last executing test programs:

11m7.949250497s ago: executing program 4 (id=1473):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x80)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000000), &(0x7f0000000080)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp\x00')
pread64(r1, &(0x7f0000033240)=""/102400, 0x19000, 0x100008)

11m7.535606586s ago: executing program 4 (id=1475):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@getnexthop={0x18, 0x76, 0xb0d, 0x4000, 0x0, {0x3}}, 0x18}}, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mkdir(0x0, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000100)=@IORING_OP_WRITEV={0x2, 0x0, 0x6003, @fd=r2, 0xff, 0x0, 0x0, 0x4, 0x0, {0x3}})
r3 = creat(&(0x7f0000000300)='./file0\x00', 0xe5)
bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r3, 0x4)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0, r3}, 0x68)

11m6.802670077s ago: executing program 4 (id=1477):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendmmsg$inet(r0, &(0x7f0000002ec0), 0x0, 0x4000854)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
accept4$unix(r0, &(0x7f00000003c0), &(0x7f0000000180)=0x6e, 0x80000)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0xfff}})
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2})

11m6.376945082s ago: executing program 4 (id=1478):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = socket$kcm(0x29, 0x1, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000140))
fcntl$getown(r1, 0x9)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000006c80)={{{@in=@local, @in=@dev}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000006d80)=0xe8)
newfstatat(0xffffffffffffff9c, &(0x7f0000006dc0)='./file1\x00', &(0x7f0000006e00), 0x2000)
read$FUSE(r1, &(0x7f0000006e80)={0x2020}, 0x2020)
lstat(&(0x7f0000008ec0)='./file1\x00', &(0x7f0000008f00))
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000008f80), &(0x7f0000008fc0)=0xc)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)

11m5.905821853s ago: executing program 4 (id=1480):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000500)=@gcm_128={{0x303}, "a95972fc5ec50719", "8e083700daf38a6d69e9b5e9c2f133d7", "6a3a05b9", "12772541f8eb02bb"}, 0x28)
shutdown(r0, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='freezer.state\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xb4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2, 0x0, 0x2}, 0x18)
getpid()
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(r0, r1, 0x0, 0xffffffff004)
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0xc1200, 0x0, 0xfffffec8, 0x0, 0x0, 0x0)

11m5.63040821s ago: executing program 4 (id=1483):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32, @ANYBLOB="140001"], 0x34}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
io_uring_enter(0xffffffffffffffff, 0x29ff, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001b00)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20040000)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde"], 0x14}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000640)="ad56b6c5820fae9d6dcd3292de54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0xa2000, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000300)={<r6=>0x0, 0x502}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000580)={r6, 0x1ff, 0x20}, 0xc)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES64, @ANYRES16], 0x4c}}, 0x4000804)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

11m5.06423773s ago: executing program 32 (id=1483):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000fbdbdf250a00a100", @ANYRES32, @ANYBLOB="140001"], 0x34}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
io_uring_enter(0xffffffffffffffff, 0x29ff, 0x0, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001b00)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x4000d}, 0x20040000)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde"], 0x14}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000640)="ad56b6c5820fae9d6dcd3292de54c7beef915d564c90c200", 0x18)
r4 = accept4(r3, 0x0, 0x0, 0x800)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000002c0), 0xa2000, 0x0)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000300)={<r6=>0x0, 0x502}, &(0x7f0000000340)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000580)={r6, 0x1ff, 0x20}, 0xc)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB='L\x00\x00', @ANYRES64, @ANYRES16], 0x4c}}, 0x4000804)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)

9m19.765565484s ago: executing program 5 (id=1815):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
r1 = dup(r0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r1, 0x0)
syz_clone3(&(0x7f0000000140)={0xfffffff0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)

9m19.072773614s ago: executing program 2 (id=1818):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYRESHEX, @ANYRES16], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2d, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002ec0), 0x0, 0x4000854)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
accept4$unix(0xffffffffffffffff, &(0x7f00000003c0), &(0x7f0000000180)=0x6e, 0x80000)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
pipe2(0x0, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, 0x0, 0x20000892)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0xfff}})
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2})

9m19.01046276s ago: executing program 5 (id=1819):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/12], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/stat\x00', 0x0, 0x0)
fcntl$getflags(r1, 0xb)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x2ced, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xa8, &(0x7f0000000000)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"])
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
stat(&(0x7f0000000040)='./cgroup\x00', &(0x7f0000000300))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x0, 0x1)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)='cifs\x00', 0x0, &(0x7f00000002c0)='cache=none')
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000008c0), 0x4)
close(0xffffffffffffffff)
semop(0x0, 0x0, 0x52)

9m18.447964161s ago: executing program 2 (id=1821):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
socket$alg(0x26, 0x5, 0x0)
fsopen(0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], 0x0, 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
prlimit64(0x0, 0x13, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0xff)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='pids.current\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
ftruncate(r2, 0x1)
r3 = socket$inet6(0xa, 0x9, 0xff)
sendmsg$inet6(r3, &(0x7f0000000080)={&(0x7f00000000c0)={0xa, 0x0, 0x8, @dev={0xfe, 0x80, '\x00', 0x25}, 0x3}, 0x1c, &(0x7f0000000100)=[{&(0x7f0000000000)="daffc3fa80002cd21721a4af36a4a2ab00000000000000025a91f64b007f0c6a680f6c787f", 0x25}, {&(0x7f0000001480)="1c7b53", 0x3}], 0x2}, 0x4b00)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000740)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000080)=0x48)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x103)
socket(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

9m17.42043033s ago: executing program 2 (id=1826):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x35, 0x1, 0x4, 0x0, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, 0x0)
lseek(r2, 0x10000000005, 0x0)
socket$netlink(0x10, 0x3, 0xa)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x50)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r4, &(0x7f0000000080), &(0x7f00000002c0)=""/180}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000000, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000240)="63eced8e46dc3f0adf33c9f7b986b4ba78a56dc78b59185a17ceaf749e0afa5040e5870dc653b562549ca2df77d4d691554aebe09f68d38be27b75edde19ff43046486c26a41491b962b6165b2349d17a404d48f5d1d", 0x0, 0x3800, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x3, 0x0, 0x1}, 0xffffffffffffffbd)
r6 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$SMC_PNETID_ADD(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)={0x34, r3, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x34}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000b08000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f00001e4000/0x2000)=nil)
remap_file_pages(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0)

9m16.172682902s ago: executing program 2 (id=1830):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000008f80), &(0x7f0000008fc0)=0xc)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)

9m16.001560795s ago: executing program 2 (id=1831):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x15}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
r6 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, 0x0, 0x1, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x3, 0xc, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r6, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r5}, 0x0, 0x0}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = landlock_create_ruleset(&(0x7f00000004c0)={0x0, 0x1}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r8, 0x2, &(0x7f0000000500)={0x0, 0xeffffffffffffffc}, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r8, 0x2, &(0x7f0000000000)={0x1, 0x7}, 0x0)
landlock_restrict_self(r8, 0x0)
landlock_restrict_self(r8, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r9, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c)
bind$inet6(r9, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

9m15.459465904s ago: executing program 5 (id=1834):
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="1801000000000000000000000000000085000000050000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008008000b703000000009c8c850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x77, 0x101301)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r6, 0x0, 0x0}, 0x20)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000000000, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000140)={0x0, 0x40, 0x4, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae50511ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7681cca450055250217bdf1113b4258293ba4efed33147bda8454dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e832907a01ab5ee65f997b617f73d1aa5a6dfc47acdc5eb834f8e448469d235e4380cbcc3310200970349a3c1374ffec96177b67caa0656f9664277cadb8597e7d911ad1da457ef9744b0993c57a7"}})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r7, 0xc058565d, &(0x7f00000003c0)=@fd={0xf, 0x2, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x4, 0x0, 0x0, "f06e4b56"}, 0x5, 0x4, {}, 0x5c000000})
ioctl$USBDEVFS_CONNECTINFO(r5, 0x80045505, &(0x7f0000002a40))
r8 = memfd_create(&(0x7f0000000500)='[\v\xdbX\xae[3\xa9\xfd\xfa\xae\xd1m\x81\xc8\x85\x00\x00\xfb\xff\x00\x18\x81\x9eG\xd9,\xe2\xc6a\x02\xe8\t\x00\x00\x00\x00\x00\x00\x00\xa2\x82\x1eb;2\xb5\xe1jS\xeb\xbf%||\xa0\x8e\x01\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xf2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf88ZG\xf0\x00\x01\x00\x00\x00\x00\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x00\x00\x00\xf2)\xa5\xf3\xfd\xc0\xd8\xcd\x93\xb3\x1e5\b\xb0\x01\xdd \xd9x\xa03\x91\x9a7\x15\xba\x0e\xe5W\xa8V\xd3Z/\xae\xa4\x84\xc2\xc2\xa1M\xadP\xf6e\xd1\xed\xf2\xd5\x1d\xd5\x15\xb6i\x91\x95\x02\xfb5\x10\\5\x1a\r\x98W\x899|\xed\xbfv4{Q\xeb\xe6\"\xe0\xbd\xfer\xa6u\xb7\xbb\xa3B2\xebg\xcc\xaf\xa3\x8e[7\xc0\":4Q\x15\x12p\xb9\xca\xee\b\xe0V\xef\x92\xe6\xcf\xa5g\x1a\xb0\xe1@j\xa3\xcb@\xcap\xee\xca\x997\x9c\xd2\v\x81s\xb5\xba\xbc\x0f\xf0j+?\x01\xe8\x8b\xf7:b\xd0\xb1\xdc!J\xae\x14\xe0\x9b\x13P\xe9\xbf\xeb\xd0\'riu\xffe\x83\xf7y$Y\x97\xaf\xaf#\xdb\xad\xf3]\x15\x93\xca\x1b\nwaL\xa4h;\xae\xbaW\x03\xeb\xf6/)\x11\xff<\x90t\x10\x17\x17Mt\x8a}g\xde*\asY\x9f\"\xf8<n\xe7\x9d\xba\x8c/\v`\x9c\x92\xdc\x1c\x97\x1a\'\xcd`\xa2~>\xad5\x88\x90#\xdc\xcb}>\xb7\x88\x8e(\x1e*\x16,x\xa0\x87\x8a\x9d\xd7\xd8\xa6\xf7\xc5\x913\xce\xd8\xc1>\xbb\xad\xc3\x00\xbe\x1f\xca\xb6>\xf0R&\xf4\x857\xbar\xb8\x02\x02;asO \x00\x00', 0x1)
execveat(r8, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x400)
prlimit64(0x0, 0xe, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x50102)

9m15.260838396s ago: executing program 2 (id=1837):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
shmget$private(0x0, 0x1000, 0x400, &(0x7f0000ffc000/0x1000)=nil)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = getpgid(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@bridge_dellink={0x20, 0x11, 0x1, 0x0, 0x2}, 0x20}, 0x1, 0x0, 0x0, 0x50005}, 0x0)
sched_setaffinity(r0, 0x2, &(0x7f0000000040)=0x400000bcb)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
iopl(0xe)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8840)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_VERSION(r3, 0xc0406441, &(0x7f0000000340)={0x34, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000010004c0003000000000000000000000010003300000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0)

9m14.622376953s ago: executing program 33 (id=1837):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
shmget$private(0x0, 0x1000, 0x400, &(0x7f0000ffc000/0x1000)=nil)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = getpgid(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@bridge_dellink={0x20, 0x11, 0x1, 0x0, 0x2}, 0x20}, 0x1, 0x0, 0x0, 0x50005}, 0x0)
sched_setaffinity(r0, 0x2, &(0x7f0000000040)=0x400000bcb)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
iopl(0xe)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x8840)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$DRM_IOCTL_VERSION(r3, 0xc0406441, &(0x7f0000000340)={0x34, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r4 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r4, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000010004c0003000000000000000000000010003300000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0)

9m14.360887841s ago: executing program 5 (id=1841):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r0)
mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000008f80), &(0x7f0000008fc0)=0xc)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, 0x0)

9m14.163231365s ago: executing program 5 (id=1842):
syz_open_dev$sndpcmc(0x0, 0x0, 0xa340658bc40d4f52)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = syz_open_dev$dri(0x0, 0x1, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, 0x5a, 0x1, 0x0, 0x0, {}, [@nested={0x8, 0x3, 0x0, 0x1, [@typed={0x4}]}]}, 0x1c}}, 0x0)
ioctl$DRM_IOCTL_GET_STATS(r1, 0x80f86406, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x125)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x43}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@call={0x85, 0x0, 0x0, 0xe}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000180)='signal_generate\x00', r7, 0x0, 0x80004}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000340)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
flock(r8, 0x2)

9m13.708431664s ago: executing program 5 (id=1843):
semop(0x0, &(0x7f0000000000)=[{0x3, 0xfff7, 0x1000}], 0x1)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000380)=[0x4, 0x7, 0xb, 0x10, 0x2])

9m13.373958769s ago: executing program 34 (id=1843):
semop(0x0, &(0x7f0000000000)=[{0x3, 0xfff7, 0x1000}], 0x1)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000380)=[0x4, 0x7, 0xb, 0x10, 0x2])

11.413117363s ago: executing program 1 (id=3837):
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000080)={&(0x7f0000000740)={0x11c, 0x9, 0x6, 0x303, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_ADT={0x64, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBQUEUE={0x6, 0x1d, 0x1, 0x0, 0x9}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @private1}}}, {0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @loopback}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e24}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_ETHER={0xa, 0x11, @random="b86c0926360e"}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_ADT={0x80, 0x8, 0x0, 0x1, [{0x1c, 0x7, 0x0, 0x1, @IPSET_ATTR_IP_TO={0x18, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x9}}, {0x18, 0x7, 0x0, 0x1, @IPSET_ATTR_IFACE={0x14, 0x17, 'veth0_to_bond\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_PACKETS={0xc}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_NAMEREF={0x9, 0x13, 'syz1\x00'}}, {0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}}, {0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8, 0x1c, 0x1, 0x0, 0x1}}]}]}, 0x11c}, 0x1, 0x0, 0x0, 0x20000080}, 0x84004)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001140)={{0x12, 0x1, 0x0, 0xbd, 0xf7, 0x13, 0x8, 0x2770, 0x930c, 0x8d6a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2a, 0xc5, 0x98}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f00000000c0)={0x0, 0x13, 0x1, "fc"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x200000)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000340)={0x14, &(0x7f0000000280)={0x40, 0x22, 0x84, {0x84, 0x8, "c04dbdca9974d6c75ef841c9d560d52caa367aea56f5c639bedcb1935daa36115a5eabf86c6ae2c27e030fcf9d9d33978b70ca22f25859047593cfbd16896d426cc95df17287e2492ef285b8b879a18b380ad7d3b8289bc9fb23ebded723bea42177c4bf0dc9055769bdf3cac46b308fd97aff9ceb2c6dcc2fcafcf639339a500af5"}}, &(0x7f0000000100)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000600)={0x44, &(0x7f0000000380)={0x644a1e647618da66, 0xa, 0x16, "b5ea3fdecce285693e981c64b048f4159f25d5de4ea7"}, &(0x7f0000000440)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000480)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000004c0)={0x20, 0x80, 0x1c, {0x4, 0x8, 0x1, 0xff, 0x1ff, 0xac, 0x0, 0x7, 0x7, 0xb1, 0x8, 0x7}}, &(0x7f0000000500)={0x20, 0x85, 0x4, 0x3}, &(0x7f0000000540)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000580)={0x20, 0x87, 0x2, 0x5}, &(0x7f00000005c0)={0x20, 0x89, 0x2, 0x1}})

10.248785855s ago: executing program 7 (id=3841):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$SIOCAX25NOUID(0xffffffffffffffff, 0x89e3, &(0x7f0000000000)=0x1)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x2a400, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$FS_IOC_READ_VERITY_METADATA(r3, 0x2284, &(0x7f0000000240)={0x3, 0x9, 0x0, 0x0})
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})

9.537107873s ago: executing program 1 (id=3846):
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000940)=<r0=>0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r1, &(0x7f0000000140)={0xa, 0x7, 0x0, @remote, 0x11e}, 0x20)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r3, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000009a40)=0x4)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r2, <r4=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r4, &(0x7f0000000180)}, 0x20)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
write$sndseq(r5, &(0x7f0000000040)=[{0xff, 0x0, 0x0, 0x0, @tick, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @time={0x6, 0x401}, {0xfe, 0x2}, {}, @addr={0x2a, 0x2}}], 0x38)
poll(&(0x7f00000000c0), 0x0, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bf3000000000000007000000ee0016055e03010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0x7c81, 0x0)

8.138443744s ago: executing program 7 (id=3852):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="d800000055003d0926bd70000200000007", @ANYRES32], 0xd8}}, 0x80)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
r0 = socket(0x11, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000005c0)={'gre0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000180)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @remote}, 0x14)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xe9, 0x4)
sendmsg$netlink(r0, &(0x7f0000002ac0)={0x0, 0x0, &(0x7f0000000540)=[{0x0, 0xdd12}, {0x0, 0x10}], 0x2}, 0x20040051)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000000), &(0x7f0000000080)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000002000)=""/102400, 0x19000)
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp\x00')
r5 = socket$key(0xf, 0x3, 0x2)
r6 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r6, &(0x7f0000000300)={{0x6, @rose, 0x4}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
syz_genetlink_get_family_id$gtp(&(0x7f0000000180), r6)
sendmsg$key(r5, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="02030007220000002cbd7000fcdbdf2502000900080000000a0000000000000005000600000000000a0000000000000000000000000000000000000000000001020000000000000002000100000000000400070c0000000005000500000000000a00000000000000000000000000000000000000000000010700000000000000120008"], 0x110}, 0x1, 0x7}, 0x0)
pread64(r4, &(0x7f0000033240)=""/102400, 0x19000, 0x100008)

7.145093265s ago: executing program 7 (id=3857):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
fcntl$notify(0xffffffffffffffff, 0x402, 0xd)
write$ppp(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x2000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000200)={0x5, 0x10, 0xfa00, {&(0x7f0000000240), r3, 0x1}}, 0x18)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f00000004c0)={0x5, 0x10, 0xfa00, {&(0x7f00000007c0), r3, 0x1}}, 0x18)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @rand_addr=0x64010102}}, 0x24)
r4 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000700)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276", @ANYBLOB="164090eb92e2300a814d5d99081cdae3d15070d22fd7ea2dd7d0c9db49dc3499e56af1756f30033e77b0dd785babc4de1278fe03b2c048caf430c482e3b738b4998cf5080b92b14f74b2ac5663db87f98e31013273577906a1d63a0351ff0b"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000500)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0xffffffffffffffa3}}}, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r0, r7, 0x0, 0x9)
syz_usb_control_io$hid(r6, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r9 = dup3(r5, r8, 0x0)
preadv(r9, &(0x7f0000000280)=[{&(0x7f0000000100)=""/24, 0x30}, {0x0, 0x2}], 0x2, 0x0, 0x0)

7.143107983s ago: executing program 6 (id=3858):
r0 = socket(0x1e, 0x4, 0x0)
r1 = socket(0x1e, 0x4, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)={0x24, r3, 0x201, 0x400000, 0x4, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {0xfff1, 0xd}, {0xffed, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000084)

7.058918308s ago: executing program 6 (id=3860):
socket$inet6(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
epoll_create1(0x0)
bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x54)
dup3(r5, r4, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r6, &(0x7f0000000a00)=[{{&(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10, 0x0}}, {{&(0x7f0000000100)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000840)=[@ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x6, 0xffffffffffffffff}]}}}], 0x18}}], 0x2, 0x20000050)
ioctl$SIOCSIFHWADDR(r3, 0x8b0b, &(0x7f0000000200)={'wlan1\x00', @random="9ffff7070600"})
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmmsg$inet6(r7, 0x0, 0x0, 0x4001c00)
socket$nl_netfilter(0x10, 0x3, 0xc)

5.834221137s ago: executing program 1 (id=3861):
socket$inet_tcp(0x2, 0x1, 0x0)
vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x1)
sched_setaffinity(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000240)={0xf, 0x1, 0x2, "6040c47d6572a1000000150073d600deff0000000804000000ee00", 0x49323159})
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x80000001, 0x3}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1b, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="1804000000000000000000002c51000018010000202060c50000000000202020db1af8ffe1000000bda100000000003007010000f8ffffffb70200000000000000030000fdffffff85000000110000009500000000000000907169eb1f7207e79548487e8c87073203b3c0f396a804435059204bee"], &(0x7f0000000000)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(adiantum(lrw(serpent),aes-asm,ghash-ce-sync),sha512_m'}, 0x58)
ioctl$TIOCMGET(0xffffffffffffffff, 0x541e, &(0x7f0000000040))
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r4, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port1\x00', 0x7e, 0xa1c07, 0x6, 0x645, 0x100000})
r5 = epoll_create(0x101)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)={0x40000014})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000380), 0x8417f, 0x0)
socket$inet(0x2, 0x4, 0x7)
rt_sigqueueinfo(0x0, 0xe, &(0x7f00000004c0)={0x22, 0x6, 0x7})
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
fsopen(&(0x7f0000000000)='autofs\x00', 0x0)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, 0x0, 0x0)
clock_settime(0x0, &(0x7f0000000000)={0x77359400})
socket$nl_netfilter(0x10, 0x3, 0xc)

5.439421065s ago: executing program 6 (id=3863):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
signalfd4(0xffffffffffffffff, &(0x7f0000000480), 0x8, 0xfeffffffffffffff)

4.202441423s ago: executing program 6 (id=3868):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, r0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
close(0xffffffffffffffff)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_VENDOR(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000000c0)={0x1c, r4, 0x62c21a4ade68aba1, 0x70bd28, 0x0, {{0x32}, {@void, @val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0xfffff000, 0x0, 0x40}, 0x4000080)

2.76903028s ago: executing program 1 (id=3870):
prlimit64(0x0, 0x3, &(0x7f0000000200)={0x80000000, 0x8c}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000006c0)={'ip6_vti0\x00', &(0x7f0000000640)={'syztnl0\x00', <r0=>0x0, 0x4, 0x9, 0x6, 0xfffffff7, 0x34, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x80, 0x7fff, 0xfffffffd}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x5d, &(0x7f0000000180)={&(0x7f0000000700)=@getnexthop={0x18, 0x76, 0xb0d, 0x4000, 0x0, {0x3}, [@NHA_OIF={0x0, 0x5, r0}, @NHA_OIF]}, 0x18}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000006680))
getitimer(0x2, &(0x7f0000000140))
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>r1, {0xffffffffffffffff, 0xee01}}, './file0\x00'})
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000240)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/242, 0xf2, 0x0, &(0x7f00000004c0)=""/120, 0x78}, &(0x7f0000000540)=0x40)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), r2)
syz_io_uring_setup(0xeec, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f00000001c0)=<r4=>0x0, 0x0)
syz_io_uring_submit(r4, 0x0, &(0x7f0000000100)=@IORING_OP_WRITEV={0x2, 0x0, 0x6003, @fd=r3, 0xff, &(0x7f00000002c0)=[{0x0}], 0x1, 0x4, 0x0, {0x3}})
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32, @ANYBLOB='\b\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="020000000200000000000000000000000000ffffffffffffff7f0000"], 0x50)
r5 = creat(&(0x7f0000000300)='./file0\x00', 0xe5)
ioctl$SG_GET_LOW_DMA(r5, 0x227a, &(0x7f0000000040))
bpf$LINK_DETACH(0x22, &(0x7f00000000c0)=r5, 0x4)
bind(r5, &(0x7f0000000580)=@rc={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x49}, 0x80)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000340)={&(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff5000/0xa000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff5000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0, r5}, 0x68)

2.768556398s ago: executing program 7 (id=3871):
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$SIOCAX25NOUID(0xffffffffffffffff, 0x89e3, &(0x7f0000000000)=0x1)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x2a400, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
syz_usb_connect$hid(0x1, 0x0, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$FS_IOC_READ_VERITY_METADATA(r3, 0x2284, &(0x7f0000000240)={0x3, 0x9, 0x0, 0x0})
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008040)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})

2.616489431s ago: executing program 6 (id=3873):
r0 = socket$nl_route(0x10, 0x3, 0x0)
keyctl$get_persistent(0x10, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$dupfd(0xffffffffffffffff, 0x0, r1)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r2, 0xc03064b7, 0x0)
kexec_load(0x7fffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010025bd7000fcdb6e657464657673696d3000000000000008000d0006000000"], 0x34}, 0x1, 0x0, 0x0, 0x2000c817}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840), 0x0)
syz_open_dev$MSR(&(0x7f0000000040), 0x6, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000007c0)={0x1, @pix={0x3, 0xf3b, 0x34324241, 0x2, 0x7, 0x10000, 0xb, 0xf, 0x0, 0xc3da533fd69e53e7, 0x0, 0x5}})
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000140)="1e", 0x1}], 0x1)
ioctl$sock_SIOCGIFBR(r0, 0x8940, 0x0)

2.567498935s ago: executing program 6 (id=3875):
r0 = syz_open_dev$media(0x0, 0xd6e, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000940)=<r1=>0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000140)={0xa, 0x7, 0x0, @remote, 0x11e}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01000000120000007f00000001"], 0x48)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r4, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r4, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000009a40)=0x4)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r3, <r5=>0xffffffffffffffff}, &(0x7f0000000240), &(0x7f0000000280)='%pS    \x00'}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000001380)={r5, &(0x7f0000000180)}, 0x20)
r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
write$sndseq(r6, &(0x7f0000000040)=[{0xff, 0x0, 0x0, 0x0, @tick, {}, {}, @result={0x1, 0x2}}, {0x0, 0x0, 0xff, 0x3, @time={0x6, 0x401}, {0xfe, 0x2}, {}, @addr={0x2a, 0x2}}], 0x38)
poll(&(0x7f00000000c0), 0x0, 0x7)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="611570000000000061136c0000000000bf3000000000000007000000ee0016055e03010000000000160500000000000069163e0000000000bf07000000000000260507000fff07206706000020000000140600000ee60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0x7c81, 0x0)

2.351957051s ago: executing program 0 (id=3876):
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
close(0xffffffffffffffff)
socket$inet6_mptcp(0xa, 0x1, 0x106)
pipe2$watch_queue(&(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000200), 0x4)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000002480)='./binderfs/binder0\x00', 0x800, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f00000003c0)=""/102392, 0x18ff8)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="e8ffffff914faeb21253e320849117818e367e00c7ff9383b4020002004c60c2", 0x20)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r1, 0xc018620c, &(0x7f0000000000)={0x1})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={0xffffffffffffffff, &(0x7f0000000240)="b49c94ff975bd39612ed38f69c1b597dc257c5116712f685a52423b8ad3d812ab758a853251f1b7a8c0c6762c3a323beabb5aa7c3b9beaef6ff21da84c625ba698c3e9386f6e0aa9a5ddec32ab64f2c61bfa5206801c9d2d83c1f9ef7de067f20bfaa8b02cdfd2cd8ec9348ecda3ffec8a793dbba24448e88de0caeae89bd329d93953005dd2863e6d03bed231f5c39fede34352377727e67ed316dc4164ebd37550029dd04200739f794bdcfbae342d9994019da1a9436cbf2ac2f2648e58b57b1bab2e9223bf7308e3b03a8ade6c1fd577", &(0x7f00000004c0)=""/232}, 0x20)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r4, 0x0, 0x0}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000193c0)=ANY=[@ANYBLOB="24000000330001002bbd7000eadbdb2504000000080004000200000008000500", @ANYRES32=0x0, @ANYBLOB="41db8bdf000162f1e06795999371b9f9f1e1129836f95b8ced205a3d87c7d1773dc107d3ec1addcbb3264dfcb5cec41b1133d66cd9aa96985c2b24659705b87e3b3e74c638ca4bb0909726982be22f8c2ceebcdca952020a7959cabf07bfc717d12e2026dd52267d3be05c57b1c3e1949283be0a2c46ff1e02d9b3eb6e5bd820b971bebe3ca1c798f60039cfa14b032d"], 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x4000000)
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000140)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x20000850)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x9)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)

1.923188972s ago: executing program 0 (id=3878):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x1)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
mknodat(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
write$sequencer(r1, &(0x7f0000000000)=[@t={0x81, 0x6, 0x0, 0x0, @generic}], 0x8)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x0, 0x0)
r3 = open(&(0x7f0000000040)='./file1\x00', 0x0, 0x3)
chdir(&(0x7f0000000140)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
linkat(r2, &(0x7f0000000100)='./file1\x00', r3, &(0x7f0000000240)='./bus\x00', 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000000580)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
write$FUSE_DIRENTPLUS(r4, &(0x7f00000029c0)={0x658, 0x0, r5, [{{0x0, 0x2, 0x8001, 0x46, 0xff, 0x2, {0x6, 0xfa9, 0xfffffffffffffff9, 0xfff, 0x2, 0x3, 0x4, 0x0, 0xed07, 0xa000, 0x8, r6, 0x0, 0x55fd, 0x80000001}}, {0x0, 0x3, 0x6, 0x5, 'vcan0\x00'}}, {{0x6, 0x0, 0x5, 0xffffffffffffffc0, 0x3, 0x200, {0x3, 0x2, 0x5, 0xffffffffffffff01, 0xf, 0x7, 0xffff, 0x2, 0xfffffe01, 0x3000, 0x2, r6, r7, 0x5, 0x4c18}}, {0x0, 0x10001, 0x8, 0xb, '%pB    \x00'}}, {{0x1, 0x0, 0xffffffff, 0x7, 0xf425, 0x2, {0x6, 0x7, 0x2, 0xf, 0xffffffffffffffff, 0x1, 0x2, 0x8, 0x9461, 0xe000, 0x7, r6, r7, 0x8000, 0x1ff8000}}, {0x1, 0xd0a9, 0xa, 0x9a5e, '/dev/cuse\x00'}}, {{0x6, 0x2, 0x5f, 0x4, 0x4, 0x1, {0x0, 0x7, 0x1000, 0xfffffffffffffff9, 0x8001, 0x0, 0x800, 0x80000000, 0xb83, 0xc000, 0x80000001, r6, r7, 0x28a, 0x7}}, {0x5, 0x4, 0x1, 0xa, '\x00'}}, {{0x5, 0x2, 0x8, 0x8001, 0xd, 0x6, {0x6, 0x184, 0x587, 0x8000, 0x8, 0x0, 0xffffffff, 0x6, 0x10, 0x2000, 0xb, r6, r7, 0x80000000, 0xb}}, {0x2, 0x8, 0x1, 0xa2, '('}}, {{0x2, 0x1, 0x9, 0x6, 0xfffffff8, 0x7fff, {0x5, 0x1, 0xc, 0xa, 0x6, 0x6, 0x3, 0x6, 0x7, 0x8000, 0x8, r6, r7, 0x5, 0x3}}, {0x3, 0x2, 0x1, 0x9, ','}}, {{0x6, 0x0, 0x5dd5, 0x3, 0x5, 0x81, {0x3, 0x100000001, 0x5, 0x2, 0x1, 0x2, 0x6, 0x69504f9e, 0x80000000, 0x2000, 0x6, r6, r7, 0x6, 0x5}}, {0x0, 0xfffffffffffffffc, 0x6, 0x4, '&\'.:&('}}, {{0x2, 0x1, 0x401, 0x5, 0x80, 0x4, {0x5, 0x404, 0x5, 0x4, 0x801, 0xff, 0x6, 0xd7a2, 0x7fff, 0x4000, 0x7f, 0x0, 0x0, 0x7fffffff, 0xc6}}, {0x4, 0x100000001, 0x4, 0xf4f, '\\--,'}}, {{0x5, 0x1, 0x7ff, 0x4, 0x3d, 0x7f, {0x6, 0x7, 0x5, 0x3, 0x59ec, 0x5, 0x4, 0xf6c, 0x80000000, 0x4000, 0x80, r6, r7, 0x6, 0x6a4a}}, {0x2, 0x54f, 0x8, 0x3ff, 'nl80211\x00'}}, {{0x5, 0x2, 0x2, 0x49f, 0x7fff, 0x65, {0x5, 0xbe4a, 0x707, 0x4b3, 0x0, 0x3, 0x10001, 0xfffff800, 0x6, 0x4000, 0x4b4cca3e, 0xee00, r7, 0x1, 0x62e2}}, {0x2, 0x101, 0x1, 0x3, '\xad'}}]}, 0x658)
lchown(&(0x7f00000001c0)='./file1\x00', 0x0, r7)

1.834054192s ago: executing program 0 (id=3879):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x700, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011007389040f80ec59acbc0413a1f8480f0000005e2900421803001825000a00140000003f800600121f", 0x2e}], 0x1}, 0x0)

1.638844877s ago: executing program 3 (id=3881):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2) (async)
close(r2)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, &(0x7f0000000140))
sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0xfffffffffffffda1, 0x0}}], 0x40001b6, 0xf5)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='1q'], 0x118) (async)
write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='1q'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000000)={0xc, <r4=>0x0})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r3, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x1, 0x0, r4, 0x401})

1.484604322s ago: executing program 3 (id=3882):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
fcntl$notify(0xffffffffffffffff, 0x402, 0xd)
write$ppp(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x2000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x2, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f0000000200)={0x5, 0x10, 0xfa00, {&(0x7f0000000240), r3, 0x1}}, 0x18)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f00000004c0)={0x5, 0x10, 0xfa00, {&(0x7f00000007c0), r3, 0x1}}, 0x18)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x3, 0x2, 0x10, {0x2, 0x4e24, @rand_addr=0x64010102}}, 0x24)
r4 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000700)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276", @ANYBLOB="164090eb92e2300a814d5d99081cdae3d15070d22fd7ea2dd7d0c9db49dc3499e56af1756f30033e77b0dd785babc4de1278fe03b2c048caf430c482e3b738b4998cf5080b92b14f74b2ac5663db87f98e31013273577906a1d63a0351ff0b"], 0x0)
syz_usb_control_io$cdc_ecm(r4, &(0x7f0000000500)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0xffffffffffffffa3}}}, 0x0)
r5 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/wakeup_count', 0x101a02, 0x0)
sendfile(r0, r7, 0x0, 0x9)
syz_usb_control_io$hid(r6, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00020c0000000c0002"], 0x0, 0x0, 0x0}, 0x0)
r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r9 = dup3(r5, r8, 0x0)
preadv(r9, &(0x7f0000000280)=[{&(0x7f0000000100)=""/24, 0x30}, {0x0, 0x2}], 0x2, 0x0, 0x0)

1.40478168s ago: executing program 0 (id=3883):
socket$inet6(0xa, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
epoll_create1(0x0)
bpf$BPF_PROG_ATTACH(0x9, 0x0, 0x11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$kcm(0x2, 0x3, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r4 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r4, &(0x7f0000000400)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x0, 0x2}}, 0x10)
r5 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r5, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x4}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x54)
dup3(r5, r4, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$inet(r6, &(0x7f0000000a00)=[{{&(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10, 0x0}}, {{&(0x7f0000000100)={0x2, 0x4e23, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000840)=[@ip_retopts={{0x18, 0x0, 0x7, {[@cipso={0x86, 0x6, 0xffffffffffffffff}]}}}], 0x18}}], 0x2, 0x20000050)
ioctl$SIOCSIFHWADDR(r3, 0x8b0b, &(0x7f0000000200)={'wlan1\x00', @random="9ffff7070600"})
r7 = socket$inet6(0xa, 0x80002, 0x0)
connect$inet6(r7, &(0x7f0000000080)={0xa, 0x4e23, 0x400, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3b}}}, 0x1c)
connect$inet6(r7, &(0x7f0000000000)={0xa, 0x0, 0xfffffffd, @local, 0x2}, 0x1c)
openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmmsg$inet6(r7, 0x0, 0x0, 0x4001c00)
socket$nl_netfilter(0x10, 0x3, 0xc)

697.404382ms ago: executing program 3 (id=3884):
socket$l2tp(0x2, 0x2, 0x73)
socket$inet6(0xa, 0x3, 0x6)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socket(0x2, 0x80805, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
inotify_init1(0x0)
memfd_secret(0x80000)
socket$nl_route(0x10, 0x3, 0x0)
r0 = syz_io_uring_setup(0x94c, &(0x7f0000000500)={0x0, 0x0, 0x10100, 0x11ffff7c}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0))
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

645.401884ms ago: executing program 3 (id=3885):
mknod(0x0, 0x0, 0x0)
chmod(&(0x7f0000000080)='./file1\x00', 0x1258bab1c8332e9a)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f00000000c0)={0x2, {0x2, 0x3bf, 0x4, 0x14a}})
ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000040)={0x4, 0x1006, 0xefcc, 0xfffffff8, 0x5, "f46fca54683cc267a000002000", 0x5, 0xb})
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000))
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x8, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x2000, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000180)=ANY=[@ANYBLOB="611230f0000000006113100000000000bf2000000000000016000200071b48013d030100000000009500000000000000bc26000000000000bf67000000000000070200000fff07006702000003000000360600000ee600f0bf050000000000000f650000000000006507f4ff02000000070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a83683d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf5fe7030586"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x4, 0x100, 0x0, 0x333}, &(0x7f0000000140)=<r3=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r4 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@gettclass={0x24, 0x2a, 0x100, 0x70bd2b, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x7, 0xffff}, {0x5, 0x1}, {0xd, 0xc}}}, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
statfs(&(0x7f00000003c0)='./file1\x00', &(0x7f0000000640)=""/225)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r5, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

552.8773ms ago: executing program 3 (id=3886):
socket$nl_route(0x10, 0x3, 0x0)
keyctl$get_persistent(0x10, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000840))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r3 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_FORWARD(r3, 0x40084149, &(0x7f0000000340)=0x6)
connect$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_SETPLANE(r4, 0xc03064b7, 0x0)
kexec_load(0x7fffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x0, &(0x7f0000000100)})
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r6, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r6, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)

535.20762ms ago: executing program 0 (id=3887):
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)
sendmsg$IEEE802154_LIST_PHY(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x8)
setsockopt(0xffffffffffffffff, 0xa, 0x14f, &(0x7f0000000500), 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(0xffffffffffffffff, 0x84, 0x17, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x500000, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(r1, 0x107, 0x16, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYBLOB="0000000004000000b703000008000040850000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000780)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000700), &(0x7f0000000740)}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000800)={0x6, 0x19, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000005600000000000000060000009500000000000000b7080000000000007b8af8ff00000000b7080000000200007b8af0ff00000500000000000000000007010000f8ffffffbfa400000000000007040000f0ffffff810200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000300000085000000060000009500000000000000"], &(0x7f0000000100)='syzkaller\x00', 0x7, 0x15, &(0x7f0000000200)=""/21, 0x41100, 0x9, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000480)={0x1, 0x3, 0x3, 0x3}, 0x10, 0x0, 0x0, 0x0, &(0x7f00000007c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r2], 0x0, 0x10, 0x7, @void, @value}, 0x94)
sched_setattr(0x0, 0x0, 0x0)
pipe2(&(0x7f0000000000)={<r3=>0x0, <r4=>0x0}, 0x84880)
r5 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r5, 0x0, 0x43)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xe042, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xac \xe8\xb6\xdf\x16J\xab\xecC\xe2{\xfd\x8a\xb4\x8e\x9c\xfb\xf6\xe9\xd8]B6)\x9f\x9cR\xae\x12G\xd8\xa4y\xef\x02?\xf2\xe7}\ra\x97F', 0x0)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
fcntl$notify(r6, 0x402, 0x5)
fcntl$notify(r6, 0x402, 0x8000003d)
ioctl$DRM_IOCTL_MAP_BUFS(r3, 0xc0186419, &(0x7f0000000440)={0x0, &(0x7f0000000000)=""/60, &(0x7f0000000380)})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_WAIT(0xffffffffffffffff, 0xc03064ca, &(0x7f0000000280)={0x0, 0x0, 0x7, 0x0, 0x1})

284.047799ms ago: executing program 1 (id=3888):
r0 = socket$inet6(0xa, 0x80002, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000040)={0x8, 0x1, 0x2, "f2701c32beb6b2aa3f1cd41a3ff5078c9893f91924ed25e47d538d876f0d99d1", 0x31424752})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
bind$packet(r5, &(0x7f0000000180)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000700)={'bridge_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000540001000000000000c4000007008209", @ANYRES32, @ANYBLOB="20000100", @ANYRES32=r7, @ANYBLOB="00000000e000030000000000000000000000000008"], 0x38}}, 0x0)
sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000003120100500012800b00010062726964676500004000028008000500010000000600270000000000080001"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
sendmmsg$inet(r0, &(0x7f0000002ec0)=[{{&(0x7f00000000c0)={0x2, 0x4e1e, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="100000000000000000000000070000001e4a2d7134021041c4141e76978b25c61f5c00bee4b44eb2de53ee3545be43b94c7896b67ea178e279156d905c6442cff369f5829822799b0d977c5f56adf78700cad379733890e3f910389c08c49d597a6c92baff561bdf72af4c1dfd6dccb11df08ffcf564b24270b0b9980b352c7ef40d933c2a0ae9205c8788257f667b0b62a5da38889ad3420e404a49a8394722aaa9684bad15fb54aaee0b8f58e3c9f8f389b7396c21484fbc7094c9bd4dfa19a5f76e75d215d243d96b9ff4e4d88f2b9fd3b5c2d33b9ed070736a3b7b71347ebe6ceab052c5956aa724658567a85df4ca23507677dec658b0914d75e5a0220abbd42ce6a43f7efc9d78f4cb7436718c4ad33148194c38866056a4c3ad6bdfd4d04be9c47559055056d12bd9a64c0bb62fe44333517f955467e1745cc95e17a0c8aeb64fd03c05ff04d3f0442e044565cba063f1472237e77dcf0d24f8a7f57e3214f52fb026562781e578530a5cecf1836c4cc0e8ee8064e0d3985511543bc4a275b80ff6677f0b31a5e807889378471133e5966d290b193ec1ac3385ba6da017ee53ad89a7a23e622f8902c0e729a12f7bb95df8d85eda9cef9ec2568220961d908f81153b4dcb1028bad1b97a1c27bcf5528198320488faf2fd5f"], 0x10}}], 0x1, 0x400c850)

224.438106ms ago: executing program 3 (id=3889):
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x4040040)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
openat$vim2m(0xffffff9c, &(0x7f00000002c0), 0x2, 0x0)
socket$pppoe(0x18, 0x1, 0x0)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300), 0x40a40, 0x0)
ioctl$PPPIOCATTCHAN(r0, 0x40047438, &(0x7f0000000080)=0x200001)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r1, &(0x7f0000000400)={0x2, 0x4e20, @remote}, 0x10)
sendmmsg$inet(r1, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0xa00)

102.09026ms ago: executing program 7 (id=3890):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup, 0xd, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/../file0\x00', 0x101000, 0x19b)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)={0x14, r1, 0x701, 0x70bd2b, 0x0, {0x5}}, 0x14}, 0x1, 0x300000000000000, 0x0, 0x20004074}, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), r0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(0xffffffffffffffff, 0x7a8, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000140)={@any, 0x1})

73.73307ms ago: executing program 1 (id=3891):
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8a40)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
r2 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x5)
close(r2)
inotify_init1(0x800)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000200)=0x7)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x0)
listen(r1, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)

697.485µs ago: executing program 0 (id=3892):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[], 0x0, 0x52, 0x0, 0x0, 0x10000, 0x10000, @value}, 0x28)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
getpeername(r0, 0x0, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) (async, rerun: 32)
r2 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32)
setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @local}, 0xc) (async)
setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@local, @in6=@private2, 0x4e1f, 0x0, 0x0, 0x1, 0x2, 0x0, 0x80}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0xd, 0x2, 0x0, 0xb}, 0x0, 0x6e6bc0, 0x1, 0x0, 0x3}, {{@in6=@remote, 0x1, 0x6c}, 0xa, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, 0x5, 0x0, 0xb3}}, 0xe8)
ioperm(0x0, 0x2, 0x7e) (async)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 32)
r6 = socket$kcm(0x2, 0x1, 0x84) (rerun: 32)
sendmsg$inet(r6, &(0x7f0000000600)={&(0x7f00000001c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000640)="80", 0x26892}], 0x1}, 0xfc) (async, rerun: 32)
sendmsg$inet(r6, &(0x7f0000000680)={&(0x7f0000000000)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000240)="f9", 0x1}], 0x1}, 0x4000080) (rerun: 32)
sendmsg$inet(r6, &(0x7f00000010c0)={&(0x7f0000000f00)={0x2, 0x4e24, @rand_addr=0x64010102}, 0x10, &(0x7f0000001080)=[{&(0x7f0000000f40)='i', 0x1}], 0x1}, 0x8010) (async)
ioctl$F2FS_IOC_GET_COMPRESS_OPTION(r3, 0x8002f515, &(0x7f0000000080)) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0xd9}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) (async, rerun: 64)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (rerun: 64)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000002000)=""/102400, 0x19000)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 7 (id=3893):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000080)="01", 0x1, 0xffffffffffffffff)
add_key$user(&(0x7f0000000140), &(0x7f0000002840)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
r0 = socket$kcm(0x10, 0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000002c0))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0xff, 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000140)={0x0, 'veth1_to_batadv\x00', {0x7}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWCHAIN={0x54, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x20, 0x4, 0x0, 0x1, [@NFTA_HOOK_DEV={0x14, 0x3, 'ipvlan1\x00'}, @NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xce05562}]}]}, @NFT_MSG_NEWTABLE={0x28, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_FLAGS={0x8, 0x2, 0x1, 0x0, 0x1}]}], {0x14}}, 0xc4}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getresuid(0x0, &(0x7f00000003c0), &(0x7f0000000400))
syz_emit_ethernet(0xe5, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa65b835cff24e600539e5cb782ba3daf7fe55bf04eec4b8257e24570149a7ad20ed721984986fa6f5089160ed55f9e7c1f1adf9714a0cfa4dc401e2a6a4c608c54ac04d8353e8dc7ab2cc03d7f9601297de4150a2e216055c199853baf6a8488e10d0447fe330fbe0362a8f98632697e25d5be1ee2ff61a603beedcf972276b3ffe1c823c2f1e55bb65dec7c866e6c055d9334eac65708d154e60c0dfe8556fd63eaa5296838def7cccac7237731122ea158baee00c55bd6bd120e536cb5c58106302c34551a77ad716fcbc062b40156fa027f39543424000"/237], &(0x7f0000000000)={0x1, 0x1, [0x5d7, 0x389, 0x3ff, 0xf40]})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r5 = request_key(&(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x1}, &(0x7f0000000100)='&)\xc2!]\x00', 0x0)
add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, &(0x7f00000005c0)="ac37559f3212b541385f4ae7139501d905cbd9d1bfc67bb77ed595f84ec6574a80a05f6f9776567fcb67e97acbe547a2185bea6b576be1189ddaeb19ed9ace19a8da88201e33d334847cf1caf08ca1c1af3b45ca7fa3e9822c8d01e9793b4c8d67e784cd0cce6592a5cf304e847f472b9f5a2407b2748396b569f35c8773adaa4a0d19b4191793a3916c7e7b018af54153039102c16c1430b1e7", 0x9a, r5)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)

kernel console output (not intermixed with test programs):

02 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.103993][   T30] audit: type=1326 audit(2000000698.125:3120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.105022][T11964] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  952.127513][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.137612][   T30] audit: type=1326 audit(2000000698.125:3121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.166639][   T30] audit: type=1326 audit(2000000698.125:3122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.201803][T11964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  952.212880][T11964] usb 2-1: Product: syz
[  952.212934][   T30] audit: type=1326 audit(2000000698.125:3123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.217127][T11964] usb 2-1: Manufacturer: syz
[  952.240521][    C1] vkms_vblank_simulate: vblank timer overrun
[  952.262999][T11964] usb 2-1: SerialNumber: syz
[  952.269394][   T30] audit: type=1326 audit(2000000698.125:3124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=20 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  952.293635][T11964] usb 2-1: config 0 descriptor??
[  952.308049][T11964] gspca_main: sq930x-2.14.0 probing 2770:930c
[  952.326131][ T5871] kernel write not supported for file /stat (pid: 5871 comm: kworker/0:5)
[  952.364946][   T30] audit: type=1326 audit(2000000698.125:3125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17643 comm="syz.3.2951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f855298e929 code=0x7ffc0000
[  953.104510][T17665] autofs: Unknown parameter '�FVDPL|$�UN���P�Z@�[��9�Ƈm9��y]���DC����
[  953.104510][T17665] �?�D�J�q���g�-�#g�ZXyyak�3b���jq�����DS��|�%��T	I���D�d�b������7���WﴡX*�'
[  953.122750][    C1] vkms_vblank_simulate: vblank timer overrun
[  953.329560][T11964] gspca_sq930x: reg_w 0305 fd00 failed -110
[  953.619170][T11964] gspca_sq930x: Sensor ov9630 not yet treated
[  953.625475][T11964] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[  954.459418][   T50] Bluetooth: hci3: command 0x0c1a tx timeout
[  954.468215][T17651] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  955.084942][T17651] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  955.101031][T17651] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  955.157943][ T5871] usb 2-1: USB disconnect, device number 85
[  955.378029][T17680] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2961'.
[  956.213962][T17697] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.2964' sets config #0
[  956.311154][T17700] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  956.357345][T17700] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  956.529947][ T5871] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[  956.539723][   T50] Bluetooth: hci3: command 0x0c1a tx timeout
[  956.597811][T17700] lo speed is unknown, defaulting to 1000
[  956.769661][ T5871] usb 1-1: Using ep0 maxpacket: 32
[  956.895873][ T5871] usb 1-1: device descriptor read/all, error -71
[  956.962751][T11964] usb 7-1: new high-speed USB device number 35 using dummy_hcd
[  957.153678][T11964] usb 7-1: Using ep0 maxpacket: 8
[  957.186200][T11964] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  957.215622][T11964] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  957.245942][T11964] usb 7-1: Product: syz
[  957.256027][T11964] usb 7-1: Manufacturer: syz
[  957.276213][T11964] usb 7-1: SerialNumber: syz
[  957.295819][T11964] usb 7-1: config 0 descriptor??
[  957.322868][T11964] gspca_main: sq930x-2.14.0 probing 2770:930c
[  957.396672][ T5826] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  957.405979][ T5826] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  957.420252][ T5826] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  957.431679][ T5826] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  957.440484][ T5826] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  957.540431][ T6490] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.590318][ T5871] usb 1-1: new full-speed USB device number 79 using dummy_hcd
[  957.592657][T17723] lo speed is unknown, defaulting to 1000
[  957.671720][ T6490] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.694128][ T5947] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0
[  957.713990][ T5947] hid-generic 0000:0000:0000.0016: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  957.758041][ T5871] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  957.769545][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  957.783263][ T6490] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.796872][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  957.819478][ T5871] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  957.839541][ T5871] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  957.871053][ T5871] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  957.887039][ T5871] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  957.899544][ T5871] usb 1-1: Product: syz
[  957.903724][ T5871] usb 1-1: Manufacturer: syz
[  957.916749][ T6490] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.918464][ T5871] usb 1-1: SerialNumber: syz
[  957.928101][T17712] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  957.951611][ T5871] usb 1-1: config 0 descriptor??
[  957.962769][T17712] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  958.172533][ T5871] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  958.189493][ T5871] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  958.207129][T11964] gspca_sq930x: ucbus_write failed -71
[  958.212831][T17723] chnl_net:caif_netlink_parms(): no params data found
[  958.343564][T17737] input: syz1 as /devices/virtual/input/input65
[  958.380640][ T5871] radio-si470x 1-1:0.0: software version 0, hardware version 0
[  958.394639][ T5871] radio-si470x 1-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  958.438953][ T5871] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  958.449351][T11964] gspca_sq930x: Sensor ov9630 not yet treated
[  958.462801][T11964] sq930x 7-1:0.0: probe with driver sq930x failed with error -22
[  958.483340][T11964] usb 7-1: USB disconnect, device number 35
[  958.620399][   T50] Bluetooth: hci3: command 0x0c1a tx timeout
[  958.627941][ T5871] radio-si470x 1-1:0.0: submitting int urb failed (-90)
[  959.228213][ T5871] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -71
[  959.252085][ T5871] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22
[  959.282370][ T5871] usb 1-1: USB disconnect, device number 79
[  959.393214][ T6490] bond1 (unregistering): (slave veth5): Releasing backup interface
[  959.405864][ T6490] bond1 (unregistering): Released all slaves
[  959.501534][   T50] Bluetooth: hci5: command tx timeout
[  959.556514][ T6490] bond0 (unregistering): Released all slaves
[  959.817020][ T6490] tipc: Disabling bearer <udp:s>
[  959.922063][ T6490] tipc: Left network mode
[  960.057605][T17723] bridge0: port 1(bridge_slave_0) entered blocking state
[  960.082393][T17723] bridge0: port 1(bridge_slave_0) entered disabled state
[  960.280584][ T5921] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  960.300995][T17723] bridge_slave_0: entered allmulticast mode
[  960.392550][T17723] bridge_slave_0: entered promiscuous mode
[  960.406599][T17723] bridge0: port 2(bridge_slave_1) entered blocking state
[  960.428037][T17723] bridge0: port 2(bridge_slave_1) entered disabled state
[  960.437050][T17723] bridge_slave_1: entered allmulticast mode
[  960.445809][T17723] bridge_slave_1: entered promiscuous mode
[  960.477709][T17762] xt_recent: Unsupported userspace flags (000000de)
[  960.531777][T17723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  960.575144][T17723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  960.639423][T11964] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[  960.676161][T17769] 9pnet_fd: Insufficient options for proto=fd
[  960.713340][T17723] team0: Port device team_slave_0 added
[  960.964141][T11964] usb 1-1: unable to get BOS descriptor or descriptor too short
[  961.046550][T11964] usb 1-1: unable to read config index 0 descriptor/start: -71
[  961.076543][ T6490] hsr_slave_0: left promiscuous mode
[  961.081968][T11964] usb 1-1: can't read configurations, error -71
[  961.103273][ T6490] hsr_slave_1: left promiscuous mode
[  961.114213][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  961.123549][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_0
[  961.135681][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  961.143286][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_1
[  961.164216][ T6490] veth1_macvtap: left promiscuous mode
[  961.169991][ T6490] veth0_macvtap: left promiscuous mode
[  961.179424][ T6490] veth1_vlan: left promiscuous mode
[  961.184960][ T6490] veth0_vlan: left promiscuous mode
[  961.579713][   T50] Bluetooth: hci5: command tx timeout
[  961.878181][ T5921] usb 7-1: unable to get BOS descriptor or descriptor too short
[  961.890240][ T5921] usb 7-1: unable to read config index 0 descriptor/start: -71
[  961.897898][ T5921] usb 7-1: can't read configurations, error -71
[  962.013776][T17787] trusted_key: encrypted_key: insufficient parameters specified
[  963.669603][   T50] Bluetooth: hci5: command tx timeout
[  963.860044][ T6490] team0 (unregistering): Port device team_slave_1 removed
[  964.437609][ T6490] team0 (unregistering): Port device team_slave_0 removed
[  964.556664][T17814] netlink: 64 bytes leftover after parsing attributes in process `syz.6.2995'.
[  964.658245][   T30] kauditd_printk_skb: 29 callbacks suppressed
[  964.658261][   T30] audit: type=1400 audit(2000000710.805:3155): avc:  denied  { write } for  pid=17809 comm="syz.6.2995" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  965.588442][T17723] team0: Port device team_slave_1 added
[  965.710308][T17832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3000'.
[  965.739998][   T50] Bluetooth: hci5: command tx timeout
[  966.152422][T17723] batman_adv: batadv0: Adding interface: batadv_slave_0
[  966.161013][T17723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  966.191411][T17723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  966.894251][T17723] batman_adv: batadv0: Adding interface: batadv_slave_1
[  966.909748][T17723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  967.024314][T17723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  967.409964][T17856] netlink: 'syz.7.3006': attribute type 2 has an invalid length.
[  972.348334][T17723] hsr_slave_0: entered promiscuous mode
[  972.359861][T17723] hsr_slave_1: entered promiscuous mode
[  972.371905][T17723] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  972.389620][T17723] Cannot create hsr debugfs directory
[  972.437858][ T6490] IPVS: stop unused estimator thread 0...
[  972.462185][T11964] usb 2-1: new high-speed USB device number 86 using dummy_hcd
[  973.433329][T11964] usb 2-1: device descriptor read/all, error -71
[  975.492029][T17723] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  975.586663][T17723] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  975.615027][T17723] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  975.634203][   T30] audit: type=1326 audit(2000000721.785:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17893 comm="syz.0.3016" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f926578e929 code=0x0
[  975.638397][T17723] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  975.657130][    C1] vkms_vblank_simulate: vblank timer overrun
[  975.685117][T17896] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  975.713349][T17903] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3016'.
[  975.807179][T17903] netlink: 'syz.0.3016': attribute type 39 has an invalid length.
[  975.829769][ T5871] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  975.963224][T17723] 8021q: adding VLAN 0 to HW filter on device bond0
[  975.982226][T17723] 8021q: adding VLAN 0 to HW filter on device team0
[  975.995793][T16554] bridge0: port 1(bridge_slave_0) entered blocking state
[  976.002928][T16554] bridge0: port 1(bridge_slave_0) entered forwarding state
[  976.011210][ T5871] usb 7-1: Using ep0 maxpacket: 32
[  976.018545][ T5871] usb 7-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  976.034948][T17907] bridge3: entered promiscuous mode
[  976.042080][ T5871] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  976.146418][ T5871] usb 7-1: config 0 descriptor??
[  976.156076][T16554] bridge0: port 2(bridge_slave_1) entered blocking state
[  976.156703][ T5871] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  976.163214][T16554] bridge0: port 2(bridge_slave_1) entered forwarding state
[  976.261792][   T30] audit: type=1400 audit(2000000722.405:3157): avc:  denied  { ioctl } for  pid=17906 comm="syz.1.3018" path="socket:[57271]" dev="sockfs" ino=57271 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  976.286747][    C1] vkms_vblank_simulate: vblank timer overrun
[  976.356654][T17911] sp0: Synchronizing with TNC
[  976.765080][   T30] audit: type=1400 audit(2000000722.915:3158): avc:  denied  { getopt } for  pid=17916 comm="syz.0.3020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  976.858100][T17922] random: crng reseeded on system resumption
[  977.042166][T17723] 8021q: adding VLAN 0 to HW filter on device batadv0
[  977.678694][ T5871] gspca_vc032x: reg_w err -110
[  977.684693][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.690145][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.706839][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.712272][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.717563][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.732743][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.738762][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.744427][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.749987][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.755804][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.764461][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.770126][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.775416][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.784551][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.790086][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.797879][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.809622][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.814942][ T5871] gspca_vc032x: I2c Bus Busy Wait 00
[  977.820394][ T5871] gspca_vc032x: Unknown sensor...
[  977.825493][ T5871] vc032x 7-1:0.0: probe with driver vc032x failed with error -22
[  977.826790][T17723] veth0_vlan: entered promiscuous mode
[  977.866398][T17723] veth1_vlan: entered promiscuous mode
[  977.931530][T17723] veth0_macvtap: entered promiscuous mode
[  977.950766][T17723] veth1_macvtap: entered promiscuous mode
[  977.982473][T17723] batman_adv: batadv0: Interface activated: batadv_slave_0
[  978.012252][T17723] batman_adv: batadv0: Interface activated: batadv_slave_1
[  978.033100][T17723] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  978.056346][T17723] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  978.095026][T17723] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  978.103773][T17723] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  978.193885][T16554] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.206301][T16554] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.238828][T16554] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.247941][T16554] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.629997][    T9] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  978.820718][    T9] usb 4-1: config 1 has an invalid descriptor of length 191, skipping remainder of the config
[  978.851856][ T1208] usb 7-1: USB disconnect, device number 38
[  978.857802][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  978.875005][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  978.897185][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  979.376284][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  979.384415][    T9] usb 4-1: Product: 옆쁃➽ꑓ횋にಸՒ扶瘕멝忹嫐ሌꌴ跽裵氎麔⚣ᆮ៥ᡵ纆㱂䥧빞ᅝ굘㜙颮窽캢恃ꇭṯ磂큳䌌᜷띀䈮ᚴ쮓哭슋묉嫜䠯䌔쐏沺婮䡨韂㚭敵ŭ㒼霚覓옑읫湩蚶䧮쌤엜屦좵䈖与ԃ࣭蘒䘭鮭橩폟䄅趈㟡魅뿣蹸⺢윥轅᫫晿祾≉忶햁ࣇ仞➽⛹薶럺鴭஘䥅敜槼컵뗣烻ţႧ鮅ᅜ
[  979.419143][    T9] usb 4-1: Manufacturer: 㰁
[  979.501955][    T9] usb 4-1: SerialNumber: syz
[  979.733450][    T9] cdc_ncm 4-1:1.0: skipping garbage
[  979.754027][    T9] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found
[  979.782288][    T9] cdc_ncm 4-1:1.0: bind() failure
[  979.932336][   T43] usb 4-1: USB disconnect, device number 98
[  980.060115][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  980.084144][ T5826] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  980.094004][ T5826] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  980.102442][ T5826] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  980.111003][ T5826] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  980.162559][T17955] lo speed is unknown, defaulting to 1000
[  980.315115][T17961] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.3032' sets config #0
[  980.445166][T17955] chnl_net:caif_netlink_parms(): no params data found
[  980.599623][T17955] bridge0: port 1(bridge_slave_0) entered blocking state
[  980.607848][T17955] bridge0: port 1(bridge_slave_0) entered disabled state
[  980.615991][T17955] bridge_slave_0: entered allmulticast mode
[  980.623629][T17955] bridge_slave_0: entered promiscuous mode
[  980.631787][T17955] bridge0: port 2(bridge_slave_1) entered blocking state
[  980.639761][T17955] bridge0: port 2(bridge_slave_1) entered disabled state
[  980.646934][T17955] bridge_slave_1: entered allmulticast mode
[  980.657115][T17955] bridge_slave_1: entered promiscuous mode
[  980.699473][T17955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  980.711230][T17955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  980.772313][T17955] team0: Port device team_slave_0 added
[  980.796060][T17955] team0: Port device team_slave_1 added
[  980.872501][T17955] batman_adv: batadv0: Adding interface: batadv_slave_0
[  980.891630][T17955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  980.928500][T17955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  980.954597][T17955] batman_adv: batadv0: Adding interface: batadv_slave_1
[  980.963099][T17955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  980.988986][    C0] vkms_vblank_simulate: vblank timer overrun
[  981.002275][T17955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  981.120743][T17955] hsr_slave_0: entered promiscuous mode
[  981.129252][T17955] hsr_slave_1: entered promiscuous mode
[  981.136190][T17955] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  981.143819][T17955] Cannot create hsr debugfs directory
[  981.324889][T17955] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.076349][T17955] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.175902][ T5826] Bluetooth: hci1: command tx timeout
[  982.343352][T17955] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode
[  982.356469][T17955] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.439895][T17955] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  982.523285][T17955] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  982.538954][T17955] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  982.548089][T17955] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  982.556704][T17955] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  982.608619][T17955] 8021q: adding VLAN 0 to HW filter on device bond0
[  982.627152][T17955] 8021q: adding VLAN 0 to HW filter on device team0
[  982.638691][ T6490] bridge0: port 1(bridge_slave_0) entered blocking state
[  982.645789][ T6490] bridge0: port 1(bridge_slave_0) entered forwarding state
[  982.660639][ T7900] bridge0: port 2(bridge_slave_1) entered blocking state
[  982.667763][ T7900] bridge0: port 2(bridge_slave_1) entered forwarding state
[  982.811595][T17955] 8021q: adding VLAN 0 to HW filter on device batadv0
[  982.843683][T17955] veth0_vlan: entered promiscuous mode
[  982.855315][T17955] veth1_vlan: entered promiscuous mode
[  982.878704][T17955] veth0_macvtap: entered promiscuous mode
[  982.887584][T17955] veth1_macvtap: entered promiscuous mode
[  982.918240][T17955] batman_adv: batadv0: Interface activated: batadv_slave_0
[  982.932847][T17955] batman_adv: batadv0: Interface activated: batadv_slave_1
[  982.945635][T17955] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  982.954926][T17955] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  982.966550][T17955] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  982.975921][T17955] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  982.996663][T18001] SELinux:  policydb string length 1836477192 does not match expected length 8
[  983.006005][T18001] SELinux: failed to load policy
[  983.053853][ T7913] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  983.067364][ T7913] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  983.099863][ T7893] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  983.108337][ T7893] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  984.303746][ T5826] Bluetooth: hci1: command tx timeout
[  984.853589][ T6490] bridge_slave_1: left allmulticast mode
[  984.861152][ T6490] bridge_slave_1: left promiscuous mode
[  984.866837][ T6490] bridge0: port 2(bridge_slave_1) entered disabled state
[  985.227182][T18034] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3047'.
[  985.961076][ T6490] bridge_slave_0: left promiscuous mode
[  985.966945][ T6490] bridge0: port 1(bridge_slave_0) entered disabled state
[  986.397140][ T5826] Bluetooth: hci1: command tx timeout
[  986.487280][T18045] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3049'.
[  987.101897][T18052] netlink: 56 bytes leftover after parsing attributes in process `syz.6.3051'.
[  987.368919][T18061] binder: 18060:18061 ioctl c018620c 200000000040 returned -22
[  987.958050][ T6490] bond0 (unregistering): Released all slaves
[  988.317463][T18071] vivid-001: =================  START STATUS  =================
[  988.341495][T18071] vivid-001: Radio HW Seek Mode: Bounded
[  988.348735][T18071] vivid-001: Radio Programmable HW Seek: false
[  988.355197][T18071] vivid-001: RDS Rx I/O Mode: Block I/O
[  988.363480][T18071] vivid-001: Generate RBDS Instead of RDS: false
[  988.726483][ T5826] Bluetooth: hci1: command tx timeout
[  988.789431][T18071] vivid-001: RDS Reception: true
[  988.797453][T18071] vivid-001: RDS Program Type: 0 inactive
[  988.803923][T18071] vivid-001: RDS PS Name:  inactive
[  988.812057][T18071] vivid-001: RDS Radio Text:  inactive
[  988.817674][T18071] vivid-001: RDS Traffic Announcement: false inactive
[  988.826437][T18071] vivid-001: RDS Traffic Program: false inactive
[  988.834540][T18071] vivid-001: RDS Music: false inactive
[  988.843625][T18071] vivid-001: ==================  END STATUS  ==================
[  988.958255][T18080] xt_l2tp: v2 doesn't support IP mode
[  989.666235][ T6490] hsr_slave_0: left promiscuous mode
[  989.740467][ T6490] hsr_slave_1: left promiscuous mode
[  989.874919][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  989.927694][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_0
[  989.935903][ T6490] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  989.945368][ T6490] batman_adv: batadv0: Removing interface: batadv_slave_1
[  989.968643][ T6490] veth1_macvtap: left promiscuous mode
[  989.974300][ T6490] veth0_macvtap: left promiscuous mode
[  989.988191][ T6490] veth0_vlan: left promiscuous mode
[  990.500717][T18103] tipc: Failed to remove unknown binding: 66,1,1/0:2301351376/2301351378
[  990.509789][T18103] tipc: Failed to remove unknown binding: 66,1,1/0:2301351376/2301351378
[  991.178934][ T6490] pimreg (unregistering): left allmulticast mode
[  991.297590][    T9] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  991.591889][    T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  991.613774][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  991.637841][    T9] usb 1-1: config 0 descriptor??
[  991.654927][    T9] cp210x 1-1:0.0: cp210x converter detected
[  991.869671][   T43] usb 7-1: new high-speed USB device number 39 using dummy_hcd
[  991.889800][ T6490] team0 (unregistering): Port device team_slave_1 removed
[  991.934342][ T6490] team0 (unregistering): Port device team_slave_0 removed
[  992.031725][   T43] usb 7-1: Using ep0 maxpacket: 8
[  992.045627][   T43] usb 7-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  992.065650][   T43] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  992.081281][   T43] usb 7-1: Product: syz
[  992.085458][   T43] usb 7-1: Manufacturer: syz
[  992.097987][   T43] usb 7-1: SerialNumber: syz
[  992.108774][   T43] usb 7-1: config 0 descriptor??
[  992.123921][   T43] gspca_main: sq930x-2.14.0 probing 2770:930c
[  992.430867][ T5870] lo speed is unknown, defaulting to 1000
[  992.436661][ T5870] infiniband syz0: ib_query_port failed (-19)
[  992.448824][T18118] sp0: Synchronizing with TNC
[  992.464308][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[  992.471934][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[  992.743519][T18115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  992.755600][T18115] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  992.809568][   T43] gspca_sq930x: reg_w 0305 fd00 failed -71
[  993.344385][   T43] gspca_sq930x: Sensor ov9630 not yet treated
[  994.092819][   T43] sq930x 7-1:0.0: probe with driver sq930x failed with error -22
[  994.102414][   T43] usb 7-1: USB disconnect, device number 39
[  994.130748][    T9] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  994.198309][    T9] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  994.468286][    T9] usb 1-1: cp210x converter now attached to ttyUSB0
[  994.478886][T18148] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3080'.
[  994.563693][    T9] usb 1-1: USB disconnect, device number 82
[  994.572981][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  994.573282][    T9] cp210x 1-1:0.0: device disconnected
[  995.560993][T18170] netlink: 256 bytes leftover after parsing attributes in process `syz.1.3090'.
[  995.814172][T18184] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3092'.
[  996.827010][T18200] overlayfs: failed to resolve './file1': -2
[  997.869685][    T9] usb 2-1: new high-speed USB device number 88 using dummy_hcd
[  998.013497][T18215] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3105'.
[  998.077389][    T9] usb 2-1: Using ep0 maxpacket: 8
[  998.088019][    T9] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  998.108212][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  998.129477][    T9] usb 2-1: Product: syz
[  998.149407][    T9] usb 2-1: Manufacturer: syz
[  998.154019][    T9] usb 2-1: SerialNumber: syz
[  998.176696][    T9] usb 2-1: config 0 descriptor??
[  998.195502][    T9] gspca_main: sq930x-2.14.0 probing 2770:930c
[  998.452198][   T30] audit: type=1400 audit(2000000744.605:3159): avc:  denied  { bind } for  pid=18207 comm="syz.7.3100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  998.809092][T18198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  998.824503][T18198] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  999.089390][    T9] gspca_sq930x: ucbus_write failed -71
[  999.109789][T18243] xt_l2tp: v2 doesn't support IP mode
[  999.329351][    T9] gspca_sq930x: Sensor ov9630 not yet treated
[  999.335561][    T9] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[  999.354879][    T9] usb 2-1: USB disconnect, device number 88
[ 1002.011700][ T5950] usb 7-1: new high-speed USB device number 40 using dummy_hcd
[ 1002.169553][T18281] usb usb9: usbfs: interface 0 claimed by hub while 'syz.7.3122' sets config #0
[ 1002.582143][T18286] xt_l2tp: v2 doesn't support IP mode
[ 1002.627390][ T5950] usb 7-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[ 1002.648979][ T5950] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1002.657230][ T5950] usb 7-1: Product: syz
[ 1002.663983][ T5950] usb 7-1: Manufacturer: syz
[ 1002.668720][ T5950] usb 7-1: SerialNumber: syz
[ 1002.692697][ T5950] usb 7-1: config 0 descriptor??
[ 1002.727892][ T5950] i2c-tiny-usb 7-1:0.0: version 6d.cc found at bus 007 address 040
[ 1002.849128][   T30] audit: type=1400 audit(2000000748.995:3160): avc:  denied  { ioctl } for  pid=18293 comm="syz.7.3128" path="socket:[61493]" dev="sockfs" ino=61493 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1002.851647][T18296] netlink: 288 bytes leftover after parsing attributes in process `syz.3.3127'.
[ 1003.139576][T18269] netlink: 'syz.6.3119': attribute type 1 has an invalid length.
[ 1003.681235][ T5950]  (null): failure reading functionality
[ 1003.981634][T18269] 8021q: adding VLAN 0 to HW filter on device bond3
[ 1004.001204][ T5950] i2c i2c-1: connected i2c-tiny-usb device
[ 1004.199585][T18313] Invalid ELF header magic: != ELF
[ 1004.200600][   T30] audit: type=1400 audit(2000000750.345:3161): avc:  denied  { module_load } for  pid=18309 comm="syz.0.3130" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[ 1004.324396][T18307] bond3 (unregistering): Released all slaves
[ 1004.490630][ T1208] usb 7-1: USB disconnect, device number 40
[ 1004.600206][T18324] tipc: Failed to remove unknown binding: 66,1,1/0:1553447290/1553447292
[ 1004.608699][T18324] tipc: Failed to remove unknown binding: 66,1,1/0:1553447290/1553447292
[ 1005.355909][T18334] FAULT_INJECTION: forcing a failure.
[ 1005.355909][T18334] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1005.369101][T18334] CPU: 1 UID: 0 PID: 18334 Comm: syz.0.3136 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1005.369127][T18334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1005.369138][T18334] Call Trace:
[ 1005.369145][T18334]  <TASK>
[ 1005.369152][T18334]  dump_stack_lvl+0x16c/0x1f0
[ 1005.369183][T18334]  should_fail_ex+0x512/0x640
[ 1005.369211][T18334]  _copy_from_user+0x2e/0xd0
[ 1005.369238][T18334]  generic_map_update_batch+0x380/0x610
[ 1005.369273][T18334]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1005.369302][T18334]  ? __pfx_generic_map_update_batch+0x10/0x10
[ 1005.369328][T18334]  bpf_map_do_batch+0x5b4/0x680
[ 1005.369351][T18334]  __sys_bpf+0x15f3/0x4d80
[ 1005.369378][T18334]  ? __pfx___sys_bpf+0x10/0x10
[ 1005.369403][T18334]  ? ksys_write+0x190/0x250
[ 1005.369429][T18334]  ? __mutex_unlock_slowpath+0x161/0x6a0
[ 1005.369471][T18334]  ? fput+0x70/0xf0
[ 1005.369498][T18334]  ? ksys_write+0x1ac/0x250
[ 1005.369519][T18334]  ? __pfx_ksys_write+0x10/0x10
[ 1005.369546][T18334]  __x64_sys_bpf+0x78/0xc0
[ 1005.369570][T18334]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1005.369595][T18334]  do_syscall_64+0xcd/0x4c0
[ 1005.369623][T18334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1005.369641][T18334] RIP: 0033:0x7f926578e929
[ 1005.369656][T18334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1005.369673][T18334] RSP: 002b:00007f9266683038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1005.369690][T18334] RAX: ffffffffffffffda RBX: 00007f92659b6160 RCX: 00007f926578e929
[ 1005.369702][T18334] RDX: 0000000000000038 RSI: 0000200000000300 RDI: 000000000000001a
[ 1005.369713][T18334] RBP: 00007f9266683090 R08: 0000000000000000 R09: 0000000000000000
[ 1005.369723][T18334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1005.369734][T18334] R13: 0000000000000000 R14: 00007f92659b6160 R15: 00007ffe9e7b5868
[ 1005.369759][T18334]  </TASK>
[ 1005.561675][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1005.570363][T18335] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=272 sclass=netlink_route_socket pid=18335 comm=syz.3.3137
[ 1006.903243][   T30] audit: type=1400 audit(2000000753.055:3162): avc:  denied  { accept } for  pid=18338 comm="syz.0.3139" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1007.592788][ T5921] usb 2-1: new high-speed USB device number 89 using dummy_hcd
[ 1007.779423][ T5921] usb 2-1: Using ep0 maxpacket: 32
[ 1007.782234][T18364] sp0: Synchronizing with TNC
[ 1007.785941][ T5921] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[ 1007.867692][ T5921] usb 2-1: config 0 has no interface number 0
[ 1007.989416][ T5921] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1008.021557][ T5921] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1008.122955][ T5921] usb 2-1: Product: syz
[ 1008.127482][ T5921] usb 2-1: Manufacturer: syz
[ 1008.132273][ T5921] usb 2-1: SerialNumber: syz
[ 1008.145489][ T5921] usb 2-1: config 0 descriptor??
[ 1008.163733][ T5921] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1008.621530][   T30] audit: type=1400 audit(2000000754.475:3163): avc:  denied  { listen } for  pid=18365 comm="syz.7.3146" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1008.738608][ T5921] usb 2-1: qt2_attach - failed to power on unit: -71
[ 1009.363890][T18379] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3149'.
[ 1009.404088][T18379] erspan0: entered promiscuous mode
[ 1009.412745][ T5921] quatech2 2-1:0.51: probe with driver quatech2 failed with error -71
[ 1009.435792][ T5921] usb 2-1: USB disconnect, device number 89
[ 1009.445143][T18379] macvtap1: entered promiscuous mode
[ 1009.478373][T18379] macvtap1: entered allmulticast mode
[ 1009.492707][T18379] erspan0: entered allmulticast mode
[ 1009.514377][   T30] audit: type=1400 audit(2000000000.770:3164): avc:  denied  { read } for  pid=18383 comm="syz.7.3150" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[ 1009.541394][T18386] macvtap1: left promiscuous mode
[ 1009.604776][T18386] macvtap1: left allmulticast mode
[ 1009.639426][T18386] erspan0: left allmulticast mode
[ 1010.249448][ T1208] usb 2-1: new high-speed USB device number 90 using dummy_hcd
[ 1011.355439][ T1208] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1012.326086][ T1208] usb 2-1: config 0 has no interface number 0
[ 1012.332559][ T1208] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1012.343420][ T1208] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1012.359317][ T1208] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1012.477835][ T1208] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1012.551889][ T1208] usb 2-1: config 0 descriptor??
[ 1013.203035][T18437] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1013.260860][ T1208] usbhid 2-1:0.1: can't add hid device: -71
[ 1013.329448][ T1208] usbhid 2-1:0.1: probe with driver usbhid failed with error -71
[ 1013.596768][ T1208] usb 2-1: USB disconnect, device number 90
[ 1015.060650][T18471] IPVS: sync thread started: state = MASTER, mcast_ifn = geneve0, syncid = 3, id = 0
[ 1015.521537][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.530639][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.539646][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.548628][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.557651][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.566659][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.575902][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.585064][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.594339][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.603462][T18483] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3176'.
[ 1015.903270][    T9] usb 7-1: new high-speed USB device number 41 using dummy_hcd
[ 1015.947602][T18487] input: syz1 as /devices/virtual/input/input66
[ 1016.242174][    T9] usb 7-1: Using ep0 maxpacket: 8
[ 1016.255418][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 15
[ 1016.264902][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1016.284827][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1016.303862][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1016.329697][   T30] audit: type=1400 audit(2000000007.580:3165): avc:  denied  { create } for  pid=18485 comm="syz.1.3177" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1
[ 1016.519364][   T30] audit: type=1400 audit(2000000007.750:3166): avc:  denied  { sys_admin } for  pid=18485 comm="syz.1.3177" capability=21  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1
[ 1016.551190][    T9] usb 7-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[ 1016.566018][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1016.581384][    T9] usb 7-1: Product: syz
[ 1016.593440][    T9] usb 7-1: Manufacturer: syz
[ 1016.601303][    T9] usb 7-1: SerialNumber: syz
[ 1016.623271][    T9] usb 7-1: config 0 descriptor??
[ 1016.752319][T18478] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1016.984519][    T9] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[ 1017.184925][T18478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1017.866293][    T9] input: Griffin SoundKnob as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input67
[ 1017.891251][T18497] Cannot find add_set index 0 as target
[ 1017.898772][T18478] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1018.054012][T18478] atomic_op ffff888034494198 conn xmit_atomic 0000000000000000
[ 1018.088509][    C0] powermate: config urb returned -71
[ 1018.089083][   T43] usb 7-1: USB disconnect, device number 41
[ 1018.093810][    C0] powermate: usb_submit_urb(config) failed
[ 1018.093861][    C0] powermate 7-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[ 1018.579372][ T5950] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 1018.753492][ T5950] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1018.764202][ T5950] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 1018.778068][ T5950] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[ 1018.787336][ T5950] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[ 1018.795469][ T5950] usb 1-1: SerialNumber: syz
[ 1019.009395][ T5921] usb 7-1: new full-speed USB device number 42 using dummy_hcd
[ 1019.022039][ T5950] usb 1-1: 0:2 : does not exist
[ 1019.036535][ T5950] usb 1-1: USB disconnect, device number 83
[ 1019.172459][ T5921] usb 7-1: config 0 has an invalid interface number: 176 but max is 2
[ 1019.180894][ T5921] usb 7-1: config 0 has an invalid interface number: 255 but max is 2
[ 1019.189102][ T5921] usb 7-1: config 0 has no interface number 0
[ 1019.195387][ T5921] usb 7-1: config 0 has no interface number 1
[ 1019.203233][ T5921] usb 7-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1019.214488][ T5921] usb 7-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1019.228068][ T5921] usb 7-1: config 0 interface 255 has no altsetting 0
[ 1019.234894][ T5921] usb 7-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1019.244028][ T5921] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1019.253361][ T5921] usb 7-1: config 0 descriptor??
[ 1019.546596][ T5921] usb 7-1: Could not set interface, error -71
[ 1019.555365][ T5921] usb 7-1: selecting invalid altsetting 0
[ 1019.561125][ T5921] usb 7-1: Could not set interface, error -22
[ 1019.570795][ T5921] usb 7-1: USB disconnect, device number 42
[ 1020.103249][ T5950] usb 2-1: new high-speed USB device number 91 using dummy_hcd
[ 1021.169427][ T5950] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1021.180450][ T5950] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1021.185695][T18547] FAULT_INJECTION: forcing a failure.
[ 1021.185695][T18547] name failslab, interval 1, probability 0, space 0, times 0
[ 1021.199296][ T5950] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1021.206071][T18547] CPU: 1 UID: 0 PID: 18547 Comm: syz.0.3195 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1021.206093][T18547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1021.206103][T18547] Call Trace:
[ 1021.206109][T18547]  <TASK>
[ 1021.206115][T18547]  dump_stack_lvl+0x16c/0x1f0
[ 1021.206143][T18547]  should_fail_ex+0x512/0x640
[ 1021.206164][T18547]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[ 1021.206188][T18547]  should_failslab+0xc2/0x120
[ 1021.206210][T18547]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[ 1021.206230][T18547]  ? __alloc_skb+0x2b2/0x380
[ 1021.206254][T18547]  __alloc_skb+0x2b2/0x380
[ 1021.206274][T18547]  ? __pfx___alloc_skb+0x10/0x10
[ 1021.206297][T18547]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[ 1021.206319][T18547]  netlink_alloc_large_skb+0x69/0x130
[ 1021.206336][T18547]  netlink_sendmsg+0x6a1/0xdd0
[ 1021.206356][T18547]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1021.206382][T18547]  ____sys_sendmsg+0xa95/0xc70
[ 1021.206399][T18547]  ? copy_msghdr_from_user+0x10a/0x160
[ 1021.206421][T18547]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1021.206449][T18547]  ___sys_sendmsg+0x134/0x1d0
[ 1021.206472][T18547]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1021.206492][T18547]  ? __lock_acquire+0x622/0x1c90
[ 1021.206543][T18547]  __sys_sendmsg+0x16d/0x220
[ 1021.206566][T18547]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1021.206603][T18547]  do_syscall_64+0xcd/0x4c0
[ 1021.206628][T18547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1021.206643][T18547] RIP: 0033:0x7f926578e929
[ 1021.206657][T18547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1021.206672][T18547] RSP: 002b:00007f92666c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1021.206688][T18547] RAX: ffffffffffffffda RBX: 00007f92659b5fa0 RCX: 00007f926578e929
[ 1021.206698][T18547] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[ 1021.206708][T18547] RBP: 00007f92666c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1021.206717][T18547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1021.206726][T18547] R13: 0000000000000000 R14: 00007f92659b5fa0 R15: 00007ffe9e7b5868
[ 1021.206747][T18547]  </TASK>
[ 1021.447676][ T5950] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.461552][ T5950] usb 2-1: config 0 descriptor??
[ 1021.479567][   T30] audit: type=1400 audit(2000000525.740:3167): avc:  denied  { map } for  pid=18552 comm="syz.3.3198" path="socket:[62467]" dev="sockfs" ino=62467 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[ 1021.509525][   T43] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 1021.569413][    T9] usb 7-1: new high-speed USB device number 43 using dummy_hcd
[ 1021.659311][   T43] usb 1-1: Using ep0 maxpacket: 16
[ 1021.665855][   T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1021.676855][   T43] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[ 1021.686121][   T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1021.699190][   T43] usb 1-1: config 0 descriptor??
[ 1021.724271][    T9] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1021.734018][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1021.742772][    T9] usb 7-1: Product: syz
[ 1021.747021][    T9] usb 7-1: Manufacturer: syz
[ 1021.751682][    T9] usb 7-1: SerialNumber: syz
[ 1021.760654][    T9] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1021.783052][ T1208] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1022.108018][ T5950] usb 2-1: string descriptor 0 read error: -22
[ 1022.121306][   T43] mcp2221 0003:04D8:00DD.0018: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[ 1022.309693][T18535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1022.320574][T18535] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1022.573135][ T5950] uclogic 0003:256C:006D.0017: failed retrieving string descriptor #100: -71
[ 1022.592570][ T5950] uclogic 0003:256C:006D.0017: failed retrieving pen parameters: -71
[ 1022.596127][   T43] usb 1-1: USB disconnect, device number 84
[ 1022.602507][ T5950] uclogic 0003:256C:006D.0017: failed probing pen v1 parameters: -71
[ 1022.616631][ T5950] uclogic 0003:256C:006D.0017: failed probing parameters: -71
[ 1022.624852][ T5950] uclogic 0003:256C:006D.0017: probe with driver uclogic failed with error -71
[ 1022.637977][ T5950] usb 2-1: USB disconnect, device number 91
[ 1022.859408][ T1208] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[ 1022.867205][ T1208] ath9k_htc: Failed to initialize the device
[ 1022.894930][ T1208] usb 7-1: ath9k_htc: USB layer deinitialized
[ 1022.906908][ T5950] usb 7-1: USB disconnect, device number 43
[ 1023.240047][T18560] __nla_validate_parse: 40 callbacks suppressed
[ 1023.240064][T18560] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3200'.
[ 1023.338873][T18557] vlan3: entered allmulticast mode
[ 1023.354035][T18557] bond0: entered allmulticast mode
[ 1023.370510][T18557] bond_slave_0: entered allmulticast mode
[ 1023.391124][T18557] bond_slave_1: entered allmulticast mode
[ 1024.030629][T18579] loop6: detected capacity change from 0 to 524287999
[ 1024.144739][T18583] xt_l2tp: v2 doesn't support IP mode
[ 1024.686464][T18592] xt_hashlimit: size too large, truncated to 1048576
[ 1024.795572][T18593] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3209'.
[ 1025.383966][T18598] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3210'.
[ 1025.451283][T18601] netlink: 14 bytes leftover after parsing attributes in process `syz.6.3211'.
[ 1026.602065][T18601] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1026.625539][T18601] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1026.668890][T18601] bond0 (unregistering): Released all slaves
[ 1027.038100][T18624] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3218'.
[ 1027.822552][T18639] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3221'.
[ 1028.228911][T18650] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3225'.
[ 1028.281824][T18654] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3227'.
[ 1028.471471][T18662] input: syz1 as /devices/virtual/input/input68
[ 1028.733622][   T30] audit: type=1326 audit(2000000532.990:3168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1028.832824][   T30] audit: type=1326 audit(2000000532.990:3169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1029.202851][   T30] audit: type=1326 audit(2000000532.990:3170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1029.319358][   T30] audit: type=1326 audit(2000000532.990:3171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1029.337227][T18675] libceph: resolve '400' (ret=-3): failed
[ 1029.390480][T18684] netlink: 'syz.6.3231': attribute type 10 has an invalid length.
[ 1029.435290][   T30] audit: type=1326 audit(2000000532.990:3172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1029.512992][T18683] FAULT_INJECTION: forcing a failure.
[ 1029.512992][T18683] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[ 1029.526895][T18683] CPU: 0 UID: 0 PID: 18683 Comm: syz.7.3234 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1029.526921][T18683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1029.526931][T18683] Call Trace:
[ 1029.526938][T18683]  <TASK>
[ 1029.526944][T18683]  dump_stack_lvl+0x16c/0x1f0
[ 1029.526973][T18683]  should_fail_ex+0x512/0x640
[ 1029.526992][T18683]  should_fail_alloc_page+0xe7/0x130
[ 1029.527010][T18683]  prepare_alloc_pages+0x3c2/0x610
[ 1029.527021][T18683]  ? rcu_is_watching+0x12/0xc0
[ 1029.527036][T18683]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1029.527054][T18683]  ? __lock_acquire+0x622/0x1c90
[ 1029.527080][T18683]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1029.527096][T18683]  ? weighted_interleave_nid+0x3e6/0x5a0
[ 1029.527116][T18683]  ? __pfx_weighted_interleave_nid+0x10/0x10
[ 1029.527133][T18683]  ? __lock_acquire+0x622/0x1c90
[ 1029.527152][T18683]  ? policy_nodemask+0xea/0x4e0
[ 1029.527169][T18683]  alloc_pages_mpol+0x1fb/0x550
[ 1029.527185][T18683]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1029.527208][T18683]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1029.527228][T18683]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1029.527245][T18683]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1029.527263][T18683]  ? find_held_lock+0x2b/0x80
[ 1029.527276][T18683]  ? __handle_mm_fault+0x1092/0x5490
[ 1029.527291][T18683]  __handle_mm_fault+0x2f21/0x5490
[ 1029.527307][T18683]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1029.527320][T18683]  ? __pte_offset_map_lock+0x174/0x310
[ 1029.527337][T18683]  ? find_held_lock+0x2b/0x80
[ 1029.527349][T18683]  ? find_held_lock+0x2b/0x80
[ 1029.527366][T18683]  ? follow_page_pte+0x3af/0x14c0
[ 1029.527380][T18683]  handle_mm_fault+0x589/0xd10
[ 1029.527395][T18683]  __get_user_pages+0x589/0x3b80
[ 1029.527409][T18683]  ? __pfx_mt_find+0x10/0x10
[ 1029.527420][T18683]  ? __pfx___get_user_pages+0x10/0x10
[ 1029.527436][T18683]  populate_vma_page_range+0x278/0x3a0
[ 1029.527448][T18683]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1029.527459][T18683]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1029.527477][T18683]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[ 1029.527496][T18683]  __mm_populate+0x1d8/0x380
[ 1029.527508][T18683]  ? __pfx___mm_populate+0x10/0x10
[ 1029.527522][T18683]  ? up_write+0x1b2/0x520
[ 1029.527534][T18683]  do_mlock+0x448/0x810
[ 1029.527548][T18683]  ? __fget_files+0x20e/0x3c0
[ 1029.527563][T18683]  ? __pfx_do_mlock+0x10/0x10
[ 1029.527577][T18683]  ? fput+0x70/0xf0
[ 1029.527594][T18683]  ? ksys_write+0x1ac/0x250
[ 1029.527607][T18683]  ? __pfx_ksys_write+0x10/0x10
[ 1029.527624][T18683]  __x64_sys_mlock+0x59/0x80
[ 1029.527638][T18683]  do_syscall_64+0xcd/0x4c0
[ 1029.527656][T18683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1029.527667][T18683] RIP: 0033:0x7fdaee18e929
[ 1029.527676][T18683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1029.527688][T18683] RSP: 002b:00007fdaef01a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[ 1029.527699][T18683] RAX: ffffffffffffffda RBX: 00007fdaee3b5fa0 RCX: 00007fdaee18e929
[ 1029.527706][T18683] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[ 1029.527713][T18683] RBP: 00007fdaef01a090 R08: 0000000000000000 R09: 0000000000000000
[ 1029.527719][T18683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1029.527726][T18683] R13: 0000000000000000 R14: 00007fdaee3b5fa0 R15: 00007ffea3a575c8
[ 1029.527740][T18683]  </TASK>
[ 1029.857761][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1030.679307][   T30] audit: type=1326 audit(2000000532.990:3173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdaee18d3df code=0x7ffc0000
[ 1030.739849][   T30] audit: type=1326 audit(2000000532.990:3174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1030.847782][   T30] audit: type=1326 audit(2000000532.990:3175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18651 comm="syz.7.3226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdaee18e929 code=0x7ffc0000
[ 1030.871251][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1031.147552][T18698] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.3235' sets config #0
[ 1031.862496][T18702] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3238'.
[ 1031.891380][T18702] openvswitch: netlink: Key type 185 is out of range max 32
[ 1032.263368][T18716] netlink: 'syz.6.3243': attribute type 1 has an invalid length.
[ 1032.271292][T18716] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3243'.
[ 1033.017813][T18726] netlink: 348 bytes leftover after parsing attributes in process `syz.1.3246'.
[ 1033.894589][T18737] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1033.925446][T18737] netlink: 'syz.0.3247': attribute type 1 has an invalid length.
[ 1033.963802][T18737] netlink: 'syz.0.3247': attribute type 1 has an invalid length.
[ 1034.009315][   T30] audit: type=1400 audit(2000000538.240:3176): avc:  denied  { listen } for  pid=18736 comm="syz.0.3247" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1034.577502][T18751] /dev/nbd0: Can't open blockdev
[ 1035.751913][T18771] xt_l2tp: v2 doesn't support IP mode
[ 1035.878648][T18776] ksmbd: Daemon and kernel module version mismatch. ksmbd: 124, kernel module: 1. User-space ksmbd should terminate.
[ 1035.909317][   T30] audit: type=1400 audit(2000000540.130:3177): avc:  denied  { bind } for  pid=18774 comm="syz.0.3260" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[ 1035.983610][   T30] audit: type=1400 audit(2000000540.130:3178): avc:  denied  { name_bind } for  pid=18774 comm="syz.0.3260" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[ 1036.060249][   T30] audit: type=1400 audit(2000000540.130:3179): avc:  denied  { node_bind } for  pid=18774 comm="syz.0.3260" saddr=::ffff:172.20.20.31 src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[ 1036.297244][T18785] SET target dimension over the limit!
[ 1037.263946][T18792] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1037.270505][T18792] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1037.296584][T18792] vhci_hcd vhci_hcd.0: Device attached
[ 1037.394087][T18792] vhci_hcd vhci_hcd.0: pdev(0) rhport(1) sockfd(7)
[ 1037.400637][T18792] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1037.457728][T18792] vhci_hcd vhci_hcd.0: Device attached
[ 1037.489316][T18792] vhci_hcd vhci_hcd.0: pdev(0) rhport(2) sockfd(9)
[ 1037.495855][T18792] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1037.610632][T18804] usb usb9: usbfs: interface 0 claimed by hub while 'syz.6.3257' sets config #0
[ 1037.833793][T18792] vhci_hcd vhci_hcd.0: Device attached
[ 1037.955336][T18805] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1038.081668][ T5950] usb 33-1: new low-speed USB device number 4 using vhci_hcd
[ 1038.444132][T18811] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1038.659563][T18799] vhci_hcd: connection closed
[ 1038.669323][T13579] vhci_hcd: stop threads
[ 1038.679325][T18794] vhci_hcd: connection reset by peer
[ 1038.691826][T13579] vhci_hcd: release socket
[ 1038.696360][T13579] vhci_hcd: disconnect device
[ 1038.829136][T18808] vhci_hcd vhci_hcd.0: pdev(0) rhport(4) sockfd(19)
[ 1038.835760][T18808] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1038.838933][    C1] wlan0: beacon TX faster than countdown (channel/color switch) completion
[ 1038.852768][T18802] vhci_hcd: connection closed
[ 1038.869051][T18809] vhci_hcd: connection closed
[ 1038.878857][T18808] vhci_hcd vhci_hcd.0: Device attached
[ 1039.171324][T18811] vhci_hcd vhci_hcd.0: pdev(0) rhport(6) sockfd(24)
[ 1039.177936][T18811] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1039.186263][T18811] vhci_hcd vhci_hcd.0: Device attached
[ 1039.219026][T18813] vhci_hcd: connection closed
[ 1039.232789][T13579] vhci_hcd: stop threads
[ 1039.299865][T13579] vhci_hcd: release socket
[ 1039.308807][T13579] vhci_hcd: disconnect device
[ 1039.317543][T13579] vhci_hcd: stop threads
[ 1039.327263][T18819] sp0: Synchronizing with TNC
[ 1039.337292][T13579] vhci_hcd: release socket
[ 1039.351878][T13579] vhci_hcd: disconnect device
[ 1039.362030][T13579] vhci_hcd: stop threads
[ 1039.371766][T13579] vhci_hcd: release socket
[ 1039.380626][T13579] vhci_hcd: disconnect device
[ 1039.391046][T13579] vhci_hcd: stop threads
[ 1039.411711][T13579] vhci_hcd: release socket
[ 1039.433137][T13579] vhci_hcd: disconnect device
[ 1040.182044][T18833] FAULT_INJECTION: forcing a failure.
[ 1040.182044][T18833] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1040.195248][T18833] CPU: 1 UID: 0 PID: 18833 Comm: syz.7.3272 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1040.195264][T18833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1040.195271][T18833] Call Trace:
[ 1040.195275][T18833]  <TASK>
[ 1040.195279][T18833]  dump_stack_lvl+0x16c/0x1f0
[ 1040.195300][T18833]  should_fail_ex+0x512/0x640
[ 1040.195317][T18833]  _copy_from_user+0x2e/0xd0
[ 1040.195334][T18833]  memdup_user+0x6b/0xe0
[ 1040.195349][T18833]  strndup_user+0x78/0xe0
[ 1040.195364][T18833]  __do_sys_fsconfig+0x86e/0xbe0
[ 1040.195377][T18833]  ? __pfx___do_sys_fsconfig+0x10/0x10
[ 1040.195387][T18833]  ? fput+0x70/0xf0
[ 1040.195409][T18833]  do_syscall_64+0xcd/0x4c0
[ 1040.195427][T18833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.195439][T18833] RIP: 0033:0x7fdaee18e929
[ 1040.195448][T18833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1040.195459][T18833] RSP: 002b:00007fdaef01a038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af
[ 1040.195470][T18833] RAX: ffffffffffffffda RBX: 00007fdaee3b5fa0 RCX: 00007fdaee18e929
[ 1040.195477][T18833] RDX: 0000200000000300 RSI: 0000000000000001 RDI: 0000000000000005
[ 1040.195483][T18833] RBP: 00007fdaef01a090 R08: 0000000000000000 R09: 0000000000000000
[ 1040.195490][T18833] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001
[ 1040.195496][T18833] R13: 0000000000000000 R14: 00007fdaee3b5fa0 R15: 00007ffea3a575c8
[ 1040.195510][T18833]  </TASK>
[ 1040.427187][T18839] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[ 1040.433711][T18839] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1040.554994][T18845] sp0: Synchronizing with TNC
[ 1040.602095][T18839] vhci_hcd vhci_hcd.0: Device attached
[ 1040.735963][T18839] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1040.775737][T18846] vhci_hcd vhci_hcd.0: pdev(7) rhport(1) sockfd(8)
[ 1040.782271][T18846] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1040.807855][T18839] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1040.821633][T18846] vhci_hcd vhci_hcd.0: Device attached
[ 1040.947553][   T43] usb 47-1: new low-speed USB device number 5 using vhci_hcd
[ 1041.112567][T18854] can0: slcan on ttyS3.
[ 1041.482265][T18846] vhci_hcd vhci_hcd.0: pdev(7) rhport(4) sockfd(20)
[ 1041.488862][T18846] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1041.502632][T18846] vhci_hcd vhci_hcd.0: Device attached
[ 1041.952299][T18855] vhci_hcd: connection closed
[ 1041.952546][T16554] vhci_hcd: stop threads
[ 1041.970360][T18848] vhci_hcd: connection closed
[ 1041.973818][T16554] vhci_hcd: release socket
[ 1041.983167][T18841] vhci_hcd: connection reset by peer
[ 1041.991059][T18851] can0 (unregistered): slcan off ttyS3.
[ 1042.060924][T16554] vhci_hcd: disconnect device
[ 1042.065881][T16554] vhci_hcd: stop threads
[ 1042.070685][T16554] vhci_hcd: release socket
[ 1042.075168][T16554] vhci_hcd: disconnect device
[ 1042.082866][T16554] vhci_hcd: stop threads
[ 1042.087118][T16554] vhci_hcd: release socket
[ 1042.092739][T16554] vhci_hcd: disconnect device
[ 1042.389369][ T5870] usb 2-1: new low-speed USB device number 92 using dummy_hcd
[ 1042.415498][T18880] dummy0: entered promiscuous mode
[ 1042.428425][T18880] macsec1: entered promiscuous mode
[ 1042.436477][T18880] macsec1: entered allmulticast mode
[ 1042.442639][T18880] dummy0: entered allmulticast mode
[ 1042.452023][T18880] dummy0: left allmulticast mode
[ 1042.457667][T18880] dummy0: left promiscuous mode
[ 1042.557693][ T5870] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[ 1042.593974][ T5870] usb 2-1: config 0 has no interface number 0
[ 1042.639305][ T5870] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[ 1042.655819][ T5870] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[ 1042.669871][ T5870] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1042.678917][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1042.707730][ T5870] usb 2-1: config 0 descriptor??
[ 1042.737298][T18875] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1042.769149][ T5870] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[ 1042.922699][T18901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=48424 sclass=netlink_route_socket pid=18901 comm=syz.0.3290
[ 1043.114678][   T30] audit: type=1400 audit(2000000547.370:3180): avc:  denied  { ioctl } for  pid=18908 comm="syz.0.3292" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x9425 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[ 1043.179526][ T5950] vhci_hcd: vhci_device speed not set
[ 1043.198456][T18875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1043.207136][T18875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1043.217471][T18875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1043.226196][T18875] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1043.277007][T11964] usb 2-1: USB disconnect, device number 92
[ 1043.419707][ T5870] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[ 1043.589480][ T5870] usb 1-1: device descriptor read/64, error -71
[ 1043.849384][ T5870] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[ 1044.151203][T18926] netlink: 68 bytes leftover after parsing attributes in process `syz.7.3295'.
[ 1044.211043][ T5870] usb 1-1: device descriptor read/64, error -71
[ 1044.279550][ T5947] usb 7-1: new high-speed USB device number 44 using dummy_hcd
[ 1044.330870][ T5870] usb usb1-port1: attempt power cycle
[ 1044.337291][T18936] overlayfs: failed to clone upperpath
[ 1044.439310][ T5947] usb 7-1: Using ep0 maxpacket: 32
[ 1044.446179][ T5947] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1044.457031][ T5947] usb 7-1: config 0 has no interface number 0
[ 1044.465972][ T5947] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1044.493350][ T5947] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1044.501657][ T5947] usb 7-1: Product: syz
[ 1044.506003][ T5947] usb 7-1: Manufacturer: syz
[ 1044.510677][ T5947] usb 7-1: SerialNumber: syz
[ 1044.518895][ T5947] usb 7-1: config 0 descriptor??
[ 1044.527314][ T5947] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1044.679411][ T5870] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[ 1044.700226][ T5870] usb 1-1: device descriptor read/8, error -71
[ 1044.732556][ T5947] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1044.747214][ T5947] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1044.929873][T18919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1044.938371][T18919] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1044.940737][ T5870] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[ 1044.970300][ T5870] usb 1-1: device descriptor read/8, error -71
[ 1045.079528][ T5870] usb usb1-port1: unable to enumerate USB device
[ 1045.156228][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1045.157040][ T5870] usb 7-1: USB disconnect, device number 44
[ 1045.172280][ T5870] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1045.190625][ T5870] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1045.212303][ T5870] quatech2 7-1:0.51: device disconnected
[ 1045.220132][T18945] xt_l2tp: v2 doesn't support IP mode
[ 1045.297913][T18947] xt_recent: Unsupported userspace flags (000000de)
[ 1045.467790][T18954] netlink: 'syz.3.3306': attribute type 4 has an invalid length.
[ 1045.497045][T18954] netlink: 'syz.3.3306': attribute type 4 has an invalid length.
[ 1045.520762][T18954] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1011 sclass=netlink_route_socket pid=18954 comm=syz.3.3306
[ 1045.656372][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.742181][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.760230][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.772184][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.782968][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.960689][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.969687][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.978602][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1045.987718][T18957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3307'.
[ 1046.150062][   T43] vhci_hcd: vhci_device speed not set
[ 1046.385519][T18969] sp0: Synchronizing with TNC
[ 1046.927119][T18972] sp0: Synchronizing with TNC
[ 1047.163643][T18983] input: syz1 as /devices/virtual/input/input69
[ 1047.792928][T18976] IPVS: set_ctl: invalid protocol: 12 224.0.0.2:149
[ 1048.092557][T18991] pim6reg: entered allmulticast mode
[ 1048.101757][T18991] pim6reg: left allmulticast mode
[ 1048.642516][T18995] sp0: Synchronizing with TNC
[ 1051.532904][T19047] __nla_validate_parse: 45 callbacks suppressed
[ 1051.532922][T19047] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3333'.
[ 1051.642371][T19048] usb usb9: usbfs: interface 0 claimed by hub while 'syz.7.3331' sets config #0
[ 1052.416753][T19055] tipc: Failed to remove unknown binding: 66,1,1/0:158330217/158330219
[ 1052.425115][T19055] tipc: Failed to remove unknown binding: 66,1,1/0:158330217/158330219
[ 1053.916985][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1053.924650][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.459041][T19077] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3342'.
[ 1054.607902][T19077] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3342'.
[ 1054.621645][T19077] netlink: 'syz.3.3342': attribute type 5 has an invalid length.
[ 1054.636251][T19077] netlink: 43 bytes leftover after parsing attributes in process `syz.3.3342'.
[ 1054.804486][T19085] can0: slcan on ttyS3.
[ 1054.832230][ T5950] usb 1-1: new high-speed USB device number 89 using dummy_hcd
[ 1054.862977][T19085] can0 (unregistered): slcan off ttyS3.
[ 1055.139348][ T5950] usb 1-1: Using ep0 maxpacket: 32
[ 1055.146232][ T5950] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 1055.193862][ T5950] usb 1-1: config 0 has no interface number 0
[ 1055.235739][ T5950] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1055.273649][ T5950] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1055.314919][ T5950] usb 1-1: Product: syz
[ 1055.334968][ T5950] usb 1-1: Manufacturer: syz
[ 1055.355847][ T5950] usb 1-1: SerialNumber: syz
[ 1055.373456][ T5950] usb 1-1: config 0 descriptor??
[ 1055.395751][ T5950] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1055.408481][T19099] netlink: 'syz.3.3349': attribute type 3 has an invalid length.
[ 1055.810236][T19078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1055.819421][T19078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1056.015368][ T5950] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1056.029729][ T5950] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1056.216668][    C0] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1056.225483][ T5950] usb 1-1: USB disconnect, device number 89
[ 1056.234333][ T5950] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1056.249363][ T5950] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1056.261077][ T5950] quatech2 1-1:0.51: device disconnected
[ 1056.330155][T19109] afs: Unknown parameter 'dynj�'
[ 1056.602963][   T30] audit: type=1400 audit(2000000560.840:3181): avc:  denied  { setopt } for  pid=19107 comm="syz.1.3353" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[ 1057.049383][ T5870] usb 2-1: new full-speed USB device number 93 using dummy_hcd
[ 1057.258235][ T5870] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31
[ 1057.270310][ T5870] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1057.289923][ T5870] usb 2-1: config 0 descriptor??
[ 1057.328284][ T5870] usb 2-1: selecting invalid altsetting 3
[ 1057.334318][ T5870] comedi comedi0: could not set alternate setting 3 in high speed
[ 1057.366416][ T5870] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device.
[ 1057.450565][ T5870] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22
[ 1057.691608][T19126] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3359'.
[ 1057.892391][   T30] audit: type=1400 audit(2000000562.150:3182): avc:  denied  { write } for  pid=19129 comm="syz.6.3361" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[ 1058.057730][T19136] batadv_slave_1: entered promiscuous mode
[ 1058.080493][T19136] team0: Device gtp0 is of different type
[ 1058.185969][T19135] batadv_slave_1: left promiscuous mode
[ 1058.376887][T19145] xt_cluster: node mask cannot exceed total number of nodes
[ 1059.350099][ T5947] usb 2-1: USB disconnect, device number 93
[ 1059.426657][T19158] usb usb9: usbfs: interface 0 claimed by hub while 'syz.7.3369' sets config #0
[ 1060.761868][T19167] input: syz1 as /devices/virtual/input/input70
[ 1062.625639][T19208] usb usb9: usbfs: interface 0 claimed by hub while 'syz.0.3383' sets config #0
[ 1063.667321][T19215] input: syz1 as /devices/virtual/input/input71
[ 1064.480985][T19229] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3391'.
[ 1064.933240][T19243] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.3396' sets config #0
[ 1065.509460][T19251] input: syz1 as /devices/virtual/input/input72
[ 1065.973952][T19260] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3401'.
[ 1067.057167][T19266] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1067.251888][T19281] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3405'.
[ 1069.126392][T19309] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1069.793040][T19312] netlink: 112 bytes leftover after parsing attributes in process `syz.0.3414'.
[ 1069.873446][   T30] audit: type=1400 audit(2000000574.100:3183): avc:  denied  { lock } for  pid=19315 comm="syz.7.3416" path="socket:[64223]" dev="sockfs" ino=64223 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1069.996596][T19325] bridge0: entered allmulticast mode
[ 1070.004854][T19325] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3420'.
[ 1070.031015][T19325] bridge_slave_1: left allmulticast mode
[ 1070.064534][T19326] netlink: 48 bytes leftover after parsing attributes in process `syz.7.3420'.
[ 1070.103583][T19325] bridge_slave_1: left promiscuous mode
[ 1070.135234][T19325] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1070.147280][T19319] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1070.155043][T19319] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1070.162336][T19319] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1070.228157][T19333] usb usb9: usbfs: interface 0 claimed by hub while 'syz.6.3418' sets config #0
[ 1070.270935][T19325] bridge_slave_0: left allmulticast mode
[ 1070.289075][T19319] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1070.314764][T19319] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1070.370469][T19325] bridge_slave_0: left promiscuous mode
[ 1070.420324][T19332] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3422'.
[ 1070.473652][T19325] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1070.488577][T19319] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1070.528976][T19335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3422'.
[ 1070.600563][T19319] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1070.639172][T19337] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw
[ 1070.649786][T19325] bridge0 (unregistering): left allmulticast mode
[ 1070.856099][T19332] dummy0: entered promiscuous mode
[ 1070.863487][T19332] macvtap1: entered promiscuous mode
[ 1070.870055][T19332] macvtap1: entered allmulticast mode
[ 1070.875665][T19332] dummy0: entered allmulticast mode
[ 1072.060340][T19335] dummy0: left allmulticast mode
[ 1072.061059][T19346] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3426'.
[ 1072.065458][T19335] dummy0: left promiscuous mode
[ 1072.139417][ T5826] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1072.289968][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1072.304140][T19348] fuse: Unknown parameter '�9��'
[ 1072.428102][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1074.096085][T19362] sp0: Synchronizing with TNC
[ 1074.299439][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1074.705447][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1074.721892][T19372] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1074.974696][T19379] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter'
[ 1076.389562][ T5826] Bluetooth: hci5: command 0x0c1a tx timeout
[ 1076.779453][ T5826] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1078.091769][T19412] tipc: Failed to remove unknown binding: 66,1,1/0:2061504192/2061504194
[ 1078.100343][T19412] tipc: Failed to remove unknown binding: 66,1,1/0:2061504192/2061504194
[ 1078.493605][T19424] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[ 1079.680771][   T30] audit: type=1400 audit(2000000583.900:3184): avc:  denied  { setopt } for  pid=19426 comm="syz.6.3453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1079.870775][   T30] audit: type=1400 audit(2000000584.100:3185): avc:  denied  { write } for  pid=19426 comm="syz.6.3453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1080.071158][   T30] audit: type=1400 audit(2000000584.150:3186): avc:  denied  { read } for  pid=19426 comm="syz.6.3453" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[ 1080.410231][T19444] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3458'.
[ 1083.069011][T19487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1083.078581][T19487] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1083.329428][ T1208] usb 7-1: new high-speed USB device number 45 using dummy_hcd
[ 1083.341169][T19491] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3472'.
[ 1083.511833][ T1208] usb 7-1: Using ep0 maxpacket: 32
[ 1083.543027][ T1208] usb 7-1: config 0 interface 0 altsetting 17 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1083.579834][ T1208] usb 7-1: config 0 interface 0 altsetting 17 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1083.650051][ T1208] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1083.667344][T19497] syz.1.3473 (19497): /proc/19496/oom_adj is deprecated, please use /proc/19496/oom_score_adj instead.
[ 1083.672791][ T1208] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[ 1083.745060][ T1208] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1083.755241][ T1208] usb 7-1: config 0 descriptor??
[ 1083.773722][T19503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3475'.
[ 1083.970508][ T1208] usbhid 7-1:0.0: can't add hid device: -71
[ 1083.984418][ T1208] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1084.010663][ T1208] usb 7-1: USB disconnect, device number 45
[ 1084.538804][ T1091] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1086.461678][ T5826] Bluetooth: hci2: Opcode 0x1003 failed: -110
[ 1086.686835][T19545] usb usb9: usbfs: interface 0 claimed by hub while 'syz.6.3488' sets config #0
[ 1087.395614][T19555] [U] v�3��f��"S��/��4:�XTz�W�t��lW��=
[ 1087.403075][T19555] [U] J"�e:��"


[ 1087.577465][ T1208] usb 2-1: new high-speed USB device number 94 using dummy_hcd
[ 1088.179423][ T1208] usb 2-1: Using ep0 maxpacket: 8
[ 1088.193050][ T1208] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 1088.221039][ T1208] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1088.239319][ T1208] usb 2-1: Product: syz
[ 1088.243502][ T1208] usb 2-1: Manufacturer: syz
[ 1088.248090][ T1208] usb 2-1: SerialNumber: syz
[ 1088.276357][ T1208] usb 2-1: config 0 descriptor??
[ 1088.291894][ T1208] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 1088.857879][ T1208] gspca_sq930x: reg_r 001f failed -110
[ 1088.870162][ T1208] sq930x 2-1:0.0: probe with driver sq930x failed with error -110
[ 1089.826447][T19580] tipc: Started in network mode
[ 1089.841959][T19580] tipc: Node identity 4, cluster identity 4711
[ 1089.848337][T19580] tipc: Node number set to 4
[ 1090.861597][T19607] netlink: 'syz.7.3507': attribute type 11 has an invalid length.
[ 1091.730271][ T1208] usb 2-1: USB disconnect, device number 94
[ 1091.866052][T19613] xt_l2tp: v2 doesn't support IP mode
[ 1092.817805][T19645] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3518'.
[ 1092.905950][T19645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3518'.
[ 1093.042004][T19645] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3518'.
[ 1093.334571][ T5947] usb 2-1: new high-speed USB device number 95 using dummy_hcd
[ 1093.884116][ T5947] usb 2-1: device descriptor read/64, error -71
[ 1094.086479][T19673] xt_l2tp: v2 doesn't support IP mode
[ 1094.328554][ T5947] usb 2-1: new high-speed USB device number 96 using dummy_hcd
[ 1094.570123][ T5947] usb 2-1: device descriptor read/64, error -71
[ 1094.690580][ T5947] usb usb2-port1: attempt power cycle
[ 1095.129267][ T5947] usb 2-1: new high-speed USB device number 97 using dummy_hcd
[ 1095.250939][ T5947] usb 2-1: device descriptor read/8, error -71
[ 1095.486468][T19696] ubi: mtd0 is already attached to ubi31
[ 1097.492621][T19731] input: syz1 as /devices/virtual/input/input73
[ 1097.781580][T19736] sp0: Synchronizing with TNC
[ 1099.299290][ T5947] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[ 1099.835677][T19770] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3549'.
[ 1099.850026][T19764] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.3549'.
[ 1099.869438][ T5947] usb 1-1: device descriptor read/64, error -71
[ 1100.229850][T11964] usb 2-1: new high-speed USB device number 99 using dummy_hcd
[ 1100.299310][ T5947] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[ 1100.399263][T11964] usb 2-1: Using ep0 maxpacket: 16
[ 1100.410809][T11964] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1100.429455][ T5947] usb 1-1: device descriptor read/64, error -71
[ 1100.479734][T11964] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87
[ 1100.498730][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 152, changing to 11
[ 1100.607512][ T5947] usb usb1-port1: attempt power cycle
[ 1100.614077][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 8285, setting to 1024
[ 1100.627912][T11964] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 1100.829442][T11964] usb 2-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89
[ 1100.866314][T11964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1100.878110][T11964] usb 2-1: Product: syz
[ 1100.949452][ T5947] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[ 1100.974150][T11964] usb 2-1: Manufacturer: syz
[ 1100.980372][T11964] usb 2-1: SerialNumber: syz
[ 1100.990613][T11964] usb 2-1: config 0 descriptor??
[ 1100.999939][ T5947] usb 1-1: device descriptor read/8, error -71
[ 1101.249407][ T5947] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[ 1101.299830][T11964] appledisplay 2-1:0.0: Error while getting initial brightness: -110
[ 1101.308312][ T5947] usb 1-1: device descriptor read/8, error -71
[ 1101.336504][T11964] appledisplay 2-1:0.0: probe with driver appledisplay failed with error -110
[ 1101.450652][ T5947] usb usb1-port1: unable to enumerate USB device
[ 1102.545413][T19768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1102.578683][T19814] sp0: Synchronizing with TNC
[ 1102.592352][T19768] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1102.725321][ T5947] usb 2-1: USB disconnect, device number 99
[ 1103.661155][T19847] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3573'.
[ 1103.839820][ T5950] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[ 1104.059569][ T5950] usb 1-1: Using ep0 maxpacket: 8
[ 1104.327242][ T5950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1104.446962][T19859] sp0: Synchronizing with TNC
[ 1104.635177][ T5950] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1104.645063][ T5950] usb 1-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00
[ 1104.654804][ T5950] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1104.676555][ T5950] usb 1-1: config 0 descriptor??
[ 1104.734422][T19863] overlayfs: failed to clone upperpath
[ 1104.894830][T19871] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3581'.
[ 1104.905714][T19871] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1104.913413][T19871] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1104.965357][T19869] netlink: 60 bytes leftover after parsing attributes in process `syz.1.3579'.
[ 1105.028372][T19877] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3583'.
[ 1105.153983][ T5950] usbhid 1-1:0.0: can't add hid device: -71
[ 1105.181277][ T5950] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[ 1105.204556][ T5950] usb 1-1: USB disconnect, device number 94
[ 1105.230215][T19877] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1105.239720][T19879] SELinux:  Context � is not valid (left unmapped).
[ 1105.248103][T19877] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1105.270822][T19877] bond0 (unregistering): Released all slaves
[ 1105.469425][    T9] usb 7-1: new high-speed USB device number 46 using dummy_hcd
[ 1105.536572][T19891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1105.545264][T19891] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1105.640082][    T9] usb 7-1: Using ep0 maxpacket: 32
[ 1105.646921][    T9] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1105.658793][    T9] usb 7-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[ 1105.668559][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1105.676847][    T9] usb 7-1: Product: syz
[ 1105.681517][    T9] usb 7-1: Manufacturer: syz
[ 1105.686121][    T9] usb 7-1: SerialNumber: syz
[ 1105.694011][    T9] usb 7-1: config 0 descriptor??
[ 1105.773966][ T5950] usb 2-1: new high-speed USB device number 100 using dummy_hcd
[ 1105.906166][ T5947] usb 7-1: USB disconnect, device number 46
[ 1106.003273][ T5950] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[ 1106.015387][ T5950] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[ 1106.025878][ T5950] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[ 1106.035634][ T5950] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[ 1106.046744][ T5950] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[ 1106.059107][ T5950] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[ 1106.068374][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[ 1106.076380][ T5950] usb 2-1: Product: syz
[ 1106.083050][ T5950] usb 2-1: Manufacturer: syz
[ 1106.093230][ T5950] cdc_wdm 2-1:1.0: skipping garbage
[ 1106.098456][ T5950] cdc_wdm 2-1:1.0: skipping garbage
[ 1106.105700][ T5950] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[ 1106.111648][ T5950] cdc_wdm 2-1:1.0: Unknown control protocol
[ 1106.326635][ T5947] usb 2-1: USB disconnect, device number 100
[ 1106.375842][T19913] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3597'.
[ 1106.386342][T19913] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3597'.
[ 1106.664987][T19918] sp0: Synchronizing with TNC
[ 1106.930672][T19923] FAULT_INJECTION: forcing a failure.
[ 1106.930672][T19923] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1106.944689][T19923] CPU: 0 UID: 0 PID: 19923 Comm: syz.0.3600 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1106.944715][T19923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1106.944726][T19923] Call Trace:
[ 1106.944733][T19923]  <TASK>
[ 1106.944741][T19923]  dump_stack_lvl+0x16c/0x1f0
[ 1106.944772][T19923]  should_fail_ex+0x512/0x640
[ 1106.944801][T19923]  should_fail_alloc_page+0xe7/0x130
[ 1106.944829][T19923]  prepare_alloc_pages+0x3c2/0x610
[ 1106.944853][T19923]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[ 1106.944890][T19923]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1106.944915][T19923]  ? weighted_interleave_nid+0x3e6/0x5a0
[ 1106.944949][T19923]  ? __pfx_weighted_interleave_nid+0x10/0x10
[ 1106.944978][T19923]  ? lock_acquire+0x179/0x350
[ 1106.945009][T19923]  ? policy_nodemask+0xea/0x4e0
[ 1106.945036][T19923]  alloc_pages_mpol+0x1fb/0x550
[ 1106.945063][T19923]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1106.945096][T19923]  folio_alloc_mpol_noprof+0x36/0x2f0
[ 1106.945127][T19923]  vma_alloc_folio_noprof+0xed/0x1e0
[ 1106.945160][T19923]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1106.945187][T19923]  ? find_held_lock+0x2b/0x80
[ 1106.945209][T19923]  ? __handle_mm_fault+0x1092/0x5490
[ 1106.945235][T19923]  __handle_mm_fault+0x2f21/0x5490
[ 1106.945263][T19923]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1106.945284][T19923]  ? __pte_offset_map_lock+0x174/0x310
[ 1106.945312][T19923]  ? find_held_lock+0x2b/0x80
[ 1106.945331][T19923]  ? find_held_lock+0x2b/0x80
[ 1106.945360][T19923]  ? follow_page_pte+0x3af/0x14c0
[ 1106.945383][T19923]  handle_mm_fault+0x589/0xd10
[ 1106.945409][T19923]  __get_user_pages+0x589/0x3b80
[ 1106.945434][T19923]  ? __pfx_mt_find+0x10/0x10
[ 1106.945453][T19923]  ? __pfx___get_user_pages+0x10/0x10
[ 1106.945481][T19923]  populate_vma_page_range+0x278/0x3a0
[ 1106.945502][T19923]  ? __pfx_populate_vma_page_range+0x10/0x10
[ 1106.945520][T19923]  ? __pfx_find_vma_intersection+0x10/0x10
[ 1106.945549][T19923]  ? __pfx_apply_vma_lock_flags+0x10/0x10
[ 1106.945576][T19923]  __mm_populate+0x1d8/0x380
[ 1106.945596][T19923]  ? __pfx___mm_populate+0x10/0x10
[ 1106.945616][T19923]  ? up_write+0x1b2/0x520
[ 1106.945637][T19923]  do_mlock+0x448/0x810
[ 1106.945660][T19923]  ? __fget_files+0x20e/0x3c0
[ 1106.945684][T19923]  ? __pfx_do_mlock+0x10/0x10
[ 1106.945708][T19923]  ? fput+0x70/0xf0
[ 1106.945735][T19923]  ? ksys_write+0x1ac/0x250
[ 1106.945757][T19923]  ? __pfx_ksys_write+0x10/0x10
[ 1106.945785][T19923]  __x64_sys_mlock+0x59/0x80
[ 1106.945808][T19923]  do_syscall_64+0xcd/0x4c0
[ 1106.945836][T19923]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1106.945855][T19923] RIP: 0033:0x7f926578e929
[ 1106.945871][T19923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1106.945888][T19923] RSP: 002b:00007f92666a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[ 1106.945906][T19923] RAX: ffffffffffffffda RBX: 00007f92659b6080 RCX: 00007f926578e929
[ 1106.945918][T19923] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[ 1106.945929][T19923] RBP: 00007f92666a4090 R08: 0000000000000000 R09: 0000000000000000
[ 1106.945941][T19923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1106.945952][T19923] R13: 0000000000000000 R14: 00007f92659b6080 R15: 00007ffe9e7b5868
[ 1106.945977][T19923]  </TASK>
[ 1107.269999][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1108.105757][T19934] FAULT_INJECTION: forcing a failure.
[ 1108.105757][T19934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1108.106344][T19934] CPU: 1 UID: 0 PID: 19934 Comm: syz.0.3605 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1108.106367][T19934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1108.106378][T19934] Call Trace:
[ 1108.106384][T19934]  <TASK>
[ 1108.106391][T19934]  dump_stack_lvl+0x16c/0x1f0
[ 1108.106424][T19934]  should_fail_ex+0x512/0x640
[ 1108.106449][T19934]  _copy_from_user+0x2e/0xd0
[ 1108.106475][T19934]  copy_msghdr_from_user+0x98/0x160
[ 1108.106500][T19934]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 1108.106530][T19934]  ? lock_acquire+0x179/0x350
[ 1108.106558][T19934]  ? find_held_lock+0x2b/0x80
[ 1108.106582][T19934]  ___sys_sendmsg+0xfe/0x1d0
[ 1108.106605][T19934]  ? rcu_is_watching+0x12/0xc0
[ 1108.106627][T19934]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1108.106649][T19934]  ? __lock_acquire+0x622/0x1c90
[ 1108.106703][T19934]  __sys_sendmsg+0x16d/0x220
[ 1108.106728][T19934]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1108.106751][T19934]  ? rcu_is_watching+0x12/0xc0
[ 1108.106781][T19934]  ? trace_irq_enable.constprop.0+0x2f/0x120
[ 1108.106806][T19934]  do_syscall_64+0xcd/0x4c0
[ 1108.106835][T19934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1108.106853][T19934] RIP: 0033:0x7f926578e929
[ 1108.106868][T19934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1108.106884][T19934] RSP: 002b:00007f92666c5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1108.106901][T19934] RAX: ffffffffffffffda RBX: 00007f92659b5fa0 RCX: 00007f926578e929
[ 1108.106913][T19934] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1108.106924][T19934] RBP: 00007f92666c5090 R08: 0000000000000000 R09: 0000000000000000
[ 1108.106934][T19934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1108.106945][T19934] R13: 0000000000000000 R14: 00007f92659b5fa0 R15: 00007ffe9e7b5868
[ 1108.106968][T19934]  </TASK>
[ 1109.949302][    T9] usb 7-1: new high-speed USB device number 47 using dummy_hcd
[ 1109.957833][T19977] syz.1.3614: attempt to access beyond end of device
[ 1109.957833][T19977] loop1: rw=2048, sector=2, nr_sectors = 1 limit=0
[ 1109.971112][T19977] hfsplus: unable to find HFS+ superblock
[ 1111.260184][    T9] usb 7-1: Using ep0 maxpacket: 32
[ 1111.275694][    T9] usb 7-1: config 0 interface 0 has no altsetting 0
[ 1111.288286][    T9] usb 7-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[ 1111.748557][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1111.778429][    T9] usb 7-1: config 0 descriptor??
[ 1111.873407][T19991] sp0: Synchronizing with TNC
[ 1112.350264][    T9] usbhid 7-1:0.0: can't add hid device: -71
[ 1112.356734][    T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1112.485618][T19999] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1112.931195][    T9] usb 7-1: USB disconnect, device number 47
[ 1114.242118][   T30] audit: type=1400 audit(2000001131.488:3187): avc:  denied  { read } for  pid=20009 comm="syz.3.3625" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1114.953932][   T30] audit: type=1400 audit(2000001132.138:3188): avc:  denied  { append } for  pid=20025 comm="syz.1.3629" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[ 1115.828803][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.835245][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1117.082678][T20031] sp0: Synchronizing with TNC
[ 1117.331467][   T30] audit: type=1400 audit(2000001363.582:3189): avc:  denied  { create } for  pid=20042 comm="syz.1.3635" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_dnrt_socket permissive=1
[ 1117.351721][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1117.921861][T20049] netlink: 'syz.0.3634': attribute type 11 has an invalid length.
[ 1117.929829][T20049] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3634'.
[ 1118.402055][T20058] PKCS7: Unknown OID: [4] 2.19.13055.1334505.0.0.0.0
[ 1119.410506][ T7897] wlan1: Trigger new scan to find an IBSS to join
[ 1119.943781][T20058] PKCS7: Only support pkcs7_signedData type
[ 1120.102268][T20075] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[ 1120.108778][T20075] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1120.372624][T20075] vhci_hcd vhci_hcd.0: Device attached
[ 1120.394617][T20072] netlink: 348 bytes leftover after parsing attributes in process `syz.6.3639'.
[ 1120.434703][T20082] vhci_hcd vhci_hcd.0: pdev(7) rhport(1) sockfd(8)
[ 1120.441257][T20082] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1120.479244][T20086] sp0: Synchronizing with TNC
[ 1120.727556][   T24] usb 47-1: new low-speed USB device number 6 using vhci_hcd
[ 1120.741870][T20075] vhci_hcd vhci_hcd.0: pdev(7) rhport(2) sockfd(7)
[ 1120.748391][T20075] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[ 1120.819999][T20089] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1120.858994][T20082] vhci_hcd vhci_hcd.0: Device attached
[ 1120.873248][T20075] vhci_hcd vhci_hcd.0: Device attached
[ 1121.213510][T20093] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1121.217078][T20082] vhci_hcd vhci_hcd.0: pdev(7) rhport(4) sockfd(19)
[ 1121.228187][T20082] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1121.759693][T20093] vhci_hcd vhci_hcd.0: pdev(7) rhport(6) sockfd(24)
[ 1121.766317][T20093] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1121.789829][T20093] vhci_hcd vhci_hcd.0: Device attached
[ 1121.796039][T20082] vhci_hcd vhci_hcd.0: Device attached
[ 1122.868694][T20104] vhci_hcd: connection closed
[ 1122.869370][   T36] vhci_hcd: stop threads
[ 1123.678786][   T36] vhci_hcd: release socket
[ 1123.683340][   T36] vhci_hcd: disconnect device
[ 1123.751453][T20085] vhci_hcd: connection closed
[ 1123.753117][T20083] vhci_hcd: connection closed
[ 1123.753119][T20078] vhci_hcd: connection reset by peer
[ 1123.753269][T20098] vhci_hcd: connection closed
[ 1123.759387][ T7913] vhci_hcd: stop threads
[ 1124.263005][ T7913] vhci_hcd: release socket
[ 1124.268647][ T7913] vhci_hcd: disconnect device
[ 1124.283879][ T7913] vhci_hcd: stop threads
[ 1124.288228][ T7913] vhci_hcd: release socket
[ 1124.299841][   T36] wlan1: Trigger new scan to find an IBSS to join
[ 1124.310821][ T7913] vhci_hcd: disconnect device
[ 1124.389481][ T7913] vhci_hcd: stop threads
[ 1124.394669][ T7913] vhci_hcd: release socket
[ 1124.405881][ T7913] vhci_hcd: disconnect device
[ 1124.563859][ T7913] vhci_hcd: stop threads
[ 1124.629251][ T7913] vhci_hcd: release socket
[ 1125.439439][ T7913] vhci_hcd: disconnect device
[ 1125.988155][   T24] vhci_hcd: vhci_device speed not set
[ 1126.250460][T17174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1126.329566][ T5947] usb 7-1: new high-speed USB device number 48 using dummy_hcd
[ 1126.499413][ T5947] usb 7-1: Using ep0 maxpacket: 32
[ 1126.510914][ T5947] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[ 1126.531081][ T5947] usb 7-1: config 0 has no interface number 0
[ 1126.556193][ T5947] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1126.582659][ T5947] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1126.605381][T20161] xt_l2tp: v2 doesn't support IP mode
[ 1126.624823][ T5947] usb 7-1: Product: syz
[ 1126.645860][ T5947] usb 7-1: Manufacturer: syz
[ 1126.667679][ T5947] usb 7-1: SerialNumber: syz
[ 1126.693668][ T5947] usb 7-1: config 0 descriptor??
[ 1126.802248][ T5947] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1126.929416][ T5921] usb 1-1: new high-speed USB device number 95 using dummy_hcd
[ 1127.382649][ T5947] usb 7-1: qt2_attach - failed to power on unit: -71
[ 1127.416922][ T5947] quatech2 7-1:0.51: probe with driver quatech2 failed with error -71
[ 1127.439711][ T5947] usb 7-1: USB disconnect, device number 48
[ 1127.506950][T20171] Can't find a SQUASHFS superblock on nullb0
[ 1127.616175][T20147] geneve0: entered promiscuous mode
[ 1127.632855][T20147] geneve0: entered allmulticast mode
[ 1127.784770][T11964] usb 2-1: new high-speed USB device number 101 using dummy_hcd
[ 1127.986430][T11964] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[ 1128.006551][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[ 1128.024344][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[ 1128.139322][T11964] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[ 1128.249373][T11964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1128.301126][T11964] usb 2-1: Product: syz
[ 1128.305399][T11964] usb 2-1: Manufacturer: syz
[ 1128.321129][T11964] usb 2-1: SerialNumber: syz
[ 1128.357089][T11964] usb 2-1: config 0 descriptor??
[ 1128.495019][ T5921] usb 1-1: unable to get BOS descriptor or descriptor too short
[ 1128.511283][ T5921] usb 1-1: unable to read config index 0 descriptor/start: -71
[ 1128.529109][ T5921] usb 1-1: can't read configurations, error -71
[ 1128.669467][   T50] Bluetooth: hci1: Malformed LE Event: 0x1b
[ 1129.333242][T20215] xt_l2tp: v2 doesn't support IP mode
[ 1130.208408][T20234] dvmrp8: entered allmulticast mode
[ 1131.882670][T20246] input: syz1 as /devices/virtual/input/input76
[ 1132.680412][T20261] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3687'.
[ 1132.849979][T20268] netlink: 'syz.7.3687': attribute type 10 has an invalid length.
[ 1132.969507][    T9] usb 7-1: new full-speed USB device number 49 using dummy_hcd
[ 1133.226403][   T30] audit: type=1400 audit(2000001379.482:3190): avc:  denied  { bind } for  pid=20260 comm="syz.7.3687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1133.434787][T20275] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3689'.
[ 1133.497313][T20277] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3690'.
[ 1133.510098][T20278] xt_hashlimit: max too large, truncated to 1048576
[ 1133.530317][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[ 1133.548920][    T9] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[ 1133.576855][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[ 1133.602022][    T9] usb 7-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[ 1133.613776][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1133.622031][    T9] usb 7-1: Product: syz
[ 1133.626283][    T9] usb 7-1: Manufacturer: syz
[ 1133.630997][    T9] usb 7-1: SerialNumber: syz
[ 1133.638240][    T9] usb 7-1: config 0 descriptor??
[ 1133.654515][T20263] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1133.663355][T20263] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[ 1133.685337][    T9] usb 7-1: ucan: probing device on interface #0
[ 1134.330498][    T9] usb 7-1: ucan: device reported invalid device info
[ 1134.363448][    T9] usb 7-1: ucan: probe failed; try to update the device firmware
[ 1134.513645][    T9] usb 7-1: USB disconnect, device number 49
[ 1135.433140][T20293] xt_l2tp: v2 doesn't support IP mode
[ 1135.568363][T20301] 9pnet_fd: Insufficient options for proto=fd
[ 1136.235661][T20305] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1136.565368][   T30] audit: type=1400 audit(2000001382.822:3191): avc:  denied  { append } for  pid=20310 comm="syz.7.3701" name="ptp0" dev="devtmpfs" ino=1266 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[ 1136.566682][T20313] ubi: mtd0 is already attached to ubi31
[ 1137.339442][   T24] usb 1-1: new high-speed USB device number 97 using dummy_hcd
[ 1137.589263][   T24] usb 1-1: Using ep0 maxpacket: 32
[ 1137.603368][   T24] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[ 1137.619026][   T24] usb 1-1: config 0 has no interface number 0
[ 1137.715915][T20329] usb usb9: usbfs: interface 0 claimed by hub while 'syz.6.3705' sets config #0
[ 1138.088245][   T24] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[ 1138.097820][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1138.106151][   T24] usb 1-1: Product: syz
[ 1138.119349][   T24] usb 1-1: Manufacturer: syz
[ 1138.124299][   T24] usb 1-1: SerialNumber: syz
[ 1138.186645][   T24] usb 1-1: config 0 descriptor??
[ 1138.376616][   T24] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[ 1138.593111][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[ 1138.685398][T20334] loop9: detected capacity change from 0 to 7
[ 1138.694550][T20334] buffer_io_error: 4 callbacks suppressed
[ 1138.694565][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.708463][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.716584][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.724682][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.732931][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.741117][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.749799][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.758012][T20334] ldm_validate_partition_table(): Disk read failed.
[ 1138.765336][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.774028][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.784600][T20334] Buffer I/O error on dev loop9, logical block 0, async page read
[ 1138.793003][T20334] Dev loop9: unable to read RDB block 0
[ 1138.799693][T20334]  loop9: unable to read partition table
[ 1138.805618][T20334] loop9: partition table beyond EOD, truncated
[ 1138.811875][T20334] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[ 1138.811875][T20334] 
) failed (rc=-5)
[ 1138.880115][T20316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1139.259686][T20316] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1139.294701][   T24] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[ 1139.633374][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[ 1139.641742][ T5921] usb 1-1: USB disconnect, device number 97
[ 1139.668381][ T5921] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[ 1139.717509][T20344] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3710'.
[ 1139.726980][T20345] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=109 sclass=netlink_xfrm_socket pid=20345 comm=syz.1.3708
[ 1140.108193][ T5921] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[ 1140.133033][T20351] xt_l2tp: v2 doesn't support IP mode
[ 1140.208072][ T5921] quatech2 1-1:0.51: device disconnected
[ 1140.538426][T20356] netlink: 64 bytes leftover after parsing attributes in process `syz.3.3713'.
[ 1141.115864][T20374] input: syz1 as /devices/virtual/input/input78
[ 1142.440937][T20389] fuse: Bad value for 'group_id'
[ 1142.453847][T20389] fuse: Bad value for 'group_id'
[ 1142.878663][T20389] veth0_vlan: entered allmulticast mode
[ 1142.975743][T20391] gretap0: entered promiscuous mode
[ 1143.022760][T20391] vlan2: entered promiscuous mode
[ 1144.773578][T20419] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3729'.
[ 1144.801412][T20419] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1144.809006][T20419] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1144.888872][T20428] binder: 20427:20428 ioctl c018620c 2000000000c0 returned -1
[ 1145.045636][T20433] 9pnet_fd: Insufficient options for proto=fd
[ 1146.676509][T20461] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3745'.
[ 1146.722625][T20461] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1146.730248][T20461] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1146.752618][   T30] audit: type=1400 audit(2000001393.012:3192): avc:  denied  { watch watch_reads } for  pid=20462 comm="syz.1.3746" path="/syzcgroup/cpu/syz1/cgroup.procs" dev="cgroup" ino=120 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[ 1146.843213][   T30] audit: type=1400 audit(2000001393.092:3193): avc:  denied  { map } for  pid=20465 comm="syz.7.3747" path="/dev/uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1146.919864][   T30] audit: type=1400 audit(2000001393.092:3194): avc:  denied  { execute } for  pid=20465 comm="syz.7.3747" path="/dev/uhid" dev="devtmpfs" ino=1274 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[ 1147.043168][T20474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3750'.
[ 1147.587881][T20492] usb usb9: usbfs: interface 0 claimed by hub while 'syz.6.3754' sets config #0
[ 1148.112618][T20494] trusted_key: encrypted_key: insufficient parameters specified
[ 1149.571288][    T9] usb 7-1: new low-speed USB device number 50 using dummy_hcd
[ 1149.740652][T20502] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3760'.
[ 1149.759917][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1149.796114][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1149.808766][T20502] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1149.817803][T20502] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1149.932655][T11964] iguanair 2-1:0.0: failed to get version
[ 1149.942361][T11964] iguanair 2-1:0.0: probe with driver iguanair failed with error -110
[ 1150.019847][    T9] usb 7-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00
[ 1150.051357][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1150.113046][T11964] usb 2-1: USB disconnect, device number 101
[ 1150.117972][    T9] usb 7-1: config 0 descriptor??
[ 1150.130419][T20506] netlink: 63503 bytes leftover after parsing attributes in process `syz.1.3761'.
[ 1150.689336][T11964] usb 2-1: new full-speed USB device number 102 using dummy_hcd
[ 1150.794446][T20496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1150.978924][    T9] glorious 0003:258A:0036.0019: item fetching failed at offset 0/2
[ 1151.003044][T20496] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1151.015299][    T9] glorious 0003:258A:0036.0019: probe with driver glorious failed with error -22
[ 1151.065729][T11964] usb 2-1: unable to get BOS descriptor or descriptor too short
[ 1151.077302][    T9] usb 7-1: USB disconnect, device number 50
[ 1151.082697][T11964] usb 2-1: not running at top speed; connect to a high speed hub
[ 1151.173285][T11964] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 147, changing to 4
[ 1151.217218][T11964] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 1151.239409][T11964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1151.247425][T11964] usb 2-1: Product: syz
[ 1151.279248][T11964] usb 2-1: Manufacturer: syz
[ 1151.283871][T11964] usb 2-1: SerialNumber: syz
[ 1151.312455][   T30] audit: type=1400 audit(2000001397.572:3195): avc:  denied  { read } for  pid=20529 comm="syz.3.3770" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1151.399410][T20534] openvswitch: netlink: VXLAN extension message has 3 unknown bytes.
[ 1151.458576][T20540] netlink: 'syz.7.3773': attribute type 39 has an invalid length.
[ 1151.528732][T11964] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[ 1151.540539][T11964] usb 2-1: unit 244 not found!
[ 1151.555780][T11964] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[ 1151.590314][T11964] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1151.632016][T11964] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[ 1151.655326][T11964] usb 2-1: USB disconnect, device number 102
[ 1151.737221][T20543] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3774'.
[ 1153.464768][T20570] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=20570 comm=syz.3.3781
[ 1153.535872][T20566] input: syz1 as /devices/virtual/input/input79
[ 1153.837271][   T30] audit: type=1400 audit(2000001400.092:3196): avc:  denied  { ioctl } for  pid=20575 comm="syz.7.3783" path="/dev/infiniband/rdma_cm" dev="devtmpfs" ino=1272 ioctlcmd=0x9365 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[ 1153.863962][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1153.917939][T20584] netlink: 20 bytes leftover after parsing attributes in process `syz.7.3789'.
[ 1154.028677][   T30] audit: type=1400 audit(2000001400.192:3197): avc:  denied  { mounton } for  pid=20581 comm="syz.0.3786" path="/182/file0" dev="tmpfs" ino=981 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[ 1154.063198][T20590] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3788'.
[ 1155.119553][T11964] usb 2-1: new high-speed USB device number 103 using dummy_hcd
[ 1155.257495][   T30] audit: type=1400 audit(2000001401.512:3198): avc:  denied  { execute } for  pid=20600 comm="syz.7.3794" path="/dev/video3" dev="devtmpfs" ino=935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[ 1155.281250][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1155.329542][T11964] usb 2-1: Using ep0 maxpacket: 16
[ 1155.344108][   T30] audit: type=1400 audit(2000001401.562:3199): avc:  denied  { read } for  pid=20598 comm="syz.0.3791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1155.381380][T11964] usb 2-1: config 0 has an invalid descriptor of length 226, skipping remainder of the config
[ 1155.394491][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1155.408951][T11964] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 16406, setting to 1024
[ 1155.429553][T20610] xt_policy: input policy not valid in POSTROUTING and OUTPUT
[ 1155.547716][T11964] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[ 1155.558113][T11964] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1155.573683][T11964] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1155.582866][T11964] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1155.592730][T11964] usb 2-1: Manufacturer: syz
[ 1155.601844][T11964] usb 2-1: config 0 descriptor??
[ 1156.224509][T11964] rc_core: IR keymap rc-hauppauge not found
[ 1156.234703][T11964] Registered IR keymap rc-empty
[ 1156.254875][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1156.316320][T20587] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1156.325315][T20587] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1156.342830][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1156.371407][T11964] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[ 1156.392852][T20625] 9pnet_fd: Insufficient options for proto=fd
[ 1156.402524][   T30] audit: type=1400 audit(2000001402.652:3200): avc:  denied  { open } for  pid=20621 comm="syz.0.3798" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=70858 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1156.403158][T11964] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input80
[ 1156.426841][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1156.483004][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1156.509541][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1156.639459][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1156.659489][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.644397][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.670564][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.709405][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.741642][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.760803][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.882214][T11964] mceusb 2-1:0.0: Error: mce write urb status = -71
[ 1157.925414][T11964] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[ 1158.003321][T11964] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1158.398502][T11964] usb 2-1: USB disconnect, device number 103
[ 1159.508456][ T7897] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[ 1159.964668][T20660] kAFS: No cell specified
[ 1160.219324][ T5871] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[ 1160.662687][ T5871] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1160.695771][ T5871] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1160.723542][ T5871] usb 1-1: config 0 descriptor??
[ 1160.734059][ T5871] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1161.394556][T20685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1161.420279][ T5871] gspca_cpia1: usb_control_msg 03, error -32
[ 1161.435215][T20685] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1161.753486][T20688] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3817'.
[ 1162.200267][T20698] binder: 20697:20698 unknown command 0
[ 1162.206614][T20698] binder: 20697:20698 ioctl c0306201 2000000001c0 returned -22
[ 1162.254453][ T5871] gspca_cpia1: usb_control_msg 03, error -71
[ 1162.269524][ T5871] gspca_cpia1: usb_control_msg 01, error -71
[ 1162.277737][ T5871] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[ 1162.369513][ T5871] usb 1-1: USB disconnect, device number 98
[ 1162.587221][   T30] audit: type=1326 audit(2000001408.842:3201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20704 comm="syz.6.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99f6b8e929 code=0x7ffc0000
[ 1163.320145][   T30] audit: type=1326 audit(2000001408.842:3202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20704 comm="syz.6.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99f6b8e929 code=0x7ffc0000
[ 1163.497776][   T30] audit: type=1326 audit(2000001408.842:3203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20704 comm="syz.6.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f99f6b8e929 code=0x7ffc0000
[ 1163.677865][   T30] audit: type=1326 audit(2000001408.842:3204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20704 comm="syz.6.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99f6b8e929 code=0x7ffc0000
[ 1163.804384][   T30] audit: type=1326 audit(2000001408.842:3205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20704 comm="syz.6.3823" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f99f6b8e929 code=0x7ffc0000
[ 1166.284003][T20756] sp0: Synchronizing with TNC
[ 1167.069808][T20752] [U] �
[ 1167.337973][T20760] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3833'.
[ 1167.759225][T11964] usb 2-1: new high-speed USB device number 104 using dummy_hcd
[ 1167.791361][T20769] netlink: 71 bytes leftover after parsing attributes in process `syz.0.3839'.
[ 1167.801542][T20770] befs: (nbd0): No write support. Marking filesystem read-only
[ 1167.814416][T20770] syz.0.3839: attempt to access beyond end of device
[ 1167.814416][T20770] nbd0: rw=0, sector=0, nr_sectors = 2 limit=0
[ 1167.919219][T11964] usb 2-1: Using ep0 maxpacket: 8
[ 1167.934134][T11964] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[ 1167.943441][T11964] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1167.951785][T11964] usb 2-1: Product: syz
[ 1167.956210][T11964] usb 2-1: Manufacturer: syz
[ 1167.962042][T11964] usb 2-1: SerialNumber: syz
[ 1167.967649][T20766] netlink: 332 bytes leftover after parsing attributes in process `syz.3.3838'.
[ 1167.979367][T11964] usb 2-1: config 0 descriptor??
[ 1167.988360][T11964] gspca_main: sq930x-2.14.0 probing 2770:930c
[ 1168.039511][ T5870] usb 1-1: new high-speed USB device number 99 using dummy_hcd
[ 1168.169307][ T5870] usb 1-1: device descriptor read/64, error -71
[ 1168.391765][   T30] audit: type=1400 audit(2000001414.652:3206): avc:  denied  { ioctl } for  pid=20772 comm="syz.7.3840" path="socket:[71073]" dev="sockfs" ino=71073 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[ 1168.521931][ T5870] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1168.709610][ T5870] usb 1-1: device descriptor read/64, error -71
[ 1168.792901][T11964] gspca_sq930x: ucbus_write failed -71
[ 1168.819568][ T5870] usb usb1-port1: attempt power cycle
[ 1169.019252][T11964] gspca_sq930x: Sensor ov9630 not yet treated
[ 1169.025837][T11964] sq930x 2-1:0.0: probe with driver sq930x failed with error -22
[ 1169.043505][T11964] usb 2-1: USB disconnect, device number 104
[ 1169.169270][ T5870] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1169.200732][ T5870] usb 1-1: device descriptor read/8, error -71
[ 1169.925081][T20795] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3847'.
[ 1169.934191][ T5870] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1169.944006][   T30] audit: type=1400 audit(2000001416.202:3207): avc:  denied  { accept } for  pid=20794 comm="syz.3.3847" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[ 1169.959641][ T5870] usb 1-1: device descriptor read/8, error -71
[ 1170.079564][ T5870] usb usb1-port1: unable to enumerate USB device
[ 1170.576167][T20813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3850'.
[ 1171.381820][   T30] audit: type=1400 audit(2000001417.642:3208): avc:  denied  { write } for  pid=20814 comm="syz.7.3852" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[ 1171.708344][T20827] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3856'.
[ 1171.794465][T20832] tipc: Started in network mode
[ 1171.805117][T20832] tipc: Node identity 4, cluster identity 4711
[ 1171.812636][T20832] tipc: Node number set to 4
[ 1176.678077][T20902] binder: 20897:20902 ioctl c018620c 200000000000 returned -1
[ 1176.854032][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 1176.862038][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.035549][T20907] evm: overlay not supported
[ 1177.115098][T20909] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3879'.
[ 1177.128251][T20899] Process accounting resumed
[ 1177.305027][T20909] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1177.316084][T20909] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1177.338959][T20909] bond0 (unregistering): Released all slaves
[ 1178.736876][T20934] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3888'.
[ 1178.920985][T20942] sp0: Synchronizing with TNC
[ 1178.927339][T16554] 
[ 1178.929668][T16554] =====================================================
[ 1178.936591][T16554] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[ 1178.944026][T16554] 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 Not tainted
[ 1178.951117][T16554] -----------------------------------------------------
[ 1178.958026][T16554] kworker/u8:1/16554 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 1178.965897][T16554] ffffffff8f79a018 (disc_data_lock){.?.+}-{3:3}, at: sp_get+0x18/0xf0
[ 1178.974063][T16554] 
[ 1178.974063][T16554] and this task is already holding:
[ 1178.981403][T16554] ffffffff9b087e38 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[ 1178.990084][T16554] which would create a new lock dependency:
[ 1178.995949][T16554]  (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock){.?.+}-{3:3}
[ 1179.003592][T16554] 
[ 1179.003592][T16554] but this new dependency connects a HARDIRQ-irq-safe lock:
[ 1179.013021][T16554]  (&port_lock_key){-.-.}-{3:3}
[ 1179.013040][T16554] 
[ 1179.013040][T16554] ... which became HARDIRQ-irq-safe at:
[ 1179.025543][T16554]   lock_acquire+0x179/0x350
[ 1179.030126][T16554]   _raw_spin_lock_irqsave+0x3a/0x60
[ 1179.035399][T16554]   serial8250_handle_irq+0x95/0xcb0
[ 1179.040667][T16554]   serial8250_default_handle_irq+0x9a/0x210
[ 1179.046628][T16554]   serial8250_interrupt+0x103/0x210
[ 1179.051896][T16554]   __handle_irq_event_percpu+0x229/0x7d0
[ 1179.057606][T16554]   handle_irq_event+0xab/0x1e0
[ 1179.062441][T16554]   handle_edge_irq+0x28e/0xab0
[ 1179.067274][T16554]   __common_interrupt+0xdf/0x250
[ 1179.072281][T16554]   common_interrupt+0xba/0xe0
[ 1179.077026][T16554]   asm_common_interrupt+0x26/0x40
[ 1179.082116][T16554]   pv_native_safe_halt+0xf/0x20
[ 1179.087054][T16554]   default_idle+0x13/0x20
[ 1179.091454][T16554]   default_idle_call+0x6d/0xb0
[ 1179.096284][T16554]   do_idle+0x391/0x510
[ 1179.100423][T16554]   cpu_startup_entry+0x4f/0x60
[ 1179.105258][T16554]   start_secondary+0x21d/0x2b0
[ 1179.110092][T16554]   common_startup_64+0x13e/0x148
[ 1179.115096][T16554] 
[ 1179.115096][T16554] to a HARDIRQ-irq-unsafe lock:
[ 1179.122089][T16554]  (disc_data_lock){.?.+}-{3:3}
[ 1179.122110][T16554] 
[ 1179.122110][T16554] ... which became HARDIRQ-irq-unsafe at:
[ 1179.134790][T16554] ...
[ 1179.134796][T16554]   lock_acquire+0x179/0x350
[ 1179.141935][T16554]   _raw_read_lock+0x5f/0x70
[ 1179.146511][T16554]   sp_get+0x18/0xf0
[ 1179.150390][T16554]   sixpack_ioctl+0x73/0x440
[ 1179.154966][T16554]   tty_ioctl+0x6fd/0x1640
[ 1179.159367][T16554]   __x64_sys_ioctl+0x18b/0x210
[ 1179.164204][T16554]   do_syscall_64+0xcd/0x4c0
[ 1179.168793][T16554]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.174754][T16554] 
[ 1179.174754][T16554] other info that might help us debug this:
[ 1179.174754][T16554] 
[ 1179.184960][T16554]  Possible interrupt unsafe locking scenario:
[ 1179.184960][T16554] 
[ 1179.193255][T16554]        CPU0                    CPU1
[ 1179.198600][T16554]        ----                    ----
[ 1179.203945][T16554]   lock(disc_data_lock);
[ 1179.208256][T16554]                                local_irq_disable();
[ 1179.215001][T16554]                                lock(&port_lock_key);
[ 1179.221834][T16554]                                lock(disc_data_lock);
[ 1179.228663][T16554]   <Interrupt>
[ 1179.232097][T16554]     lock(&port_lock_key);
[ 1179.236581][T16554] 
[ 1179.236581][T16554]  *** DEADLOCK ***
[ 1179.236581][T16554] 
[ 1179.244708][T16554] 6 locks held by kworker/u8:1/16554:
[ 1179.250070][T16554]  #0: ffff88801b881148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70
[ 1179.261186][T16554]  #1: ffffc90015577d10 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70
[ 1179.272212][T16554]  #2: ffff888025bb8ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x34/0x780
[ 1179.281246][T16554]  #3: ffff8880248ef0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[ 1179.290535][T16554]  #4: ffffffff9b087e38 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0x13b/0xb30
[ 1179.299661][T16554]  #5: ffff8880248ef0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x80
[ 1179.308950][T16554] 
[ 1179.308950][T16554] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[ 1179.319331][T16554] -> (&port_lock_key){-.-.}-{3:3} {
[ 1179.324536][T16554]    IN-HARDIRQ-W at:
[ 1179.328495][T16554]                     lock_acquire+0x179/0x350
[ 1179.334636][T16554]                     _raw_spin_lock_irqsave+0x3a/0x60
[ 1179.341468][T16554]                     serial8250_handle_irq+0x95/0xcb0
[ 1179.348299][T16554]                     serial8250_default_handle_irq+0x9a/0x210
[ 1179.355825][T16554]                     serial8250_interrupt+0x103/0x210
[ 1179.362656][T16554]                     __handle_irq_event_percpu+0x229/0x7d0
[ 1179.369926][T16554]                     handle_irq_event+0xab/0x1e0
[ 1179.376321][T16554]                     handle_edge_irq+0x28e/0xab0
[ 1179.382718][T16554]                     __common_interrupt+0xdf/0x250
[ 1179.389304][T16554]                     common_interrupt+0xba/0xe0
[ 1179.395624][T16554]                     asm_common_interrupt+0x26/0x40
[ 1179.402282][T16554]                     pv_native_safe_halt+0xf/0x20
[ 1179.408769][T16554]                     default_idle+0x13/0x20
[ 1179.414739][T16554]                     default_idle_call+0x6d/0xb0
[ 1179.421134][T16554]                     do_idle+0x391/0x510
[ 1179.426835][T16554]                     cpu_startup_entry+0x4f/0x60
[ 1179.433234][T16554]                     start_secondary+0x21d/0x2b0
[ 1179.439634][T16554]                     common_startup_64+0x13e/0x148
[ 1179.446201][T16554]    IN-SOFTIRQ-W at:
[ 1179.450163][T16554]                     lock_acquire+0x179/0x350
[ 1179.456304][T16554]                     _raw_spin_lock_irqsave+0x3a/0x60
[ 1179.463138][T16554]                     serial8250_handle_irq+0x95/0xcb0
[ 1179.469964][T16554]                     serial8250_default_handle_irq+0x9a/0x210
[ 1179.477487][T16554]                     serial8250_interrupt+0x103/0x210
[ 1179.484329][T16554]                     __handle_irq_event_percpu+0x229/0x7d0
[ 1179.491608][T16554]                     handle_irq_event+0xab/0x1e0
[ 1179.498005][T16554]                     handle_edge_irq+0x28e/0xab0
[ 1179.504399][T16554]                     __common_interrupt+0xdf/0x250
[ 1179.510972][T16554]                     common_interrupt+0x61/0xe0
[ 1179.517293][T16554]                     asm_common_interrupt+0x26/0x40
[ 1179.523962][T16554]                     _raw_spin_unlock_irqrestore+0x31/0x80
[ 1179.531242][T16554]                     note_gp_changes+0x14e/0x1e0
[ 1179.537653][T16554]                     rcu_core+0x13a/0x14e0
[ 1179.543540][T16554]                     handle_softirqs+0x216/0x8e0
[ 1179.549952][T16554]                     __irq_exit_rcu+0x109/0x170
[ 1179.556267][T16554]                     irq_exit_rcu+0x9/0x30
[ 1179.562147][T16554]                     sysvec_apic_timer_interrupt+0xa4/0xc0
[ 1179.569423][T16554]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1179.577040][T16554]                     console_flush_all+0x9a2/0xc60
[ 1179.583634][T16554]                     console_unlock+0xd8/0x210
[ 1179.589873][T16554]                     vprintk_emit+0x418/0x6d0
[ 1179.596010][T16554]                     _printk+0xc7/0x100
[ 1179.601620][T16554]                     kauditd_hold_skb+0x205/0x250
[ 1179.608108][T16554]                     kauditd_send_queue+0x239/0x290
[ 1179.614769][T16554]                     kauditd_thread+0x623/0xa70
[ 1179.621096][T16554]                     kthread+0x3c2/0x780
[ 1179.626793][T16554]                     ret_from_fork+0x5d4/0x6f0
[ 1179.633020][T16554]                     ret_from_fork_asm+0x1a/0x30
[ 1179.639418][T16554]    INITIAL USE at:
[ 1179.643297][T16554]                    lock_acquire+0x179/0x350
[ 1179.649352][T16554]                    _raw_spin_lock_irqsave+0x3a/0x60
[ 1179.656098][T16554]                    serial8250_do_set_termios+0x310/0x1710
[ 1179.663364][T16554]                    serial8250_set_termios+0x6e/0x80
[ 1179.670107][T16554]                    uart_set_options+0x31a/0x5f0
[ 1179.676504][T16554]                    serial8250_console_setup+0x189/0x450
[ 1179.683595][T16554]                    univ8250_console_setup+0x1eb/0x2e0
[ 1179.690512][T16554]                    try_enable_preferred_console+0x2fd/0x530
[ 1179.697956][T16554]                    register_console+0x3ab/0x11b0
[ 1179.704442][T16554]                    univ8250_console_init+0x5f/0x90
[ 1179.711105][T16554]                    console_init+0x14f/0x680
[ 1179.717158][T16554]                    start_kernel+0x29f/0x4d0
[ 1179.723220][T16554]                    x86_64_start_reservations+0x18/0x30
[ 1179.730228][T16554]                    x86_64_start_kernel+0x130/0x190
[ 1179.736888][T16554]                    common_startup_64+0x13e/0x148
[ 1179.743368][T16554]  }
[ 1179.745847][T16554]  ... key      at: [<ffffffff9b0870a0>] port_lock_key+0x0/0x40
[ 1179.753468][T16554] 
[ 1179.753468][T16554] the dependencies between the lock to be acquired
[ 1179.753475][T16554]  and HARDIRQ-irq-unsafe lock:
[ 1179.766943][T16554] -> (disc_data_lock){.?.+}-{3:3} {
[ 1179.772148][T16554]    IN-HARDIRQ-R at:
[ 1179.776116][T16554]                     lock_acquire+0x179/0x350
[ 1179.782268][T16554]                     _raw_read_lock+0x3a/0x70
[ 1179.788414][T16554]                     sp_get+0x18/0xf0
[ 1179.793866][T16554]                     sixpack_write_wakeup+0x20/0x390
[ 1179.800617][T16554]                     tty_wakeup+0xe8/0x120
[ 1179.806497][T16554]                     tty_port_default_wakeup+0x2a/0x40
[ 1179.813421][T16554]                     serial8250_tx_chars+0x68e/0x860
[ 1179.820174][T16554]                     serial8250_handle_irq+0x761/0xcb0
[ 1179.827087][T16554]                     serial8250_default_handle_irq+0x9a/0x210
[ 1179.834613][T16554]                     serial8250_interrupt+0x103/0x210
[ 1179.841443][T16554]                     __handle_irq_event_percpu+0x229/0x7d0
[ 1179.848710][T16554]                     handle_irq_event+0xab/0x1e0
[ 1179.855111][T16554]                     handle_edge_irq+0x28e/0xab0
[ 1179.861526][T16554]                     __common_interrupt+0xdf/0x250
[ 1179.868101][T16554]                     common_interrupt+0x61/0xe0
[ 1179.874409][T16554]                     asm_common_interrupt+0x26/0x40
[ 1179.881065][T16554]    HARDIRQ-ON-R at:
[ 1179.885029][T16554]                     lock_acquire+0x179/0x350
[ 1179.891183][T16554]                     _raw_read_lock+0x5f/0x70
[ 1179.897323][T16554]                     sp_get+0x18/0xf0
[ 1179.902768][T16554]                     sixpack_ioctl+0x73/0x440
[ 1179.908909][T16554]                     tty_ioctl+0x6fd/0x1640
[ 1179.914889][T16554]                     __x64_sys_ioctl+0x18b/0x210
[ 1179.921288][T16554]                     do_syscall_64+0xcd/0x4c0
[ 1179.927428][T16554]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.934951][T16554]    SOFTIRQ-ON-R at:
[ 1179.938911][T16554]                     lock_acquire+0x179/0x350
[ 1179.945053][T16554]                     _raw_read_lock+0x5f/0x70
[ 1179.951191][T16554]                     sp_get+0x18/0xf0
[ 1179.956632][T16554]                     sixpack_ioctl+0x73/0x440
[ 1179.962770][T16554]                     tty_ioctl+0x6fd/0x1640
[ 1179.968739][T16554]                     __x64_sys_ioctl+0x18b/0x210
[ 1179.975134][T16554]                     do_syscall_64+0xcd/0x4c0
[ 1179.981275][T16554]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.988799][T16554]    INITIAL USE at:
[ 1179.992674][T16554]                    lock_acquire+0x179/0x350
[ 1179.998728][T16554]                    _raw_write_lock_irq+0x36/0x50
[ 1180.005213][T16554]                    sixpack_close+0x1e/0x2f0
[ 1180.011264][T16554]                    tty_ldisc_close+0x114/0x1a0
[ 1180.017576][T16554]                    tty_ldisc_kill+0x8e/0x150
[ 1180.023714][T16554]                    tty_ldisc_release+0x210/0x2e0
[ 1180.030198][T16554]                    tty_release_struct+0x23/0xe0
[ 1180.036595][T16554]                    tty_release+0xe2d/0x1430
[ 1180.042650][T16554]                    __fput+0x3ff/0xb70
[ 1180.048182][T16554]                    task_work_run+0x150/0x240
[ 1180.054317][T16554]                    exit_to_user_mode_loop+0xeb/0x110
[ 1180.061148][T16554]                    do_syscall_64+0x3f6/0x4c0
[ 1180.067287][T16554]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1180.074725][T16554]    INITIAL READ USE at:
[ 1180.079032][T16554]                         lock_acquire+0x179/0x350
[ 1180.085520][T16554]                         _raw_read_lock+0x5f/0x70
[ 1180.092007][T16554]                         sp_get+0x18/0xf0
[ 1180.097798][T16554]                         sixpack_ioctl+0x73/0x440
[ 1180.104283][T16554]                         tty_ioctl+0x6fd/0x1640
[ 1180.110596][T16554]                         __x64_sys_ioctl+0x18b/0x210
[ 1180.117343][T16554]                         do_syscall_64+0xcd/0x4c0
[ 1180.123838][T16554]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1180.131710][T16554]  }
[ 1180.134186][T16554]  ... key      at: [<ffffffff8f79a018>] disc_data_lock+0x18/0xfe0
[ 1180.142064][T16554]  ... acquired at:
[ 1180.145845][T16554]    lock_acquire+0x179/0x350
[ 1180.150511][T16554]    _raw_read_lock+0x5f/0x70
[ 1180.155173][T16554]    sp_get+0x18/0xf0
[ 1180.159156][T16554]    sixpack_write_wakeup+0x20/0x390
[ 1180.164427][T16554]    tty_wakeup+0xe8/0x120
[ 1180.168828][T16554]    tty_port_default_wakeup+0x2a/0x40
[ 1180.174276][T16554]    serial8250_tx_chars+0x68e/0x860
[ 1180.179549][T16554]    __start_tx+0x3e9/0x4a0
[ 1180.184040][T16554]    serial8250_start_tx+0x368/0x530
[ 1180.189317][T16554]    __uart_start+0x292/0x4c0
[ 1180.193975][T16554]    uart_write+0x218/0xb30
[ 1180.198463][T16554]    sixpack_receive_buf+0x3d3/0x1c90
[ 1180.203820][T16554]    tty_ldisc_receive_buf+0x15a/0x1a0
[ 1180.209264][T16554]    tty_port_default_receive_buf+0x70/0xb0
[ 1180.215148][T16554]    flush_to_ldisc+0x26b/0x780
[ 1180.219985][T16554]    process_one_work+0x9cc/0x1b70
[ 1180.225080][T16554]    worker_thread+0x6c8/0xf10
[ 1180.229828][T16554]    kthread+0x3c2/0x780
[ 1180.234049][T16554]    ret_from_fork+0x5d4/0x6f0
[ 1180.238800][T16554]    ret_from_fork_asm+0x1a/0x30
[ 1180.243720][T16554] 
[ 1180.246038][T16554] 
[ 1180.246038][T16554] stack backtrace:
[ 1180.251907][T16554] CPU: 0 UID: 0 PID: 16554 Comm: kworker/u8:1 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[ 1180.251927][T16554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1180.251938][T16554] Workqueue: events_unbound flush_to_ldisc
[ 1180.251959][T16554] Call Trace:
[ 1180.251964][T16554]  <TASK>
[ 1180.251970][T16554]  dump_stack_lvl+0x116/0x1f0
[ 1180.251992][T16554]  check_irq_usage+0x7dc/0x920
[ 1180.252016][T16554]  ? check_path.constprop.0+0x24/0x50
[ 1180.252038][T16554]  ? __lock_acquire+0x1285/0x1c90
[ 1180.252058][T16554]  __lock_acquire+0x1285/0x1c90
[ 1180.252080][T16554]  ? lock_acquire+0x179/0x350
[ 1180.252102][T16554]  lock_acquire+0x179/0x350
[ 1180.252122][T16554]  ? sp_get+0x18/0xf0
[ 1180.252140][T16554]  ? ldsem_down_read_trylock+0x11a/0x180
[ 1180.252154][T16554]  ? ldsem_down_read_trylock+0x120/0x180
[ 1180.252168][T16554]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[ 1180.252188][T16554]  _raw_read_lock+0x5f/0x70
[ 1180.252206][T16554]  ? sp_get+0x18/0xf0
[ 1180.252223][T16554]  sp_get+0x18/0xf0
[ 1180.252240][T16554]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[ 1180.252259][T16554]  sixpack_write_wakeup+0x20/0x390
[ 1180.252278][T16554]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[ 1180.252297][T16554]  tty_wakeup+0xe8/0x120
[ 1180.252314][T16554]  tty_port_default_wakeup+0x2a/0x40
[ 1180.252335][T16554]  serial8250_tx_chars+0x68e/0x860
[ 1180.252359][T16554]  __start_tx+0x3e9/0x4a0
[ 1180.252379][T16554]  serial8250_start_tx+0x368/0x530
[ 1180.252401][T16554]  __uart_start+0x292/0x4c0
[ 1180.252417][T16554]  uart_write+0x218/0xb30
[ 1180.252438][T16554]  sixpack_receive_buf+0x3d3/0x1c90
[ 1180.252459][T16554]  ? ldsem_down_read_trylock+0x120/0x180
[ 1180.252472][T16554]  ? __pfx_ldsem_down_read_trylock+0x10/0x10
[ 1180.252487][T16554]  ? __pfx_sixpack_receive_buf+0x10/0x10
[ 1180.252507][T16554]  tty_ldisc_receive_buf+0x15a/0x1a0
[ 1180.252526][T16554]  tty_port_default_receive_buf+0x70/0xb0
[ 1180.252548][T16554]  flush_to_ldisc+0x26b/0x780
[ 1180.252568][T16554]  ? rcu_is_watching+0x12/0xc0
[ 1180.252586][T16554]  process_one_work+0x9cc/0x1b70
[ 1180.252603][T16554]  ? __pfx_process_one_work+0x10/0x10
[ 1180.252619][T16554]  ? assign_work+0x1a0/0x250
[ 1180.252641][T16554]  worker_thread+0x6c8/0xf10
[ 1180.252658][T16554]  ? __kthread_parkme+0x19e/0x250
[ 1180.252676][T16554]  ? __pfx_worker_thread+0x10/0x10
[ 1180.252690][T16554]  kthread+0x3c2/0x780
[ 1180.252702][T16554]  ? __pfx_kthread+0x10/0x10
[ 1180.252715][T16554]  ? rcu_is_watching+0x12/0xc0
[ 1180.252731][T16554]  ? __pfx_kthread+0x10/0x10
[ 1180.252743][T16554]  ret_from_fork+0x5d4/0x6f0
[ 1180.252762][T16554]  ? __pfx_kthread+0x10/0x10
[ 1180.252774][T16554]  ret_from_fork_asm+0x1a/0x30
[ 1180.252796][T16554]  </TASK>
[ 1180.509490][    C0] vkms_vblank_simulate: vblank timer overrun