last executing test programs:

2m18.044237212s ago: executing program 2 (id=1287):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
r2 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000000000/0x4000)=nil)
prctl$PR_CAP_AMBIENT(0x2f, 0x2, 0x1d)
shmat(r2, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r3, 0x1000000, 0x0)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="0500000000000000000d0e0000"], 0x14}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xde20)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r4 = gettid()
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r5, &(0x7f0000000440)=""/247, 0x26)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r5, 0x4040534e, &(0x7f0000000080)={0x31, @time={0x3, 0x8}, 0x0, {0x7, 0x2}, 0x0, 0x0, 0x4})
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r5, 0xc0305302, &(0x7f0000000040)={0x36, 0x7, 0x4, 0x9, 0x1, 0x80})
tkill(r4, 0x7)

2m16.684505026s ago: executing program 2 (id=1294):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x60303, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x22000, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="ca0e808bb35bdabb", 0x8)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r3, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x9}}, 0x40)
socket$inet6(0xa, 0x3, 0x7)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f0000000000)={'veth0_to_batadv\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)

2m16.4811196s ago: executing program 2 (id=1296):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, 0x0)
clock_gettime(0x2, &(0x7f0000000340))
syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x51, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010102020000082505a1a440000102030109023f0001011060e809000000000000000209240600004f9c466b81a367e258b8ff0f0108000000040004000709058202100007ae0e09050302400008c1017628819358cc96d4127a060a0b5c96524cf1294dca80ee0f44d203524fa9d44388c24d1835f446c0ff12d49eb808148643f3313471e0e0993e9ac0b895767e8c04da5e6ddaecf0c01a8ad4be721fff4390dd9f37ece387d2272b8426aceb176d34faf04b594caf1f39e5bbe359888e82d3795673c8671a15228930fc7b1157dadd22fad2581910783cc558a97ceb1c11f97c3801a67d611a99e72ac6613de76244140967ad0635399d141427c2c6429b"], &(0x7f0000000280)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x0, 0x4, 0x9, 0xfb, 0x40, 0x8}, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x410}}]})
r0 = syz_open_dev$I2C(&(0x7f0000000d80), 0x0, 0x0)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000040)={0x2, 0x4, 0x2, 0x0})
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r4 = dup(r3)
write$6lowpan_enable(r4, &(0x7f0000000000)='0', 0xfffffd2c)
r5 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r4}, 0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(0x0, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r3, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0)
pipe(&(0x7f0000000600)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
socket(0x28, 0x6, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x4002, 0x0)
write(r8, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c)
r9 = socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x8)
pipe(&(0x7f0000000500)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
splice(r10, 0x0, r8, 0x0, 0xffffffffffff8000, 0x0)
close(r11)
close(r9)
socket$nl_route(0x10, 0x3, 0x0)
splice(r7, 0x0, r9, 0x0, 0x1100000000f336, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$CEC_ADAP_S_PHYS_ADDR(r11, 0x40026102, &(0x7f00000002c0)=0x8)
nanosleep(&(0x7f0000000080)={r1, r2+60000000}, &(0x7f00000000c0))

2m13.140160227s ago: executing program 2 (id=1307):
r0 = syz_open_dev$cec(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
nanosleep(0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
clock_gettime(0x5, &(0x7f0000000240))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x20000000)
mq_timedsend(r0, &(0x7f0000000280)="fcca66f24dae6264cfee8537b70de7236e9f249423f8cd567ec86457b6b9638b4f4f28c0ff80251b013cb3f5611ff164c391ccf0c1fe2ab2b39210f04126baf61e43a8143c66d760598887d5a77edbccc04e9139767e1c3c82c0", 0x5a, 0x915, 0x0)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000e80)={0x0, 0x0, 0x0}, 0x40000002)
madvise(&(0x7f0000000000/0x2000)=nil, 0x8000000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9)
r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
ioctl$KDGKBSENT(r1, 0x4b48, &(0x7f0000000000)={0xc4, "d941fbe7bc487d3ed43a4ee5d8d3fd5ec6ad01b27bd110d2db7fb8f71c6706ab612500decc85e2ab6430306372b5575271ea21a83a899a83bc740a4086a9e2f1efe9a24c4a42c469c863e962d48010dc66a3da706196b115ba62b1558bc3928b29bb5e42bd680ad2cebfb0877963c4051b54c3865dcc0d178811b1bf5ece24ee48351087a216d9021dcf883f8e6c09044519eb3e31a961e919496369f71ff95efb8de589655d6eb2f82403350d436dbdb2d6a99c944060369a2f59b41aab6b8db240faacaf57d649c190d725fdf968c15c8f500e9f126601c4c358a5215294fe7b957c3401e8c5b12fc6e41490b405edbf727c3bc48fd16cf853b95c541ab91a09b24016078eea1c75db20d4dd726ca63203f54262e04e201ce29338de9fb9f1f657edae9fc1738a07396350455fd137d74f92717b31993b5fed5c8576ebad6eb346ca69aaff1b1e278755482d09f2a817ba47fd6ac41b2d4cc82163b21c0a486685c373dcaae2471033b6edff36bdeaaab2f7cf4d3c116d56854f02cd9d8e0232fa896dcb6aaa0b508237a9d8768e9db3b807db47ba6d3809f0c700d0a118b3468a7f7314a5f4b1e55aa3c748bd6b02ccdd561c58b2c63cf87cbbafaca707f6697e10bd2c83dce6515c2e362dd8e69312c0e42955c4b6bada5ff3d2dbc5b630996596f0dfdf863ac7d6378b6b33c0786dd43695014f9137da71341866bbdebc"})
read$msr(r1, &(0x7f0000000000)=""/244, 0xf4)

2m9.976880561s ago: executing program 2 (id=1316):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x668c2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x20)
r3 = open(&(0x7f0000000300)='.\x00', 0x10000, 0x0)
renameat2(r3, &(0x7f00000004c0)='./bus\x00', r0, &(0x7f0000000500)='./file0\x00', 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r1, 0x8010671f, &(0x7f0000000080)={&(0x7f0000000140)=""/151, 0x97})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000001700000004000680"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

2m9.81154512s ago: executing program 2 (id=1318):
r0 = socket$packet(0x11, 0xa, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000180)=0xa, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88b81, 0x0)
getpeername$packet(r0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000100000c0000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000004080)=ANY=[@ANYBLOB="02000000040000000400000022bf000080040000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc00"/21], 0x48)

1m54.651596301s ago: executing program 32 (id=1318):
r0 = socket$packet(0x11, 0xa, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x1, &(0x7f0000000180)=0xa, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x88b81, 0x0)
getpeername$packet(r0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000010000100000c0000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$MAP_CREATE(0x0, &(0x7f0000004080)=ANY=[@ANYBLOB="02000000040000000400000022bf000080040000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fc00"/21], 0x48)

12.07136035s ago: executing program 0 (id=1655):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x8a)
fcntl$setlease(r0, 0x400, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='numa_maps\x00')
read$FUSE(r2, &(0x7f00000023c0)={0x2020}, 0x2020)
preadv(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x0)
read$FUSE(r2, &(0x7f0000004400)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x103000, 0x8d)
open$dir(&(0x7f0000000000)='./file1\x00', 0x80, 0x1c9)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
openat$cgroup_pressure(r4, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
r5 = open(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
open_by_handle_at(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"], 0x51b402)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)

10.934142609s ago: executing program 0 (id=1660):
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
unshare(0x6a040000)
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000000)=@phonet, 0x80, 0x0}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x8, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x7, 0x1, 0x6, 0xfffa}, 0x1d, [0x5, 0xc95a, 0xfffffff3, 0x80000006, 0x9, 0x2, 0x1, 0x7f, 0x6, 0xf, 0xfffffff6, 0x5f, 0xa, 0x7, 0x9, 0x8, 0x6, 0xa, 0x0, 0x80000001, 0xca, 0x7, 0x5, 0x3c5b, 0x6, 0x22, 0x2, 0xfffffffe, 0x1f461e2c, 0x2, 0x727, 0x4, 0x3, 0x0, 0x107fff, 0x4e74, 0x9, 0x0, 0xd, 0xa, 0x0, 0x71, 0x7, 0x2000007, 0x103, 0x2, 0x3, 0x39, 0x2, 0x6, 0x81, 0x3, 0x8, 0x0, 0x43, 0xe1, 0x7f, 0x9, 0x5, 0x5, 0xa, 0x4, 0x5, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0x10, 0x129432e6, 0xcb, 0x2, 0xd, 0x22d8, 0x1, 0x9, 0xfffffffc, 0x8, 0xfffffffe, 0x9, 0x5, 0x2f, 0xe, 0x8, 0x78, 0xb840, 0x7ffffffc, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x200753, 0x3, 0xfffffffd, 0xff, 0x1005, 0x801, 0x7, 0x4, 0x2009, 0x106, 0x2, 0x1ff, 0x27, 0x9, 0x8, 0x9, 0x8000, 0x5, 0x0, 0x2, 0x8000, 0xffff, 0x2, 0x83, 0x9, 0x5, 0x74ec1f9b, 0x4, 0x2, 0x7, 0x10, 0x9, 0x48c93690, 0x802, 0xff], [0x7, 0x4, 0x0, 0x101, 0xfffffdfe, 0xd, 0x8ce, 0x9, 0x387d, 0x7fff, 0x0, 0x5, 0xc, 0x4, 0x5, 0x76, 0x0, 0x1ef, 0x5, 0x7, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x1, 0xb7, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x7, 0x9, 0x3, 0x200, 0xfffffffe, 0x3, 0x4, 0x2, 0x10000, 0xa2, 0x7, 0x53cf6b7b, 0x8001, 0x6, 0x54fe12d5, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x5, 0x10000005, 0x5, 0x6, 0xffbffffb, 0x4, 0x3, 0x8, 0x9, 0x8, 0x3], [0x10009, 0xbb31, 0x3, 0xb, 0x5, 0x938, 0x6, 0x6, 0xfffffffc, 0x9, 0xce5, 0x1fd, 0x7669b26e, 0x3, 0x5, 0x40000005, 0x101, 0x10000, 0x6, 0x7fff, 0x8ffff, 0xa620, 0x40000000, 0x5, 0xffffffff, 0x2, 0x8, 0x60a7, 0x6, 0x6, 0xffffffff, 0x7fbffffb, 0x1, 0x8, 0xc8, 0x3, 0x4, 0x82ffff, 0x200003, 0xfffffff9, 0x7fffffff, 0x9602, 0xa, 0x8, 0x4, 0xfffffffd, 0x1, 0x10002, 0x5, 0x8, 0x2b95, 0x7, 0x7, 0x9, 0x1, 0x6c1b, 0x3, 0x4, 0x5, 0xb1c, 0x1, 0x99f5, 0xffff3441, 0x9]}, 0x45c)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x18)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000340)={@fallback=r1, 0x6, 0x0, 0x2, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0], <r4=>0x0}, 0x40)
r5 = creat(&(0x7f0000000580)='./file1\x00', 0x0)
r6 = fanotify_init(0xf00, 0x1)
fanotify_mark(r6, 0x105, 0x40009975, r5, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b00)={0xffffffffffffffff, 0xe0, &(0x7f0000000a00)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000008c0)=[0x0, 0x0, 0x0], 0x0, 0x1b, &(0x7f0000000900)=[{}, {}], 0x10, 0x10, &(0x7f0000000940), &(0x7f0000000980), 0x8, 0x4a, 0x8, 0x8, &(0x7f00000009c0)}}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)=ANY=[@ANYRES32=r5, @ANYRES32=r3, @ANYBLOB='\x000\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=r7, @ANYRES64=r4], 0x20)
socket$nl_route(0x10, 0x3, 0x0)
r8 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000e, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f0000000000)={0x3e, 0x2, 0x457f1c9146f8f874, "464905e100000000000000007f00", 0xb5315241})
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

8.676147906s ago: executing program 5 (id=1667):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="12008864"], 0xfce)
gettid()
timer_create(0xb, 0x0, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000002000)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
timer_getoverrun(r3)

8.577625595s ago: executing program 1 (id=1668):
r0 = socket(0xa, 0x3, 0x800)
setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, 0x0, 0x0)
r1 = syz_kvm_add_vcpu$x86(0x0, &(0x7f00000001c0)={0x0, &(0x7f0000000480)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0, @ANYRES32=r0, @ANYRES64, @ANYRES64=r0, @ANYRESHEX], 0x5e})
bpf$MAP_CREATE(0x2000000000000000, 0x0, 0x48)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRESDEC=r1], 0x5c}, 0x1, 0x0, 0x0, 0x2000c0c4}, 0x0)
r2 = socket$inet(0x2, 0x2, 0x7fffffff)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
setsockopt$inet_mreqsrc(r2, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000003c0)=[{&(0x7f0000000300)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x202, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x5, 0x4, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil})
fsetxattr$trusted_overlay_origin(r4, &(0x7f0000000200), &(0x7f0000000380), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r5, 0x4068aea3, &(0x7f0000000300))
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0100000000000000530000358c30"], 0x53})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x2a, 0xc1, 0x7, 0x6, 0xfb, 0x0, 0xf, 0x3, 0x3, 0x0, 0x3, 0x58, 0x81, 0x5, 0x7, 0x7f}})
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="00000000000000001800000000000000070000000000000001000000000000006b00000000000000c463"], 0x2de})
prlimit64(0x0, 0xc, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioperm(0x7, 0x449, 0x7ff)
rt_sigpending(0x0, 0x1000000)
r6 = syz_open_dev$MSR(&(0x7f0000000580), 0xa, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)

8.07720305s ago: executing program 3 (id=1669):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r2=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310328bd7000000000000900000008000300", @ANYRES32=r2, @ANYBLOB="0800060096"], 0x24}, 0x1, 0x0, 0x0, 0x20000095}, 0x8c0)
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r3, 0x0, 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x14, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b48a4"}, @main=@item_4={0x3, 0x0, 0x9, "6ac758a2"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0xe, "43df3a99"}]}}, 0x0}, 0x0)
r4 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCSFLAG(r4, 0x4004480f, &(0x7f0000000000)=0x2)

7.998548331s ago: executing program 5 (id=1670):
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x8a)
fcntl$setlease(r0, 0x400, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='numa_maps\x00')
read$FUSE(r2, &(0x7f00000023c0)={0x2020}, 0x2020)
preadv(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/133, 0x85}], 0x1, 0x114a, 0x0)
read$FUSE(r2, &(0x7f0000004400)={0x2020}, 0x2020)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x103000, 0x8d)
open$dir(&(0x7f0000000000)='./file1\x00', 0x80, 0x1c9)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x0)
openat$cgroup_pressure(r4, &(0x7f0000000040)='cpu.pressure\x00', 0x2, 0x0)
r5 = open(&(0x7f0000000400)='./file0\x00', 0x0, 0x0)
open_by_handle_at(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1800"], 0x51b402)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/locks\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0)

7.57601001s ago: executing program 0 (id=1672):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x61, &(0x7f0000000480)={0x0, 0x2, 0x7})
mq_timedreceive(r1, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r3, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="8a090400"], 0xc)
setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000300), 0x8)
recvmmsg(r2, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}, 0xf5ff}], 0xf00, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x2e, &(0x7f0000000000)=0x400000d2, 0x4)
shutdown(r2, 0x0)
write$6lowpan_enable(0xffffffffffffffff, 0x0, 0x0)

7.184404115s ago: executing program 1 (id=1673):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS32(r0, 0x806c4120, &(0x7f0000000080))
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000240)={0x0, 0x30, 0xf0, 0x0, 0x0, 0x1f, 0x0, 0x0, {}, {0x8}, {0x0, 0x5, 0x8000}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4002, 0x0, 0x0, 0x0, 0x16, 0x0, 0x1, 0x5})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="130000001000000002"], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000c80)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x2}, {0x85, 0x0, 0x0, 0x51}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0xa0}}}, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r3, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000400)="5aee41dea43e9eee28e622e563a3", 0x0, 0x3e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$nl_route(0x10, 0x3, 0x0)

6.767618756s ago: executing program 5 (id=1675):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000540)={{0x0, 0xdddd1000, 0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0xffff1000, 0xd000, 0xb, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x1, 0xd000, 0xd, 0x0, 0x0, 0x0, 0xff, 0x0, 0xfe, 0xa1, 0x4}, {0xdddd0000, 0x3000, 0xf, 0x0, 0xff, 0x4, 0x6, 0xe, 0x0, 0x3c}, {0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0xf1, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x1, 0x1, 0x83, 0xa, 0x26, 0x5}, {0x80a0000}, {0xdddd1000, 0xff}, 0xddf9ffdb, 0x0, 0x0, 0x70, 0xfffffffffffffffe, 0xd01, 0x0, [0x2, 0x0, 0x1]})
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fefffffff9ffff0000000000000000000000000000000000000000000000000000000000000000000000000004000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000"]}, 0x108)

6.66386419s ago: executing program 1 (id=1676):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$selinux_policy(0xffffff9c, &(0x7f0000000300), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000440)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
r2 = socket(0x10, 0x3, 0x0)
request_key(&(0x7f00000001c0)='rxrpc_s\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='y\xa9rust\xe3c*s\xb8dn::e\x00\x00', 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
move_pages(0x0, 0x2, &(0x7f0000000000)=[&(0x7f0000ffc000/0x1000)=nil], 0x0, 0xfffffffffffffffe, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r7}, 0x18)
r8 = syz_open_dev$usbfs(&(0x7f0000000080), 0x74, 0x101301)
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000200))
ioctl$USBDEVFS_IOCTL(r8, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect)
sendmsg$NFT_BATCH(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x1}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x4}]}], {0x14}}, 0x58}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r2, 0x10e, 0xc, &(0x7f0000000080)={0xfffffffd, 0x80000001, 0x5, 0x724}, 0x10)
write(r2, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'wlan1\x00', {0x2, 0x4e23, @broadcast}})
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r9, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r10, @ANYBLOB="010626bd7000fbdbdf2509000000780004801300010062726f6164636173742d6c696e6b00000c0007800800050001"], 0x8c}, 0x1, 0x0, 0x0, 0x4000000}, 0xc000)

6.579214332s ago: executing program 4 (id=1677):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/5, 0x200000, 0x1000}, 0x20)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'sit0\x00', <r3=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r1, &(0x7f0000000100)={0x2c, 0x0, r3}, 0x10)
mmap$xdp(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x4000009, 0x11, r1, 0x180000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
epoll_create(0x7)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, 0x0, 0x0)
unlinkat$binderfs_device(0xffffff9c, 0x0)
r7 = syz_init_net_socket$ax25(0x3, 0x5, 0x6)
ioctl$SIOCAX25ADDFWD(r7, 0x89ea, &(0x7f00000001c0)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}})

5.609729098s ago: executing program 4 (id=1678):
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000340), 0x10)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000380)=""/176)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x41, &(0x7f0000000040)=0x39cb, 0x4)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000003c0)=0x11)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000180)={0x0, <r6=>0x0})
pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
r8 = add_key$user(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000180)="8e", 0x1, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f0000000240)={<r9=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r9, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r7, 0xffffffffffffffff)
sched_setscheduler(r6, 0x2, &(0x7f0000000000)=0x8)
ioctl$TIOCVHANGUP(r5, 0x5437, 0x2)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x14880, 0x0)
sendto$inet6(r4, 0x0, 0x0, 0x20004041, 0x0, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)

5.007704239s ago: executing program 3 (id=1679):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd63"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0}}, 0x10)

5.007300717s ago: executing program 5 (id=1680):
accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, &(0x7f0000000040)=0x1c, 0x80800)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/86, 0x56}], 0x1}, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000600)=@raw={'raw\x00', 0x3c1, 0x3, 0x310, 0x130, 0x12, 0x60a, 0x130, 0x202, 0x240, 0x2e8, 0x2e8, 0x240, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast1, [0x4000000], [], 'veth1_to_bond\x00', 'xfrm0\x00', {}, {}, 0x2e}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@unspec=@statistic={{0x38}, {0x0, 0x1, 0x0, 0x0, 0xfffffffe}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff, 0x0, 0x5}, {0xffffffffffffffff, 0x1}}}}, {{@ipv6={@private2, @local, [0x0, 0x0, 0x0, 0xffffff80], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x110}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x10, 0xc00, 0x6cfc, 0x40, 'syz1\x00', 'syz0\x00', {0x7fffffff}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x370)

4.908844977s ago: executing program 1 (id=1681):
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000300))
r0 = syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x0)
io_setup(0x8, &(0x7f0000004200)=<r1=>0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0}])
r3 = syz_open_dev$usbfs(0x0, 0x76, 0x101301)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendfile(r0, r3, &(0x7f0000000680)=0x473c, 0xffffffffffffffff)
r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x3, 0x300)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000640)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, 0x0)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r6, 0x0, <r7=>0xffffffffffffffff, 0x1})
r8 = socket$netlink(0x10, 0x3, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r6})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[], 0x7c}}, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
chdir(&(0x7f0000000100)='./file0\x00')
symlink(&(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
sendmsg$NFT_BATCH(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000080a050000000000000000000200000a0900020073797a32000000000900010073797a300000000014000000"], 0x54}}, 0x0)
ioctl$USBDEVFS_SUBMITURB(r3, 0x8038550a, &(0x7f0000000180)=@urb_type_bulk={0x3, {0x1, 0x1}, 0x9, 0x81, 0x0, 0x0, 0xfffffff7, 0x5, 0x3, 0x37f2, 0x8, 0x0})
pwritev(r7, &(0x7f00000003c0)=[{&(0x7f00000006c0)="ff21e8a259ccb572f088b6a816fead07000000d549a59cd98ee3b1c312341d365cec7d50010900444c8ff54ea460245e437b5aa61a2c5ad129b9ef0d0eb9e0000000000000000000", 0x54}, {&(0x7f0000000400)="132f3c739a9840a1dd04c725f15864e9763f257c421419e41b78c287aedd0093ea30c6c0b1c3ce2f726e5b54e14192dc51c604237e47c75d6e08c1cf4b458ae9f33df333826a95111b75bf6c6789c4ad5339ae5839684f9013709488f4f9f7213b9e3d93eea2c79710c61ea55c0b62ab3e522a2b2d9fcb02c2ee91090531c4644a9098af3d7561d45f43a7f073ee427cc77055a201fd833de3b34ff0c61157f8da275119470bec4ee9e98a31892aefbd976b178fd6ebf6299a1d68214e7d14b2724b83e4ad", 0x63}], 0x2, 0x5, 0x800)

3.827600514s ago: executing program 3 (id=1682):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioperm(0x0, 0x6, 0x8c80)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r2, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r5=>0x0})
sendto$packet(r3, &(0x7f00000000c0)="10", 0x1, 0x0, &(0x7f0000000200)={0x11, 0x8100, r5, 0x1, 0x1, 0x6, @multicast}, 0x14)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
sendmsg$rds(0xffffffffffffffff, 0x0, 0x0)
clock_gettime(0x0, &(0x7f000000a0c0))
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
splice(0xffffffffffffffff, 0x0, r6, 0x0, 0x4000000025a5, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000a4800000000001400000018000180140002006e657464657673696d3000000000000005000c000100000208000600480a000005000b"], 0x44}, 0x1, 0x0, 0x0, 0x200000c0}, 0x800)

3.783789308s ago: executing program 4 (id=1683):
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x0, 0x0}, 0x10)
fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x20)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r2 = accept$alg(r1, 0x0, 0x0)
sendmsg$alg(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
write$binfmt_script(r2, &(0x7f0000000600), 0xfec8)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000780)={'vxcan1\x00', <r3=>0x0})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000840)={0x35, <r4=>0x0}, 0x8)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000a00)=@generic={&(0x7f00000009c0)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000ac0)={{r2, <r6=>0xffffffffffffffff}, &(0x7f0000000a40), &(0x7f0000000a80)='%+9llu \x00'}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x2280, 0x1}, 0x50)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r7, 0x0)
r8 = open(&(0x7f0000000300)='.\x02\x00', 0x14927e, 0x44)
fallocate(r8, 0x0, 0x0, 0x1001f0)
r9 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/netfilter\x00')
getdents(r9, 0xffffffffffffffff, 0x18)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=@base={0x18, 0x393, 0x5, 0x3dcc, 0x412, 0x1, 0x1, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x12, 0x1, &(0x7f0000000000)=@raw=[@jmp={0x5, 0x0, 0xc, 0x8, 0x1, 0xfffffffffffffff0}], &(0x7f0000000040)='GPL\x00', 0xd4, 0x1a, &(0x7f0000000740)=""/26, 0x41000, 0x0, '\x00', r3, @cgroup_sock_addr=0x33, 0xffffffffffffffff, 0x8, &(0x7f00000007c0)={0x8, 0x3}, 0x8, 0x10, &(0x7f0000000800)={0x2, 0x3, 0x15}, 0x10, r4, r5, 0x5, &(0x7f0000000c00)=[r6, r7, r8, r9, 0xffffffffffffffff, r10, 0x1], &(0x7f0000000c40)=[{0x5, 0x1, 0x10, 0x6}, {0x3, 0x3, 0x10, 0x7}, {0x0, 0x3, 0xa, 0xb}, {0x0, 0x5, 0xa, 0xb}, {0x2, 0x4, 0xf}], 0x10, 0x5}, 0x94)
recvmmsg(r2, &(0x7f00000008c0)=[{{&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @initdev}}, 0x80, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0x6}, {&(0x7f0000000140)=""/9, 0xa}, {&(0x7f0000000300)=""/225, 0x2}, {&(0x7f0000000400)=""/41, 0xfeb2}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f00000004c0)=""/203, 0xcb}], 0x6, &(0x7f0000000640)=""/123, 0x7b, 0x2000000}}, {{&(0x7f00000006c0), 0x80, &(0x7f0000000840), 0x0, &(0x7f0000000880)=""/24, 0xffffffffffffffe0}}], 0x2, 0xcb, &(0x7f0000008000)={0x0, 0x989680})

3.783340081s ago: executing program 5 (id=1684):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, 0x0)
r1 = creat(0x0, 0x40)
close(r1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000815}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000010003b1500000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="ede20000015001001800128008e35be70b85000100677470000c000280050006"], 0x38}, 0x1, 0x0, 0x0, 0x2000000}, 0x2400c080)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={0x0, 0x0, 0x4a}, 0x28)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000027c0)=@base={0x4, 0x4, 0x4, 0x10005}, 0x48)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000180)={r6, 0x58, &(0x7f0000000340)={0x0, <r7=>0x0}}, 0x10)
r8 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={r7}, 0xc)
close(r8)
syz_open_procfs(r3, &(0x7f0000000680)='net/rpc\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

3.686703051s ago: executing program 1 (id=1685):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
getpid()
socket(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
r5 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000800)="ebe3a0e979501a148a0d0b129e6cfd164772219d205e81f4a7f71c1926aae1efd7e005ed863f045cfe6cb55b5bb9fa6935849e6098ed884e7ccb12b672c9f097ca4fe035bbb00400304c09b0294272dfee37fec456574c41ea5cd3860cb2a72de2e1448fdb5f428f5c7fb8f40442d4b9b2bcfb8d5a8dd39ea038222eb4976f868eacd03f282aae735aac5ae16f460275a3f2369b477602669969c3590c7d10e93ebd81cff49585ef40e40b59bfb7a88e32e943f06a05ed228b0d4286d1290000000000000000000000a01e66c50d585ba50e67dd3be3a0a719dcea96541457145e4b4a6c21d882d84cd3934f8ec9f965cdc6f2db0ffe4f8c18948e19560414984363a1436389185e3cec0d7c86cdfb33fe512afd7a96609c0890e6bbe8383515301cf884c580bace7384d9162e5eb71c988c3245e9c2a5fb05aee3b304a1283c32d21ba59c406604b2c1bedef73b2b223ae90803032fe2ffcac3738ae129ec8ecfcfa2c3a6b7c81b810d9d1ed12da342f084ca38eca14b3e04113a39cc4b5e5415ba7ffc3b0732", 0x187}, {&(0x7f0000000b80)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a40000000000000400b3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459ba9dcf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b22eaf0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e20a85060fd22f76c0881d580a3dd605c7141cad1b86efab52a7c54e19d4eaf37a3e197c8d5de653d4c11398fcfd06364a7048a859499d", 0xff}, {&(0x7f00000009c0)="be7c1cae9fefed7e59316bed37f6eb36ec4ae1d442c67a5ebe9c15b771b531c47f64cab99da329281995ab70d9050519f74cd1e2452bb8cd6db0f53fd7704760879975a8bd737f94242292127be5fe50b61bfa175613e5ddf7e0591978478c7c6fa4657c18e7881159ee6f5707094c9c6deb12b31a2c7282ab105fcdb4c9b99ed9ed061fb4e29befe46a0ae9592863281e3ed4185d4eda3dcf06c92755b659704fc52bdf97fd89353966", 0xaa}, {&(0x7f0000001b40)="4a954034896272f3c1837f69f1370ea70df4f09105932b8cb5076227f09c20d2dc467a17b7339cb7114282b2ddb68d726b6eebf4892029dcc784686f77ddfdbf175bdce89e8e42d0b0ebfe287148448c95a8eaf7e0bed9c8e83d791e26cb40d2ae61ef3a1afbd4a2a331c1370ced667a9183bfd48c820302f65eeae54d48e6f699dfe037d911259b0cea2b9dbc88e20c217b087f90b5953b52a8c9b6ab6d760fcb05cd4fc87e81017c2b2722570cd502e6ebeb7342283d9e273c41ae49ac985dc31a457da73cb5962d71951c6c8cf71fcc1d36662bee1d22757f57a64b2fc693c1211443e854e35b97834309c055a03d6d7f77876a89413935d1b38aa39918b61fb0be3d15b807ef964d154ecef48b34ba5e2e84982ba5d57cdae2bc56ffb495740927efe23090a62315a36bb7d657080a125caa33afb76238cc10f637b6ccbcd0238a8380bc66129f6c7f6d1e5a91016140970fbaba33df1117f0b0ea2f263cc8c0ca25e1e9c1ddf7cb3cf700af96034538431926a9caa34566d879ff286f7418b055ed78cf7387cd2e4b8b308b4df731d2ac2b952e26e01a082533d0145532aad7726a85d292200d43ecb3b3ee4178bb75c4496c771d70effa84598e4443ccee1cd83554166b041886fbdec4011e4d8f879aa94861d959bf558b2bc8dc66fd25e51482370d3448db42ed079c8a0636da22a9aeb9911157da2ba8669bd3d0863bbe36928281df541e12c893e4bd1260439b2062a292d1ee78a7a704bd25fc958056cc1a974b46d148ff85f21b23b47d4e13e314f502e4734213f90e75a12f806c33309a7f4c0c063d769c17bf5f0c831541734fae6053649cd5a6e5e0fd10db97a27521712dadf5629080e2e8f9d73430b951d0b80c7677e45af22c932081724abf50fa4cc361dce6c719b52f8d9adae203a4de0ea2ac3a0c369ec2692d4b65530ebb4ab9d8fed7cb1931977b15a0eada94cf52285f9a7a5e8662137ff3c0efdaaaafde444019c0a2b0329147f4bfd54fadf164b858196163036b4827aaf8b72d70be73ba6efce543ebf348b3aae887782d64a538cc4886f1a4f99875139ad23ca771722c3a938e82024eff7271d5b772273179bbbf20079060c012407c1ad57a8819c79e5828fe600ec41390b544c8b2b7bcf709b46dbb519fa6d122e1b7759f6357cc69d95d7cf7861dba6315de9d00e3ba9a23c08541d7f00140b1d8152b33d37e8808b550e9b2b22374da6c31ca3ac6260d4c17022acf444cd7e29c8e4c3e58a8340049b3998c88c5aa02ea298c84a66983aa04269aa9f6bd506cfc496bfe6c87259b74b54ca78ba3bd1dfa2faca5eb1d7504edb70feebcc91bc7a15169aaa5b9b03cea3d92469a7e62c215f705281ec4d6880fe45e277a2a32b9b669d785a59b6a342ce0e790ae8e9cd474a2298ad99b54a2e14e17ee691fc35c09dc935fea97ea77caed56cade58ac87b68c554800f1dee949ab8288075bdc44b53dc3d34a5d859026c3398d8b3f85145ecaaa5c1431622878b1e854eb3a8cf0f7b26aaec739f4043dfd49fd3ea7425c281891974912105d7a3138a89fecb98d349c1a5b37763c1c0214a454a084e5fdc33858c75435201bd9a4c89159b6e19ad701b22106e0bd5892e84b29553767fb961add5f216d9e37e5bdf5ad86973b4b326b95bfb540e8cfb70a6311460e7caf787f5eac71bc3685efd851224e7184ba2dd5c64e1b0c8fa2b2e319a06f9eb2149fd68222fc7572bdb26122ec39c71183448841c578181099e9ebca26402f5abf54904bdb2983a90ce067ec1d2f70f7c91fdaf5384524552da0b91a311f019ad8fdf3b7272e3dc04a11454bdd2cf1d7a047a66700f7df361e030a4d33ba98a2d1038a8d71c5ae15dda988263cf8d4662f0d16f71a1b88ecd0255df5d44734ee37d97f2b98126c72c14dc4eeedf7d71d56f6fb543909bb3e4bf008b33af69f5e2a62eb0e428cb031fc3d09a50515b3c5611898b2e1e01bd47943d805d6566d4797dfa0b469defde972c64d3aeacf265949b20bba40b7edd6789561b47ccb40fa512acf6b787a4f63a855f9e2541286bf55c5a4b3312bfac4ecd6d88a0345c34cf0ecf70f8c752858a6a5dcb25eec46814fa3eb14dacb3176bc704ceeaab2e3cafcacd10de82efcc315c08495c1e3919c5608c08fb8634f1f1ec12d0e77c1ec8df2f8cc7fe055bb2943e5b0a7d7fb3bc83c29669d5ce0de79aa87a38be65b8eb4ed984ccf85c4ce6745036231c85dec52583bda10320c30e341bd9118d4cb95a9dad136a1d0b6702ace1f3d4b5ff30b90f7136cde152ffde33caea38ecc45a45ed4e34b43552ae7a588f67291ba96d3e3136726be589f124058c0769731449ac7232bc3f5c71342444d2b2c2cf110e35e3e49494e7ba2d202276f0f4b78921283826144a30352c84b51a9cd09546884ce2eed452ba2efb76c66bdfa4d83d9f783838d1e6c07674c159d909e6ae4ba275d23f29e19166d3381eb8ff00508955442176a804b36476a685b7966fa7541ee2ffc674291c22817cc7a1f2395dbcf604115d5666d007499d50ef6134f5de945a7bbc8bf1a9bece45edb26ff511776ad506712ac899ad2539b2c0ca990c4ad6c12f976da12479ed5685131cd8872f7b7aca6e986b63ab6b63cc4a8a9af4745c35ec8b4c76fe7f50b9dcb87396e6b608de38deaca930c53ef47f481fa80bbbe1d45a57a4a4c3b356006a89244a54c5339a5e79ef4988407b5f0eae0e6b39005abcad53a23dd1150ff1369aa20007425ff1a37bd75e161e815934feb5efd434faf68797db67dadbf91133b5a5c0800f4c6ae3019fb87b85221b3a970620063369e599c1c40ff4d223cc559769675c05201be3cc3a607f71456a54838c9dbd52fef9df42324c102231ee2febd2ee2c5b53c3f59ccd2bb0b128cc021740277a7618fb506b9899798fa3985abe781179520363693b3d74c90c3458b04b8d95d3d5ef7fdf353278654cb480f0c78fa5443a87868beca83c2404461ea28d5c68f6b03940eb467783e1989d5d4fef1b7217134d3b5579434a7c4a21e4e827c2f1169a729ca0df4882774ebcd9ace980de0db4a730bddf249cf11099ca60a0ac40c0239a591e0c2af26a4b4eaf7ad7bf8bb7e25ae859b0cdbf493817bce32a6f680f47fb5f62da49c8b115ecb5142f37a2a43e7ad834cc5c00ca895651a0aaeec179fd3d7da1557d85326ca9279731f079345fdfec2845f110812906689f085a38786a3b03f08861222aaca167d145884416de7b271ff39c62814cb6e6f8bcbc7834a49846a2c9ff775aac27ef37d1cc185519fe51343242690fee410d716495166d1bc7e592832cceeb9c345301af5bde1f392a00e67749f5dcebf34a38972736f9531d775d0005b46eb5710dc0a4b6ba15fcc44a9e41ad478b3b25ee3cb1240150bb7dc8e7d17afd094a901fa7581cd468717f791ddb97e22f9c787faa67828d28e485c6c81b804916de671eed7d8933604bae54c7b6678e9dc5bf1af9f572b40014283773a637bc2e99f1e46566c1561e0826343e0f838a8de01a6c0d33c7335e9602c52fd9611fb41099b0ead4e53386bd878be790aef5d5bdbba7c595ad39799f0c7d3fca83c225812a3d033118617ad85bde7fd7d68730abf5e66697255c7911d502beeb6b673e8a6deaac9e8d4c77711f7b5842826afc8cb762863e01c24bceff8812f832473b33baa694dacbf12b8d27bbb1dcf39c40210698d69e4d09310e23095318c35a281eca13261b7543825d1703142a3bc6759781832500cc31302ef814b636db26c73ec3809ca4d29d63641ed6f4255634093da3405b24ede0ba57e14eae40440d3ee41d79373a1cc6b7b06b11b37057a44d5cfd19ac49e67fe3a98c899b3f3a59272b22ff0a057799c75d4f8db0c6f0b3f6508eea0c3867d7f090a4c71386820ac94ac9b7458e11d4f7f5c6c0a4547662205deafa619715b5672116958812831941246d268f8521651bc477563dfd79cd0a3d3e1d6772a917a97637beb8c990879d1d611a059e39d98af3fa09df0aec25f094ec0e958b500739b4feb0d0c5c7c4d7a5a45ea476a746122bab17de1418c37031ac49aeef03446b6681283412ff1e48e198e7de5ee263e7bc3532fcef8b54a6df05c2dfe283a9f81a93c9dd03918662ad86b954e129215b2e802c57089fdb05183c34e531cb3fb92b49b16a10e441d03d90b4ffa702fd19d458d7b5f83620f9222e56005e611629d527c811c934b669ce6acdce6303fc7ca7f41acb4886c5845d195fb02e16d8553516375f3bc3fa0e96603642290cc0596009b292ab68b19741ca642ed81b3ab98dbc9edc249d9d40976cc877eaca85f11585ee4bff9120def03f572c02393179440bfb0c65a998570c21a37438c8c72fdfba65ce4c442e77b7797e4ddcd1887f9dc929e3302aa0368a55c6d38acee6c4c140e6518fbb9d72835d79e441b020d52ea8ead", 0xc5c}], 0x5, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

3.632224726s ago: executing program 0 (id=1686):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a50000000060a0b040000000000000000020000002400048020000180070001006374000014000280080001400000000108000240000000030900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a1d25b811141c11a4b1b407901e308479856800f058051275322e7b7162eccf122e09d9723fd3c7d8260aedcae8eb496d88f05bbcd4386aead53e7c17966ac672cc5c25b3ce500a81d1914c32f07d881862c746bf5ab97e9d423fd1c11dd6078210ec7218668a1169ceb1b976102015af8f514c65c8fdb72c00ded637f9f107f5db42329928a098a55840"], 0x78}, 0x1, 0x0, 0x0, 0x20000001}, 0x0)
syz_emit_ethernet(0xbe, &(0x7f0000000240)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x65, 0x0, 0x0, 0x3a, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @multicast1}, {0x8000, 0x4e21, 0x9c, 0x0, @wg=@initiation={0x1, 0x4, "4d69da731167d7d966ee21faaa03eed2fcd184b06096ac72a35bd79f33085cff", "8ab5c889a4e6354fcc0c08cefbf99d664efd3c8a05826e25c21d7545a95d84b968216436f9dfd65c9419725422b56d4f", "62c6fb8b65969e02ca79afa485fa585694f18c7cdd24aa7d1706404e", {"623b5806dc725f00007559c38d00", "951b0c4d673e28b18bcf08ed0b7e3a12"}}}}}}}, 0x0)
r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000180), 0x0, 0x300)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r2, 0xffffffff80000803, 0x0, &(0x7f00000000c0)={0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x9, 0x9, 0x0, 0x0, 0xde})
syz_emit_ethernet(0xfffffffffffffdf7, &(0x7f0000000580)={@broadcast, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @source_quench={0x4, 0x0, 0x0, 0x0, {0x0, 0x4, 0x0, 0x18, 0xe, 0x68, 0x0, 0x3c, 0xc, 0x2, @local, @rand_addr=0x64010102, {[@ra, @end, @end, @generic={0x89, 0x0, "156df5667b5346beb92e131620ff0c17"}, @generic={0x89}]}}}}}}}, 0x0)
ioctl$USBDEVFS_WAIT_FOR_RESUME(r2, 0x5523)
getuid()
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1e00000000000000ff070000d433000000000000", @ANYRES32, @ANYBLOB="00000080000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0100000003000000000000000600"/28], 0x48)
r3 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r3, 0xc0505510, &(0x7f0000000680)={0x19604b9, 0x7, 0xffffffff, 0x80, &(0x7f0000000f80)=[{}, {}, {}, {}, {}, {}, {}]})
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @thr={&(0x7f0000000c80)="d2bedd242a9e4b45e8f9b86a694e13affd1cd1a386c6718725613027490f25667f4762d9da14041d89643bb184b1b18ec8ab097296a173668d055b4c9e02a5ffaa591befd0dac3b889f415b8d6a6d1d8d00212b3ceda4a4dea11942a7b4fe921bc34d49c366f5df883a20e0bcdf01ae196ed202af68eb424ec05abc0e8f5e912c36cc15c77f5abbe8ff7e469222e7fc7c3495b6fc72619637485114d1ba93ff7d36bfc2fb1a6211cbedf05d02e186ed2f447ee74b95f610b77b4708c9776a474fb3d444f86af853c4a5622c118b29b462fd066d9", &(0x7f0000000d80)="c0b7467cc04b2a5abb76b9f94480f7aee1d4347a5a909b8bc97654e787830be9f4ace8ce11343288d2b849146f148ca94b8905a4ee82b0cf51ba40117755819630efbfaee81a0752ac73b91358e70032cc2a4551db9a4c335f4a3d920c72d6c107be2e49d35285bf43a8792e6b6dea5035009c961d92de28403ff2a923fa5937355fcd494148cb5267847ea886a543885210bef47452e57a380b948326a88b6e98ae41492e34b59e8f4db68be515860f7d"}}, &(0x7f0000bbdffc))
write$rfkill(r2, &(0x7f00000001c0)={0x5, 0x7, 0x0, 0x1}, 0x8)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000004a050000000000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{}, {0x0, 0x989680}}, 0x0)
r5 = mq_open(&(0x7f0000000700)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a\x00\x00\x00\x00\x00\x00\b69k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\x01\x00\x00\x00a%\xdcQ\xb3CuT\xccO\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2{\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x15\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|\x00\x17\xc0\xa3\xd5\xf9\xaa\x98/\xa4v\xe4)I\xf3+[e\x95\x89\x99\xca\x8e\xc5\xd3\\T\xf0\x1a|5\xfff\xff\x99\xa4\xbb\x9e#oR\xa4\xf1\xba\x04c\xb3-\xf7R\xb8\xb5\xb5\xdb\xe9?\t/\xdf\xb4R\xbfx=\v_j\x8e\xb0\'\xf4\xe5\xff!\xe1\xbf\x82e\xb1\x9b\x8d\xf3L\t\xd21\x9cbwV\xc8\xcc\xe4\x96M_w\xbc\xdf9\b\r\xf6\x95\xae\xb5,\x92\x8c\xc0DQm\x80\xd1w\xa2\x1a\x12Z\xe5\xf4H\xf7D\n\x96J\x93\xfb\xf0$\x9f\xf7\xa2\xae$O\xa3\xb6\xf5\x98\xd3\v\x00\x86\xa5\x8b\x81\x04\xaf\x03s\x00\x00\x00\x00\x01\x00\x00\x00\x17\x8b\xed\xa7\'\xd0\r\x9f|\x00\x00\x00\x00\x00\x00%\xb9\x88\xb8W@D\'\x17A\xc8\x80\x02J\xd4V\x00wH(\xc5v\f\xc9\xb5\xdf..$\xe6P(_\xf1\'\xc1:\xa3\xd1\xc7\x13\x99Md\x1dc\xf1\'j\x03!\x13\xd1\xb8\xbf\xe6\xb2M\b/\rp\xa5\x00\x00\x00\x00^\x9f\x85\xcf\x8f>\"\r\xdc+\xb8\x1a\xc4xb\t\x9acUg\xb7\xbd A\xc0\xa9c\xde\x0e\xa6\x1a\xf1\xe1\xab0\xa8\xc3\x18#k\v\xb5\x13\xd6\f\x85h\x94\xad\"\x9d\xdc\xda\x97@\xff\x03\x00\x00\x00\x00\x00\x00\xbaP\x86%\xf5\xe0S\x80\x12wYmRf/\xfe\xfcS\xf8x\x01\x8b\xc2\x9dS\xf8\xdc\x88\xd6\f<U\xc6\xe8\x80\xed\xc0\x92\x8b5\x86\xfc\xd023\x01\x03\xcb\xcf \xa1\x87l\xe8\xb6\xce\x92\x93%\xd4\x9a\xd24\x80\xca+\xdd\xad\x9d\xf2S\xe9\x93^\xd7\xcb(c!\xaf\xd4r\x83A\x15\x9f\x13e^\xde\xf2o\xa2V\xe1\x15\xcb\xe5$\xfb\xc5|uL/N^\x1aML\n\xdc\xb8\b\xbc\xf7\xdbV|\xfb\xa6\xe47\xb6\xdda\x10yJ\xba#\x1a\xdc\xd3\x10\xc6\x7f\xda\xf7h3\xb8\xbc\xcd L\xeb\xeb\xc8\x8c\xbb\v\x9d\xde(\xfa\xc6\xdb\xf8\x16q\x1e\x8dK\x1c\xe1@\t\xcblS\xe6\xd1B\xa1\xf3Kr\xa2\xad[>\x0f\xa2F\xf2\x1e\xc8\xf6\xe5\xa4\x7f\x80\xb1L^\xbd\xc9t\\\x10\x85\x88\x93\xbd=?\x9e=\x9a!\x7f\xd5O\xfc<\x87\xa3\xe6mR\x9a\x00\x00', 0x40, 0xdd, 0x0)
fcntl$setlease(r5, 0x400, 0x0)
mq_open(&(0x7f0000000b40)='eth0\x00\xdd\xad4=2k\xf1\x05\x9b\x91y\xe1;F\xa2\x8df\xe9\x04\x00\x00\x00\x00\x0078z=\x8f\xd5F\xa4AR\xc7\x9f.\xdc\xdb\"A\x16\xd8\x19\xf1lZ\xc8\x93\xda\xf2\xc9\xe8h[u8\xc6\xfa\x9ep\xbe\a\xe2\xf5\xa3Y\x9f\xe1\x04gM\x99K$\r\xf1G\xee\xe1\xbd\x1e\xdf\xe1\x9c\x19\xda\xd3\x94EL\xca\x88\x85Q\x02\xd9L\x90\xeb%/\xb1\xeb\x11uP7\x1f\xd9b\xebF\xf8\x88\xf0\xac.\x94\xfc\v\xb1W\xef~+n\xb1\x9b\x02n]xr\xb3\x80\xbc>\xe8XX\xe6\x12\xf3\xc9\xd5\xf8\xd1\x8d\xcb9\xbf\xb0(<\xeb\x92\x8a\x16\xb7\x11^\xb6\xb7n\xd5\xb5\x00[\xdf\x94\x00\r\x95\x17\xa1h\xf8\x00\x00\x00\"\xa0\x05\xcc^\x90c\xc9}\xb8\ny\xf4\xe1\xb4.\xa4\a\x05\xbb}\x91\xf4C\xf5O\xf1a\x12\b\x86\xa16\xbb}C\xc9\x1d\\\xedD\x14\xb1w\x1e\xa0\xc1E\xb5\xf8\xab\xfb\xd9\x93\xb8vJ\x85p\xb5n\x1b\xe4\xd5g\xae\xe4\xeb\xca\xae\x1bs\xd4\xf0\xc0\xdag\x19R4\xd4\xd4\x04\xfc\x04Zb\xf6\xba\xf8B\xf6YU\xcd\xf2\xdb\xb5\xa2\xda\xdf\x8dD\xef`\x13\x15$\xceq\xd7j\xd7\xe3V\xf2\xa2\x95\xcf\x18T\xf1\xb0\xf3\xf8O', 0x1, 0x0, 0x0)
ioctl$SNDCTL_SEQ_RESETSAMPLES(r2, 0x40045109, &(0x7f0000000300)=0x80000001)
mq_unlink(&(0x7f0000000340)='eth0\x00')
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140), 0x2, &(0x7f0000000e40)={[{@uuid_on}, {@uuid_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
ioctl$SNDCTL_SEQ_RESETSAMPLES(r2, 0x40045109, &(0x7f0000000a80)=0x40)
msgget(0x2, 0x400)
write$vga_arbiter(r1, &(0x7f0000000100)=@other={'unlock', ' ', 'none'}, 0xc)

3.019866014s ago: executing program 4 (id=1687):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_UNIQUE(r0, 0xc0106401, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r1, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0], 0x0, 0x21, &(0x7f0000000240), 0x0, 0x10, &(0x7f0000000280), &(0x7f00000002c0), 0x8, 0xe2, 0x8, 0x8, &(0x7f0000000300)}}, 0x10)
openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r2, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000a00)={0x0, @in6={{0xa, 0x4e23, 0x0, @loopback}}, 0x100, 0x0, 0xf401, 0x0, 0x54}, 0x9c)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x10040, 0xd)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r3, 0xc0406618, &(0x7f0000000380)={@id={0x2, 0x0, @auto="37e74b0051e83fbf9a7ae4da481c9948"}})
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001400)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x800, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1b400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8}]}}}]}, 0x3c}}, 0x0)
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r8 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f00000001c0)='source', &(0x7f0000000740)='//\xf2b\x06\b\xba\xdfXo\xdc\xea\x95/\x82\x10\x97W\x8f7\x98\x9b/Q9\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\\\\///\xff\xea\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o\xe5\xa8Q\xc9\xe75Q\xea\xd8\xa2=F\x9b\x8f\x8d\xfc\' {e\x949X\xda\xe8H\x1a\x85\xd7%\x93?w}\xfb\xd9t\xea\xbb\xbe\x9b\\\xd7\xd7\xd4\xe2\xd6c(`(r\xd2\xb1G\xe3\xda&\xca\xaa\xba\v\xc5\xa3H\xb1\x11G\xab\xa2\x1f\xa0\xc3\xd9\xcd\xfb\x1a,\x13S\xf1\xfe\xe5F\xf4\xfb\xc8|\x89\x0fNq\x97J\xb9J\x88S\xc5\xb8\x12\x93\xbe\xb9b\xc7\xbc\x03\x03.E\xab\x82\x1c\xbc1\x9d\x14\xfa\x1f\xdd\x1e*\x03`\x91\xe8x\x0f\x05\x1e\xf5\xbfNo\xd4\x0f]S\x85\x89@\xa9f\x05\xfe\x9fkM\xa5\xf6\xc2\x04\xbf\xc7', 0x0)

2.715317863s ago: executing program 3 (id=1688):
r0 = socket$netlink(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5}, 0x48)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0xdd860600, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0xec, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3, 0xb}, [@IFLA_AF_SPEC={0xcc, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @local}]}, @AF_INET={0xb0, 0x2, 0x0, 0x1, {0x9, 0x1, 0x0, 0x1, [{0xc}, {0x8}, {0x1b}, {0x8}, {0x8}]}}, @AF_INET={0x18, 0x2, 0x0, 0x1, {0x14}}, @AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}]}, @AF_INET={0x28, 0x2, 0x0, 0x1, {0x24, 0x1, 0x0, 0x1, [{0x8}, {0x8}, {0x8}, {0x8}]}}, @AF_MPLS={0x4}, @AF_INET6={0x0, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_ADDR_GEN_MODE, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_TOKEN={0x0, 0x7, @mcast2}, @IFLA_INET6_TOKEN={0x0, 0x7, @rand_addr=' \x01\x00'}, @IFLA_INET6_TOKEN={0x0, 0x7, @dev}, @IFLA_INET6_ADDR_GEN_MODE={0x48}, @IFLA_INET6_ADDR_GEN_MODE]}, @AF_MPLS={0x4}]}]}, 0xec}}, 0x0) (fail_nth: 10)

858.450778ms ago: executing program 1 (id=1689):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
map_shadow_stack(&(0x7f00008fb000/0x3000)=nil, 0x3000, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x4800, 0x10)
clock_settime(0x0, &(0x7f0000000240)={0x77359400})
clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0x8, 0x80000000, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6})
eventfd2(0x4, 0x0)
r5 = timerfd_create(0x0, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r5}})
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000000)={0x40, 0x0, 0xfd, 0x60fa})
r6 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r6, &(0x7f0000000200)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000009, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

719.963951ms ago: executing program 3 (id=1690):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x48814}, 0x14000012)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r1, 0x89f8, &(0x7f00000000c0)={'erspan0\x00', &(0x7f0000000200)={'gre0\x00', <r2=>0x0, 0x8, 0x1, 0x8000, 0x6, {{0x1d, 0x4, 0x3, 0x2, 0x74, 0x66, 0x0, 0x8, 0x2f, 0x0, @remote, @private=0xa010102, {[@timestamp_prespec={0x44, 0x34, 0x3b, 0x3, 0x8, [{@loopback, 0xa}, {@broadcast, 0x2}, {@multicast2, 0x9}, {@multicast1, 0x62}, {@local, 0xe}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xffffba3e}]}, @cipso={0x86, 0x10, 0x3, [{0x7, 0xa, "e88a81f3064cd132"}]}, @noop, @ssrr={0x89, 0x1b, 0xc9, [@rand_addr=0x64010100, @empty, @private=0xa010102, @broadcast, @empty, @remote]}]}}}}})
sendmsg$nl_route(r1, &(0x7f0000001400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)=@newneigh={0x5c, 0x1c, 0x20, 0x70bd29, 0x25dfdbfb, {0x7, 0x0, 0x0, r2, 0x40, 0x2}, [@NDA_PROTOCOL={0x5, 0xc, 0x81}, @NDA_FDB_EXT_ATTRS={0x28, 0xe, 0x0, 0x1, [@NFEA_DONT_REFRESH={0x4}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x6}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0xbe}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x3}, @NFEA_ACTIVITY_NOTIFY={0x5, 0x1, 0x70}]}, @NDA_FLAGS_EXT={0x8}, @NDA_MASTER={0x8, 0x9, 0x4}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x40000)
write(r1, &(0x7f0000000100)="5ecda2ecd9ffb98eba48f86b31e4549593ac321dfaead1085456a80aa82c1505d7b17503eff080a4bfe3ea", 0x2b)
recvmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/4116, 0x1014}], 0x1}}], 0x1, 0x10041, 0x0)

695.70837ms ago: executing program 4 (id=1691):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c)
listen(r0, 0x3)
syz_emit_ethernet(0x56, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x7, 0x9}]}}}}}}}}, 0x0)
syz_emit_ethernet(0x56, &(0x7f0000000580)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00d600", 0x20, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x2, 0x8, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0x2, 0x300}]}}}}}}}}, 0x0)

662.367039ms ago: executing program 0 (id=1692):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000002240)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0020000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000000000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26ffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87867c000006146001e04aeacea799a22a2fa798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f86bb47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de736bb6d43db8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a1f2c28159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad91935a6ddfa8f90e79321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0977e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c25a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b20dc7de058a4dfa7e85a8bdf1d41a2d8bda74d66f47cc180f82c5f573c1f860d050d694cc7806d294d3665016a7b29da0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4aff2066bb5d40887c58559b7dcb98a6273b8c651e57f727041c62cea5b7bd24d9f679e4fbe948dfb4cc4a389469608241630459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7b9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b83720eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb89872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9539f5096412b92012e095b84c20243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d0000002000000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebed161980f2fde4f9ef679dbfae9fb4a79f8a836804ed3a1079b0282a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec780f535e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e9338c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc3600040543a34b195c6a8fc054282cd41b264906d5a9fad98c308e39bd5ffb6151d79c1cee1cd102e3c8e63e9fba05e3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92fe7f791e8f6429309d6adab4b7e508e4bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458542b14f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534ee8e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e9dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af41000000000000007f5ab0d534b8d63e4ca3be71f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a1759782e4c571ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af0be61e58c79d497247d278888901d442ad7f8536607a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733097f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd00000000007271e28ef6806bc8e139c49b91c76bea3858f7f05b47d3e519f1634e8fbd8d31330d89069f9648a2ff93060ff073b3a113e47edf76f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb560ae99e85b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee627e949c68b3a4a426a996d503a26e9a714ee5f72d8805dd1bfbd081f6a5359dbdfbf31a562395020becaf3fd1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f40fa2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff428aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4b28288e78980c1184d8223edbc4bf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e817433d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b5524642c248aa813edaa626f0000000000000000000000000000000003ba5bac34b611569a451564d3a5400f9097ffe7a37e765bc652be71ee24250d6d9cf19878dd62c53062d6000c409de6a6135eae8a00000000008d797190a26c933f933aff5c521eeb7a84a62d148a846e74e76b515b6b8be29e8b69310fa130cf6d6b74f33205d3cc218ca554ed8085ae044f5bf2e89ad07963acbd4dd4dc5b4552591edde7a22ad06f7567e6fec2f65011b579bf609d61a3ff4d6f490824bb035995449fc34106ae6889f036d67b6aaee784f855ebc746ac871b5d2031ac0a252ac1f86e93e245f3793cea80b6de773899d49d11d3b1ed79163b111c976cf840a2ef6214a43338fba8c9edb6be26e68fcc5d47ed74a66ce8aba726ab955b9b32ab1890e84a5e2d7476252af25e5c95c5a8b2b1b5c8a2645b017d23c0f169d6ab529cc889bb07889d9e155114cf3e26a50c527ec6d4021cd2cacfea6d7e41e39e26b3967cad65c648b170f12ea9cc69dcee64be0c27b1f4f7f5ce3e62c35602c9d2921326891901661c85b9ee4a0a0b9636bef4c23788494f094abb91ed813b42828aa93105896e0aee851a8087e169a1d69e841257d9053d0cdc3a6ac4f12084cc6470abebe8b344b1f56690a2687b428686c854c21831da277e8b8a21b7b91a46d22ba083eca7b1f8268048cde7d6f237dca42035881b29ca9c8c2937971821b613894297ff6f7796053a4de1fd77e180cc22b205d43bb4a1b59962c1f605ea1b74587100e8d579f157cb45561c357f9976cec6a43388b3049a0d9c171ff6145266ba119d00000000001ef3794a930eb12f3a6215c510bf0bca70c127e9c70cc7bef921249a7f18a0034ce3264a9e96656b47233e2ed7c76520e649c3fd550bdafd77c5cd72b4446d3e157ddd97e7622a6891fb739acd3b2cdaf65ac78490f0641be6e8c6f55bf3d228786895ff5fd5970faacd8a5025aca0aa1931f477ba06aa60051298c8bf7f3b399194f98dc3f4e8513ad06da09dc393c1284515986b8c70ac69512f6c0c04f42edb3a097a11f2ab480e3e391abffae097752300576337c6dd24c4a98280684aa1fe8c7b43ee8bce05fe979b34da18cdb44dbb030b8009cd3b3b44fd8e7b534acd3f1839cb54817668ab446d3d47848429ea831a57f26c8b05dedddceb24483f8f998b05c3ddf85c3799c9000000000000000000000000001e57cf839eb3150d6a076fb7b86fae98dbb46014f483aecb4ec4f0877371bcae8912c78aff857c669760f0e55041563c5c3e8ee4a0eef885fd43fe34a1febc82370d1d07fdfe705ada4764320889000000000000000000000000000000a790af4fc17872b55b10db99e212d18193235659df45627da300959eafc8bfb44f70d250f8f2e86532700254c9a8b14999f59c8b9034c4bb2448eaeff5db21d4a7f3d974790d4c3cba7c402f50585b9289d86400679e5c2bcacb2841ca074d51fdb4a29e84d72b6c996cfbee06aa52cd63"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41, 0x0, 0x0, 0x0, 0x0}}, 0x10)

387.907536ms ago: executing program 5 (id=1693):
socket$nl_generic(0x10, 0x3, 0x10)
openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000040)=0x6)
openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x101503, 0x0)
ioctl$FBIOBLANK(r1, 0x4611, 0x3)
socketpair$unix(0x1, 0xdff7ad1d37e55f9c, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000018c0)={'team0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x49920d862a92153b, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x41, 0x15001}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gtp={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}]}}}, @IFLA_MASTER={0x8, 0xa, r5}]}, 0x40}}, 0x4008080)
socket(0x2, 0x80805, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000380))
openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f00000000c0)=0x102, 0x4)
r7 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000200), 0x82002, 0x0)
ioctl$SNDCTL_DSP_SYNC(r7, 0x80045017, 0x1000000000000)
connect$inet(r6, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r6, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

151.51388ms ago: executing program 3 (id=1694):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x20d00, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
exit(0x9)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
unshare(0x2c020400)
r3 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x5885, 0x100, 0x0, 0xffeffc03}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000240)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x32, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r3, 0x351e, 0x483, 0x0, 0x0, 0x0)
r6 = getpid()
sched_setscheduler(r6, 0x1, &(0x7f0000000400)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
keyctl$get_persistent(0x16, 0xee00, 0xffffffffffffffff)
openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
socket(0x1d, 0x2, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000032680)=""/102400, 0x19000)
socket$netlink(0x10, 0x3, 0x9)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0)

85.199866ms ago: executing program 4 (id=1695):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffff"], 0x6c}}, 0x0) (async)
r1 = gettid() (async)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r2, &(0x7f0000000000)={0x1f, 0x5, @none, 0x0, 0x2}, 0xe) (async)
listen(r2, 0xa1)
accept4$bt_l2cap(r2, 0x0, 0x0, 0x0) (async)
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async, rerun: 32)
clock_gettime(0x0, &(0x7f00000000c0)={<r3=>0x0, <r4=>0x0}) (rerun: 32)
timerfd_settime(0xffffffffffffffff, 0x7, &(0x7f0000000100)={{r3, r4+10000000}}, &(0x7f0000000140))
rt_sigqueueinfo(r1, 0xe, &(0x7f0000000040)={0x7, 0xfff, 0x7})
shutdown(r2, 0x1)

0s ago: executing program 0 (id=1696):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_COMPAT_GET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000000b010800000000000000000200000a0800034000000001050001000000000008000240008c8d8cb1622cc2000001"], 0x2c}, 0x1, 0x0, 0x0, 0x4008040}, 0x80)

kernel console output (not intermixed with test programs):

ber 42 using dummy_hcd
[  406.010487][   T30] audit: type=1326 audit(1752353637.508:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.325161][   T24] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  406.356922][   T30] audit: type=1326 audit(1752353637.508:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.440317][   T43] usb 2-1: Using ep0 maxpacket: 32
[  406.448918][   T43] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  406.460185][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  406.468350][   T30] audit: type=1326 audit(1752353637.518:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.494681][   T43] usb 2-1: config 0 descriptor??
[  406.499861][   T30] audit: type=1326 audit(1752353637.518:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.577773][   T43] as10x_usb: device has been detected
[  406.584653][   T43] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  406.598984][   T30] audit: type=1326 audit(1752353637.518:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.631511][   T43] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  406.644365][   T43] as10x_usb: error during firmware upload part1
[  406.650843][   T30] audit: type=1326 audit(1752353637.518:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.674784][   T43] Registered device nBox DVB-T Dongle
[  406.677549][   T30] audit: type=1326 audit(1752353637.528:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.771097][   T30] audit: type=1326 audit(1752353637.528:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10763 comm="syz.2.1285" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bf4d8e929 code=0x7ffc0000
[  406.819760][   T30] audit: type=1800 audit(1752353638.318:890): pid=10776 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.2.1287" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  408.111788][   T43] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  408.399414][   T43] usb 4-1: Using ep0 maxpacket: 32
[  408.492666][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  408.508090][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  408.519959][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  408.530304][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  408.543735][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  408.557515][   T43] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  408.567090][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.575542][   T43] usb 4-1: Product: syz
[  408.579771][   T43] usb 4-1: Manufacturer: syz
[  408.585112][   T43] usb 4-1: SerialNumber: syz
[  408.592402][   T43] usb 4-1: config 0 descriptor??
[  408.736504][  T976] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  408.745127][ T5944] usb 2-1: USB disconnect, device number 42
[  408.764006][ T5944] Unregistered device nBox DVB-T Dongle
[  408.765171][ T5944] as10x_usb: device has been disconnected
[  408.800353][ T5881] usb 1-1: new high-speed USB device number 47 using dummy_hcd
[  408.830278][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  408.903366][  T976] usb 3-1: Using ep0 maxpacket: 8
[  408.911702][  T976] usb 3-1: unable to get BOS descriptor or descriptor too short
[  408.921449][  T976] usb 3-1: config 1 has an invalid descriptor of length 129, skipping remainder of the config
[  408.932193][  T976] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1
[  408.944453][  T976] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  408.953833][  T976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.961932][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  408.967456][  T976] usb 3-1: Product: syz
[  408.971900][  T976] usb 3-1: Manufacturer: syz
[  408.976723][  T976] usb 3-1: SerialNumber: syz
[  408.983588][ T5881] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  408.995135][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.006678][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  409.016726][   T43] input input42: Device does not respond to id packet M
[  409.025922][ T5881] usb 1-1: config 0 descriptor??
[  409.026597][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  409.051046][   T43] input input42: Device does not respond to id packet P
[  409.051662][ T5881] as10x_usb: device has been detected
[  409.064027][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  409.068684][ T5881] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  409.070029][   T43] input input42: Device does not respond to id packet B
[  409.102593][   T43] input input42: Limiting number of effects to 32 (device reports 109)
[  409.108499][ T5881] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  409.138592][ T5881] as10x_usb: error during firmware upload part1
[  409.145560][ T5881] Registered device nBox DVB-T Dongle
[  409.562840][T10810] netlink: 176 bytes leftover after parsing attributes in process `syz.2.1296'.
[  409.602816][T10828] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  410.021513][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  410.064460][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  410.078390][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  410.087421][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  410.096097][   T43] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input42
[  410.122149][   T43] usb 4-1: USB disconnect, device number 46
[  411.269442][T10846] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1305'.
[  411.278471][T10846] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1305'.
[  411.434091][  T976] usb 3-1: USB disconnect, device number 45
[  411.617662][ T5895] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  411.632458][ T5944] usb 1-1: USB disconnect, device number 47
[  411.658985][ T5944] Unregistered device nBox DVB-T Dongle
[  411.670865][ T5944] as10x_usb: device has been disconnected
[  411.688502][T10854] netlink: 'syz.0.1308': attribute type 16 has an invalid length.
[  411.696597][T10854] netlink: 'syz.0.1308': attribute type 17 has an invalid length.
[  411.870240][ T5895] usb 2-1: Using ep0 maxpacket: 8
[  411.876797][ T5895] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  411.886336][ T5895] usb 2-1: config 0 has no interface number 0
[  411.892927][ T5895] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  411.904143][ T5895] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  411.963150][ T5895] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  412.886562][ T5895] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  412.923830][ T5895] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  413.610453][ T5895] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.618692][ T5895] usb 2-1: Product: syz
[  413.674912][ T5895] usb 2-1: Manufacturer: syz
[  413.696251][T10865] netlink: 'syz.4.1312': attribute type 10 has an invalid length.
[  413.704263][ T5895] usb 2-1: SerialNumber: syz
[  413.722510][T10865] bridge0: port 2(bridge_slave_1) entered disabled state
[  413.730218][T10865] bridge0: port 1(bridge_slave_0) entered disabled state
[  413.787497][ T5895] usb 2-1: config 0 descriptor??
[  413.871993][   T43] kernel write not supported for file /dsp1 (pid: 43 comm: kworker/1:1)
[  414.017394][ T5895] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial=42424242 interface=186 now attached to iowarrior0
[  414.031113][T10867] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1311'.
[  414.190546][   T43] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  414.601723][   T43] usb 4-1: Using ep0 maxpacket: 32
[  414.670476][   T43] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  414.692820][   T24] usb 2-1: USB disconnect, device number 43
[  414.692940][    C0] iowarrior 2-1:0.186: iowarrior_callback - usb_submit_urb failed with result -19
[  414.745474][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  414.767418][T10867] could not allocate digest TFM handle crct10dif-arm64-ce
[  414.819850][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  414.831009][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  414.842343][   T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  414.865742][   T43] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  414.883239][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  414.906205][   T43] usb 4-1: Product: syz
[  414.914544][   T43] usb 4-1: Manufacturer: syz
[  414.920283][   T43] usb 4-1: SerialNumber: syz
[  414.931443][   T43] usb 4-1: config 0 descriptor??
[  415.230266][   T24] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  415.375774][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  415.382088][   T24] usb 2-1: Using ep0 maxpacket: 8
[  415.395679][   T43] input input43: Device does not respond to id packet M
[  415.417675][   T24] usb 2-1: config 0 has an invalid interface number: 186 but max is 0
[  415.440998][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  415.463557][   T24] usb 2-1: config 0 has no interface number 0
[  415.470919][   T43] input input43: Device does not respond to id packet P
[  415.480815][   T43] iforce 4-1:0.0: usb_submit_urb failed: -32
[  415.489077][   T24] usb 2-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  415.500828][   T43] input input43: Device does not respond to id packet B
[  415.511403][   T43] input input43: Limiting number of effects to 32 (device reports 109)
[  415.520334][   T24] usb 2-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  415.533730][   T24] usb 2-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  415.545630][   T24] usb 2-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  415.576130][   T24] usb 2-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5
[  415.586306][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.594512][   T24] usb 2-1: Product: syz
[  415.599373][   T24] usb 2-1: Manufacturer: syz
[  415.604212][   T24] usb 2-1: SerialNumber: syz
[  415.647214][   T24] usb 2-1: config 0 descriptor??
[  415.742969][   T24] iowarrior 2-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0
[  415.946710][T10894] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  415.990554][ T5944] usb 2-1: USB disconnect, device number 44
[  416.421157][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  416.913954][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  416.920546][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  416.926941][   T43] iforce 4-1:0.0: usb_submit_urb failed: -71
[  416.935198][   T43] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input43
[  416.958741][   T43] usb 4-1: USB disconnect, device number 47
[  417.170825][T10907] netlink: 'syz.1.1324': attribute type 1 has an invalid length.
[  417.178746][T10907] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1324'.
[  417.480704][T10909] IPVS: Error joining to the multicast group
[  417.632078][T10909] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  417.706294][T10909] Device name cannot be null; rc = [-22]
[  418.007084][   T43] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[  418.236826][   T43] usb 1-1: config 1 has an invalid interface number: 2 but max is 1
[  418.275155][   T43] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  418.386335][   T43] usb 1-1: config 1 has 3 interfaces, different from the descriptor's value: 2
[  418.471606][   T43] usb 1-1: config 1 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  418.493290][   T43] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  418.552894][   T43] usb 1-1: config 1 interface 0 has no altsetting 0
[  418.559544][   T43] usb 1-1: config 1 interface 1 has no altsetting 0
[  418.622868][   T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  418.638339][T10920] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1330'.
[  418.679252][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.743271][   T43] usb 1-1: Product: syz
[  418.783317][   T43] usb 1-1: Manufacturer: syz
[  418.817994][   T43] usb 1-1: SerialNumber: syz
[  419.779065][   T43] usb 1-1: USB disconnect, device number 48
[  419.882446][T10931] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  420.920383][ T5895] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[  421.100788][ T5895] usb 1-1: Using ep0 maxpacket: 32
[  421.111358][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  421.125286][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  421.138992][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  421.152916][ T5895] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  421.162656][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  421.181324][T10949] input: syz1 as /devices/virtual/input/input45
[  421.187975][ T5895] usb 1-1: config 0 descriptor??
[  421.194674][T10944] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  421.226850][ T5895] hub 1-1:0.0: USB hub found
[  421.338037][T10951] FAULT_INJECTION: forcing a failure.
[  421.338037][T10951] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.361289][T10951] CPU: 0 UID: 0 PID: 10951 Comm: syz.3.1338 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  421.361318][T10951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.361328][T10951] Call Trace:
[  421.361334][T10951]  <TASK>
[  421.361341][T10951]  dump_stack_lvl+0x16c/0x1f0
[  421.361370][T10951]  should_fail_ex+0x512/0x640
[  421.361397][T10951]  _copy_from_user+0x2e/0xd0
[  421.361421][T10951]  kstrtouint_from_user+0xd6/0x1d0
[  421.361439][T10951]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  421.361458][T10951]  ? __lock_acquire+0xb8a/0x1c90
[  421.361484][T10951]  proc_fail_nth_write+0x83/0x250
[  421.361507][T10951]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  421.361535][T10951]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  421.361554][T10951]  vfs_write+0x29d/0x1150
[  421.361578][T10951]  ? __pfx___mutex_lock+0x10/0x10
[  421.361602][T10951]  ? __pfx_vfs_write+0x10/0x10
[  421.361630][T10951]  ? __fget_files+0x20e/0x3c0
[  421.361655][T10951]  ksys_write+0x12a/0x250
[  421.361676][T10951]  ? __pfx_ksys_write+0x10/0x10
[  421.361704][T10951]  do_syscall_64+0xcd/0x4c0
[  421.361730][T10951]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.361746][T10951] RIP: 0033:0x7f291ff8d3df
[  421.361761][T10951] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  421.361777][T10951] RSP: 002b:00007f2920edc030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  421.361793][T10951] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f291ff8d3df
[  421.361804][T10951] RDX: 0000000000000001 RSI: 00007f2920edc0a0 RDI: 0000000000000005
[  421.361813][T10951] RBP: 00007f2920edc090 R08: 0000000000000000 R09: 0000000000000000
[  421.361823][T10951] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  421.361831][T10951] R13: 0000000000000000 R14: 00007f29201b5fa0 R15: 00007ffccf2099e8
[  421.361855][T10951]  </TASK>
[  421.369333][ T6041] udevd[6041]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  421.410800][ T5895] hub 1-1:0.0: 2 ports detected
[  421.630293][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  421.630313][   T30] audit: type=1400 audit(1752353653.128:892): avc:  denied  { append } for  pid=10952 comm="syz.1.1339" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  422.098044][T10970] O3ãc¤±: renamed from bridge_slave_0 (while UP)
[  422.325236][T10972] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  422.335594][T10972] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  422.365454][ T5895] hub 1-1:0.0: set hub depth failed
[  422.376641][ T5895] usb 1-1: USB disconnect, device number 49
[  422.570370][ T5944] usb 2-1: new low-speed USB device number 45 using dummy_hcd
[  422.626169][   T30] audit: type=1400 audit(1752353654.178:893): avc:  denied  { name_bind } for  pid=10976 comm="syz.3.1344" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  422.627326][T10977] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1344'.
[  422.646949][    C1] vkms_vblank_simulate: vblank timer overrun
[  422.668123][T10977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1344'.
[  422.671163][   T30] audit: type=1400 audit(1752353654.178:894): avc:  denied  { node_bind } for  pid=10976 comm="syz.3.1344" saddr=ff01::1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  422.698918][    C1] vkms_vblank_simulate: vblank timer overrun
[  422.730247][ T5944] usb 2-1: device descriptor read/64, error -71
[  422.869294][   T30] audit: type=1400 audit(1752353654.418:895): avc:  denied  { ioctl } for  pid=10980 comm="syz.4.1345" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  422.990382][ T5944] usb 2-1: new low-speed USB device number 46 using dummy_hcd
[  423.146205][ T5895] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  423.243790][ T5895] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  423.252841][ T5944] usb 2-1: device descriptor read/64, error -71
[  423.378136][ T5895] hid-generic 0000:0004:0034.000D: unknown main item tag 0x0
[  423.425466][ T5944] usb usb2-port1: attempt power cycle
[  423.746697][ T5895] hid-generic 0000:0004:0034.000D: hidraw0: <UNKNOWN> HID v0.0e Device [syz0] on syz1
[  423.910470][ T5944] usb 2-1: new low-speed USB device number 47 using dummy_hcd
[  424.031848][ T5944] usb 2-1: device descriptor read/8, error -71
[  424.041771][T10985] fido_id[10985]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  424.310262][ T5944] usb 2-1: new low-speed USB device number 48 using dummy_hcd
[  424.342654][ T5944] usb 2-1: device descriptor read/8, error -71
[  424.460173][   T43] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  424.460384][ T5944] usb usb2-port1: unable to enumerate USB device
[  424.620188][   T43] usb 4-1: Using ep0 maxpacket: 32
[  424.632361][   T43] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  424.651339][   T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.670969][   T43] usb 4-1: config 0 descriptor??
[  424.694958][   T43] as10x_usb: device has been detected
[  424.700983][   T43] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  424.733387][   T43] usb 4-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  424.754240][   T43] as10x_usb: error during firmware upload part1
[  424.770678][   T43] Registered device nBox DVB-T Dongle
[  425.548782][T11005] libceph: resolve '4' (ret=-3): failed
[  426.422584][T11016] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1357'.
[  426.715071][T11023] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1360'.
[  426.728965][T11023] gretap0: entered promiscuous mode
[  426.950900][   T30] audit: type=1326 audit(1752353658.438:896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.212252][   T30] audit: type=1326 audit(1752353658.438:897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.273036][ T5944] usb 4-1: USB disconnect, device number 48
[  427.298863][ T5944] Unregistered device nBox DVB-T Dongle
[  427.302583][ T5944] as10x_usb: device has been disconnected
[  427.336733][   T30] audit: type=1326 audit(1752353658.438:898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.484952][   T30] audit: type=1326 audit(1752353658.438:899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.579725][  T976] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  427.642129][   T30] audit: type=1326 audit(1752353658.438:900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.666360][   T30] audit: type=1326 audit(1752353658.448:901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.692069][   T30] audit: type=1326 audit(1752353658.448:902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  427.760322][  T976] usb 1-1: Using ep0 maxpacket: 16
[  427.930744][  T976] usb 1-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=c5.66
[  428.082168][   T30] audit: type=1326 audit(1752353658.448:903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11019 comm="syz.1.1359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fead398e929 code=0x7ffc0000
[  428.126262][  T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  428.172733][  T976] usb 1-1: config 0 descriptor??
[  428.226324][  T976] usb 1-1: invalid MIDI EP
[  428.239781][  T976] usb 1-1: snd-bcd2000: error during probing
[  428.431145][  T976] snd-bcd2000 1-1:0.0: probe with driver snd-bcd2000 failed with error -22
[  430.250216][   T43] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  430.431274][   T43] usb 2-1: Using ep0 maxpacket: 32
[  430.445043][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  430.458384][   T43] usb 2-1: config 0 has an invalid interface number: 126 but max is 0
[  430.467151][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  430.476761][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  430.485059][   T43] usb 2-1: config 0 has no interface number 0
[  430.492964][   T43] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  430.504155][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  430.518936][   T30] audit: type=1400 audit(1752353662.058:904): avc:  denied  { connect } for  pid=11054 comm="syz.4.1367" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  430.539275][   T43] usb 2-1: config 0 interface 126 altsetting 16 endpoint 0x82 has invalid maxpacket 12336, setting to 1024
[  430.551194][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  430.565349][   T43] usb 2-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 1024
[  430.576806][   T43] usb 2-1: config 0 interface 126 has no altsetting 0
[  430.586807][   T30] audit: type=1400 audit(1752353662.138:905): avc:  denied  { mounton } for  pid=11067 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  430.616336][   T43] usb 2-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  430.625698][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.634259][   T43] usb 2-1: Product: syz
[  430.638694][   T43] usb 2-1: Manufacturer: syz
[  430.643813][   T43] usb 2-1: SerialNumber: syz
[  430.671886][   T43] usb 2-1: config 0 descriptor??
[  430.677703][T11064] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  430.685554][T11064] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  430.876140][ T6308] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.904197][T11067] lo speed is unknown, defaulting to 1000
[  430.934614][   T43] ir_usb 2-1:0.126: IR Dongle converter detected
[  430.984676][   T43] usb 2-1: IRDA class descriptor not found, device not bound
[  431.054390][   T43] usb 2-1: USB disconnect, device number 49
[  431.058137][ T6308] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.306208][ T6308] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.955424][ T6308] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.061446][   T24] usb 1-1: USB disconnect, device number 50
[  432.103699][T11095] overlayfs: failed to resolve './file0': -2
[  432.259100][T11067] chnl_net:caif_netlink_parms(): no params data found
[  432.354276][ T6308] bridge_slave_1: left allmulticast mode
[  432.370357][ T6308] bridge_slave_1: left promiscuous mode
[  432.378832][ T6308] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.380298][   T43] usb 4-1: new low-speed USB device number 49 using dummy_hcd
[  432.397240][ T6308] bridge_slave_0: left allmulticast mode
[  432.403217][ T6308] bridge_slave_0: left promiscuous mode
[  432.408966][ T6308] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.451050][  T976] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  432.563220][   T43] usb 4-1: unable to get BOS descriptor or descriptor too short
[  432.581366][   T43] usb 4-1: config 1 interface 0 altsetting 207 endpoint 0x81 has invalid maxpacket 16, setting to 8
[  432.596349][   T43] usb 4-1: config 1 interface 0 has no altsetting 0
[  432.610172][  T976] usb 2-1: Using ep0 maxpacket: 32
[  432.623863][  T976] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  432.654972][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  432.669441][   T43] usb 4-1: language id specifier not provided by device, defaulting to English
[  432.677647][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  432.688220][ T5844] Bluetooth: hci5: command tx timeout
[  432.711063][   T43] usb 4-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  432.711700][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  432.724425][   T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.739455][   T43] usb 4-1: Manufacturer: 㬋ﮬ뜞䆌ᙳᾴ⢓�ᜃ램닆芚פֿᥘ掎묗䷄㪭毦祒ꂄ⪕㇗ሑ땃㢽꺗ꪒ悓䒬簾�딶�羔⊽�︮疊㭶笠�闣韩仔齄撎랙椱ᩊ๿匼�疂䄨蛽홺嘬㶱〡糒솜�嫳��滃帔蚚幾캧�았깽╜틻㳃뜧ࠩ�躉렉옶辵�芓徂�
[  432.783450][T11099] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  432.913788][  T976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  432.927191][  T976] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  432.937928][  T976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  432.951658][  T976] usb 2-1: Product: syz
[  432.955896][  T976] usb 2-1: Manufacturer: syz
[  432.960880][  T976] usb 2-1: SerialNumber: syz
[  432.983212][  T976] usb 2-1: config 0 descriptor??
[  433.033460][T11099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  433.043580][T11099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  433.055739][T11099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  433.065882][T11099] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  433.074350][ T6308] : left promiscuous mode
[  433.125827][T11067] bridge0: port 1(bridge_slave_0) entered blocking state
[  433.134809][T11067] bridge0: port 1(bridge_slave_0) entered disabled state
[  433.143045][T11067] bridge_slave_0: entered allmulticast mode
[  433.152454][T11067] bridge_slave_0: entered promiscuous mode
[  433.161821][T11067] bridge0: port 2(bridge_slave_1) entered blocking state
[  433.170518][T11067] bridge0: port 2(bridge_slave_1) entered disabled state
[  433.178632][T11067] bridge_slave_1: entered allmulticast mode
[  433.188990][T11067] bridge_slave_1: entered promiscuous mode
[  433.196678][   T43] usbhid 4-1:1.0: can't add hid device: -71
[  433.211782][   T43] usbhid 4-1:1.0: probe with driver usbhid failed with error -71
[  433.249680][   T43] usb 4-1: USB disconnect, device number 49
[  433.394797][T11067] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  433.402734][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  433.419358][  T976] input input46: Device does not respond to id packet M
[  433.423174][T11067] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  433.431729][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  433.455111][  T976] input input46: Device does not respond to id packet P
[  433.477513][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  433.486275][  T976] input input46: Device does not respond to id packet B
[  433.506400][  T976] input input46: Limiting number of effects to 32 (device reports 109)
[  433.545391][T11067] team0: Port device team_slave_0 added
[  433.595686][T11067] team0: Port device team_slave_1 added
[  433.640719][T11067] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.648423][T11067] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.676535][T11067] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.720258][ T6308] hsr_slave_0: left promiscuous mode
[  433.740392][ T6308] hsr_slave_1: left promiscuous mode
[  433.802247][ T6308] veth1_vlan: left promiscuous mode
[  433.818169][ T6308] veth0_vlan: left promiscuous mode
[  434.107721][T11143] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  434.400582][T11151] 9pnet_fd: Insufficient options for proto=fd
[  434.544852][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  434.544868][   T30] audit: type=1400 audit(1752353666.088:907): avc:  denied  { getopt } for  pid=11158 comm="syz.0.1389" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  434.607215][  T976] iforce 2-1:0.0: usb_submit_urb failed: -110
[  434.629623][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  434.650213][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  434.663614][  T976] iforce 2-1:0.0: usb_submit_urb failed: -32
[  434.679793][  T976] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input46
[  434.752361][ T5844] Bluetooth: hci5: command tx timeout
[  434.839655][T11164] netlink: 'syz.4.1391': attribute type 10 has an invalid length.
[  435.002695][ T6308] team0 (unregistering): Port device team_slave_1 removed
[  435.040778][ T6308] team0 (unregistering): Port device team_slave_0 removed
[  435.408842][T11067] batman_adv: batadv0: Adding interface: batadv_slave_1
[  435.445095][T11067] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  435.501369][T11067] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  435.535823][T11139] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.543519][T11139] batman_adv: batadv0: Removing interface: batadv_slave_0
[  435.552086][T11139] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  435.559554][T11139] batman_adv: batadv0: Removing interface: batadv_slave_1
[  435.574723][T11139] bond0: (slave batadv0): Releasing backup interface
[  435.615482][ T5902] lo speed is unknown, defaulting to 1000
[  435.626901][ T5902] infiniband syz0: ib_query_port failed (-19)
[  435.640657][T11170] vlan2: entered allmulticast mode
[  435.660446][ T5881] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[  435.680297][T11164] team0: Port device dummy0 added
[  435.732390][ T5895] usb 2-1: USB disconnect, device number 50
[  435.812005][ T5881] usb 1-1: Using ep0 maxpacket: 8
[  435.822802][   T30] audit: type=1400 audit(1752353667.378:908): avc:  granted  { setsecparam } for  pid=11178 comm="syz.4.1393" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  435.907077][T11067] hsr_slave_0: entered promiscuous mode
[  435.924902][T11067] hsr_slave_1: entered promiscuous mode
[  435.958856][ T5881] usb 1-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2
[  435.972871][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.984142][ T5881] usb 1-1: Product: syz
[  435.989698][ T5881] usb 1-1: Manufacturer: syz
[  435.994618][ T5881] usb 1-1: SerialNumber: syz
[  436.018410][ T5881] usb 1-1: config 0 descriptor??
[  436.561221][T11185] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1393'.
[  436.778003][ T5881] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  436.830765][ T5844] Bluetooth: hci5: command tx timeout
[  436.940182][   T30] audit: type=1326 audit(1752353668.478:909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  436.984108][T11191] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1395'.
[  437.002520][   T30] audit: type=1326 audit(1752353668.478:910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.076331][   T30] audit: type=1326 audit(1752353668.478:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.231281][   T30] audit: type=1326 audit(1752353668.478:912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.255162][  T117] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  437.380224][   T30] audit: type=1326 audit(1752353668.478:913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.410314][   T30] audit: type=1326 audit(1752353668.478:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.440165][   T30] audit: type=1326 audit(1752353668.478:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.470154][  T117] usb 2-1: Using ep0 maxpacket: 32
[  437.475429][   T30] audit: type=1326 audit(1752353668.478:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11187 comm="syz.4.1395" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f888598e929 code=0x7ffc0000
[  437.502513][T11067] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  437.511334][  T117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.522557][  T117] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.533851][  T117] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  437.550351][  T117] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[  437.559428][  T117] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.628245][T11067] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  437.816496][  T117] usb 2-1: config 0 descriptor??
[  437.838939][T11067] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  437.889189][T11067] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  438.047381][T11067] 8021q: adding VLAN 0 to HW filter on device bond0
[  438.062226][ T5881] gspca_sunplus: reg_w_riv err -71
[  438.080029][ T5881] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  438.116348][ T5881] usb 1-1: USB disconnect, device number 51
[  438.142783][T11067] 8021q: adding VLAN 0 to HW filter on device team0
[  438.162461][  T117] usbhid 2-1:0.0: can't add hid device: -71
[  438.168465][  T117] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  438.189086][T10960] bridge0: port 1(bridge_slave_0) entered blocking state
[  438.196325][T10960] bridge0: port 1(bridge_slave_0) entered forwarding state
[  438.717847][T10960] bridge0: port 2(bridge_slave_1) entered blocking state
[  438.726346][T10960] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.726900][  T117] usb 2-1: USB disconnect, device number 51
[  438.775554][T11067] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  438.786933][T11067] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  438.919642][ T5844] Bluetooth: hci5: command tx timeout
[  439.479527][T11067] 8021q: adding VLAN 0 to HW filter on device batadv0
[  439.582450][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  439.609575][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  440.013209][T11259] sp0: Synchronizing with TNC
[  440.025050][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  440.025064][   T30] audit: type=1400 audit(1752353671.578:931): avc:  denied  { setattr } for  pid=11267 comm="syz.3.1407" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  440.135668][   T30] audit: type=1400 audit(1752353671.668:932): avc:  denied  { mounton } for  pid=11267 comm="syz.3.1407" path="/298/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  441.249271][T11067] veth0_vlan: entered promiscuous mode
[  441.279100][T11296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1413'.
[  441.547984][T11301] FAULT_INJECTION: forcing a failure.
[  441.547984][T11301] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  441.561090][T11301] CPU: 1 UID: 0 PID: 11301 Comm: syz.0.1414 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  441.561114][T11301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  441.561124][T11301] Call Trace:
[  441.561135][T11301]  <TASK>
[  441.561141][T11301]  dump_stack_lvl+0x16c/0x1f0
[  441.561171][T11301]  should_fail_ex+0x512/0x640
[  441.561197][T11301]  _copy_to_user+0x32/0xd0
[  441.561225][T11301]  simple_read_from_buffer+0xcb/0x170
[  441.561250][T11301]  proc_fail_nth_read+0x197/0x270
[  441.561269][T11301]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  441.561287][T11301]  ? rw_verify_area+0xcf/0x680
[  441.561303][T11301]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  441.561319][T11301]  vfs_read+0x1e4/0xc60
[  441.561338][T11301]  ? __pfx___mutex_lock+0x10/0x10
[  441.561357][T11301]  ? __pfx_vfs_read+0x10/0x10
[  441.561378][T11301]  ? __fget_files+0x20e/0x3c0
[  441.561402][T11301]  ksys_read+0x12a/0x250
[  441.561417][T11301]  ? __pfx_ksys_read+0x10/0x10
[  441.561438][T11301]  do_syscall_64+0xcd/0x4c0
[  441.561458][T11301]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.561472][T11301] RIP: 0033:0x7fc37e98d33c
[  441.561483][T11301] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  441.561495][T11301] RSP: 002b:00007fc37f7d8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  441.561508][T11301] RAX: ffffffffffffffda RBX: 00007fc37ebb6080 RCX: 00007fc37e98d33c
[  441.561516][T11301] RDX: 000000000000000f RSI: 00007fc37f7d80a0 RDI: 0000000000000008
[  441.561524][T11301] RBP: 00007fc37f7d8090 R08: 0000000000000000 R09: 0000000000000000
[  441.561532][T11301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  441.561539][T11301] R13: 0000000000000000 R14: 00007fc37ebb6080 R15: 00007ffc01d86d98
[  441.561557][T11301]  </TASK>
[  442.230976][T11067] veth1_vlan: entered promiscuous mode
[  442.255144][T11067] veth0_macvtap: entered promiscuous mode
[  442.264507][T11067] veth1_macvtap: entered promiscuous mode
[  442.287630][T11296] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.295484][T11296] bridge0: port 1(O3ãc¤±) entered disabled state
[  442.399724][T11067] batman_adv: batadv0: Interface activated: batadv_slave_0
[  442.478596][T11067] batman_adv: batadv0: Interface activated: batadv_slave_1
[  442.507178][T11067] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  442.522551][T11067] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  442.533249][T11067] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  442.542349][T11067] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  442.740198][   T43] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  442.910237][   T43] usb 2-1: Using ep0 maxpacket: 32
[  442.961594][   T43] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  443.015621][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.184456][   T43] usb 2-1: Product: syz
[  443.239579][   T43] usb 2-1: Manufacturer: syz
[  443.310040][   T43] usb 2-1: SerialNumber: syz
[  443.461345][   T43] usb 2-1: config 0 descriptor??
[  443.489817][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  443.499471][   T43] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  443.509820][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  443.548813][  T183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  443.559316][  T183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  443.567458][   T30] audit: type=1400 audit(1752353675.118:933): avc:  denied  { setattr } for  pid=11329 comm="syz.3.1425" name="/" dev="9p" ino=7016996765293437283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=blk_file permissive=1
[  443.592546][   T30] audit: type=1400 audit(1752353675.128:934): avc:  denied  { getopt } for  pid=11329 comm="syz.3.1425" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  443.617253][   T30] audit: type=1400 audit(1752353675.148:935): avc:  denied  { mounton } for  pid=11067 comm="syz-executor" path="/root/syzkaller.oEdzO2/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  443.653147][   T30] audit: type=1400 audit(1752353675.208:936): avc:  denied  { mount } for  pid=11067 comm="syz-executor" name="/" dev="gadgetfs" ino=5832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  443.700256][ T5895] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[  443.700802][   T30] audit: type=1400 audit(1752353675.228:937): avc:  denied  { mounton } for  pid=11067 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  443.826269][   T43] gspca_topro: reg_w err -71
[  443.856773][T11339] FAULT_INJECTION: forcing a failure.
[  443.856773][T11339] name failslab, interval 1, probability 0, space 0, times 0
[  443.879660][T11339] CPU: 0 UID: 0 PID: 11339 Comm: syz.3.1426 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  443.879684][T11339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  443.879694][T11339] Call Trace:
[  443.879700][T11339]  <TASK>
[  443.879706][T11339]  dump_stack_lvl+0x16c/0x1f0
[  443.879735][T11339]  should_fail_ex+0x512/0x640
[  443.879757][T11339]  ? __kvmalloc_node_noprof+0x124/0x620
[  443.879781][T11339]  should_failslab+0xc2/0x120
[  443.879806][T11339]  __kvmalloc_node_noprof+0x137/0x620
[  443.879826][T11339]  ? lockdep_init_map_type+0x5c/0x280
[  443.879843][T11339]  ? alloc_netdev_mqs+0xb5b/0x1570
[  443.879878][T11339]  ? alloc_netdev_mqs+0xb5b/0x1570
[  443.879899][T11339]  alloc_netdev_mqs+0xb5b/0x1570
[  443.879923][T11339]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.879949][T11339]  rtnl_create_link+0xc08/0xf90
[  443.879976][T11339]  rtnl_newlink+0xb69/0x2000
[  443.880007][T11339]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.880052][T11339]  ? rcu_is_watching+0x12/0xc0
[  443.880075][T11339]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  443.880097][T11339]  ? lockdep_hardirqs_on+0x7c/0x110
[  443.880117][T11339]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  443.880137][T11339]  ? rcu_preempt_deferred_qs_irqrestore+0x4f5/0xbc0
[  443.880161][T11339]  ? __pfx_rtnl_newlink+0x10/0x10
[  443.880184][T11339]  rtnetlink_rcv_msg+0x95b/0xe90
[  443.880210][T11339]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.880239][T11339]  ? __pfx___schedule+0x10/0x10
[  443.880259][T11339]  ? lockdep_hardirqs_on+0x7c/0x110
[  443.880286][T11339]  netlink_rcv_skb+0x158/0x420
[  443.880302][T11339]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  443.880328][T11339]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  443.880363][T11339]  netlink_unicast+0x58a/0x850
[  443.880382][T11339]  ? __pfx_netlink_unicast+0x10/0x10
[  443.880405][T11339]  netlink_sendmsg+0x8d1/0xdd0
[  443.880426][T11339]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.880452][T11339]  ____sys_sendmsg+0xa95/0xc70
[  443.880470][T11339]  ? copy_msghdr_from_user+0x10a/0x160
[  443.880490][T11339]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.880508][T11339]  ? __lock_acquire+0xb8a/0x1c90
[  443.880530][T11339]  ___sys_sendmsg+0x134/0x1d0
[  443.880553][T11339]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.880606][T11339]  __sys_sendmsg+0x16d/0x220
[  443.880630][T11339]  ? __pfx___sys_sendmsg+0x10/0x10
[  443.880651][T11339]  ? __pfx___schedule+0x10/0x10
[  443.880688][T11339]  do_syscall_64+0xcd/0x4c0
[  443.880715][T11339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.880733][T11339] RIP: 0033:0x7f291ff8e929
[  443.880748][T11339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.880763][T11339] RSP: 002b:00007f2920ebb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.880778][T11339] RAX: ffffffffffffffda RBX: 00007f29201b6080 RCX: 00007f291ff8e929
[  443.880789][T11339] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006
[  443.880799][T11339] RBP: 00007f2920ebb090 R08: 0000000000000000 R09: 0000000000000000
[  443.880809][T11339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  443.880819][T11339] R13: 0000000000000000 R14: 00007f29201b6080 R15: 00007ffccf2099e8
[  443.880840][T11339]  </TASK>
[  443.887358][   T30] audit: type=1400 audit(1752353675.348:938): avc:  denied  { override_creds } for  pid=11317 comm="syz.1.1420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  443.893182][ T5895] usb 1-1: device descriptor read/64, error -71
[  443.906463][   T43] gspca_topro: Sensor soi763a
[  444.284693][   T43] usb 2-1: USB disconnect, device number 52
[  444.429186][ T5895] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[  444.620648][ T5895] usb 1-1: device descriptor read/64, error -71
[  444.731328][ T5895] usb usb1-port1: attempt power cycle
[  444.821795][   T43] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  444.960162][   T43] usb 4-1: device descriptor read/64, error -71
[  445.063955][  T117] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  445.080414][ T5895] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[  445.100976][ T5895] usb 1-1: device descriptor read/8, error -71
[  445.220374][   T43] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  445.245414][  T117] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  445.254964][  T117] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.264555][  T117] usb 2-1: Product: syz
[  445.269073][  T117] usb 2-1: Manufacturer: syz
[  445.275918][  T117] usb 2-1: SerialNumber: syz
[  445.290659][  T117] usb 2-1: config 0 descriptor??
[  445.340174][ T5895] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  445.350249][   T43] usb 4-1: device descriptor read/64, error -71
[  445.370767][ T5895] usb 1-1: device descriptor read/8, error -71
[  445.470483][   T43] usb usb4-port1: attempt power cycle
[  445.480912][ T5895] usb usb1-port1: unable to enumerate USB device
[  445.724972][  T117] usb 2-1: Firmware version (0.0) predates our first public release.
[  445.740165][  T117] usb 2-1: Please update to version 0.2 or newer
[  445.755586][  T117] usb 2-1: Firmware: build û-‰(AŒñY„e
:؇�(YEy»©-K–/ɻʼ
[  445.842049][   T43] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  446.040233][   T30] audit: type=1400 audit(1752353677.568:939): avc:  denied  { map } for  pid=11356 comm="syz.1.1429" path="socket:[32381]" dev="sockfs" ino=32381 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  446.328643][  T117] usb 2-1: USB disconnect, device number 53
[  446.335821][   T43] usb 4-1: device descriptor read/8, error -71
[  446.600709][   T43] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  446.622969][T11419] netlink: 'syz.4.1434': attribute type 1 has an invalid length.
[  446.640041][T11420] netlink: 'syz.4.1434': attribute type 1 has an invalid length.
[  446.899391][T11423] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  447.465803][   T43] usb 4-1: device descriptor read/8, error -71
[  447.609357][   T43] usb usb4-port1: unable to enumerate USB device
[  447.993492][T11441] FAULT_INJECTION: forcing a failure.
[  447.993492][T11441] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.200259][T11441] CPU: 1 UID: 0 PID: 11441 Comm: syz.5.1440 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  448.200286][T11441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  448.200295][T11441] Call Trace:
[  448.200301][T11441]  <TASK>
[  448.200308][T11441]  dump_stack_lvl+0x16c/0x1f0
[  448.200339][T11441]  should_fail_ex+0x512/0x640
[  448.200365][T11441]  _copy_to_user+0x32/0xd0
[  448.200393][T11441]  simple_read_from_buffer+0xcb/0x170
[  448.200418][T11441]  proc_fail_nth_read+0x197/0x270
[  448.200441][T11441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  448.200464][T11441]  ? rw_verify_area+0xcf/0x680
[  448.200480][T11441]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  448.200496][T11441]  vfs_read+0x1e4/0xc60
[  448.200519][T11441]  ? __pfx___mutex_lock+0x10/0x10
[  448.200543][T11441]  ? __pfx_vfs_read+0x10/0x10
[  448.200568][T11441]  ? __fget_files+0x20e/0x3c0
[  448.200594][T11441]  ksys_read+0x12a/0x250
[  448.200614][T11441]  ? __pfx_ksys_read+0x10/0x10
[  448.200642][T11441]  do_syscall_64+0xcd/0x4c0
[  448.200666][T11441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.200683][T11441] RIP: 0033:0x7f6afa98d33c
[  448.200696][T11441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  448.200721][T11441] RSP: 002b:00007f6afb725030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  448.200738][T11441] RAX: ffffffffffffffda RBX: 00007f6afabb5fa0 RCX: 00007f6afa98d33c
[  448.200748][T11441] RDX: 000000000000000f RSI: 00007f6afb7250a0 RDI: 0000000000000004
[  448.200758][T11441] RBP: 00007f6afb725090 R08: 0000000000000000 R09: 0000000000000000
[  448.200767][T11441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  448.200777][T11441] R13: 0000000000000000 R14: 00007f6afabb5fa0 R15: 00007ffdcb212638
[  448.200799][T11441]  </TASK>
[  448.201642][ T5944] usb 2-1: new full-speed USB device number 54 using dummy_hcd
[  448.720299][T11455] netlink: 'syz.5.1442': attribute type 13 has an invalid length.
[  449.237220][ T5944] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  449.245567][ T5944] usb 2-1: config 0 has no interface number 0
[  449.253963][ T5944] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  449.682151][ T5944] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  449.691695][ T5944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.699727][ T5944] usb 2-1: Product: syz
[  449.706001][ T5944] usb 2-1: Manufacturer: syz
[  449.754118][ T5944] usb 2-1: SerialNumber: syz
[  449.772510][T11455] bridge0: port 2(bridge_slave_1) entered disabled state
[  449.781422][T11455] bridge0: port 1(bridge_slave_0) entered disabled state
[  449.790325][    C1] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  449.822222][ T5944] usb 2-1: config 0 descriptor??
[  450.051266][ T5944] usbtouchscreen 2-1:0.214: Failed to read FW rev: -32
[  450.070843][ T5944] usbtouchscreen 2-1:0.214: probe with driver usbtouchscreen failed with error -32
[  451.168974][T11481] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in;
[  451.168974][T11481]    program syz.0.1444 not setting count and/or reply_len properly
[  451.357984][ T5910] usb 2-1: USB disconnect, device number 54
[  451.542286][T11487] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  452.054631][T11455] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  452.071698][T11455] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  452.159833][ T5910] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  452.339079][T11455] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  452.371234][T11455] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  452.408673][T11455] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  452.417904][ T5910] usb 4-1: Using ep0 maxpacket: 32
[  452.419366][ T5910] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  452.460127][ T5910] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  452.469582][T11455] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  452.471208][ T5910] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  452.488876][ T5910] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.550847][ T5910] usb 4-1: Product: syz
[  452.560278][ T5910] usb 4-1: Manufacturer: syz
[  452.565346][ T5910] usb 4-1: SerialNumber: syz
[  452.581531][ T5910] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  452.610490][ T5910] usb 4-1: no configuration chosen from 1 choice
[  452.856746][T11494] veth1_to_team: entered promiscuous mode
[  452.956144][T11494] bond_slave_0: entered promiscuous mode
[  452.982823][T11494] bond_slave_0: left promiscuous mode
[  453.445075][T11494] veth1_to_team: left promiscuous mode
[  454.852387][ T5944] usb 4-1: USB disconnect, device number 54
[  454.900981][T11534] tmpfs: Bad value for 'mpol'
[  455.405915][   T30] audit: type=1400 audit(1752353686.958:940): avc:  denied  { bind } for  pid=11537 comm="syz.1.1461" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  456.510539][T11555] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(8)
[  456.517100][T11555] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  456.530213][T11553] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  456.536734][T11553] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  456.583633][T11555] vhci_hcd vhci_hcd.0: Device attached
[  456.636478][   T30] audit: type=1400 audit(1752353688.178:941): avc:  denied  { name_connect } for  pid=11562 comm="syz.5.1469" dest=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=sctp_socket permissive=1
[  456.636537][T11559] vhci_hcd vhci_hcd.0: pdev(1) rhport(2) sockfd(11)
[  456.664647][T11559] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  456.672528][T11553] vhci_hcd vhci_hcd.0: Device attached
[  456.776686][T11559] vhci_hcd vhci_hcd.0: Device attached
[  456.840477][ T5944] vhci_hcd: vhci_device speed not set
[  457.384345][ T5944] usb 35-2: new full-speed USB device number 2 using vhci_hcd
[  458.630666][   T30] audit: type=1400 audit(1752353690.188:942): avc:  denied  { map } for  pid=11586 comm="syz.3.1472" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  458.653987][   T30] audit: type=1400 audit(1752353690.198:943): avc:  denied  { execute } for  pid=11586 comm="syz.3.1472" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  458.679307][   T30] audit: type=1400 audit(1752353690.228:944): avc:  denied  { mounton } for  pid=11588 comm="syz.4.1473" path="/286/file0" dev="gadgetfs" ino=5832 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=dir permissive=1
[  458.703859][T11589] overlayfs: failed to clone lowerpath
[  458.813152][T11560] vhci_hcd: connection closed
[  458.814830][   T36] vhci_hcd: stop threads
[  458.835420][T11557] vhci_hcd: connection reset by peer
[  458.840883][T11554] vhci_hcd: connection closed
[  458.858577][   T36] vhci_hcd: release socket
[  458.886394][   T36] vhci_hcd: disconnect device
[  458.900682][   T30] audit: type=1400 audit(1752353690.448:945): avc:  denied  { unmount } for  pid=5833 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  458.932515][   T36] vhci_hcd: stop threads
[  458.937644][   T36] vhci_hcd: release socket
[  458.982028][   T36] vhci_hcd: disconnect device
[  458.996139][   T36] vhci_hcd: stop threads
[  459.015790][   T36] vhci_hcd: release socket
[  459.016124][T11599] tipc: Started in network mode
[  459.058884][   T36] vhci_hcd: disconnect device
[  459.065097][T11599] tipc: Node identity 1, cluster identity 4711
[  459.072149][T11599] tipc: Node number set to 1
[  459.078388][T11599] tipc: Cannot configure node identity twice
[  459.631521][   T30] audit: type=1400 audit(1752353691.178:946): avc:  denied  { setopt } for  pid=11617 comm="syz.0.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  462.500334][ T5944] vhci_hcd: vhci_device speed not set
[  495.904399][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e0d80 returned -22
[  495.914954][T11747] binder: 11746:11747 ioctl c0709411 2000000e0f80 returned -22
[  495.924331][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e1040 returned -22
[  495.933666][T11747] binder: 11746:11747 ioctl d0009411 2000000e1240 returned -22
[  495.943772][T11747] binder: 11746:11747 ioctl d000943e 2000000e2240 returned -22
[  495.958196][T11747] binder: 11746:11747 ioctl c0709411 2000000e4240 returned -22
[  495.976666][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e42c0 returned -22
[  496.004638][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e44c0 returned -22
[  496.016141][T11750] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1482'.
[  496.025793][T11750] bridge_slave_1: left allmulticast mode
[  496.035079][T11750] bridge_slave_1: left promiscuous mode
[  496.041170][T11750] bridge0: port 2(bridge_slave_1) entered disabled state
[  496.063527][T11750] O3ãc¤±: left allmulticast mode
[  496.075957][T11750] O3ãc¤±: left promiscuous mode
[  496.091679][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e46c0 returned -22
[  496.854182][T11750] bridge0: port 1(O3ãc¤±) entered disabled state
[  496.951294][T11747] binder: 11746:11747 ioctl d000943d 2000000e48c0 returned -22
[  496.982416][T11747] binder: 11746:11747 ioctl c0709411 200000000140 returned -22
[  497.008673][T11747] binder: 11746:11747 ioctl d000943d 2000000e5940 returned -22
[  497.026616][T11755] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1486'.
[  497.036125][T11747] binder: 11746:11747 ioctl c0709411 2000000e6940 returned -22
[  497.050218][T11747] binder: 11746:11747 ioctl 81f8943c 2000000e6a00 returned -22
[  497.060270][T11747] binder: 11746:11747 ioctl d000943d 2000000e6c00 returned -22
[  497.074117][T11755] netlink: 'syz.5.1486': attribute type 4 has an invalid length.
[  497.339944][T11767] futex_wake_op: syz.1.1489 tries to shift op by 36; fix this program
[  497.773779][T11780] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1494'.
[  497.784710][T11780] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  497.801857][  T117] usb 1-1: new low-speed USB device number 56 using dummy_hcd
[  498.281593][  T117] usb 1-1: config 0 has an invalid descriptor of length 189, skipping remainder of the config
[  498.302284][  T117] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  498.302974][T11793] mkiss: ax0: crc mode is auto.
[  498.320264][  T117] usb 1-1: New USB device found, idVendor=0f30, idProduct=0111, bcdDevice= 0.00
[  498.330562][  T117] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.365661][  T117] usb 1-1: config 0 descriptor??
[  498.736620][T11804] vlan3: entered promiscuous mode
[  498.741791][T11804] bridge0: entered promiscuous mode
[  498.749043][T11804] vlan3: entered allmulticast mode
[  498.756830][T11804] bridge0: entered allmulticast mode
[  499.430193][ T5881] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  499.562288][ T5881] usb 2-1: device descriptor read/64, error -71
[  499.852665][ T5895] usb 1-1: USB disconnect, device number 56
[  499.884897][   T30] audit: type=1326 audit(1752353731.438:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  499.900222][ T5881] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  499.909696][   T30] audit: type=1326 audit(1752353731.438:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  499.942812][   T30] audit: type=1326 audit(1752353731.438:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  499.966986][   T30] audit: type=1326 audit(1752353731.438:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  499.992512][   T30] audit: type=1326 audit(1752353731.438:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.016631][   T30] audit: type=1326 audit(1752353731.438:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.040749][   T30] audit: type=1326 audit(1752353731.438:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.064571][   T30] audit: type=1326 audit(1752353731.438:954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.072402][ T5881] usb 2-1: device descriptor read/64, error -71
[  500.088914][   T30] audit: type=1326 audit(1752353731.438:955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.119779][   T30] audit: type=1326 audit(1752353731.438:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11831 comm="syz.0.1512" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x7ffc0000
[  500.251077][ T5881] usb usb2-port1: attempt power cycle
[  500.600167][ T5881] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  500.688999][T11845] SELinux: failed to load policy
[  501.070660][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  501.096231][ T5881] usb 2-1: device descriptor read/8, error -71
[  501.338636][T11853] team0: Device gtp0 is of different type
[  501.362727][T11855] syz.5.1518: attempt to access beyond end of device
[  501.362727][T11855] loop5: rw=0, sector=64, nr_sectors = 1 limit=0
[  501.376453][T11855] syz.5.1518: attempt to access beyond end of device
[  501.376453][T11855] loop5: rw=0, sector=256, nr_sectors = 1 limit=0
[  501.390311][ T5881] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[  501.392105][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  501.409696][T11855] syz.5.1518: attempt to access beyond end of device
[  501.409696][T11855] loop5: rw=0, sector=512, nr_sectors = 1 limit=0
[  501.429335][ T5881] usb 2-1: device descriptor read/8, error -71
[  501.528373][T11858] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1518'.
[  501.555339][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  501.565875][T11855] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  501.605578][T11855] UDF-fs: Scanning with blocksize 512 failed
[  501.615662][T11855] syz.5.1518: attempt to access beyond end of device
[  501.615662][T11855] loop5: rw=0, sector=64, nr_sectors = 2 limit=0
[  501.644746][ T5881] usb usb2-port1: unable to enumerate USB device
[  501.660871][T11855] syz.5.1518: attempt to access beyond end of device
[  501.660871][T11855] loop5: rw=0, sector=512, nr_sectors = 2 limit=0
[  501.704446][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  501.734635][T11855] syz.5.1518: attempt to access beyond end of device
[  501.734635][T11855] loop5: rw=0, sector=1024, nr_sectors = 2 limit=0
[  501.736483][T11862] netlink: 132 bytes leftover after parsing attributes in process `syz.5.1518'.
[  501.750416][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  501.812168][T11855] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  501.844829][T11855] UDF-fs: Scanning with blocksize 1024 failed
[  501.859832][T11855] syz.5.1518: attempt to access beyond end of device
[  501.859832][T11855] loop5: rw=0, sector=64, nr_sectors = 4 limit=0
[  501.875336][T11855] syz.5.1518: attempt to access beyond end of device
[  501.875336][T11855] loop5: rw=0, sector=1024, nr_sectors = 4 limit=0
[  501.889374][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  501.901684][T11855] syz.5.1518: attempt to access beyond end of device
[  501.901684][T11855] loop5: rw=0, sector=2048, nr_sectors = 4 limit=0
[  501.917985][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  501.928553][T11855] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  501.937382][T11855] UDF-fs: Scanning with blocksize 2048 failed
[  501.947058][T11855] syz.5.1518: attempt to access beyond end of device
[  501.947058][T11855] loop5: rw=0, sector=64, nr_sectors = 8 limit=0
[  501.961834][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256
[  501.980204][  T117] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  502.004609][T11855] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=512, location=512
[  502.014766][T11855] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  502.041388][T11855] UDF-fs: Scanning with blocksize 4096 failed
[  502.047810][T11855] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1)
[  502.144544][  T117] usb 4-1: unable to get BOS descriptor or descriptor too short
[  502.166098][  T117] usb 4-1: config 0 has an invalid interface number: 107 but max is 0
[  502.211310][  T117] usb 4-1: config 0 has no interface number 0
[  502.217487][  T117] usb 4-1: config 0 interface 107 altsetting 140 bulk endpoint 0x4 has invalid maxpacket 64
[  502.260292][  T117] usb 4-1: config 0 interface 107 has no altsetting 0
[  502.304045][  T117] usb 4-1: New USB device found, idVendor=0451, idProduct=505f, bcdDevice=a5.5f
[  502.333607][  T117] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  502.386801][  T117] usb 4-1: Product: syz
[  502.407671][  T117] usb 4-1: Manufacturer: syz
[  502.428257][  T117] usb 4-1: SerialNumber: syz
[  502.457406][  T117] usb 4-1: config 0 descriptor??
[  502.461849][T11881] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1525'.
[  502.465313][T11861] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  502.843831][T11887] Can't find a SQUASHFS superblock on nullb0
[  503.719926][T11898] No control pipe specified
[  503.786701][T11899] fuse: Bad value for 'fd'
[  504.243508][T11901] team0: Device gtp0 is of different type
[  504.710913][T11861] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  504.888647][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout
[  504.890367][T11861] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  504.928098][T11861] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  504.961591][T11861] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  504.991389][  T117] ti_usb_3410_5052 4-1:0.107: TI USB 5052 2 port adapter converter detected
[  505.019677][   T30] kauditd_printk_skb: 12 callbacks suppressed
[  505.019693][   T30] audit: type=1400 audit(1752353736.568:969): avc:  denied  { write } for  pid=11911 comm="syz.0.1533" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  505.040252][  T117] ti_usb_3410_5052 4-1:0.107: missing endpoints
[  505.101962][  T117] usb 4-1: USB disconnect, device number 55
[  505.210286][ T5902] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  505.686074][T11926] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1536'.
[  505.830269][ T5902] usb 2-1: Using ep0 maxpacket: 32
[  505.843291][ T5902] usb 2-1: config 0 has an invalid descriptor of length 242, skipping remainder of the config
[  505.862011][ T5902] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  505.877896][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  505.891367][ T5902] usb 2-1: Product: syz
[  505.897793][ T5902] usb 2-1: Manufacturer: syz
[  505.905836][ T5902] usb 2-1: SerialNumber: syz
[  505.925133][ T5902] usb 2-1: config 0 descriptor??
[  506.354309][T11937] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1539'.
[  506.439875][T11896] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1529'.
[  506.527780][T11936] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  506.636050][ T5902] usb 2-1: USB disconnect, device number 59
[  506.911987][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[  507.080209][ T5895] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  507.130185][ T5881] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  507.210342][ T5895] usb 4-1: device descriptor read/64, error -71
[  507.280130][ T5881] usb 1-1: Using ep0 maxpacket: 32
[  507.287011][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  507.321835][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  507.337173][   T30] audit: type=1400 audit(1752353738.878:970): avc:  denied  { map } for  pid=11946 comm="syz.4.1542" path="/dev/net/tun" dev="devtmpfs" ino=708 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tun_tap_device_t tclass=chr_file permissive=1
[  507.378603][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  507.389632][ T5881] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  507.402119][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  507.415675][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  507.439205][ T5881] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  507.448642][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.456920][ T5881] usb 1-1: Product: syz
[  507.461289][ T5895] usb 4-1: new high-speed USB device number 57 using dummy_hcd
[  507.469229][ T5881] usb 1-1: Manufacturer: syz
[  507.474657][ T5881] usb 1-1: SerialNumber: syz
[  507.510341][ T5881] usb 1-1: config 0 descriptor??
[  507.601128][ T5895] usb 4-1: device descriptor read/64, error -71
[  507.618995][ T5844] Bluetooth: hci5: ISO packet for unknown connection handle 0
[  507.718950][ T5895] usb usb4-port1: attempt power cycle
[  508.502692][ T5895] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  508.543675][ T5895] usb 4-1: device descriptor read/8, error -71
[  508.845653][T11970] bond2: entered promiscuous mode
[  508.900167][ T5895] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  508.922643][ T5895] usb 4-1: device descriptor read/8, error -71
[  509.000222][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[  509.037183][ T5895] usb usb4-port1: unable to enumerate USB device
[  509.199705][T11980] xt_recent: Unsupported userspace flags (000000de)
[  509.359886][   T30] audit: type=1400 audit(1752353740.908:971): avc:  denied  { connect } for  pid=11983 comm="syz.1.1554" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  509.433285][T11993] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1557'.
[  509.819012][ T5881] usb 1-1: USB disconnect, device number 57
[  509.853735][   T30] audit: type=1400 audit(1752353741.408:972): avc:  denied  { ioctl } for  pid=11998 comm="syz.3.1559" path="socket:[34686]" dev="sockfs" ino=34686 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  510.145077][   T30] audit: type=1400 audit(1752353741.698:973): avc:  denied  { create } for  pid=12003 comm="syz.4.1561" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_nflog_socket permissive=1
[  510.183121][T12017] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1561'.
[  511.000199][ T5902] usb 1-1: new full-speed USB device number 58 using dummy_hcd
[  511.047151][T12025] FAULT_INJECTION: forcing a failure.
[  511.047151][T12025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  511.061696][T12025] CPU: 0 UID: 0 PID: 12025 Comm: syz.4.1565 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  511.061722][T12025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  511.061733][T12025] Call Trace:
[  511.061738][T12025]  <TASK>
[  511.061745][T12025]  dump_stack_lvl+0x16c/0x1f0
[  511.061775][T12025]  should_fail_ex+0x512/0x640
[  511.061806][T12025]  _copy_from_iter+0x29f/0x16f0
[  511.061834][T12025]  ? __alloc_skb+0x200/0x380
[  511.061858][T12025]  ? __pfx__copy_from_iter+0x10/0x10
[  511.061884][T12025]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  511.061919][T12025]  netlink_sendmsg+0x829/0xdd0
[  511.061940][T12025]  ? __pfx_netlink_sendmsg+0x10/0x10
[  511.061972][T12025]  ____sys_sendmsg+0xa95/0xc70
[  511.061990][T12025]  ? copy_msghdr_from_user+0x10a/0x160
[  511.062013][T12025]  ? __pfx_____sys_sendmsg+0x10/0x10
[  511.062042][T12025]  ___sys_sendmsg+0x134/0x1d0
[  511.062065][T12025]  ? __pfx____sys_sendmsg+0x10/0x10
[  511.062086][T12025]  ? __lock_acquire+0x622/0x1c90
[  511.062135][T12025]  __sys_sendmsg+0x16d/0x220
[  511.062158][T12025]  ? __pfx___sys_sendmsg+0x10/0x10
[  511.062196][T12025]  do_syscall_64+0xcd/0x4c0
[  511.062222][T12025]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  511.062240][T12025] RIP: 0033:0x7f888598e929
[  511.062254][T12025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  511.062270][T12025] RSP: 002b:00007f88837f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  511.062287][T12025] RAX: ffffffffffffffda RBX: 00007f8885bb5fa0 RCX: 00007f888598e929
[  511.062298][T12025] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000003
[  511.062308][T12025] RBP: 00007f88837f6090 R08: 0000000000000000 R09: 0000000000000000
[  511.062317][T12025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  511.062327][T12025] R13: 0000000000000000 R14: 00007f8885bb5fa0 R15: 00007ffddd8fcdc8
[  511.062350][T12025]  </TASK>
[  511.181537][ T5902] usb 1-1: config 0 has no interfaces?
[  511.183234][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[  511.293700][ T5902] usb 1-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e
[  511.328051][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.368988][ T5902] usb 1-1: Product: syz
[  511.382578][ T5902] usb 1-1: Manufacturer: syz
[  511.393552][ T5902] usb 1-1: SerialNumber: syz
[  511.407867][ T5902] usb 1-1: config 0 descriptor??
[  511.627093][   T30] audit: type=1326 audit(1752353743.178:974): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12020 comm="syz.0.1564" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc37e98e929 code=0x0
[  511.765899][ T5895] usb 1-1: USB disconnect, device number 58
[  512.157239][   T30] audit: type=1400 audit(1752353743.708:975): avc:  denied  { getopt } for  pid=12048 comm="syz.3.1575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  512.670157][ T5895] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  512.829257][T12052] team0: Device gtp0 is of different type
[  512.920159][ T5895] usb 1-1: Using ep0 maxpacket: 32
[  512.937147][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  513.117329][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  513.134503][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  513.149509][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  513.170889][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  513.172465][T12061] xt_hashlimit: size too large, truncated to 1048576
[  513.183050][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  513.217150][   T30] audit: type=1400 audit(1752353744.758:976): avc:  denied  { setopt } for  pid=12058 comm="syz.1.1578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  513.249337][T12065] afs: Unknown parameter 'dyn'
[  513.255585][T12065] tmpfs: Unknown parameter 'nWkBSÄää½Cor_inodes'
[  513.276284][T12062] xt_hashlimit: size too large, truncated to 1048576
[  513.294222][ T5895] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  513.310178][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.345190][T12061] syz.4.1576: vmalloc error: size 10485760, failed to allocated page array size 20480, mode:0xcc2(GFP_KERNEL|__GFP_HIGHMEM), nodemask=(null),cpuset=/,mems_allowed=0-1
[  513.362465][ T5895] usb 1-1: Product: syz
[  513.366809][ T5895] usb 1-1: Manufacturer: syz
[  513.374284][ T5895] usb 1-1: SerialNumber: syz
[  513.379135][T12061] CPU: 1 UID: 0 PID: 12061 Comm: syz.4.1576 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  513.379157][T12061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  513.379166][T12061] Call Trace:
[  513.379171][T12061]  <TASK>
[  513.379177][T12061]  dump_stack_lvl+0x16c/0x1f0
[  513.379206][T12061]  warn_alloc+0x248/0x3a0
[  513.379228][T12061]  ? __pfx_warn_alloc+0x10/0x10
[  513.379257][T12061]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  513.379276][T12061]  ? __vmalloc_node_noprof+0xad/0xf0
[  513.379298][T12061]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  513.379323][T12061]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  513.379347][T12061]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  513.379366][T12061]  ? __alloc_pages_noprof+0xb/0x1b0
[  513.379385][T12061]  ? ___kmalloc_large_node+0x84/0x1e0
[  513.379409][T12061]  __kvmalloc_node_noprof+0x30a/0x620
[  513.379428][T12061]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  513.379448][T12061]  ? net_generic+0xea/0x2a0
[  513.379463][T12061]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  513.379487][T12061]  ? hashlimit_mt_check_common+0x8bb/0x1460
[  513.379507][T12061]  hashlimit_mt_check_common+0x8bb/0x1460
[  513.379534][T12061]  hashlimit_mt_check+0x71/0x90
[  513.379551][T12061]  ? __pfx_hashlimit_mt_check+0x10/0x10
[  513.379570][T12061]  xt_check_match+0x286/0xa50
[  513.379589][T12061]  ? mem_cgroup_css_alloc+0x1d32/0x1e80
[  513.379612][T12061]  ? __pfx_xt_check_match+0x10/0x10
[  513.379635][T12061]  ? xt_find_target+0x1f2/0x290
[  513.379655][T12061]  ? xt_find_match+0x1f6/0x290
[  513.379677][T12061]  find_check_entry.constprop.0+0x34e/0xa20
[  513.379706][T12061]  ? __pfx_find_check_entry.constprop.0+0x10/0x10
[  513.379732][T12061]  ? kasan_quarantine_put+0x10a/0x240
[  513.379752][T12061]  ? lockdep_hardirqs_on+0x7c/0x110
[  513.379779][T12061]  ? kfree+0x2b4/0x4d0
[  513.379795][T12061]  ? translate_table+0xc0e/0x17b0
[  513.379818][T12061]  translate_table+0xd0b/0x17b0
[  513.379847][T12061]  ? __pfx_translate_table+0x10/0x10
[  513.379863][T12061]  ? xt_alloc_table_info+0x3e/0xa0
[  513.379888][T12061]  do_ip6t_set_ctl+0x570/0xb00
[  513.379907][T12061]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  513.379929][T12061]  ? __pfx_do_ip6t_set_ctl+0x10/0x10
[  513.379948][T12061]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  513.379981][T12061]  ? nf_sockopt_find.constprop.0+0x222/0x290
[  513.380000][T12061]  nf_setsockopt+0x8a/0xf0
[  513.380017][T12061]  ipv6_setsockopt+0x135/0x170
[  513.380036][T12061]  rawv6_setsockopt+0xc2/0x510
[  513.380064][T12061]  ? __pfx_rawv6_setsockopt+0x10/0x10
[  513.380088][T12061]  ? selinux_socket_setsockopt+0x6a/0x80
[  513.380112][T12061]  ? sock_common_setsockopt+0x2e/0xf0
[  513.380137][T12061]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  513.380161][T12061]  do_sock_setsockopt+0x221/0x470
[  513.380184][T12061]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  513.380224][T12061]  __sys_setsockopt+0x1a0/0x230
[  513.380250][T12061]  __x64_sys_setsockopt+0xbd/0x160
[  513.380271][T12061]  ? do_syscall_64+0x91/0x4c0
[  513.380293][T12061]  ? lockdep_hardirqs_on+0x7c/0x110
[  513.380316][T12061]  do_syscall_64+0xcd/0x4c0
[  513.380339][T12061]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  513.380357][T12061] RIP: 0033:0x7f888598e929
[  513.380370][T12061] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  513.380384][T12061] RSP: 002b:00007f88837d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  513.380400][T12061] RAX: ffffffffffffffda RBX: 00007f8885bb6080 RCX: 00007f888598e929
[  513.380411][T12061] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000003
[  513.380419][T12061] RBP: 00007f8885a10b39 R08: 0000000000000588 R09: 0000000000000000
[  513.380429][T12061] R10: 00002000000014c0 R11: 0000000000000246 R12: 0000000000000000
[  513.380437][T12061] R13: 0000000000000000 R14: 00007f8885bb6080 R15: 00007ffddd8fcdc8
[  513.380458][T12061]  </TASK>
[  513.759655][ T5895] usb 1-1: config 0 descriptor??
[  513.776358][T12061] Mem-Info:
[  513.779501][T12061] active_anon:16082 inactive_anon:0 isolated_anon:0
[  513.779501][T12061]  active_file:18495 inactive_file:41183 isolated_file:0
[  513.779501][T12061]  unevictable:768 dirty:247 writeback:0
[  513.779501][T12061]  slab_reclaimable:7239 slab_unreclaimable:120745
[  513.779501][T12061]  mapped:34976 shmem:9983 pagetables:1419
[  513.779501][T12061]  sec_pagetables:0 bounce:0
[  513.779501][T12061]  kernel_misc_reclaimable:0
[  513.779501][T12061]  free:1266933 free_pcp:21541 free_cma:0
[  514.019897][T12061] Node 0 active_anon:69520kB inactive_anon:0kB active_file:73880kB inactive_file:164532kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139948kB dirty:988kB writeback:0kB shmem:38396kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12580kB pagetables:5704kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  514.179291][T12073] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  514.186880][T12073] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  514.198347][T12061] Node 1 active_anon:0kB inactive_anon:0kB active_file:100kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  514.249584][T12061] Node 0 DMA free:15344kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  514.287900][T12061] lowmem_reserve[]: 0 2480 2481 2481 2481
[  514.296316][T12061] Node 0 DMA32 free:1159252kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57900kB inactive_anon:0kB active_file:73880kB inactive_file:163204kB unevictable:1536kB writepending:988kB present:3129332kB managed:2540076kB mlocked:0kB bounce:0kB free_pcp:70684kB local_pcp:26592kB free_cma:0kB
[  514.331267][T12061] lowmem_reserve[]: 0 0 1 1 1
[  514.336280][T12061] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:8kB free_cma:0kB
[  514.366622][T12061] lowmem_reserve[]: 0 0 0 0 0
[  514.372043][T12061] Node 1 Normal free:3895112kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:100kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20288kB local_pcp:14592kB free_cma:0kB
[  514.405716][T12061] lowmem_reserve[]: 0 0 0 0 0
[  514.411369][T12061] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 0*1024kB 1*2048kB (M) 3*4096kB (M) = 15344kB
[  514.427014][T12061] Node 0 DMA32: 101*4kB (UME) 564*8kB (UME) 388*16kB (ME) 837*32kB (UME) 515*64kB (UME) 149*128kB (UME) 63*256kB (UME) 63*512kB (UME) 37*1024kB (UME) 10*2048kB (UM) 235*4096kB (UM) = 1159252kB
[  514.447013][T12061] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  514.460636][T12061] Node 1 Normal: 180*4kB (UME) 55*8kB (UME) 46*16kB (UME) 147*32kB (UE) 56*64kB (UME) 11*128kB (UME) 4*256kB (ME) 5*512kB (UM) 3*1024kB (ME) 3*2048kB (UME) 945*4096kB (M) = 3895112kB
[  514.479395][T12061] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  514.489091][T12061] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  514.498638][T12061] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  514.508322][T12061] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  514.518673][T12061] 66789 total pagecache pages
[  514.523459][T12061] 0 pages in swap cache
[  514.527617][T12061] Free swap  = 124996kB
[  514.532138][T12061] Total swap = 124996kB
[  514.536354][T12061] 2097051 pages RAM
[  514.540599][T12061] 0 pages HighMem/MovableOnly
[  514.545469][T12061] 430054 pages reserved
[  514.549648][T12061] 0 pages cma reserved
[  514.708933][   T30] audit: type=1400 audit(1752353746.258:977): avc:  denied  { append } for  pid=12086 comm="syz.4.1584" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  514.807787][T12091] FAULT_INJECTION: forcing a failure.
[  514.807787][T12091] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  514.821764][T12091] CPU: 0 UID: 0 PID: 12091 Comm: syz.4.1585 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  514.821789][T12091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  514.821798][T12091] Call Trace:
[  514.821801][T12091]  <TASK>
[  514.821805][T12091]  dump_stack_lvl+0x16c/0x1f0
[  514.821825][T12091]  should_fail_ex+0x512/0x640
[  514.821842][T12091]  _copy_from_iter+0x29f/0x16f0
[  514.821866][T12091]  ? __pfx__copy_from_iter+0x10/0x10
[  514.821880][T12091]  ? rcu_is_watching+0x12/0xc0
[  514.821895][T12091]  ? rcu_is_watching+0x12/0xc0
[  514.821908][T12091]  ? kfree+0x24f/0x4d0
[  514.821919][T12091]  ? file_tty_write.constprop.0+0x6ef/0x9b0
[  514.821938][T12091]  file_tty_write.constprop.0+0x488/0x9b0
[  514.821957][T12091]  vfs_write+0x6c7/0x1150
[  514.821971][T12091]  ? __pfx_tty_write+0x10/0x10
[  514.821987][T12091]  ? __pfx_vfs_write+0x10/0x10
[  514.821998][T12091]  ? find_held_lock+0x2b/0x80
[  514.822020][T12091]  ksys_write+0x12a/0x250
[  514.822033][T12091]  ? __pfx_ksys_write+0x10/0x10
[  514.822050][T12091]  do_syscall_64+0xcd/0x4c0
[  514.822066][T12091]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.822077][T12091] RIP: 0033:0x7f888598e929
[  514.822085][T12091] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.822095][T12091] RSP: 002b:00007f88837f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  514.822106][T12091] RAX: ffffffffffffffda RBX: 00007f8885bb5fa0 RCX: 00007f888598e929
[  514.822115][T12091] RDX: 00000000fffffedf RSI: 0000200000000000 RDI: 0000000000000004
[  514.822121][T12091] RBP: 00007f88837f6090 R08: 0000000000000000 R09: 0000000000000000
[  514.822127][T12091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.822132][T12091] R13: 0000000000000000 R14: 00007f8885bb5fa0 R15: 00007ffddd8fcdc8
[  514.822146][T12091]  </TASK>
[  515.914015][T12097] input: syz1 as /devices/virtual/input/input49
[  515.997812][T12096] team0: Device gtp0 is of different type
[  516.032295][ T5844] Bluetooth: hci4: command 0x0c1a tx timeout
[  516.188605][  T117] usb 1-1: USB disconnect, device number 59
[  516.270147][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[  516.957632][T12112] netlink: 'syz.4.1591': attribute type 10 has an invalid length.
[  517.021496][T12112] lo: entered promiscuous mode
[  517.250170][   T30] audit: type=1326 audit(1752353748.788:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  517.634749][T12116] FAULT_INJECTION: forcing a failure.
[  517.634749][T12116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.686358][T12116] CPU: 0 UID: 0 PID: 12116 Comm: syz.1.1592 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  517.686383][T12116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  517.686392][T12116] Call Trace:
[  517.686398][T12116]  <TASK>
[  517.686404][T12116]  dump_stack_lvl+0x16c/0x1f0
[  517.686434][T12116]  should_fail_ex+0x512/0x640
[  517.686460][T12116]  _copy_from_user+0x2e/0xd0
[  517.686487][T12116]  restore_sigcontext+0xcb/0x6a0
[  517.686509][T12116]  ? __pfx_restore_sigcontext+0x10/0x10
[  517.686546][T12116]  ? __pfx_restore_altstack+0x10/0x10
[  517.686575][T12116]  ? _raw_spin_unlock_irq+0x23/0x50
[  517.686596][T12116]  ? lockdep_hardirqs_on+0x7c/0x110
[  517.686623][T12116]  __do_sys_rt_sigreturn+0x1bb/0x230
[  517.686644][T12116]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  517.686689][T12116]  do_syscall_64+0xcd/0x4c0
[  517.686715][T12116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.686732][T12116] RIP: 0033:0x7fead392ab19
[  517.686747][T12116] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  517.686763][T12116] RSP: 002b:00007fead4760340 EFLAGS: 00000206 ORIG_RAX: 000000000000000f
[  517.686781][T12116] RAX: ffffffffffffffda RBX: 00007fead3bb6080 RCX: 00007fead392ab19
[  517.686793][T12116] RDX: 00007fead4760340 RSI: 00007fead4760470 RDI: 0000000000000021
[  517.686804][T12116] RBP: 00007fead4761090 R08: 0000000000000000 R09: 0000000000000000
[  517.686814][T12116] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  517.686824][T12116] R13: 0000000000000000 R14: 00007fead3bb6080 R15: 00007fff331fa9e8
[  517.686847][T12116]  </TASK>
[  517.691412][   T30] audit: type=1326 audit(1752353748.788:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  517.739022][T12121] tipc: Enabling of bearer <dth:v> rejected, media not registered
[  518.167312][   T30] audit: type=1326 audit(1752353748.788:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.280563][   T30] audit: type=1326 audit(1752353748.788:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.306533][   T30] audit: type=1326 audit(1752353748.788:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.330137][ T5895] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  518.530446][   T30] audit: type=1326 audit(1752353748.798:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.554489][   T30] audit: type=1326 audit(1752353748.798:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.580523][   T30] audit: type=1326 audit(1752353748.798:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12109 comm="syz.5.1590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6afa98e929 code=0x7ffc0000
[  518.612514][   T30] audit: type=1400 audit(1752353749.168:986): avc:  denied  { mount } for  pid=12103 comm="syz.0.1589" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  518.635997][   T30] audit: type=1400 audit(1752353749.178:987): avc:  denied  { mounton } for  pid=12103 comm="syz.0.1589" path="/311/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  518.659377][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 127, changing to 10
[  518.673655][ T5895] usb 1-1: New USB device found, idVendor=06a3, idProduct=0cd7, bcdDevice= 0.00
[  518.683418][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.717371][ T5895] usb 1-1: config 0 descriptor??
[  519.299756][T12149] team0: Device gtp0 is of different type
[  519.337917][T12127] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  519.650207][ T5881] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  519.691628][T12157] syz.5.1604 (12157): attempted to duplicate a private mapping with mremap.  This is not supported.
[  519.910347][ T5881] usb 4-1: Using ep0 maxpacket: 8
[  519.945765][ T5881] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7
[  520.029818][ T5881] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  520.050187][ T5881] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  520.067041][ T5881] usb 4-1: Product: syz
[  520.072982][ T5881] usb 4-1: Manufacturer: syz
[  520.078328][ T5881] usb 4-1: SerialNumber: syz
[  520.293014][ T5881] usb 4-1: Invalid connection information received from device
[  520.535412][  T117] usb 4-1: USB disconnect, device number 60
[  521.049185][T12169] FAULT_INJECTION: forcing a failure.
[  521.049185][T12169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  521.094397][ T5895] usbhid 1-1:0.0: can't add hid device: -71
[  521.100666][ T5895] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  521.114410][T12169] CPU: 0 UID: 0 PID: 12169 Comm: syz.5.1607 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  521.114435][T12169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  521.114445][T12169] Call Trace:
[  521.114451][T12169]  <TASK>
[  521.114458][T12169]  dump_stack_lvl+0x16c/0x1f0
[  521.114486][T12169]  should_fail_ex+0x512/0x640
[  521.114513][T12169]  _copy_from_iter+0x29f/0x16f0
[  521.114540][T12169]  ? _copy_from_iter+0x15d/0x16f0
[  521.114562][T12169]  ? __pfx__copy_from_iter+0x10/0x10
[  521.114586][T12169]  ? __pfx__copy_from_iter+0x10/0x10
[  521.114610][T12169]  ? _copy_from_iter+0x15d/0x16f0
[  521.114637][T12169]  copy_page_from_iter+0xde/0x180
[  521.114662][T12169]  skb_copy_datagram_from_iter+0x2a0/0x740
[  521.114694][T12169]  tun_get_user+0x17ac/0x3b80
[  521.114731][T12169]  ? __pfx_tun_get_user+0x10/0x10
[  521.114753][T12169]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  521.114785][T12169]  ? find_held_lock+0x2b/0x80
[  521.114808][T12169]  ? tun_get+0x191/0x370
[  521.114836][T12169]  tun_chr_write_iter+0xdc/0x210
[  521.114863][T12169]  vfs_write+0x6c7/0x1150
[  521.114887][T12169]  ? __pfx_tun_chr_write_iter+0x10/0x10
[  521.114915][T12169]  ? __pfx_vfs_write+0x10/0x10
[  521.114934][T12169]  ? find_held_lock+0x2b/0x80
[  521.114969][T12169]  ksys_write+0x12a/0x250
[  521.114995][T12169]  ? __pfx_ksys_write+0x10/0x10
[  521.115023][T12169]  do_syscall_64+0xcd/0x4c0
[  521.115050][T12169]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  521.115068][T12169] RIP: 0033:0x7f6afa98e929
[  521.115082][T12169] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  521.115097][T12169] RSP: 002b:00007f6afb725038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  521.115112][T12169] RAX: ffffffffffffffda RBX: 00007f6afabb5fa0 RCX: 00007f6afa98e929
[  521.115123][T12169] RDX: 000000000000fdef RSI: 00002000000005c0 RDI: 0000000000000004
[  521.115132][T12169] RBP: 00007f6afb725090 R08: 0000000000000000 R09: 0000000000000000
[  521.115141][T12169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  521.115150][T12169] R13: 0000000000000000 R14: 00007f6afabb5fa0 R15: 00007ffdcb212638
[  521.115173][T12169]  </TASK>
[  521.126998][T12171] tmpfs: Unknown parameter ''
[  521.137174][ T5895] usb 1-1: USB disconnect, device number 60
[  521.411340][  T117] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  521.630140][  T117] usb 4-1: Using ep0 maxpacket: 8
[  522.672623][  T117] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  522.700318][  T117] usb 4-1: config 179 has no interface number 0
[  522.706654][  T117] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  522.746451][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  522.746466][   T30] audit: type=1400 audit(1752353754.298:1007): avc:  denied  { prog_run } for  pid=12186 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  522.776549][  T117] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  522.789927][  T117] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  522.804225][   T30] audit: type=1400 audit(1752353754.298:1008): avc:  denied  { map_create } for  pid=12186 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  522.824470][  T117] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  522.860238][  T117] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  522.890172][   T30] audit: type=1400 audit(1752353754.398:1009): avc:  denied  { map_read map_write } for  pid=12186 comm="syz.5.1612" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  522.920126][  T117] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  522.934533][  T117] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  522.956466][   T30] audit: type=1400 audit(1752353754.398:1010): avc:  denied  { create } for  pid=12184 comm="syz.0.1613" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  523.007193][T12173] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  523.090209][   T30] audit: type=1400 audit(1752353754.408:1011): avc:  denied  { ioctl } for  pid=12184 comm="syz.0.1613" path="socket:[35485]" dev="sockfs" ino=35485 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  523.119902][   T30] audit: type=1400 audit(1752353754.468:1012): avc:  denied  { map_create } for  pid=12189 comm="syz.1.1614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  523.157325][   T30] audit: type=1400 audit(1752353754.488:1013): avc:  denied  { execmem } for  pid=12189 comm="syz.1.1614" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  523.217575][   T30] audit: type=1400 audit(1752353754.508:1014): avc:  denied  { prog_load } for  pid=12191 comm="syz.4.1615" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  523.265829][   T30] audit: type=1400 audit(1752353754.508:1015): avc:  denied  { bpf } for  pid=12191 comm="syz.4.1615" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  523.299042][T12173] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1608'.
[  523.335134][T12173] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1608'.
[  523.338308][   T30] audit: type=1400 audit(1752353754.508:1016): avc:  denied  { perfmon } for  pid=12191 comm="syz.4.1615" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  523.384344][  T117] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input50
[  524.251741][ T5895] usb 4-1: USB disconnect, device number 61
[  524.251828][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  524.266431][    C1] dummy_hcd dummy_hcd.3: timer fired with no URBs pending?
[  524.303717][T11764] udevd[11764]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory
[  525.676238][T12228] sctp: [Deprecated]: syz.1.1626 (pid 12228) Use of int in max_burst socket option.
[  525.676238][T12228] Use struct sctp_assoc_value instead
[  528.020386][   T30] kauditd_printk_skb: 378 callbacks suppressed
[  528.020402][   T30] audit: type=1400 audit(1752353759.572:1395): avc:  denied  { read write execute } for  pid=12249 comm="syz.3.1633" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  528.028907][T12248] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  528.128847][   T30] audit: type=1400 audit(1752353759.662:1396): avc:  denied  { create } for  pid=12256 comm="syz.0.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  528.169716][   T30] audit: type=1400 audit(1752353759.672:1397): avc:  denied  { write } for  pid=12256 comm="syz.0.1634" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  528.330554][   T30] audit: type=1400 audit(1752353759.672:1398): avc:  denied  { sys_module } for  pid=12247 comm="syz.1.1632" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  528.488694][   T30] audit: type=1400 audit(1752353759.672:1399): avc:  denied  { module_request } for  pid=12247 comm="syz.1.1632" kmod="wg2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  528.708810][   T30] audit: type=1400 audit(1752353759.812:1400): avc:  denied  { sys_module } for  pid=12247 comm="syz.1.1632" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  528.832379][   T30] audit: type=1400 audit(1752353759.812:1401): avc:  denied  { module_request } for  pid=12247 comm="syz.1.1632" kmod="bridge0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  528.963183][   T30] audit: type=1400 audit(1752353759.842:1402): avc:  denied  { read write } for  pid=5833 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  529.028446][  T117] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  529.131947][   T30] audit: type=1400 audit(1752353759.842:1403): avc:  denied  { read write open } for  pid=5833 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  529.190277][   T30] audit: type=1400 audit(1752353759.852:1404): avc:  denied  { ioctl } for  pid=5833 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  529.265274][  T117] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  529.288963][  T117] usb 1-1: config 2 interface 0 altsetting 178 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  529.319869][  T117] usb 1-1: config 2 interface 0 has no altsetting 0
[  529.380646][  T117] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=da.47
[  529.393504][  T117] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.401716][  T117] usb 1-1: Product: syz
[  529.405886][  T117] usb 1-1: Manufacturer: syz
[  529.411555][  T117] usb 1-1: SerialNumber: syz
[  529.488153][ T5881] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  529.648361][ T5881] usb 2-1: Using ep0 maxpacket: 32
[  529.684592][  T117] usb 1-1: USB disconnect, device number 61
[  529.685121][ T5881] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  529.754977][ T5881] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3
[  529.808113][ T5881] usb 2-1: New USB device found, idVendor=0733, idProduct=0402, bcdDevice=ef.67
[  529.830671][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  529.849664][ T5881] usb 2-1: Product: syz
[  529.853873][ T5881] usb 2-1: Manufacturer: syz
[  529.867715][ T5881] usb 2-1: SerialNumber: syz
[  529.887713][ T5881] usb 2-1: config 0 descriptor??
[  529.942627][ T5881] gspca_main: spca501-2.14.0 probing 0733:0402
[  529.999833][ T5844] Bluetooth: hci5: ACL packet for unknown connection handle 200
[  530.014658][ T5844] Bluetooth: hci5: SCO packet for unknown connection handle 200
[  530.019944][T12285] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1643'.
[  531.118752][ T5881] gspca_spca501: reg write: error -110
[  531.124265][ T5881] spca501 2-1:0.0: Reg write failed for 0x00,0x02,0x03
[  531.134641][ T5881] spca501 2-1:0.0: probe with driver spca501 failed with error -22
[  532.027465][ T5844] Bluetooth: hci5: command 0x0c1a tx timeout
[  533.144576][   T30] kauditd_printk_skb: 386 callbacks suppressed
[  533.144604][   T30] audit: type=1400 audit(1752353764.674:1767): avc:  denied  { mount } for  pid=12322 comm="syz.0.1655" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  533.254176][ T5881] usb 2-1: USB disconnect, device number 60
[  533.309418][T12323] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1656'.
[  533.327090][   T30] audit: type=1400 audit(1752353764.684:1768): avc:  denied  { prog_load } for  pid=12322 comm="syz.0.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  533.346234][    C0] vkms_vblank_simulate: vblank timer overrun
[  533.380221][T12323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=53 sclass=netlink_route_socket pid=12323 comm=syz.3.1656
[  533.434170][   T30] audit: type=1400 audit(1752353764.684:1769): avc:  denied  { bpf } for  pid=12322 comm="syz.0.1655" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  533.517136][   T30] audit: type=1400 audit(1752353764.684:1770): avc:  denied  { perfmon } for  pid=12322 comm="syz.0.1655" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  533.688906][   T30] audit: type=1400 audit(1752353764.804:1771): avc:  denied  { create } for  pid=12321 comm="syz.3.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  533.752085][   T30] audit: type=1400 audit(1752353764.854:1772): avc:  denied  { create } for  pid=12321 comm="syz.3.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  533.826962][   T30] audit: type=1400 audit(1752353764.854:1773): avc:  denied  { write } for  pid=12321 comm="syz.3.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  533.847389][    C0] vkms_vblank_simulate: vblank timer overrun
[  534.059373][   T30] audit: type=1400 audit(1752353764.854:1774): avc:  denied  { read } for  pid=12321 comm="syz.3.1656" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  534.080248][    C0] vkms_vblank_simulate: vblank timer overrun
[  534.588789][T12335] audit: audit_backlog=65 > audit_backlog_limit=64
[  534.597597][T12340] audit: audit_backlog=65 > audit_backlog_limit=64
[  535.060514][T12339] No such timeout policy "syz1"
[  536.505934][T12369] netlink: 'syz.1.1668': attribute type 4 has an invalid length.
[  537.098555][ T5895] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  537.340461][ T5895] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  537.389384][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  537.455284][ T5895] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  537.496436][ T5895] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  537.537948][ T5895] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  537.560825][ T5895] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  537.578626][ T5895] usb 4-1: config 0 descriptor??
[  538.145966][   T30] kauditd_printk_skb: 335 callbacks suppressed
[  538.145981][   T30] audit: type=1400 audit(1752353769.697:2070): avc:  denied  { read write } for  pid=5833 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  538.221385][ T5895] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  538.266335][   T30] audit: type=1400 audit(1752353769.737:2071): avc:  denied  { read write open } for  pid=5833 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  538.396311][   T30] audit: type=1400 audit(1752353769.737:2072): avc:  denied  { ioctl } for  pid=5833 comm="syz-executor" path="/dev/loop4" dev="devtmpfs" ino=651 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  538.456093][  T117] usb 4-1: USB disconnect, device number 62
[  538.574154][   T30] audit: type=1400 audit(1752353769.817:2073): avc:  denied  { map_create } for  pid=12390 comm="syz.5.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  538.598060][   T30] audit: type=1400 audit(1752353769.817:2074): avc:  denied  { perfmon } for  pid=12390 comm="syz.5.1675" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  538.619998][   T30] audit: type=1400 audit(1752353769.827:2075): avc:  denied  { map_read map_write } for  pid=12390 comm="syz.5.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  538.640457][   T30] audit: type=1400 audit(1752353769.857:2076): avc:  denied  { prog_load } for  pid=12390 comm="syz.5.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  538.787902][   T30] audit: type=1400 audit(1752353769.857:2077): avc:  denied  { bpf } for  pid=12390 comm="syz.5.1675" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  538.821517][   T30] audit: type=1400 audit(1752353769.857:2078): avc:  denied  { prog_load } for  pid=12390 comm="syz.5.1675" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  538.975161][   T30] audit: type=1400 audit(1752353769.857:2079): avc:  denied  { bpf } for  pid=12390 comm="syz.5.1675" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  539.249446][T12402] hub 6-0:1.0: USB hub found
[  539.255453][T12402] hub 6-0:1.0: 1 port detected
[  539.519897][T12400] netlink: 84 bytes leftover after parsing attributes in process `syz.1.1676'.
[  540.033428][T12410] can0: slcan on ttyS3.
[  540.294102][T12410] can0 (unregistered): slcan off ttyS3.
[  540.436608][T12396] fido_id[12396]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  541.291586][T12422] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1684'.
[  543.157235][   T30] kauditd_printk_skb: 236 callbacks suppressed
[  543.157253][   T30] audit: type=1400 audit(1752353774.539:2316): avc:  denied  { execmem } for  pid=12434 comm="syz.4.1687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  543.235226][T12441] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1688'.
[  543.254926][T12441] FAULT_INJECTION: forcing a failure.
[  543.254926][T12441] name failslab, interval 1, probability 0, space 0, times 0
[  543.284421][   T30] audit: type=1400 audit(1752353774.769:2317): avc:  denied  { map_create } for  pid=12434 comm="syz.4.1687" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  543.315592][T12441] CPU: 1 UID: 0 PID: 12441 Comm: syz.3.1688 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  543.315624][T12441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  543.315634][T12441] Call Trace:
[  543.315640][T12441]  <TASK>
[  543.315647][T12441]  dump_stack_lvl+0x16c/0x1f0
[  543.315678][T12441]  should_fail_ex+0x512/0x640
[  543.315705][T12441]  should_failslab+0xc2/0x120
[  543.315733][T12441]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  543.315757][T12441]  ? __alloc_skb+0x2b2/0x380
[  543.315784][T12441]  __alloc_skb+0x2b2/0x380
[  543.315805][T12441]  ? __pfx___alloc_skb+0x10/0x10
[  543.315831][T12441]  ? __pfx_ipv6_get_ifaddr+0x10/0x10
[  543.315853][T12441]  ndisc_alloc_skb+0xd8/0x530
[  543.315873][T12441]  ndisc_send_rs+0x36b/0x670
[  543.315897][T12441]  inet6_set_link_af+0x8db/0xd40
[  543.315919][T12441]  ? __pfx_inet6_set_link_af+0x10/0x10
[  543.315937][T12441]  ? reacquire_held_locks+0xcd/0x1f0
[  543.315963][T12441]  ? rtnl_af_lookup+0x19c/0x330
[  543.315994][T12441]  ? do_setlink.constprop.0+0x2c9f/0x4380
[  543.316017][T12441]  do_setlink.constprop.0+0x2c9f/0x4380
[  543.316042][T12441]  ? bpf_trace_run2+0x265/0x590
[  543.316061][T12441]  ? __pfx_do_setlink.constprop.0+0x10/0x10
[  543.316085][T12441]  ? bpf_trace_run2+0x2a5/0x590
[  543.316102][T12441]  ? __pfx_bpf_trace_run2+0x10/0x10
[  543.316119][T12441]  ? __lock_acquire+0xb8a/0x1c90
[  543.316139][T12441]  ? __bpf_trace_contention_end+0xc9/0x110
[  543.316156][T12441]  ? __pfx___bpf_trace_contention_end+0x10/0x10
[  543.316176][T12441]  ? __pfx___mutex_trylock_common+0x10/0x10
[  543.316195][T12441]  ? __pfx___might_resched+0x10/0x10
[  543.316221][T12441]  ? rcu_is_watching+0x12/0xc0
[  543.316243][T12441]  ? trace_contention_end+0xdd/0x130
[  543.316260][T12441]  ? __mutex_lock+0x1ca/0xb90
[  543.316286][T12441]  ? rtnl_newlink+0x600/0x2000
[  543.316311][T12441]  ? __pfx___mutex_lock+0x10/0x10
[  543.316334][T12441]  ? cap_capable+0xb3/0x250
[  543.316370][T12441]  rtnl_newlink+0x1446/0x2000
[  543.316405][T12441]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.316427][T12441]  ? find_held_lock+0x2b/0x80
[  543.316449][T12441]  ? avc_has_perm_noaudit+0x117/0x3b0
[  543.316474][T12441]  ? avc_has_perm_noaudit+0x149/0x3b0
[  543.316499][T12441]  ? __lock_acquire+0x622/0x1c90
[  543.316528][T12441]  ? find_held_lock+0x2b/0x80
[  543.316548][T12441]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.316570][T12441]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.316591][T12441]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  543.316615][T12441]  ? __pfx_rtnl_newlink+0x10/0x10
[  543.316640][T12441]  rtnetlink_rcv_msg+0x95b/0xe90
[  543.316667][T12441]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  543.316699][T12441]  ? ref_tracker_free+0x37c/0x830
[  543.316724][T12441]  netlink_rcv_skb+0x158/0x420
[  543.316742][T12441]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  543.316767][T12441]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  543.316794][T12441]  ? netlink_deliver_tap+0x1ae/0xd30
[  543.316825][T12441]  netlink_unicast+0x58a/0x850
[  543.316846][T12441]  ? __pfx_netlink_unicast+0x10/0x10
[  543.316872][T12441]  netlink_sendmsg+0x8d1/0xdd0
[  543.316894][T12441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  543.316921][T12441]  ____sys_sendmsg+0xa95/0xc70
[  543.316941][T12441]  ? copy_msghdr_from_user+0x10a/0x160
[  543.316965][T12441]  ? __pfx_____sys_sendmsg+0x10/0x10
[  543.316995][T12441]  ___sys_sendmsg+0x134/0x1d0
[  543.317019][T12441]  ? __pfx____sys_sendmsg+0x10/0x10
[  543.317040][T12441]  ? __lock_acquire+0x622/0x1c90
[  543.317087][T12441]  __sys_sendmsg+0x16d/0x220
[  543.317111][T12441]  ? __pfx___sys_sendmsg+0x10/0x10
[  543.317150][T12441]  do_syscall_64+0xcd/0x4c0
[  543.317176][T12441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.317193][T12441] RIP: 0033:0x7f291ff8e929
[  543.317208][T12441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.317225][T12441] RSP: 002b:00007f2920edc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  543.317242][T12441] RAX: ffffffffffffffda RBX: 00007f29201b5fa0 RCX: 00007f291ff8e929
[  543.317252][T12441] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  543.317262][T12441] RBP: 00007f2920edc090 R08: 0000000000000000 R09: 0000000000000000
[  543.317271][T12441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  543.317281][T12441] R13: 0000000000000000 R14: 00007f29201b5fa0 R15: 00007ffccf2099e8
[  543.317305][T12441]  </TASK>
[  543.744919][T12441] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1688'.
[  543.889726][   T30] audit: type=1400 audit(1752353775.350:2318): avc:  denied  { read write } for  pid=5826 comm="syz-executor" name="loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.061335][   T30] audit: type=1400 audit(1752353775.350:2319): avc:  denied  { read write open } for  pid=5826 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=648 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.180084][   T30] audit: type=1400 audit(1752353775.350:2320): avc:  denied  { ioctl } for  pid=5826 comm="syz-executor" path="/dev/loop1" dev="devtmpfs" ino=648 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.209471][   T30] audit: type=1400 audit(1752353775.440:2321): avc:  denied  { read write } for  pid=5835 comm="syz-executor" name="loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.243962][   T30] audit: type=1400 audit(1752353775.440:2322): avc:  denied  { read write open } for  pid=5835 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.447683][   T30] audit: type=1400 audit(1752353775.440:2323): avc:  denied  { ioctl } for  pid=5835 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=650 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  544.477521][   T30] audit: type=1400 audit(1752353775.530:2324): avc:  denied  { open } for  pid=12444 comm="syz.1.1689" path="/dev/ptyq7" dev="devtmpfs" ino=126 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  544.513806][   T30] audit: type=1400 audit(1752353775.550:2325): avc:  denied  { read write } for  pid=5833 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  623.863765][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  649.750359][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  649.757331][    C0] rcu: 	1-...!: (0 ticks this GP) idle=0f0c/1/0x4000000000000000 softirq=64538/64547 fqs=2
[  649.768440][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=50181, q=411 ncpus=2)
[  649.776163][    C0] Sending NMI from CPU 0 to CPUs 1:
[  649.776192][    C1] NMI backtrace for cpu 1
[  649.776205][    C1] CPU: 1 UID: 0 PID: 12454 Comm: syz.5.1693 Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  649.776224][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  649.776231][    C1] RIP: 0010:check_preemption_disabled+0x16/0xe0
[  649.776257][    C1] Code: ff 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 41 54 55 53 48 83 ec 08 65 8b 1d 25 6c 48 08 65 8b 05 1a 6c 48 08 <a9> ff ff ff 7f 74 0f 48 83 c4 08 89 d8 5b 5d 41 5c c3 cc cc cc cc
[  649.776270][    C1] RSP: 0018:ffffc90000a08b78 EFLAGS: 00000096
[  649.776282][    C1] RAX: 0000000080010101 RBX: 0000000000000001 RCX: ffffc90000a08bac
[  649.776292][    C1] RDX: 0000000000000002 RSI: ffffffff8de0da05 RDI: ffffffff8c158fa0
[  649.776300][    C1] RBP: ffff888056d16c00 R08: 0000000000000004 R09: 0000000000000002
[  649.776309][    C1] R10: 0000000000000002 R11: 0000000000000001 R12: ffffffff899ae4db
[  649.776317][    C1] R13: 0000000000000006 R14: ffff88802fe8c880 R15: 0000000000000003
[  649.776326][    C1] FS:  00007f6afb7256c0(0000) GS:ffff888124813000(0000) knlGS:0000000000000000
[  649.776346][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  649.776355][    C1] CR2: 0000000000000000 CR3: 0000000027ae1000 CR4: 00000000003526f0
[  649.776364][    C1] Call Trace:
[  649.776371][    C1]  <IRQ>
[  649.776379][    C1]  ? advance_sched+0x62b/0xc80
[  649.776395][    C1]  lock_release+0x153/0x2f0
[  649.776411][    C1]  _raw_spin_unlock+0x16/0x50
[  649.776427][    C1]  advance_sched+0x62b/0xc80
[  649.776446][    C1]  ? __pfx_advance_sched+0x10/0x10
[  649.776461][    C1]  __hrtimer_run_queues+0x202/0xad0
[  649.776479][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  649.776495][    C1]  ? read_tsc+0x9/0x20
[  649.776514][    C1]  hrtimer_interrupt+0x397/0x8e0
[  649.776534][    C1]  __sysvec_apic_timer_interrupt+0x10b/0x3f0
[  649.776548][    C1]  sysvec_apic_timer_interrupt+0x52/0xc0
[  649.776565][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  649.776580][    C1] RIP: 0010:handle_softirqs+0x1dd/0x8e0
[  649.776598][    C1] Code: 88 6c 24 26 4c 89 7c 24 18 48 c7 c7 e0 a9 ab 8b e8 68 7a 0b 0a 65 66 c7 05 76 e5 53 12 00 00 e8 f9 dc 46 00 fb bb ff ff ff ff <49> c7 c7 c0 c0 20 8e 41 0f bc dc 83 c3 01 0f 85 a4 00 00 00 e9 b1
[  649.776610][    C1] RSP: 0018:ffffc90000a08f28 EFLAGS: 00000202
[  649.776620][    C1] RAX: 00000000000072ea RBX: 00000000ffffffff RCX: 0000000000000003
[  649.776628][    C1] RDX: 0000000000000000 RSI: ffffffff8de32ec7 RDI: ffffffff8c158fa0
[  649.776637][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001
[  649.776645][    C1] R10: ffffffff90a98957 R11: 0000000000000001 R12: 0000000000000200
[  649.776653][    C1] R13: 000000000000000a R14: 1ffff920001411ed R15: ffffed1005fd1910
[  649.776668][    C1]  ? handle_softirqs+0x1d7/0x8e0
[  649.776682][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  649.776712][    C1]  ? rcu_is_watching+0x12/0xc0
[  649.776730][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  649.776747][    C1]  __irq_exit_rcu+0x109/0x170
[  649.776762][    C1]  irq_exit_rcu+0x9/0x30
[  649.776777][    C1]  sysvec_call_function_single+0xa4/0xc0
[  649.776793][    C1]  </IRQ>
[  649.776798][    C1]  <TASK>
[  649.776803][    C1]  asm_sysvec_call_function_single+0x1a/0x20
[  649.776817][    C1] RIP: 0010:lock_release+0x45/0x2f0
[  649.776829][    C1] Code: f9 47 38 12 48 89 44 24 10 31 c0 0f 1f 44 00 00 65 8b 05 12 48 38 12 83 f8 07 0f 87 38 02 00 00 89 c0 48 0f a3 05 1b 01 11 0f <0f> 82 b1 01 00 00 8b 3d 03 33 11 0f 85 ff 0f 84 25 01 00 00 65 8b
[  649.776841][    C1] RSP: 0018:ffffc90004b7ed38 EFLAGS: 00000297
[  649.776852][    C1] RAX: 0000000000000001 RBX: ffffffff8e5c4e80 RCX: ffffc90004b80001
[  649.776861][    C1] RDX: 0000000000000000 RSI: ffffffff816adac4 RDI: ffffffff8e5c4e80
[  649.776870][    C1] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  649.776878][    C1] R10: 0000000000000000 R11: 000000000000fed6 R12: ffffffff816adac4
[  649.776886][    C1] R13: ffffc90004b7edf0 R14: ffffc90004b7f768 R15: ffffc90004b7ee24
[  649.776896][    C1]  ? unwind_next_frame+0x3f4/0x20a0
[  649.776911][    C1]  ? unwind_next_frame+0x3f4/0x20a0
[  649.776927][    C1]  unwind_next_frame+0x3f9/0x20a0
[  649.776940][    C1]  ? shmem_get_folio_gfp+0x67f/0x1600
[  649.776957][    C1]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  649.776976][    C1]  arch_stack_walk+0x94/0x100
[  649.776992][    C1]  ? shmem_fault+0x1fe/0xa30
[  649.777008][    C1]  stack_trace_save+0x8e/0xc0
[  649.777025][    C1]  ? __pfx_stack_trace_save+0x10/0x10
[  649.777044][    C1]  ? __lock_acquire+0x622/0x1c90
[  649.777056][    C1]  save_stack+0x160/0x1f0
[  649.777073][    C1]  ? __pfx_save_stack+0x10/0x10
[  649.777088][    C1]  ? post_alloc_hook+0x1c0/0x230
[  649.777104][    C1]  ? get_page_from_freelist+0x1321/0x3890
[  649.777119][    C1]  ? __alloc_frozen_pages_noprof+0x261/0x23f0
[  649.777136][    C1]  ? alloc_pages_mpol+0x1fb/0x550
[  649.777154][    C1]  ? folio_alloc_mpol_noprof+0x36/0x2f0
[  649.777166][    C1]  ? shmem_alloc_folio+0x135/0x160
[  649.777179][    C1]  ? shmem_alloc_and_add_folio+0x499/0xc20
[  649.777193][    C1]  ? shmem_get_folio_gfp+0x67f/0x1600
[  649.777211][    C1]  ? __lock_acquire+0x622/0x1c90
[  649.777224][    C1]  __set_page_owner+0x91/0x550
[  649.777242][    C1]  ? __pfx___set_page_owner+0x10/0x10
[  649.777259][    C1]  ? bad_range+0x261/0x4c0
[  649.777272][    C1]  ? lockdep_hardirqs_on+0x7c/0x110
[  649.777290][    C1]  post_alloc_hook+0x1c0/0x230
[  649.777306][    C1]  get_page_from_freelist+0x1321/0x3890
[  649.777327][    C1]  ? prepare_alloc_pages+0x3c2/0x610
[  649.777347][    C1]  ? rcu_is_watching+0x12/0xc0
[  649.777364][    C1]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  649.777382][    C1]  ? __lock_acquire+0xb8a/0x1c90
[  649.777398][    C1]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  649.777416][    C1]  ? do_raw_spin_lock+0x12c/0x2b0
[  649.777431][    C1]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  649.777446][    C1]  ? find_held_lock+0x2b/0x80
[  649.777465][    C1]  ? __lock_acquire+0xb8a/0x1c90
[  649.777481][    C1]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  649.777498][    C1]  ? policy_nodemask+0xea/0x4e0
[  649.777516][    C1]  alloc_pages_mpol+0x1fb/0x550
[  649.777534][    C1]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  649.777555][    C1]  folio_alloc_mpol_noprof+0x36/0x2f0
[  649.777568][    C1]  shmem_alloc_folio+0x135/0x160
[  649.777582][    C1]  shmem_alloc_and_add_folio+0x499/0xc20
[  649.777600][    C1]  ? __pfx_shmem_alloc_and_add_folio+0x10/0x10
[  649.777617][    C1]  ? shmem_allowable_huge_orders+0xcb/0x2f0
[  649.777635][    C1]  shmem_get_folio_gfp+0x67f/0x1600
[  649.777653][    C1]  ? __pfx_shmem_get_folio_gfp+0x10/0x10
[  649.777670][    C1]  ? filemap_map_pages+0xf6f/0x1680
[  649.777689][    C1]  shmem_fault+0x1fe/0xa30
[  649.777704][    C1]  ? __pfx_shmem_fault+0x10/0x10
[  649.777721][    C1]  ? __pfx_filemap_map_pages+0x10/0x10
[  649.777740][    C1]  __do_fault+0x10d/0x490
[  649.777758][    C1]  __handle_mm_fault+0x3c2a/0x5490
[  649.777776][    C1]  ? __pfx___handle_mm_fault+0x10/0x10
[  649.777791][    C1]  ? __pte_offset_map_lock+0x174/0x310
[  649.777810][    C1]  ? find_held_lock+0x2b/0x80
[  649.777825][    C1]  ? find_held_lock+0x2b/0x80
[  649.777843][    C1]  ? follow_page_pte+0x3af/0x14c0
[  649.777858][    C1]  handle_mm_fault+0x589/0xd10
[  649.777874][    C1]  __get_user_pages+0x589/0x3b80
[  649.777889][    C1]  ? __pfx_mt_find+0x10/0x10
[  649.777909][    C1]  ? __pfx___get_user_pages+0x10/0x10
[  649.777925][    C1]  populate_vma_page_range+0x278/0x3a0
[  649.777939][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  649.777953][    C1]  ? __pfx_find_vma_intersection+0x10/0x10
[  649.777973][    C1]  ? do_mmap+0x69c/0x1210
[  649.777986][    C1]  __mm_populate+0x1d8/0x380
[  649.778000][    C1]  ? __pfx___mm_populate+0x10/0x10
[  649.778014][    C1]  ? up_write+0x1b2/0x520
[  649.778028][    C1]  vm_mmap_pgoff+0x362/0x450
[  649.778048][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  649.778068][    C1]  ? __x64_sys_futex+0x1e0/0x4c0
[  649.778087][    C1]  ? __x64_sys_futex+0x1e9/0x4c0
[  649.778106][    C1]  ksys_mmap_pgoff+0x7d/0x5c0
[  649.778120][    C1]  __x64_sys_mmap+0x125/0x190
[  649.778140][    C1]  do_syscall_64+0xcd/0x4c0
[  649.778159][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.778172][    C1] RIP: 0033:0x7f6afa98e929
[  649.778185][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.778197][    C1] RSP: 002b:00007f6afb725038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  649.778209][    C1] RAX: ffffffffffffffda RBX: 00007f6afabb5fa0 RCX: 00007f6afa98e929
[  649.778218][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[  649.778227][    C1] RBP: 00007f6afaa10b39 R08: ffffffffffffffff R09: 0000000000000000
[  649.778235][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[  649.778244][    C1] R13: 0000000000000000 R14: 00007f6afabb5fa0 R15: 00007ffdcb212638
[  649.778258][    C1]  </TASK>
[  649.779186][    C0] rcu: rcu_preempt kthread starved for 10498 jiffies! g50181 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  650.640260][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  650.650223][    C0] rcu: RCU grace-period kthread stack dump:
[  650.656100][    C0] task:rcu_preempt     state:R  running task     stack:27784 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  650.669587][    C0] Call Trace:
[  650.672860][    C0]  <TASK>
[  650.675788][    C0]  __schedule+0x116a/0x5de0
[  650.680312][    C0]  ? __lock_acquire+0x622/0x1c90
[  650.685249][    C0]  ? __pfx___schedule+0x10/0x10
[  650.690102][    C0]  ? find_held_lock+0x2b/0x80
[  650.694777][    C0]  ? schedule+0x2d7/0x3a0
[  650.699107][    C0]  schedule+0xe7/0x3a0
[  650.703173][    C0]  schedule_timeout+0x123/0x290
[  650.708022][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  650.713394][    C0]  ? __pfx_process_timeout+0x10/0x10
[  650.718684][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  650.724487][    C0]  ? prepare_to_swait_event+0xf5/0x480
[  650.729952][    C0]  rcu_gp_fqs_loop+0x1ea/0xb00
[  650.734711][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  650.739988][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  650.745185][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  650.750113][    C0]  ? rcu_gp_cleanup+0x7c1/0xd90
[  650.754960][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  650.760765][    C0]  rcu_gp_kthread+0x270/0x380
[  650.765435][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  650.770624][    C0]  ? rcu_is_watching+0x12/0xc0
[  650.775388][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  650.780587][    C0]  ? __kthread_parkme+0x19e/0x250
[  650.785622][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  650.790814][    C0]  kthread+0x3c5/0x780
[  650.794881][    C0]  ? __pfx_kthread+0x10/0x10
[  650.799477][    C0]  ? rcu_is_watching+0x12/0xc0
[  650.804238][    C0]  ? __pfx_kthread+0x10/0x10
[  650.808824][    C0]  ret_from_fork+0x5d7/0x6f0
[  650.813422][    C0]  ? __pfx_kthread+0x10/0x10
[  650.818005][    C0]  ret_from_fork_asm+0x1a/0x30
[  650.822776][    C0]  </TASK>
[  650.825789][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  650.832107][    C0] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.16.0-rc5-syzkaller-00224-g379f604cc3dc #0 PREEMPT(full) 
[  650.844248][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  650.854294][    C0] RIP: 0010:smp_call_function_many_cond+0xd7b/0x1510
[  650.860982][    C0] Code: e8 6a 19 0c 00 45 85 ed 74 46 48 8b 14 24 49 89 d6 49 89 d5 49 c1 ee 03 41 83 e5 07 4d 01 e6 41 83 c5 03 e8 07 1e 0c 00 f3 90 <41> 0f b6 06 41 38 c5 7c 08 84 c0 0f 85 6f 05 00 00 8b 43 08 31 ff
[  650.880585][    C0] RSP: 0018:ffffc90003a6f750 EFLAGS: 00000293
[  650.886648][    C0] RAX: 0000000000000000 RBX: ffff8880b853fe20 RCX: ffffffff81afd92d
[  650.894611][    C0] RDX: ffff888023f70000 RSI: ffffffff81afd909 RDI: 0000000000000005
[  650.902576][    C0] RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000000
[  650.910540][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: dffffc0000000000
[  650.918506][    C0] R13: 0000000000000003 R14: ffffed10170a7fc5 R15: ffff8880b843b580
[  650.926470][    C0] FS:  000055558161f500(0000) GS:ffff888124713000(0000) knlGS:0000000000000000
[  650.935400][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  650.941980][    C0] CR2: 00007f88866e56c0 CR3: 000000005bfc2000 CR4: 00000000003526f0
[  650.949944][    C0] DR0: 0000000000000007 DR1: 000000000000009b DR2: 00040000ffffffff
[  650.957914][    C0] DR3: 0000000000000009 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  650.965876][    C0] Call Trace:
[  650.969146][    C0]  <TASK>
[  650.972072][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  650.977279][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  650.983609][    C0]  ? ldt_dup_context+0x1a2/0x300
[  650.988546][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  650.993744][    C0]  on_each_cpu_cond_mask+0x40/0x90
[  650.998865][    C0]  flush_tlb_mm_range+0x4a0/0x1790
[  651.003976][    C0]  ? find_held_lock+0x2b/0x80
[  651.008653][    C0]  ? dup_mmap+0xf88/0x21d0
[  651.013068][    C0]  ? __pfx_flush_tlb_mm_range+0x10/0x10
[  651.018613][    C0]  ? up_write+0x1b2/0x520
[  651.022943][    C0]  dup_mmap+0xfa2/0x21d0
[  651.027193][    C0]  ? __pfx_dup_mmap+0x10/0x10
[  651.031883][    C0]  copy_process+0x4081/0x7650
[  651.036558][    C0]  ? do_wp_page+0x1aa7/0x4f20
[  651.041238][    C0]  ? __pfx_copy_process+0x10/0x10
[  651.046275][    C0]  kernel_clone+0xfc/0x960
[  651.050697][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  651.055762][    C0]  ? css_rstat_updated+0x9d/0xd30
[  651.060787][    C0]  __do_sys_clone+0xce/0x120
[  651.065381][    C0]  ? __pfx___do_sys_clone+0x10/0x10
[  651.070578][    C0]  ? handle_mm_fault+0x2ab/0xd10
[  651.075524][    C0]  ? do_user_addr_fault+0x843/0x1370
[  651.080817][    C0]  do_syscall_64+0xcd/0x4c0
[  651.085325][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  651.091212][    C0] RIP: 0033:0x7f291ff85193
[  651.095622][    C0] Code: 1f 84 00 00 00 00 00 64 48 8b 04 25 10 00 00 00 45 31 c0 31 d2 31 f6 bf 11 00 20 01 4c 8d 90 d0 02 00 00 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 89 c2 85 c0 75 2c 64 48 8b 04 25 10 00 00
[  651.115241][    C0] RSP: 002b:00007ffccf209c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  651.123669][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f291ff85193
[  651.131640][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  651.139625][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  651.147593][    C0] R10: 000055558161f7d0 R11: 0000000000000246 R12: 0000000000000000
[  651.155560][    C0] R13: 00000000000927c0 R14: 0000000000084e6e R15: 00007ffccf209e00
[  651.163541][    C0]  </TASK>