hub 9-0:1.0: 1 port detected
[  363.483668][   T30] audit: type=1400 audit(1751213675.281:557): avc:  denied  { ioctl } for  pid=9799 comm="syz.4.941" path="socket:[23992]" dev="sockfs" ino=23992 ioctlcmd=0x89e5 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  363.595853][ T9809] netlink: 'syz.5.942': attribute type 39 has an invalid length.
[  364.105466][   T30] audit: type=1400 audit(1751213675.971:558): avc:  denied  { append } for  pid=9824 comm="syz.5.948" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  364.373611][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  364.387869][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  364.517464][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  364.559186][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  364.761825][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  364.768063][   T30] audit: type=1400 audit(1751213676.631:559): avc:  denied  { map } for  pid=9824 comm="syz.5.948" path="socket:[24020]" dev="sockfs" ino=24020 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  364.803284][ T9829] netlink: 76 bytes leftover after parsing attributes in process `syz.5.948'.
[  365.234828][ T9842] FAULT_INJECTION: forcing a failure.
[  365.234828][ T9842] name failslab, interval 1, probability 0, space 0, times 0
[  365.537297][ T9842] CPU: 1 UID: 0 PID: 9842 Comm: syz.4.951 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  365.537324][ T9842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  365.537335][ T9842] Call Trace:
[  365.537341][ T9842]  <TASK>
[  365.537349][ T9842]  dump_stack_lvl+0x16c/0x1f0
[  365.537378][ T9842]  should_fail_ex+0x512/0x640
[  365.537400][ T9842]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  365.537426][ T9842]  should_failslab+0xc2/0x120
[  365.537451][ T9842]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  365.537473][ T9842]  ? __alloc_skb+0x2b2/0x380
[  365.537500][ T9842]  __alloc_skb+0x2b2/0x380
[  365.537521][ T9842]  ? __pfx___alloc_skb+0x10/0x10
[  365.537547][ T9842]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  365.537570][ T9842]  netlink_alloc_large_skb+0x69/0x130
[  365.537589][ T9842]  netlink_sendmsg+0x6a1/0xdd0
[  365.537611][ T9842]  ? __pfx_netlink_sendmsg+0x10/0x10
[  365.537637][ T9842]  ____sys_sendmsg+0xa95/0xc70
[  365.537657][ T9842]  ? copy_msghdr_from_user+0x10a/0x160
[  365.537680][ T9842]  ? __pfx_____sys_sendmsg+0x10/0x10
[  365.537710][ T9842]  ___sys_sendmsg+0x134/0x1d0
[  365.537735][ T9842]  ? __pfx____sys_sendmsg+0x10/0x10
[  365.537756][ T9842]  ? __lock_acquire+0x622/0x1c90
[  365.537814][ T9842]  __sys_sendmsg+0x16d/0x220
[  365.537838][ T9842]  ? __pfx___sys_sendmsg+0x10/0x10
[  365.537878][ T9842]  do_syscall_64+0xcd/0x4c0
[  365.537904][ T9842]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.537922][ T9842] RIP: 0033:0x7fb50a58e929
[  365.537936][ T9842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.537953][ T9842] RSP: 002b:00007fb50b442038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  365.537970][ T9842] RAX: ffffffffffffffda RBX: 00007fb50a7b6160 RCX: 00007fb50a58e929
[  365.537981][ T9842] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000006
[  365.537991][ T9842] RBP: 00007fb50b442090 R08: 0000000000000000 R09: 0000000000000000
[  365.538001][ T9842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.538011][ T9842] R13: 0000000000000000 R14: 00007fb50a7b6160 R15: 00007ffde886de58
[  365.538039][ T9842]  </TASK>
[  365.754957][    C1] vkms_vblank_simulate: vblank timer overrun
[  367.552131][   T11] block nbd3: Possible stuck request ffff8880269c7000: control (read@0,4096B). Runtime 60 seconds
[  367.571135][ T9857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.954'.
[  367.930830][ T5814] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  368.019711][ T9873] FAULT_INJECTION: forcing a failure.
[  368.019711][ T9873] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  368.037535][ T9873] CPU: 0 UID: 0 PID: 9873 Comm: syz.1.958 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  368.037561][ T9873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  368.037571][ T9873] Call Trace:
[  368.037577][ T9873]  <TASK>
[  368.037583][ T9873]  dump_stack_lvl+0x16c/0x1f0
[  368.037612][ T9873]  should_fail_ex+0x512/0x640
[  368.037639][ T9873]  _copy_from_user+0x2e/0xd0
[  368.037665][ T9873]  get_itimerval+0xae/0x270
[  368.037689][ T9873]  ? find_held_lock+0x2b/0x80
[  368.037710][ T9873]  ? __pfx_get_itimerval+0x10/0x10
[  368.037733][ T9873]  ? ksys_write+0x190/0x250
[  368.037760][ T9873]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  368.037791][ T9873]  __x64_sys_setitimer+0x15f/0x370
[  368.037817][ T9873]  ? __pfx___x64_sys_setitimer+0x10/0x10
[  368.037842][ T9873]  ? __fget_files+0x20e/0x3c0
[  368.037873][ T9873]  ? ksys_write+0x1ac/0x250
[  368.037894][ T9873]  ? __pfx_ksys_write+0x10/0x10
[  368.037923][ T9873]  do_syscall_64+0xcd/0x4c0
[  368.037951][ T9873]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  368.037969][ T9873] RIP: 0033:0x7f45fef8e929
[  368.037984][ T9873] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  368.038001][ T9873] RSP: 002b:00007f45ffe9b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000026
[  368.038018][ T9873] RAX: ffffffffffffffda RBX: 00007f45ff1b6080 RCX: 00007f45fef8e929
[  368.038030][ T9873] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000001
[  368.038041][ T9873] RBP: 00007f45ffe9b090 R08: 0000000000000000 R09: 0000000000000000
[  368.038051][ T9873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  368.038062][ T9873] R13: 0000000000000000 R14: 00007f45ff1b6080 R15: 00007ffea5057f58
[  368.038086][ T9873]  </TASK>
[  368.217671][   T10] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  368.371104][   T10] usb 1-1: Using ep0 maxpacket: 8
[  368.377788][ T5814] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  368.387016][ T5814] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.395217][ T5814] usb 6-1: Product: syz
[  368.399538][ T5814] usb 6-1: Manufacturer: syz
[  368.404853][ T5814] usb 6-1: SerialNumber: syz
[  368.462891][ T5814] usb 6-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  368.516854][   T30] audit: type=1400 audit(1751213680.371:560): avc:  denied  { firmware_load } for  pid=5936 comm="kworker/0:8" path="/lib/firmware/ath9k_htc/htc_9271-1.4.0.fw" dev="sda1" ino=313 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  368.556259][   T10] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  368.566881][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  368.590569][ T5936] usb 6-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  368.810498][    C0] usb 6-1: ath9k_htc: invalid pkt_len (8008)
[  368.846776][   T10] usb 1-1: Product: syz
[  368.882128][   T10] usb 1-1: Manufacturer: syz
[  368.917889][   T10] usb 1-1: SerialNumber: syz
[  369.014444][ T5860] usb 6-1: USB disconnect, device number 3
[  369.098842][   T10] usb 1-1: config 0 descriptor??
[  369.108854][   T10] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  369.717315][   T30] audit: type=1400 audit(1751213681.581:561): avc:  denied  { read } for  pid=5172 comm="acpid" name="mouse2" dev="devtmpfs" ino=2992 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  369.739039][    C1] vkms_vblank_simulate: vblank timer overrun
[  369.806470][ T5936] ath9k_htc 6-1:1.0: ath9k_htc: Target is unresponsive
[  369.814440][ T9897] netlink: 4 bytes leftover after parsing attributes in process `syz.5.964'.
[  369.828025][ T5936] ath9k_htc: Failed to initialize the device
[  369.844552][   T30] audit: type=1400 audit(1751213681.581:562): avc:  denied  { open } for  pid=5172 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=2992 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  369.867328][ T5860] usb 6-1: ath9k_htc: USB layer deinitialized
[  369.919067][   T30] audit: type=1400 audit(1751213681.581:563): avc:  denied  { ioctl } for  pid=5172 comm="acpid" path="/dev/input/mouse2" dev="devtmpfs" ino=2992 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1
[  370.201496][   T10] gspca_sonixj: reg_r err -71
[  370.206269][   T10] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  370.246246][   T10] usb 1-1: USB disconnect, device number 20
[  370.311554][ T9902] netlink: 4 bytes leftover after parsing attributes in process `syz.1.965'.
[  370.624574][ T9910] Can't find a SQUASHFS superblock on nullb0
[  371.537469][ T9925] /dev/nullb0: Can't open blockdev
[  371.602339][ T5936] usb 3-1: new full-speed USB device number 27 using dummy_hcd
[  372.359229][ T5936] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  372.452839][ T9933] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  372.656590][ T5936] usb 3-1: config 0 has no interface number 0
[  372.671121][ T5936] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  372.710795][ T5936] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  373.018544][ T5936] usb 3-1: config 0 descriptor??
[  373.158262][ T5936] usb 3-1: selecting invalid altsetting 1
[  373.177981][ T5936] dvb_ttusb_budget: ttusb_init_controller: error
[  373.699783][ T5936] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  373.855771][ T5936] DVB: Unable to find symbol cx22700_attach()
[  374.004313][ T5936] DVB: Unable to find symbol tda10046_attach()
[  374.011052][ T5936] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  374.035706][ T5936] usb 3-1: USB disconnect, device number 27
[  374.547721][ T9952] netlink: 12 bytes leftover after parsing attributes in process `syz.0.974'.
[  374.698227][   T10] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  374.805335][ T9975] netlink: 'syz.1.980': attribute type 10 has an invalid length.
[  375.010771][   T10] usb 3-1: Using ep0 maxpacket: 16
[  375.031405][   T10] usb 3-1: config index 0 descriptor too short (expected 1316, got 36)
[  375.039791][   T10] usb 3-1: config 0 has an invalid interface number: 0 but max is -1
[  375.080779][   T10] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0
[  375.110513][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  375.216886][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  375.230490][   T10] usb 3-1: New USB device found, idVendor=1e7d, idProduct=0810, bcdDevice= 0.00
[  375.239768][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.272173][   T10] usb 3-1: config 0 descriptor??
[  375.290283][   T10] usbhid 3-1:0.0: can't add hid device: -22
[  375.376663][   T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -22
[  375.992372][ T9972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.018776][ T9972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.205507][ T6027] usb 3-1: USB disconnect, device number 28
[  376.778245][ T9998] hub 8-0:1.0: USB hub found
[  376.790956][ T9998] hub 8-0:1.0: 1 port detected
[  377.350894][   T10] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  377.790792][   T10] usb 1-1: Using ep0 maxpacket: 32
[  377.851275][   T10] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  377.948329][T10007] FAULT_INJECTION: forcing a failure.
[  377.948329][T10007] name failslab, interval 1, probability 0, space 0, times 0
[  377.961026][T10007] CPU: 1 UID: 0 PID: 10007 Comm: syz.5.988 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  377.961049][T10007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  377.961059][T10007] Call Trace:
[  377.961066][T10007]  <TASK>
[  377.961073][T10007]  dump_stack_lvl+0x16c/0x1f0
[  377.961102][T10007]  should_fail_ex+0x512/0x640
[  377.961125][T10007]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  377.961150][T10007]  should_failslab+0xc2/0x120
[  377.961180][T10007]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  377.961203][T10007]  ? __alloc_skb+0x2b2/0x380
[  377.961230][T10007]  __alloc_skb+0x2b2/0x380
[  377.961252][T10007]  ? __pfx___alloc_skb+0x10/0x10
[  377.961278][T10007]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  377.961300][T10007]  netlink_alloc_large_skb+0x69/0x130
[  377.961320][T10007]  netlink_sendmsg+0x6a1/0xdd0
[  377.961342][T10007]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.961369][T10007]  ____sys_sendmsg+0xa95/0xc70
[  377.961389][T10007]  ? copy_msghdr_from_user+0x10a/0x160
[  377.961413][T10007]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.961443][T10007]  ___sys_sendmsg+0x134/0x1d0
[  377.961468][T10007]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.961490][T10007]  ? __lock_acquire+0x622/0x1c90
[  377.961547][T10007]  __sys_sendmsg+0x16d/0x220
[  377.961572][T10007]  ? __pfx___sys_sendmsg+0x10/0x10
[  377.961613][T10007]  do_syscall_64+0xcd/0x4c0
[  377.961640][T10007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.961657][T10007] RIP: 0033:0x7fda7ab8e929
[  377.961671][T10007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.961688][T10007] RSP: 002b:00007fda7b93e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.961704][T10007] RAX: ffffffffffffffda RBX: 00007fda7adb6160 RCX: 00007fda7ab8e929
[  377.961716][T10007] RDX: 0000000000000000 RSI: 0000200000001380 RDI: 0000000000000008
[  377.961726][T10007] RBP: 00007fda7b93e090 R08: 0000000000000000 R09: 0000000000000000
[  377.961736][T10007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.961746][T10007] R13: 0000000000000000 R14: 00007fda7adb6160 R15: 00007fff7e38a3d8
[  377.961770][T10007]  </TASK>
[  378.185603][   T10] usb 1-1: config 0 has no interface number 0
[  378.206101][   T10] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  378.220735][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.228721][   T10] usb 1-1: Product: syz
[  378.236843][   T10] usb 1-1: Manufacturer: syz
[  378.241794][   T10] usb 1-1: SerialNumber: syz
[  378.251511][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  378.261020][   T10] usb 1-1: config 0 descriptor??
[  378.274123][   T10] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  378.565587][   T10] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  378.582147][   T10] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  378.686404][    C0] quatech-serial ttyUSB0: qt2_process_read_urb - port change to invalid port: 40
[  379.001865][T10023] loop8: detected capacity change from 0 to 1
[  379.389640][T10023] Dev loop8: unable to read RDB block 1
[  379.395391][T10023]  loop8: unable to read partition table
[  379.401655][T10023] loop8: partition table beyond EOD, truncated
[  379.407907][T10023] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  379.819271][T10032] nbd: must specify at least one socket
[  380.677515][T10029] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  380.765508][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  380.824534][ T6027] usb 1-1: USB disconnect, device number 21
[  380.835620][ T6027] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  380.879891][ T6027] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  380.892084][ T6027] quatech2 1-1:0.51: device disconnected
[  380.970777][ T5814] usb 3-1: new full-speed USB device number 29 using dummy_hcd
[  381.406711][T10045] loop8: detected capacity change from 0 to 1
[  381.456967][T10045] Dev loop8: unable to read RDB block 1
[  381.463673][T10045]  loop8: unable to read partition table
[  381.471266][T10045] loop8: partition table beyond EOD, truncated
[  381.477571][T10045] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  381.688400][ T5814] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  381.701094][ T5814] usb 3-1: config 0 has no interface number 0
[  381.711834][ T5814] usb 3-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  381.729677][ T5814] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.830784][ T5814] usb 3-1: config 0 descriptor??
[  381.847268][ T5814] usb 3-1: selecting invalid altsetting 1
[  381.858533][ T5814] dvb_ttusb_budget: ttusb_init_controller: error
[  381.865361][ T5814] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  382.294812][T10052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  382.376340][ T5814] DVB: Unable to find symbol cx22700_attach()
[  382.391366][T10052] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  382.501953][ T5814] DVB: Unable to find symbol tda10046_attach()
[  382.513984][ T5814] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  382.523802][   T10] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  382.567905][ T5814] usb 3-1: USB disconnect, device number 29
[  382.695280][   T10] usb 2-1: Using ep0 maxpacket: 32
[  382.724654][   T10] usb 2-1: config 0 has an invalid interface number: 136 but max is 0
[  382.732988][   T10] usb 2-1: config 0 has no interface number 0
[  382.749227][   T10] usb 2-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D
[  382.800877][   T10] usb 2-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0
[  382.838758][   T10] usb 2-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0
[  382.870787][   T10] usb 2-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  382.912757][   T10] usb 2-1: config 0 interface 136 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 5
[  382.969982][   T10] usb 2-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0
[  382.982463][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.319814][ T5822] Bluetooth: hci4: unexpected event for opcode 0x2028
[  383.333118][   T10] usb 2-1: config 0 descriptor??
[  383.363347][   T10] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  383.477947][ T6179] udevd[6179]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.136/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  383.660650][ T5860] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  383.752453][ T6027] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  384.097089][T10077] loop8: detected capacity change from 0 to 1
[  384.102743][   T10] snd-usb-audio 2-1:0.136: probe with driver snd-usb-audio failed with error -2
[  384.135401][T10077] Dev loop8: unable to read RDB block 1
[  384.141011][T10077]  loop8: unable to read partition table
[  384.146777][T10077] loop8: partition table beyond EOD, truncated
[  384.153369][T10077] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  384.195813][  T974] usb 2-1: USB disconnect, device number 35
[  384.347627][ T6027] usb 1-1: config index 0 descriptor too short (expected 65535, got 77)
[  384.356096][ T5860] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  384.386106][ T6027] usb 1-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  384.401104][ T5860] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  384.427412][ T6027] usb 1-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  384.448595][ T5860] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  384.475008][ T6027] usb 1-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  384.492426][ T5860] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  384.615884][ T6027] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  384.733897][T10087] loop8: detected capacity change from 0 to 1
[  384.804965][T10087] Dev loop8: unable to read RDB block 1
[  384.810958][T10087]  loop8: unable to read partition table
[  384.818132][T10087] loop8: partition table beyond EOD, truncated
[  384.824790][T10087] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  385.097898][ T5860] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.107641][ T6027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.128509][ T5860] usb 3-1: Product: syz
[  385.142882][ T6027] usb 1-1: Product: syz
[  385.151602][ T5860] usb 3-1: Manufacturer: syz
[  385.170843][ T5860] usb 3-1: SerialNumber: syz
[  385.251374][ T6027] usb 1-1: Manufacturer: syz
[  385.288553][ T6027] usb 1-1: SerialNumber: syz
[  385.481426][ T5860] hub 3-1:1.0: bad descriptor, ignoring hub
[  385.503469][ T5860] hub 3-1:1.0: probe with driver hub failed with error -5
[  385.709958][ T6027] usb 1-1: USB disconnect, device number 22
[  385.722091][ T5860] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 30 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  385.832122][T10095] Can't find a SQUASHFS superblock on nullb0
[  386.215084][ T5860] usb 3-1: USB disconnect, device number 30
[  386.228973][ T5860] usblp0: removed
[  386.260786][   T24] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  386.721023][   T24] usb 6-1: Using ep0 maxpacket: 32
[  386.738964][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  386.752888][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  386.764055][   T24] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  386.774227][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.811414][   T24] usb 6-1: config 0 descriptor??
[  387.558484][T10113] geneve1: entered allmulticast mode
[  387.652418][T10110] can: request_module (can-proto-0) failed.
[  387.778848][   T24] ft260 0003:0403:6030.0007: unknown main item tag 0x0
[  388.019274][   T24] ft260 0003:0403:6030.0007: chip code: 6424 8183
[  388.061897][ T5921] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  388.074833][   T10] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  388.095363][T10127] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1024'.
[  388.208210][   T24] ft260 0003:0403:6030.0007: failed to retrieve system status
[  388.216208][   T24] ft260 0003:0403:6030.0007: probe with driver ft260 failed with error -5
[  388.250925][   T10] usb 3-1: Using ep0 maxpacket: 8
[  388.255984][ T5921] usb 1-1: Using ep0 maxpacket: 32
[  388.262469][   T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 201, changing to 11
[  388.274127][   T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  388.287111][   T10] usb 3-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.00
[  388.296350][ T5921] usb 1-1: config index 0 descriptor too short (expected 156, got 27)
[  388.304552][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.312615][ T5921] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  388.325534][ T5921] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  388.337251][   T10] usb 3-1: config 0 descriptor??
[  388.347698][ T5921] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  388.360992][ T5921] usb 1-1: config 0 interface 0 has no altsetting 0
[  388.369581][ T5921] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  388.378667][ T5921] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=6
[  388.386941][ T5921] usb 1-1: Product: syz
[  388.391157][ T5921] usb 1-1: Manufacturer: syz
[  388.395755][ T5921] usb 1-1: SerialNumber: syz
[  388.402741][ T5921] usb 1-1: config 0 descriptor??
[  388.409621][ T5921] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  388.423067][ T5921] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  388.631242][  T974] usb 1-1: USB disconnect, device number 23
[  388.637185][    C1] ldusb 1-1:0.0: usb_submit_urb failed (-19)
[  388.649311][  T974] ldusb 1-1:0.0: LD USB Device #0 now disconnected
[  388.751559][   T10] monterey 0003:0566:3004.0008: unbalanced delimiter at end of report description
[  388.763064][   T10] monterey 0003:0566:3004.0008: probe with driver monterey failed with error -22
[  388.853276][T10110] ldusb: No device or device unplugged -19
[  389.003474][T10135] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1028'.
[  389.017577][T10135] macsec1: entered allmulticast mode
[  389.022951][T10135] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  389.032335][T10135] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  389.179542][T10139] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1022'.
[  389.720299][   T24] usb 6-1: USB disconnect, device number 4
[  390.041218][ T5822] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  390.100817][T10145] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1030'.
[  390.252713][T10153] hub 9-0:1.0: USB hub found
[  390.258183][T10153] hub 9-0:1.0: 1 port detected
[  390.660886][T10155] hub 9-0:1.0: USB hub found
[  390.667550][T10155] hub 9-0:1.0: 1 port detected
[  391.293941][   T24] usb 3-1: USB disconnect, device number 31
[  391.385584][   T30] audit: type=1400 audit(1751213703.251:564): avc:  denied  { read } for  pid=10164 comm="syz.2.1035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  391.412691][T10166] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  391.491020][  T974] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  391.650883][  T974] usb 1-1: Using ep0 maxpacket: 8
[  391.669213][  T974] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  391.680286][  T974] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  391.701846][  T974] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  391.732419][  T974] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  391.748745][  T974] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  391.759552][  T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.983278][  T974] usb 1-1: GET_CAPABILITIES returned 0
[  391.988927][  T974] usbtmc 1-1:16.0: can't read capabilities
[  391.999583][T10174] Illegal XDP return value 1110979439 on prog  (id 294) dev syz_tun, expect packet loss!
[  392.438272][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  392.502094][  T974] usb 1-1: USB disconnect, device number 24
[  393.434876][   T30] audit: type=1400 audit(1751213705.301:565): avc:  denied  { listen } for  pid=10193 comm="syz.4.1044" lport=43324 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  393.455392][    C1] vkms_vblank_simulate: vblank timer overrun
[  393.514828][T10196] sctp: failed to load transform for md5: -2
[  395.365345][T10230] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  395.375961][ T5921] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  395.556241][ T5921] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  395.574546][ T5921] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  395.587846][ T5921] usb 5-1: New USB device found, idVendor=0079, idProduct=1846, bcdDevice= 0.00
[  395.597153][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.626004][ T5921] usb 5-1: config 0 descriptor??
[  395.638787][T10238] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  395.638985][ T5921] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  395.651956][   T24] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  395.657223][   T10] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  395.813305][   T24] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  395.832098][   T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  395.834559][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  395.849202][   T10] usb 6-1: config 0 has no interface number 0
[  395.855436][   T10] usb 6-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  395.864981][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  395.881555][   T10] usb 6-1: config 0 descriptor??
[  395.889386][   T10] usb 6-1: selecting invalid altsetting 1
[  395.900869][   T10] dvb_ttusb_budget: ttusb_init_controller: error
[  395.910788][   T10] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  395.984713][   T10] DVB: Unable to find symbol cx22700_attach()
[  396.017537][  T974] usb 2-1: new full-speed USB device number 36 using dummy_hcd
[  396.030926][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.034852][   T10] DVB: Unable to find symbol tda10046_attach()
[  396.042742][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.051153][   T10] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  396.056581][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.072287][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.252747][   T10] usb 6-1: USB disconnect, device number 5
[  396.584098][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.591532][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.600381][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.611523][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.619281][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.628291][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.639174][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.646773][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.655726][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.666700][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.674726][  T974] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  396.683015][  T974] usb 2-1: config 0 has no interface number 0
[  396.689377][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.698489][  T974] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  396.753117][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.764608][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.772660][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.784540][  T974] usb 2-1: config 0 descriptor??
[  396.791473][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.800371][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.814332][  T974] usb 2-1: selecting invalid altsetting 1
[  396.820159][  T974] dvb_ttusb_budget: ttusb_init_controller: error
[  396.827351][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.834035][  T974] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  396.843397][   T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  396.854914][   T24] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  396.874357][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  396.919367][   T24] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  397.017613][   T24] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  397.246799][   T24] usb 3-1: Product: syz
[  397.264382][   T24] usb 3-1: Manufacturer: syz
[  397.269177][   T24] usb 3-1: SerialNumber: syz
[  397.349752][T10261] /dev/nullb0: Can't open blockdev
[  397.825531][   T24] usb 3-1: config 0 descriptor??
[  397.858424][  T974] DVB: Unable to find symbol cx22700_attach()
[  397.871431][   T24] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  397.991607][  T974] DVB: Unable to find symbol tda10046_attach()
[  397.997960][  T974] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  398.015554][  T974] usb 2-1: USB disconnect, device number 36
[  398.053816][   T11] block nbd3: Possible stuck request ffff8880269c7000: control (read@0,4096B). Runtime 90 seconds
[  398.153493][ T5921] usb 5-1: USB disconnect, device number 36
[  398.178334][T10272] netlink: 'syz.0.1065': attribute type 10 has an invalid length.
[  398.232083][   T30] audit: type=1400 audit(1751213710.101:566): avc:  denied  { name_connect } for  pid=10265 comm="syz.1.1063" dest=512 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hi_reserved_port_t tclass=sctp_socket permissive=1
[  398.233783][T10275] FAULT_INJECTION: forcing a failure.
[  398.233783][T10275] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  398.287766][T10275] CPU: 0 UID: 0 PID: 10275 Comm: syz.4.1066 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  398.287795][T10275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  398.287806][T10275] Call Trace:
[  398.287811][T10275]  <TASK>
[  398.287818][T10275]  dump_stack_lvl+0x16c/0x1f0
[  398.287847][T10275]  should_fail_ex+0x512/0x640
[  398.287875][T10275]  _copy_from_iter+0x29f/0x16f0
[  398.287905][T10275]  ? __pfx__copy_from_iter+0x10/0x10
[  398.287928][T10275]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  398.287962][T10275]  copy_page_from_iter+0xde/0x180
[  398.287988][T10275]  tun_build_skb.constprop.0+0x2e8/0x14f0
[  398.288027][T10275]  ? __pfx_tun_build_skb.constprop.0+0x10/0x10
[  398.288069][T10275]  ? __pfx__kstrtoull+0x10/0x10
[  398.288092][T10275]  tun_get_user+0x165f/0x3b80
[  398.288128][T10275]  ? __pfx_tun_get_user+0x10/0x10
[  398.288151][T10275]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  398.288183][T10275]  ? find_held_lock+0x2b/0x80
[  398.288205][T10275]  ? tun_get+0x191/0x370
[  398.288233][T10275]  tun_chr_write_iter+0xdc/0x210
[  398.288260][T10275]  vfs_write+0x6c4/0x1150
[  398.288283][T10275]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  398.288311][T10275]  ? __pfx_vfs_write+0x10/0x10
[  398.288329][T10275]  ? find_held_lock+0x2b/0x80
[  398.288364][T10275]  ksys_write+0x12a/0x250
[  398.288385][T10275]  ? __pfx_ksys_write+0x10/0x10
[  398.288414][T10275]  do_syscall_64+0xcd/0x4c0
[  398.288441][T10275]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.288458][T10275] RIP: 0033:0x7fb50a58d3df
[  398.288472][T10275] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  398.288488][T10275] RSP: 002b:00007fb50b484000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  398.288505][T10275] RAX: ffffffffffffffda RBX: 00007fb50a7b5fa0 RCX: 00007fb50a58d3df
[  398.288517][T10275] RDX: 0000000000000036 RSI: 0000200000001800 RDI: 00000000000000c8
[  398.288528][T10275] RBP: 00007fb50b484090 R08: 0000000000000000 R09: 0000000000000000
[  398.288538][T10275] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001
[  398.288547][T10275] R13: 0000000000000000 R14: 00007fb50a7b5fa0 R15: 00007ffde886de58
[  398.288571][T10275]  </TASK>
[  398.521572][T10266] lo speed is unknown, defaulting to 1000
[  398.566731][   T24] usb 3-1: USB disconnect, device number 32
[  398.584718][   T24] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  398.689879][T10282] bridge0: entered allmulticast mode
[  398.698506][T10282] bridge_slave_1: left allmulticast mode
[  398.705151][T10282] bridge_slave_1: left promiscuous mode
[  398.712264][T10282] bridge0: port 2(bridge_slave_1) entered disabled state
[  398.819705][T10282] bridge_slave_0: left allmulticast mode
[  398.825634][T10282] bridge_slave_0: left promiscuous mode
[  398.833373][T10282] bridge0: port 1(bridge_slave_0) entered disabled state
[  399.268796][T10291] syzkaller1: entered promiscuous mode
[  399.283945][T10291] syzkaller1: entered allmulticast mode
[  400.272767][   T30] audit: type=1400 audit(1751213712.141:567): avc:  denied  { mount } for  pid=10307 comm="syz.4.1075" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  400.351598][T10314] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1075'.
[  400.483070][   T30] audit: type=1400 audit(1751213712.341:568): avc:  denied  { sqpoll } for  pid=10307 comm="syz.4.1075" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  400.839374][T10325] FAULT_INJECTION: forcing a failure.
[  400.839374][T10325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  400.850761][   T10] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  400.880166][T10325] CPU: 0 UID: 0 PID: 10325 Comm: syz.1.1080 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  400.880190][T10325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  400.880200][T10325] Call Trace:
[  400.880206][T10325]  <TASK>
[  400.880213][T10325]  dump_stack_lvl+0x16c/0x1f0
[  400.880243][T10325]  should_fail_ex+0x512/0x640
[  400.880269][T10325]  _copy_to_user+0x32/0xd0
[  400.880295][T10325]  simple_read_from_buffer+0xcb/0x170
[  400.880320][T10325]  proc_fail_nth_read+0x197/0x270
[  400.880343][T10325]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.880365][T10325]  ? rw_verify_area+0xcf/0x680
[  400.880384][T10325]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  400.880404][T10325]  vfs_read+0x1e4/0xc60
[  400.880429][T10325]  ? __pfx___mutex_lock+0x10/0x10
[  400.880454][T10325]  ? __pfx_vfs_read+0x10/0x10
[  400.880482][T10325]  ? __fget_files+0x20e/0x3c0
[  400.880511][T10325]  ksys_read+0x12a/0x250
[  400.880532][T10325]  ? __pfx_ksys_read+0x10/0x10
[  400.880560][T10325]  do_syscall_64+0xcd/0x4c0
[  400.880587][T10325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  400.880604][T10325] RIP: 0033:0x7f45fef8d33c
[  400.880618][T10325] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  400.880643][T10325] RSP: 002b:00007f45ffebc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  400.880660][T10325] RAX: ffffffffffffffda RBX: 00007f45ff1b5fa0 RCX: 00007f45fef8d33c
[  400.880672][T10325] RDX: 000000000000000f RSI: 00007f45ffebc0a0 RDI: 0000000000000005
[  400.880682][T10325] RBP: 00007f45ffebc090 R08: 0000000000000000 R09: 0000000000000000
[  400.880692][T10325] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  400.880705][T10325] R13: 0000000000000000 R14: 00007f45ff1b5fa0 R15: 00007ffea5057f58
[  400.880729][T10325]  </TASK>
[  401.061477][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.161605][   T10] usb 6-1: device descriptor read/64, error -71
[  401.199902][   T30] audit: type=1400 audit(1751213713.041:569): avc:  denied  { unmount } for  pid=5811 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1
[  401.630852][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  401.639617][   T30] audit: type=1400 audit(1751213713.501:570): avc:  denied  { connect } for  pid=10328 comm="syz.1.1084" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  401.659247][    C0] vkms_vblank_simulate: vblank timer overrun
[  401.800778][   T10] usb 6-1: device descriptor read/64, error -71
[  401.976295][   T10] usb usb6-port1: attempt power cycle
[  402.570792][   T10] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  402.611482][T10368] loop2: detected capacity change from 0 to 7
[  402.629627][   T10] usb 6-1: device descriptor read/8, error -71
[  402.639575][   T30] audit: type=1400 audit(1751213714.491:571): avc:  denied  { map } for  pid=10367 comm="syz.0.1093" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  402.662495][    C0] vkms_vblank_simulate: vblank timer overrun
[  402.668879][T10368] Dev loop2: unable to read RDB block 7
[  402.685413][T10368]  loop2: unable to read partition table
[  402.742701][T10368] loop2: partition table beyond EOD, truncated
[  402.749675][T10368] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  402.759044][   T30] audit: type=1400 audit(1751213714.491:572): avc:  denied  { execute } for  pid=10367 comm="syz.0.1093" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  402.806921][ T5187] Dev loop2: unable to read RDB block 7
[  402.806941][ T5187]  loop2: unable to read partition table
[  402.807026][ T5187] loop2: partition table beyond EOD, truncated
[  402.923102][   T10] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  402.944114][   T10] usb 6-1: device descriptor read/8, error -71
[  403.051120][   T10] usb usb6-port1: unable to enumerate USB device
[  403.256809][T10376] hub 9-0:1.0: USB hub found
[  403.262386][T10376] hub 9-0:1.0: 1 port detected
[  405.112444][ T5822] Bluetooth: hci4: unexpected event for opcode 0x2028
[  405.150789][   T24] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  405.465673][ T6027] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  405.498861][T10398] xt_CT: You must specify a L4 protocol and not use inversions on it
[  405.507961][   T24] usb 6-1: Using ep0 maxpacket: 8
[  405.626891][ T6027] usb 1-1: config index 0 descriptor too short (expected 65535, got 77)
[  405.806900][   T30] audit: type=1400 audit(1751213717.361:573): avc:  denied  { bind } for  pid=10397 comm="syz.2.1103" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  405.826219][    C0] vkms_vblank_simulate: vblank timer overrun
[  405.929340][ T6027] usb 1-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  405.938737][ T6027] usb 1-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  405.949458][ T6027] usb 1-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  405.967230][ T6027] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  405.981946][ T6027] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.127957][T10404] loop8: detected capacity change from 0 to 1
[  406.241066][T10404] Dev loop8: unable to read RDB block 1
[  406.247259][T10404]  loop8: unable to read partition table
[  406.254360][T10404] loop8: partition table beyond EOD, truncated
[  406.260753][T10404] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  406.368647][ T6027] usb 1-1: Product: syz
[  406.372985][ T6027] usb 1-1: Manufacturer: syz
[  406.377871][ T6027] usb 1-1: SerialNumber: syz
[  406.449189][T10407] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=10407 comm=syz.2.1105
[  406.627260][ T6027] usb 1-1: USB disconnect, device number 25
[  406.690088][   T30] audit: type=1400 audit(1751213718.551:574): avc:  denied  { append } for  pid=10412 comm="syz.4.1106" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  406.712870][    C0] vkms_vblank_simulate: vblank timer overrun
[  406.870789][   T10] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  406.878865][T10416] ubi31: attaching mtd0
[  406.884466][T10416] ubi31: scanning is finished
[  406.960006][   T30] audit: type=1400 audit(1751213718.821:575): avc:  denied  { map } for  pid=10412 comm="syz.4.1106" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  407.054049][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  407.074248][   T24] usb 6-1: unable to read config index 0 descriptor/start: -71
[  407.085633][   T24] usb 6-1: can't read configurations, error -71
[  407.085720][T10416] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  407.099519][T10416] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  407.106843][T10416] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  407.113922][T10416] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  407.121486][T10416] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  407.128350][T10416] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  407.138475][T10416] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 741993139
[  407.148510][T10416] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  407.159135][   T10] usb 3-1: Using ep0 maxpacket: 16
[  407.165556][T10421] ubi31: background thread "ubi_bgt31d" started, PID 10421
[  407.177085][   T10] usb 3-1: config 5 has an invalid interface number: 239 but max is 0
[  407.185294][   T10] usb 3-1: config 5 has no interface number 0
[  407.192425][   T10] usb 3-1: config 5 interface 239 has no altsetting 0
[  407.204320][   T10] usb 3-1: New USB device found, idVendor=040a, idProduct=0002, bcdDevice=7b.52
[  407.220916][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.228925][   T10] usb 3-1: Product: syz
[  407.250835][   T10] usb 3-1: Manufacturer: syz
[  407.255445][   T10] usb 3-1: SerialNumber: syz
[  407.644032][T10432] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  408.320799][   T30] audit: type=1400 audit(1751213719.751:576): avc:  denied  { write } for  pid=10434 comm="syz.5.1112" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  408.601766][   T24] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  408.762464][T10445] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1114'.
[  408.772327][T10445] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1114'.
[  408.811144][   T24] usb 6-1: Using ep0 maxpacket: 16
[  408.817042][   T24] usb 6-1: too many configurations: 60, using maximum allowed: 8
[  408.818938][   T30] audit: type=1400 audit(1751213720.681:577): avc:  denied  { write } for  pid=10444 comm="syz.0.1114" name="urandom" dev="devtmpfs" ino=9 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file permissive=1
[  408.865143][   T24] usb 6-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[  408.880679][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[  408.904723][   T24] usb 6-1: Product: syz
[  408.909850][   T24] usb 6-1: Manufacturer: syz
[  408.915583][   T24] usb 6-1: SerialNumber: syz
[  408.929025][   T24] usb 6-1: config 0 descriptor??
[  408.952824][   T24] pwc: Philips SPC 880NC USB webcam detected.
[  408.959847][T10450] FAULT_INJECTION: forcing a failure.
[  408.959847][T10450] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  408.975060][T10450] CPU: 0 UID: 0 PID: 10450 Comm: syz.1.1116 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  408.975087][T10450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.975097][T10450] Call Trace:
[  408.975103][T10450]  <TASK>
[  408.975110][T10450]  dump_stack_lvl+0x16c/0x1f0
[  408.975139][T10450]  should_fail_ex+0x512/0x640
[  408.975166][T10450]  _copy_to_user+0x32/0xd0
[  408.975192][T10450]  simple_read_from_buffer+0xcb/0x170
[  408.975217][T10450]  proc_fail_nth_read+0x197/0x270
[  408.975239][T10450]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.975261][T10450]  ? rw_verify_area+0xcf/0x680
[  408.975280][T10450]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  408.975300][T10450]  vfs_read+0x1e4/0xc60
[  408.975325][T10450]  ? __pfx___mutex_lock+0x10/0x10
[  408.975349][T10450]  ? __pfx_vfs_read+0x10/0x10
[  408.975375][T10450]  ? __fget_files+0x20e/0x3c0
[  408.975406][T10450]  ksys_read+0x12a/0x250
[  408.975426][T10450]  ? __pfx_ksys_read+0x10/0x10
[  408.975452][T10450]  do_syscall_64+0xcd/0x4c0
[  408.975476][T10450]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.975491][T10450] RIP: 0033:0x7f45fef8d33c
[  408.975503][T10450] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  408.975517][T10450] RSP: 002b:00007f45ffebc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  408.975531][T10450] RAX: ffffffffffffffda RBX: 00007f45ff1b5fa0 RCX: 00007f45fef8d33c
[  408.975541][T10450] RDX: 000000000000000f RSI: 00007f45ffebc0a0 RDI: 0000000000000004
[  408.975550][T10450] RBP: 00007f45ffebc090 R08: 0000000000000000 R09: 0000000000000000
[  408.975559][T10450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  408.975567][T10450] R13: 0000000000000000 R14: 00007f45ff1b5fa0 R15: 00007ffea5057f58
[  408.975588][T10450]  </TASK>
[  409.206046][T10452] FAULT_INJECTION: forcing a failure.
[  409.206046][T10452] name failslab, interval 1, probability 0, space 0, times 0
[  409.225614][T10452] CPU: 0 UID: 0 PID: 10452 Comm: syz.1.1118 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  409.225642][T10452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  409.225653][T10452] Call Trace:
[  409.225659][T10452]  <TASK>
[  409.225665][T10452]  dump_stack_lvl+0x16c/0x1f0
[  409.225694][T10452]  should_fail_ex+0x512/0x640
[  409.225715][T10452]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  409.225741][T10452]  should_failslab+0xc2/0x120
[  409.225766][T10452]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  409.225788][T10452]  ? __alloc_skb+0x2b2/0x380
[  409.225815][T10452]  __alloc_skb+0x2b2/0x380
[  409.225836][T10452]  ? __pfx___alloc_skb+0x10/0x10
[  409.225857][T10452]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  409.225879][T10452]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  409.225908][T10452]  netlink_alloc_large_skb+0x69/0x130
[  409.225927][T10452]  netlink_sendmsg+0x6a1/0xdd0
[  409.225949][T10452]  ? __pfx_netlink_sendmsg+0x10/0x10
[  409.225982][T10452]  ____sys_sendmsg+0xa95/0xc70
[  409.226001][T10452]  ? copy_msghdr_from_user+0x10a/0x160
[  409.226024][T10452]  ? __pfx_____sys_sendmsg+0x10/0x10
[  409.226054][T10452]  ___sys_sendmsg+0x134/0x1d0
[  409.226079][T10452]  ? __pfx____sys_sendmsg+0x10/0x10
[  409.226101][T10452]  ? __lock_acquire+0x622/0x1c90
[  409.226158][T10452]  __sys_sendmsg+0x16d/0x220
[  409.226182][T10452]  ? __pfx___sys_sendmsg+0x10/0x10
[  409.226221][T10452]  do_syscall_64+0xcd/0x4c0
[  409.226248][T10452]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  409.226266][T10452] RIP: 0033:0x7f45fef8e929
[  409.226279][T10452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  409.226295][T10452] RSP: 002b:00007f45ffebc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  409.226311][T10452] RAX: ffffffffffffffda RBX: 00007f45ff1b5fa0 RCX: 00007f45fef8e929
[  409.226322][T10452] RDX: 0000000000000000 RSI: 0000200000000d40 RDI: 0000000000000003
[  409.226332][T10452] RBP: 00007f45ffebc090 R08: 0000000000000000 R09: 0000000000000000
[  409.226342][T10452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  409.226352][T10452] R13: 0000000000000000 R14: 00007f45ff1b5fa0 R15: 00007ffea5057f58
[  409.226375][T10452]  </TASK>
[  409.640117][   T10] gspca_main: spca501-2.14.0 probing 040a:0002
[  409.646749][   T10] gspca_spca501: reg write: error -71
[  409.661631][   T10] spca501 3-1:5.239: Reg write failed for 0x00,0xaa,0x00
[  409.677306][   T10] spca501 3-1:5.239: probe with driver spca501 failed with error -22
[  409.788034][T10458] Can't find a SQUASHFS superblock on nullb0
[  410.142132][   T10] usb 3-1: USB disconnect, device number 33
[  410.182764][T10460] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1122'.
[  410.198472][ T5985] bridge_slave_1: left allmulticast mode
[  410.213282][ T5985] bridge_slave_1: left promiscuous mode
[  410.226316][ T5985] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.257471][ T5985] bridge_slave_0: left allmulticast mode
[  410.265757][ T5985] bridge_slave_0: left promiscuous mode
[  410.275083][ T5985] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.790425][   T24] pwc: Warning: more than 1 configuration available.
[  410.818358][   T24] pwc: Failed to set LED on/off time (-71)
[  410.878130][   T24] pwc: send_video_command error -71
[  410.896243][   T24] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  410.931848][   T24] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  410.975558][   T24] usb 6-1: USB disconnect, device number 11
[  411.044836][ T5985] team0: Port device geneve0 removed
[  411.596106][T10128] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  411.624069][T10128] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  411.631732][T10128] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  411.640099][T10128] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  411.647672][T10128] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  411.719229][ T5985] team0: Port device bond0 removed
[  411.731274][ T5985] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  411.748347][ T5985] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  411.758532][ T5985] bond0 (unregistering): Released all slaves
[  411.768991][T10479] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1125'.
[  411.839932][T10477] lo speed is unknown, defaulting to 1000
[  411.927973][T10468] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1126'.
[  412.282222][T10486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1131'.
[  412.360822][ T5936] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  412.443452][T10477] chnl_net:caif_netlink_parms(): no params data found
[  412.511007][ T5936] usb 2-1: device descriptor read/64, error -71
[  412.820108][T10477] bridge0: port 1(bridge_slave_0) entered blocking state
[  412.833839][T10477] bridge0: port 1(bridge_slave_0) entered disabled state
[  412.846058][T10477] bridge_slave_0: entered allmulticast mode
[  412.850774][ T5936] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  412.854306][T10477] bridge_slave_0: entered promiscuous mode
[  412.872239][T10477] bridge0: port 2(bridge_slave_1) entered blocking state
[  412.884909][T10477] bridge0: port 2(bridge_slave_1) entered disabled state
[  412.900835][T10477] bridge_slave_1: entered allmulticast mode
[  412.907479][T10477] bridge_slave_1: entered promiscuous mode
[  412.933515][T10477] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  412.944891][T10477] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  412.971291][T10477] team0: Port device team_slave_0 added
[  412.978873][T10477] team0: Port device team_slave_1 added
[  413.000118][T10477] batman_adv: batadv0: Adding interface: batadv_slave_0
[  413.000800][ T5936] usb 2-1: device descriptor read/64, error -71
[  413.008444][T10477] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  413.040115][T10477] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  413.052690][T10477] batman_adv: batadv0: Adding interface: batadv_slave_1
[  413.059608][T10477] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  413.086121][T10477] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  413.118257][T10477] hsr_slave_0: entered promiscuous mode
[  413.124353][T10477] hsr_slave_1: entered promiscuous mode
[  413.130173][T10477] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  413.137902][T10477] Cannot create hsr debugfs directory
[  413.150959][ T5936] usb usb2-port1: attempt power cycle
[  413.150989][ T6027] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  413.237448][T10503] lo speed is unknown, defaulting to 1000
[  413.340943][ T6027] usb 3-1: Using ep0 maxpacket: 32
[  413.366757][ T6027] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  413.376709][ T6027] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  413.488083][ T6027] usb 3-1: config 0 descriptor??
[  413.721111][ T5936] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  413.729476][ T5822] Bluetooth: hci4: command tx timeout
[  413.761629][ T5936] usb 2-1: device descriptor read/8, error -71
[  413.918198][ T6027] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  413.937979][ T6027] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  413.966386][ T6027] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  413.989165][ T6027] usb 3-1: media controller created
[  414.044362][ T6027] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  414.092818][ T5985] hsr_slave_0: left promiscuous mode
[  414.115950][ T5985] hsr_slave_1: left promiscuous mode
[  414.131760][ T5985] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  414.139624][ T5936] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  414.159019][ T6027] az6027: usb out operation failed. (-71)
[  414.159564][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_0
[  414.167361][ T6027] az6027: usb out operation failed. (-71)
[  414.179060][ T6027] stb0899_attach: Driver disabled by Kconfig
[  414.185113][ T6027] az6027: no front-end attached
[  414.185113][ T6027] 
[  414.194675][ T5985] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  414.194719][ T6027] az6027: usb out operation failed. (-71)
[  414.208093][ T5936] usb 2-1: device descriptor read/8, error -71
[  414.208562][ T6027] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  414.222596][ T5985] batman_adv: batadv0: Removing interface: batadv_slave_1
[  414.223926][ T6027] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11
[  414.242058][T10521] loop2: detected capacity change from 0 to 7
[  414.254640][T10521] Dev loop2: unable to read RDB block 7
[  414.260836][T10521]  loop2: unable to read partition table
[  414.263700][ T6027] dvb-usb: schedule remote query interval to 400 msecs.
[  414.274225][T10521] loop2: partition table beyond EOD, truncated
[  414.279460][ T6027] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  414.282772][ T5985] veth1_macvtap: left promiscuous mode
[  414.291458][ T6027] usb 3-1: USB disconnect, device number 34
[  414.298845][T10521] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  414.318517][ T5985] veth0_macvtap: left promiscuous mode
[  414.324564][ T5985] veth1_vlan: left promiscuous mode
[  414.330023][ T5985] veth0_vlan: left promiscuous mode
[  414.355422][ T5936] usb usb2-port1: unable to enumerate USB device
[  414.380471][ T6027] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  415.801102][ T5822] Bluetooth: hci4: command tx timeout
[  415.806628][   T10] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  415.873455][T10547] input: syz0 as /devices/virtual/input/input12
[  416.043630][ T5936] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  416.054510][   T30] audit: type=1400 audit(1751213727.731:578): avc:  denied  { create } for  pid=10530 comm="syz.2.1142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  416.246115][   T10] usb 2-1: Using ep0 maxpacket: 16
[  416.274358][   T30] audit: type=1400 audit(1751213727.731:579): avc:  denied  { ioctl } for  pid=10530 comm="syz.2.1142" path="socket:[26337]" dev="sockfs" ino=26337 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  416.310986][ T5921] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  416.319614][   T10] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  416.353707][   T10] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  416.362106][   T10] usb 2-1: Product: syz
[  416.366834][   T10] usb 2-1: Manufacturer: syz
[  416.372761][   T10] usb 2-1: SerialNumber: syz
[  416.373096][ T5985] team0 (unregistering): Port device team_slave_1 removed
[  416.379218][   T10] usb 2-1: config 0 descriptor??
[  416.457832][ T5936] usb 6-1: unable to read config index 0 descriptor/start: -61
[  416.470191][ T5936] usb 6-1: can't read configurations, error -61
[  416.482774][ T5985] team0 (unregistering): Port device team_slave_0 removed
[  416.530385][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  416.568248][ T5921] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  416.609878][ T5921] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  416.620986][ T5936] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  416.668762][ T5921] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  417.114495][ T5921] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  417.126624][ T5921] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  417.138728][ T5936] usb 6-1: unable to read config index 0 descriptor/start: -61
[  417.146753][ T5936] usb 6-1: can't read configurations, error -61
[  417.155223][ T5936] usb usb6-port1: attempt power cycle
[  417.160685][ T5921] usb 3-1: config 0 descriptor??
[  417.404161][T10553] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.414331][T10553] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  417.642609][   T30] audit: type=1400 audit(1751213729.161:580): avc:  denied  { lock } for  pid=10532 comm="syz.1.1143" path="socket:[26348]" dev="sockfs" ino=26348 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  417.880782][ T5822] Bluetooth: hci4: command tx timeout
[  417.924070][ T5936] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  418.344108][ T5921] ath6kl: Failed to submit usb control message: -110
[  418.351516][ T5921] ath6kl: unable to send the bmi data to the device: -110
[  418.361367][T10477] 8021q: adding VLAN 0 to HW filter on device bond0
[  418.369341][ T5921] ath6kl: Unable to send get target info: -110
[  418.377499][ T5936] usb 6-1: unable to read config index 0 descriptor/start: -61
[  418.385709][ T5936] usb 6-1: can't read configurations, error -61
[  418.426448][T10477] 8021q: adding VLAN 0 to HW filter on device team0
[  418.438744][ T5921] ath6kl: Failed to init ath6kl core: -110
[  418.446881][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  418.448333][ T5921] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -110
[  418.453993][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  418.484468][T10540] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  418.502922][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state
[  418.510012][ T5987] bridge0: port 2(bridge_slave_1) entered forwarding state
[  418.571232][T10559] FAULT_INJECTION: forcing a failure.
[  418.571232][T10559] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  418.599116][T10559] CPU: 0 UID: 0 PID: 10559 Comm: syz.4.1147 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  418.599140][T10559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.599150][T10559] Call Trace:
[  418.599156][T10559]  <TASK>
[  418.599163][T10559]  dump_stack_lvl+0x16c/0x1f0
[  418.599193][T10559]  should_fail_ex+0x512/0x640
[  418.599219][T10559]  _copy_to_user+0x32/0xd0
[  418.599245][T10559]  simple_read_from_buffer+0xcb/0x170
[  418.599270][T10559]  proc_fail_nth_read+0x197/0x270
[  418.599293][T10559]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  418.599316][T10559]  ? rw_verify_area+0xcf/0x680
[  418.599334][T10559]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  418.599355][T10559]  vfs_read+0x1e4/0xc60
[  418.599379][T10559]  ? __pfx___mutex_lock+0x10/0x10
[  418.599404][T10559]  ? __pfx_vfs_read+0x10/0x10
[  418.599432][T10559]  ? __fget_files+0x20e/0x3c0
[  418.599464][T10559]  ksys_read+0x12a/0x250
[  418.599484][T10559]  ? __pfx_ksys_read+0x10/0x10
[  418.599512][T10559]  do_syscall_64+0xcd/0x4c0
[  418.599539][T10559]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.599557][T10559] RIP: 0033:0x7fb50a58d33c
[  418.599571][T10559] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  418.599587][T10559] RSP: 002b:00007fb50b484030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  418.599603][T10559] RAX: ffffffffffffffda RBX: 00007fb50a7b5fa0 RCX: 00007fb50a58d33c
[  418.599615][T10559] RDX: 000000000000000f RSI: 00007fb50b4840a0 RDI: 0000000000000004
[  418.599625][T10559] RBP: 00007fb50b484090 R08: 0000000000000000 R09: 0000000000000000
[  418.599635][T10559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  418.599644][T10559] R13: 0000000000000000 R14: 00007fb50a7b5fa0 R15: 00007ffde886de58
[  418.599667][T10559]  </TASK>
[  418.781478][    C0] vkms_vblank_simulate: vblank timer overrun
[  418.925425][T10561] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1148'.
[  418.958813][ T5921] usb 2-1: USB disconnect, device number 41
[  418.992574][T10561] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1148'.
[  419.545794][   T10] usb 3-1: USB disconnect, device number 35
[  419.687734][   T30] audit: type=1400 audit(1751213731.551:581): avc:  denied  { shutdown } for  pid=10579 comm="syz.5.1153" lport=9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  419.738848][T10477] 8021q: adding VLAN 0 to HW filter on device batadv0
[  419.746365][ T5921] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  419.963458][ T5822] Bluetooth: hci4: command tx timeout
[  420.099674][T10593] lo speed is unknown, defaulting to 1000
[  420.323191][T10589] netlink: 'syz.2.1154': attribute type 13 has an invalid length.
[  420.331838][T10589] gretap0: refused to change device tx_queue_len
[  420.338186][T10589] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  420.355468][ T5921] usb 5-1: device descriptor read/64, error -71
[  420.606036][T10477] veth0_vlan: entered promiscuous mode
[  420.626970][T10477] veth1_vlan: entered promiscuous mode
[  420.681489][ T5921] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  420.892242][T10605] hub 9-0:1.0: USB hub found
[  420.897105][T10605] hub 9-0:1.0: 1 port detected
[  420.905503][T10605] ubi: mtd0 is already attached to ubi31
[  420.913122][ T5921] usb 5-1: device descriptor read/64, error -71
[  421.214006][T10477] veth0_macvtap: entered promiscuous mode
[  421.231021][ T5921] usb usb5-port1: attempt power cycle
[  421.247370][T10477] veth1_macvtap: entered promiscuous mode
[  421.285866][T10477] batman_adv: batadv0: Interface activated: batadv_slave_0
[  421.303711][T10477] batman_adv: batadv0: Interface activated: batadv_slave_1
[  421.390792][ T5936] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  421.398778][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.398794][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.459467][ T6002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  421.550110][ T6002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  421.760786][ T5921] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  421.816678][   T30] audit: type=1400 audit(1751213733.681:582): avc:  denied  { getopt } for  pid=10618 comm="syz.1.1160" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  421.836561][ T5921] usb 5-1: device descriptor read/8, error -71
[  421.904602][ T5936] usb 3-1: unable to read config index 0 descriptor/start: -61
[  422.116311][ T5936] usb 3-1: can't read configurations, error -61
[  422.147312][   T30] audit: type=1400 audit(1751213734.011:583): avc:  denied  { mount } for  pid=10477 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  422.270862][ T5921] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  422.278505][ T5936] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  422.455576][ T5936] usb 3-1: unable to read config index 0 descriptor/start: -61
[  422.490950][ T5921] usb 5-1: device not accepting address 40, error -71
[  423.271014][ T5936] usb 3-1: can't read configurations, error -61
[  423.277629][ T5936] usb usb3-port1: attempt power cycle
[  423.283154][ T5921] usb usb5-port1: unable to enumerate USB device
[  423.621762][ T5921] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  423.816794][ T5936] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  423.851156][ T5936] usb 3-1: device descriptor read/8, error -71
[  423.859840][T10607] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  423.913659][ T5921] usb 5-1: config 0 has an invalid interface number: 113 but max is 0
[  423.925095][ T5921] usb 5-1: config 0 has no interface number 0
[  423.940827][ T5921] usb 5-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4
[  423.962734][ T5921] usb 5-1: config 0 interface 113 has no altsetting 0
[  423.978614][ T5921] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  423.988132][ T5921] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.003435][ T5921] usb 5-1: Product: syz
[  424.020780][ T5921] usb 5-1: Manufacturer: syz
[  424.026627][ T5921] usb 5-1: SerialNumber: syz
[  424.068358][ T5921] usb 5-1: config 0 descriptor??
[  424.078254][    C0] usb 5-1: NFC: Urb failure (status -71)
[  424.322920][T10652] overlayfs: missing 'lowerdir'
[  424.446144][T10652] netlink: 'syz.2.1168': attribute type 10 has an invalid length.
[  424.455295][T10652] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1168'.
[  424.470804][   T30] audit: type=1400 audit(1751213736.311:584): avc:  denied  { setopt } for  pid=10646 comm="syz.2.1168" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  424.495551][T10652] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  424.510634][T10628] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1162'.
[  424.533101][T10652] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  424.542306][T10652] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  424.557168][T10652] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  424.577221][T10652] team0: Port device geneve0 added
[  424.587461][T10656] mkiss: ax0: crc mode is auto.
[  424.627977][    C0] usb 5-1: NFC: Urb failure (status -71)
[  424.658669][ T5921] usb 5-1: NFC: Unable to get FW version
[  424.702757][ T5921] pn533_usb 5-1:0.113: probe with driver pn533_usb failed with error -71
[  424.741023][ T5928] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  424.825144][ T5921] usb 5-1: USB disconnect, device number 41
[  425.110799][ T5928] usb 7-1: Using ep0 maxpacket: 32
[  425.897795][T10658] lo speed is unknown, defaulting to 1000
[  426.672850][ T5928] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  426.795737][ T5928] usb 7-1: config 0 has no interface number 0
[  426.808232][ T5928] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  426.818844][ T5928] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  426.837114][ T5928] usb 7-1: Product: syz
[  426.849885][ T5928] usb 7-1: Manufacturer: syz
[  426.857329][ T5928] usb 7-1: SerialNumber: syz
[  426.871646][ T5928] usb 7-1: config 0 descriptor??
[  426.895929][ T5928] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  427.053179][ T5921] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  427.068029][T10672] mkiss: ax1: crc mode is auto.
[  427.190868][ T5921] usb 2-1: device descriptor read/64, error -71
[  427.316016][T10673] lo speed is unknown, defaulting to 1000
[  427.364190][    C0] usb-serial ttyUSB0: qt2_process_read_urb - status message too short
[  427.502077][   T30] audit: type=1400 audit(1751213739.371:585): avc:  denied  { create } for  pid=10649 comm="syz.6.1169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  427.755593][   T30] audit: type=1400 audit(1751213739.371:586): avc:  denied  { bind } for  pid=10649 comm="syz.6.1169" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[  428.278309][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  428.478014][T10388] block nbd3: Possible stuck request ffff8880269c7000: control (read@0,4096B). Runtime 120 seconds
[  428.520247][ T5921] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  429.348833][ T5928] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  429.361730][ T5928] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  429.379109][ T5928] usb 7-1: USB disconnect, device number 2
[  429.391374][ T5928] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  429.426476][ T5928] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  429.480909][ T5921] usb 2-1: device descriptor read/64, error -71
[  429.489599][ T5928] quatech2 7-1:0.51: device disconnected
[  429.641767][ T5921] usb usb2-port1: attempt power cycle
[  430.330800][ T5921] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  430.379877][ T5921] usb 2-1: unable to read config index 0 descriptor/start: -61
[  430.387657][ T5921] usb 2-1: can't read configurations, error -61
[  430.666554][T10710] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1180'.
[  431.064211][ T5921] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  431.093121][ T5921] usb 2-1: unable to read config index 0 descriptor/start: -61
[  431.173384][ T5921] usb 2-1: can't read configurations, error -61
[  431.322185][T10717] xt_hashlimit: size too large, truncated to 1048576
[  431.442721][ T5921] usb usb2-port1: unable to enumerate USB device
[  431.647900][   T30] audit: type=1326 audit(1751213743.511:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  431.670857][ T5814] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  431.681749][   T30] audit: type=1326 audit(1751213743.541:588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  431.745766][   T30] audit: type=1326 audit(1751213743.541:589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  431.968821][   T30] audit: type=1326 audit(1751213743.541:590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  431.983660][ T5814] usb 3-1: unable to read config index 0 descriptor/start: -61
[  432.009973][ T5814] usb 3-1: can't read configurations, error -61
[  432.030953][   T30] audit: type=1326 audit(1751213743.551:591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  432.078204][   T30] audit: type=1326 audit(1751213743.601:592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  432.111014][   T30] audit: type=1326 audit(1751213743.601:593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  432.160759][ T5814] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  432.160872][   T30] audit: type=1326 audit(1751213743.611:594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10721 comm="syz.5.1184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fda7ab8e929 code=0x7fc00000
[  432.372639][ T5814] usb 3-1: unable to read config index 0 descriptor/start: -61
[  432.380302][ T5814] usb 3-1: can't read configurations, error -61
[  432.388687][ T5814] usb usb3-port1: attempt power cycle
[  432.440900][ T5921] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  432.486368][T10736] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1186'.
[  432.604154][ T5921] usb 6-1: Using ep0 maxpacket: 32
[  432.613105][ T5921] usb 6-1: config index 0 descriptor too short (expected 156, got 27)
[  432.629855][ T5921] usb 6-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  432.645207][T10696] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  432.669646][ T5921] usb 6-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  432.698562][ T5921] usb 6-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  432.711951][ T5921] usb 6-1: config 0 interface 0 has no altsetting 0
[  432.720510][ T5921] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  432.733639][ T5921] usb 6-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  432.742145][ T5814] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  432.749910][ T5921] usb 6-1: Product: syz
[  432.754731][ T5921] usb 6-1: Manufacturer: syz
[  432.759324][ T5921] usb 6-1: SerialNumber: syz
[  432.776961][ T5814] usb 3-1: unable to read config index 0 descriptor/start: -61
[  432.785365][ T5814] usb 3-1: can't read configurations, error -61
[  432.792084][ T5921] usb 6-1: config 0 descriptor??
[  432.807375][T10738] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1187'.
[  432.819217][ T5921] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  432.870148][ T5921] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  432.931843][ T5814] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  433.366073][ T5814] usb 3-1: unable to read config index 0 descriptor/start: -61
[  433.373872][ T5814] usb 3-1: can't read configurations, error -61
[  433.396353][ T5921] usb 6-1: USB disconnect, device number 16
[  433.402308][    C0] ldusb 6-1:0.0: usb_submit_urb failed (-19)
[  433.409314][ T5814] usb usb3-port1: unable to enumerate USB device
[  433.416463][ T5921] ldusb 6-1:0.0: LD USB Device #0 now disconnected
[  433.876054][T10706] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.013211][T10754] fuse: Unknown parameter 'root'
[  434.100757][ T5921] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  434.112424][ T5860] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  434.250810][ T5921] usb 2-1: Using ep0 maxpacket: 16
[  434.257209][ T5921] usb 2-1: config index 0 descriptor too short (expected 16456, got 72)
[  434.271108][ T5921] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  434.279456][ T5921] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  434.300742][ T5921] usb 2-1: config 0 has an invalid interface number: 125 but max is 1
[  434.313562][ T5860] usb 7-1: device descriptor read/64, error -71
[  434.315941][ T5921] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  434.360910][ T5921] usb 2-1: config 0 has no interface number 0
[  434.367120][ T5921] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  434.378629][ T5921] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  434.389243][ T5921] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  434.399501][ T5921] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  434.413278][ T5921] usb 2-1: config 0 interface 125 has no altsetting 0
[  434.420073][ T5921] usb 2-1: config 0 interface 125 has no altsetting 2
[  434.429156][ T5921] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  434.440018][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  434.450766][ T5921] usb 2-1: Product: syz
[  434.454993][ T5921] usb 2-1: Manufacturer: syz
[  434.459737][ T5921] usb 2-1: SerialNumber: syz
[  434.467971][ T5921] usb 2-1: config 0 descriptor??
[  434.476564][ T5921] usb 2-1: selecting invalid altsetting 2
[  434.523789][   T30] audit: type=1400 audit(1751213746.381:595): avc:  denied  { setopt } for  pid=10758 comm="syz.2.1193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  434.554905][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  434.612389][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  435.060926][ T5860] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  435.107396][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  435.125911][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  435.220806][ T5860] usb 7-1: device descriptor read/64, error -71
[  435.244609][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  435.257653][T10764] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1194'.
[  435.331137][ T5860] usb usb7-port1: attempt power cycle
[  435.492425][ T5814] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  435.519896][T10750] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  435.529901][T10750] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  435.544675][    C0] usb 2-1: async_complete: urb error -71
[  435.551317][ T5921] get_1284_register: usb error -71
[  435.635210][T10776] loop8: detected capacity change from 0 to 1
[  436.075570][ T5921] uss720 2-1:0.125: probe with driver uss720 failed with error -71
[  436.089119][T10776] Dev loop8: unable to read RDB block 1
[  436.091927][ T5921] usb 2-1: USB disconnect, device number 46
[  436.100598][T10776]  loop8: unable to read partition table
[  436.106409][T10776] loop8: partition table beyond EOD, truncated
[  436.112612][T10776] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  436.130827][ T5860] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  436.151080][ T5814] usb 3-1: Using ep0 maxpacket: 16
[  436.157643][ T5814] usb 3-1: config 8 has an invalid interface number: 39 but max is 0
[  436.161196][ T5860] usb 7-1: device descriptor read/8, error -71
[  436.169537][ T5814] usb 3-1: config 8 has no interface number 0
[  436.180198][ T5814] usb 3-1: config 8 interface 39 altsetting 1 has an endpoint descriptor with address 0xDF, changing to 0x8F
[  436.194841][ T5814] usb 3-1: config 8 interface 39 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  436.204890][ T5814] usb 3-1: config 8 interface 39 altsetting 1 bulk endpoint 0x8F has invalid maxpacket 0
[  436.223151][ T5814] usb 3-1: config 8 interface 39 has no altsetting 0
[  436.233681][ T5814] usb 3-1: New USB device found, idVendor=05ac, idProduct=c704, bcdDevice=62.77
[  436.306882][ T5814] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.316753][ T5814] usb 3-1: Product: syz
[  436.321701][ T5814] usb 3-1: Manufacturer: syz
[  436.326314][ T5814] usb 3-1: SerialNumber: syz
[  436.451829][ T5860] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  436.502291][ T5860] usb 7-1: device descriptor read/8, error -71
[  436.761865][ T5860] usb usb7-port1: unable to enumerate USB device
[  436.771370][ T5928] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  436.959701][T10786] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  437.132672][ T5928] usb 6-1: unable to read config index 0 descriptor/start: -61
[  437.145424][ T5928] usb 6-1: can't read configurations, error -61
[  437.152621][T10769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.183867][T10769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  437.279327][T10770] netlink: 284 bytes leftover after parsing attributes in process `syz.2.1195'.
[  437.329206][ T5928] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  437.344486][T10793] nbd: must specify at least one socket
[  437.414974][T10769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  437.451010][ T5814] ipheth 3-1:8.39: ipheth_enable_ncm: usb_control_msg: -110
[  437.504658][T10794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.062238][T10769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.233689][T10794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.237702][ T5814] ipheth 3-1:8.39: Apple iPhone USB Ethernet device attached
[  438.260463][T10794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  438.269844][T10794] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  438.310400][  T974] usb 3-1: USB disconnect, device number 44
[  438.348239][T10798] FAULT_INJECTION: forcing a failure.
[  438.348239][T10798] name failslab, interval 1, probability 0, space 0, times 0
[  438.364658][T10798] CPU: 0 UID: 0 PID: 10798 Comm: syz.1.1203 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  438.364680][T10798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  438.364690][T10798] Call Trace:
[  438.364696][T10798]  <TASK>
[  438.364703][T10798]  dump_stack_lvl+0x16c/0x1f0
[  438.364733][T10798]  should_fail_ex+0x512/0x640
[  438.364755][T10798]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  438.364782][T10798]  should_failslab+0xc2/0x120
[  438.364807][T10798]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  438.364829][T10798]  ? __alloc_skb+0x2b2/0x380
[  438.364857][T10798]  __alloc_skb+0x2b2/0x380
[  438.364879][T10798]  ? __pfx___alloc_skb+0x10/0x10
[  438.364900][T10798]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[  438.364923][T10798]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[  438.364952][T10798]  netlink_alloc_large_skb+0x69/0x130
[  438.364971][T10798]  netlink_sendmsg+0x6a1/0xdd0
[  438.364992][T10798]  ? __pfx_netlink_sendmsg+0x10/0x10
[  438.365019][T10798]  ____sys_sendmsg+0xa95/0xc70
[  438.365038][T10798]  ? copy_msghdr_from_user+0x10a/0x160
[  438.365061][T10798]  ? __pfx_____sys_sendmsg+0x10/0x10
[  438.365091][T10798]  ___sys_sendmsg+0x134/0x1d0
[  438.365116][T10798]  ? __pfx____sys_sendmsg+0x10/0x10
[  438.365137][T10798]  ? __lock_acquire+0x622/0x1c90
[  438.365194][T10798]  __sys_sendmsg+0x16d/0x220
[  438.365217][T10798]  ? __pfx___sys_sendmsg+0x10/0x10
[  438.365256][T10798]  do_syscall_64+0xcd/0x4c0
[  438.365283][T10798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  438.365301][T10798] RIP: 0033:0x7f45fef8e929
[  438.365315][T10798] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  438.365332][T10798] RSP: 002b:00007f45ffebc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  438.365350][T10798] RAX: ffffffffffffffda RBX: 00007f45ff1b5fa0 RCX: 00007f45fef8e929
[  438.365361][T10798] RDX: 0000000020000084 RSI: 0000200000000540 RDI: 0000000000000003
[  438.365372][T10798] RBP: 00007f45ffebc090 R08: 0000000000000000 R09: 0000000000000000
[  438.365382][T10798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  438.365392][T10798] R13: 0000000000000000 R14: 00007f45ff1b5fa0 R15: 00007ffea5057f58
[  438.365415][T10798]  </TASK>
[  438.632067][T10799] futex_wake_op: syz.6.1202 tries to shift op by -1; fix this program
[  438.690466][T10795] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  438.717111][   T30] audit: type=1400 audit(1751213750.551:596): avc:  denied  { name_bind 0x1000000 } for  pid=10795 comm="syz.6.1202" path="socket:[28963]" dev="sockfs" ino=28963 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[  438.758029][ T5928] usb 6-1: unable to read config index 0 descriptor/start: -61
[  438.766027][ T5928] usb 6-1: can't read configurations, error -61
[  438.774614][ T5928] usb usb6-port1: attempt power cycle
[  439.222478][T10808] 9pnet_fd: Insufficient options for proto=fd
[  439.887099][  T974] ipheth 3-1:8.39: Apple iPhone USB Ethernet now disconnected
[  439.895887][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  440.234808][ T5928] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  440.265466][T10780] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  440.540278][ T5928] usb 6-1: device not accepting address 19, error -71
[  440.741188][T10824] netlink: 'syz.5.1209': attribute type 10 has an invalid length.
[  440.751939][ T5921] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  440.774177][ T5814] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  440.990844][ T5814] usb 2-1: Using ep0 maxpacket: 16
[  441.078615][T10826] loop8: detected capacity change from 0 to 1
[  441.439550][T10826] Dev loop8: unable to read RDB block 1
[  441.445240][T10826]  loop8: unable to read partition table
[  441.451130][T10826] loop8: partition table beyond EOD, truncated
[  441.457299][T10826] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  441.510791][ T5921] usb 3-1: device descriptor read/64, error -71
[  441.572316][ T5814] usb 2-1: config 0 has an invalid interface number: 160 but max is 0
[  441.603812][ T5814] usb 2-1: config 0 has no interface number 0
[  441.627881][ T5814] usb 2-1: New USB device found, idVendor=1164, idProduct=1e8c, bcdDevice=c9.10
[  441.657676][ T5814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.680836][ T5814] usb 2-1: Product: syz
[  441.695178][ T5814] usb 2-1: Manufacturer: syz
[  441.699804][ T5814] usb 2-1: SerialNumber: syz
[  441.713810][ T5814] usb 2-1: config 0 descriptor??
[  441.750924][ T5921] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  441.910980][ T5921] usb 3-1: device descriptor read/64, error -71
[  442.137373][ T5921] usb usb3-port1: attempt power cycle
[  442.403725][ T5814] dvb-usb: found a 'YUAN High-Tech DiBcom STK7700D' in cold state, will try to load a firmware
[  442.605124][ T5814] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw'
[  442.631164][ T5921] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  442.639519][ T5814] dib0700: firmware download failed at 7 with -22
[  442.658011][ T5814] usb 2-1: USB disconnect, device number 47
[  442.664894][ T5921] usb 3-1: device descriptor read/8, error -71
[  442.930912][ T5921] usb 3-1: new high-speed USB device number 48 using dummy_hcd
[  442.950824][ T5928] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  442.959738][ T5921] usb 3-1: device descriptor read/8, error -71
[  443.071143][ T5921] usb usb3-port1: unable to enumerate USB device
[  443.105560][ T5928] usb 5-1: config index 0 descriptor too short (expected 65535, got 77)
[  443.140412][ T5928] usb 5-1: config 255 has too many interfaces: 255, using maximum allowed: 32
[  443.178165][ T5928] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[  443.199014][ T5928] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 255
[  443.222721][ T5928] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  443.240969][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.259333][ T5928] usb 5-1: Product: syz
[  443.263885][ T5928] usb 5-1: Manufacturer: syz
[  443.268494][ T5928] usb 5-1: SerialNumber: syz
[  443.492235][T10849] loop8: detected capacity change from 0 to 1
[  443.578069][T10849] Dev loop8: unable to read RDB block 1
[  443.584233][T10849]  loop8: unable to read partition table
[  443.592465][T10849] loop8: partition table beyond EOD, truncated
[  443.598801][T10849] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  443.823373][ T5928] usb 5-1: USB disconnect, device number 42
[  443.893219][   T30] audit: type=1400 audit(1751213755.751:597): avc:  denied  { append } for  pid=10853 comm="syz.5.1220" name="mouse0" dev="devtmpfs" ino=993 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  444.191834][T10859] hub 9-0:1.0: USB hub found
[  444.197198][T10859] hub 9-0:1.0: 1 port detected
[  444.205209][T10859] ubi: mtd0 is already attached to ubi31
[  444.612565][T10868] netlink: 'syz.4.1224': attribute type 10 has an invalid length.
[  446.043485][T10886] hub 9-0:1.0: USB hub found
[  446.050039][T10886] hub 9-0:1.0: 1 port detected
[  446.092556][T10886] ubi: mtd0 is already attached to ubi31
[  446.702291][   T30] audit: type=1400 audit(1751213758.551:598): avc:  denied  { read } for  pid=10890 comm="syz.5.1230" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  446.770619][   T30] audit: type=1400 audit(1751213758.551:599): avc:  denied  { open } for  pid=10890 comm="syz.5.1230" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  446.830776][ T5928] usb 5-1: new high-speed USB device number 43 using dummy_hcd
[  446.840855][T10128] Bluetooth: hci5: command 0x0406 tx timeout
[  446.995713][T10901] hub 9-0:1.0: USB hub found
[  447.001286][T10901] hub 9-0:1.0: 1 port detected
[  447.009266][T10901] ubi: mtd0 is already attached to ubi31
[  447.061879][ T5921] usb 3-1: new full-speed USB device number 49 using dummy_hcd
[  447.069990][ T5928] usb 5-1: device descriptor read/64, error -71
[  447.122047][T10908] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1236'.
[  447.214850][T10919] lo speed is unknown, defaulting to 1000
[  447.245152][ T5921] usb 3-1: not running at top speed; connect to a high speed hub
[  447.254018][ T5921] usb 3-1: config 0 has an invalid interface number: 232 but max is 0
[  447.269360][ T5921] usb 3-1: config 0 has no interface number 0
[  447.275570][ T5921] usb 3-1: config 0 interface 232 has no altsetting 0
[  447.285364][ T5921] usb 3-1: New USB device found, idVendor=104d, idProduct=3006, bcdDevice= b.d9
[  447.305903][T10922] kvm: vcpu 0: requested 56 ns lapic timer period limited to 200000 ns
[  447.314574][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  447.329213][ T5928] usb 5-1: new high-speed USB device number 44 using dummy_hcd
[  447.337740][T10919] netlink: 104 bytes leftover after parsing attributes in process `syz.6.1237'.
[  447.349494][ T5921] usb 3-1: Product: Љ
[  447.362853][ T5921] usb 3-1: Manufacturer: à°„
[  447.367584][ T5921] usb 3-1: SerialNumber: ÑŠ
[  447.390459][ T5921] usb 3-1: config 0 descriptor??
[  447.491848][ T5928] usb 5-1: device descriptor read/64, error -71
[  447.601960][ T5928] usb usb5-port1: attempt power cycle
[  447.626956][T10928] mkiss: ax0: crc mode is auto.
[  447.752624][ T6027] usb 6-1: new full-speed USB device number 21 using dummy_hcd
[  447.804998][ T5921] ftdi_sio 3-1:0.232: FTDI USB Serial Device converter detected
[  447.816494][ T5921] ftdi_sio ttyUSB0: unknown device type: 0xbd9
[  447.887131][ T5921] usb 3-1: USB disconnect, device number 49
[  448.000382][ T5921] ftdi_sio 3-1:0.232: device disconnected
[  448.090902][ T5928] usb 5-1: new high-speed USB device number 45 using dummy_hcd
[  448.669597][T10930] lo speed is unknown, defaulting to 1000
[  449.253130][ T6027] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  449.277872][ T6027] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  449.313678][ T6027] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00
[  449.323228][ T6027] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  449.332112][ T6027] usb 6-1: SerialNumber: syz
[  449.364069][ T6027] usb 6-1: 0:2 : does not exist
[  449.461189][ T5928] usb 5-1: device not accepting address 45, error -71
[  449.800815][ T5928] usb 5-1: new high-speed USB device number 46 using dummy_hcd
[  449.815049][T10948] lo speed is unknown, defaulting to 1000
[  449.853769][ T5928] usb 5-1: device descriptor read/8, error -71
[  450.001362][ T5928] usb usb5-port1: unable to enumerate USB device
[  451.178209][   T30] audit: type=1400 audit(1751213762.991:600): avc:  denied  { getopt } for  pid=10925 comm="syz.5.1239" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  452.163859][ T6027] usb 6-1: USB disconnect, device number 21
[  452.224572][ T8588] udevd[8588]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  452.252887][   T24] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  452.502476][   T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  452.516087][   T24] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  452.556463][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  452.654332][T11010] loop8: detected capacity change from 0 to 1
[  452.751306][T11010] Dev loop8: unable to read RDB block 1
[  452.757207][T11010]  loop8: unable to read partition table
[  452.764758][T11010] loop8: partition table beyond EOD, truncated
[  452.771116][T11010] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  453.011691][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  453.020780][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.028764][   T24] usb 2-1: Product: syz
[  453.034011][   T24] usb 2-1: Manufacturer: syz
[  453.038613][   T24] usb 2-1: SerialNumber: syz
[  453.056042][   T24] hub 2-1:1.0: bad descriptor, ignoring hub
[  453.061980][   T24] hub 2-1:1.0: probe with driver hub failed with error -5
[  453.091778][T10994] pim6reg: entered allmulticast mode
[  453.290984][   T24] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 48 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  453.463593][   T30] audit: type=1400 audit(1751213765.321:601): avc:  denied  { read write } for  pid=10988 comm="syz.1.1253" name="lp0" dev="devtmpfs" ino=3157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  453.544327][   T30] audit: type=1400 audit(1751213765.321:602): avc:  denied  { open } for  pid=10988 comm="syz.1.1253" path="/dev/usb/lp0" dev="devtmpfs" ino=3157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  453.618532][   T30] audit: type=1400 audit(1751213765.451:603): avc:  denied  { ioctl } for  pid=11019 comm="syz.5.1259" path="socket:[29472]" dev="sockfs" ino=29472 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  453.673274][T11020] netlink: 'syz.5.1259': attribute type 10 has an invalid length.
[  453.730764][ T6027] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  454.034256][ T6027] usb 5-1: Using ep0 maxpacket: 16
[  454.060019][ T6027] usb 5-1: config 0 has no interfaces?
[  454.110964][ T6027] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  454.136138][ T6027] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  454.154470][ T6027] usb 5-1: Product: syz
[  454.170746][ T6027] usb 5-1: Manufacturer: syz
[  454.189433][ T6027] usb 5-1: SerialNumber: syz
[  454.282828][ T6027] usb 5-1: config 0 descriptor??
[  454.302358][   T24] usb 2-1: USB disconnect, device number 48
[  454.311226][   T24] usblp0: removed
[  454.442134][T11039] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1263'.
[  454.730907][   T24] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  454.897962][T11015] IPVS: persistence engine module ip_vs_pe_
 not found
[  454.914845][ T5928] usb 5-1: USB disconnect, device number 47
[  455.085147][   T24] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  455.130985][   T24] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  455.154481][T11043] syzkaller0: tun_chr_ioctl cmd 1074025672
[  455.160290][T11043] syzkaller0: ignored: set checksum disabled
[  455.187672][   T24] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  455.205271][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.233463][T11036] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  455.274040][   T24] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  455.390020][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: Read-only file system
[  455.568461][T11061] FAULT_INJECTION: forcing a failure.
[  455.568461][T11061] name failslab, interval 1, probability 0, space 0, times 0
[  455.568540][ T5921] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  455.707081][T11061] CPU: 0 UID: 0 PID: 11061 Comm: syz.4.1268 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  455.707107][T11061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  455.707116][T11061] Call Trace:
[  455.707121][T11061]  <TASK>
[  455.707127][T11061]  dump_stack_lvl+0x16c/0x1f0
[  455.707155][T11061]  should_fail_ex+0x512/0x640
[  455.707174][T11061]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  455.707196][T11061]  should_failslab+0xc2/0x120
[  455.707218][T11061]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  455.707238][T11061]  ? __alloc_skb+0x2b2/0x380
[  455.707262][T11061]  __alloc_skb+0x2b2/0x380
[  455.707282][T11061]  ? __pfx___alloc_skb+0x10/0x10
[  455.707306][T11061]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  455.707325][T11061]  netlink_alloc_large_skb+0x69/0x130
[  455.707344][T11061]  netlink_sendmsg+0x6a1/0xdd0
[  455.707363][T11061]  ? __pfx_netlink_sendmsg+0x10/0x10
[  455.707389][T11061]  ____sys_sendmsg+0xa95/0xc70
[  455.707407][T11061]  ? copy_msghdr_from_user+0x10a/0x160
[  455.707430][T11061]  ? __pfx_____sys_sendmsg+0x10/0x10
[  455.707458][T11061]  ___sys_sendmsg+0x134/0x1d0
[  455.707482][T11061]  ? __pfx____sys_sendmsg+0x10/0x10
[  455.707501][T11061]  ? __lock_acquire+0x622/0x1c90
[  455.707554][T11061]  __sys_sendmsg+0x16d/0x220
[  455.707577][T11061]  ? __pfx___sys_sendmsg+0x10/0x10
[  455.707617][T11061]  do_syscall_64+0xcd/0x4c0
[  455.707642][T11061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  455.707659][T11061] RIP: 0033:0x7fb50a58e929
[  455.707673][T11061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  455.707690][T11061] RSP: 002b:00007fb50b484038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  455.707712][T11061] RAX: ffffffffffffffda RBX: 00007fb50a7b5fa0 RCX: 00007fb50a58e929
[  455.707724][T11061] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  455.707734][T11061] RBP: 00007fb50b484090 R08: 0000000000000000 R09: 0000000000000000
[  455.707744][T11061] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  455.707754][T11061] R13: 0000000000000000 R14: 00007fb50a7b5fa0 R15: 00007ffde886de58
[  455.707777][T11061]  </TASK>
[  455.712316][  T974] usb 2-1: USB disconnect, device number 49
[  456.148000][ T5921] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  456.954540][T10997] pim6reg: left allmulticast mode
[  457.350762][ T5928] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  457.379739][T11099] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  457.493653][T11091] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1272'.
[  457.514518][ T5928] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  457.555902][ T5928] usb 7-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  457.600821][ T5928] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  457.623145][T11112] input: syz0 as /devices/virtual/input/input13
[  457.636513][   T30] audit: type=1400 audit(1751213769.501:604): avc:  denied  { shutdown } for  pid=11101 comm="syz.1.1275" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  457.705839][ T5928] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  457.764897][ T5928] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  457.806451][ T5928] usb 7-1: Product: syz
[  457.833276][ T5928] usb 7-1: Manufacturer: syz
[  457.885489][ T5928] usb 7-1: SerialNumber: syz
[  457.905741][ T5928] hub 7-1:1.0: bad descriptor, ignoring hub
[  457.916470][ T5928] hub 7-1:1.0: probe with driver hub failed with error -5
[  458.332423][ T5928] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 7 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  458.465682][ T5928] usb 7-1: USB disconnect, device number 7
[  458.495825][ T5928] usblp0: removed
[  458.894912][   T11] block nbd3: Possible stuck request ffff8880269c7000: control (read@0,4096B). Runtime 150 seconds
[  459.147928][T11132] netlink: 'syz.1.1279': attribute type 10 has an invalid length.
[  459.254622][   T30] audit: type=1400 audit(1751213771.121:605): avc:  denied  { append } for  pid=11151 comm="syz.6.1284" name="001" dev="devtmpfs" ino=748 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  459.385266][T11157] FAULT_INJECTION: forcing a failure.
[  459.385266][T11157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  459.405421][T11157] CPU: 0 UID: 0 PID: 11157 Comm: syz.2.1283 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  459.405447][T11157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  459.405458][T11157] Call Trace:
[  459.405464][T11157]  <TASK>
[  459.405470][T11157]  dump_stack_lvl+0x16c/0x1f0
[  459.405502][T11157]  should_fail_ex+0x512/0x640
[  459.405528][T11157]  _copy_from_user+0x2e/0xd0
[  459.405552][T11157]  copy_msghdr_from_user+0x98/0x160
[  459.405576][T11157]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  459.405612][T11157]  ___sys_sendmsg+0xfe/0x1d0
[  459.405637][T11157]  ? __pfx____sys_sendmsg+0x10/0x10
[  459.405658][T11157]  ? __lock_acquire+0x622/0x1c90
[  459.405715][T11157]  __sys_sendmsg+0x16d/0x220
[  459.405740][T11157]  ? __pfx___sys_sendmsg+0x10/0x10
[  459.405780][T11157]  do_syscall_64+0xcd/0x4c0
[  459.405807][T11157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  459.405824][T11157] RIP: 0033:0x7f443518e929
[  459.405839][T11157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  459.405856][T11157] RSP: 002b:00007f4435fab038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  459.405873][T11157] RAX: ffffffffffffffda RBX: 00007f44353b5fa0 RCX: 00007f443518e929
[  459.405884][T11157] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003
[  459.405894][T11157] RBP: 00007f4435fab090 R08: 0000000000000000 R09: 0000000000000000
[  459.405904][T11157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  459.405915][T11157] R13: 0000000000000000 R14: 00007f44353b5fa0 R15: 00007ffd0bb07068
[  459.405939][T11157]  </TASK>
[  459.741069][T10128] Bluetooth: hci4: command 0x0405 tx timeout
[  459.892868][T11165] dummy0 speed is unknown, defaulting to 1000
[  459.905392][T11165] dummy0 speed is unknown, defaulting to 1000
[  459.928318][T11165] dummy0 speed is unknown, defaulting to 1000
[  459.937488][T11171] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1288'.
[  460.091666][T11165] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  460.190799][  T974] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  460.266721][ T5921] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  460.325482][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.339364][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.354605][T11172] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1286'.
[  460.354742][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.372571][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.387093][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.430831][  T974] usb 6-1: Using ep0 maxpacket: 8
[  460.438611][  T974] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  460.460895][ T5921] usb 7-1: Using ep0 maxpacket: 8
[  460.461192][  T974] usb 6-1: config 0 interface 0 altsetting 8 endpoint 0x81 has invalid wMaxPacketSize 0
[  460.469713][T11165] dummy0 speed is unknown, defaulting to 1000
[  460.491229][  T974] usb 6-1: config 0 interface 0 has no altsetting 0
[  460.492784][ T5921] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  460.501955][   T30] audit: type=1400 audit(1751213772.361:606): avc:  denied  { read } for  pid=11179 comm="syz.4.1289" path="socket:[28602]" dev="sockfs" ino=28602 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  460.539645][ T5921] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  460.539684][  T974] usb 6-1: New USB device found, idVendor=04b4, idProduct=bca1, bcdDevice= 0.00
[  460.568730][ T5921] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  460.596444][  T974] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.604683][ T5921] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  460.604712][ T5921] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  460.604749][ T5921] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  460.604768][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.679085][  T974] usb 6-1: config 0 descriptor??
[  460.815363][ T5921] usb 7-1: GET_CAPABILITIES returned 0
[  460.824336][ T5921] usbtmc 7-1:16.0: can't read capabilities
[  460.885406][   T30] audit: type=1400 audit(1751213772.751:607): avc:  denied  { getopt } for  pid=11186 comm="syz.2.1291" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  460.886809][T11190] 9pnet_fd: Insufficient options for proto=fd
[  460.970776][   T24] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  461.023037][   T30] audit: type=1400 audit(1751213772.891:608): avc:  granted  { setsecparam } for  pid=11166 comm="syz.6.1285" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  461.053079][ T5921] usb 7-1: USB disconnect, device number 8
[  461.126917][T11169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.142610][T11169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.358637][T11169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  461.373517][T11169] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  461.612668][   T24] usb 5-1: Using ep0 maxpacket: 16
[  461.671508][  T974] cypress 0003:04B4:BCA1.000A: unknown main item tag 0x0
[  461.678576][  T974] cypress 0003:04B4:BCA1.000A: unknown main item tag 0x0
[  461.868745][  T974] cypress 0003:04B4:BCA1.000A: item fetching failed at offset 2/3
[  461.877467][  T974] cypress 0003:04B4:BCA1.000A: parse failed
[  461.883494][  T974] cypress 0003:04B4:BCA1.000A: probe with driver cypress failed with error -22
[  461.894799][   T24] usb 5-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  461.907051][  T974] usb 6-1: USB disconnect, device number 22
[  461.912973][   T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  461.938313][   T24] usb 5-1: config 0 descriptor??
[  461.998229][T11194] netlink: 'syz.2.1292': attribute type 46 has an invalid length.
[  463.475167][T11217] mkiss: ax0: crc mode is auto.
[  463.489212][T11215] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1301'.
[  463.953923][   T24] usbhid 5-1:0.0: can't add hid device: -71
[  463.965342][   T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  463.997727][   T24] usb 5-1: USB disconnect, device number 48
[  464.249486][T11218] lo speed is unknown, defaulting to 1000
[  464.261743][T11218] dummy0 speed is unknown, defaulting to 1000
[  465.486533][   T30] audit: type=1400 audit(1751213777.111:609): avc:  denied  { sendto } for  pid=23 comm="ksoftirqd/1" saddr=fe80::1c daddr=ff02::2 netif=teql0 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:node_t tclass=node permissive=1
[  465.619764][   T30] audit: type=1326 audit(1751213777.251:610): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11232 comm="syz.1.1304" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f45fef8e929 code=0x0
[  465.773627][   T30] audit: type=1400 audit(1751213777.291:611): avc:  denied  { read write } for  pid=5811 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  465.819216][   T30] audit: type=1400 audit(1751213777.291:612): avc:  denied  { open } for  pid=5811 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  466.253688][   T30] audit: type=1400 audit(1751213777.321:613): avc:  denied  { ioctl } for  pid=5811 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  466.280091][   T30] audit: type=1400 audit(1751213777.351:614): avc:  denied  { recv } for  pid=6002 comm="kworker/u8:19" saddr=10.128.0.169 src=30006 daddr=10.128.1.107 dest=55524 netif=eth0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=peer permissive=1
[  466.520993][   T31] INFO: task syz.3.759:9056 blocked for more than 143 seconds.
[  466.528582][   T31]       Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0
[  466.532147][   T30] audit: type=1400 audit(1751213777.441:615): avc:  denied  { prog_load } for  pid=11240 comm="syz.4.1306" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  466.546276][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to send rpc
fd=3 want=56 sent=0 n=-1 (errno 32: Broken pipe)
[  466.600494][   T31] task:syz.3.759       state:D stack:24904 pid:9056  tgid:9055  ppid:5810   task_flags:0x400140 flags:0x00004004
[  466.627452][ T5800] audit: audit_backlog=65 > audit_backlog_limit=64
[  466.634284][    C1] audit: audit_backlog=65 > audit_backlog_limit=64
[  466.640941][    C1] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64
[  466.683093][   T31] Call Trace:
[  466.710871][   T31]  <TASK>
[  466.713823][   T31]  __schedule+0x116a/0x5de0
[  466.718348][   T31]  ? __lock_acquire+0x622/0x1c90
[  466.779731][   T31]  ? __pfx___schedule+0x10/0x10
[  466.803280][   T31]  ? find_held_lock+0x2b/0x80
[  466.807979][   T31]  ? schedule+0x2d7/0x3a0
[  466.905717][   T31]  schedule+0xe7/0x3a0
[  466.909792][   T31]  schedule_preempt_disabled+0x13/0x30
[  466.951100][   T31]  __mutex_lock+0x6c7/0xb90
[  466.955640][   T31]  ? bdev_release+0x15a/0x6d0
[  466.972177][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  467.002899][   T31]  ? find_held_lock+0x2b/0x80
[  467.009501][   T31]  ? do_raw_spin_unlock+0x172/0x230
[  467.014827][   T31]  ? bdev_release+0x15a/0x6d0
[  467.019509][   T31]  bdev_release+0x15a/0x6d0
[  467.029525][   T31]  ? __pfx_blkdev_release+0x10/0x10
[  467.039463][   T31]  blkdev_release+0x15/0x20
[  467.057198][   T31]  __fput+0x402/0xb70
[  467.068742][   T31]  task_work_run+0x150/0x240
[  467.075522][   T31]  ? __pfx_task_work_run+0x10/0x10
[  467.080764][   T31]  ? selinux_file_ioctl+0xb4/0x270
[  467.086180][   T31]  exit_to_user_mode_loop+0xeb/0x110
[  467.094217][   T31]  do_syscall_64+0x3f6/0x4c0
[  467.098875][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  467.104881][   T31] RIP: 0033:0x7fda86d8e929
[  467.109402][   T31] RSP: 002b:00007fda87c20038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  467.127536][   T31] RAX: 0000000000000000 RBX: 00007fda86fb5fa0 RCX: 00007fda86d8e929
[  467.141885][   T31] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 000000000000000a
[  467.149894][   T31] RBP: 00007fda86e10b39 R08: 0000000000000000 R09: 0000000000000000
[  467.159360][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  467.173185][   T31] R13: 0000000000000000 R14: 00007fda86fb5fa0 R15: 00007fffd5c51318
[  467.182933][   T31]  </TASK>
[  467.186056][   T31] 
[  467.186056][   T31] Showing all locks held in the system:
[  467.254240][   T31] 1 lock held by ksoftirqd/1/23:
[  467.272692][   T31] 1 lock held by khungtaskd/31:
[  467.279542][   T31]  #0: ffffffff8e5c4940 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0
[  467.340841][   T31] 2 locks held by getty/5574:
[  467.345527][   T31]  #0: ffff88803267d0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80
[  467.358599][   T31]  #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0
[  467.371960][   T31] 1 lock held by syz-executor/5817:
[  467.377306][   T31] 1 lock held by syz-executor/5820:
[  467.385815][   T31]  #0: ffffffff8e5cfe00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0
[  467.398337][   T31] 3 locks held by kworker/1:3/5860:
[  467.405950][   T31]  #0: ffff88801b878d48 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[  467.419150][   T31]  #1: ffffc90003097d10 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[  467.441311][   T31]  #2: ffffffff8e5cff38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0
[  467.453634][   T31] 3 locks held by kworker/0:5/5921:
[  467.458907][   T31] 1 lock held by udevd/8589:
[  467.466229][   T31]  #0: ffff888026846358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40
[  467.477779][   T31] 1 lock held by syz.3.759/9056:
[  467.489801][   T31]  #0: ffff888026846358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x15a/0x6d0
[  467.505562][   T31] 2 locks held by syz.6.1300/11218:
[  467.512707][   T31]  #0: ffffffff903365d0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x286/0x5f0
[  467.527557][   T31]  #1: ffffffff8e5cff38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0
[  467.539597][   T31] 1 lock held by syz.4.1309/11247:
[  467.551736][   T31] 
[  467.557118][   T31] =============================================
[  467.557118][   T31] 
[  467.580721][   T31] NMI backtrace for cpu 1
[  467.580736][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  467.580758][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  467.580767][   T31] Call Trace:
[  467.580773][   T31]  <TASK>
[  467.580779][   T31]  dump_stack_lvl+0x116/0x1f0
[  467.580805][   T31]  nmi_cpu_backtrace+0x27b/0x390
[  467.580819][   T31]  ? _raw_spin_unlock_irqrestore+0x61/0x80
[  467.580834][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  467.580849][   T31]  nmi_trigger_cpumask_backtrace+0x29c/0x300
[  467.580863][   T31]  watchdog+0xf70/0x12c0
[  467.580877][   T31]  ? __pfx_watchdog+0x10/0x10
[  467.580887][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  467.580903][   T31]  ? __kthread_parkme+0x19e/0x250
[  467.580919][   T31]  ? __pfx_watchdog+0x10/0x10
[  467.580930][   T31]  kthread+0x3c2/0x780
[  467.580939][   T31]  ? __pfx_kthread+0x10/0x10
[  467.580950][   T31]  ? rcu_is_watching+0x12/0xc0
[  467.580963][   T31]  ? __pfx_kthread+0x10/0x10
[  467.580972][   T31]  ret_from_fork+0x5d4/0x6f0
[  467.580987][   T31]  ? __pfx_kthread+0x10/0x10
[  467.580996][   T31]  ret_from_fork_asm+0x1a/0x30
[  467.581014][   T31]  </TASK>
[  467.581018][   T31] Sending NMI from CPU 1 to CPUs 0:
[  467.704351][    C0] NMI backtrace for cpu 0
[  467.704363][    C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  467.704380][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  467.704388][    C0] RIP: 0010:pv_native_safe_halt+0xf/0x20
[  467.704409][    C0] Code: ab 71 02 e9 03 fb 02 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 30 29 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90
[  467.704422][    C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c2
[  467.704434][    C0] RAX: 000000000308b197 RBX: 0000000000000000 RCX: ffffffff8b80dc59
[  467.704443][    C0] RDX: 0000000000000000 RSI: ffffffff8de1a0e6 RDI: ffffffff8c157ca0
[  467.704452][    C0] RBP: fffffbfff1c52ef0 R08: 0000000000000001 R09: ffffed1017086645
[  467.704461][    C0] R10: ffff8880b843322b R11: 0000000000000001 R12: 0000000000000000
[  467.704470][    C0] R13: ffffffff8e297780 R14: ffffffff90a80d50 R15: 0000000000000000
[  467.704478][    C0] FS:  0000000000000000(0000) GS:ffff888124752000(0000) knlGS:0000000000000000
[  467.704493][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  467.704502][    C0] CR2: 000000110c28071e CR3: 0000000028a78000 CR4: 00000000003526f0
[  467.704511][    C0] DR0: 0000000040000007 DR1: 0000000000004e6a DR2: 0000000000000007
[  467.704520][    C0] DR3: 00000000000002d5 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  467.704528][    C0] Call Trace:
[  467.704532][    C0]  <TASK>
[  467.704537][    C0]  default_idle+0x13/0x20
[  467.704549][    C0]  default_idle_call+0x6d/0xb0
[  467.704561][    C0]  do_idle+0x391/0x510
[  467.704577][    C0]  ? __pfx_do_idle+0x10/0x10
[  467.704593][    C0]  ? trace_sched_exit_tp+0x31/0x130
[  467.704613][    C0]  cpu_startup_entry+0x4f/0x60
[  467.704628][    C0]  rest_init+0x16b/0x2b0
[  467.704640][    C0]  ? acpi_subsystem_init+0x133/0x180
[  467.704657][    C0]  ? __pfx_x86_late_time_init+0x10/0x10
[  467.704675][    C0]  start_kernel+0x3ee/0x4d0
[  467.704691][    C0]  x86_64_start_reservations+0x18/0x30
[  467.704708][    C0]  x86_64_start_kernel+0x130/0x190
[  467.704724][    C0]  common_startup_64+0x13e/0x148
[  467.704742][    C0]  </TASK>
[  468.042122][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  468.048997][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller-00329-gdfba48a70cb6 #0 PREEMPT(full) 
[  468.060783][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  468.070825][   T31] Call Trace:
[  468.074088][   T31]  <TASK>
[  468.077003][   T31]  dump_stack_lvl+0x3d/0x1f0
[  468.081601][   T31]  panic+0x71c/0x800
[  468.085490][   T31]  ? __pfx___irq_work_queue_local+0x10/0x10
[  468.091371][   T31]  ? __pfx_panic+0x10/0x10
[  468.095779][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  468.101144][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  468.107113][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  468.112475][   T31]  ? watchdog+0xdda/0x12c0
[  468.116878][   T31]  ? watchdog+0xdcd/0x12c0
[  468.121282][   T31]  watchdog+0xdeb/0x12c0
[  468.125517][   T31]  ? __pfx_watchdog+0x10/0x10
[  468.130180][   T31]  ? lockdep_hardirqs_on+0x7c/0x110
[  468.135369][   T31]  ? __kthread_parkme+0x19e/0x250
[  468.140385][   T31]  ? __pfx_watchdog+0x10/0x10
[  468.145048][   T31]  kthread+0x3c2/0x780
[  468.149100][   T31]  ? __pfx_kthread+0x10/0x10
[  468.153675][   T31]  ? rcu_is_watching+0x12/0xc0
[  468.158427][   T31]  ? __pfx_kthread+0x10/0x10
[  468.163001][   T31]  ret_from_fork+0x5d4/0x6f0
[  468.167581][   T31]  ? __pfx_kthread+0x10/0x10
[  468.172154][   T31]  ret_from_fork_asm+0x1a/0x30
[  468.176914][   T31]  </TASK>
[  468.180113][   T31] Kernel Offset: disabled
[  468.184415][   T31] Rebooting in 86400 seconds..