last executing test programs:

13.251231661s ago: executing program 4 (id=1486):
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@newtaction={0x70, 0x30, 0x53b, 0x70bd2b, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x1, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x300, 0xfffffffd, 0xffffffffffffffff}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x4}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0xc}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x70}}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000406d0494c200000000000109022400010000000009040009010300000009210000030122060009058103000500044063b183ad52ca0e09bd8e7f2efb4138419d3d3c136e5c88474e094164f79d5562eeb1988d1c3bd20b5f3be5bdd3212b298440923cf6038b224e9cd13729c9c78425b15adb4489d0584894e1848f3aac3cc73398957bfc606180a14cffa2b0fb9abd"], 0x0)
syz_usb_control_io(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000240)={0x24, &(0x7f0000000080)={0x40, 0xe, 0x2, {0x2, 0x30}}, 0x0, &(0x7f0000000180)={0x0, 0x22, 0x6, {[@global=@item_012={0x0, 0x1, 0x5}, @main=@item_4={0x3, 0x0, 0x8, "aa881f3a"}]}}, 0x0}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[], 0x48}}, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000340)='net/icmp\x00')
pread64(r3, &(0x7f0000000100)=""/222, 0xde, 0x200000000013)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4400000010000d15eb97e01d515c9d3c6d88ec1f3606e3a5a20408bd7000fbdbdf250000005b6cf1cde4cc00b4138dbc00e4cdf8fe6233c15f5be92e85fbe6e9d7bf05d51739b061a92381b013eea027b02f45ea3af7ab151d814d6482b7218037ac5e4e3ed5440d2376bb83c0ce1120b8db947981b8f9ae574c028080736b0d08ee8035a2b46bdbac6b4a4aa1d7a82e667d4be84051ed7983ddeeaf4d9a8db0a1a1d521a6a6f0a7ad5e2ec8bbcdebdec8e97afa9ac13f47", @ANYRES32=0x0, @ANYBLOB="10a000001440050024001280110001006272696467655f736c617665000000000c000580080003004828b197"], 0x44}, 0x1, 0x0, 0x0, 0xc005}, 0x4000000)
mount(&(0x7f0000000280)=@nullb, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000440)='logfs\x00', 0x808, &(0x7f0000000480)='{//\x00')

10.1169623s ago: executing program 4 (id=1499):
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYRES32=r0], 0xc)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x0, 0xc7}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc86a00", "4617a9f6040839230fb7fead776dd8dc", "c6db0872", "a44a883fca4400"}, 0x28)
ppoll(&(0x7f0000000000)=[{r2, 0x4}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0300000004000000040000000a00000000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000f7ff0700"/28], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000300)='GPL\x00', 0x9, 0x1, &(0x7f0000000340)=""/1, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000040), 0x4800)
io_setup(0x6, &(0x7f00000000c0))

9.620597483s ago: executing program 3 (id=1500):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = gettid()
syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
io_uring_enter(0xffffffffffffffff, 0x47f5, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r6, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r6, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r6, 0x11a, 0x2, &(0x7f0000000b80)=@gcm_128={{0x303}, "cfc85eb51b0ace6a", "4617a9f6040839230fb7fead776dd8dc", "3f4051c4", "a44a889722b66244"}, 0x28)
recvmmsg(r6, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000b00)=""/81, 0x51}], 0x1}}], 0x1, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), r7)
ioctl$sock_SIOCGIFINDEX_802154(r7, 0x8933, &(0x7f0000000140)={'wpan0\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r7, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x54, r8, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_SEC_DEVKEY={0x38, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc}, @NL802154_DEVKEY_ATTR_ID={0x28, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x2}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xaaa0}]}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000041}, 0x2000c0c0)
sendmsg$NL802154_CMD_DEL_SEC_KEY(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="60010000", @ANYRES16=r8, @ANYBLOB="00042dbd7000fddbdf25180000000c00308005000200020000005000308024000300aa84df3f3ec0e0bffeeedfc201fc957a064e35441b1781310f28fd18189cf05b0500020082000000040001801c00018008000400feffffff050002000200000008000400db00000018003080140004009868706a187069d5c44644976cfdf4540c000600030000000000000098003080400001803c0003800600010002000000080002000000000006000300a3aa000008000200030000000c0004000200aaaaaaaaaaaa0c0004000000000000000080050002007f000000140004007b9f79ebf52d1d2746b87bd707a5757f28000180080004000b020000080001000100000005000200000000000c0005000700000000000000050002000800000005000200070000000c0030800500020001000000280030802400030083f0354d2ffa3fa67816fd30986218f0bac33a840c8b1d286a9919e7dee6b6a1"], 0x160}}, 0x1)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001000)=ANY=[@ANYBLOB="6c00000010001fff010000000000000012060000", @ANYRES32=0x0, @ANYBLOB="81ffffff00000000440012800b00010067656e6576650000340002800500090000000000050009000100000005000a000000000005000300f90000000500040040000000050004000800000008000a00", @ANYBLOB="b5"], 0x6c}}, 0x0)

8.441558417s ago: executing program 3 (id=1502):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000240)={0x8, {"7f9654d636ab18b7938a2804505c72e9994ca22404fc203334cc21ed3d6a776fd12d13f9602b2980f983c31a5d1e431db778099ce3af3fb20e1ee1f4fdb77cbb36154982a93c19825d6fd273ab1eb5bcd47adad50de8a6791486e482e29ecc94284921f33b941cfc1000c9781d9a828c5ec7a2c77b4e624a5aa0e9e39782bad733eda81ba47e1c6116e4170e6587dd6210a57abe91f1f80c4e31139d8b73fe35ac1f99ea82dd6aa9c9aa67de88ae3e141020e1a876bbc449d2d843aa7e6d90b948b7e28770e6ac71010c63f17e90fd20806a9f8d9f418ee3af74aac64b04a27c4f5e3626ca2da546c79d24acadd11e8d272a22fc54078fd5e64475993668980a9f95aff964ded28f79c862e674356af492b8377a759d8ccf1accb9a18ef7ad16f438dde69cd020d71552b0810688c882a26a22b23f4b35471b08b379193db1cd7934a4049ff1b00d9795cda6e73951641d5e2365c24facd5afd09ed1d096d758b4fef66fe1aa22395d67b7e1db623d4a60a7dc93893d6c4a91df79535a855868c5dc0033d5c428cd25b85c5deb6e81068553bc84cead4d1eba8aa57e2b354a6899e44acbd3834491219b3e231cd55d82f161774a689efe197cc193ac0124c67738a0a1d5f16a6768c2c2ba7386c8c95ca08c55117f344f5a2bca0d09e79ea3fc49491f2c7adc513c2779c1bf62b1a8643d23e9e8b2ae41d4a59f1b82b82e092b36eb851b8456da871b4057aec325a9d4cccafde61f2abc85e3cabeabb856f6ffbfe23d69219ec8fae6beb54abe7870dbae823d49806a967a1c7f252999804f106745f20490bb3347b59321dc69765567abcbd89de04d89622170005df5871ed0fb72345a11da074060d7d4ee2e437f71a45723fb6b02de56067e54f54c52d10f7874a13cbfb3bd65ce54f9d6719ea210e0cf79e4e2157736ec07ac5915682ab81bced665c1e72fab8d8cfe509de0f21fe374b957b379fd5918061e21c2e96985cc1354b2de859b0f1a463ab04683b1253eda671c2353b5c208aca652f5419ffc4949a7fa909b95653f42d97390c400b4a1c308b11e73e9a06d3b164d3361e75584d70e6bc61d570a7e0c7da330f643194c1893fcd6489fac605eead61b53dff18caf526ecccc9bbd9146bc3c3bb67677695e6fddaab081786e9084014e60f5c03ae5a9087726b05e17402cd2fbb80d773b8a41470b1f901a8c2b2d57450181f4fc5bc53c7cb3dc032b84567492607cb08832eca9f79da9210d197863e5db5a74a9823dc0cc8bd9f3a9b6ff5a7d15d4747a9b26e088f4fad96d81cd1214226b1c4585d418d593220fcbb9ad949266cc48163e3498b46ebcdf7b2b5ecfe67539a61ed9e39b02d5b35ac0d0e7fa830034ca2da8a7ddf04bcf2cee939994369feb77023e0e3de04b21db7a640a92c17748245005cd75a7deba4ff0e4c104a9db2d9a98ec8edb3562050a3bac5f322290e3d8b6fb21770ac436d4cb12b97fc8f76d7bb9eeed85663eb0626f1ad1719ee4b07f7de2c1d1a31c27c6879f4fa3dbdfb2bfc0898beabafbeca9f13050e6b2f6c432e423cd5cb6b8fa56fe32c3e50104e44462c0a5c69de6a7ac5ae3d9f07ceed64dbffa42e4663838bfcde92f0fcb895f3b93c59b0e48c09890dfc36436db56b708f6e7cbbd2a6305f573cee099dbcd263cb96d9fb69cbc3cb06d8f5e3789698a17e71d22b4665ff5447fcc17a31bb136c8bb4b984573bcaf1cb650198c1266e6ddfd42d44f9de02cb9d915c5334c550fac3fcee56790aeb09d81e7690a32d8b0cc477b23f15257820de227be1ffaec2f63f3266b8f5dd78947dcee355fe59bfb100e5244425532bb1d115acd211b8c16b0ec0aae00fca5d4511a05c3ff027a1cac56210a10d81c01b90e156cc7b33de0fac825dc516d398166096013e068db935483c93ba95da39b5ae4087d84479a4c4809f28f93790dc279637bd6f3dc441d315cf6bd7b0e3d92070a45baf4445ce063fd12690eb002f5ca068a256bc54100c99a02a346beca39072163c4b297d117f1ed9fef42e3dbc11d36a0a0db52e84461c6fbb4aad62cd6c8dc9ae6a3390a5e8773ac599e67436220c8d541a9039762bffaa7f490e31dddbc362fb4ff686cda905f3b02a1db76d4d570d970434921ca8a4765af6d5c8b881e1f4ffa7e2d9ef5f5511b94f88474674ec790bb5186c73446a227bf1ffd19b605733abd1bd41e421aeaf2ed4617088c7ceef85451225056435993e89e4bccd2c2e4b39af99feef11fea645eeb5cf9f77b1e19a72d3efb613100969b84302789714bca65bcbc96762b4012a5700c62aed706433b9f142b7302442b6a9958b0e28e8b1cfa9eeb4ac0d71f497b23babf9f0221dcb658d9f4db5d45bee30d2ad7c97d6a562e014a7701c15325ec5d42ab732b37714a77a95c03fb15bbfba6fade32bf50f985a1df362ca7216cc152907dd931acb58a63920f581e82b590c0d6a0033009f8e50c3263d3f58596b63d507cadbc809a6690561f74d0772bf92d04e06c47a350724b106f5e83f7e71c4b2a983bf5ad7d8684e7b8b5dc1273d0fa5879b8e61bde33d602bc8ff0913b6d32dcac366d568dc7cf82bbfc405cbe418a2644c26592b32ca1a632fc95123efb784cfb6953a94ebeccd24fba389a0e56b043df07d9a2dd38a1196e5e55576b25f85cb96f6560802a4a58b7a6857e8454faa2c880bf32d464562b2bdc5f0df22b663f2c01fc944f1cfd1908f617f8295a5440bb79ae178ea46a95baeea48322105146ac3ed2de7d3796ddddcc848a8ecf4a00dd055733b4f59211f5a40deea44e74b3bc57953b26ed61e6fd67889edfe8d0902385e37666aacec072735630ecc441c3cc6b09bb2f63aa4e332c6df728dc74078a83ce20454dfd616d116270666ddc09c5fea2e8442bc43455d0257fac92f3780061178f9420bf8e463f29896c12383dbb9a81bc5c87376e647c8a9786cb514fb9696d9c0a8d303c5c4b5b7c5f601c01fa19323e02f675c371bc44fbc1ac5704d41a89a2a4ccec6ac8440c532f07da25aa2dce6a5d2ebe694eb4017d178b221213bfe2a01d9cfe689bd190776bca6c032f446eb8862587a7826e35f3f691763212eee6af2e49bbeb0a27e07c5714b74e373798c7bebce265f7ebef3a1ea64078cf1e8a9d433af32c53090c972ffedbadafb50b9a6e540abd84f8e938583ea725954be3b236c5d8aca7d486d21902a2902f25a7c02dbe83c39bd0b81513f9ef198c49d560e930ae224ff47f92e4851e1f7ab5bb406abcf6596569261e6b0c67bb3b854e9c6de60bfb60fcf29241ff237151310ecd19f8b2cfe764c1df1a2de9d840eca47aa169ba9a415901204ec31ccdfd76e908029ae34fb12dc286758c64fd6d42bc82b14e07e421f4b42b180cd6ef40cac8062928b4a420a4577f24295f54de9048ac9d34307bf93e463cea4967cf4880166f68ed1eb965db2e4fb9f5f0b1c695d621e427ccb9a3188073ee6fde729c6698346efa1c0ba643c1efd20858965511da750060d551c44c435a5f1603fae7357e0bc78e92aad3d88790ec2aa1a42d6fe7e0ffc57f3599e406db63be7dd32692df32ce33dee0a2becdb02d6e435e09de3d356497543db23f53da25643f9c585e275297800d8beed47f0e622f86fc25d2e87036fdceebfe7257cb6de0c02412d1c0758acfcd0862e99ad17a118f46f635a87477e8b825423d94ada35bf0b5444aa7d3de4bb7eec7ae5129fcc2cba651cc972f5500fc5161149d29f452962afb102a01ae76825cb4477460be0b85d75058595c27e9b7fae3492ec3925c671bee5f4ca534d5a294f783d6cc073c992139b61d21fd98297b04c0578dafd5f7ebcaf8d4d9185aea3d76e813421f4573b38c25093c015a65e44fb297f0f6ac2d02c4237b37a3bfca2406c5c95ae5812816bacad59ba7c6f72d7c644ff25b592ed1e89b276e05866c01a4ced7fc6dd9f190c20d420d7c8a1fe908833a24c5e5bd7a95a2a6fbf147fc4b29a179718166dd0fbae2fc6b8c8aac6194fa6baf0d3edc36b2316c56c441ba53e3e7aaaf0a1405566ff584f73a637b74dde9bcb4d41da2be6c9df5d533fbac54f5fb52a8a793757cfe19aa90048c6d07e3474136ae1be2455b0d0d02eb4b5961ba883209355c0dd2af4aad98e7b971e358a7d9b55fe17cd6095f257355d9b99e5ea52848f17b35a80792d9ed0fef6fe3eef9a324902409969823be20bbe0e8dba9c747cd1a14d3642d877b86271f3f0c322a142c4ff635b37d542c3265b5fe8589a732bb1a55010b930dd0196cd43ac3634c01b4a44c517197d03a3d89c67f5c09aab409e84c0af466bfbd0c96d240101a2542c66b4b4b8ef65b41b0079995c52cc9720d2c1d7c128c6f17a65cc798c1986cfbd8888460c54438edc4f91f3580391c8b57d9aee209a59a116c1c44775437e9c30e6d87e82ce84e28532b19441e32ab9aea22177bac9daad25a6c88395e9348d6780de630cddb266c411011175bdb6255a36535180818447d43ffba3758d311539fe9f6811fa470bf3767b4c2d4cdf37854c7ee28730bb1d39d5c0dfffcdbf353cca3e13079f3ae66b839c7dd36914022a0e75bca5b622f521420b73249ef47f03c1fb03ecf7557882afcaa7cf454a68ad237d4ce860bd6b1531c1cafe2cfb76bc4188271ef6bdfb304ee0e6932463a1909f03d6e8a27b5f137d6b342841d613863dfdf37d5ec3a98d667810fb6f82d67620bdefed8b3ff98420a6c7ee577c3ba68b95a20403608a7ba6526ec9e8662c6e15ab09b1a9019d4958af04cb2e4890ee6b1077fcaa5cc0817f388461b230fe631e75f18ab392a5ca5de4a024ca16dd05fcfdf92114e43a5c4a169d462ff0dba57deeaf5eaafd892f8ccbd72ac56471162e1416bca39859b4184ba0d1b3f7ec05db4ef4cf0142867fa9be328a0be8aa74c716aad9411008607980861f4f72e9bfa60195e2f939d3f6a44a6cec07dd376d1bccaa126686f313d5f7918ecd1215026982c82ed1922ef70e36e8ed59b2d5ceab3b4aad7e53049062dd5ba0e87f7005c3f4d2b788245cdc2f35ef2572bea5ea92dfad406ade6d5ad18be8eeb4c652e5277b244645c68c0c0f5a68d42e00d59b75941917b2cdf31fdf809f2078ca97fd5beba65b34e0621138ea0e94feb87166b2dac2232ebca575e5c0a4d565d9992f733bbfbe68a63d99ee93398604065d5517c33ed0e067bdb643e73102f16137afd7d4bf21e8065ea028c392a6dcefbe642dc3fb03a239d9c8b17023eacc8e19fea11c34a10644af1b786fc0f4504038c2ee59c1b353f3d7b9313df025b4b5874ca63ec164a3fe35bf390d266f53dcda6a8e190e63a56ffdf4f7c5c02aa22d376db06d4d2b96be5b331f897d1ecfd25c13a1c194c265dd95a5724a6435bc8138224d9db28b689b9cea5132cd19601dbc4a43e70c71e27e8fd0689d09484974e8a4605f8553735fffaf5654a087e323ca14e02b681b9bbe592bd6b719ae2e86bdf918b27c79d52dd334d1aa7ebc1bff76e97572faad092010a1022f7d33089049107a89c364ae7dd022d119e8f6ab795fd71d76a90e8202339401ff9e9918ea8c8e12f7b0ba10d9ebde5d1bc5988f2d07b34579d8c282628204f2978d8b0cf95dc41f3775a4053f833267c64b42336d7c850f2918ef0dd6d62e43fcc173254eb34748efd4754609ce25ade162ba3c91bb844aaf6fd648ee5a8fc5c64346603f8258592d67b9613e8f7ac0def0958f13436581d729e0b3e062738eb06b2116abe837529690a614fc5d3f53b4d4602e57060", 0x1000}}, 0x1006)
socket$inet6_sctp(0xa, 0x801, 0x84)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x40202, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000a40)={0x0, 0x0})
socket$rds(0x15, 0x5, 0x0)
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000a80)={{0x3, 0x0, 0xffffffffffffff67, {0x4000, 0x2}}, "3cde08e88a840d988c443a7e611718c015704b997f91016eb577889561ae4845a8d3635623e88edd167036b197da6420271770b6a94af09a8209964219102f40c4b761ba619a472e29c2823ffab2a0718cd7cd328e76cc4b3df10f25b1b5a9f2119ddc060f7b6913b6908f71cbfb346a17ef3cc7ad28fbaa85636822085843917d8a57a5f4b2b72c44948a51a425355e7d93a2cb784ef8d3abc1b15ccd6ff3469351c693e1c06d1483d68fa1ce4a130f9925f7f7bb2e648c7b4f1888c35619655a0f13bff68be678c4731fbf74fe1515c02c6c731545a7413b13dc60873b72cd1d211c26bebdc900e722e0fba2eb6dbc6e5e4c7c4326d9515abc619136cdf15c63ecd5ce8fef330d9c1db5f3c9381c63ac8539ab5068dd4a24add9213f33aa5d6ad4e24e1a7ac0e23fb0251cdb25945e7aae0bfa473070d82dc3ca3f74df0c0b72e76fb0e5108950280231f0ca7f67992426a4f4296e3cae0af503ad0721099b114d24e6b4e48e1ba3c6cf0ccc29c93e94f9eb7537335ccfe34c5be447a54339fcb26d6514f3c917365438e1716ccbb7cfee1cbb5126f078d3a809d877030eaa4f8e5a24263004358af59fb6adf12630a30b7e564af99b4b32bfb0466b21ea5b4aa7e61f04a129ef99f08eb2e8b928e2af2f1644518c46feddee250ae1441ac7a680dbde8c12ff313f434324cd9661a261f626d71f0c31141a5a738636fb8e43e3a5f1ba5ac9922e7a673b73ffbe7eb141c22fe4d45f94db3ff05a442773796b8d95550b4ad60887983df506d044a3012fbb82ef407312a3c40588d6cd50dc787f9346d24b218a3265368f8a78201d1896beb1c75d4bce9b3b64226924fa6da4772c0f2e783706c8f3457364c520e21e0b5de6a377b55344932c5c31ba156f7212f74f0f5ec510733f19fef2bfacc56a516d6817b0048e4b21cc9751f2a1ac906e30a87e5699541a3b55e8038b18759a821dc1e89bf27b42279a1a516c56e438ce80128dd1b30d51dbc1307b41a08c014b866f9348004cae530212970b2b4ba66c06d50af708b88b936740c92f17a2975b494c532c84e5abf3f09f1194c1dcf4f4278907978c20b4eba9fb42d0490b2868da9cace8be560e7e92f0ffca1824d9c15581266fbbd7594f5fafce433c883a97f9086b51f118439a749e7d424311c0234ce140ac0a74fac5a5012ac23b0c4bd6cc108af92573e5eec6c8c5586a7d81046b8d41b691596bb8f158eca2415e1a2ab1d75f9756812a75cc66b3986f7d4cf2eeac001e389792f4b84838564f73e9201ef1963fce9e3d360a5972d1cbb83851c11d4e273954b74d53bc61d0593ad0b61325d1ec93475f0f3f03ef2594b387e7a60375cd2a0e1f08f6a6e77a36957831b9f549c02e83f09d36a6782184da88b3b9ec8387111882038ce38403d6e21a9489c22730e7818b349c3fb7cd3dc2f226b56d728431ba70a092a74d02baf17f00727ed30133d752749bef6764baa555cf4ffaa14e11aeefff0c45d8b9f3fbd308d79ad2b2b6b9b447746991135d042fba72d7957d50225787dd996b13a3e673b64923014cdd1e8e54392b3726507ef0f0c7866a548b54ee4d2a3ac784d71bbf43344f61a04a6c985b12357f5f1bacebaf80bc21369fdd1a686bd337f83b71ad0875ddec7431db5b977c8e168833c7f37c67f03db8ca010374c695d293efe34ef603887b99f5d48f1b70bce15b3efeb2fdc5429e09f25b3aa483a3c90f07b3bfe4ce4a7a2b216ea14b652760fde9a8a87080c9540ed1a2c30a9c286624e7ef2bf61cd09c87155c394e9addd525b067514a3c0718c08502bce11ca0cbcf43d8440fe89e09650073e10abbe314a3e7f2bfff120050870e84b214a5173107f0bcf1dc3ee342a19ac002f112a45003049967d9dde291db6b424d1b883e99a8b6f55f7806c6041963fb164826ef2d2cf098da9b3f51ba8e6c9209374f7bfb803279e7cb8d746e29aa9ad2803d2a04e0a8b0dc14c55abf1d78a4bbf70be179bce85644e4b7eb0e134ee2778e06e8157b09fc95f9eab589f7e92ba00199a75152957e9ebf8df1e9622caff0ca3d8bee3c1171e8ba84453e0cf2608d80735c5e22ba582863d425d9f48b1dd1070b363c398c54a5ad90cf68b3c2b36259949d7daf71d2c9c662170922ad0fd8ce640efa31dd1f40ec146bf7d6dbccaa8c0bfbae2f5f811d64700ef3ab08e511fbe50bc65f83cac0eb125e6c33731f7cd8b1a35e4a39602479f55bc17f0bfe22e9bb1d38b6e27970aac9c26a53b91cc38ed596a827e61f2df19c0413795cf776ea5b400cd66aa81c14e6794b35d4d39ca9ef74f1e81e70984d191352ed66bf06a527b7dfb626874836c52fc27fd79a99dfc615e3f7db7cb8b4af970c75d62cec2f619cf5d6c01711b7bc4c685e35a669552872fcb9617cb3de1ceb0266167780d92cd0cda2d0856f6645f84575b61afc1b040410c557d0b41c09e6e589788bbca0b6f3bc7acfa508a820f65c79d2a5853cda422e77aa395c1b8a7d44998e1e4bdee8ab25b177644f30b69fd0d324b1839f6336a2e9142b1644758f04edab6be81b49ed57ed2d117ee3a60e17e6074389949faf1ace1242ae8e358d898da1146be10011a047f3e1d1a542496a9221ce09be11214220a50e708c7a66497fb0f36b5d6cabbb588e37696af8b5c4987b19d9928b26104fafafb804b2efde4ba9b6de588d0318d9dbde6faa4d6a9b617219d3acbc58bfd0721764871907d05c40d98cab831619e89143569596417277b72448746efa45abcb1f8f187ec066cc5a4cee9044559fec523b17f230d77a6ff820afcf552851ff1bb850fcdab421f010889b3a4509e5b87534e57976c9035e2d3483c8812fb0a4d11489bf932e09ab5c49348c25f0bd38743f3347d014742dc52f1fe48539fdbb2f1524dd22a002fd83157bc02a5172b35afce59a89b39cf74d38eb5b77a8101246567553098002a303d84a94cbdbe8a722b8ef3f5e9e404c41046eff7e7ec1111abca733bd4c6c17a1fa9c6dcd0b521f3fe6fa84f8723c254c5b8076591bdb1bdaab9cd978eb61cc7d8d15be9d518693196f9aca631e23516a258e8ffbeb4e513aff5765060fe9a65f94028ec9f50ea14ae2c22e49835b8a79036762422c3dff07be34f299a9bacf6e2e0ea4b47ad1b054e8347591c9f63aa0f7f5dd05363dbd5cea88310682c5e02effc5d68735df778763ee162b9c34f88aaa67614f2901c0352de89411833fd98b1963e465770671bbe2cc450cfc8d3f51c69f5cfe21aa1fb5271e4f33d37b8aa445094cb553dbcd409f7b6ad56815b8187f3180c53b17ca840f19ef806f3c15830ad8a14f3322dfb74ffe964965f9d448891525d7fa5392e17fd37abca237cf6a8ce256aaa42f38766aed5ed28e1f91c8259900a370f5674b552a6f14fc5fe7903476c964b109082d588f42e890d268100721b46db81f99d6c8fed058ecabc566d6068fa19b3341330ba49aae70a10a74695313b00b15b3afba6f3c9493030c7de460d40dfd84cb3771292ca75e4236e847c099cac5ca805f0cece66570149ff17e4f83e11d10199bcc95d69ba1e337fa02ab822f4606518feceb081dfcf974d21756eb78691192038bc37fd584fbf7fed38ed2deaa22d1914afa4a0672c9e88c3f57e4b29e0dfc5acd1a4e27ad4273aa53155f750653f686909b561ef6582541b4b9768aaaf48cff69898fb983cd6a4906d25ad1ffd8f4f4410f92c55311561e7d153a169532c8d214c6a48f31cffcff8a716890a75f5e4e9a4710fed48ba2a644e6c45116234f6431efb423b0f4ac1f7c90ee7174c3505fa2ac98c3ea33d6415a9ced90565f4252c6075c6e9839ecc9d4d6850d62ad4efedb3e61e61b87430411d6201f022b559aaa3e67aed0b84f67fd5bbaefe8185f77d34ba218082bbfc3fd065deb5158e3f0fad7500488c27fc4800e4a6e2f6e4a18f3319be5854843ccfc9175773ee75034511a358c798772783a799817b5681851377d5d2890536a250c78434cb05b77bac5c08c14fcad69df811d5c1af05b69e6e2ff20d1ec8e7173702a9c94547dda5a75a7c7f253efe3d0a91509a08b6b29bae8fd9a13f85d5884adea38d1d77193d6c0871b8f5293621cbed9145bc0b4e8eff164f9780abb744208d727bc6b759ffdc9041d78148da422d7c5acff69e0a85e7d20702360c677b7f81de02294547a9f5d39f6febdbf7c5f578073e7e4e941c22640c3ffa568a379ac2b812a3c9b23b8ec3911ef06ac50699d117a90146a76aac41a53640eb74984dec7bf6bf8f145b806153333eb713bc7e5b274160bea2eabefca2f3db04d2855cb0fb0e6a171a255bc8de00b878fbcac201041818df2960aa48eaec88f860557d80e86959c809f897a6424bb6ac63bb2e5a643081731bb83a7ab25fd299c9fe82e04fe792b09f7357cb99ac2b52488741ff259e29aa60dc7467dc5c4ebc7c1fa26958d72b11d6eb47e67d31e0ef05b2c127fc9e2f4a902ddd10b8d8e583b1fa173a28cb269bc0eb509408ba7bb7e66c757684c2d0f62fc30991f2213d13acf58dc4e4f56f3f6e011e70ddaf3f1ca0f7d8a53efdffa8848bbaef0fe490f13ddf97591960919acbb5588cacff4cea2672deb15bb29899be9bd00fc38e57ba853954f626390b464cea79a793d0459bad7c514cc39332f4850e8649fd91d66c1b39563d243ca764d3cf4b24b38c8769c16fd2c501c1393ef6f7d931d74fc93ca94ce83402f44ace28c40490c3d7e81dfed02b293fd6faefbf873d41c7c2de62a8939b843919460fa21b55bf7b0adbfa9601ff779732ee87521ea67179e200af9f18405946a98c9eadb5fe17b093e4b5e3ffb74beac43dbca6ea631db8f6372781568a455cc793e6b63c79e5e1f8a3cc11aa1bfcfbd7c0ed2a3f1b42a1278352cf1d7f1f3fca1aaeabd71d861127603b50a786ee5eedac21db0c80f8220d3514a4fbc68c225c6518d5f0943c97f51dc712f9bd389ed56bd029badba8242d9b042e4700412d1279f2999b3c11d754d731fca2b5afb61cc715cc24cc80b9c9dcad172d0e3f4eecd87aae7ae215a9d96dde3200a15d7b927b3b7106235764bde301916c228ad7a58aeb7a85bb7a40d7aa8e43332dffdd144ae228d515a9c714b36ca63cbca72fff660f4b4ff88074f689f21f16eec2d5a9d7f8fa6107f8a3460fbe8fe2b2ea75f159f8acade78472325afc7a611954715f78a60f580ed904499c450b51809fa5449c47b53e90a5697fa29ae2afb0fe75de3abf9ef0a72c35b4926dba949a6bd48e88605081fab4fedc79dbda111c94bd59748b8b204ee9d26fe3dc4b0300dfc58a0f830d12f2fe2a02fc3ac76613b31a5196f536b3114d058d78cfc13a23e5f3c5613ccb8a5ed4629fe57170a3cd8513fe1899b5a32d2e43147874277a77aa95255c2516eaa59a2fe8e68d94ffc23d2d4e956d066969e1fa4ada9bbdd959cace1d3d36f0d992d056a1981984701d7e4d604f39775a858f08a8823fc798394438e85a87dca27ca98a1cb060e90789803a62e3eb1dd189e6225b62952b755402ff7d0eabb84585cb853abfd11e62b7c4bbaf3050f085efbed43b7ef44962952c48bc2da17a03e8d2b0fc678b25368ac07690345bcee280687847d24b3e7e33fa17cbedecca64a0122701af287faa0c219ec305da7f06f37496ff8c18e42a6a533e49f822417937ff8db725c7dc024efba3f346a67d7030bbf4513a7d9151bb708abe385d21a098f345b9499a79dd371fbdc4a29b6be6cd0ffbe5f2a49eefc2fd5f3eacc470c3294e5", "92bbe68d68831472731a7d2c7a754fd8b796b7be48982576b6d9a9601d71811fd857b11f89039fd56f1cc71b70df1b5c66084c14a90b752d8c4a37c6ce3dfea7ee28d47ef60f00e26bc9923267366b9c78de736d87d02ed8265ffe733cf8029a495ccd2dfa56ab87fb1eb9cfa89683c413d40ed8f7a468aaad6abf030868ec9b2377752723093ae56768fbdbff774591dc7e1ddbabfdcaf7f9bb773056ef239f1622d310993efb4e84dd2ed536836b03f1b32948222e8bba288569b75a6e1fc068a0d7eebb2b6fff77a40524c491a0c31296ca1f430403afbe50e15aa2b96fc1d2d4240314eb56dc75dc8dcceb7d826f42f04391b9e3625031d569bcbdc75b1ccc5ab848056c3ba27e4bfbcfbae398f9adc3c8e2e5087b4544a2495fcda939fc4f19d1e963620879e2e7ee7ab8f4fd7d337a95105be0166b8d15090d456e363367a2e19d548a941088bf1d1cf715c5401f95a27dd14cd2525015233531f59e45eb750246427027fe3fbcfd1e17e9a1bd77dff8790ecd2a1a95944cbe3ac1181c0c15acf2aefb97002056c3b08e918be915a70bb9b6a9b1b7af8f32937cca7d532154162181da3c7bd4115ad9560c1875566c6202086929b7d2dd3ae628e1817de91c2f750215339ac2878156fb125e645691f29c7a7d0586a0b63230338a0a52167b42d1894649c09de65669de20dd22a9b514c680d3c9238bbfdeb03d066f0a6ae3b25d7dea410a41a10cb32cb588ea5f7300eb2ca4ee60ba11cbf4ab2d4016b9d2b283221973e21c47ad08a5e15112126bd0d99546e8da93eb7723d54c8ea41a06ec90eda609cc2afae509cca499802163d1b6913e56dc1dbb5402772b1358fb05220b01e5be456cce429dab81ce56dba3334bde68e6ddd8e81d1a8f9908791428fe827cada399365db0bc9d551e7e24582a56fe2429244b571c91ed8c397911e92502c8b78b1c8141c299c9e867f63295c29df1afb362dbd38596d159a762d224995d59b3f124d68bace27daca69552f8f427196bc0e105828a8abee8ae82dbccb916a5b4636cee9b9131a7781be6d03456eecf533e427c1517ad5901bff4447cc6ad047b214d01ba951433a90960bd942bd48b08a56a8faa5967214c75f08b3661bc169ba36605bf358f854bf052ad84f1f58726c93133fea250c114a223e7366ee5c5eb235db720b862a158bcd0945e97a6744ff73ba294b7a2d028c165dbd9abd623cde1d427198a0fe60f24c01bc4e808147c2a03e8b62d1047e47e1d6fad8c96aee7e1c8c5c762d50f8d163cf4aa395a63931930af406af52bd489852105f67ee09234b1e4697313a7b3cd580eb367f64e9a09dc32a577f38f682e536b35db040d19aef21fd8f29d7f73171f42cb9da72a83cd86b8224ae6a496c8b2abffeba222b16be038c932191b4ad1c329e78570bf576c12fb212f0efb25cc3c3be755d7c80bcf1354d6ee6dba72771660a77fce172e33f32a3ba1bdf6b427f37ced092eeabfa368f11101547980b0cb827ed3db3a1b22431c37ef691a8f9e07cdef557a3cd0e666188a6780709f374bd8fbfdeeb88e0faf1c95d0f668116227b447bb1490b65938dcaf47e358591220d8dbc5d87b122d9be6f30d363c2626de93cd480a21875f474b96bed3f198f690883f8622dd96c174b43cea38229d323142e03a27016c5f442b9449379ac455aae9f2bc87bd376f526c386bea3fbb0bc95e31be68dc0de076aa754322755dbe09f69f80ba6cf4f786da3cf3813688ed2c48414e1a55cd1d04e368dfe73cc314ed0bd555e9c64bd5b737545b20a654c3e2ad4fe94e274b74ee54bdbbf8f7631cffd2fd8447877b6eaae6d96cc0c761d4493afa04d8810852097fd61e1e6a9c4a7aeb71142399aaa1a8ea7c9bc03c28028c983c9479909d8810dfae6897e136766f3b24de25ce7a13627b2f37c08230947bc89ea8016adadc1069b2aa04a072721fbce01c471d3520e9e335176930ce4a9e573a97dc741e78325b1c8392812c78d36284c2d030ebb89245ede680e794bbddc7f7254c0d00f379956d9f8c90df6ec790da86af76f8a802d8e2371a5f5b2a308495c9df549e0c966bf74751fa647b268e4739d2e40710c82cd8868a06f37a2eb683362ea14dbdbc4d3d12020f4dc5e1d6829bb1ad6efecc444e5e0abcc54935f30253357cfbfdba20aa6802d473add296144537e83028a693cbb14b6125b68734ad019261356d8d83d977ec33de801614d8a22f5c4f8f0b2bc9bdc2b5324ff579d61437d4048bd9711d96b70a0eec2b731dac54d0fdaf83320ebc64bdae72b15691fca6309d8d67386a9df132f947f423486dbf2f9dcd074b0a70a0b9c765ef0dc60e0607c09e12fae48a91eae09acd1c2a15d2f89662946a4a859d22203346c3b8feffa01751d01dad6d57201fe094d8c4e5ddda1daf100f6564079df306230e4bee1766d03084b220c69073727b030c4a6e44f1813af289792d837820420ef4d6525b59444e5b5eeaab7722fd84036e3da513c463c272f8387535a0417f07c211a99d1e0db229608e85f8cf116f3228af89106deb4e6af28b95a8bde03c0c04557d2244c9a6d31cd7ed27a8202eac27b5676d8658bb48ca765bad75200ac95762f3f7fd795372740ab1f985ca205bcacebfdb83a9bbc32ecc3e3c0bcef1997b5c6bd4a045ec0441ee07b4c7d9ad45aedbd983229f487441a52a6452074382ef2721eec882a64cdd6929da3d0341506021e9a7b1a869898f96a5c7b9ec6d320ab0a3a66f80a74242d3e267d399906f6ba1ddcd79b47acdff546df087b49ba83381c64fb7b72d19c2ba6a04790f13c3032a930c4d86ba14bac98af65ebe10d23da426e2636ab4950f0c0cafb0f1f4a493b7a6824612d79449456b930cdeda4bfa9389b314b7dd57df97c406140f0810e249c12095c6108b0c98a8e553f942f4c8f28fdeaf7981ba623add8f0c3906ca533d2862295591d3aba261f41a234ee5305de309bb43140985dd796afb3a02e04bf314a165fb4698c1d2156dbece00135d1e043bd78064db6e97cf13afb9a188aec0945405c8ec7fcff33969d97d60e2f2b06e3ab88f2ccc4db9915e42d31e575b91577d3d578ed2169b2cde0d8df8bb277459bdac3c82daa7254dafd5a518e04fb70574a31f04da50ff379f15464ae70067480e6b071cb3389d45a0e9cfa9bef1a040f6ed85be7923325a23ccdffe208911319acceb99b4f8455a74d7f98b2cfd53761e78c6fe1ee095aa2ed0e338b75c92b6479a98e2f441b79c8bb2ec73b30fdf7164d0c4c8ecbd439f62f91b32165bd06027f0c64bc2acd2281b57cffd4e3f36378160ea6c0b3390be56af4e48fba1a59982a677b0f0bd571a84f19f26bd23d670a86c7db50d42fa1219ab7b42c4f2f49032af1825a62646cbe47f2d0128c3e72f712725eb5767033f8df3ecc5a5dd2be2d91dac9c0856bd1ae289082a88975a1ef49274d7f742a866067f4d9c76ba4e8854f791c902dcc794b2a82de8c389e74fdc676700b0a7e561597ec73f933dbb8ba5b9902346c858b3ff78c38bf9c2daea6aadb37b5e58620198a82c5198e6128e087893d29ce34c0d98270e2f5f4272b9e2433575284b9d0c1461442b95dda0fae59f1f0841f1c3fc7dc76052a359395f2ffb1466e248afa7243f4d95a634d62f281cfedd8aa6284819710dde3541efddaeadabda068c36c887d967a23af265189aeb147f7b183f406e47a4f2dcb24728e0947d0cf93529ea2663ccea2150ad89856049d595a507012628b48b240eb31426f8c0a3313fce2b1fdec122c91b52c5dfeba8df4e9145924bc7fab618e3058d0c2eaf7f47aab8b13505d8ed5be57b63d938a77d5cd5bb136241812ee86acef0ed4f3d298ad5f1345280a84145e18e23265dcb436e4777f81112204fed54d20f906ea50ff33902c18c7dd9a57ea93115a3f9da7fc917eac1446cc684ac293d90cc600665e837102a1a251fc956d49b30651fc5101c4e984de2b979257b4ce2159e04a4fa5841296212c41247530aa147ca3618c79e7f8e4f91f3e80c864675cc1caeda7700bc014b14f8702d68477389a99a4760d34be7aba08065949f8e68849160e9336011c26e10517f5b4f6e688fc27877714db0d2b49d13d67ffa01c2115a49283693d94469fa425bcbe7f56fda05ec44824f0468e983eedb0f61ff52d326c957b413de509b429a10f558be7d873484dfa03d9ec43da3d42c9510315523d057eeb4c057e7d5bede834620dcfa019f0575e44fd1a0d6b38082d1042c11ff4a4c4822ab718604ecfdd8c52c1937ab2d3c0aae66b054e44b95a8613dd8c725a817d1d2c2717ef14091083d3ffbb191875d290942afcbc2d3480de3533d237797cd1f75b701b0f2cca9f80d6236d888cf2e28eac2b1f429dbd54f0b0a2df50bf57eb27620018126f8bd4580f299d57e44b080775b4dca99722228d070db0056cddf0f70ab7157fb0ce4acfb7140884e24b1682b25230d403670a422b488cd978bd7df59bafc58f6f4eba87cb3d031ea2e5927b2ddbb215edb0820900cd6d21d88b0c74a0f86cdefc3ea911601c718edbe3b48d3cd521ebee2e68ceca79fe65d1cb190d8d56689eba06fbf4de6bdbbdb831a2d8359c7580efe7269a754d3f121f960a9a7231dfdc0b474a24bed56f2f0eaf32c97b4f103d2cce6b4f0a932a743d9dcbb52581f628aea23820347b83ca15e4f952ea77e84e032c2c0f0a70deb9ee1c587b4de34e41d437c8953c5e1604ad463118dbd2efac204ecf8e661344668f7753d1b24c57381a6b57bcdb53b429905cffe7b8d0ac3c692bf42f1aa3029a1de4b1668ae6b78e4bf92ec7fa40b0b667592ef2bbe44bf3ab48609274754562653c8abc16c4e86200448b7f72d56d098cea39f7ed9484ce9eaddf72ec3299c4d9808d1276fde0736564c3589d780607cb8cf119b96f6326d70287f30a46a4ca94ea86ea9e490c02f106142db5a0f2fa9d69323dd89a81a27fe76eeb94fa8cf1624ac51c05c9e305350593d509dc3adf70e3ee2f9ab8c0780af9084044b402a18b942a73f76048d466cdcdb0caf26badbc7b87cf8f11d5c065f17b893359cdb0cf94c0456858e5343beb608e0cda10e8ba457a9d6867f0a989ec54e8d80d6e0ab961d85bdff4333e6c0ddb2250099e073a50223a4cb78a9be174f17b8a67d60eab0d6a1c0ed0bfb03589bfc81ed5bc2b1ff085458187a2d4b2dcd753fbcc883a3339508a72d6f368be3ad946c5e1fdd25547bb26d73617761f55454c1242361c5168119bf7f5b6f44a72f5eeac798a7e1fe19802c75397879597e1ca564d8d62d5bc73fbc0ceef13f511d24f1702cb9705ab6d493ccf1d0f79fb584f76428a7ba80b6ecded9e19e0f12a7f3a28a8093fe6f4b5e2e7c7efc0c5b71ea4a276fe136a7d589f280787ccb6b40a685cb632de8530215759295c36f2cf9c882ac9584d68d5891525e7b08fd751e659f51f1785f2727cf5e1dde9d52b6285e5db4bfc308ec4efecdf4843fbe0c40113be473c6cb9ec3b539ae0216ffcc74ce5b57a8dcb95060547bc42e0394e199535e71e21ebf394605483f72ec2ec5188ca38fd9faa47686bd338dfc9870c8b6203a201d1258064523c5d627313b78dc94f6a1a488d49a9296d632e6e31e17712209fd67bc669515fca6ca43210203e921081af13a862d14812e98ed1e380c45fec0b16f3e4cc04bf3fe00cb28a6c65b446b45c6530c38057841e25211d53f57acb24d35c0765d1f34c62626cb89ec09d6b6cc27ce2c064173ce0d83b4535891fac2cb"})
socket(0x1d, 0x2, 0x6)
pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8800)
ioctl$TIOCL_UNBLANKSCREEN(r4, 0x541c, &(0x7f0000000080))
dup(0xffffffffffffffff)
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa08004500002b00000000000290780000dfffdf0000011100907800000000"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b80)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x1300, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

7.7831091s ago: executing program 0 (id=1504):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000b00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000b40)={'wlan1\x00', <r2=>0x0})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r3 = socket$kcm(0x29, 0x2, 0x0)
write$cgroup_pressure(r3, &(0x7f0000000140)={'full'}, 0xfffffdef)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000001240)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, 0x0, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8)
syz_emit_ethernet(0x3e, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb08004500003000000020fc0290780000001ce000509944d54c7122db000945f4fff6006500050504000364010102ac1414aa"], 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000440)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x20, 0xdc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @echo_reply={0x0, 0x0, 0x0, 0x67, 0x5}}}}}, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd2, 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
socket$phonet_pipe(0x23, 0x5, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000900))
iopl(0xfc)
pselect6(0x40, &(0x7f00000001c0)={0x7, 0x0, 0x9, 0xfffffffffffffffd, 0x0, 0x0, 0x80}, 0x0, &(0x7f00000002c0)={0x3fe, 0x5, 0x3, 0x9, 0x8, 0x45ff, 0x7ffffffc}, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000000)={0x30, r1, 0x1, 0x0, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, "02dd"}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x0)

7.667309754s ago: executing program 1 (id=1505):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}}], 0x2, 0x44008004)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50020082180e6cfc84849acfe586a97bf762e6cffaff2b3b18b62707446e87ced6fe1d1aea63f22cb573c5cb49637048dbd2cafd70b7e70f7acc0206bd758c938b7b760d2614937640c0ecc0b8a15be759e2"], 0x0)
socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
get_mempolicy(0x0, 0xfffffffffffffffe, 0x80, &(0x7f0000ffb000/0x3000)=nil, 0x2)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_MSRS(r4, 0xc048aeca, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r6, 0x0, 0x20004081)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0)
sendmsg$IPSET_CMD_HEADER(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000000c0601010000000000000000050000060904020073797a310000000005000100070000000500010007000000"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
write$binfmt_misc(r0, &(0x7f0000000300), 0xfdef)

7.501028985s ago: executing program 4 (id=1506):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r2, 0xc0a85320, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r4, 0x29, 0x1, 0x0, 0x0)
write$binfmt_misc(r4, &(0x7f0000000100), 0xfdef)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x20004084}, 0x0)

7.353592912s ago: executing program 3 (id=1508):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x2}}]}, 0x1c}}, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000001280)="b7f2288d3aaea2bc0000def1260a0000", 0x10)
accept(r1, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x449b}, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
r5 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1})
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f0000000000)="1eb3bf65654102f4af4d221c8bd458d1e7cbdaf3657d0f34e790c85bdba7931791f6d15c3e681411f7a496c0dace6a3c242f5b016f64b4ef8a9cedaf6bec340dee49474360b24cb8", 0x0, 0x48)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r2, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00', {}, 0x40})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x1000}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)

6.600791086s ago: executing program 2 (id=1509):
socket$kcm(0x10, 0x2, 0x0)
socket$kcm(0x29, 0x5, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
memfd_secret(0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, 0x0, &(0x7f0000000180))
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$sg(&(0x7f0000000000), 0xeee, 0x20600)
mknodat(0xffffffffffffffff, &(0x7f0000000280)='./file1/file0\x00', 0xc000, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000140)=@req={0x2, 0x3, 0x8a, 0x6}, 0x10)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0xd661}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = socket(0x8, 0x80000, 0xfffffffd)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x81, 0x8, 0x7fff, 0x1}, 0x1c)
socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x400)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r4 = syz_open_dev$sndmidi(0x0, 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe2$9p(0x0, 0x84080)

6.600319751s ago: executing program 0 (id=1510):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x769})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ppoll(&(0x7f0000000180)=[{r0, 0x4047, 0x700}], 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
syz_usb_connect$cdc_ncm(0x1, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a0100001905"], 0x0)

6.081411616s ago: executing program 1 (id=1511):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x642, &(0x7f00000002c0)={0x0, 0x72bd, 0x0, 0x0, 0x3a6}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x40000, 0x1})
set_mempolicy(0x1, &(0x7f0000000180)=0x6c0d05c5, 0x2)
unshare(0x68040200)
io_uring_enter(r1, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)

5.721794666s ago: executing program 3 (id=1512):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x6)
getsockname$ax25(r1, &(0x7f0000000040)={{0x3, @rose}, [@bcast, @netrom, @remote, @bcast, @default, @null, @netrom, @rose]}, &(0x7f0000000140)=0x48)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c40)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x20, 0x20, 0x5, [@enum={0x0, 0x1, 0x0, 0xf, 0x4, [{}]}, @struct]}, {0x0, [0x0, 0x0, 0x61]}}, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000dc020078000000000000000000000000ff02000000000000e26ea7250000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x2500, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="6501000014"], 0x188}}, 0x0)
syz_usb_connect(0x3, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000d3ccb510b1134200292b0102030109021b0001fc00000009040f0001e711e100090583ff03"], 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r3, 0x6, 0x2, &(0x7f00000001c0), &(0x7f0000000200)=0x6)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x80040)

5.20079776s ago: executing program 4 (id=1513):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) (async)
r0 = getpid() (async)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x30, 0x0, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x30}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (async, rerun: 64)
r3 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) (rerun: 64)
pwritev2(r3, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) (async)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x8)
dup(r4) (async)
open(&(0x7f0000000100)='./bus\x00', 0x40542, 0x0) (async)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5)
memfd_secret(0x80000) (async)
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x6) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
r6 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r6, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r6, &(0x7f0000000000)={&(0x7f00000002c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000340)}], 0x1}, 0x0)
dup2(r6, r5) (async, rerun: 64)
syz_genetlink_get_family_id$batadv(&(0x7f0000003000), 0xffffffffffffffff) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000003040)) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='mmap_lock_acquire_returned\x00'}, 0x18) (async)
pread64(0xffffffffffffffff, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000) (async)
socket$inet_smc(0x2b, 0x1, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10)

4.935653611s ago: executing program 1 (id=1514):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x98, 0x98, 0x3, [@fwd={0xf}, @struct={0x4, 0x6, 0x0, 0x4, 0x1, 0x80000000, [{0x7, 0x0, 0x1813}, {0x6, 0x2, 0x8}, {0x4, 0x5, 0x2}, {0xd, 0x5, 0x7}, {0x9, 0x4, 0x9}, {0xf, 0x5, 0x6}]}, @volatile={0x5, 0x0, 0x0, 0x9, 0x5}, @float={0x9, 0x0, 0x0, 0x10, 0xd9f9c00476b05735}, @var={0xb, 0x0, 0x0, 0xe, 0x3, 0x2}, @var={0xc, 0x0, 0x0, 0xe, 0x2, 0x2}]}, {0x0, [0x2e]}}, &(0x7f0000000380)=""/160, 0xb3, 0xa0, 0x0, 0x5, 0x10000, @value}, 0x28)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x20000, @void, @value}, 0x94)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, @local, {[], {{0xfffa, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r5 = fcntl$dupfd(r4, 0x0, r4)
ioctl$I2C_RDWR(r5, 0x707, 0x0)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x3, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
recvmmsg(r3, &(0x7f0000006cc0), 0x0, 0x40010044, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x0, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb=0x26, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001240)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
socket$netlink(0x10, 0x3, 0x12)
r6 = getpid()
prlimit64(r6, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000000706010800000000000010000a00000405000100070000"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80)

4.876754135s ago: executing program 4 (id=1515):
r0 = syz_open_dev$media(&(0x7f0000000040), 0x3, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r1, 0xfffffffd)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r5=>0x0})
bind$can_j1939(r4, &(0x7f0000000380)={0x1d, r5, 0x1, {0x0, 0x1, 0x3}, 0xfe}, 0x18)
sendmmsg$sock(r4, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)="307245880605f805", 0x8}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
io_setup(0x38ab, &(0x7f0000000000)=<r6=>0x0)
io_destroy(r6)
io_setup(0x3349, &(0x7f0000000040))
io_submit(r6, 0x0, 0x0)
r7 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r7, &(0x7f0000001000), 0x581, 0x40000000, 0x0)
keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0)
syz_create_resource$binfmt(0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000001300)={0x80000000, &(0x7f0000001540), 0x0})

4.050018829s ago: executing program 4 (id=1516):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
syz_usb_connect(0x2, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x44, 0xe2, 0x20, 0x8, 0x13d3, 0x3224, 0xcb0d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x4, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xe7, 0x0, 0x0, 0x20, 0x1, 0xd6}}]}}]}}, 0x0)
ioctl$KVM_GET_IRQCHIP(r2, 0xc208ae62, &(0x7f0000000180)={0x0, 0x0, @ioapic})
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000005c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x1c, r0, 0x121, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

3.979766195s ago: executing program 2 (id=1517):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000480)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x801, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x33}}, 0x80000000}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x1b, &(0x7f00000000c0)={@empty, 0xffffffff}, 0x20)
close_range(r4, 0xffffffffffffffff, 0x0)
close(r3)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
syz_io_uring_setup(0x24ad, &(0x7f0000000540)={0x0, 0x10077e4, 0x10100, 0x3, 0x5c}, &(0x7f0000000100)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_io_uring_submit(r7, r8, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x22}})
r9 = socket$packet(0x11, 0x3, 0x300)
statx(0xffffffffffffff9c, 0x0, 0x6000, 0x200, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$unix(r2, &(0x7f0000000400)=[{{0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f00000005c0)="4fbce25e716bf8b3eeb894f8b25d43406f8eb4fb9fdb66861c745ec819f06962e1ea49d9c640ae10d38bc43b4e9c55ebf025c767448502379978341066ef0b46318825aafc32e737780f2de61098732f1486829794a25b18daa76c74dc258fd179799ca6d671295e7c7c4dfb786e28e0226b411ba6561e771a122ca2f0dcbb465e44627f764d8207369736565aa16ddbfd1e69c5e312f28fca8f922bdc046a7063afdfdd193c4f562e4509dcc7d77760f2d063cfa3cbd953dbb611faeed5307d39447f0748b99bdbfc0f58f9a40ab603ffc006ec37f3847b636878c6e58383", 0xdf}, {&(0x7f00000006c0)="4d93aebfd67db241b3f608b9f849b54122c1207bf1d28cc6e7a6935f5d4ec54be3574e213ed30eb8978a9fe4c87745b94da858b456afe1fd17d27b4ee323e7e2c5667de5b1efa399078e581c1a0bdbd804896388eb91d0dec58453f2286a25997448109f3a5e2326e40efe520a492028a1f3dc6f03872bf29da9f19bceac2976c349fd6bdde4a28598cedb6d6f6d36a87ab682df14a706e07f89e9a54b1419da56447044adc1f9e2824fccc84597c336b0b6a5312a447d72ebc52ad6c4343fa7cc17d63890fa76fdfe757ef4f859856bab2e258ae510a8616bc0", 0xda}, {&(0x7f00000007c0)="e89702ac2ec4dabef6196a7b878124517f9448a7c0d9738588280649692282363a775a3c549a2c77226fe69f1c36dede26a215b95446fc1aa71e48e2d80373e4c51d29cde86864038291a09cd6884e4b1e56ad9a4c5490e4999748a13619698dc761bf2198b3d7ec4ce16cafe074ed6f29053590c73ed19c", 0x78}], 0x4, &(0x7f00000004c0)=ANY=[@ANYBLOB="20000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="140000000000000001000000010000001916f4776c40db46ab25070e7b13a9dabd21bf07a108797e00a182f6f2d53e448e5d0dad6c7a508103970036750d7e62bb7ba7e03e5debab", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x4004800}}], 0x1, 0x0)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB], 0x28}}, 0xc000)

2.917573976s ago: executing program 1 (id=1518):
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000000000e000000200000000000000000000000000000000000000090000002000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000032000000ac1e000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffff0700"/156], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1})
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
r3 = eventfd(0xffffffff)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000000))
fcntl$lock(r4, 0x25, 0x0)
fcntl$lock(r4, 0x26, &(0x7f0000000080)={0x2, 0x0, 0x2f4})
ioctl$VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000240)=r3)
ioctl$VHOST_SET_VRING_KICK(r2, 0x4008af20, &(0x7f0000000040)={0x1, r3})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000000)=0x1)
unshare(0x64000600)

2.871790004s ago: executing program 0 (id=1519):
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000100)={0x80000000000000})
socket(0x15, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$nvram(0xffffffffffffff9c, &(0x7f00000014c0), 0x40280, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r6, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4], 0x28}}, 0x0)
r7 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
setsockopt$inet6_group_source_req(r7, 0x29, 0x2c, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0xfffffffc, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108)
r8 = socket$kcm(0x10, 0x2, 0x0)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_GET(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10], 0x34}}, 0x0)
sendmsg$kcm(r8, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000040)="2e00000011008188040f80ec59acbc0413a1f8480b0000005e140602000000000e0027001000000002800000121f", 0x2e}], 0x1}, 0x0)

2.800356437s ago: executing program 3 (id=1520):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0x5, 0x4, 0x4, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

2.799770199s ago: executing program 2 (id=1521):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x180, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f00000000c0)={0x8480, 0x41, 0x8}, 0x18)

2.342115683s ago: executing program 3 (id=1522):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2c}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000003cc0)=[{{&(0x7f0000000140)={0x2, 0x4e20, @multicast1}, 0x10, 0x0}}, {{0x0, 0x0, &(0x7f0000000600)=[{0x0}], 0x1}}], 0x2, 0x44008004)
syz_emit_ethernet(0x4a, &(0x7f0000000080)=ANY=[@ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50020082180e6cfc84849acfe586a97bf762e6cffaff2b3b18b62707446e87ced6fe1d1aea63f22cb573c5cb49637048dbd2cafd70b7e70f7acc0206bd758c938b7b760d2614937640c0ecc0b8a15be759e2"], 0x0)
socket(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
get_mempolicy(0x0, 0xfffffffffffffffe, 0x80, &(0x7f0000ffb000/0x3000)=nil, 0x2)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002040)={0x18, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xf, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x100, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_GET_MSRS(r4, 0xc048aeca, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r6, 0x0, 0x20004081)
getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x46, 0x0, 0x0)
sendmsg$IPSET_CMD_HEADER(r6, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="300000000c0601010000000000000000050000060904020073797a310000000005000100070000000500010007000000"], 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000)
write$binfmt_misc(r0, &(0x7f0000000300), 0xfdef)

2.282113915s ago: executing program 2 (id=1523):
write$FUSE_DIRENTPLUS(0xffffffffffffffff, 0x0, 0xb0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000780)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xf2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r3, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r3, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000340)={0x0, 0x2}, 0x8)
sendmsg$inet6(r3, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x8000)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x6900, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))

2.103266204s ago: executing program 1 (id=1524):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
set_mempolicy(0x8000, 0x0, 0x101)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$TUNDETACHFILTER(r1, 0x541b, 0x1000000000000)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x400000, 0x0, 0x1, 0x17e5, '\x00', 0x0, r1, 0x1, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='attr/exec\x00')
writev(r2, &(0x7f0000000000)=[{&(0x7f00000002c0)='\n', 0x1}, {&(0x7f0000000140)="9f", 0x1}], 0x2)
ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r0, 0x80045700, &(0x7f0000000140))

768.029964ms ago: executing program 2 (id=1525):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_REALDEV_NAME_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)={0x8, 'macsec0\x00', {'netpci0\x00'}})
r1 = socket$inet(0x2, 0x3, 0x30)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000000)=0x6, 0x4)
getsockopt$inet_mreqsrc(r1, 0x0, 0x53, &(0x7f0000000000)={@dev, @local, @broadcast}, &(0x7f0000000080)=0x2c)
r2 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f0000000040)=0x1)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x1c, r4, 0x1, 0x0, 0x25dfdc01, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0xc0}, 0x2)

662.65653ms ago: executing program 1 (id=1526):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="120100007e9eb4104c053800f516010203010902120001000000000904"], 0x0)
r1 = syz_usb_connect$cdc_ecm(0x6, 0x54, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x42, 0x1, 0x1, 0x3, 0xa0, 0x0, [{{0x9, 0x4, 0x0, 0x9, 0x3, 0x2, 0x6, 0x0, 0xff, {{0x5}, {0x5, 0x24, 0x0, 0xfffe}, {0xd, 0x24, 0xf, 0x1, 0x54b, 0x7f, 0x7ff, 0xd}, [@dmm={0x7, 0x24, 0x14, 0x2, 0x6a1}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x20, 0x0, 0x10, 0xcb}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x9, 0x6, 0x3}}}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x201, 0x4, 0x9, 0x8, 0x10, 0x1}, 0x4f, &(0x7f00000000c0)={0x5, 0xf, 0x4f, 0x4, [@ssp_cap={0xfffffffffffffd79, 0x10, 0xa, 0x3, 0x5, 0x6, 0xf, 0x3ff, [0xff0000, 0xff00f0, 0x0, 0xfe800f, 0x0]}, @ext_cap={0x7, 0x10, 0x2, 0x1a, 0x4, 0x6, 0x6}, @ssp_cap={0x1c, 0x10, 0xa, 0x9, 0x4, 0x20bb, 0x0, 0x4, [0x0, 0xc00f, 0xffc000, 0xffc000]}, @ext_cap={0x7, 0x10, 0x2, 0x2, 0x0, 0x3, 0xa42}]}, 0x7, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x422}}, {0x54, &(0x7f0000000300)=@string={0x54, 0x3, "ac7f4c2b30b8062ca741bb5eab987789c80c5d261993efd8d75ff4746f6043e48f65ec3df2b0fbeeab220913fe9999a0048e10d01dde8c57806c195d13475fcef5c196d3356eea3568fabca817394b805af9"}}, {0xe7, &(0x7f0000000480)=@string={0xe7, 0x3, "c0a31b7e9a460617f42b92140a119424f9761595f024dbc887ad6ff228228af69702d49ace729b93143e9c9a0c3ce9530132ed794d80fa0a56869d3ac1829033c271d0d8db0d536c6165be177c3c1cc4e771273f94df3ab26640e5e1f57ef6e251d93a9dad10ee468d964705e83cc1ec526143b88b26ae074e54257d50e8f78849e4611b406c16ca6245ace80f3808e39883d69693f38fd6874d4b89d23fd9c7289b467c814bc5fba1bd894533d8da2a945646c4085f2fa3a2b55f21b74953673d539ef6f13c2f909a96677501402f95bd3ac6bb3098e69ddd12801682fd14d59aac3816ae"}}, {0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x400a}}, {0xdb, &(0x7f0000000580)=@string={0xdb, 0x3, "9ad88c306e6289a8c69668a4e3d5d6f5feb7995372e141683fdde0cee90ce0f20d058ce2e25a769363393d5746cdf40627685d83c825b916f67aadbec9e4c4f3b77d45143c67f8916f9b210cd472d45b06c24b49a0ddf643c277fa78971ea1737141ee6902a1b4b14b38ce549b4805ea58847d660057afb32020d8bce556214faea26edb4bff6c8e4c0269d20a304e4aa218224812c6cc3e918292b882fd0848a94aa5caa1d8784eb3850450bb524e6c0503dbd520c48ad90d0accdaf7ef0bfea670fd50bdf6f758428209267e60508b33b85e9361743b81f9"}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x2416}}, {0x16, &(0x7f0000000380)=@string={0x16, 0x3, "2d7eee0f939e06553156d3b7867cdd023ba4e914"}}]})
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
syz_usb_connect$printer(0x6, 0x36, &(0x7f0000000d40)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x8, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x40, 0x2, 0x7, 0x1, 0x3, 0x8, "", {{{0x9, 0x5, 0x1, 0x2, 0x8, 0xe, 0x1, 0x5}}, [{{0x9, 0x5, 0x82, 0x2, 0x40, 0x1, 0x1, 0x5}}]}}}]}}]}}, &(0x7f0000000f80)={0xa, &(0x7f0000000d80)={0xa, 0x6, 0x200, 0x7, 0x9d, 0x8, 0xff, 0x5a}, 0x6e, &(0x7f0000000dc0)={0x5, 0xf, 0x6e, 0x6, [@ss_container_id={0x14, 0x10, 0x4, 0x81, "bb64640652544812151025370f3f3ae1"}, @ext_cap={0x7, 0x10, 0x2, 0x18, 0xc, 0x8, 0x1}, @ssp_cap={0x1c, 0x10, 0xa, 0x3, 0x4, 0x0, 0xff0f, 0xf83a, [0xff0000, 0x0, 0xff0000, 0x3fde]}, @ssp_cap={0x24, 0x10, 0xa, 0x7f, 0x6, 0x1, 0xff0f, 0xf65, [0xff0f, 0x0, 0xff0000, 0xffc0f0, 0xc0, 0x30]}, @wireless={0xb, 0x10, 0x1, 0xc, 0xa8, 0x9, 0x6, 0x9, 0xd4}, @ptm_cap={0x3}]}, 0x3, [{0xb9, &(0x7f0000000e40)=@string={0xb9, 0x3, "86def201c52764e8563c9a420a8695c922e8b7d8a1561f7ee75a10397078d139fd836475adc6727fffe67bc50fcef01e1e84aa31ddc1c59fe68b7d532352d39a5a0847b7c8ed8823a168dcb7040a779c655268c4dd4351fa2591819e89865f059b065bbc9a748a1520d1f78f03ac6b080a2356dc87d8cf2fba29d5643e5bdb46d01e4cb8f69ea03a3d166f74485a8bf5c85b2de13eacc9ac75b611556cc63de2c73381bd4cc5901ef44dc725f45b4507e46052953b86dc"}}, {0x28, &(0x7f0000000f00)=@string={0x28, 0x3, "c287a5d41041f9ad00209a8c089e8530f27a8f366059b4915eb874b9d89e4dfd3ae9bda48993"}}, {0x4, &(0x7f0000000f40)=@lang_id={0x4, 0x3, 0x44a}}]})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r2 = io_uring_setup(0x3454, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x1000000000000096)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000100)=0x6)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000001340)={0x44, 0x0, 0x0, &(0x7f00000011c0)={0x0, 0x8, 0x1, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000780)={0x14, &(0x7f0000000700)={0x20, 0x8, 0x4d, {0x4d, 0xd, "3b06e87cfbb8c96dfa0051439e5a22c8267b4af6c8e3b14972708161be591b858b7ddba7701b742397a32884c6c7873131f542435d09c3017ff361da28779ebbf4709b1dc361168dbf88b0"}}, &(0x7f00000003c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a00)={0x44, &(0x7f00000007c0)={0x40, 0x18, 0x3d, "6d8bdc2037608f1301df6f4cb851823d3c4ee69281cce89d760ef4844f7c8f926fc80dd123c42fbd543b1330caba792281d7f544dab4719c808cd81636"}, &(0x7f0000000840)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000880)={0x0, 0x8, 0x1, 0x4a}, &(0x7f00000008c0)={0x20, 0x80, 0x1c, {0xd, 0xfffd, 0xed, 0x0, 0x7fff, 0x8, 0x1, 0x10000, 0x7, 0xfff, 0x7, 0x5}}, &(0x7f0000000900)={0x20, 0x85, 0x4, 0x80}, &(0x7f0000000940)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000980)={0x20, 0x87, 0x2, 0x1ff}, &(0x7f00000009c0)={0x20, 0x89, 0x2, 0x1}})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}}, &(0x7f00000005c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r3}, 0x10)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_usb_control_io$cdc_ecm(r1, &(0x7f0000000b80)={0x14, &(0x7f0000000a80)={0x40, 0xc, 0x8c, {0x8c, 0x10, "f0d614cb18395cc15d54f2d4a34367557e8add7d7c0fd167a26fa2e3269b1ce2193593a659369368bef1e19244f216b20d4ddce6a3630336979679a34678021ceef572e8e24f8a12c7d9324cbf51949abfa85472dc86a20ba8e324228ba6901383c538c892c26fbb5b9344c7650e9711f2b0d017793d81ff46bc59abcd3a8887595c9222b18aefbc0ebe"}}, &(0x7f0000000b40)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000d00)={0x1c, &(0x7f0000000bc0)={0x0, 0x31, 0xa1, "15fa42553263dbe3353b1b44000fd518bfda36478dfc82976f57d896025eea769bd2de62589f6f22862d404935ceedf31c9744cc883ef1725ced57a63bb4d29f928834c23119da6a45125c28c2793f38e1a0bcc99f8d12d2405a65245660060879fee151c4216c65a99ef16148c3c92943efe15aa1cd82d24085acb0a61cd69b345653fd2d6e74b39185725a7934d93e61a3c1e58181bde4089580896f3ce7ddda"}, &(0x7f0000000c80)={0x0, 0xa, 0x1}, &(0x7f0000000cc0)={0x0, 0x8, 0x1, 0x4}})
setsockopt$inet6_int(r5, 0x29, 0x16, &(0x7f0000000040)=0x3, 0x4)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000002c0)={0xc, 0x0, &(0x7f0000000280)=[@free_buffer], 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x33, 0x0, &(0x7f0000000200)={0x0, 0xa, 0xfffffffffffffc4d, 0x50}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

626.095046ms ago: executing program 0 (id=1527):
r0 = syz_open_dev$media(&(0x7f0000000040), 0x3, 0x0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
listen(r1, 0xfffffffd)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
sendmmsg$sock(r4, &(0x7f0000000280)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000200)="307245880605f805", 0x8}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0)
ioctl$int_in(r1, 0x5452, 0x0)
io_setup(0x38ab, &(0x7f0000000000)=<r5=>0x0)
io_destroy(r5)
io_setup(0x3349, &(0x7f0000000040))
io_submit(r5, 0x0, 0x0)
r6 = accept4(r1, 0x0, 0x0, 0x0)
recvmmsg(r6, &(0x7f0000001000), 0x581, 0x40000000, 0x0)
keyctl$reject(0x13, 0x0, 0x80000000, 0x1856, 0x0)
syz_create_resource$binfmt(0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r6, 0x84, 0xb, &(0x7f00000002c0)={0x3, 0x10, 0x2, 0xff, 0x5a, 0x0, 0x1, 0x0, 0x5, 0x8, 0x0, 0x0, 0x22, 0x20}, 0xe)
ioctl$MEDIA_IOC_ENUM_LINKS(r0, 0xc0287c02, &(0x7f0000001300)={0x80000000, &(0x7f0000001540), 0x0})

177.700263ms ago: executing program 0 (id=1528):
timer_settime(0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYRES32=0x0, @ANYRES32, @ANYBLOB], 0x50)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x5a, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0xfffffffffffffd52)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write$sysctl(r1, &(0x7f0000000000)='1\x00', 0x2)
bind$bt_hci(r2, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r2, &(0x7f0000000000), 0xd)
sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x98}}, 0x0)

128.062959ms ago: executing program 0 (id=1529):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r2 = creat(0x0, 0x0)
syz_emit_vhci(0x0, 0x8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff}, 0x13f, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, &(0x7f00000000c0)={0xe, 0x18, 0xfa00, @id_tos={0x0, r3, 0x0, 0x3}}, 0x20)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032680)=""/102400, 0x19000)
r5 = syz_open_dev$cec(&(0x7f0000000040), 0x0, 0x0)
ioctl$CEC_S_MODE(r5, 0x40046109, &(0x7f0000000300)=0xd0)
r6 = semget$private(0x0, 0x207, 0x53)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000280)={0x7, 0x8, 0xfa00, {r3, 0x5}}, 0x10)
semctl$GETALL(r6, 0x0, 0xd, &(0x7f0000000040)=""/119)
r7 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x1})
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}, 0x3})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r8}, 0x10)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
setsockopt$sock_int(r9, 0x1, 0x29, &(0x7f0000000300)=0x20, 0x4)
write$binfmt_misc(r9, &(0x7f0000000300), 0x6)
clock_settime(0x0, &(0x7f0000000040)={0x77359400})
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})

0s ago: executing program 2 (id=1530):
r0 = openat$selinux_policy(0xffffff9c, &(0x7f0000001040), 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000a, 0x12, r0, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000000))
r1 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39ddd8)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x1)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x1b, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x70, '\x00', 0x0, @fallback=0x38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94)
write$qrtrtun(r1, &(0x7f0000000300)="0000000000feff00", 0x8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={0xffffffffffffffff, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], &(0x7f0000000240)=[0x2], 0x0, 0x1}}, 0x40)
unshare(0x22020600)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000200)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r5, 0xc03864bc, &(0x7f0000000180)={0x1, 0x0, 0x0, &(0x7f0000000180), 0x0, 0x0})
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
listen(r7, 0x90004)
lgetxattr(&(0x7f00000008c0)='./file0\x00', &(0x7f0000000900)=@random={'btrfs.', '\x00'}, &(0x7f0000000940)=""/246, 0xf6)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e1301"], 0x16)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1f, 0x12, r2, 0x0)
syz_usb_connect(0x6, 0x4b0, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xca, 0xea, 0xa1, 0x8, 0x2001, 0x3c05, 0xda1b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x49e, 0x2, 0x5f, 0xf, 0x20, 0x6, [{{0x9, 0x4, 0xb4, 0xd, 0x3, 0xbe, 0xd7, 0x34, 0x1, [], [{{0x9, 0x5, 0xa, 0x0, 0x200, 0xd0, 0x1, 0x75}}, {{0x9, 0x5, 0x8, 0x0, 0x10, 0x7, 0x7, 0x3}}, {{0x9, 0x5, 0xffb3eba72ecb6c2, 0x8, 0x10, 0x9, 0x3, 0x2}}]}}, {{0x9, 0x4, 0x5e, 0x4, 0xb, 0xdb, 0x9f, 0x4c, 0x0, [@generic={0xe4, 0x14, "d9572f14d9ddbce746e14ed2f8457a8bec69524ac65b4cab86710fd97a12a7cad611b396fd5dff2b8abe3fd461190931a68af3e2b0990e0a0b7bfc576b55eec8b6e6ff30f943e676566e57b92e35bebbfd91c953ab31d62c4bec6dadc6b68ac1c48b0f78cadf6bb26b7b7c4356354700801b25fb782048b3d1c75eb8625c28674e0c53d4e97375e57ef08b5f7226283e9bcb5449b40f096115b6cff900cfecac1783f0ea79ea38ad6e3975e11d17cabf628e542037ae2ce97f122ea8ae41716b7aa6cfa1d6f54a53ce2d83093f7acdc156a7fec47b33e10f7b0fa9998c850c68b071"}, @uac_as={[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x5, 0x3, 0x6, 0xf, "", '7'}, @as_header={0x7, 0x24, 0x1, 0x0, 0x1c}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0xfe00, 0x101, 0xf3, "1b"}, @format_type_ii_discrete={0x9, 0x24, 0x2, 0x2, 0x9, 0x6, 0xc1}, @as_header={0x7, 0x24, 0x1, 0xd6, 0x0, 0x5}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x1, 0x2, 0x9, 0x2, "78ee6e"}]}], [{{0x9, 0x5, 0x9, 0x10, 0x10, 0x0, 0x7, 0xc, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xb, 0x3}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x7, 0x5, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x8, 0xa}]}}, {{0x9, 0x5, 0x2, 0x1, 0x20, 0x2, 0x6, 0xff}}, {{0x9, 0x5, 0xd, 0x0, 0x8, 0xea, 0xf8, 0x8f, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0xae, 0x2}]}}, {{0x9, 0x5, 0x1, 0x10, 0x40, 0x73, 0x0, 0x6b, [@generic={0x43, 0x23, "578f8edbacfe3dae5798333587a28e57c29a4cd9cc0ddbac28c2a2b797b5bdeb7f12a6d42bbe6f150a6458c10875aa7b7480655063fa2166a611cc4170cc7f2cda"}]}}, {{0x9, 0x5, 0x6, 0x10, 0x8, 0x6, 0x8, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0xe0, 0x40}]}}, {{0x9, 0x5, 0xd, 0x0, 0x3ff, 0x1, 0x0, 0x62, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x8}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x4, 0x1494}]}}, {{0x9, 0x5, 0x9, 0x10, 0x10, 0x4, 0x6, 0xd0, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0xf6, 0xff}, @generic={0xd, 0x22, "5c33150f767b2be58b1ce1"}]}}, {{0x9, 0x5, 0x0, 0x10, 0x8, 0x0, 0x6, 0x3, [@generic={0x55, 0x24, "cc7a1cc5321fffaadbfc827e63899453b0b20f2ca24eb03d6dd0d5cf88a54a8fa409c85c148dbf4a3ec8cfcd2ebcf63fa0f292b56550b5ba2afdb4bdf7177df0ef624860d9b9d7cd583cadfc69eadbd3985b73"}, @generic={0x67, 0xf, "4135afdefaead0970f268a205a0f72197cb01c42ffec7fa355dcf8d3a1e8ddce67e3a9da6d8ca5e456dcfb6a4ef46f56b8dce25893b651ed463be328840725de2f869ce5a58178d2af996adb76bab5250e5bb25fc1621e0d5a6bd4aa536c15490ba385c26c"}]}}, {{0x9, 0x5, 0x80, 0x0, 0x10, 0x6, 0x9, 0xff, [@generic={0xd9, 0xe, "245eb78108c96fe19c27e89a58d96d3f1da694c76bb44846a8d5e27847d9812fd7423ef93ff9211bba2221b11776cbdf5378862fd173096fd42e275379f766bc312a5c3cab7e2c68bbdbd13232618bf660668c581a74f790d1748df45dde11c70c24e0789913bf2250d885669addbde13e093ac879a2530e362c4c9f17874dd046b5fd5ed5f139bb052ad386a906d6d44d70298bf4564dee14de06fad61f6db1d0f935d72de67727254a0eecf38a5da42a45e920b51eb2b9e25a8657c159a743378528df761605fca5618d08d5f3721f2feb59257ae87f"}, @generic={0xcf, 0xb, "3d3512481b063cdc5a05a3e3c75aa83161c7f5eb66a456886129da1c4e6ef4cdec341896b2bdd4e12246082f41a9277b08ea2f7189de3c22648c481a61e5240bb14a724137bdceb4cacab32006457fa4535c72e55d03f01503a2b3451c9fc2bdd3ffddbe11be2368f3c14f5ff4c2ef4639d3b8d764b8849cbd78f5bb152e14f6ca81837e109c0541c24a2e4c92dc7313cbdd68517e3fa8a0a5ff836010dde0e8e5374af706dda38addffae44299c808423cd33a479df0694cedd4e061a639498aef25ac18409e5547ff88d8b85"}]}}, {{0x9, 0x5, 0x3, 0x0, 0x400, 0xe6, 0x9, 0x8}}]}}]}}]}}, &(0x7f0000000800)={0xa, &(0x7f0000000500)={0xa, 0x6, 0x310, 0xc9, 0xc, 0xf, 0x8, 0x59}, 0x3b, &(0x7f0000000b00)=ANY=[@ANYBLOB="050f2b00050c100a0f00000021c20009000a100300020081080c000b10010c8000fc094000070a10030208000061dd9de710010809002153ff010ce3204ea71221cbe7a236806144f3a8c79322"], 0x9, [{0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x41e}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x478}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x400a}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x41d}}, {0x4, &(0x7f0000000700)=@lang_id={0x4, 0x3, 0x400a}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x100a}}, {0x3c, &(0x7f0000000780)=ANY=[@ANYBLOB="3c03dfc2b0a78ffd2634620d37f8f6288be3cdad8a10af882199d940a7163ace2f7fbc521324afe9fb730a7e6720ab879bcb00"/60]}, {0x4, &(0x7f00000007c0)=@lang_id={0x4, 0x3, 0x2409}}]})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r6, 0x6612)

kernel console output (not intermixed with test programs):

03:1038:1410.0009: unknown main item tag 0x0
[  286.316435][    T9] steelseries 0003:1038:1410.0009: missing HID_OUTPUT_REPORT 0
[  286.798679][ T5873] usb 5-1: USB disconnect, device number 25
[  286.893237][ T5893] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  286.906455][ T5893] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  286.908036][    T9] usb 1-1: USB disconnect, device number 19
[  287.693997][ T5893] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[  287.980584][ T5893] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  288.005204][ T5893] usb 3-1: USB disconnect, device number 32
[  288.422315][ T9066] netlink: 12 bytes leftover after parsing attributes in process `syz.4.854'.
[  288.780009][ T5941] usb 1-1: new full-speed USB device number 20 using dummy_hcd
[  289.798497][ T5941] usb 1-1: config 0 has an invalid interface number: 10 but max is 0
[  289.810131][ T5941] usb 1-1: config 0 has no interface number 0
[  289.877753][ T9081] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  290.128324][ T5941] usb 1-1: New USB device found, idVendor=0bfd, idProduct=0102, bcdDevice=a4.d5
[  290.159985][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.168085][ T5941] usb 1-1: Product: syz
[  290.183363][ T5941] usb 1-1: Manufacturer: syz
[  290.188013][ T5941] usb 1-1: SerialNumber: syz
[  290.200477][ T5941] usb 1-1: config 0 descriptor??
[  290.207578][ T5941] hub 1-1:0.10: bad descriptor, ignoring hub
[  290.214514][ T5941] hub 1-1:0.10: probe with driver hub failed with error -5
[  290.224193][ T5941] kvaser_usb 1-1:0.10: error -ENODEV: Cannot get usb endpoint(s)
[  290.512377][ T9092] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  290.871776][ T9093] netlink: 28 bytes leftover after parsing attributes in process `syz.1.863'.
[  291.281069][ T5941] usb 1-1: USB disconnect, device number 20
[  291.338533][ T9100] netlink: 256 bytes leftover after parsing attributes in process `syz.1.866'.
[  292.408632][ T9116] xt_CT: You must specify a L4 protocol and not use inversions on it
[  293.689458][ T9146] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  294.272764][   T30] kauditd_printk_skb: 98 callbacks suppressed
[  294.272781][   T30] audit: type=1400 audit(1749495818.730:629): avc:  denied  { setattr } for  pid=9144 comm="syz.3.878" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  294.285800][ T9150] netlink: 'syz.3.878': attribute type 1 has an invalid length.
[  294.397128][   T30] audit: type=1400 audit(1749495818.740:630): avc:  denied  { write } for  pid=9144 comm="syz.3.878" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  294.522277][ T9164] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  294.580106][ T9161] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  294.626222][ T9167] bond1: entered promiscuous mode
[  294.627589][ T9168] ptm ptm5: ldisc open failed (-12), clearing slot 5
[  294.733729][ T9167] bond1: entered allmulticast mode
[  294.807700][   T30] audit: type=1400 audit(1749495818.740:631): avc:  denied  { open } for  pid=9144 comm="syz.3.878" path="/181/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  294.924622][ T9167] 8021q: adding VLAN 0 to HW filter on device bond1
[  295.126527][ T9171] syzkaller1: entered promiscuous mode
[  295.260149][ T9171] syzkaller1: entered allmulticast mode
[  296.045937][   T30] audit: type=1400 audit(1749495820.500:632): avc:  denied  { unmount } for  pid=5813 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  296.493480][ T9183] netlink: 48 bytes leftover after parsing attributes in process `syz.0.885'.
[  296.521668][ T9183] netlink: 10 bytes leftover after parsing attributes in process `syz.0.885'.
[  296.538777][ T9195] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  296.630447][ T9201] 9pnet_fd: Insufficient options for proto=fd
[  298.509412][   T30] audit: type=1400 audit(1749495822.960:633): avc:  denied  { connect } for  pid=9223 comm="syz.3.898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  299.751008][ T9243] netlink: 'syz.1.906': attribute type 1 has an invalid length.
[  300.000117][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  300.051922][   T30] audit: type=1400 audit(1749495824.510:634): avc:  denied  { getopt } for  pid=9240 comm="syz.0.907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  300.316227][ T9256] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  300.732156][ T9247] bond2: entered promiscuous mode
[  300.760237][ T9247] bond2: entered allmulticast mode
[  300.829298][ T9247] 8021q: adding VLAN 0 to HW filter on device bond2
[  301.221330][ T9252] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  301.990161][ T5893] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  302.360064][ T5893] usb 4-1: Using ep0 maxpacket: 32
[  302.368269][ T5893] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  302.400132][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  302.414392][ T5893] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  302.424185][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.432810][ T5893] usb 4-1: Product: syz
[  302.437109][ T5893] usb 4-1: Manufacturer: syz
[  302.442500][ T5893] usb 4-1: SerialNumber: syz
[  302.919286][ T9252] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in;
[  302.919286][ T9252]    program syz.3.908 not setting count and/or reply_len properly
[  302.941581][ T9252] hub 8-0:1.0: USB hub found
[  302.948484][ T9252] hub 8-0:1.0: 1 port detected
[  302.951007][ T9289] netlink: 28 bytes leftover after parsing attributes in process `syz.4.915'.
[  304.106413][ T9303] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  304.576210][ T5893] usb 4-1: 0:2 : does not exist
[  304.599821][ T5893] usb 4-1: USB disconnect, device number 22
[  307.354337][ T9311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.920'.
[  307.483996][ T9311] netlink: 12 bytes leftover after parsing attributes in process `syz.0.920'.
[  307.576536][ T9315] FAULT_INJECTION: forcing a failure.
[  307.576536][ T9315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  307.590111][ T9315] CPU: 0 UID: 0 PID: 9315 Comm: syz.2.921 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  307.590135][ T9315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  307.590146][ T9315] Call Trace:
[  307.590152][ T9315]  <TASK>
[  307.590159][ T9315]  dump_stack_lvl+0x16c/0x1f0
[  307.590189][ T9315]  should_fail_ex+0x512/0x640
[  307.590216][ T9315]  _copy_to_user+0x32/0xd0
[  307.590244][ T9315]  environ_read+0x287/0x450
[  307.590268][ T9315]  ? __pfx_environ_read+0x10/0x10
[  307.590285][ T9315]  vfs_readv+0x5be/0x8b0
[  307.590312][ T9315]  ? __pfx_vfs_readv+0x10/0x10
[  307.590333][ T9315]  ? find_held_lock+0x2b/0x80
[  307.590369][ T9315]  ? __fget_files+0x20e/0x3c0
[  307.590398][ T9315]  ? do_preadv+0x1a6/0x270
[  307.590416][ T9315]  do_preadv+0x1a6/0x270
[  307.590437][ T9315]  ? __pfx_do_preadv+0x10/0x10
[  307.590464][ T9315]  do_syscall_64+0xcd/0x4c0
[  307.590492][ T9315]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.590509][ T9315] RIP: 0033:0x7fcb7058e929
[  307.590524][ T9315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  307.590541][ T9315] RSP: 002b:00007fcb6e3d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  307.590558][ T9315] RAX: ffffffffffffffda RBX: 00007fcb707b6160 RCX: 00007fcb7058e929
[  307.590569][ T9315] RDX: 0000000000000001 RSI: 0000200000001400 RDI: 0000000000000008
[  307.590580][ T9315] RBP: 00007fcb6e3d5090 R08: 0000000000000000 R09: 0000000000000000
[  307.590590][ T9315] R10: 0000000000c002a0 R11: 0000000000000246 R12: 0000000000000002
[  307.590601][ T9315] R13: 0000000000000000 R14: 00007fcb707b6160 R15: 00007fffa3447978
[  307.590624][ T9315]  </TASK>
[  308.834488][ T9342] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  309.467391][ T9351] netlink: 'syz.0.933': attribute type 1 has an invalid length.
[  309.541732][ T9351] netlink: 'syz.0.933': attribute type 1 has an invalid length.
[  309.660107][ T5873] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  309.820144][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  309.826552][ T5873] usb 4-1: config 0 interface 0 has no altsetting 0
[  309.835161][ T5873] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  309.846053][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.895123][ T5873] usb 4-1: Product: syz
[  309.906018][ T5873] usb 4-1: Manufacturer: syz
[  309.931909][ T5873] usb 4-1: SerialNumber: syz
[  309.955141][ T5873] usb 4-1: config 0 descriptor??
[  310.183344][ T9348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.932'.
[  310.280242][   T30] audit: type=1400 audit(1749495834.720:635): avc:  granted  { setsecparam } for  pid=9356 comm="syz.1.935" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security
[  310.499617][ T5873] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  310.825327][ T5873] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPIPE)
[  311.657534][ T5942] usb 4-1: USB disconnect, device number 23
[  311.727307][ T9378] ieee802154 phy0 wpan0: encryption failed: -22
[  313.827217][ T9397] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  314.114447][ T9397] veth0: entered promiscuous mode
[  314.144245][ T9394] veth0: left promiscuous mode
[  314.371962][ T9411] fuse: Unknown parameter 'group_id00000000000000000000'
[  314.883979][ T9415] sit1: entered allmulticast mode
[  314.932083][ T9418] ieee802154 phy0 wpan0: encryption failed: -22
[  315.693789][ T9431] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.260785][ T9436] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks
[  316.655346][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  316.694545][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  316.703433][ T1104] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  317.723513][   T30] audit: type=1400 audit(1749495842.100:636): avc:  denied  { read } for  pid=9437 comm="syz.2.961" dev="sockfs" ino=25385 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  317.744671][    C1] vkms_vblank_simulate: vblank timer overrun
[  317.851316][ T9435] veth3: entered promiscuous mode
[  317.886644][ T9435] veth3: entered allmulticast mode
[  318.096154][ T9451] fuse: Bad value for 'user_id'
[  318.101313][ T9451] fuse: Bad value for 'user_id'
[  318.475513][ T9460] ieee802154 phy0 wpan0: encryption failed: -22
[  318.513444][ T9461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.967'.
[  318.857755][   T30] audit: type=1400 audit(1749495843.210:637): avc:  denied  { mount } for  pid=9459 comm="syz.2.967" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  318.879796][    C1] vkms_vblank_simulate: vblank timer overrun
[  319.254067][ T5941] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  319.508820][ T5941] usb 2-1: Using ep0 maxpacket: 32
[  319.526480][ T5941] usb 2-1: config 0 has an invalid interface number: 12 but max is 0
[  319.709577][   T30] audit: type=1400 audit(1749495844.130:638): avc:  denied  { write } for  pid=9475 comm="syz.2.971" name="card1" dev="devtmpfs" ino=628 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  319.737602][ T5941] usb 2-1: config 0 has no interface number 0
[  319.750082][ T5941] usb 2-1: config 0 interface 12 altsetting 2 bulk endpoint 0x2 has invalid maxpacket 519
[  319.763263][ T5941] usb 2-1: config 0 interface 12 has no altsetting 0
[  319.792369][ T5941] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  319.804486][ T5941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.812633][ T5941] usb 2-1: Product: syz
[  319.816887][ T5941] usb 2-1: Manufacturer: syz
[  319.924690][ T5941] usb 2-1: SerialNumber: syz
[  319.935481][ T5941] usb 2-1: config 0 descriptor??
[  319.952607][ T9467] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  319.961689][ T5941] f81534 2-1:0.12: unsupported endpoint max packet size
[  320.214545][ T9484] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  320.295504][ T5941] usb 2-1: USB disconnect, device number 15
[  322.001924][ T9503] fuse: Bad value for 'user_id'
[  322.006984][ T9503] fuse: Bad value for 'user_id'
[  322.240217][ T5942] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  323.070500][ T5942] usb 1-1: config 0 has no interfaces?
[  323.076074][ T5942] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  323.152524][ T9511] tipc: Started in network mode
[  323.163365][ T5942] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.202668][ T9511] tipc: Node identity 8e5f36b6b707, cluster identity 4711
[  323.250343][ T9511] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  323.257704][ T5942] usb 1-1: config 0 descriptor??
[  323.264739][ T9512] syzkaller0: entered promiscuous mode
[  323.289077][ T9512] syzkaller0: entered allmulticast mode
[  323.355676][ T9515] ieee802154 phy0 wpan0: encryption failed: -22
[  323.407959][ T9517] netlink: 4 bytes leftover after parsing attributes in process `syz.3.984'.
[  323.417057][ T9517] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.424660][ T9517] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.435325][ T9517] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  323.450170][ T9517] batman_adv: batadv0: Removing interface: batadv_slave_1
[  323.504166][ T5942] usb 1-1: USB disconnect, device number 21
[  323.706256][ T9526] netlink: 28 bytes leftover after parsing attributes in process `syz.2.986'.
[  324.161542][ T9528] netlink: 28 bytes leftover after parsing attributes in process `syz.1.985'.
[  324.222345][   T30] audit: type=1400 audit(1749495848.680:639): avc:  denied  { unmount } for  pid=5814 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  324.253827][ T5873] tipc: Node number set to 962082486
[  324.267324][ T9531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.987'.
[  324.354763][ T9536] xt_hashlimit: size too large, truncated to 1048576
[  324.716295][ T9546] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  325.420586][   T24] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  325.625000][   T30] audit: type=1400 audit(1749495850.080:640): avc:  denied  { read write } for  pid=9554 comm="syz.3.994" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  325.670069][   T30] audit: type=1400 audit(1749495850.080:641): avc:  denied  { open } for  pid=9554 comm="syz.3.994" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  325.710030][   T24] usb 3-1: Using ep0 maxpacket: 16
[  325.722081][   T24] usb 3-1: config 0 interface 0 has no altsetting 0
[  325.758452][   T24] usb 3-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=da.32
[  325.770110][   T24] usb 3-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3
[  325.778211][   T24] usb 3-1: Product: syz
[  325.780372][ T9560] ieee802154 phy0 wpan0: encryption failed: -22
[  325.784285][   T24] usb 3-1: Manufacturer: syz
[  325.801979][   T24] usb 3-1: SerialNumber: syz
[  325.809825][   T24] usb 3-1: config 0 descriptor??
[  325.874774][   T30] audit: type=1400 audit(1749495850.330:642): avc:  denied  { map } for  pid=9554 comm="syz.3.994" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  326.003842][ T9569] FAULT_INJECTION: forcing a failure.
[  326.003842][ T9569] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.025880][ T9569] CPU: 1 UID: 0 PID: 9569 Comm: syz.3.999 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  326.025906][ T9569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.025916][ T9569] Call Trace:
[  326.025922][ T9569]  <TASK>
[  326.025929][ T9569]  dump_stack_lvl+0x16c/0x1f0
[  326.025971][ T9569]  should_fail_ex+0x512/0x640
[  326.026000][ T9569]  _copy_to_user+0x32/0xd0
[  326.026029][ T9569]  simple_read_from_buffer+0xcb/0x170
[  326.026053][ T9569]  proc_fail_nth_read+0x197/0x270
[  326.026076][ T9569]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  326.026099][ T9569]  ? rw_verify_area+0xcf/0x680
[  326.026118][ T9569]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  326.026139][ T9569]  vfs_read+0x1e1/0xc60
[  326.026163][ T9569]  ? __pfx___mutex_lock+0x10/0x10
[  326.026190][ T9569]  ? __pfx_vfs_read+0x10/0x10
[  326.026218][ T9569]  ? __fget_files+0x20e/0x3c0
[  326.026250][ T9569]  ksys_read+0x12a/0x250
[  326.026270][ T9569]  ? __pfx_ksys_read+0x10/0x10
[  326.026299][ T9569]  do_syscall_64+0xcd/0x4c0
[  326.026327][ T9569]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.026344][ T9569] RIP: 0033:0x7fd36338d33c
[  326.026358][ T9569] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  326.026375][ T9569] RSP: 002b:00007fd3611f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  326.026392][ T9569] RAX: ffffffffffffffda RBX: 00007fd3635b5fa0 RCX: 00007fd36338d33c
[  326.026403][ T9569] RDX: 000000000000000f RSI: 00007fd3611f60a0 RDI: 0000000000000005
[  326.026414][ T9569] RBP: 00007fd3611f6090 R08: 0000000000000000 R09: 0000000000000000
[  326.026424][ T9569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.026434][ T9569] R13: 0000000000000000 R14: 00007fd3635b5fa0 R15: 00007ffc017717a8
[  326.026458][ T9569]  </TASK>
[  326.209007][ T5941] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  326.336783][ T9579] netlink: 'syz.3.1002': attribute type 1 has an invalid length.
[  326.345024][ T9579] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1002'.
[  326.363292][ T5941] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  326.372761][ T5941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.381267][ T5941] usb 1-1: Product: syz
[  326.385528][ T5941] usb 1-1: Manufacturer: syz
[  326.390236][ T5941] usb 1-1: SerialNumber: syz
[  326.399684][ T5941] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  326.449442][ T5879] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  327.723047][ T9591] syz_tun: entered allmulticast mode
[  327.742867][ T5879] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive
[  327.750554][ T5879] ath9k_htc: Failed to initialize the device
[  327.789461][   T24] usb_ehset_test 3-1:0.0: probe with driver usb_ehset_test failed with error -32
[  327.790243][ T5879] usb 1-1: ath9k_htc: USB layer deinitialized
[  327.848424][   T24] usb 3-1: USB disconnect, device number 33
[  327.923152][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1006'.
[  327.954761][ T9597] netlink: 'syz.2.1006': attribute type 30 has an invalid length.
[  327.973565][ T9597] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  327.983322][ T9597] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  327.992300][ T9597] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  328.001404][ T9597] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  328.015495][ T9597] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1006'.
[  328.025134][ T9597] netlink: 'syz.2.1006': attribute type 30 has an invalid length.
[  328.178228][ T9605] fuse: Bad value for 'fd'
[  328.595418][ T9607] fuse: Bad value for 'user_id'
[  328.600681][ T9607] fuse: Bad value for 'user_id'
[  328.835690][ T9609] ieee802154 phy0 wpan0: encryption failed: -22
[  328.873896][ T5820] Bluetooth: hci0: unexpected event for opcode 0x080b
[  328.992983][ T9612] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1013'.
[  329.077179][ T9612] dummy0: entered promiscuous mode
[  329.175075][ T9612] dummy0: left promiscuous mode
[  329.303045][ T5900] usb 1-1: USB disconnect, device number 22
[  329.440239][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  330.575554][ T9615] 8021q: adding VLAN 0 to HW filter on device bond1
[  330.668156][ T9631] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1015'.
[  330.757255][ T9631] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1015'.
[  330.823326][   T30] audit: type=1400 audit(1749495855.280:643): avc:  denied  { create } for  pid=9640 comm="syz.0.1020" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  330.905465][   T30] audit: type=1400 audit(1749495855.360:644): avc:  denied  { create } for  pid=9630 comm="syz.1.1015" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  331.707074][ T9651] fuse: Bad value for 'fd'
[  331.861771][ T9659] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9659 comm=syz.2.1019
[  331.876404][ T9659] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1019'.
[  332.329020][ T9663] netlink: 2 bytes leftover after parsing attributes in process `syz.3.1026'.
[  332.857554][   T30] audit: type=1400 audit(1749495857.310:645): avc:  denied  { write } for  pid=9666 comm="syz.1.1028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  332.902901][ T9660] delete_channel: no stack
[  333.182620][ T9675] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1031'.
[  333.760368][   T24] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  334.233692][ T9682] FAULT_INJECTION: forcing a failure.
[  334.233692][ T9682] name failslab, interval 1, probability 0, space 0, times 0
[  334.246556][ T9682] CPU: 0 UID: 0 PID: 9682 Comm: syz.2.1032 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  334.246581][ T9682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  334.246591][ T9682] Call Trace:
[  334.246597][ T9682]  <TASK>
[  334.246604][ T9682]  dump_stack_lvl+0x16c/0x1f0
[  334.246636][ T9682]  should_fail_ex+0x512/0x640
[  334.246660][ T9682]  ? fs_reclaim_acquire+0xae/0x150
[  334.246679][ T9682]  ? tomoyo_encode2+0x100/0x3e0
[  334.246708][ T9682]  should_failslab+0xc2/0x120
[  334.246733][ T9682]  __kmalloc_noprof+0xd2/0x510
[  334.246764][ T9682]  tomoyo_encode2+0x100/0x3e0
[  334.246793][ T9682]  tomoyo_encode+0x29/0x50
[  334.246815][ T9682]  tomoyo_realpath_from_path+0x18f/0x6e0
[  334.246843][ T9682]  ? tomoyo_profile+0x47/0x60
[  334.246873][ T9682]  tomoyo_path_number_perm+0x245/0x580
[  334.246893][ T9682]  ? tomoyo_path_number_perm+0x237/0x580
[  334.246918][ T9682]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  334.246941][ T9682]  ? find_held_lock+0x2b/0x80
[  334.246986][ T9682]  ? find_held_lock+0x2b/0x80
[  334.247005][ T9682]  ? hook_file_ioctl_common+0x145/0x410
[  334.247028][ T9682]  ? __fget_files+0x20e/0x3c0
[  334.247059][ T9682]  security_file_ioctl+0x9b/0x240
[  334.247085][ T9682]  __x64_sys_ioctl+0xb7/0x210
[  334.247107][ T9682]  do_syscall_64+0xcd/0x4c0
[  334.247135][ T9682]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.247152][ T9682] RIP: 0033:0x7fcb7058e929
[  334.247167][ T9682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.247183][ T9682] RSP: 002b:00007fcb7131e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  334.247200][ T9682] RAX: ffffffffffffffda RBX: 00007fcb707b5fa0 RCX: 00007fcb7058e929
[  334.247211][ T9682] RDX: 0000200000000640 RSI: 000000000000541b RDI: 0000000000000003
[  334.247222][ T9682] RBP: 00007fcb7131e090 R08: 0000000000000000 R09: 0000000000000000
[  334.247232][ T9682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.247243][ T9682] R13: 0000000000000000 R14: 00007fcb707b5fa0 R15: 00007fffa3447978
[  334.247268][ T9682]  </TASK>
[  334.247301][ T9682] ERROR: Out of memory at tomoyo_realpath_from_path.
[  334.417239][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  334.443079][ T9684] netlink: 'syz.4.1033': attribute type 10 has an invalid length.
[  334.456653][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  334.456824][   T24] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  334.456882][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.503944][ T9684] ������: left promiscuous mode
[  334.535555][   T24] usb 2-1: config 0 descriptor??
[  334.557811][ T9684] bond0: (slave ������): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  334.650303][ T9687] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1034'.
[  335.210637][   T24] usbhid 2-1:0.0: can't add hid device: -71
[  335.216684][   T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  335.234189][ T9700] binder: 9694:9700 ioctl c0306201 200000000540 returned -22
[  335.253115][ T9700] binder: 9694:9700 unknown command 3317061293
[  335.259369][ T9700] binder: 9694:9700 ioctl c0306201 200000000ac0 returned -22
[  335.350293][   T24] usb 2-1: USB disconnect, device number 16
[  335.574677][ T9705] geneve2: entered promiscuous mode
[  335.580161][ T9705] geneve2: entered allmulticast mode
[  335.898029][ T8253] wlan0: Trigger new scan to find an IBSS to join
[  337.297784][ T9716] cgroup: release_agent respecified
[  338.182631][ T9730] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1047'.
[  338.561331][ T9735] netlink: 'syz.1.1046': attribute type 1 has an invalid length.
[  338.569393][ T9735] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1046'.
[  338.932965][ T9740] fuse: Bad value for 'fd'
[  340.414951][ T1104] wlan0: Creating new IBSS network, BSSID 12:a7:42:8b:92:16
[  340.473486][ T9755] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  340.867068][ T9756] can: request_module (can-proto-3) failed.
[  342.130031][ T5893] usb 5-1: new full-speed USB device number 26 using dummy_hcd
[  342.481769][ T9775] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1060'.
[  342.499204][ T9774] lo speed is unknown, defaulting to 1000
[  342.512306][ T9775] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.520586][ T9775] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.582740][ T5893] usb 5-1: not running at top speed; connect to a high speed hub
[  342.606064][ T5893] usb 5-1: config 0 has an invalid interface number: 37 but max is 0
[  342.656229][ T9779] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1062'.
[  342.659853][ T5893] usb 5-1: config 0 has no interface number 0
[  342.772585][ T5893] usb 5-1: config 0 interface 37 has no altsetting 0
[  342.863902][ T5893] usb 5-1: New USB device found, idVendor=1f71, idProduct=3301, bcdDevice=75.dc
[  342.923068][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.960052][ T5893] usb 5-1: Product: syz
[  342.967883][ T5893] usb 5-1: Manufacturer: syz
[  342.982027][ T5893] usb 5-1: SerialNumber: syz
[  342.994169][ T5893] usb 5-1: config 0 descriptor??
[  343.650221][   T30] audit: type=1400 audit(1749495868.100:646): avc:  denied  { connect } for  pid=9780 comm="syz.2.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  343.669202][ T5893] usb 5-1: USB disconnect, device number 26
[  343.699733][   T30] audit: type=1400 audit(1749495868.100:647): avc:  denied  { write } for  pid=9780 comm="syz.2.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  343.720096][   T30] audit: type=1400 audit(1749495868.100:648): avc:  denied  { read } for  pid=9780 comm="syz.2.1063" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  344.005021][ T9790] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  344.372063][ T9794] fuse: Bad value for 'fd'
[  344.768868][ T9795] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1061'.
[  344.850875][ T9795] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1061'.
[  344.979677][ T9801] hub 8-0:1.0: USB hub found
[  344.985229][ T9801] hub 8-0:1.0: 1 port detected
[  345.917982][ T9811] loop6: detected capacity change from 0 to 524287999
[  345.925424][ T9811] buffer_io_error: 22 callbacks suppressed
[  345.925434][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.939619][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.947509][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.955573][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.963447][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.971342][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.979213][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.987252][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  345.995110][ T9811] ldm_validate_partition_table(): Disk read failed.
[  346.002127][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  346.010375][ T9811] Buffer I/O error on dev loop6, logical block 0, async page read
[  346.018310][ T9811] Dev loop6: unable to read RDB block 0
[  346.025098][ T9811]  loop6: unable to read partition table
[  346.030867][ T9811] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  346.535837][    T9] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  346.536129][ T9812] ldm_validate_partition_table(): Disk read failed.
[  346.591508][ T9812] Dev loop6: unable to read RDB block 0
[  346.597297][ T9812]  loop6: unable to read partition table
[  346.610478][ T9812] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  346.680010][    T9] usb 5-1: device descriptor read/64, error -71
[  347.070340][    T9] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  347.194269][ T9839] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  347.680801][ T9840] fuse: Bad value for 'fd'
[  347.854736][    T9] usb 5-1: device descriptor read/64, error -71
[  347.990848][ T5941] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  348.022067][   T30] audit: type=1400 audit(1749495872.470:649): avc:  denied  { nlmsg_write } for  pid=9842 comm="syz.1.1078" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  348.080572][    T9] usb usb5-port1: attempt power cycle
[  348.091709][   T30] audit: type=1400 audit(1749495872.480:650): avc:  denied  { setattr } for  pid=9842 comm="syz.1.1078" name="NETLINK" dev="sockfs" ino=27187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  348.129999][ T5941] usb 3-1: device descriptor read/64, error -71
[  348.232488][ T9845] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1079'.
[  348.247869][ T9851] binder: 9848:9851 ioctl c0306201 200000000180 returned -14
[  348.258082][ T9845] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1079'.
[  348.267786][ T9850] binder: 9848:9850 ioctl c0306201 200000000180 returned -14
[  348.762166][ T9858] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.806559][ T5941] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  348.870193][    T9] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  348.910516][    T9] usb 5-1: device descriptor read/8, error -71
[  349.135278][ T5941] usb 3-1: device descriptor read/64, error -71
[  349.354409][    T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  349.411237][ T5941] usb usb3-port1: attempt power cycle
[  349.441195][    T9] usb 5-1: device descriptor read/8, error -71
[  349.655767][    T9] usb usb5-port1: unable to enumerate USB device
[  349.983864][ T5941] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  350.088111][ T8257] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  350.172497][ T9870] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1084'.
[  350.212287][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  350.341421][ T5941] usb 3-1: device descriptor read/8, error -71
[  350.727853][ T9880] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1087'.
[  350.842265][   T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  350.910393][ T9890] fuse: Bad value for 'fd'
[  351.307910][ T9894] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1091'.
[  351.332811][ T9894] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1091'.
[  351.463383][ T9900] xt_TPROXY: Can be used only with -p tcp or -p udp
[  351.519648][ T9903] netlink: 768 bytes leftover after parsing attributes in process `syz.3.1092'.
[  351.553022][ T9904] TCP: tcp_parse_options: Illegal window scaling value 150 > 14 received
[  352.290280][ T9908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1096'.
[  353.772750][ T9924] dlm: no local IP address has been set
[  353.778514][ T9924] dlm: cannot start dlm midcomms -107
[  354.075954][ T9927] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1101'.
[  354.491087][ T9932] tipc: New replicast peer: 255.255.255.255
[  354.497863][ T9932] tipc: Enabled bearer <udp:syz2>, priority 10
[  354.512137][ T9932] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1103'.
[  354.521198][ T9932] tipc: Disabling bearer <udp:syz2>
[  356.731465][ T9952] tipc: Started in network mode
[  356.736407][ T9952] tipc: Node identity aaa70c028389, cluster identity 4711
[  356.745870][ T9952] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  357.024278][ T9950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1105'.
[  357.201654][ T9948] syzkaller0: entered promiscuous mode
[  357.211865][ T9948] syzkaller0: entered allmulticast mode
[  357.228478][ T9948] tipc: Resetting bearer <eth:syzkaller0>
[  357.261307][ T9946] tipc: Resetting bearer <eth:syzkaller0>
[  357.262481][ T9957] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1110'.
[  357.515727][ T9963] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  358.233256][ T5879] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  358.242336][ T5941] tipc: Node number set to 690883586
[  358.390489][ T5879] usb 1-1: Using ep0 maxpacket: 8
[  358.399215][ T5879] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  358.415319][ T5879] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  358.426471][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  358.438675][ T5879] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  358.448874][ T5879] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  358.466706][ T5879] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  358.477480][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.717567][ T5879] usb 1-1: GET_CAPABILITIES returned 0
[  358.732214][ T5879] usbtmc 1-1:16.0: can't read capabilities
[  359.122284][ T9963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  359.135543][ T9963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.707496][ T9965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  359.727577][ T9965] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  359.933594][ T9946] tipc: Disabling bearer <eth:syzkaller0>
[  360.007129][ T9981] bridge0: port 3(ipvlan2) entered blocking state
[  360.023883][ T9981] bridge0: port 3(ipvlan2) entered disabled state
[  360.044263][ T9981] ipvlan2: entered allmulticast mode
[  360.050394][ T9981] bridge0: entered allmulticast mode
[  360.057551][ T9981] ipvlan2: left allmulticast mode
[  360.065695][ T9981] bridge0: left allmulticast mode
[  360.106994][ T9983] ubi: mtd0 is already attached to ubi31
[  361.018530][   T24] usb 1-1: USB disconnect, device number 23
[  361.420129][ T5879] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  361.428257][   T30] audit: type=1400 audit(1749495885.820:651): avc:  denied  { bind } for  pid=9986 comm="syz.2.1120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  361.541294][T10006] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1125'.
[  361.549112][   T30] audit: type=1400 audit(1749495885.880:652): avc:  denied  { listen } for  pid=9986 comm="syz.2.1120" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  361.622713][T10006] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  361.641677][T10006] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1125'.
[  361.679996][ T5879] usb 5-1: Using ep0 maxpacket: 8
[  361.698013][ T5879] usb 5-1: unable to get BOS descriptor or descriptor too short
[  361.707256][ T5879] usb 5-1: config 0 has an invalid interface number: 88 but max is 0
[  361.725209][ T5879] usb 5-1: config 0 has no interface number 0
[  361.766202][ T5879] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  361.797884][ T5879] usb 5-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  361.833590][ T5879] usb 5-1: config 0 interface 88 has no altsetting 0
[  361.865526][T10017] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  361.873560][ T5879] usb 5-1: string descriptor 0 read error: -22
[  361.879886][ T5879] usb 5-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  361.907826][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  361.908031][T10017] syzkaller0: entered promiscuous mode
[  361.927592][T10017] syzkaller0: entered allmulticast mode
[  361.936865][T10017] tipc: Resetting bearer <eth:syzkaller0>
[  361.945563][ T5879] usb 5-1: config 0 descriptor??
[  361.958134][ T5879] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.88/input/input23
[  361.975963][T10016] tipc: Resetting bearer <eth:syzkaller0>
[  362.738625][ T5900] usb 5-1: USB disconnect, device number 31
[  363.379686][T10040] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1135'.
[  363.660740][   T30] audit: type=1400 audit(1749495888.110:653): avc:  denied  { map } for  pid=10035 comm="syz.0.1134" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  363.719286][   T30] audit: type=1400 audit(1749495888.110:654): avc:  denied  { execute } for  pid=10035 comm="syz.0.1134" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  363.749964][T10047] could not allocate digest TFM handle cryptd(blake2s-256-generic)
[  365.130793][T10016] tipc: Disabling bearer <eth:syzkaller0>
[  365.151336][T10041] pim6reg1: entered promiscuous mode
[  365.156632][T10041] pim6reg1: entered allmulticast mode
[  365.162893][T10053] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1134'.
[  365.175445][T10053] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1134'.
[  365.185050][T10052] tipc: Started in network mode
[  365.194171][T10052] tipc: Node identity 4, cluster identity 4711
[  365.201849][T10052] tipc: Node number set to 4
[  366.032262][   T30] audit: type=1400 audit(1749495890.490:655): avc:  denied  { bind } for  pid=10079 comm="syz.3.1142" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  366.810375][T10089] netlink: 'syz.3.1144': attribute type 1 has an invalid length.
[  367.310165][T10102] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  368.391714][ T5900] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  368.428847][T10106] tipc: Started in network mode
[  368.437473][T10106] tipc: Node identity 46487e9f0227, cluster identity 4711
[  368.447410][T10106] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  368.590004][ T5900] usb 1-1: Using ep0 maxpacket: 8
[  368.597773][ T5900] usb 1-1: config 0 has an invalid interface number: 52 but max is 0
[  368.616483][ T5900] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.651509][ T5900] usb 1-1: config 0 has no interface number 0
[  368.663121][ T5900] usb 1-1: config 0 interface 52 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  368.687643][ T5900] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  368.703909][ T5900] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  368.717120][ T5900] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  368.732409][ T5900] usb 1-1: config 0 interface 52 has no altsetting 0
[  368.739244][ T5900] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 8.00
[  368.748558][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.760418][ T5900] usb 1-1: config 0 descriptor??
[  368.973101][ T5900] usb 1-1: Can not set alternate setting to 1, error: -71
[  368.984732][T10127] fuse: Bad value for 'rootmode'
[  369.021050][ T5900] synaptics_usb 1-1:0.52: probe with driver synaptics_usb failed with error -71
[  369.209290][ T5900] usb 1-1: USB disconnect, device number 24
[  369.570659][ T5900] tipc: Node number set to 1148157599
[  369.576043][T10106] syzkaller0: entered promiscuous mode
[  369.576064][T10106] syzkaller0: entered allmulticast mode
[  369.576611][T10106] tipc: Resetting bearer <eth:syzkaller0>
[  370.463174][   T30] audit: type=1400 audit(1749495894.240:656): avc:  denied  { connect } for  pid=10134 comm="syz.3.1155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  370.782073][   T30] audit: type=1400 audit(1749495894.310:657): avc:  denied  { write } for  pid=10134 comm="syz.3.1155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  370.801569][   T30] audit: type=1400 audit(1749495894.360:658): avc:  denied  { link } for  pid=10134 comm="syz.3.1155" name="#9" dev="tmpfs" ino=1319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  370.824809][   T30] audit: type=1400 audit(1749495894.360:659): avc:  denied  { rename } for  pid=10134 comm="syz.3.1155" name="#a" dev="tmpfs" ino=1319 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  370.847375][   T30] audit: type=1800 audit(1749495894.380:660): pid=10140 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1155" name="bus" dev="overlay" ino=1317 res=0 errno=0
[  370.875118][T10134] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  370.923136][T10105] tipc: Resetting bearer <eth:syzkaller0>
[  371.041320][T10149] openvswitch: netlink: ct_state flags 7fffffff unsupported
[  371.079954][   T30] audit: type=1400 audit(1749495895.520:661): avc:  denied  { bind } for  pid=10148 comm="syz.3.1158" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  371.211291][T10152] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1158'.
[  371.273170][T10158] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  371.416876][T10152] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1158'.
[  372.322317][ T8257] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  373.655182][T10105] tipc: Disabling bearer <eth:syzkaller0>
[  373.995336][T10179] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1164'.
[  375.110143][T10185] netlink: 'syz.3.1165': attribute type 8 has an invalid length.
[  375.118000][T10185] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1165'.
[  376.490575][T10206] fuse: Unknown parameter 'use00000000000000000000'
[  376.722386][   T30] audit: type=1400 audit(1749495901.180:662): avc:  denied  { write } for  pid=10207 comm="syz.3.1175" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  376.756617][ T5941] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  376.764915][   T30] audit: type=1400 audit(1749495901.210:663): avc:  denied  { attach_queue } for  pid=10199 comm="syz.0.1172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  376.802690][T10211] tipc: Enabling of bearer <eth:syzkaller0> rejected, already enabled
[  376.983590][ T5941] usb 5-1: Using ep0 maxpacket: 32
[  377.060336][   T24] usb 4-1: new low-speed USB device number 24 using dummy_hcd
[  377.060789][ T5941] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  377.096015][ T5941] usb 5-1: New USB device found, idVendor=04b4, idProduct=07b1, bcdDevice= 0.00
[  377.107266][T10214] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1178'.
[  377.116732][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.188059][T10214] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1178'.
[  377.263723][ T5941] usb 5-1: config 0 descriptor??
[  377.264747][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  377.418318][   T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  377.556404][   T24] usb 4-1: string descriptor 0 read error: -22
[  377.622587][   T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  377.639968][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.671749][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  377.761862][ T5941] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0
[  377.823454][ T5941] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0
[  377.929103][ T5879] usb 4-1: USB disconnect, device number 24
[  377.985558][ T5941] cypress 0003:04B4:07B1.000A: unknown main item tag 0x0
[  378.005990][T10224] syzkaller0: entered promiscuous mode
[  378.014913][ T5941] cypress 0003:04B4:07B1.000A: hidraw0: USB HID v0.00 Device [HID 04b4:07b1] on usb-dummy_hcd.4-1/input0
[  378.028273][T10224] syzkaller0: entered allmulticast mode
[  378.082951][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  378.092253][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  378.110129][T10230] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1181'.
[  378.426447][T10236] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1181'.
[  379.002286][ T5893] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  379.067841][ T5879] usb 5-1: USB disconnect, device number 32
[  379.171677][ T5893] usb 4-1: Using ep0 maxpacket: 8
[  379.190275][ T5893] usb 4-1: config 0 descriptor has 1 excess byte, ignoring
[  379.197630][ T5893] usb 4-1: config 0 has no interfaces?
[  379.229298][ T5893] usb 4-1: New USB device found, idVendor=0586, idProduct=1000, bcdDevice= 5.2a
[  379.240864][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.254376][ T5893] usb 4-1: Product: syz
[  379.258578][ T5893] usb 4-1: Manufacturer: syz
[  379.268430][ T5893] usb 4-1: SerialNumber: syz
[  379.292847][ T5893] usb 4-1: config 0 descriptor??
[  379.636191][T10247] No source specified
[  379.645058][T10247] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1184'.
[  379.881458][T10258] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  379.954010][T10260] syzkaller0: entered promiscuous mode
[  379.967416][T10260] syzkaller0: entered allmulticast mode
[  379.974013][T10260] tipc: Resetting bearer <eth:syzkaller0>
[  379.986870][ T5900] usb 4-1: USB disconnect, device number 25
[  380.033377][ T8257] tipc: Resetting bearer <eth:syzkaller0>
[  380.052683][T10252] tipc: Resetting bearer <eth:syzkaller0>
[  380.063419][T10272] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1188'.
[  380.115250][T10269] netlink: 'syz.1.1188': attribute type 10 has an invalid length.
[  381.365287][T10287] FAULT_INJECTION: forcing a failure.
[  381.365287][T10287] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  381.379689][T10287] CPU: 0 UID: 0 PID: 10287 Comm: syz.2.1192 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  381.379712][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  381.379721][T10287] Call Trace:
[  381.379728][T10287]  <TASK>
[  381.379735][T10287]  dump_stack_lvl+0x16c/0x1f0
[  381.379766][T10287]  should_fail_ex+0x512/0x640
[  381.379801][T10287]  _copy_from_user+0x2e/0xd0
[  381.379828][T10287]  kstrtouint_from_user+0xd6/0x1d0
[  381.379848][T10287]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  381.379867][T10287]  ? __lock_acquire+0xb8a/0x1c90
[  381.379907][T10287]  proc_fail_nth_write+0x83/0x250
[  381.379930][T10287]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  381.379958][T10287]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  381.379978][T10287]  vfs_write+0x2a0/0x1150
[  381.380004][T10287]  ? __pfx___mutex_lock+0x10/0x10
[  381.380031][T10287]  ? __pfx_vfs_write+0x10/0x10
[  381.380060][T10287]  ? __fget_files+0x20e/0x3c0
[  381.380092][T10287]  ksys_write+0x12a/0x250
[  381.380113][T10287]  ? __pfx_ksys_write+0x10/0x10
[  381.380143][T10287]  do_syscall_64+0xcd/0x4c0
[  381.380171][T10287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.380188][T10287] RIP: 0033:0x7fcb7058d3df
[  381.380203][T10287] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  381.380221][T10287] RSP: 002b:00007fcb6e3f6030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  381.380238][T10287] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb7058d3df
[  381.380249][T10287] RDX: 0000000000000001 RSI: 00007fcb6e3f60a0 RDI: 000000000000000c
[  381.380260][T10287] RBP: 00007fcb6e3f6090 R08: 0000000000000000 R09: 0000000000000000
[  381.380270][T10287] R10: 0000200000000700 R11: 0000000000000293 R12: 0000000000000001
[  381.380281][T10287] R13: 0000000000000000 R14: 00007fcb707b6080 R15: 00007fffa3447978
[  381.380305][T10287]  </TASK>
[  381.915324][T10293] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1193'.
[  382.413502][T10295] xt_TPROXY: Can be used only with -p tcp or -p udp
[  382.642356][ T8253] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  382.905477][T10304] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  384.223088][T10252] tipc: Disabling bearer <eth:syzkaller0>
[  385.932601][T10324] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  386.248270][T10332] fuse: Unknown parameter 'use00000000000000000000'
[  386.448729][T10324] lo speed is unknown, defaulting to 1000
[  386.630016][ T5879] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  386.877335][T10342] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  387.159240][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  387.169337][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  387.199807][T10334] can: request_module (can-proto-3) failed.
[  387.212091][ T5879] usb 1-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  387.225766][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.244584][ T5879] usb 1-1: Product: syz
[  387.254521][ T5879] usb 1-1: Manufacturer: syz
[  387.259318][ T5879] usb 1-1: SerialNumber: syz
[  387.278312][ T5879] usb 1-1: config 0 descriptor??
[  387.303695][T10329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  387.402944][T10329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  387.453942][T10350] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1206'.
[  388.008674][T10329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  388.027496][T10329] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  388.038086][T10357] SELinux: syz.3.1208 (10357) set checkreqprot to 1. This is no longer supported.
[  388.427678][T10361] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  388.500656][ T5879] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  388.529828][T10361] syzkaller0: entered promiscuous mode
[  388.557694][T10361] syzkaller0: entered allmulticast mode
[  388.568447][T10361] tipc: Resetting bearer <eth:syzkaller0>
[  388.590434][T10360] tipc: Resetting bearer <eth:syzkaller0>
[  388.620132][ T5900] usb 2-1: new full-speed USB device number 17 using dummy_hcd
[  388.781963][ T5900] usb 2-1: config 0 has an invalid interface number: 164 but max is 0
[  388.800435][ T5900] usb 2-1: config 0 has no interface number 0
[  388.807050][ T5900] usb 2-1: config 0 interface 164 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  388.841079][ T5900] usb 2-1: New USB device found, idVendor=100d, idProduct=cb01, bcdDevice=11.ad
[  388.942351][T10367] hub 8-0:1.0: USB hub found
[  388.948110][T10367] hub 8-0:1.0: 1 port detected
[  389.214407][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.222563][ T5900] usb 2-1: Product: syz
[  389.226824][ T5900] usb 2-1: Manufacturer: syz
[  389.231520][ T5900] usb 2-1: SerialNumber: syz
[  389.249991][ T5900] usb 2-1: config 0 descriptor??
[  389.438644][T10329] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  389.468757][ T5900] cxacru 2-1:0.164: cxacru_bind: interface has incorrect endpoints
[  389.478099][ T5900] cxacru 2-1:0.164: usbatm_usb_probe: bind failed: -19!
[  389.517363][ T5900] usb 2-1: USB disconnect, device number 17
[  390.170371][T10375] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  390.810875][ T8254] Bluetooth: Error in BCSP hdr checksum
[  390.902209][  T974] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  390.975695][T10360] tipc: Disabling bearer <eth:syzkaller0>
[  391.060342][  T974] usb 3-1: Using ep0 maxpacket: 8
[  391.081834][ T1104] Bluetooth: Error in BCSP hdr checksum
[  391.089087][  T974] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  391.101683][  T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.112457][  T974] usb 3-1: config 0 descriptor??
[  391.355206][ T1104] Bluetooth: Error in BCSP hdr checksum
[  391.357159][ T5879] dm9601 1-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  391.496848][ T5879] dm9601 1-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet, 62:30:e8:34:f9:83
[  391.512787][ T5879] usb 1-1: USB disconnect, device number 25
[  391.524223][ T5879] dm9601 1-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.0-1, Davicom DM96xx USB 10/100 Ethernet
[  391.599967][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  391.677334][ T8257] Bluetooth: Error in BCSP hdr checksum
[  392.250223][ T5820] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  392.287050][ T8257] Bluetooth: Error in BCSP hdr checksum
[  392.525948][ T8254] Bluetooth: Error in BCSP hdr checksum
[  392.538365][T10400] syzkaller0: entered promiscuous mode
[  392.547411][T10400] syzkaller0: entered allmulticast mode
[  392.640065][    C1] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  392.780243][ T8254] Bluetooth: Error in BCSP hdr checksum
[  393.134788][   T30] audit: type=1800 audit(1749495917.370:664): pid=10409 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1220" name="bus" dev="overlay" ino=1167 res=0 errno=0
[  393.260155][ T5879] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  393.425549][ T5879] usb 4-1: Using ep0 maxpacket: 8
[  393.440994][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  393.496374][ T5879] usb 4-1: config 0 has an invalid interface number: 246 but max is 0
[  393.526623][ T5879] usb 4-1: config 0 has no interface number 0
[  393.542651][ T5879] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3
[  393.555296][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  393.563902][ T5879] usb 4-1: Product: syz
[  393.568120][ T5879] usb 4-1: Manufacturer: syz
[  393.576341][T10412] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=54 sclass=netlink_route_socket pid=10412 comm=syz.2.1214
[  393.589393][ T5879] usb 4-1: SerialNumber: syz
[  393.603814][ T5879] usb 4-1: config 0 descriptor??
[  393.769631][T10419] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1223'.
[  393.924171][ T5879] msi2500 4-1:0.246: Registered as swradio24
[  393.931623][ T5879] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow
[  394.165423][ T5820] Bluetooth: hci4: unexpected event for opcode 0x0419
[  394.703029][T10408] netlink: 5392 bytes leftover after parsing attributes in process `syz.3.1221'.
[  396.021269][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.034584][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading RX_CTL register: ffffffb9
[  396.060433][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.094467][ T5879] usb 4-1: USB disconnect, device number 26
[  396.109434][   T30] audit: type=1400 audit(1749495920.560:665): avc:  denied  { write } for  pid=10448 comm="syz.2.1228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  396.129569][T10440] syzkaller0: entered promiscuous mode
[  396.143220][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Error reading Medium Status register: ffffffb9
[  396.165508][T10440] syzkaller0: entered allmulticast mode
[  396.296911][T10451] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1230'.
[  396.426533][   T30] audit: type=1400 audit(1749495920.560:666): avc:  denied  { append } for  pid=10448 comm="syz.2.1228" name="autofs" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[  396.571617][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.604417][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.628242][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.639836][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.651994][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.671303][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.694006][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.713709][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.736505][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.747354][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.762589][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.789323][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.805438][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.827413][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.846868][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.862861][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.873270][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.885066][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.921841][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.932168][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.948993][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.960980][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  396.971341][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  396.985161][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  396.997160][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.007991][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.027644][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.038647][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.051991][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.065980][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.078772][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.104907][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.140323][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.152120][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.166260][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.180439][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.201952][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.213336][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.225180][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.238998][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.249251][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.272230][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.284590][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.295981][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.308687][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.319622][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.329980][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.342305][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.354289][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.365066][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.383121][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.393647][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.403899][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.415646][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.426093][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.436421][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.447971][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.462470][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.473702][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.492546][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.510960][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.521303][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.543398][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.553921][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.564756][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.584668][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.599828][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.618610][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.630802][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.641194][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.651542][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.663156][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.673743][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.684516][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.696477][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.707489][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.718056][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.729850][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.740567][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.750723][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.762451][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.772984][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.783209][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.796233][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.806782][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.817314][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.836683][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.847106][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  397.857197][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to enable software MII access
[  397.875202][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  397.896782][  T974] asix 3-1:0.0 (unnamed net_device) (uninitialized): Could not register MDIO bus (err -5)
[  397.907090][  T974] asix 3-1:0.0: probe with driver asix failed with error -5
[  397.918822][  T974] usb 3-1: USB disconnect, device number 38
[  398.064402][T10468] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  398.241553][ T5820] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[  398.250350][ T5820] Bluetooth: hci4: Injecting HCI hardware error event
[  398.265569][   T51] Bluetooth: hci4: hardware error 0x00
[  398.796629][T10468] lo speed is unknown, defaulting to 1000
[  398.988829][   T30] audit: type=1400 audit(1749495923.370:667): avc:  denied  { read } for  pid=10470 comm="syz.0.1235" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  400.076105][T10479] binder: 10472:10479 ioctl c0306201 0 returned -14
[  400.792331][   T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[  401.704677][T10488] syz.4.1238: attempt to access beyond end of device
[  401.704677][T10488] loop4: rw=0, sector=1, nr_sectors = 1 limit=0
[  401.718456][T10488] qnx4: unable to read the superblock
[  403.205402][T10500] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  404.762782][T10525] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1244'.
[  405.016135][T10524] overlay: ./file1 is not a directory
[  405.036468][   T30] audit: type=1400 audit(1749495929.470:668): avc:  denied  { execute } for  pid=10523 comm="syz.0.1247" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  405.198244][T10524] overlay: ./file1 is not a directory
[  405.212174][ T5893] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  405.304208][T10528] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  405.357244][T10528] syzkaller0: entered promiscuous mode
[  405.365152][T10528] syzkaller0: entered allmulticast mode
[  405.372275][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.380874][T10528] tipc: Resetting bearer <eth:syzkaller0>
[  405.388980][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.399246][ T5893] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  405.410009][T10527] tipc: Resetting bearer <eth:syzkaller0>
[  405.417698][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.433608][ T5893] usb 2-1: config 0 descriptor??
[  405.590024][ T5900] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  405.810690][ T5900] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  405.831127][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.839217][ T5900] usb 5-1: Product: syz
[  405.848187][ T5900] usb 5-1: Manufacturer: syz
[  405.859270][ T5900] usb 5-1: SerialNumber: syz
[  405.886323][ T5900] usb 5-1: config 0 descriptor??
[  405.967176][ T5893] keytouch 0003:0926:3333.000B: fixing up Keytouch IEC report descriptor
[  406.053266][ T5893] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000B/input/input25
[  406.141549][ T5900] airspy 5-1:0.0: usb_control_msg() failed -71 request 09
[  406.152359][ T5900] airspy 5-1:0.0: Could not detect board
[  406.163621][ T5900] airspy 5-1:0.0: probe with driver airspy failed with error -71
[  406.182708][ T5893] keytouch 0003:0926:3333.000B: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  406.199969][ T5900] usb 5-1: USB disconnect, device number 33
[  406.215411][ T5893] usb 2-1: USB disconnect, device number 18
[  406.427665][T10541] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1253'.
[  406.826266][T10547] netlink: 'syz.1.1255': attribute type 1 has an invalid length.
[  407.102358][  T974] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  407.273095][  T974] usb 5-1: Using ep0 maxpacket: 16
[  407.311451][  T974] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  407.320778][  T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.328924][  T974] usb 5-1: Product: syz
[  407.343660][  T974] usb 5-1: Manufacturer: syz
[  407.354372][  T974] usb 5-1: SerialNumber: syz
[  407.361724][  T974] usb 5-1: config 0 descriptor??
[  407.373155][  T974] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  407.499106][T10527] tipc: Disabling bearer <eth:syzkaller0>
[  407.507446][T10541] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1253'.
[  407.591227][T10548] bond3: entered promiscuous mode
[  407.596570][  T974] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71
[  407.617095][T10548] bond3: entered allmulticast mode
[  407.624875][T10548] 8021q: adding VLAN 0 to HW filter on device bond3
[  407.632889][  T974] usb 5-1: USB disconnect, device number 34
[  408.002968][T10557] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  408.332275][   T30] audit: type=1800 audit(1749495932.780:669): pid=10558 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.3.1257" name="bus" dev="overlay" ino=1435 res=0 errno=0
[  409.049185][T10570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1263'.
[  409.150768][  T974] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  409.242514][T10577] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  409.280139][T10577] syzkaller0: entered promiscuous mode
[  409.285815][T10577] syzkaller0: entered allmulticast mode
[  409.292435][  T974] usb 1-1: device descriptor read/64, error -71
[  409.300621][T10577] tipc: Resetting bearer <eth:syzkaller0>
[  409.310912][T10575] tipc: Resetting bearer <eth:syzkaller0>
[  409.353138][    T9] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  409.528241][    T9] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  409.537708][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.550663][  T974] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  409.572158][    T9] usb 3-1: config 0 descriptor??
[  409.593952][    T9] cp210x 3-1:0.0: cp210x converter detected
[  409.690926][  T974] usb 1-1: device descriptor read/64, error -71
[  409.793286][    T9] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121
[  409.802050][  T974] usb usb1-port1: attempt power cycle
[  409.807776][    T9] cp210x 3-1:0.0: querying part number failed
[  409.823338][    T9] usb 3-1: cp210x converter now attached to ttyUSB0
[  410.154110][  T974] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  410.185040][  T974] usb 1-1: device descriptor read/8, error -71
[  410.264767][T10588] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1270'.
[  410.440570][  T974] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  410.483440][  T974] usb 1-1: device descriptor read/8, error -71
[  410.554292][T10575] tipc: Disabling bearer <eth:syzkaller0>
[  410.563309][T10588] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1270'.
[  410.591244][  T974] usb usb1-port1: unable to enumerate USB device
[  410.626217][T10594] fuse: Bad value for 'group_id'
[  410.631483][T10594] fuse: Bad value for 'group_id'
[  410.990022][ T5900] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  411.050134][  T974] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  411.139976][ T5900] usb 4-1: Using ep0 maxpacket: 16
[  411.146711][ T5900] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  411.155557][ T5900] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  411.165850][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  411.176346][ T5900] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  411.185539][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.193555][ T5900] usb 4-1: Product: syz
[  411.197695][ T5900] usb 4-1: Manufacturer: syz
[  411.202358][ T5900] usb 4-1: SerialNumber: syz
[  411.212566][  T974] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  411.221440][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.232434][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.243761][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.251669][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.260804][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.272984][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.281172][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.290201][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.301521][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.309213][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.318295][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.329427][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.337537][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.346565][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.357534][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.365888][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.375089][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.386864][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.395144][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.405008][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.417093][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.425653][  T974] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  411.435700][  T974] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  411.447097][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  411.456143][  T974] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  411.465286][  T974] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  411.473693][  T974] usb 2-1: Product: syz
[  411.477873][  T974] usb 2-1: Manufacturer: syz
[  411.482721][  T974] usb 2-1: SerialNumber: syz
[  411.490048][  T974] usb 2-1: config 0 descriptor??
[  411.498914][  T974] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  411.739642][ T5893] usb 2-1: USB disconnect, device number 19
[  411.747822][ T5893] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  412.440342][   T24] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  412.540430][ T5893] usb 3-1: USB disconnect, device number 39
[  412.554626][ T5893] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  412.565156][ T5893] cp210x 3-1:0.0: device disconnected
[  412.636058][   T30] audit: type=1400 audit(1749495937.090:670): avc:  denied  { setopt } for  pid=10617 comm="syz.2.1280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  412.656410][  T974] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  412.681785][   T24] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  412.690838][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  412.699808][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  412.712555][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.721477][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  412.731651][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  412.743367][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.752619][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  412.761770][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  412.826268][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.834213][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  412.849427][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  412.851036][  T974] usb 5-1: Using ep0 maxpacket: 32
[  412.860600][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.863081][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  412.881904][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  412.893056][  T974] usb 5-1: config 1 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  412.896704][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  412.907106][  T974] usb 5-1: config 1 interface 0 has no altsetting 0
[  413.068670][T10624] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1281'.
[  413.215282][  T974] usb 5-1: New USB device found, idVendor=18d1, idProduct=5022, bcdDevice= 0.40
[  413.224546][  T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  413.238149][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  413.245554][  T974] usb 5-1: Product: syz
[  413.249278][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  413.256760][  T974] usb 5-1: Manufacturer: 㢜㌴葑☽妰ⷧ陏豱푭甂坪誵ᇽ碰㩞⾱䬊Ⰷ夨ﭖ營※阌祆੏㹡谹댚῱赎䐬터⾭藺䝰ው꩸훢
[  413.283666][  T974] usb 5-1: SerialNumber: syz
[  413.289912][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  413.318464][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  413.337118][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  413.350903][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  413.358595][   T24] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  413.369098][   T24] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  413.382599][   T24] usb 2-1: config 0 interface 0 has no altsetting 0
[  413.407014][   T24] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  413.425148][   T24] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  413.441964][T10629] netlink: 204 bytes leftover after parsing attributes in process `syz.0.1282'.
[  413.489925][   T24] usb 2-1: Product: syz
[  413.494170][   T24] usb 2-1: Manufacturer: syz
[  413.668161][   T24] usb 2-1: SerialNumber: syz
[  413.688232][T10633] tipc: Started in network mode
[  413.694684][T10633] tipc: Node identity 963a988a98ae, cluster identity 4711
[  413.704330][   T24] usb 2-1: config 0 descriptor??
[  413.709559][ T5900] usb 4-1: 0:2 : does not exist
[  413.717428][T10633] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  413.725008][ T5900] usb 4-1: 1:0: cannot get min/max values for control 4 (id 1)
[  413.736318][   T24] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  413.777956][ T5900] usb 4-1: USB disconnect, device number 27
[  413.804628][ T5879] usb 2-1: USB disconnect, device number 20
[  413.813527][ T5879] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  413.829023][T10633] syzkaller0: entered promiscuous mode
[  413.834798][T10633] syzkaller0: entered allmulticast mode
[  413.841443][T10633] tipc: Resetting bearer <eth:syzkaller0>
[  413.896281][T10632] tipc: Resetting bearer <eth:syzkaller0>
[  414.326266][T10635] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1284'.
[  414.620849][ T8254] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  414.720040][    T9] tipc: Node number set to 244619402
[  415.653514][  T974] usbhid 5-1:1.0: can't add hid device: -71
[  415.659634][  T974] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  415.671815][  T974] usb 5-1: USB disconnect, device number 35
[  416.928368][T10632] tipc: Disabling bearer <eth:syzkaller0>
[  416.936450][T10635] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1284'.
[  416.955560][T10662] lo speed is unknown, defaulting to 1000
[  417.166883][T10667] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1291'.
[  418.314487][T10678] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1295'.
[  418.369855][T10671] lo speed is unknown, defaulting to 1000
[  419.275676][T10694] fuse: Bad value for 'fd'
[  419.604656][T10695] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1300'.
[  420.520781][   T51] Bluetooth: hci2: unexpected event for opcode 0x080b
[  420.588377][T10711] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1305'.
[  420.881807][T10704] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1303'.
[  420.896215][T10704] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1303'.
[  420.930076][    T9] usb 3-1: new full-speed USB device number 40 using dummy_hcd
[  421.144395][T10733] FAULT_INJECTION: forcing a failure.
[  421.144395][T10733] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  421.158032][T10733] CPU: 1 UID: 0 PID: 10733 Comm: syz.4.1312 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  421.158057][T10733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  421.158067][T10733] Call Trace:
[  421.158073][T10733]  <TASK>
[  421.158080][T10733]  dump_stack_lvl+0x16c/0x1f0
[  421.158111][T10733]  should_fail_ex+0x512/0x640
[  421.158139][T10733]  _copy_from_user+0x2e/0xd0
[  421.158166][T10733]  copy_msghdr_from_user+0x98/0x160
[  421.158193][T10733]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  421.158225][T10733]  ? __lock_acquire+0x622/0x1c90
[  421.158257][T10733]  ___sys_recvmsg+0xdb/0x1a0
[  421.158283][T10733]  ? __pfx____sys_recvmsg+0x10/0x10
[  421.158312][T10733]  ? find_held_lock+0x2b/0x80
[  421.158348][T10733]  do_recvmmsg+0x2fe/0x750
[  421.158377][T10733]  ? __pfx_do_recvmmsg+0x10/0x10
[  421.158409][T10733]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  421.158444][T10733]  ? __fget_files+0x20e/0x3c0
[  421.158475][T10733]  __x64_sys_recvmmsg+0x22a/0x280
[  421.158504][T10733]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  421.158539][T10733]  do_syscall_64+0xcd/0x4c0
[  421.158567][T10733]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  421.158585][T10733] RIP: 0033:0x7f292318e929
[  421.158599][T10733] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  421.158622][T10733] RSP: 002b:00007f29240aa038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  421.158640][T10733] RAX: ffffffffffffffda RBX: 00007f29233b5fa0 RCX: 00007f292318e929
[  421.158651][T10733] RDX: 040000000000019e RSI: 0000200000002e40 RDI: 0000000000000004
[  421.158662][T10733] RBP: 00007f29240aa090 R08: 0000000000000000 R09: 0000000000000000
[  421.158672][T10733] R10: 0000000000000142 R11: 0000000000000246 R12: 0000000000000001
[  421.158682][T10733] R13: 0000000000000000 R14: 00007f29233b5fa0 R15: 00007ffcf892f828
[  421.158706][T10733]  </TASK>
[  421.689955][ T5873] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  421.981530][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.025266][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  422.116142][ T5873] usb 4-1: New USB device found, idVendor=11ff, idProduct=3231, bcdDevice= 0.00
[  422.157770][T10741] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1314'.
[  422.187556][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.208198][ T5873] usb 4-1: config 0 descriptor??
[  422.702057][T10748] batadv0: entered promiscuous mode
[  422.726494][T10748] macvlan2: entered promiscuous mode
[  422.732951][T10748] macvlan2: entered allmulticast mode
[  422.738423][T10748] batadv0: entered allmulticast mode
[  422.788840][T10748] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  422.952849][ T5900] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  422.958574][T10748] batadv0: left promiscuous mode
[  422.967768][ T5900] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  423.504778][T10765] netlink: 'syz.4.1321': attribute type 10 has an invalid length.
[  423.520999][T10765] bond0: (slave ������): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  423.521327][ T5873] usbhid 4-1:0.0: can't add hid device: -71
[  423.534176][ T5820] Bluetooth: hci3: command 0x0406 tx timeout
[  423.548776][ T5873] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  423.612031][ T5873] usb 4-1: USB disconnect, device number 28
[  423.802315][T10776] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1326'.
[  423.950641][T10777] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1324'.
[  423.976990][T10764] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1322'.
[  424.100547][T10764] netlink: 10 bytes leftover after parsing attributes in process `syz.0.1322'.
[  424.351879][T10787] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1329'.
[  424.662301][T10783] block nbd0: NBD_DISCONNECT
[  424.870174][T10795] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  426.266249][ T5873] kernel write not supported for file /tty/drivers (pid: 5873 comm: kworker/1:3)
[  426.377417][T10811] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1338'.
[  426.445943][T10811] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1338'.
[  427.391179][T10823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1340'.
[  427.544883][T10822] lo speed is unknown, defaulting to 1000
[  427.587067][T10821] 9pnet_fd: Insufficient options for proto=fd
[  427.632472][   T30] audit: type=1400 audit(1749495951.980:671): avc:  denied  { ioctl } for  pid=10818 comm="syz.1.1339" path="mnt:[4026532828]" dev="nsfs" ino=4026532828 ioctlcmd=0xb701 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  427.694259][   T30] audit: type=1326 audit(1749495951.990:672): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10818 comm="syz.1.1339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cd198e929 code=0x7ffc0000
[  427.820131][   T30] audit: type=1326 audit(1749495951.990:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10818 comm="syz.1.1339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cd198e929 code=0x7ffc0000
[  427.978880][   T30] audit: type=1326 audit(1749495951.990:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10818 comm="syz.1.1339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f5cd198e929 code=0x7ffc0000
[  428.129694][   T30] audit: type=1326 audit(1749495952.110:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10818 comm="syz.1.1339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cd198e929 code=0x7ffc0000
[  428.172005][   T30] audit: type=1326 audit(1749495952.110:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10818 comm="syz.1.1339" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5cd198e929 code=0x7ffc0000
[  428.674641][    T9] usb 5-1: new low-speed USB device number 36 using dummy_hcd
[  429.031619][    T9] usb 5-1: config 0 has an invalid interface number: 55 but max is 0
[  429.292282][    T9] usb 5-1: config 0 has no interface number 0
[  429.309270][T10839] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  429.378935][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  429.378965][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  429.378989][    T9] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  429.379028][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  429.379051][    T9] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  429.379071][    T9] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  429.379106][    T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  429.379125][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  429.428177][    T9] usb 5-1: config 0 descriptor??
[  429.428778][T10832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  429.428867][T10832] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  429.430771][    T9] ldusb 5-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  429.543361][T10848] 9pnet_fd: Insufficient options for proto=fd
[  429.716147][ T5873] usb 5-1: USB disconnect, device number 36
[  429.723498][ T5873] ldusb 5-1:0.55: LD USB Device #0 now disconnected
[  430.000784][ T5893] usb 1-1: new full-speed USB device number 30 using dummy_hcd
[  430.112914][T10859] netlink: zone id is out of range
[  430.112941][T10859] netlink: zone id is out of range
[  430.112948][T10859] netlink: zone id is out of range
[  430.113325][T10859] netlink: zone id is out of range
[  430.113355][T10859] netlink: zone id is out of range
[  430.142783][T10859] netlink: set zone limit has 4 unknown bytes
[  430.174695][ T5893] usb 1-1: no configurations
[  430.174750][ T5893] usb 1-1: can't read configurations, error -22
[  430.300031][ T5893] usb 1-1: new full-speed USB device number 31 using dummy_hcd
[  430.451971][ T5893] usb 1-1: no configurations
[  430.451992][ T5893] usb 1-1: can't read configurations, error -22
[  430.452324][ T5893] usb usb1-port1: attempt power cycle
[  430.542502][T10863] ref_ctr_offset mismatch. inode: 0x51b offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x4
[  430.680150][T10867] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  430.800283][ T5893] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  430.827791][ T5893] usb 1-1: no configurations
[  430.827870][ T5893] usb 1-1: can't read configurations, error -22
[  430.965062][ T5893] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  431.071367][ T5893] usb 1-1: no configurations
[  431.071388][ T5893] usb 1-1: can't read configurations, error -22
[  431.071608][ T5893] usb usb1-port1: unable to enumerate USB device
[  432.020354][T10873] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1354'.
[  432.030365][T10873] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1354'.
[  434.605987][T10901] delete_channel: no stack
[  434.710035][   T30] audit: type=1400 audit(1749495959.160:677): avc:  denied  { write } for  pid=10908 comm="syz.1.1363" name="file0" dev="tmpfs" ino=1625 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  434.772041][   T30] audit: type=1400 audit(1749495959.160:678): avc:  denied  { open } for  pid=10908 comm="syz.1.1363" path="/305/file0" dev="tmpfs" ino=1625 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  434.835805][   T30] audit: type=1400 audit(1749495959.160:679): avc:  denied  { ioctl } for  pid=10908 comm="syz.1.1363" path="/305/file0" dev="tmpfs" ino=1625 ioctlcmd=0x1273 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  434.927343][T10904] netlink: 2 bytes leftover after parsing attributes in process `syz.0.1361'.
[  436.410498][T10933] netlink: 10 bytes leftover after parsing attributes in process `syz.3.1368'.
[  438.502886][   T30] audit: type=1400 audit(1749495962.950:680): avc:  denied  { read } for  pid=10957 comm="syz.0.1380" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  438.624362][T10968] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1378'.
[  439.060982][T10976] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1383'.
[  439.570263][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  439.577714][   T30] audit: type=1400 audit(1749495963.630:681): avc:  denied  { mount } for  pid=10970 comm="syz.4.1382" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  439.600332][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  439.606723][   T30] audit: type=1400 audit(1749495963.640:682): avc:  denied  { search } for  pid=10970 comm="syz.4.1382" name="/" dev="nfsd" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir permissive=1
[  439.629228][   T30] audit: type=1400 audit(1749495963.640:683): avc:  denied  { unmount } for  pid=10970 comm="syz.4.1382" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfsd_fs_t tclass=filesystem permissive=1
[  439.707221][T10982] netlink: 'syz.1.1384': attribute type 10 has an invalid length.
[  440.080040][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  440.626119][T10988] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1386'.
[  440.641533][T10959] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  440.647918][ T5820] Bluetooth: hci1: command 0x0406 tx timeout
[  440.789535][T10992] lo speed is unknown, defaulting to 1000
[  441.432772][T10959] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  441.445713][T10959] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  441.451747][T10959] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  441.459751][T10959] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  442.475774][T11002] lo speed is unknown, defaulting to 1000
[  442.640897][T11012] syz.3.1394: attempt to access beyond end of device
[  442.640897][T11012] nbd3: rw=0, sector=64, nr_sectors = 1 limit=0
[  442.660075][ T5900] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  442.692743][T11012] syz.3.1394: attempt to access beyond end of device
[  442.692743][T11012] nbd3: rw=0, sector=256, nr_sectors = 1 limit=0
[  442.720396][ T5820] Bluetooth: hci1: command 0x0406 tx timeout
[  442.730737][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  442.765178][T11012] syz.3.1394: attempt to access beyond end of device
[  442.765178][T11012] nbd3: rw=0, sector=512, nr_sectors = 1 limit=0
[  442.779448][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  442.793859][T11012] syz.3.1394: attempt to access beyond end of device
[  442.793859][T11012] nbd3: rw=0, sector=64, nr_sectors = 2 limit=0
[  442.806981][T11012] syz.3.1394: attempt to access beyond end of device
[  442.806981][T11012] nbd3: rw=0, sector=512, nr_sectors = 2 limit=0
[  442.823039][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  442.830302][ T5900] usb 1-1: Using ep0 maxpacket: 32
[  442.832871][T11012] syz.3.1394: attempt to access beyond end of device
[  442.832871][T11012] nbd3: rw=0, sector=1024, nr_sectors = 2 limit=0
[  442.854171][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  442.857561][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  442.864381][T11012] syz.3.1394: attempt to access beyond end of device
[  442.864381][T11012] nbd3: rw=0, sector=64, nr_sectors = 4 limit=0
[  442.901197][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  442.912973][ T5900] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  442.920414][T11012] syz.3.1394: attempt to access beyond end of device
[  442.920414][T11012] nbd3: rw=0, sector=1024, nr_sectors = 4 limit=0
[  442.923609][ T5900] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  442.952846][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  442.983060][T11012] syz.3.1394: attempt to access beyond end of device
[  442.983060][T11012] nbd3: rw=0, sector=2048, nr_sectors = 4 limit=0
[  443.013433][ T5900] usb 1-1: config 0 descriptor??
[  443.017881][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.029950][ T5900] hub 1-1:0.0: USB hub found
[  443.030234][  T974] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  443.063134][T11012] syz.3.1394: attempt to access beyond end of device
[  443.063134][T11012] nbd3: rw=0, sector=64, nr_sectors = 8 limit=0
[  443.078464][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  443.091220][T11012] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.102519][T11012] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  443.143826][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  443.162880][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.244043][ T5900] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  443.249096][  T974] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  443.430078][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.480960][  T974] usb 4-1: config 0 descriptor??
[  443.494259][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  443.494628][T11025] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  443.554635][T11024] xt_TPROXY: Can be used only with -p tcp or -p udp
[  443.561439][ T5820] Bluetooth: hci3: command 0x0406 tx timeout
[  443.565247][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  443.581838][  T974] cp210x 4-1:0.0: cp210x converter detected
[  443.588209][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.613150][T11025] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  443.627412][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  443.649395][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.680549][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=256, location=256
[  443.703063][T11013] UDF-fs: error (device nbd3): udf_read_tagged: read failed, block=512, location=512
[  443.750350][T11013] UDF-fs: warning (device nbd3): udf_fill_super: No partition found (1)
[  443.800703][ T5900] hid-generic 0003:046D:C31C.000D: unknown main item tag 0x0
[  443.843156][T11029] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1398'.
[  443.853396][ T5900] hid-generic 0003:046D:C31C.000D: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0
[  444.313952][T11041] netlink: 'syz.1.1402': attribute type 1 has an invalid length.
[  444.317391][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1403'.
[  444.333694][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1403'.
[  444.352899][T11041] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1402'.
[  444.402687][    T9] usb 1-1: USB disconnect, device number 34
[  444.573460][  T974] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  444.638862][T11048] fuse: Unknown parameter 'fd0x0000000000000008'
[  444.745442][  T974] usb 4-1: cp210x converter now attached to ttyUSB0
[  445.218108][    T9] usb 4-1: USB disconnect, device number 29
[  445.227266][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  445.406614][    T9] cp210x 4-1:0.0: device disconnected
[  445.600283][   T51] Bluetooth: hci2: command 0x0406 tx timeout
[  445.959605][T11079] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1414'.
[  446.120891][T11083] Cannot find del_set index 128 as target
[  446.150599][    T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  446.312959][    T9] usb 4-1: config 0 has an invalid interface number: 124 but max is 0
[  446.330376][    T9] usb 4-1: config 0 has no interface number 0
[  446.336658][    T9] usb 4-1: config 0 interface 124 has no altsetting 0
[  446.388756][    T9] usb 4-1: New USB device found, idVendor=0403, idProduct=f06a, bcdDevice=32.00
[  446.413374][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  446.433440][    T9] usb 4-1: Product: syz
[  446.444756][    T9] usb 4-1: Manufacturer: syz
[  446.459215][    T9] usb 4-1: SerialNumber: syz
[  446.471861][    T9] usb 4-1: config 0 descriptor??
[  446.561456][ T8248] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  446.689117][    T9] ftdi_sio 4-1:0.124: FTDI USB Serial Device converter detected
[  446.704350][    T9] usb 4-1: Detected FT233HP
[  446.718842][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  446.798882][    T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  446.822797][    T9] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  446.891339][    T9] usb 4-1: USB disconnect, device number 30
[  446.907990][   T30] audit: type=1800 audit(1749495971.360:684): pid=11091 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.1418" name="bus" dev="overlay" ino=1401 res=0 errno=0
[  446.945703][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  446.970357][    T9] ftdi_sio 4-1:0.124: device disconnected
[  447.116353][   T30] audit: type=1400 audit(1749495971.570:685): avc:  denied  { create } for  pid=11096 comm="syz.4.1420" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  447.282806][T11098] netlink: 'syz.4.1420': attribute type 10 has an invalid length.
[  447.334516][T11098] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  447.925993][T11112] loop6: detected capacity change from 0 to 524287999
[  447.933218][T11112] buffer_io_error: 22 callbacks suppressed
[  447.933228][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.946954][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.955224][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.963169][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.971095][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.979047][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.987157][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  447.995197][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.003125][T11112] ldm_validate_partition_table(): Disk read failed.
[  448.009741][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.017790][T11112] Buffer I/O error on dev loop6, logical block 0, async page read
[  448.025727][T11112] Dev loop6: unable to read RDB block 0
[  448.031490][T11112]  loop6: unable to read partition table
[  448.037230][T11112] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  448.130581][T11115] ldm_validate_partition_table(): Disk read failed.
[  448.141745][T11115] Dev loop6: unable to read RDB block 0
[  448.150281][T11115]  loop6: unable to read partition table
[  448.170175][T11110] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1425'.
[  448.182629][    T9] usb 1-1: new full-speed USB device number 35 using dummy_hcd
[  448.206120][T11115] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  448.340076][    T9] usb 1-1: device descriptor read/64, error -71
[  448.588604][T11124] lo speed is unknown, defaulting to 1000
[  448.720521][    T9] usb 1-1: new full-speed USB device number 36 using dummy_hcd
[  448.895215][T11130] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  448.920152][    T9] usb 1-1: device descriptor read/64, error -71
[  448.983202][T11132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1431'.
[  449.080458][    T9] usb usb1-port1: attempt power cycle
[  449.481585][    T9] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  449.720902][    T9] usb 1-1: device descriptor read/8, error -71
[  450.020727][    T9] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[  450.300877][    T9] usb 1-1: device descriptor read/8, error -71
[  450.422189][    T9] usb usb1-port1: unable to enumerate USB device
[  451.024857][T11163] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1440'.
[  451.734179][T11177] bond0: Error: Cannot enslave bond to itself.
[  452.150026][ T5893] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  452.158183][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  452.290128][ T5893] usb 5-1: device descriptor read/64, error -32
[  452.529959][ T5893] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[  452.672204][T11166] netlink: 10 bytes leftover after parsing attributes in process `syz.2.1439'.
[  452.820157][ T5893] usb 5-1: Using ep0 maxpacket: 32
[  452.860043][ T5893] usb 5-1: config 0 has an invalid interface number: 20 but max is 0
[  452.880030][ T5893] usb 5-1: config 0 has no interface number 0
[  452.880401][T11199] FAULT_INJECTION: forcing a failure.
[  452.880401][T11199] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  452.886179][ T5893] usb 5-1: config 0 interface 20 has no altsetting 0
[  452.942917][T11199] CPU: 1 UID: 0 PID: 11199 Comm: syz.0.1450 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  452.942941][T11199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  452.942951][T11199] Call Trace:
[  452.942957][T11199]  <TASK>
[  452.942963][T11199]  dump_stack_lvl+0x16c/0x1f0
[  452.942995][T11199]  should_fail_ex+0x512/0x640
[  452.943022][T11199]  _copy_to_user+0x32/0xd0
[  452.943051][T11199]  simple_read_from_buffer+0xcb/0x170
[  452.943076][T11199]  proc_fail_nth_read+0x197/0x270
[  452.943101][T11199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  452.943124][T11199]  ? rw_verify_area+0xcf/0x680
[  452.943144][T11199]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  452.943165][T11199]  vfs_read+0x1e1/0xc60
[  452.943191][T11199]  ? __pfx___mutex_lock+0x10/0x10
[  452.943218][T11199]  ? __pfx_vfs_read+0x10/0x10
[  452.943246][T11199]  ? __fget_files+0x20e/0x3c0
[  452.943285][T11199]  ksys_read+0x12a/0x250
[  452.943307][T11199]  ? __pfx_ksys_read+0x10/0x10
[  452.943339][T11199]  do_syscall_64+0xcd/0x4c0
[  452.943368][T11199]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  452.943387][T11199] RIP: 0033:0x7faedeb8d33c
[  452.943402][T11199] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  452.943419][T11199] RSP: 002b:00007faedfaa6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  452.943436][T11199] RAX: ffffffffffffffda RBX: 00007faededb5fa0 RCX: 00007faedeb8d33c
[  452.943447][T11199] RDX: 000000000000000f RSI: 00007faedfaa60a0 RDI: 0000000000000003
[  452.943458][T11199] RBP: 00007faedfaa6090 R08: 0000000000000000 R09: 0000000000000000
[  452.943468][T11199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  452.943478][T11199] R13: 0000000000000000 R14: 00007faededb5fa0 R15: 00007ffea779bb38
[  452.943506][T11199]  </TASK>
[  453.414900][ T5893] usb 5-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=49.38
[  453.424230][ T5893] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  453.432855][ T5893] usb 5-1: Product: syz
[  453.437175][ T5893] usb 5-1: Manufacturer: syz
[  453.441867][ T5893] usb 5-1: SerialNumber: syz
[  453.470895][ T5893] usb 5-1: config 0 descriptor??
[  453.541224][ T5893] ftdi_sio 5-1:0.20: FTDI USB Serial Device converter detected
[  453.559155][ T5893] ftdi_sio ttyUSB0: unknown device type: 0x4938
[  454.771640][T11224] cgroup: Bad value for 'name'
[  455.530024][ T5893] usb 1-1: new full-speed USB device number 39 using dummy_hcd
[  455.745342][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  455.910026][ T5893] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  456.512564][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.529024][ T5873] usb 5-1: USB disconnect, device number 38
[  456.551610][ T5873] ftdi_sio 5-1:0.20: device disconnected
[  456.563947][ T5893] usb 1-1: config 0 descriptor??
[  456.580093][T11232] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  456.704145][T11243] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  457.195559][ T5893] elan 0003:04F3:0755.000E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0
[  457.349997][ T5873] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[  457.771373][T11232] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  457.800414][T11232] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  457.893863][   T30] audit: type=1400 audit(1749495982.350:686): avc:  denied  { execute } for  pid=11249 comm="syz.2.1454" path="/dev/snd/pcmC0D0c" dev="devtmpfs" ino=1283 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  457.932014][ T5873] usb 5-1: Using ep0 maxpacket: 8
[  457.938974][ T5879] usb 1-1: USB disconnect, device number 39
[  457.989343][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0
[  458.004725][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  458.016199][ T5873] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  458.038590][ T5873] usb 5-1: New USB device found, idVendor=07c9, idProduct=0012, bcdDevice=f6.82
[  458.048173][ T5873] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.056300][ T5873] usb 5-1: Product: syz
[  458.060568][ T5873] usb 5-1: Manufacturer: syz
[  458.065162][ T5873] usb 5-1: SerialNumber: syz
[  458.083231][ T5873] usb 5-1: config 0 descriptor??
[  458.268468][T11254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1466'.
[  458.408457][T11245] netlink: 1068 bytes leftover after parsing attributes in process `syz.4.1463'.
[  458.439034][T11255] netlink: 1068 bytes leftover after parsing attributes in process `syz.4.1463'.
[  458.484029][ T5873] usb 5-1: USB disconnect, device number 39
[  459.593547][T11263] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  459.674949][T11263] syzkaller0: entered promiscuous mode
[  459.680734][T11263] syzkaller0: entered allmulticast mode
[  459.686721][T11263] tipc: Resetting bearer <eth:syzkaller0>
[  459.718823][T11266] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1471'.
[  459.841396][T11262] tipc: Resetting bearer <eth:syzkaller0>
[  460.991963][T11275] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  463.923842][T11286] xt_hashlimit: max too large, truncated to 1048576
[  463.930910][T11286] xt_hashlimit: Unknown mode mask 488, kernel too old?
[  464.925214][T11262] tipc: Disabling bearer <eth:syzkaller0>
[  464.950413][T11275] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12
[  464.989111][T11275] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12
[  465.015522][   T30] audit: type=1400 audit(1749495989.470:687): avc:  denied  { firmware_load } for  pid=11273 comm="syz.1.1465" scontext=system_u:system_r:kernel_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  465.037257][T11275] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  465.351172][T11296] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1476'.
[  467.044077][T11309] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  467.208685][T11315] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1483'.
[  467.509294][T11309] lo speed is unknown, defaulting to 1000
[  467.876944][T11326] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  467.890107][    T9] usb 5-1: new high-speed USB device number 40 using dummy_hcd
[  468.185195][T11327] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  468.198165][   T30] audit: type=1400 audit(1749495992.650:688): avc:  denied  { mount } for  pid=11328 comm="syz.1.1488" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  468.199201][    T9] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.240921][T11331] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  468.259938][ T5873] usb 4-1: new full-speed USB device number 31 using dummy_hcd
[  468.260124][    T9] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1280, setting to 1024
[  468.286769][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  468.315099][   T30] audit: type=1400 audit(1749495992.770:689): avc:  denied  { unmount } for  pid=5818 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  468.338319][    T9] usb 5-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  468.398088][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.418746][    T9] usb 5-1: config 0 descriptor??
[  468.433464][ T5873] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  468.443578][T11318] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  468.452379][ T5873] usb 4-1: config 0 has no interface number 0
[  468.471531][ T5873] usb 4-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  468.480855][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  468.488852][ T5873] usb 4-1: Product: syz
[  468.509982][ T5873] usb 4-1: Manufacturer: syz
[  468.514747][ T5873] usb 4-1: SerialNumber: syz
[  468.531591][ T5873] usb 4-1: config 0 descriptor??
[  468.544557][ T5873] hub 4-1:0.132: bad descriptor, ignoring hub
[  468.553092][ T5873] hub 4-1:0.132: probe with driver hub failed with error -5
[  468.573209][ T5873] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.132/input/input26
[  468.632123][   T30] audit: type=1400 audit(1749495993.080:690): avc:  denied  { map } for  pid=11333 comm="syz.0.1490" path="socket:[34298]" dev="sockfs" ino=34298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  468.945980][    T9] logitech 0003:046D:C294.000F: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.4-1/input0
[  468.966684][    T9] logitech 0003:046D:C294.000F: no inputs found
[  468.966788][   T30] audit: type=1400 audit(1749495993.080:691): avc:  denied  { accept } for  pid=11333 comm="syz.0.1490" path="socket:[34298]" dev="sockfs" ino=34298 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  469.145375][ T5873] usb 4-1: USB disconnect, device number 31
[  469.541053][T11318] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1486'.
[  469.592314][    T9] usb 5-1: USB disconnect, device number 40
[  470.432034][T11367] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  470.438590][T11367] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  470.463307][T11372] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1496'.
[  470.592427][T11367] vhci_hcd vhci_hcd.0: Device attached
[  470.735187][ T5900] usb 2-1: new low-speed USB device number 21 using dummy_hcd
[  470.930495][ T5900] usb 2-1: config 0 has no interfaces?
[  471.088881][ T5900] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  471.129976][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  471.148782][T11378] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  471.155782][    T9] vhci_hcd: vhci_device speed not set
[  471.166535][ T5900] usb 2-1: config 0 descriptor??
[  471.259009][    T9] usb 35-1: new full-speed USB device number 2 using vhci_hcd
[  471.541388][T11385] geneve2: entered promiscuous mode
[  471.546978][T11385] geneve2: entered allmulticast mode
[  471.784219][T11369] usb 35-1: recv xbuf, -104
[  471.801606][ T5900] usb 2-1: USB disconnect, device number 21
[  471.815719][ T8254] vhci_hcd: stop threads
[  471.821899][ T8254] vhci_hcd: release socket
[  471.833262][ T8254] vhci_hcd: disconnect device
[  471.890222][    T9] vhci_hcd: vhci_device speed not set
[  472.345006][T11390] SELinux: security_context_str_to_sid (5���]�S9q#���) failed with errno=-22
[  472.371804][T11378] lo speed is unknown, defaulting to 1000
[  473.273587][T11407] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1505'.
[  475.005070][T11423] lo speed is unknown, defaulting to 1000
[  475.101131][ T5879] usb 1-1: new low-speed USB device number 40 using dummy_hcd
[  475.206296][T11430] netlink: 277 bytes leftover after parsing attributes in process `syz.3.1512'.
[  475.381713][ T5879] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  475.392762][ T5879] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  475.415043][ T5879] usb 1-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  475.425974][ T5879] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  475.463518][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.480063][ T5893] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  475.505278][ T5879] hub 1-1:1.0: bad descriptor, ignoring hub
[  475.518080][ T5879] hub 1-1:1.0: probe with driver hub failed with error -5
[  475.528665][ T5879] cdc_wdm 1-1:1.0: skipping garbage
[  475.534054][ T5879] cdc_wdm 1-1:1.0: skipping garbage
[  475.539728][ T5879] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  475.690023][ T5893] usb 4-1: Using ep0 maxpacket: 16
[  475.860342][ T5893] usb 4-1: config 252 has an invalid interface number: 15 but max is 0
[  475.868632][ T5893] usb 4-1: config 252 has no interface number 0
[  475.921744][ T5893] usb 4-1: config 252 interface 15 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  476.305550][ T5893] usb 4-1: string descriptor 0 read error: -71
[  476.391904][ T5893] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29
[  476.569426][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.707406][ T5893] usb 4-1: can't set config #252, error -71
[  476.739975][ T5893] usb 4-1: USB disconnect, device number 32
[  477.520008][   T30] audit: type=1400 audit(1749496001.330:692): avc:  denied  { create } for  pid=11437 comm="syz.1.1514" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1
[  477.976728][T11453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  478.012360][T11453] lo speed is unknown, defaulting to 1000
[  478.020251][ T5879] usb 1-1: USB disconnect, device number 40
[  478.154149][   T30] audit: type=1400 audit(1749496002.600:693): avc:  denied  { read write } for  pid=11458 comm="syz.0.1519" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  478.459578][   T30] audit: type=1400 audit(1749496002.600:694): avc:  denied  { open } for  pid=11458 comm="syz.0.1519" path="/dev/nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  478.567231][   T13] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  478.709505][T11470] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1522'.
[  479.830261][T11463] netlink: 'syz.0.1519': attribute type 39 has an invalid length.
[  480.005495][T11463] syz_tun (unregistering): left allmulticast mode
[  480.630422][ T5893] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  480.790011][ T5893] usb 2-1: Using ep0 maxpacket: 16
[  480.880292][    T9] usb 5-1: new full-speed USB device number 41 using dummy_hcd
[  511.200054][    C0] ip6_tunnel: ip6gre1 xmit: Local address not yet configured!
[  585.909833][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  585.916800][    C0] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P5825/1:b..l P8257/1:b..l
[  585.926315][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=39749, q=98 ncpus=2)
[  585.933939][    C0] task:kworker/u8:17   state:R  running task     stack:23408 pid:8257  tgid:8257  ppid:2      task_flags:0x4208060 flags:0x00004000
[  585.948020][    C0] Workqueue: bat_events batadv_nc_worker
[  585.953669][    C0] Call Trace:
[  585.956940][    C0]  <TASK>
[  585.959869][    C0]  __schedule+0x116a/0x5de0
[  585.964372][    C0]  ? rcu_is_watching+0x12/0xc0
[  585.969137][    C0]  ? trace_sched_exit_tp+0xde/0x130
[  585.974348][    C0]  ? __pfx___schedule+0x10/0x10
[  585.979203][    C0]  ? __pfx___schedule+0x10/0x10
[  585.984060][    C0]  ? mark_held_locks+0x49/0x80
[  585.988829][    C0]  preempt_schedule_irq+0x51/0x90
[  585.993857][    C0]  irqentry_exit+0x36/0x90
[  585.998274][    C0]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  586.003726][    C0] RIP: 0010:lock_release+0x24/0x2f0
[  586.008929][    C0] Code: 90 90 90 90 90 90 f3 0f 1e fa 41 57 41 56 41 55 41 54 49 89 f4 53 48 89 fb 48 83 ec 18 65 48 8b 05 d9 48 34 12 48 89 44 24 10 <31> c0 0f 1f 44 00 00 65 8b 05 f2 48 34 12 83 f8 07 0f 87 38 02 00
[  586.028530][    C0] RSP: 0018:ffffc9000bb57ae0 EFLAGS: 00000282
[  586.034594][    C0] RAX: 2bc4bac3bc6eb200 RBX: ffffffff8e5c4840 RCX: ffffffff8b4cf568
[  586.042560][    C0] RDX: ffff88802928a440 RSI: ffffffff8b4cf265 RDI: ffffffff8e5c4840
[  586.050526][    C0] RBP: 0000000000000055 R08: 0000000000000001 R09: 0000000000000000
[  586.058491][    C0] R10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8b4cf265
[  586.066454][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[  586.074420][    C0]  ? batadv_nc_worker+0x895/0x1030
[  586.079535][    C0]  ? batadv_nc_worker+0xb98/0x1030
[  586.084645][    C0]  ? batadv_nc_worker+0x895/0x1030
[  586.089778][    C0]  batadv_nc_worker+0x89a/0x1030
[  586.094982][    C0]  ? rcu_is_watching+0x12/0xc0
[  586.099749][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  586.105132][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  586.110511][    C0]  process_one_work+0x9cf/0x1b70
[  586.115450][    C0]  ? __pfx_batadv_nc_worker+0x10/0x10
[  586.120821][    C0]  ? __pfx_process_one_work+0x10/0x10
[  586.126194][    C0]  ? assign_work+0x1a0/0x250
[  586.130795][    C0]  worker_thread+0x6c8/0xf10
[  586.135390][    C0]  ? __kthread_parkme+0x19e/0x250
[  586.140416][    C0]  ? __pfx_worker_thread+0x10/0x10
[  586.145520][    C0]  kthread+0x3c5/0x780
[  586.149582][    C0]  ? __pfx_kthread+0x10/0x10
[  586.154168][    C0]  ? rcu_is_watching+0x12/0xc0
[  586.158928][    C0]  ? __pfx_kthread+0x10/0x10
[  586.163513][    C0]  ret_from_fork+0x5d4/0x6f0
[  586.168106][    C0]  ? __pfx_kthread+0x10/0x10
[  586.172693][    C0]  ret_from_fork_asm+0x1a/0x30
[  586.177465][    C0]  </TASK>
[  586.180478][    C0] task:syz-executor    state:R  running task     stack:23336 pid:5825  tgid:5825  ppid:5810   task_flags:0x400140 flags:0x00004000
[  586.193961][    C0] Call Trace:
[  586.197230][    C0]  <TASK>
[  586.200155][    C0]  __schedule+0x116a/0x5de0
[  586.204657][    C0]  ? __lock_acquire+0x622/0x1c90
[  586.209608][    C0]  ? __pfx___schedule+0x10/0x10
[  586.214458][    C0]  ? page_table_check_set+0x627/0x750
[  586.219834][    C0]  ? page_table_check_set+0x631/0x750
[  586.225207][    C0]  ? preempt_schedule_thunk+0x16/0x30
[  586.230576][    C0]  preempt_schedule_common+0x44/0xc0
[  586.235862][    C0]  preempt_schedule_thunk+0x16/0x30
[  586.241063][    C0]  _raw_spin_unlock+0x3e/0x50
[  586.245739][    C0]  copy_page_range+0x2113/0x5d90
[  586.250709][    C0]  ? __pfx_copy_page_range+0x10/0x10
[  586.255994][    C0]  ? lock_acquire+0x62/0x350
[  586.260590][    C0]  ? __pfx___might_resched+0x10/0x10
[  586.265958][    C0]  ? __pfx_mas_store+0x10/0x10
[  586.270714][    C0]  ? __vma_enter_locked+0x163/0x3f0
[  586.275915][    C0]  ? dup_mmap+0xe38/0x21d0
[  586.280326][    C0]  ? down_write+0x14d/0x200
[  586.284825][    C0]  ? up_write+0x1b2/0x520
[  586.289152][    C0]  dup_mmap+0xe88/0x21d0
[  586.293399][    C0]  ? __pfx_dup_mmap+0x10/0x10
[  586.298092][    C0]  copy_process+0x4081/0x76a0
[  586.302773][    C0]  ? do_wp_page+0x1aa7/0x4f20
[  586.307467][    C0]  ? __pfx_copy_process+0x10/0x10
[  586.312504][    C0]  kernel_clone+0xfc/0x960
[  586.316924][    C0]  ? __pfx_kernel_clone+0x10/0x10
[  586.321955][    C0]  ? css_rstat_updated+0x9d/0xd30
[  586.326986][    C0]  __do_sys_clone+0xce/0x120
[  586.331578][    C0]  ? __pfx___do_sys_clone+0x10/0x10
[  586.336782][    C0]  ? handle_mm_fault+0x2ab/0xd10
[  586.341729][    C0]  ? do_user_addr_fault+0x843/0x1370
[  586.347026][    C0]  do_syscall_64+0xcd/0x4c0
[  586.351535][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.357422][    C0] RIP: 0033:0x7fcb70585193
[  586.361828][    C0] RSP: 002b:00007fffa3447bf8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[  586.370238][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fcb70585193
[  586.378201][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[  586.386162][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001
[  586.394122][    C0] R10: 00005555680987d0 R11: 0000000000000246 R12: 0000000000000000
[  586.402105][    C0] R13: 00000000000927c0 R14: 0000000000075530 R15: 00007fffa3447d90
[  586.410083][    C0]  </TASK>
[  586.413095][    C0] rcu: rcu_preempt kthread timer wakeup didn't happen for 10495 jiffies! g39749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  586.425405][    C0] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=33992
[  586.433282][    C0] rcu: rcu_preempt kthread starved for 10496 jiffies! g39749 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  586.444639][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  586.454594][    C0] rcu: RCU grace-period kthread stack dump:
[  586.460471][    C0] task:rcu_preempt     state:I stack:27928 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00004000
[  586.472387][    C0] Call Trace:
[  586.475657][    C0]  <TASK>
[  586.478585][    C0]  __schedule+0x116a/0x5de0
[  586.483100][    C0]  ? __lock_acquire+0x622/0x1c90
[  586.488047][    C0]  ? __pfx___schedule+0x10/0x10
[  586.492905][    C0]  ? find_held_lock+0x2b/0x80
[  586.497578][    C0]  ? schedule+0x2d7/0x3a0
[  586.501913][    C0]  schedule+0xe7/0x3a0
[  586.505982][    C0]  schedule_timeout+0x123/0x290
[  586.510832][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  586.516201][    C0]  ? __pfx_process_timeout+0x10/0x10
[  586.521491][    C0]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  586.527299][    C0]  ? prepare_to_swait_event+0xf5/0x480
[  586.532762][    C0]  rcu_gp_fqs_loop+0x1ea/0xb00
[  586.537536][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  586.542822][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  586.548019][    C0]  ? __pfx_rcu_gp_init+0x10/0x10
[  586.552956][    C0]  ? rcu_gp_cleanup+0x7c1/0xd90
[  586.557814][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  586.563625][    C0]  rcu_gp_kthread+0x270/0x380
[  586.568303][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  586.573500][    C0]  ? rcu_is_watching+0x12/0xc0
[  586.578275][    C0]  ? lockdep_hardirqs_on+0x7c/0x110
[  586.583500][    C0]  ? __kthread_parkme+0x19e/0x250
[  586.588543][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  586.593748][    C0]  kthread+0x3c5/0x780
[  586.597816][    C0]  ? __pfx_kthread+0x10/0x10
[  586.602401][    C0]  ? rcu_is_watching+0x12/0xc0
[  586.607163][    C0]  ? __pfx_kthread+0x10/0x10
[  586.611746][    C0]  ret_from_fork+0x5d4/0x6f0
[  586.616337][    C0]  ? __pfx_kthread+0x10/0x10
[  586.620922][    C0]  ret_from_fork_asm+0x1a/0x30
[  586.625694][    C0]  </TASK>
[  586.628705][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  586.635014][    C0] Sending NMI from CPU 0 to CPUs 1:
[  586.640224][    C1] NMI backtrace for cpu 1
[  586.640237][    C1] CPU: 1 UID: 0 PID: 11491 Comm: syz.0.1529 Not tainted 6.16.0-rc1-syzkaller #0 PREEMPT(full) 
[  586.640254][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  586.640262][    C1] RIP: 0010:advance_sched+0x3bc/0xc80
[  586.640283][    C1] Code: 83 fc 0f 0f 87 90 07 00 00 e8 30 a6 29 f8 49 8d bf c0 00 00 00 48 b9 00 00 00 00 00 fc ff df 48 89 f8 48 c1 e8 03 80 3c 08 00 <0f> 85 41 07 00 00 49 89 9f c0 00 00 00 41 83 c6 01 44 89 ee 49 83
[  586.640297][    C1] RSP: 0018:ffffc90000a08d90 EFLAGS: 00000046
[  586.640309][    C1] RAX: 1ffff110055ace18 RBX: 184e09651b8257c2 RCX: dffffc0000000000
[  586.640319][    C1] RDX: ffff888058c14880 RSI: ffffffff89927680 RDI: ffff88802ad670c0
[  586.640327][    C1] RBP: 0000000004000001 R08: 0000000000000006 R09: 0000000000000000
[  586.640335][    C1] R10: 0000000004000001 R11: 0000000000000001 R12: 0000000000000000
[  586.640343][    C1] R13: 0000000000000002 R14: 0000000000000000 R15: ffff88802ad67000
[  586.640352][    C1] FS:  00007faedfaa66c0(0000) GS:ffff888124854000(0000) knlGS:0000000000000000
[  586.640366][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  586.640375][    C1] CR2: 0000200000044000 CR3: 000000005cdaf000 CR4: 00000000003526f0
[  586.640384][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  586.640392][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  586.640400][    C1] Call Trace:
[  586.640406][    C1]  <IRQ>
[  586.640416][    C1]  ? __pfx_advance_sched+0x10/0x10
[  586.640432][    C1]  __hrtimer_run_queues+0x1ff/0xad0
[  586.640451][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  586.640465][    C1]  ? read_tsc+0x9/0x20
[  586.640482][    C1]  hrtimer_interrupt+0x397/0x8e0
[  586.640502][    C1]  __sysvec_apic_timer_interrupt+0x108/0x3f0
[  586.640523][    C1]  sysvec_apic_timer_interrupt+0x9f/0xc0
[  586.640542][    C1]  </IRQ>
[  586.640546][    C1]  <TASK>
[  586.640551][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  586.640566][    C1] RIP: 0010:x2apic_send_IPI+0x9a/0xe0
[  586.640582][    C1] Code: 8b 13 0f ae f0 0f ae e8 b9 00 04 00 00 41 83 fc 02 44 89 e0 48 0f 44 c1 48 c1 e2 20 b9 30 08 00 00 48 09 d0 48 c1 ea 20 0f 30 <66> 90 5b 5d 41 5c e9 8b 33 19 0a 5b 31 d2 5d 48 89 c6 bf 30 08 00
[  586.640594][    C1] RSP: 0018:ffffc9000398fa08 EFLAGS: 00000246
[  586.640605][    C1] RAX: 00000000000000fb RBX: ffff8880b84201b4 RCX: 0000000000000830
[  586.640614][    C1] RDX: 0000000000000000 RSI: 00000000000000fb RDI: ffffffff8df25da0
[  586.640622][    C1] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  586.640630][    C1] R10: 0000000000000001 R11: 0000000000000001 R12: 00000000000000fb
[  586.640638][    C1] R13: 1ffff92000731f47 R14: 1ffff92000731f01 R15: 0000000000000000
[  586.640653][    C1]  ? trace_ipi_send_cpu.constprop.0+0x195/0x220
[  586.640670][    C1]  __smp_call_single_queue+0x28c/0x2f0
[  586.640688][    C1]  ? __pfx___smp_call_single_queue+0x10/0x10
[  586.640705][    C1]  ? __pfx___wait_for_common+0x10/0x10
[  586.640724][    C1]  ? do_user_addr_fault+0x829/0x1370
[  586.640743][    C1]  generic_exec_single+0xb4/0x390
[  586.640760][    C1]  smp_call_function_single_async+0x68/0xd0
[  586.640777][    C1]  rdmsr_safe_on_cpu+0x104/0x210
[  586.640795][    C1]  ? __pfx_rdmsr_safe_on_cpu+0x10/0x10
[  586.640812][    C1]  ? __pfx___rdmsr_safe_on_cpu+0x10/0x10
[  586.640836][    C1]  msr_read+0x19d/0x250
[  586.640851][    C1]  ? __pfx_msr_read+0x10/0x10
[  586.640864][    C1]  ? bpf_lsm_file_permission+0x9/0x10
[  586.640883][    C1]  ? security_file_permission+0x71/0x210
[  586.640903][    C1]  ? rw_verify_area+0xcf/0x680
[  586.640917][    C1]  ? __pfx_msr_read+0x10/0x10
[  586.640930][    C1]  vfs_read+0x1e1/0xc60
[  586.640948][    C1]  ? __pfx_vfs_read+0x10/0x10
[  586.640962][    C1]  ? find_held_lock+0x2b/0x80
[  586.640982][    C1]  ? __fget_files+0x204/0x3c0
[  586.641001][    C1]  ? __fget_files+0x20e/0x3c0
[  586.641020][    C1]  ksys_read+0x12a/0x250
[  586.641035][    C1]  ? __pfx_ksys_read+0x10/0x10
[  586.641053][    C1]  do_syscall_64+0xcd/0x4c0
[  586.641074][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  586.641087][    C1] RIP: 0033:0x7faedeb8e929
[  586.641098][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  586.641110][    C1] RSP: 002b:00007faedfaa6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  586.641122][    C1] RAX: ffffffffffffffda RBX: 00007faededb5fa0 RCX: 00007faedeb8e929
[  586.641131][    C1] RDX: 0000000000019000 RSI: 0000200000032680 RDI: 0000000000000006
[  586.641139][    C1] RBP: 00007faedec10b39 R08: 0000000000000000 R09: 0000000000000000
[  586.641147][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  586.641155][    C1] R13: 0000000000000000 R14: 00007faededb5fa0 R15: 00007ffea779bb38
[  586.641168][    C1]  </TASK>