last executing test programs:

1m0.11741475s ago: executing program 0 (id=1020):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, &(0x7f00000001c0)={&(0x7f0000000000)=[{0x1, 0x8000, 0x29, &(0x7f0000000100)="c6"}, {0x1, 0xda01, 0x0, 0x0}], 0x2})

58.017130166s ago: executing program 0 (id=1029):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f01a, 0x1})

57.797084975s ago: executing program 0 (id=1030):
mkdir(&(0x7f0000000380)='./file1\x00', 0xa)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, 0x0, &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x244)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r3=>r2}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189378, &(0x7f0000000280)={{0x1, 0x1, 0x18, r3, {0x758b}}, './file1\x00'})

57.716050477s ago: executing program 0 (id=1031):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
io_setup(0x20, &(0x7f0000001140)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000040)=[&(0x7f0000000080)={0xf, 0x400000000000, 0x25, 0x7, 0x8, r2, 0x0, 0x0, 0x40000000000e7, 0x0, 0x2, r2}])
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}, 0xfffffdef}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0)

56.738261783s ago: executing program 0 (id=1034):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]})
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000040)=0x10)
timer_create(0x7, 0x0, &(0x7f0000000040)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000100)={{0x77359400}, {0x0, 0x3938700}}, &(0x7f0000000140))
mknod(&(0x7f0000000000)='./file0\x00', 0x8, 0x184)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x6d, 0xa, 0xa, 0x0, 0x0, 0x79, 0x10, 0x8}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80)

56.33624538s ago: executing program 0 (id=1036):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

40.720076825s ago: executing program 32 (id=1036):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x9)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)

31.967353246s ago: executing program 4 (id=1133):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@ipv4_newroute={0x30, 0x18, 0xaba64f4add525e7f, 0x70bd29, 0x25dfdbff, {0x2, 0x0, 0x10, 0x0, 0x2, 0x0, 0xfe, 0x7}, [@RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6, 0x6, 0x1c}}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x8}]}, 0x30}, 0x1, 0xffffff7f, 0x0, 0x20000800}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x7, 0x3, 0x79, 0x80000001}, {0x9, 0x9, 0x4, 0x80}, {0xfd25, 0x1, 0x3, 0x7ff}, {0x8, 0x2, 0xbd, 0x81}, {0x2, 0x9, 0x40, 0x80000001}]})
r1 = syz_usb_connect$hid(0x4, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010003000000086e051c0140000102030109022d000101000904002501"], 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff199610b90661408801010203010902120001000000000904"], 0x0)
ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0)
syz_usb_control_io$rtl8150(0xffffffffffffffff, &(0x7f00000000c0)={0x14, &(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES8=r1], &(0x7f0000000480)=ANY=[@ANYBLOB="00039800000098033a100735630f7136b46ab1825c983bef36309f093312fad0d00d2881bb69dd8926e7b5e629ecad6a65623547257ff374d565d37a8bbb4f913c22137cc263873d71b65e1af046ccbc66783a40ecd3e0ea59686693a5cf6e3e84e3595437e79bfb86db18c928c0bab2e91564f3c91daa6f75b5eb52c308859151c9953aa168b1d62e74c063a098b443a9c940bf8167fa75eba3428cc9a316b9ff857b842888438ff474ee42244e3e66c6183ff7088d05d40af334ddc1a662692e664903d6427b276c5bd1c9efea4b4f6adc35459a569ae6ba4c59bd4acecdc4091324b62ae32cb29c252fc284a7656f2d310cf71d91bcf22f2bca7047ccd3be803ccd4457ec8b"]}, &(0x7f0000000380)={0x2c, &(0x7f0000000180)=ANY=[@ANYRES32=r1], &(0x7f0000000280)={0x0, 0xa, 0x1, 0x2}, &(0x7f00000002c0)={0x0, 0x8, 0x1}, 0x0, 0x0})

29.684928382s ago: executing program 4 (id=1139):
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r2, &(0x7f0000000940), 0x10)
listen(r2, 0x0)
r3 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r3, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0xf, 0x28, 0xfffff038}, {0x20, 0x1f, 0xf6, 0xfffff024}, {0x6, 0x80, 0xf2}]}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001440)=@deltclass={0x24, 0x29, 0x1, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x8, 0xf}, {0x4, 0x2}, {0x1, 0xb}}}, 0x24}}, 0x44880)
ioctl$vim2m_VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, 0x0)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r4, 0x0)
r5 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x80c42, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x20000000)
read(r6, &(0x7f0000000040)=""/148, 0xffffff96)

28.91784733s ago: executing program 4 (id=1141):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/11], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r8 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})

27.907956983s ago: executing program 4 (id=1144):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@dellinkprop={0x44, 0x6c, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x1a, 0x2800}, [@IFLA_MAP={0x24, 0xe, {0x6, 0x1, 0x400000008, 0x800, 0x0, 0x4}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4044064}, 0x40000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x6, &(0x7f0000006680))
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8000, 0xfffffffa)
pipe2$9p(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = dup(r3)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000004380), 0x0, &(0x7f0000000340)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[{@access_client}, {@version_u}], [], 0x6b}})
r5 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r5, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000280)=@HCI_EVENT_PKT={0x4, @hci_ev_sync_conn_complete={{0x2c, 0x11}, {0x1, 0xc9, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x0, 0x2f, 0xc, 0x4}}}, 0x14)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
gettid()
timer_settime(0x0, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x50, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x0)

26.970515263s ago: executing program 4 (id=1147):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) (async)
mount(&(0x7f0000000100)=@nullb, &(0x7f0000000040)='.\x00', &(0x7f0000000180)='securityfs\x00', 0x5, 0x0)
r1 = socket(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0xe64, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x202}, 0x1c)
r2 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000040)=0x10) (async)
r3 = socket(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000480)={0xa, 0xe64, 0x3, @loopback, 0x10000002}, 0x1c)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff)
listen(r2, 0x4) (async)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000e00)={0x294, r4, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0xb8, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffff867}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfe000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}]}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x491}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x86}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}]}]}, @TIPC_NLA_MEDIA={0x148, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40000000}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffff75}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x82}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa111}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3d07}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_MEDIA={0x6c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff8000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x17b}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}, @TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8}]}]}, 0x294}}, 0x40)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'wlan0\x00'}) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0) (async)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000800)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, r9, {0xfff2, 0xffec}, {0xffff, 0xffff}, {0xfff1, 0x2}}, [@TCA_INGRESS_BLOCK={0x8, 0xd, 0x80}, @TCA_INGRESS_BLOCK={0x8}, @TCA_RATE={0x6, 0x5, {0x2, 0x8}}, @qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x6, 0x7, 0x7}}}}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x1}, @TCA_RATE={0x6, 0x5, {0x7f, 0x9e}}]}, 0x68}, 0x1, 0x0, 0x0, 0x20008000}, 0x20000000) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x7, &(0x7f0000000540)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_query]}, &(0x7f00000005c0)='syzkaller\x00', 0x10, 0x58, &(0x7f0000000600)=""/88, 0x40f00, 0x1, '\x00', r9, 0x0, r0, 0x8, &(0x7f0000000680)={0x2, 0x2}, 0x8, 0x10, &(0x7f00000006c0)={0x0, 0xa, 0x100, 0x5}, 0x10, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000700)=[{0x2, 0x5, 0xf}, {0x0, 0x2, 0x0, 0x8}, {0x0, 0x1, 0x4, 0x9}, {0x4, 0x5, 0xc, 0x3}], 0x10, 0x3}, 0x94) (async)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x1c, 0x20, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x8, 0x8, 0x0, 0x0, @fd}]}, 0x1c}}, 0xc004)
sendmsg$NL80211_CMD_GET_POWER_SAVE(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="0003bd7000fcdbdf253e00400500"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8044)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCSIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r10, 0x8983, &(0x7f00000004c0)) (async)
sendmsg$nl_generic(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002a80)=ANY=[@ANYBLOB="140000002b1e0701feffffff00000000037c0000"], 0x14}, 0x1, 0x0, 0x0, 0x404c011}, 0x8010)
ioctl$SG_GET_VERSION_NUM(r0, 0x2282, &(0x7f0000000500)) (async)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000000)={0x6, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000c6000100250000008510000001000000950000000000000018400008ffffffff000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x41100, 0x7a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r11 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000900)={'wlan1\x00', <r12=>0x0})
sendmsg$NL80211_CMD_SET_CQM(r11, &(0x7f0000000a40)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000a00)={&(0x7f0000000d40)={0xc0, r5, 0x8, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r12}, @val={0xc, 0x99, {0x66, 0x7f}}}}, [@NL80211_ATTR_CQM={0x1c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x247}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x4ae}]}, @NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x32}]}, @NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}]}, @NL80211_ATTR_CQM={0x18, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x2}, @NL80211_ATTR_CQM_RSSI_THOLD={0xc, 0x1, [0x81, 0x1]}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x19b}, @NL80211_ATTR_CQM_RSSI_HYST={0x8}]}, @NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2f1}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x3c}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xa0}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x653}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x62d}]}]}, 0xc0}}, 0x4000804)

26.741120004s ago: executing program 4 (id=1149):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000280)=0x108, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0xfffffe23, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x19, 0x0, &(0x7f0000000000)='GPL\x00', 0xfff, 0xe9, &(0x7f0000000700)=""/233, 0x0, 0x1}, 0x94)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003340), 0x0, 0x0)
mount$binder(0x0, 0x0, 0x0, 0x1000810, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x41c480, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

23.283327962s ago: executing program 5 (id=1098):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e, 0x28}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a)

15.31145869s ago: executing program 5 (id=1098):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e, 0x28}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a)

11.439403268s ago: executing program 33 (id=1149):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000004c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x2, &(0x7f0000000280)=0x108, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0xfffffe23, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x19, 0x0, &(0x7f0000000000)='GPL\x00', 0xfff, 0xe9, &(0x7f0000000700)=""/233, 0x0, 0x1}, 0x94)
socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000003340), 0x0, 0x0)
mount$binder(0x0, 0x0, 0x0, 0x1000810, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x41c480, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)

9.707953503s ago: executing program 6 (id=1182):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x34)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5543, 0x781, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x80, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xec, 0x13}}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, &(0x7f0000000400)={0x2c, &(0x7f0000000140)={0x40, 0xb, 0x5, {0x5, 0x21, "e1acdc"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)

7.630153996s ago: executing program 3 (id=1192):
r0 = syz_io_uring_setup(0x5c2, &(0x7f0000000140)={0x0, 0x2394, 0x0, 0x2}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
clock_gettime(0x0, &(0x7f0000000000)={<r3=>0x0, <r4=>0x0})
syz_io_uring_submit(r1, r2, &(0x7f00000004c0)=@IORING_OP_TIMEOUT={0xb, 0x18, 0x0, 0x0, 0x4, &(0x7f0000000280)={r3, r4+60000000}, 0x1, 0x40, 0x1})
io_uring_enter(r0, 0x6e2, 0x3900, 0x1, 0x0, 0xe00)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x11)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
ioctl$KVM_CAP_HYPERV_DIRECT_TLBFLUSH(0xffffffffffffffff, 0x4068aea3, 0x0)

7.385052184s ago: executing program 6 (id=1182):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x34)
ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
r2 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r3 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
write$binfmt_aout(r3, &(0x7f0000000380)=ANY=[@ANYBLOB="03070000b5"], 0xc8)
write$binfmt_aout(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="03040000b500000001008aea0000feff"], 0xc8)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000000c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_VERDICT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000100)={0x14, 0x3, 0x3, 0x101}, 0x14}, 0x1, 0x0, 0x0, 0xc0000}, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000850}, 0x40)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x0, 0x2066012}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x5543, 0x781, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x80, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xec, 0x13}}}}}]}}]}}, 0x0)
syz_usb_control_io(r6, &(0x7f0000000400)={0x2c, &(0x7f0000000140)={0x40, 0xb, 0x5, {0x5, 0x21, "e1acdc"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x40)

6.608201428s ago: executing program 3 (id=1194):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000180)=',]$\'+:\x00', &(0x7f0000000300)='./file0\x00', 0xffffffffffffff9c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)

5.67293984s ago: executing program 3 (id=1198):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f00000001c0)='GPL\x00'}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000003c0)="93378e66cf9b48cb59638401fcd1730172853a9fa89527996042ab60ae29f9c1", 0x4e)
r1 = accept4(r0, 0x0, 0x0, 0x800)
gettid()
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x1000, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r3, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r5=>0x0)
timer_settime(r5, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
splice(r3, 0x0, r2, 0x0, 0x10000008ebc, 0x0)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCGETS2(r6, 0x802c542a, &(0x7f0000000100))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
recvmmsg$unix(r1, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000140)=""/68, 0x44}], 0x1}}, {{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/13, 0xd}], 0x1}}], 0x2, 0x220, 0x0)

5.092160917s ago: executing program 3 (id=1201):
socket$nl_netfilter(0x10, 0x3, 0xc)
shmctl$IPC_STAT(0xffffffffffffffff, 0x2, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000e2793b10d10501200006010203010902120008000000000904"], 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000280)={0x1c, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0})
openat$tun(0xffffffffffffff9c, 0x0, 0x20702, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008d}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
socket$inet_udp(0x2, 0x2, 0x0)
r2 = creat(&(0x7f0000000040)='./file0\x00', 0x4b)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mremap(&(0x7f00000d5000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000ffd000/0x2000)=nil)
mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x0, 0x6083, 0x3)
close(r2)
syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
syz_usbip_server_init(0x2)
syz_usbip_server_init(0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000140)={0x1f, 0xffff, 0x3}, 0x6)
recvmmsg(r3, &(0x7f0000003600)=[{{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=""/143, 0x8f}, 0x6}], 0x2, 0x2, 0x0)
write(r3, &(0x7f00000000c0)="510003000000", 0x6)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)

4.809141621s ago: executing program 1 (id=1202):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0)
getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d)
syz_usb_connect(0x0, 0x5f, 0x0, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r3, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40001}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000100)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x4)
bind$rds(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10)
r5 = socket$kcm(0x10, 0x2, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r7 = timerfd_create(0x0, 0x0)
timerfd_settime(r7, 0x3, &(0x7f0000000140)={{}, {0x0, 0x989680}}, 0x0)
timerfd_settime(r7, 0x3, &(0x7f0000000000)={{0x77359400}, {0x77359400}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010700000000fcdbdf"], 0x2c}}, 0x40)
sendmsg$kcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
write$6lowpan_control(r4, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000940)={0x60, 0xc10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0xfffffffe}, {0x7fffffff, 0x0, 0x1}, {0x0, 0x0, 0xfffffffc}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x4})
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$inet(r8, &(0x7f0000000300)={&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000a00)=[{&(0x7f0000000380)="95a3c69701867cdbbef7103d4d5a17659f70b1aca9a0c7e22117b2402028ea515de6b38aa5340147ffacfa85dacef8386de1037d61ad9640a0f2282ae8fe0b91cc007457b00a7244cbb88bc29ba173dc76b52261a4b8e56f94734913482a70f6fdaf6dd455c6419d81040b6816c4c10e65f1cad93a60e535482a7a37afa14c7fb44da628e3d62c72fa46fdbc28ace7e586c8a23a6b5208bdb5025e79c52b059979370f682e4ceea0b48a3dc2dad462192c1511dbeb680457bd64b074bacaed92406d45ce209b68ce6d89cd7548b68ef8aedebdfdd2c5cd4bd77fbf2347b61e8be17b696b08b0ffadc587a482289dcd3a99c73da84a", 0xf5}, {&(0x7f0000000480)="7d9db306347192fcc66d0f0a73b77701da944db76b4966a1207317a7ea8fb07e17c8379329a2738a6c47f4c00fd816ed40d9cbb051d26cf0fd984fc921ce982360", 0x41}, {&(0x7f0000000500)="5f8365fed876bb4e3e4e6accf0292b4f355d8c98e2cb7d72351591c71d9bcc5478c434b1bbb77064d1f0cf5eede4e6b18f9566af96fcfe3b624cd5701dd09d759ac423", 0x43}, {&(0x7f0000000580)="af007dd704fa6ee62159d314b07849ce89c59230effaa0e1695b19299f07e8ab5655888ed3893182a34aded0d4eb6f8718a9824186062be99db90ab7dcdaa513c51ff6f370c4cf24dd1620975b31f0c1018d13ad4e943cc1eaa1a1faf61387243f07eed31900d6356ced754a4f2a591e37089ad50b86511de4b29dbfe1371cfc0c9ff64437e153bb9539503f2d87adc26a7870547d41ade6d743bd626231b3903ea6914fa8af132c575a99138daa7b1f749d8b6eba87a995ebfff9b86665f703d82a5f27835b94e1ea97af4289", 0xcd}, {&(0x7f00000006c0)="90469f6b713653226cf4a99953223ca8627ef8b2f050bf2ed919af8f29d3216d64190599d2f1769f2407d97ae6c3964987a4706394d51d1855784493fd90373b4b10ae1418a5ec97110957dfa57c78be263ad00475bbb32ca304fc8d0516bd0b0cfb0e6dfd67fc7b96eb744ec6d29add5b6e70c3de080b3751b37dccc641cb6fedff7fdb28b9ee495c8cb86c16107f97e9e5633f2048da3a7d134e89e07cdc2a5fab5af790ce0235ae32197be3c861698765548875bf118ee0bf8600d90e4d2ed8f708fa9cf445033050043dd26df4f2918a14d922eacb7a5b20fa4b5b", 0xdd}, {&(0x7f00000007c0)="8d106b5f9b802ed3509e11b79f6f25e58b7d4d8a1b7f0e4e17149cc6f2ff2d34ac22f5866901f947e81f09423e4f7c61e803fd176d4bcaa0dad83e103a739553504d0da9310718f6c102bc221a951b162d74f21c8713cb414f75da456be45be513a8730987f5c6375bb4fba991d506f2", 0x70}, {&(0x7f0000000840)="18e008ce18e74667e4778748f6305c4f61cc92577f801bc8313ec1ce2d6fdeebdecbea4be32d2581dbfe5ccf9919bdba4634fcd8a8acec78a021fd0f7a706ad784d6969f10a32fa168e560df085d7c16533ac0294496973ced91c928337fe7", 0x5f}, {&(0x7f00000008c0)="c250a57f8c02ee665250791309a7db8fa1a8ae48ea7663da7e21124dceeb78bf6c19221a50e7606fc32ff67fa437626e5fabb51cfd1af05fe3364f787ce4845f71b59bc1c5e860e1f98e5cee255259106d9cf300b5d47efe0efc39d4a2672c67bdbd8e81385e36c9ec11e7da58577a581b32a2e4973ba141ed04d4f9e29db659", 0x80}], 0x8, &(0x7f0000000a80)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x1ff}}, @ip_tos_int={{0x14}}, @ip_retopts={{0x24, 0x0, 0x7, {[@lsrr={0x83, 0x13, 0xa, [@empty, @remote, @local, @empty]}]}}}], 0x58}, 0x200000d4)
sendmsg$nl_route(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="7b13000000000000200012800b00010067656e657665000010000280060005004e2000000400060008000a00b5"], 0x48}}, 0x4000)

3.120228943s ago: executing program 5 (id=1098):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000280)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000140)={@val={0x800e, 0x28}, @void, @eth={@broadcast, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @empty}, {0x0, 0x0, 0x14, 0x0, @opaque="6f841fcaf955c253e28c7ab3"}}}}}}, 0x3a)

2.558444691s ago: executing program 3 (id=1204):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001000000000000000000e0000002000000000000000000000000ac1414aa00"/48, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000a900000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000000000000080400002000000000000080000000000000000000100000000000044000500ac1414aa000000000000000000000000000000003c"], 0xfc}}, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "21fd0f", 0x10, 0x11, 0x0, @dev={0xfe, 0x80, '\x00', 0x18}, @local, {[], {0x4e24, 0xe22, 0x10, 0x0, @gue={{0x2, 0x0, 0x3, 0x4, 0x0, @val=0x80}}}}}}}}, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000480)=ANY=[], 0x8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x1fff, 0x0, @loopback, 0x3}, 0x1c)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='batadv0\x00', 0x10)
r2 = socket$kcm(0x10, 0x3, 0x10)
r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x0)
bind$inet(r3, &(0x7f0000000100)={0x2, 0x4e21, @broadcast}, 0x10)
sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="1400000016000b63d25a80648c2594f90124fc60", 0x14}, {&(0x7f0000000340)="2f79931f398195cd9a092d9ce89bb34d29d835d1a398e4b5d360b2c83424e27ee06a543a853e244e3a5383d6a0e2dd8ccf7d720411b7054c38ff838f7a43d26970faa4b8d2066f5f7adf0fa3b96ee31cdc5beea6af453f09a82fd93f68de7181c265cf17667e28a85cdbf8e1b3753c164b13311102c4dce0c472d3c1c2a750eb1b8a2bec69b4ad90bdb9069f6f5648101c376e656454fa8da39fe9ae9c3118a3e64c15669feae08618381e639bdb1f1f6050468268561adb4e211d47b3a36e90e4bb005078100ca3907ab60c24ba0208943c26a570f7e928bfdb276cd69f761f3fc09931a4d5890ace8c1ef6a446ebc96a6b9f0cf7b47a69bcc23e2c9eb87ba617d8dd98f83a9df21e2b1533c488fd67293240c8d129a19a9a6f79859f4da5988cde1144a47238a08fa94a0efc0a5d6cb134aa84147b7e46af9003b4030eb7bdca6c9cd09a8c25e11a97aa6e6854af352000fa6b1a80b07d0fafd848908d8b0802e8ca60e0aae95c2c7a09f5cc12df5da08d6d15e92044a497c00278168f6ee3dd2d8cf5c5074ca721dbe6125c0e0f301c39f42ae70e7b281c4ea83fa4c304812f58086ec21ae17c57714412f6dfe43c462b24ccea355609ba86b0c6f1bd591b69c77634198a41eaf85110137b1c82024f3271221488cc7599b60c5a37008bf94bf76d9d3d411c0a78f91d0be7f00b1e000f560768dcac24206a2e684ffe0bba323dd47e7a7b33153057b78e05bf924981f7e8a7d928450149fa6a902618fc0f3eda16bd2676cbfcf1c38cd99e2062cf441023cc3ad76f95002612a05ae58f7015299ad70939ae4fa16d323670c024612db3b9b23c39673867154c32243472dfaeb32034edb04e4a873c4bc0e343dab5e138b96ef8c55fbdbddf423e19af91c0c7f5c7f2540d6f7ef71a96a25af41c3e614f319eacca5385a6a46a61562e777f2ac0f1c630566df5082cf262ad87dfe1dd1effb8b402248aac31b1acf06860a6a215428b4a12ddb2e5b267643b2ed4a42f9bd978f9f56b065dcc12d2bacc079d8c7a1edad6c2198a2f9f557cb18011a730b95dd1f138cebfaa61a7b93cff93f16b1575f6f14962c55d3ecdca436f1e6c0b78c03cd5945681364d9f6b31734f7604824761b7e5ccd67b00068e4b2921914b648087b4109f8bd8192f63791540a290dd41c7a2c3e23e221e1db6e646aefadbb436918c83a36b11df99d0efeb663c3a0a4cb1ecd92b85637c4810bb219b9c11ef7bf15e8f4be9ba00c2ea0d89dc6793f27c5de13066ef6607ed3f49771b43f57279dc6dd3541e0efbcf9ab112b1e6aafe1fcb2bd2ac6d1d5113d2b605639780252c0c47e1d37ca5e07482ef3990e1c9a87edf639d5e5005b6267dbed0c501340f2b2bab8fb67473e82b7ef3aa12b1d1bb909e80459d8ce144de6fe1c9fc24d780a505e852ea36d8d8def93fb502410039281febd3b42631ee749e98213cda1d8fe2602b47521c4b0e05bf889c8b873481addac7167f4fd347611a87b4759fa976a45ce9835b668c885b3d8ed7226c88b801bec8d01b1784f6241753843340b1e7e5aaa44ee802a851866cb5f201e038b032b00cc099d3c2c96e9e8f8134e83423b125da32da757fcd0d6f29b731d97627aca268298c3dac47da610b70592077b7beb63550c6661678a74824d9e7306c8f4983161c22f68b40323f5ad674de9a64b05c05920a13826983370728e5114aa0591abc962c5bb9f0a058c6c9ee7119821676a4c25a1c3047f4402c50908df7fc0280391b0dae8f098b86720fe8740003593d69d3cb44314ca6349d594926e5c947d65c5647f362cb3a8b811e96df5ffff1dc210f5d6058e29a6406f9c8dfef5f1b2d7209fa38cfb37241ee5c41ba220efaa6d0321ddd1be61a1ce78f52021ac7517b1e030d8b05e2050dbea07e5326e58af2f69790c5792caf6017e7769e5627ded6f307134641761bcadcd35e0c59f9ec07456341d02162359f11dff7396b7b85680ba7095676855b58984a487c3df7ae61b207b46556dcab53764c12e9feb87e617a188fe984332f8e8ed2d3c3e5a221d606b98734d52411212bc112afe8e6169d3531176e90cb7a3f59a2c5f600c692b7a9077fe65b7bdbaee1a331816495e0f7a70bb2c1231d863eb8489386ff70d86f538e391ca95fa33c9824f6937220ce840f1540e895441f5c3a01f1c94b11d68fb730d2ecd3d74d29c512006087ddde5479806062177f5f5935ccfafcee1b8bc7bc297e6d20fb3266eb010d1375b2ad7aec6dbfff21fa55fbe5e3b42a83bfcd3acd0939e663e4dc45c3c0e17f8d4f0576c5abbec1b3edca488254c1932e3887091e46245f544736a367675a938e07d3b31ec5b31517827dbd54877ea0b00fd76fec670d96ded1c3ea2fbbb6d1343fb57732cd1f395b7af3fed8aa8dc4d1e36323af621b383a0ba0e4808fb30c7318532e96a08d4afd44c3a1a360aa47d29a0cf1d00fa6963b9d5ca3f68a7c3b1ead68fae136442c2d36dce71e3bc3a839234c16486d71c939ca65ab17a078ff1549f3ef8c7584c55cdc9ffe130d0291f7227cd3161a29c351197c27851f133b6aa52c9325e38b8cdd742f14f3b38419e39e548317d49c91aa0bbf8ca9c559f2f8f19bc5e2cad70e76ab81a576d3750e16cef0164eb8b2f14cc72ff3542f0a99f3ca95299015fc9bb19e705d635a9f417e7e2b2686230c16a44e52d1424a33b1f24966fa13187ef313c6882400a8217ca189aea3e63ca2cffb329e644ca78a9868018bf672faf21378e4df818bae0eddb6bf31ab0ec39398650bdb0be64e49e3ecafba562ac3a85dae56d57cb8df9c0c0660209991d871aeac32e4d4809b9915c258021798d9651d1c97f6d2ed3f06ba32cd0f1a02969b9a08d88953343125c261b884c62ed856f6fc6959f47deb645ea2371ffaa814aa5aea6dfdcac026bceb780dc0b1052d88b98ecb58d6c94a161302fc5dd59aa5cae607b92211b72435e8afc496fb8fca95c0ae314a78d43c4b5862d161ef531ce6816e1ae81ac96d67e72ee553002c8fa048366c2469f445f956abca594d596302d072ffc8357064ba261e5cd3a5a6e785239504a7879d3d4722cc7e10222492859eee452c73250ebc962f4e049a11a63cc4c9512d844700d10d58363c58ffabe056f85429a2426c2d9b2cbb35f757cc85478630535d5fa7e2771c73b9d89c4e22fda4e4fa3ce312722b14d9133e5f45ed89312aef385cff3b4a259ac7ef7ea66f44efe082268da4103bf9e84441e821d0f615fcd762fdc2f6f6a5c4db33284a1091019c4ed98431f8d776f665b69b355ea79ead0ea02a6a6d8f8584fe90c1acc4c457c86e4f61458635c16af73f0cdfd2f71de4a1414c7bcd6e0cfbdadf690093cf8b14dc62184d3c61a256c0ed64d7e2435d0d19fb28ccfe5f09abb9691a5652f261b393aa89078163fbd75d7f30e5efe044a213bce9f47d9dc473e0eb7a4378302f5590514df72f3f136843f3ecfca1fc4a70eba3479a1cd3651f655252c397898bf84481b4529ac5d8ed60cc6efb4792f468b28dfce1adab1a58e2bb1a63e22995d80296a89258d5c1826ecdf01a4235c32c09fae5058f14b4c27dfa7b0214e9bbd08e3cdfe698a44cb09039e971bae729ce620dd59c81c7fa2b9453047bba3602f107bdb047a5e2a65f1b05f7d1a7bfe7d71906b9203efe37968ff78e0ce40bda82828f3bc4802fe8889c976927c9e05c4d9b5b8e6800b902d084fad5a77adbd0a637d573713d2e2690c209b7c0f78f38e408594d7cacde98c25169010e31ccb05bd7d921e4b8766cca5dbe97a30fe1bdba895df5a01b836059adf725faccf79967b3cbe01edd2c615a6f6fb60f03276179cd658d995092117457970fd37d0f17328ab510ae814bb8b81f92e1f30bcef5b06239c7ada8458f323aba3070cbba92bd9e22f1b708cc08eefe89a29f86782d3d60a0d3efb52553d2a5926076b9317bf09f2f08a19bbe62b95d8fa0b8c6dd3ae955d63db0f4f0da880990e5cac7b23c5270a47a0337ae823022eb1f89c34066554e666593bfc2566038b75419ce4ba3e114fc192c4c52d84bd5ee3c7c961635cabade8e770ea5caaf781b3dd96cb8c0df7428009ea4f9a247116d1ca59e90d7a80935986968e2f201c4eb53c752f92c87bd8d8a465422d4fe78ec9f60b6d07abffc02448e743dfb6b5a1e6a5b6866aa2c0aeaa27cd5dded5898b9d7f8f2e9db3ba80046ad8cea283c39d97049de8e3b3ddbe5b3c9faf2e8d262bc6ef116db1c302db2810e0e8bf672223ae834e56d81895aeb404810a31cecb26b9f2050105ca67987176e54cc3fe9da78cd1ad0b5cdbe8ead97022ec88e97c5928e017303a16693e7c9247501dec70bb053384152d67e6b0928d776ccdd3b55778c2d5dbc1beedf6d8528af520665eb3c4e02b3581969ecf6f9be688045c42d28d2964e9277addbf902a8400114564551f1516551e7c3079ac5261c5a565be9618cf8c0958622ed49c581659e24369a16e8d6dba081df66ba7c3d4b0f420e07bbbcfa8639d0468d77adc9448cb964f507f9836b9152fd4f38c7c4be5cc69703c446333bc5b445889852a335d8ad72526d6152d3c39013101c7183dcb27aea45f19967d91773449629625fa893b53a3c63cba0bec737f4094e9739857a565431b9def815a3280be6508c5ccc71fdcae4d7656b17ea7710715aa5f59bb627af599087d041312f9a231c46e794403de62ed5650c108a362c1ba3964b702eb9fe5aeca35f06370238b732b6d01c05fe18f585e858e7f07ab911d1248ef4b74104ee8ddcd57ae0967909bfe5aee3bb53ea568d9f8cc7ca8317dce49b9d67a3ba71e5e609b72f9f3b3c99444bb917f7e360ebcf2c54aafde7f7c7674cfd2fe8cf4621baa0ac1742f6cf45cb4d3b00a26f7ac55bd58b462a1be443a6a3fa1b1dd78f533283909aa15c0ddbdeb0d66a880c3eb2419db2ecfca4286e8837f79cd71fbfdf6e13ffe2aa6c9948a885da66cfb43fd599b8ec60069e31d1216fb6817c912e27dbc48270398733f74edd0c7780e6b0729b14465fbfd032f589cc6139b9c99583bcd05854f2252010b80732dfc4f36188c9d9665f7d6e0b80d6e641d97d139fa29dc77be72dba63df9db2a4d766a0dc38422089cc87c05d24f87bc77439f1b08394a538684396f3402840795a34a11b7dbba8ac8b489f2527a0c214767253187ce58e1290683017ffa509109f456bc521391e4a09051ea646c21cc185f43238d877fc8a11c5ebc7644c8ffb4f364eba8370bc530431abe2c63f89b5bc45669ca398f1241ebdd7f7de454fe4fb30731de04483e9e2816463a7a104cc31c1e4f5a03e395e47721f9172330a9d95c10ebad6c845efa0638ad253c5e6d1e9a9ddbcfb92943f25314c2ca87febb4433be18735215f2f13c336d66cbe139b693e17e974b8cf500b130458cb482c023ae72c1c03e40ea31be405363d823ce3e55aaf39522231b37ed3c20534e2358ed48fb74f036d3e85431e22c4b277d6371f2dbad195163a352cf592a6adb15447387103d688e900bc22e054084de61ddc3082e3faac048ce9ddbae3c3416d885755b45882eee1f19f9cc6954cba95f1793e5944c5b2c59824810b3ed6d8fd9239c6830d28bdc0cfe37a8b7ffc9988da84b3913b3c475f4637339babb5a2aced6d710f2fbd2a4225b8eea1d5b4db79e2b687b6a15903e9fcb2891dbefea8f25a1bc41421cfc4cd93e45b2f69e6f9be303a856408307476745d319633d09ea000e7735823a317d01eda6a41168fd24c7a06d21b", 0xffffff1d}, {&(0x7f0000000180)="b9b1f9d06fd012b41c947e24757cc92a126bbb4db03c72e1033fc8d959a70b8a16e4f14e887e4edfc25ca2b2999985d20b0e91b91d049427a499b70b66bddf2ac7efaebfca52191390844eb705de2d6daa5c99f5fc28882f79128e0102068792584154af470164c05518fda023e46bc4856bec674bc6639927af62d46853fa1fb55dd8cd572a75e96d3ac9dfdf357c07d34e64ac426863ce53c40672b83490bc63f83827117fc025d90235b954acb8f8ef0cd280d3c1d25664", 0xfffffffffffffdb1}, {&(0x7f0000001340)="c428aca2b955b5211fb8d459e48a82fcf37bc392223405b7a7c305c0c5b4e010f64cf947c057a4a946f7cd3389b98071d41f8ba131c9798edd79fa0f2755bd2ddaf5c63b09f53c984138f4d4223075364638aa793ca2937b35d377b3b9e9c63f086b1d086370b22e6c41aea6eba0d58ae8147dd4d0058454d85ad113c594464b90559517664b34c30549ac141259dcf2ecedf20089f70371f5a0bed7262bed8cceef53e63dfa68adf955f4d15c7b4d752d1e0a6ca0fc5d39b57d3ee6fd39fe57505c368df539e9bf2a50fb46cfb683f18cb856685e3ba1f7ef1cddecc0a459f7", 0xe0}], 0x4}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000002240)}, 0x0)
write(r1, &(0x7f0000000140)="82650000", 0x4)

1.802759998s ago: executing program 2 (id=1205):
r0 = syz_open_dev$MSR(0x0, 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r1, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, 0x0, 0x0)

1.675924207s ago: executing program 1 (id=1206):
r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0xe4ffffff00000000, &(0x7f0000000080)=@base={0x4, 0x4, 0x4, 0x40007, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x50)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000500)={0x2c, r2, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x2c}}, 0x0)
timer_create(0x1, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000280)=<r3=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4)
mq_notify(r0, &(0x7f00000000c0)={0x0, 0x1a, 0x3, @thr={&(0x7f00000002c0)="59f426822838035a740a5a0bfcba8980282d0807477a5ecebd6b447f45ffebe8317c20758a7d42856af108272fdc3133a667fcad179f302b846cf3cf395610c5ffd703ca234ae16dda075d439c1becc166aab2e8f6257e8ef3c6895e0ebe5f221d48d0971144952c786a95b7ea0619e2028f1c8878a5107493afabcd3d2785a5be4232ddd5d78730c99a0ed91571f36c8c37c6233e6bf8e3d450d93a42ac15b8e890bfcafbaf2429e179398fcc2c951add6f90396e72d4c377796ac0ff6eeb5b52172ae0af2345f8549860698f204e50", &(0x7f0000000080)="5845550739812c45736d424ed435814f2bff1ae6c7ac7592b4ee09ec3d1076e3e6"}})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1)
ioctl$KVM_SET_SREGS2(r7, 0x4140aecd, &(0x7f0000000300)={{0x3001, 0xeeef0000, 0xd, 0x7, 0x2, 0x7, 0xc, 0x82, 0x0, 0xd, 0x1f, 0x5}, {0xeeee0000, 0x4000, 0xa, 0xa, 0x7, 0xf5, 0xf7, 0x2, 0x5, 0x6, 0x4, 0x9}, {0xd000, 0xffff1000, 0xa, 0x8, 0x7, 0x2d, 0xc5, 0x7f, 0x7, 0x6, 0x9, 0x80}, {0xeeee8000, 0x3000, 0xa, 0x4, 0x6, 0x2, 0x0, 0x0, 0x5, 0x3, 0x6, 0x6}, {0x8000000, 0x6000, 0x0, 0xbb, 0x7f, 0xad, 0x2, 0xfc, 0x50, 0x24, 0x1, 0xc}, {0x2000, 0x8000000, 0xa, 0x9, 0x7f, 0xf8, 0x5, 0x8, 0x2, 0x25, 0x6, 0x9}, {0x8000000, 0xdddd0000, 0x8, 0x0, 0xa, 0x4, 0x2, 0xfc, 0xc6, 0x20, 0x0, 0x81}, {0xeeee0000, 0x4000, 0xb, 0x51, 0x7f, 0x21, 0x2, 0x0, 0x5, 0x8, 0x5, 0x7}, {0xeeee0000, 0x80}, {0xd000, 0x43}, 0x80000000, 0x0, 0x8080000, 0x500429, 0x9, 0x3900, 0x5000, 0x0, [0x40, 0xd4df, 0x8, 0x6bbb]})
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001640)=ANY=[@ANYBLOB="380000001a000100000000000000000080002000", @ANYRES32=0x0, @ANYBLOB="00000000080002000b000000140001"], 0x38}}, 0x0)
chmod(&(0x7f0000000140)='./file0\x00', 0x0)

1.605274279s ago: executing program 2 (id=1207):
pipe(&(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x1000, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000300)=@gcm_128={{0x303}, "fc674d000000f8f7", "c5991ee20139b401046a89606ffcf92e", "2c5be7c6", "a0ca05c0707e52f4"}, 0x28)
recvfrom$inet6(r1, &(0x7f00000000c0)=""/3, 0x3, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x10000008ebc, 0x0)

1.564250977s ago: executing program 2 (id=1208):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0})
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = getpid()
rt_tgsigqueueinfo(r1, r1, 0x14, 0x0)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a3100000000"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="88010000330000032cbd8000fedbdf250a0000005c01c080cd9912b2c60118060e0c2f9fcce126f578dac0afb160de636d219fad39cadb9f0c0f60ca845166bfcb68643d7467dffc7b61b9533e5f57067c417c300ecda2526c9d03c40811da5a3c748b672e753ad42874644748be2024fac508c74d6c01a350de6d8100a7b213f543a6c1d80b99e57beed3807e5034d01addacd3c478721bcd7dd34588fbaa45843d1faf003041562932d25e20bb98368ff733532ace4eced15104001300040034800400fb8001158b11f3d1e44693fab16323cc903af7400d9e8fa9db90b4fba874014117ed23f5bb7519e77435a3b31da6fcdc2067ad621013bd4b296907284f1ff4ff9e3e8e7ad52bd29fa051b6d0cb81777bd9dc3bc703275fc911212efb41a80a664f03bff00265e78364090bfa513728190412639ef2e32b09a4fff791d94d6f2195af786d705414f9cc073c9e1cad837a09d554a3e3d0489ddec0c5546398566999829178e0977bbbea411f85b0de9f9e9a81031644aee0a7ebd94208000500", @ANYRES32=r2, @ANYBLOB='\x00'], 0x188}, 0x1, 0x0, 0x0, 0x40001}, 0x801)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002c00)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a40000000030a0fdb00000000000000000a0000050900030073797a30000000000900010073797a31000000000c0002"], 0x68}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)
socket(0x400000000010, 0x3, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x578410eb)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000140)=0x1, 0x4)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0xc048aeca, &(0x7f0000000080))

1.34052761s ago: executing program 1 (id=1209):
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
r0 = bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8)
fsconfig$FSCONFIG_SET_PATH_EMPTY(r0, 0x4, &(0x7f0000000180)=',]$\'+:\x00', &(0x7f0000000300)='./file0\x00', 0xffffffffffffff9c)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x18)

1.279711917s ago: executing program 2 (id=1210):
r0 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000140)=0x6, 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000200), 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000000)=0x6d93, 0x4)
sendmsg$sock(r2, &(0x7f0000000780)={&(0x7f0000000300)=@in={0x2, 0x4e22, @loopback}, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@mark={{0x14, 0x1, 0x51, 0xfffffffb}}], 0x18}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)={0x14, 0x2, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x20044804}, 0x40040)
sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000340)={0x0, 0x20, &(0x7f0000000100)={&(0x7f0000000040)={0x14, 0x6, 0x1, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x2404c031}, 0x40)

1.215948086s ago: executing program 2 (id=1211):
setsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x0, &(0x7f0000000040)=0x2)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socket$phonet(0x23, 0x2, 0x1)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
r1 = socket(0x2, 0x80805, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x808000}, 0x8)
getsockopt$bt_hci(r1, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9)
r2 = getpid()
rt_tgsigqueueinfo(r2, 0x0, 0x7, &(0x7f0000000080)={0x0, 0x0, 0x4})
close(0xffffffffffffffff)

1.17145267s ago: executing program 3 (id=1212):
io_setup(0x9, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
rseq(&(0x7f0000000400), 0x20, 0x0, 0x0)
r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000080)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000140)=@gcm_128={{0x303}, "87ee8ac6c46dad33", "2607080d7f4fcf00fd4ef2dece6c7c58", '\x00', '#\x00'}, 0x28)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000240)='n', 0x1}], 0x1}, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x2, &(0x7f0000000680)=@gcm_128={{0x303}, "000037d7009400", "c0b6c5b29ca2b838d41ac2fc7ddf972d", "e9be1eae", "bb10000000000001"}, 0x28)
io_submit(0x0, 0x1, &(0x7f0000000100)=[&(0x7f00000002c0)={0x400000, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000200)="05", 0x1}])
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r4=>0x0, &(0x7f00000007c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITEV={0x2, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0})
lsm_list_modules(0x0, &(0x7f0000000000), 0x0)

670.928839ms ago: executing program 2 (id=1213):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x10c4, 0xea90, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="2001d4"], 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[], 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000140), 0x1, 0x929402)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000000)={0x1, 0x8, 0x0, &(0x7f0000000240)={0xa, "a52422ffd60775c221c4031d467d6648a97569b7d49cc4492d050600000000ff00"}})

401.744249ms ago: executing program 1 (id=1214):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f9471633078", 0x8)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/ksm/run\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x1)
r2 = accept4(r0, 0x0, 0x0, 0x80000)
r3 = dup(r2)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000003680)=[{{0x0, 0x0, &(0x7f0000000e40)=[{0x0}, {0x0}, {&(0x7f0000000dc0)='k', 0x1}], 0x3, 0x0, 0x0, 0x80}}, {{0x0, 0x0, &(0x7f0000003600)=[{&(0x7f00000011c0)="65d21a11ef0b0d0fe05ff0d19d9119e1a7b6718fbf8d0f33b11f989fb99a6259d096d06b08cf8573170769674a", 0x2d}, {&(0x7f00000034c0)="f1552f0ac616e0", 0x7}, {&(0x7f0000003500)="d03b5b1c803a1874824babe75b9e2edb2c728cd1fb9d063f2d3cd7d7b4e6f1cc6300fcde9d2fcf128ebeecfbdbf4c81ea1b0414a9806a978b47c2fe4c6d8ff6f5f29a4764574df10171bd859ac9b319100834b53f933e87dece485b8b3bc71647df0ae9410d73ecce651d927cb", 0x6d}, {&(0x7f0000003580)="4b2bf77cb5a115dad975ced56444598bc96d6b8a1d316f720b649c486fe9b36870243a3127af40f89b98fb61a58928e5036a8cdfaf682d176d768c57897db35f11e4bd15be7cbda256aa9e49a57d244a34b3c4d85197", 0x56}], 0x4, 0x0, 0x0, 0x24000001}}], 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e07002d0c"], 0xa)

184.827894ms ago: executing program 1 (id=1215):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0}, 0x18)
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f0000002e40)=ANY=[@ANYBLOB="00020201"], 0x18)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
r3 = dup(r2)
write$FUSE_DIRENTPLUS(r3, &(0x7f00000002c0)=ANY=[@ANYBLOB="3b19430d3a49c249f9d81d1ef249de6f19f96a005acb50a85f"], 0xa8)
write$snapshot(r3, 0x0, 0x0)
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x2, 0x163c81)
io_setup(0x3, &(0x7f0000001540)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000080)=[&(0x7f0000000040)={0x0, 0x0, 0x0, 0x5, 0x75c, r4, 0x0}])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000001a40)=""/102392, 0x18ff8)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0)
r7 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
keyctl$read(0xb, r7, &(0x7f0000000240)=""/112, 0x349b7f55)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="2000000011000101e700"/20, @ANYRESHEX=r8], 0x20}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14)

0s ago: executing program 1 (id=1216):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f000007"], 0x50)
r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYRES32, @ANYBLOB='\x00'/14], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r2}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x7, 0x4, 0x8, 0x1}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r8 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r8, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000009c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast1, @empty}})

kernel console output (not intermixed with test programs):

 Call Trace:
[  303.760611][ T9340]  <TASK>
[  303.760618][ T9340]  dump_stack_lvl+0x16c/0x1f0
[  303.760645][ T9340]  should_fail_ex+0x512/0x640
[  303.760672][ T9340]  _copy_from_user+0x2e/0xd0
[  303.760711][ T9340]  video_usercopy+0xedd/0x1720
[  303.760735][ T9340]  ? __pfx___video_do_ioctl+0x10/0x10
[  303.760755][ T9340]  ? selinux_kernel_read_file+0x60/0x130
[  303.760781][ T9340]  ? __pfx_video_usercopy+0x10/0x10
[  303.760820][ T9340]  v4l2_ioctl+0x1bd/0x250
[  303.760839][ T9340]  ? __pfx_v4l2_ioctl+0x10/0x10
[  303.760861][ T9340]  __x64_sys_ioctl+0x18e/0x210
[  303.760890][ T9340]  do_syscall_64+0xcd/0x4e0
[  303.760915][ T9340]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.760932][ T9340] RIP: 0033:0x7f2abb38ec29
[  303.760947][ T9340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.760963][ T9340] RSP: 002b:00007f2abc27f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  303.760980][ T9340] RAX: ffffffffffffffda RBX: 00007f2abb5d5fa0 RCX: 00007f2abb38ec29
[  303.760991][ T9340] RDX: 0000200000000140 RSI: 00000000c0d05605 RDI: 0000000000000003
[  303.761002][ T9340] RBP: 00007f2abc27f090 R08: 0000000000000000 R09: 0000000000000000
[  303.761012][ T9340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  303.761022][ T9340] R13: 00007f2abb5d6038 R14: 00007f2abb5d5fa0 R15: 00007ffc3e8e7d28
[  303.761045][ T9340]  </TASK>
[  303.953483][ T5904] gs_usb 3-1:127.0: Required endpoints not found
[  304.019129][ T5904] usb 3-1: USB disconnect, device number 35
[  304.297424][ T9354] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  305.488001][ T5971] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  305.584046][ T9369] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2573 sclass=netlink_route_socket pid=9369 comm=syz.1.916
[  305.730069][    T9] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  305.739940][ T5971] usb 1-1: Using ep0 maxpacket: 8
[  305.746489][ T5971] usb 1-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  305.758265][ T5971] usb 1-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  305.772730][ T5971] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  305.783810][ T5971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.928358][ T5971] usbtmc 1-1:16.0: bulk endpoints not found
[  305.991055][    T9] usb 4-1: Using ep0 maxpacket: 32
[  306.134828][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.146065][    T9] usb 4-1: config 0 has no interfaces?
[  306.175053][    T9] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  306.442162][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.453076][    T9] usb 4-1: config 0 descriptor??
[  306.559438][   T30] audit: type=1400 audit(1758339368.835:872): avc:  denied  { read write } for  pid=9376 comm="syz.4.918" name="nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  306.631946][   T30] audit: type=1400 audit(1758339368.835:873): avc:  denied  { open } for  pid=9376 comm="syz.4.918" path="/dev/nullb0" dev="devtmpfs" ino=696 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  306.706655][   T30] audit: type=1400 audit(1758339368.975:874): avc:  denied  { ioctl } for  pid=9376 comm="syz.4.918" path="socket:[23088]" dev="sockfs" ino=23088 ioctlcmd=0x89e1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  308.996720][ T5976] usb 4-1: USB disconnect, device number 41
[  309.019911][    T9] usb 1-1: USB disconnect, device number 23
[  309.116537][ T9386] gretap1: entered promiscuous mode
[  309.175571][ T9389] netlink: 8 bytes leftover after parsing attributes in process `syz.0.923'.
[  309.477174][   T30] audit: type=1400 audit(1758339371.755:875): avc:  denied  { accept } for  pid=9397 comm="syz.1.924" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  310.020267][    T9] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  310.184393][    T9] usb 1-1: Using ep0 maxpacket: 32
[  310.203301][    T9] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  310.218885][    T9] usb 1-1: config 0 has no interface number 0
[  310.230390][    T9] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  310.264798][    T9] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  310.274131][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.287431][    T9] usb 1-1: Product: syz
[  310.293378][    T9] usb 1-1: Manufacturer: syz
[  310.298048][    T9] usb 1-1: SerialNumber: syz
[  310.363717][    T9] usb 1-1: config 0 descriptor??
[  310.381135][    T9] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  310.398796][    T9] em28xx 1-1:0.132: Video interface 132 found: isoc
[  310.479942][ T5976] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  310.631715][ T5976] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  310.642067][ T5976] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  310.652138][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  310.664991][ T5976] usb 3-1: config 0 descriptor??
[  310.684539][ T5976] pwc: Askey VC010 type 2 USB webcam detected.
[  310.869141][    C0] hrtimer: interrupt took 19582 ns
[  311.007098][ T9419] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.449878][   T30] audit: type=1400 audit(1758339373.725:876): avc:  denied  { create } for  pid=9421 comm="syz.1.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  311.497212][ T5976] pwc: recv_control_msg error -32 req 02 val 2b00
[  311.506736][ T5976] pwc: recv_control_msg error -32 req 02 val 2700
[  311.521628][   T30] audit: type=1400 audit(1758339373.755:877): avc:  denied  { getopt } for  pid=9421 comm="syz.1.931" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  311.542686][   T30] audit: type=1400 audit(1758339373.755:878): avc:  denied  { mounton } for  pid=9421 comm="syz.1.931" path="/newroot/proc/638/ns/mnt" dev="proc" ino=23163 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=lnk_file permissive=1
[  311.566694][    T9] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  311.587521][ T5976] pwc: recv_control_msg error -32 req 02 val 2c00
[  311.627395][ T5976] pwc: recv_control_msg error -32 req 04 val 1000
[  311.636667][ T5976] pwc: recv_control_msg error -32 req 04 val 1300
[  311.643932][ T5976] pwc: recv_control_msg error -32 req 04 val 1400
[  311.657329][ T5976] pwc: recv_control_msg error -32 req 02 val 2000
[  311.671797][ T5976] pwc: recv_control_msg error -32 req 02 val 2100
[  311.701226][ T9409] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  311.722988][ T5976] pwc: recv_control_msg error -32 req 04 val 1500
[  311.733932][ T9409] netlink: 'syz.2.927': attribute type 1 has an invalid length.
[  311.747230][ T5976] pwc: recv_control_msg error -32 req 02 val 2500
[  311.752572][    T9] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  311.764223][    T9] em28xx 1-1:0.132: board has no eeprom
[  311.829955][    T9] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  311.838116][    T9] em28xx 1-1:0.132: analog set to isoc mode.
[  311.845458][ T5904] em28xx 1-1:0.132: Registering V4L2 extension
[  312.018237][ T5976] pwc: recv_control_msg error -71 req 02 val 2600
[  312.043688][ T5971] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  312.053497][ T5976] pwc: recv_control_msg error -71 req 02 val 2900
[  312.093664][ T5976] pwc: recv_control_msg error -71 req 02 val 2800
[  312.102469][   T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  312.285468][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0x4a (error=-5)
[  312.335311][ T5976] pwc: recv_control_msg error -71 req 04 val 1100
[  312.343253][ T5976] pwc: recv_control_msg error -71 req 04 val 1200
[  312.345637][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0x48 (error=-5)
[  312.356741][ T5976] pwc: Registered as video103.
[  312.366317][ T5976] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input21
[  312.381473][ T5976] usb 3-1: USB disconnect, device number 36
[  312.388629][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0x42 (error=-5)
[  312.400544][ T5971] usb 5-1: Using ep0 maxpacket: 8
[  312.411855][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0x40 (error=-5)
[  312.415093][ T5971] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  312.437129][ T5971] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  312.450934][ T5971] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  312.461587][ T5971] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  312.475630][ T5971] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  312.485139][   T24] usb 2-1: Using ep0 maxpacket: 32
[  312.491089][ T5971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.500605][   T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  312.512385][   T24] usb 2-1: config 0 has no interfaces?
[  312.519553][   T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  312.527445][ T5904] em28xx 1-1:0.132: failed to trigger read from i2c address 0x84 (error=-5)
[  312.533988][ T5971] usbtmc 5-1:16.0: bulk endpoints not found
[  312.553814][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  312.578841][   T24] usb 2-1: config 0 descriptor??
[  312.633051][    T9] usb 1-1: USB disconnect, device number 24
[  312.641037][    T9] em28xx 1-1:0.132: Disconnecting em28xx
[  312.692984][ T9438] netlink: 64 bytes leftover after parsing attributes in process `syz.0.936'.
[  312.765985][ T5904] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  312.781876][ T5904] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  312.789001][ T5904] em28xx 1-1:0.132: No AC97 audio processor
[  312.811004][ T5904] usb 1-1: Decoder not found
[  312.815620][ T5904] em28xx 1-1:0.132: failed to create media graph
[  312.827885][ T5904] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  312.850834][ T5904] em28xx 1-1:0.132: Remote control support is not available for this card.
[  312.860527][   T30] audit: type=1326 audit(1758339375.135:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  312.901776][    T9] em28xx 1-1:0.132: Closing input extension
[  312.913092][ T5976] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  312.934119][    T9] em28xx 1-1:0.132: Freeing device
[  312.948748][   T30] audit: type=1326 audit(1758339375.135:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  312.973527][   T30] audit: type=1326 audit(1758339375.135:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.002967][   T30] audit: type=1326 audit(1758339375.135:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.027489][   T30] audit: type=1326 audit(1758339375.135:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.058327][   T30] audit: type=1326 audit(1758339375.135:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.082407][   T30] audit: type=1326 audit(1758339375.135:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.105976][ T5976] usb 3-1: Using ep0 maxpacket: 32
[  313.112537][   T30] audit: type=1326 audit(1758339375.135:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.136221][   T30] audit: type=1326 audit(1758339375.135:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.163298][ T5976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  313.175256][ T5976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  313.176950][   T30] audit: type=1326 audit(1758339375.135:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9439 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6ae558ec29 code=0x7ffc0000
[  313.187915][ T5976] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  313.218502][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.236759][ T5976] usb 3-1: config 0 descriptor??
[  313.243893][ T5976] hub 3-1:0.0: USB hub found
[  313.452061][ T5976] hub 3-1:0.0: 1 port detected
[  313.578135][ T9458] autofs: Unknown parameter '0x0000000000000000'
[  313.696036][ T9462] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=226 sclass=netlink_route_socket pid=9462 comm=syz.3.944
[  314.639746][ T5976] hub 3-1:0.0: hub_ext_port_status failed (err = -71)
[  314.648011][ T5976] usb 3-1: USB disconnect, device number 37
[  314.687971][ T5971] usb 5-1: USB disconnect, device number 29
[  314.772447][   T24] usb 2-1: USB disconnect, device number 27
[  314.780872][ T9476] netlink: 8 bytes leftover after parsing attributes in process `syz.3.948'.
[  315.093109][ T5971] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  315.299934][ T5971] usb 5-1: Using ep0 maxpacket: 16
[  315.337505][ T5971] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  315.381860][ T5971] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  315.436730][ T5971] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  315.437831][ T9486] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  315.473009][ T5971] usb 5-1: Product: syz
[  315.480550][ T5971] usb 5-1: Manufacturer: syz
[  315.485505][ T5971] usb 5-1: SerialNumber: syz
[  315.500190][ T5971] usb 5-1: config 0 descriptor??
[  315.514479][ T5971] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  315.536764][ T5971] usb 5-1: Detected FT232R
[  315.678760][ T9493] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  315.690508][ T9491] autofs: Unknown parameter '0x0000000000000000'
[  315.720066][ T5971] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  315.796970][ T9493] : entered promiscuous mode
[  316.302231][ T5971] ftdi_sio 5-1:0.0: GPIO initialisation failed: -5
[  316.370478][ T5971] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  316.424458][ T9496] syz.2.952 (9496): drop_caches: 2
[  316.678536][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  316.690095][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  316.959951][ T5960] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  317.008457][ T9508] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  317.042928][ T9499] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  317.049451][ T9499] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  317.109110][ T9499] vhci_hcd vhci_hcd.0: Device attached
[  317.160263][ T5960] usb 2-1: device descriptor read/64, error -71
[  317.187637][ T9511] vhci_hcd: connection closed
[  317.188051][   T13] vhci_hcd: stop threads
[  317.202893][ T5976] usb 5-1: USB disconnect, device number 30
[  317.289963][ T5904] vhci_hcd: vhci_device speed not set
[  317.382144][   T13] vhci_hcd: release socket
[  317.413728][   T13] vhci_hcd: disconnect device
[  317.419963][ T5960] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  317.422418][ T5976] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  317.654985][ T5904] usb 41-1: new full-speed USB device number 3 using vhci_hcd
[  318.403137][   T24] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  318.405826][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  318.405837][   T30] audit: type=1400 audit(1758339379.755:902): avc:  denied  { read } for  pid=9515 comm="syz.0.958" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  318.441777][ T5976] ftdi_sio 5-1:0.0: device disconnected
[  318.449994][ T5960] usb 2-1: device descriptor read/64, error -71
[  318.560152][ T5960] usb usb2-port1: attempt power cycle
[  318.611308][   T24] usb 3-1: Using ep0 maxpacket: 32
[  318.633594][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  318.689967][   T24] usb 3-1: config 0 has no interfaces?
[  318.728022][   T24] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  318.928938][ T5960] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  318.971526][ T5960] usb 2-1: device descriptor read/8, error -71
[  319.026040][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.153567][   T24] usb 3-1: config 0 descriptor??
[  319.250052][ T5960] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  319.320493][ T5960] usb 2-1: device descriptor read/8, error -71
[  319.369142][ T9524] netlink: 64 bytes leftover after parsing attributes in process `syz.0.962'.
[  319.436623][ T5960] usb usb2-port1: unable to enumerate USB device
[  319.836755][ T9531] autofs: Unknown parameter '0x0000000000000000'
[  319.849978][ T5976] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  320.030192][ T5976] usb 1-1: Using ep0 maxpacket: 16
[  320.333424][ T5976] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  320.403276][ T5976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.411807][ T5976] usb 1-1: Product: syz
[  320.416066][ T5976] usb 1-1: Manufacturer: syz
[  320.426365][ T5976] usb 1-1: SerialNumber: syz
[  320.453549][ T5976] usb 1-1: config 0 descriptor??
[  320.588307][ T9547] FAULT_INJECTION: forcing a failure.
[  320.588307][ T9547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  320.696775][ T5888] usb 1-1: USB disconnect, device number 25
[  320.736642][ T9547] CPU: 1 UID: 0 PID: 9547 Comm: syz.3.970 Not tainted syzkaller #0 PREEMPT(full) 
[  320.736666][ T9547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  320.736676][ T9547] Call Trace:
[  320.736682][ T9547]  <TASK>
[  320.736688][ T9547]  dump_stack_lvl+0x16c/0x1f0
[  320.736715][ T9547]  should_fail_ex+0x512/0x640
[  320.736741][ T9547]  _copy_from_iter+0x29f/0x1720
[  320.736777][ T9547]  ? __alloc_skb+0x200/0x380
[  320.736798][ T9547]  ? __pfx__copy_from_iter+0x10/0x10
[  320.736825][ T9547]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  320.736855][ T9547]  netlink_sendmsg+0x829/0xdd0
[  320.736882][ T9547]  ? __pfx_netlink_sendmsg+0x10/0x10
[  320.736913][ T9547]  ____sys_sendmsg+0xa98/0xc70
[  320.736938][ T9547]  ? copy_msghdr_from_user+0x10a/0x160
[  320.736959][ T9547]  ? __pfx_____sys_sendmsg+0x10/0x10
[  320.736996][ T9547]  ___sys_sendmsg+0x134/0x1d0
[  320.737020][ T9547]  ? __pfx____sys_sendmsg+0x10/0x10
[  320.737070][ T9547]  __sys_sendmsg+0x16d/0x220
[  320.737092][ T9547]  ? __pfx___sys_sendmsg+0x10/0x10
[  320.737129][ T9547]  do_syscall_64+0xcd/0x4e0
[  320.737153][ T9547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.737172][ T9547] RIP: 0033:0x7f6ae558ec29
[  320.737185][ T9547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  320.737199][ T9547] RSP: 002b:00007f6ae6375038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  320.737209][ T9547] RAX: ffffffffffffffda RBX: 00007f6ae57d5fa0 RCX: 00007f6ae558ec29
[  320.737216][ T9547] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000003
[  320.737223][ T9547] RBP: 00007f6ae6375090 R08: 0000000000000000 R09: 0000000000000000
[  320.737230][ T9547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  320.737236][ T9547] R13: 00007f6ae57d6038 R14: 00007f6ae57d5fa0 R15: 00007ffc44639248
[  320.737250][ T9547]  </TASK>
[  320.937355][   T24] usb 3-1: USB disconnect, device number 38
[  321.260504][   T24] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  321.421309][   T24] usb 3-1: Using ep0 maxpacket: 16
[  321.487066][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  321.568463][   T24] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  321.624551][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.653996][   T24] usb 3-1: Product: syz
[  321.658346][   T24] usb 3-1: Manufacturer: syz
[  321.663055][ T5888] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  321.663477][   T24] usb 3-1: SerialNumber: syz
[  321.714439][   T24] usb 3-1: config 0 descriptor??
[  321.761686][   T24] hub 3-1:0.0: bad descriptor, ignoring hub
[  321.788543][   T24] hub 3-1:0.0: probe with driver hub failed with error -5
[  321.849275][   T24] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input22
[  321.849994][ T5888] usb 1-1: device descriptor read/64, error -71
[  322.014197][   T30] audit: type=1400 audit(1758339384.295:903): avc:  denied  { read } for  pid=9548 comm="syz.2.971" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  322.086092][   T30] audit: type=1400 audit(1758339384.295:904): avc:  denied  { open } for  pid=9548 comm="syz.2.971" path="/dev/input/mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  322.290394][ T5888] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  322.364651][ T9565] autofs: Unknown parameter '0x0000000000000000'
[  322.420187][ T5888] usb 1-1: device descriptor read/64, error -71
[  322.578369][ T5888] usb usb1-port1: attempt power cycle
[  323.120009][ T5888] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  323.128409][    T9] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  323.261149][ T5888] usb 1-1: device descriptor read/8, error -71
[  323.396172][    T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  323.405856][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.414230][    T9] usb 4-1: Product: syz
[  323.418440][    T9] usb 4-1: Manufacturer: syz
[  323.423315][    T9] usb 4-1: SerialNumber: syz
[  323.449939][ T5904] vhci_hcd: vhci_device speed not set
[  323.502829][ T5888] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  323.540595][ T5888] usb 1-1: device descriptor read/8, error -71
[  323.653097][ T5888] usb usb1-port1: unable to enumerate USB device
[  323.837272][ T9585] cgroup: name respecified
[  323.931927][   T24] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  324.041535][ T5205] usb 3-1: reset high-speed USB device number 39 using dummy_hcd
[  324.053044][ T5205] usb 3-1: device reset changed ep0 maxpacket size!
[  324.062270][ T5960] usb 3-1: USB disconnect, device number 39
[  324.089923][   T24] usb 2-1: Using ep0 maxpacket: 16
[  324.098029][   T24] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  324.107286][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.115306][   T24] usb 2-1: Product: syz
[  324.119472][   T24] usb 2-1: Manufacturer: syz
[  324.126031][   T24] usb 2-1: SerialNumber: syz
[  324.139021][   T24] r8152-cfgselector 2-1: Unknown version 0x0000
[  324.145292][   T24] r8152-cfgselector 2-1: config 0 descriptor??
[  324.209986][ T5960] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  324.356657][   T24] r8152-cfgselector 2-1: Unknown version 0x0000
[  324.365031][ T5960] usb 3-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  324.366235][   T24] r8152-cfgselector 2-1: bad CDC descriptors
[  324.374329][ T5960] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  324.388286][ T5960] usb 3-1: Product: syz
[  324.388775][   T24] r8152-cfgselector 2-1: USB disconnect, device number 32
[  324.393747][ T5960] usb 3-1: Manufacturer: syz
[  324.415391][ T5960] usb 3-1: SerialNumber: syz
[  325.576034][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x0000011c. ret = -EPIPE
[  325.624052][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  325.959036][    T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  325.983455][    T9] lan78xx 4-1:1.0: probe with driver lan78xx failed with error -32
[  326.015058][ T9600] autofs: Unknown parameter 'fd0x0000000000000000'
[  326.022008][    T9] usb 4-1: USB disconnect, device number 42
[  326.529140][ T9610] FAULT_INJECTION: forcing a failure.
[  326.529140][ T9610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  326.545143][ T9610] CPU: 0 UID: 0 PID: 9610 Comm: syz.4.992 Not tainted syzkaller #0 PREEMPT(full) 
[  326.545168][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  326.545178][ T9610] Call Trace:
[  326.545184][ T9610]  <TASK>
[  326.545191][ T9610]  dump_stack_lvl+0x16c/0x1f0
[  326.545219][ T9610]  should_fail_ex+0x512/0x640
[  326.545249][ T9610]  _copy_from_user+0x2e/0xd0
[  326.545275][ T9610]  kstrtouint_from_user+0xd6/0x1d0
[  326.545294][ T9610]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  326.545312][ T9610]  ? __lock_acquire+0xb97/0x1ce0
[  326.545351][ T9610]  proc_fail_nth_write+0x83/0x220
[  326.545374][ T9610]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  326.545400][ T9610]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  326.545419][ T9610]  vfs_write+0x2a0/0x11d0
[  326.545442][ T9610]  ? __pfx___mutex_lock+0x10/0x10
[  326.545465][ T9610]  ? __pfx_vfs_write+0x10/0x10
[  326.545491][ T9610]  ? __fget_files+0x20e/0x3c0
[  326.545518][ T9610]  ksys_write+0x12a/0x250
[  326.545536][ T9610]  ? __pfx_ksys_write+0x10/0x10
[  326.545562][ T9610]  do_syscall_64+0xcd/0x4e0
[  326.545588][ T9610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.545606][ T9610] RIP: 0033:0x7f2abb38d6df
[  326.545621][ T9610] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  326.545643][ T9610] RSP: 002b:00007f2abc27f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  326.545661][ T9610] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2abb38d6df
[  326.545672][ T9610] RDX: 0000000000000001 RSI: 00007f2abc27f0a0 RDI: 0000000000000004
[  326.545683][ T9610] RBP: 00007f2abc27f090 R08: 0000000000000000 R09: 0000000000000000
[  326.545694][ T9610] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  326.545704][ T9610] R13: 00007f2abb5d6038 R14: 00007f2abb5d5fa0 R15: 00007ffc3e8e7d28
[  326.545730][ T9610]  </TASK>
[  326.909118][ T5960] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000118. ret = -EPIPE
[  326.920940][ T5960] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  326.931007][ T5960] lan78xx 3-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  327.053499][   T30] audit: type=1400 audit(1758339389.325:905): avc:  denied  { shutdown } for  pid=9586 comm="syz.2.985" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  327.074872][ T5960] lan78xx 3-1:1.0: probe with driver lan78xx failed with error -32
[  327.088653][ T5960] usb 3-1: USB disconnect, device number 40
[  327.194301][ T9623] netlink: 4 bytes leftover after parsing attributes in process `syz.0.993'.
[  327.581292][   T30] audit: type=1400 audit(1758339389.865:906): avc:  denied  { mount } for  pid=9607 comm="syz.1.991" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  327.722886][   T30] audit: type=1400 audit(1758339390.005:907): avc:  denied  { unmount } for  pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  327.832150][ T5976] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  327.937959][   T30] audit: type=1400 audit(1758339390.215:908): avc:  denied  { create } for  pid=9630 comm="syz.1.997" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  328.068115][ T5976] usb 5-1: device descriptor read/64, error -71
[  328.196161][ T9637] netlink: 4 bytes leftover after parsing attributes in process `syz.0.998'.
[  328.679914][ T5976] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  328.829994][ T5976] usb 5-1: device descriptor read/64, error -71
[  328.950230][ T5976] usb usb5-port1: attempt power cycle
[  329.162067][ T9644] autofs: Unknown parameter 'fd0x0000000000000000'
[  329.199909][   T24] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  329.448419][ T5976] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  329.478530][   T24] usb 1-1: unable to get BOS descriptor or descriptor too short
[  329.490802][ T5976] usb 5-1: device descriptor read/8, error -71
[  330.031133][   T30] audit: type=1400 audit(1758339392.295:909): avc:  denied  { mount } for  pid=9651 comm="syz.2.1004" name="/" dev="rpc_pipefs" ino=23540 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  330.036719][   T24] usb 1-1: config 13 has an invalid interface number: 177 but max is 0
[  330.065489][   T24] usb 1-1: config 13 has no interface number 0
[  330.073390][   T24] usb 1-1: config 13 interface 177 has no altsetting 0
[  330.099974][ T5976] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  330.225285][ T5976] usb 5-1: device descriptor read/8, error -71
[  330.240791][   T24] usb 1-1: New USB device found, idVendor=0413, idProduct=6f0f, bcdDevice=17.40
[  330.271382][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.279524][   T24] usb 1-1: Product: syz
[  330.300853][   T24] usb 1-1: Manufacturer: syz
[  330.318163][   T24] usb 1-1: SerialNumber: syz
[  330.362022][ T5976] usb usb5-port1: unable to enumerate USB device
[  330.829571][ T9665] Failed to initialize the IGMP autojoin socket (err -2)
[  330.959745][   T24] usb 1-1: USB disconnect, device number 30
[  331.439994][ T5976] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  331.766915][ T5976] usb 4-1: config 0 has no interfaces?
[  331.783748][ T5976] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  331.821957][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.873580][ T5976] usb 4-1: config 0 descriptor??
[  331.994983][   T30] audit: type=1400 audit(1758339394.275:910): avc:  denied  { getopt } for  pid=9685 comm="syz.0.1014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  332.241097][ T9696] FAULT_INJECTION: forcing a failure.
[  332.241097][ T9696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  332.254224][ T9696] CPU: 0 UID: 0 PID: 9696 Comm: syz.4.1016 Not tainted syzkaller #0 PREEMPT(full) 
[  332.254245][ T9696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  332.254256][ T9696] Call Trace:
[  332.254262][ T9696]  <TASK>
[  332.254269][ T9696]  dump_stack_lvl+0x16c/0x1f0
[  332.254296][ T9696]  should_fail_ex+0x512/0x640
[  332.254323][ T9696]  _copy_to_user+0x32/0xd0
[  332.254350][ T9696]  simple_read_from_buffer+0xcb/0x170
[  332.254377][ T9696]  proc_fail_nth_read+0x197/0x240
[  332.254399][ T9696]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  332.254421][ T9696]  ? rw_verify_area+0xcf/0x6c0
[  332.254447][ T9696]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  332.254467][ T9696]  vfs_read+0x1e1/0xcf0
[  332.254488][ T9696]  ? __pfx___mutex_lock+0x10/0x10
[  332.254512][ T9696]  ? __pfx_vfs_read+0x10/0x10
[  332.254537][ T9696]  ? __fget_files+0x20e/0x3c0
[  332.254564][ T9696]  ksys_read+0x12a/0x250
[  332.254582][ T9696]  ? __pfx_ksys_read+0x10/0x10
[  332.254607][ T9696]  do_syscall_64+0xcd/0x4e0
[  332.254632][ T9696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  332.254650][ T9696] RIP: 0033:0x7f2abb38d63c
[  332.254664][ T9696] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  332.254681][ T9696] RSP: 002b:00007f2abc23d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  332.254698][ T9696] RAX: ffffffffffffffda RBX: 00007f2abb5d6180 RCX: 00007f2abb38d63c
[  332.254710][ T9696] RDX: 000000000000000f RSI: 00007f2abc23d0a0 RDI: 0000000000000008
[  332.254721][ T9696] RBP: 00007f2abc23d090 R08: 0000000000000000 R09: 0000000000000000
[  332.254731][ T9696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  332.254741][ T9696] R13: 00007f2abb5d6218 R14: 00007f2abb5d6180 R15: 00007ffc3e8e7d28
[  332.254766][ T9696]  </TASK>
[  333.222338][   T30] audit: type=1400 audit(1758339395.495:911): avc:  denied  { unlink } for  pid=9704 comm="syz.1.1019" name="#7" dev="tmpfs" ino=1157 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  333.245505][ T9705] overlayfs: overlapping lowerdir path
[  333.269215][ T9708] FAULT_INJECTION: forcing a failure.
[  333.269215][ T9708] name failslab, interval 1, probability 0, space 0, times 0
[  333.297787][ T9708] CPU: 1 UID: 0 PID: 9708 Comm: syz.1.1019 Not tainted syzkaller #0 PREEMPT(full) 
[  333.297811][ T9708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  333.297821][ T9708] Call Trace:
[  333.297827][ T9708]  <TASK>
[  333.297834][ T9708]  dump_stack_lvl+0x16c/0x1f0
[  333.297861][ T9708]  should_fail_ex+0x512/0x640
[  333.297882][ T9708]  ? fs_reclaim_acquire+0xae/0x150
[  333.297908][ T9708]  ? tomoyo_encode2+0x100/0x3e0
[  333.297932][ T9708]  should_failslab+0xc2/0x120
[  333.297953][ T9708]  __kmalloc_noprof+0xd2/0x510
[  333.297970][ T9708]  ? d_absolute_path+0x136/0x1a0
[  333.298001][ T9708]  tomoyo_encode2+0x100/0x3e0
[  333.298030][ T9708]  tomoyo_encode+0x29/0x50
[  333.298054][ T9708]  tomoyo_realpath_from_path+0x18f/0x6e0
[  333.298088][ T9708]  tomoyo_mount_acl+0x1ae/0x850
[  333.298112][ T9708]  ? bpf_ksym_find+0x127/0x1c0
[  333.298137][ T9708]  ? is_bpf_text_address+0x94/0x1a0
[  333.298158][ T9708]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  333.298181][ T9708]  ? __kernel_text_address+0xd/0x40
[  333.298201][ T9708]  ? unwind_get_return_address+0x59/0xa0
[  333.298222][ T9708]  ? arch_stack_walk+0xa6/0x100
[  333.298268][ T9708]  ? tomoyo_domain+0xbb/0x150
[  333.298284][ T9708]  ? tomoyo_profile+0x47/0x60
[  333.298304][ T9708]  tomoyo_mount_permission+0x16d/0x420
[  333.298327][ T9708]  ? tomoyo_mount_permission+0x14f/0x420
[  333.298353][ T9708]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  333.298394][ T9708]  security_sb_mount+0x9b/0x260
[  333.298420][ T9708]  path_mount+0x15f/0x2000
[  333.298447][ T9708]  ? __pfx_path_mount+0x10/0x10
[  333.298471][ T9708]  ? kmem_cache_free+0x2d1/0x4d0
[  333.298488][ T9708]  ? putname+0x154/0x1a0
[  333.298516][ T9708]  ? putname+0x154/0x1a0
[  333.298541][ T9708]  ? __x64_sys_mount+0x28d/0x310
[  333.298568][ T9708]  __x64_sys_mount+0x28d/0x310
[  333.298591][ T9708]  ? __pfx___x64_sys_mount+0x10/0x10
[  333.298622][ T9708]  do_syscall_64+0xcd/0x4e0
[  333.298649][ T9708]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.298667][ T9708] RIP: 0033:0x7f8664f8ec29
[  333.298682][ T9708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.298698][ T9708] RSP: 002b:00007f8665dae038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  333.298715][ T9708] RAX: ffffffffffffffda RBX: 00007f86651d6090 RCX: 00007f8664f8ec29
[  333.298730][ T9708] RDX: 0000200000000000 RSI: 00002000000000c0 RDI: 0000000000000000
[  333.298741][ T9708] RBP: 00007f8665dae090 R08: 00002000000004c0 R09: 0000000000000000
[  333.298751][ T9708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.298761][ T9708] R13: 00007f86651d6128 R14: 00007f86651d6090 R15: 00007ffd772bcb58
[  333.298785][ T9708]  </TASK>
[  333.489911][ T5960] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  333.491968][    C1] vkms_vblank_simulate: vblank timer overrun
[  333.579107][ T9708] ERROR: Out of memory at tomoyo_realpath_from_path.
[  333.676029][    C1] vkms_vblank_simulate: vblank timer overrun
[  333.775738][   T30] audit: type=1400 audit(1758339396.055:912): avc:  denied  { read write } for  pid=9710 comm="syz.4.1021" name="ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  333.880157][   T30] audit: type=1400 audit(1758339396.055:913): avc:  denied  { open } for  pid=9710 comm="syz.4.1021" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  333.929721][   T30] audit: type=1400 audit(1758339396.085:914): avc:  denied  { ioctl } for  pid=9710 comm="syz.4.1021" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  333.960054][   T30] audit: type=1400 audit(1758339396.085:915): avc:  denied  { create } for  pid=9709 comm="syz.1.1022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  334.013478][   T30] audit: type=1400 audit(1758339396.085:916): avc:  denied  { write } for  pid=9709 comm="syz.1.1022" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  334.101737][ T5960] usb 1-1: Using ep0 maxpacket: 8
[  334.125517][ T5904] usb 4-1: USB disconnect, device number 43
[  334.133645][ T5960] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  334.142789][    T9] usb 2-1: new low-speed USB device number 33 using dummy_hcd
[  334.162470][ T5960] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.190396][ T5972] usb 3-1: new full-speed USB device number 41 using dummy_hcd
[  334.214937][ T5960] pvrusb2: Hardware description: Terratec Grabster AV400
[  334.224155][ T5960] pvrusb2: **********
[  334.228144][ T5960] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  334.239023][ T5960] pvrusb2: Important functionality might not be entirely working.
[  334.259520][ T5960] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  334.272131][ T5960] pvrusb2: **********
[  334.302330][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  334.312637][    T9] usb 2-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d6.76
[  334.321797][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.341958][    T9] usb 2-1: config 0 descriptor??
[  334.362993][ T5972] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  334.380416][ T5972] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  334.490258][ T2337] pvrusb2: Invalid write control endpoint
[  334.497164][ T5972] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.530155][ T5904] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  334.558239][ T5972] usb 3-1: config 0 descriptor??
[  334.561645][    T9] usb 2-1: string descriptor 0 read error: -71
[  334.569633][ T9716] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22
[  334.578167][ T2337] pvrusb2: Invalid write control endpoint
[  334.642962][ T2337] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  334.657148][    T9] gspca_main: conex-2.14.0 probing 0572:0041
[  334.671204][ T2337] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  334.694974][ T5960] usb 1-1: USB disconnect, device number 31
[  334.717331][ T2337] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  334.730404][ T5904] usb 4-1: unable to get BOS descriptor or descriptor too short
[  334.747256][ T5904] usb 4-1: config 13 has an invalid interface number: 177 but max is 0
[  334.764114][ T2337] pvrusb2: Device being rendered inoperable
[  334.771573][ T5904] usb 4-1: config 13 has no interface number 0
[  334.783711][ T2337] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  334.791847][ T5904] usb 4-1: config 13 interface 177 has no altsetting 0
[  334.798882][ T2337] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  334.813931][ T5904] usb 4-1: New USB device found, idVendor=0413, idProduct=6f0f, bcdDevice=17.40
[  334.827223][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.837226][ T2337] pvrusb2: Attached sub-driver cx25840
[  334.853097][ T2337] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  334.863926][ T5904] usb 4-1: Product: syz
[  334.878069][ T5904] usb 4-1: Manufacturer: syz
[  334.885243][ T2337] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  334.894721][ T5904] usb 4-1: SerialNumber: syz
[  334.977329][    T9] usb 2-1: USB disconnect, device number 33
[  334.995803][ T5972] elan 0003:04F3:0755.000A: unknown main item tag 0x1
[  335.023089][ T5972] elan 0003:04F3:0755.000A: unknown global tag 0xe
[  335.044405][ T5972] elan 0003:04F3:0755.000A: item 0 0 1 14 parsing failed
[  335.063240][ T5972] elan 0003:04F3:0755.000A: Hid Parse failed
[  335.079722][ T5972] elan 0003:04F3:0755.000A: probe with driver elan failed with error -22
[  335.129059][ T5904] usb 4-1: USB disconnect, device number 44
[  335.192872][ T5972] usb 3-1: USB disconnect, device number 41
[  335.326882][   T30] audit: type=1400 audit(1758339397.605:917): avc:  denied  { name_bind 0x1000000 } for  pid=9733 comm="syz.1.1028" path="socket:[25714]" dev="sockfs" ino=25714 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  336.762303][   T30] audit: type=1326 audit(1758339399.035:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9753 comm="syz.0.1034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f603378ec29 code=0x7ffc0000
[  337.003576][   T30] audit: type=1326 audit(1758339399.035:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9753 comm="syz.0.1034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f603378ec29 code=0x7ffc0000
[  337.072707][ T9737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9737 comm=syz.1.1028
[  337.100325][   T30] audit: type=1326 audit(1758339399.045:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9753 comm="syz.0.1034" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f603378ec29 code=0x7ffc0000
[  337.419422][ T9737] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1028'.
[  337.636286][ T9762] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  337.669527][ T9762] block device autoloading is deprecated and will be removed.
[  338.419396][ T9769] FAULT_INJECTION: forcing a failure.
[  338.419396][ T9769] name failslab, interval 1, probability 0, space 0, times 0
[  338.435489][   T30] kauditd_printk_skb: 24 callbacks suppressed
[  338.435503][   T30] audit: type=1400 audit(1758339400.695:945): avc:  denied  { write } for  pid=9768 comm="syz.1.1040" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  338.478435][ T9769] CPU: 1 UID: 0 PID: 9769 Comm: syz.1.1040 Not tainted syzkaller #0 PREEMPT(full) 
[  338.478458][ T9769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  338.478469][ T9769] Call Trace:
[  338.478475][ T9769]  <TASK>
[  338.478481][ T9769]  dump_stack_lvl+0x16c/0x1f0
[  338.478514][ T9769]  should_fail_ex+0x512/0x640
[  338.478536][ T9769]  ? kmem_cache_alloc_node_noprof+0x5e/0x3b0
[  338.478558][ T9769]  should_failslab+0xc2/0x120
[  338.478579][ T9769]  kmem_cache_alloc_node_noprof+0x71/0x3b0
[  338.478599][ T9769]  ? __alloc_skb+0x2b2/0x380
[  338.478622][ T9769]  __alloc_skb+0x2b2/0x380
[  338.478642][ T9769]  ? __pfx___alloc_skb+0x10/0x10
[  338.478661][ T9769]  ? kmem_cache_free+0x2d1/0x4d0
[  338.478685][ T9769]  alloc_skb_with_frags+0xe0/0x860
[  338.478708][ T9769]  ? __might_fault+0xe3/0x190
[  338.478724][ T9769]  ? __might_fault+0x13b/0x190
[  338.478745][ T9769]  sock_alloc_send_pskb+0x7fb/0x990
[  338.478765][ T9769]  ? _copy_from_iter+0x15d/0x1720
[  338.478796][ T9769]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  338.478816][ T9769]  ? find_held_lock+0x2b/0x80
[  338.478839][ T9769]  ? dev_get_by_index+0x17c/0x380
[  338.478866][ T9769]  packet_sendmsg+0x2054/0x5850
[  338.478903][ T9769]  ? sock_has_perm+0x259/0x2f0
[  338.478925][ T9769]  ? __pfx_sock_has_perm+0x10/0x10
[  338.478949][ T9769]  ? __pfx_packet_sendmsg+0x10/0x10
[  338.478983][ T9769]  __sys_sendto+0x4a0/0x520
[  338.479003][ T9769]  ? __pfx___sys_sendto+0x10/0x10
[  338.479044][ T9769]  ? ksys_write+0x1ac/0x250
[  338.479062][ T9769]  ? __pfx_ksys_write+0x10/0x10
[  338.479083][ T9769]  __x64_sys_sendto+0xe0/0x1c0
[  338.479101][ T9769]  ? do_syscall_64+0x91/0x4e0
[  338.479125][ T9769]  ? lockdep_hardirqs_on+0x7c/0x110
[  338.479146][ T9769]  do_syscall_64+0xcd/0x4e0
[  338.479170][ T9769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.479189][ T9769] RIP: 0033:0x7f8664f8ec29
[  338.479202][ T9769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.479219][ T9769] RSP: 002b:00007f8665dcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  338.479235][ T9769] RAX: ffffffffffffffda RBX: 00007f86651d5fa0 RCX: 00007f8664f8ec29
[  338.479246][ T9769] RDX: 000000000000e90c RSI: 00002000000000c0 RDI: 0000000000000003
[  338.479257][ T9769] RBP: 00007f8665dcf090 R08: 0000200000000540 R09: 0000000000000014
[  338.479268][ T9769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.479279][ T9769] R13: 00007f86651d6038 R14: 00007f86651d5fa0 R15: 00007ffd772bcb58
[  338.479303][ T9769]  </TASK>
[  339.086456][ T9778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1043'.
[  339.915251][   T30] audit: type=1400 audit(1758339402.195:946): avc:  denied  { ioctl } for  pid=9786 comm="syz.3.1047" path="/dev/binderfs/binder0" dev="binder" ino=16 ioctlcmd=0x620d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  339.980773][ T9787] binder: BINDER_SET_CONTEXT_MGR already set
[  340.048540][ T9787] binder: 9786:9787 ioctl 4018620d 200000000100 returned -16
[  340.071343][   T30] audit: type=1400 audit(1758339402.235:947): avc:  denied  { set_context_mgr } for  pid=9786 comm="syz.3.1047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  340.353210][   T30] audit: type=1400 audit(1758339402.265:948): avc:  denied  { write } for  pid=9786 comm="syz.3.1047" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  340.569934][ T5976] usb 4-1: new full-speed USB device number 45 using dummy_hcd
[  340.771511][ T5976] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  340.780703][ T5976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  341.104005][ T5976] usb 4-1: config 0 descriptor??
[  341.146681][ T9795] syz.4.1048: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  341.230074][ T9795] CPU: 1 UID: 0 PID: 9795 Comm: syz.4.1048 Not tainted syzkaller #0 PREEMPT(full) 
[  341.230101][ T9795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  341.230111][ T9795] Call Trace:
[  341.230117][ T9795]  <TASK>
[  341.230125][ T9795]  dump_stack_lvl+0x16c/0x1f0
[  341.230154][ T9795]  warn_alloc+0x248/0x3a0
[  341.230175][ T9795]  ? __pfx_warn_alloc+0x10/0x10
[  341.230210][ T9795]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  341.230238][ T9795]  ? __vmalloc_node_noprof+0xad/0xf0
[  341.230268][ T9795]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  341.230303][ T9795]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  341.230338][ T9795]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  341.230373][ T9795]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  341.230401][ T9795]  vmalloc_user_noprof+0x9e/0xe0
[  341.230427][ T9795]  ? vb2_vmalloc_alloc+0x135/0x3f0
[  341.230455][ T9795]  vb2_vmalloc_alloc+0x135/0x3f0
[  341.230483][ T9795]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  341.230511][ T9795]  __vb2_queue_alloc+0x8c9/0x1280
[  341.230550][ T9795]  vb2_core_reqbufs+0xa90/0xfe0
[  341.230583][ T9795]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  341.230611][ T9795]  ? __pfx___might_resched+0x10/0x10
[  341.230639][ T9795]  ? __mutex_lock+0x1c5/0x1060
[  341.230662][ T9795]  ? avc_has_extended_perms+0x47c/0x1090
[  341.230686][ T9795]  vb2_reqbufs+0x1a3/0x1f0
[  341.230710][ T9795]  ? __pfx_vb2_reqbufs+0x10/0x10
[  341.230731][ T9795]  ? __pfx_avc_has_extended_perms+0x10/0x10
[  341.230753][ T9795]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  341.230777][ T9795]  v4l2_m2m_ioctl_reqbufs+0xdc/0x1e0
[  341.230804][ T9795]  v4l_reqbufs+0x152/0x1e0
[  341.230825][ T9795]  __video_do_ioctl+0xb40/0xfc0
[  341.230853][ T9795]  ? __might_fault+0xe3/0x190
[  341.230871][ T9795]  ? __pfx___video_do_ioctl+0x10/0x10
[  341.230903][ T9795]  video_usercopy+0x4d0/0x1720
[  341.230926][ T9795]  ? __pfx___video_do_ioctl+0x10/0x10
[  341.230946][ T9795]  ? selinux_kernel_read_file+0x60/0x130
[  341.230972][ T9795]  ? __pfx_video_usercopy+0x10/0x10
[  341.231012][ T9795]  v4l2_ioctl+0x1bd/0x250
[  341.231032][ T9795]  ? __pfx_v4l2_ioctl+0x10/0x10
[  341.231054][ T9795]  __x64_sys_ioctl+0x18e/0x210
[  341.231083][ T9795]  do_syscall_64+0xcd/0x4e0
[  341.231110][ T9795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.231129][ T9795] RIP: 0033:0x7f2abb38ec29
[  341.231143][ T9795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.231160][ T9795] RSP: 002b:00007f2abc27f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  341.231178][ T9795] RAX: ffffffffffffffda RBX: 00007f2abb5d5fa0 RCX: 00007f2abb38ec29
[  341.231190][ T9795] RDX: 00002000000000c0 RSI: 00000000c0145608 RDI: 0000000000000003
[  341.231206][ T9795] RBP: 00007f2abb411e41 R08: 0000000000000000 R09: 0000000000000000
[  341.231217][ T9795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  341.231228][ T9795] R13: 00007f2abb5d6038 R14: 00007f2abb5d5fa0 R15: 00007ffc3e8e7d28
[  341.231253][ T9795]  </TASK>
[  341.231298][ T9795] Mem-Info:
[  341.529101][ T9787] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.541721][ T9787] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.629881][ T9795] active_anon:31878 inactive_anon:0 isolated_anon:0
[  341.629881][ T9795]  active_file:11402 inactive_file:48420 isolated_file:0
[  341.629881][ T9795]  unevictable:768 dirty:386 writeback:25
[  341.629881][ T9795]  slab_reclaimable:12455 slab_unreclaimable:101710
[  341.629881][ T9795]  mapped:34732 shmem:20606 pagetables:1303
[  341.629881][ T9795]  sec_pagetables:0 bounce:0
[  341.629881][ T9795]  kernel_misc_reclaimable:0
[  341.629881][ T9795]  free:1263513 free_pcp:17315 free_cma:0
[  341.759986][ T9795] Node 0 active_anon:127612kB inactive_anon:0kB active_file:45608kB inactive_file:193476kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138928kB dirty:1540kB writeback:0kB shmem:80888kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12376kB pagetables:5180kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  341.806144][ T5976] usbhid 4-1:0.0: can't add hid device: -71
[  341.830251][ T5976] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  341.856243][ T9795] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  341.881071][ T5976] usb 4-1: USB disconnect, device number 45
[  341.947166][ T9795] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  342.041360][ T9795] lowmem_reserve[]: 0 2479 2481 2481 2481
[  342.070576][ T9795] Node 0 DMA32 free:1150940kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:129300kB inactive_anon:0kB active_file:45608kB inactive_file:192148kB unevictable:1536kB writepending:1540kB present:3129332kB managed:2539316kB mlocked:0kB bounce:0kB free_pcp:50604kB local_pcp:24036kB free_cma:0kB
[  342.169337][ T9795] lowmem_reserve[]: 0 0 1 1 1
[  342.179427][ T9795] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:36kB local_pcp:28kB free_cma:0kB
[  342.246953][ T9795] lowmem_reserve[]: 0 0 0 0 0
[  342.261137][ T9795] Node 1 Normal free:3886204kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:17952kB local_pcp:13728kB free_cma:0kB
[  342.318361][ T9795] lowmem_reserve[]: 0 0 0 0 0
[  342.323523][ T9795] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  342.339457][ T9795] Node 0 DMA32: 441*4kB (UME) 258*8kB (M) 206*16kB (M) 201*32kB (ME) 136*64kB (UME) 115*128kB (M) 54*256kB (UM) 36*512kB (M) 18*1024kB (ME) 8*2048kB (M) 258*4096kB (M) = 1160820kB
[  342.381135][ T5888] usb 3-1: new high-speed USB device number 42 using dummy_hcd
[  342.396353][ T9795] Node 0 Normal: 1*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB
[  342.413398][ T9795] Node 1 Normal: 223*4kB (UME) 58*8kB (UME) 39*16kB (UME) 126*32kB (UME) 42*64kB (UME) 9*128kB (UME) 4*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3886204kB
[  342.436498][ T9795] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  342.446336][ T9795] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  342.502428][ T9795] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  342.533185][ T9795] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  342.545021][ T5888] usb 3-1: Using ep0 maxpacket: 32
[  342.554377][ T5888] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  342.565415][ T5888] usb 3-1: config 0 has no interface number 0
[  342.582677][ T9795] 80697 total pagecache pages
[  342.592838][ T9795] 0 pages in swap cache
[  342.596998][ T9795] Free swap  = 124996kB
[  342.601192][ T9795] Total swap = 124996kB
[  342.605394][ T9795] 2097051 pages RAM
[  342.609193][ T9795] 0 pages HighMem/MovableOnly
[  342.614069][ T9795] 430260 pages reserved
[  342.619473][ T9795] 0 pages cma reserved
[  342.621824][ T5888] usb 3-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  342.649949][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.657999][ T5888] usb 3-1: Product: syz
[  342.664882][ T5888] usb 3-1: Manufacturer: syz
[  343.131203][ T5888] usb 3-1: SerialNumber: syz
[  343.146693][ T5888] usb 3-1: config 0 descriptor??
[  343.161797][ T5888] usb 3-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  343.182735][ T5888] usb 3-1: selecting invalid altsetting 1
[  343.196032][ T5888] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  343.222551][   T30] audit: type=1400 audit(1758339405.505:949): avc:  denied  { read } for  pid=9815 comm="syz.1.1053" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  343.232407][ T5888] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  343.262966][ T5888] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  343.271287][ T5888] usb 3-1: media controller created
[  343.350093][ T5888] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  343.362406][ T9812] usb 3-1: dvb_usb_ce6230: I2C read not implemented
[  343.372769][   T30] audit: type=1400 audit(1758339405.655:950): avc:  denied  { write } for  pid=9811 comm="syz.2.1052" name="icmp6" dev="proc" ino=4026533250 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[  343.512260][ T5888] usb 3-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  343.546458][ T5888] zl10353_read_register: readreg error (reg=127, ret==-71)
[  343.574081][ T5888] usb 3-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  343.654382][ T5888] usb 3-1: USB disconnect, device number 42
[  343.799187][ T9827] netlink: 'syz.4.1056': attribute type 13 has an invalid length.
[  343.910145][ T9829] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1057'.
[  344.727700][ T9853] openvswitch: netlink: IP tunnel TTL not specified.
[  346.146069][ T9867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1069'.
[  346.160720][ T9867] geneve2: entered allmulticast mode
[  347.743026][ T9887] FAULT_INJECTION: forcing a failure.
[  347.743026][ T9887] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  347.793711][ T9887] CPU: 1 UID: 0 PID: 9887 Comm: syz.1.1077 Not tainted syzkaller #0 PREEMPT(full) 
[  347.793736][ T9887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  347.793747][ T9887] Call Trace:
[  347.793753][ T9887]  <TASK>
[  347.793760][ T9887]  dump_stack_lvl+0x16c/0x1f0
[  347.793786][ T9887]  should_fail_ex+0x512/0x640
[  347.793812][ T9887]  _copy_from_iter+0x29f/0x1720
[  347.793841][ T9887]  ? __build_skb_around+0x278/0x3b0
[  347.793860][ T9887]  ? __pfx__copy_from_iter+0x10/0x10
[  347.793884][ T9887]  ? __pfx___alloc_skb+0x10/0x10
[  347.793903][ T9887]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  347.793940][ T9887]  pfkey_sendmsg+0x1da/0x850
[  347.793969][ T9887]  ____sys_sendmsg+0xa98/0xc70
[  347.793996][ T9887]  ? copy_msghdr_from_user+0x10a/0x160
[  347.794017][ T9887]  ? __pfx_____sys_sendmsg+0x10/0x10
[  347.794056][ T9887]  ___sys_sendmsg+0x134/0x1d0
[  347.794079][ T9887]  ? __pfx____sys_sendmsg+0x10/0x10
[  347.794133][ T9887]  __sys_sendmsg+0x16d/0x220
[  347.794154][ T9887]  ? __pfx___sys_sendmsg+0x10/0x10
[  347.794191][ T9887]  do_syscall_64+0xcd/0x4e0
[  347.794217][ T9887]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.794235][ T9887] RIP: 0033:0x7f8664f8ec29
[  347.794249][ T9887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  347.794265][ T9887] RSP: 002b:00007f8665dcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  347.794282][ T9887] RAX: ffffffffffffffda RBX: 00007f86651d5fa0 RCX: 00007f8664f8ec29
[  347.794293][ T9887] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  347.794303][ T9887] RBP: 00007f8665dcf090 R08: 0000000000000000 R09: 0000000000000000
[  347.794312][ T9887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  347.794322][ T9887] R13: 00007f86651d6038 R14: 00007f86651d5fa0 R15: 00007ffd772bcb58
[  347.794346][ T9887]  </TASK>
[  348.051732][   T30] audit: type=1400 audit(1758339410.325:951): avc:  denied  { mount } for  pid=9890 comm="syz.3.1080" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  348.251813][ T9901] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.270460][ T5888] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  348.432762][ T5888] usb 5-1: unable to get BOS descriptor or descriptor too short
[  348.442267][ T5888] usb 5-1: config 13 has an invalid interface number: 177 but max is 0
[  348.455524][ T5888] usb 5-1: config 13 has no interface number 0
[  348.473340][ T5888] usb 5-1: config 13 interface 177 has no altsetting 0
[  348.474691][ T9912] FAULT_INJECTION: forcing a failure.
[  348.474691][ T9912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  348.489949][ T5888] usb 5-1: language id specifier not provided by device, defaulting to English
[  348.513851][ T9912] CPU: 1 UID: 0 PID: 9912 Comm: syz.2.1086 Not tainted syzkaller #0 PREEMPT(full) 
[  348.513873][ T9912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  348.513883][ T9912] Call Trace:
[  348.513889][ T9912]  <TASK>
[  348.513896][ T9912]  dump_stack_lvl+0x16c/0x1f0
[  348.513923][ T9912]  should_fail_ex+0x512/0x640
[  348.513950][ T9912]  _copy_from_iter+0x29f/0x1720
[  348.513978][ T9912]  ? __alloc_skb+0x200/0x380
[  348.514000][ T9912]  ? __pfx__copy_from_iter+0x10/0x10
[  348.514027][ T9912]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  348.514058][ T9912]  netlink_sendmsg+0x829/0xdd0
[  348.514086][ T9912]  ? __pfx_netlink_sendmsg+0x10/0x10
[  348.514118][ T9912]  ____sys_sendmsg+0xa98/0xc70
[  348.514146][ T9912]  ? copy_msghdr_from_user+0x10a/0x160
[  348.514167][ T9912]  ? __pfx_____sys_sendmsg+0x10/0x10
[  348.514205][ T9912]  ___sys_sendmsg+0x134/0x1d0
[  348.514227][ T9912]  ? __pfx____sys_sendmsg+0x10/0x10
[  348.514277][ T9912]  __sys_sendmsg+0x16d/0x220
[  348.514299][ T9912]  ? __pfx___sys_sendmsg+0x10/0x10
[  348.514336][ T9912]  do_syscall_64+0xcd/0x4e0
[  348.514361][ T9912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.514379][ T9912] RIP: 0033:0x7f6b3418ec29
[  348.514393][ T9912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.514410][ T9912] RSP: 002b:00007f6b35033038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  348.514426][ T9912] RAX: ffffffffffffffda RBX: 00007f6b343d5fa0 RCX: 00007f6b3418ec29
[  348.514444][ T9912] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  348.514454][ T9912] RBP: 00007f6b35033090 R08: 0000000000000000 R09: 0000000000000000
[  348.514463][ T9912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  348.514473][ T9912] R13: 00007f6b343d6038 R14: 00007f6b343d5fa0 R15: 00007ffdac943f18
[  348.514495][ T9912]  </TASK>
[  348.515826][ T5888] usb 5-1: New USB device found, idVendor=0413, idProduct=6f0f, bcdDevice=17.40
[  348.714249][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.722324][ T5888] usb 5-1: Product: syz
[  348.726486][ T5888] usb 5-1: Manufacturer: დ⏾삒櫃줴妩ⲻ펱ަ嶪৕⬀뀩슒蹦惢㱒铬穕㖚啣ી靮ᡂ鑌廳ꇗꗄ걝Ჺ䄫졦˅䲨暈嗤ꆫ苞넬牍癢㷭疝嵆᝛橘傡獈쟷뗢汦
[  348.758568][ T5888] usb 5-1: SerialNumber: syz
[  348.938953][   T30] audit: type=1400 audit(1758339411.215:952): avc:  denied  { map } for  pid=9923 comm="syz.1.1089" path="/dev/binderfs/binder0" dev="binder" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  348.939928][   T24] usb 3-1: new high-speed USB device number 43 using dummy_hcd
[  349.000495][   T30] audit: type=1400 audit(1758339411.255:953): avc:  denied  { call } for  pid=9923 comm="syz.1.1089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  349.014318][ T5888] usb 5-1: USB disconnect, device number 35
[  349.201228][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.213590][   T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.228381][   T24] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  349.239532][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.257250][   T24] usb 3-1: config 0 descriptor??
[  349.489959][ T5972] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  349.639994][ T5972] usb 2-1: Using ep0 maxpacket: 16
[  349.674163][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.682398][ T5972] usb 2-1: config 0 has an invalid interface number: 132 but max is 0
[  349.703100][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.710636][ T5972] usb 2-1: config 0 has no interface number 0
[  349.724730][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.743546][ T5972] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  349.755744][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.763952][ T5972] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  349.774325][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.783047][ T5972] usb 2-1: Product: syz
[  349.787351][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.796372][ T5972] usb 2-1: Manufacturer: syz
[  349.803513][   T24] cp2112 0003:10C4:EA90.000B: unknown main item tag 0x0
[  349.804434][ T5972] usb 2-1: SerialNumber: syz
[  349.824120][   T24] cp2112 0003:10C4:EA90.000B: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  350.002824][ T5972] usb 2-1: config 0 descriptor??
[  350.017389][ T5972] hub 2-1:0.132: bad descriptor, ignoring hub
[  350.100222][   T24] cp2112 0003:10C4:EA90.000B: error requesting version
[  350.148663][ T5972] hub 2-1:0.132: probe with driver hub failed with error -5
[  350.157389][   T24] cp2112 0003:10C4:EA90.000B: probe with driver cp2112 failed with error -5
[  350.200257][ T5972] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.132/input/input24
[  350.267049][   T30] audit: type=1400 audit(1758339412.539:954): avc:  denied  { setopt } for  pid=9933 comm="syz.4.1093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  350.452716][ T9932] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1092'.
[  350.901349][ T5858] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  350.908788][ T5864] Bluetooth: hci5: command 0x1003 tx timeout
[  351.088401][   T30] audit: type=1400 audit(1758339413.349:955): avc:  denied  { bind } for  pid=9943 comm="syz.4.1094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  351.565874][ T9949] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1095'.
[  351.643217][   T30] audit: type=1400 audit(1758339413.879:956): avc:  denied  { setattr } for  pid=9948 comm="syz.1.1095" name="NETLINK" dev="sockfs" ino=26830 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  352.565232][ T5888] usb 3-1: USB disconnect, device number 43
[  353.126281][ T9971] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  353.401352][   T30] audit: type=1400 audit(1758339415.669:957): avc:  denied  { read } for  pid=9960 comm="syz.4.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  353.654241][   T30] audit: type=1400 audit(1758339415.929:958): avc:  denied  { bind } for  pid=9960 comm="syz.4.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  353.656999][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.889994][ T5888] usb 3-1: new high-speed USB device number 44 using dummy_hcd
[  354.123953][ T5888] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  354.133724][ T5888] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  354.153992][   T30] audit: type=1400 audit(1758339416.419:959): avc:  denied  { open } for  pid=9986 comm="syz.3.1106" path="/dev/ptyqb" dev="devtmpfs" ino=130 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  354.184708][ T5888] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  354.218082][ T5888] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  354.242173][ T5864] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  354.259694][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  354.268916][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  354.276606][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  354.285589][ T5864] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  354.316825][ T5858] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  354.326179][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  354.334590][ T5858] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  354.343912][ T5858] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  354.351834][ T5858] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  354.359114][ T5858] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  354.382095][   T30] audit: type=1400 audit(1758339416.649:960): avc:  denied  { mounton } for  pid=9993 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  354.405098][ T5888] usb 3-1: Product: syz
[  354.409240][ T5888] usb 3-1: Manufacturer: syz
[  354.415517][ T5888] usb 3-1: SerialNumber: syz
[  354.436260][   T30] audit: type=1400 audit(1758339416.709:961): avc:  denied  { listen } for  pid=9995 comm="syz.1.1107" path=2F3234382FE91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  354.475897][   T30] audit: type=1400 audit(1758339416.739:962): avc:  denied  { mounton } for  pid=9995 comm="syz.1.1107" path=2F3234382FE91F7189591E9233614B dev="tmpfs" ino=1328 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  354.510003][   T30] audit: type=1400 audit(1758339416.749:963): avc:  denied  { unmount } for  pid=5845 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  354.551384][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.575828][ T9993] Failed to initialize the IGMP autojoin socket (err -2)
[  354.597437][    T9] usb 2-1: USB disconnect, device number 34
[  354.634529][ T5888] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 44 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  354.656596][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.923994][   T30] audit: type=1400 audit(1758339417.189:964): avc:  denied  { read write } for  pid=9974 comm="syz.2.1103" name="lp0" dev="devtmpfs" ino=3508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  354.984526][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.003966][   T30] audit: type=1400 audit(1758339417.189:965): avc:  denied  { open } for  pid=9974 comm="syz.2.1103" path="/dev/usb/lp0" dev="devtmpfs" ino=3508 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:printer_device_t tclass=chr_file permissive=1
[  355.035413][    T9] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  355.039680][ T5972] usb 3-1: USB disconnect, device number 44
[  355.255552][ T5972] usblp0: removed
[  355.263639][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.297238][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  355.445754][T10013] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1110'.
[  355.578522][    T9] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  355.609316][ T9993] chnl_net:caif_netlink_parms(): no params data found
[  355.643213][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.713692][    T9] usb 2-1: config 0 descriptor??
[  356.162694][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.170260][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.177994][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.195124][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.203423][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.222615][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.238344][    T9] cp2112 0003:10C4:EA90.000C: unknown main item tag 0x0
[  356.246290][ T9993] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.264281][ T9993] bridge0: port 1(bridge_slave_0) entered disabled state
[  356.267946][    T9] cp2112 0003:10C4:EA90.000C: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  356.337511][ T9993] bridge_slave_0: entered allmulticast mode
[  356.361592][ T9993] bridge_slave_0: entered promiscuous mode
[  356.367942][    T9] cp2112 0003:10C4:EA90.000C: error requesting version
[  356.372199][ T9993] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.382076][ T9993] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.389276][ T9993] bridge_slave_1: entered allmulticast mode
[  356.417667][    T9] cp2112 0003:10C4:EA90.000C: probe with driver cp2112 failed with error -5
[  356.418357][ T9993] bridge_slave_1: entered promiscuous mode
[  356.426711][ T5864] Bluetooth: hci3: command tx timeout
[  356.681274][T10044] Failed to initialize the IGMP autojoin socket (err -2)
[  356.717539][ T9993] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  356.836881][   T12] bridge_slave_1: left allmulticast mode
[  356.845171][   T12] bridge_slave_1: left promiscuous mode
[  356.852746][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  356.868392][   T12] bridge_slave_0: left allmulticast mode
[  356.879584][   T12] bridge_slave_0: left promiscuous mode
[  356.991099][   T30] audit: type=1400 audit(1758339419.219:966): avc:  denied  { ioctl } for  pid=10043 comm="syz.3.1118" path="/dev/loop-control" dev="devtmpfs" ino=646 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  357.300582][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  357.362282][    T9] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[  357.439336][T10057] overlayfs: overlapping lowerdir path
[  357.461963][T10057] FAULT_INJECTION: forcing a failure.
[  357.461963][T10057] name failslab, interval 1, probability 0, space 0, times 0
[  357.475176][T10057] CPU: 0 UID: 0 PID: 10057 Comm: syz.2.1119 Not tainted syzkaller #0 PREEMPT(full) 
[  357.475199][T10057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  357.475208][T10057] Call Trace:
[  357.475213][T10057]  <TASK>
[  357.475220][T10057]  dump_stack_lvl+0x16c/0x1f0
[  357.475248][T10057]  should_fail_ex+0x512/0x640
[  357.475278][T10057]  ? fs_reclaim_acquire+0xae/0x150
[  357.475301][T10057]  ? tomoyo_encode2+0x100/0x3e0
[  357.475324][T10057]  should_failslab+0xc2/0x120
[  357.475344][T10057]  __kmalloc_noprof+0xd2/0x510
[  357.475362][T10057]  ? d_absolute_path+0x136/0x1a0
[  357.475392][T10057]  tomoyo_encode2+0x100/0x3e0
[  357.475420][T10057]  tomoyo_encode+0x29/0x50
[  357.475442][T10057]  tomoyo_realpath_from_path+0x18f/0x6e0
[  357.475473][T10057]  tomoyo_mount_acl+0x1ae/0x850
[  357.475493][T10057]  ? bpf_ksym_find+0x127/0x1c0
[  357.475514][T10057]  ? is_bpf_text_address+0x94/0x1a0
[  357.475532][T10057]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  357.475552][T10057]  ? __kernel_text_address+0xd/0x40
[  357.475569][T10057]  ? unwind_get_return_address+0x59/0xa0
[  357.475587][T10057]  ? arch_stack_walk+0xa6/0x100
[  357.475626][T10057]  ? tomoyo_domain+0xbb/0x150
[  357.475641][T10057]  ? tomoyo_profile+0x47/0x60
[  357.475658][T10057]  tomoyo_mount_permission+0x16d/0x420
[  357.475680][T10057]  ? tomoyo_mount_permission+0x14f/0x420
[  357.475703][T10057]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  357.475745][T10057]  security_sb_mount+0x9b/0x260
[  357.475770][T10057]  path_mount+0x15f/0x2000
[  357.475798][T10057]  ? __pfx_path_mount+0x10/0x10
[  357.475823][T10057]  ? kmem_cache_free+0x2d1/0x4d0
[  357.475841][T10057]  ? putname+0x154/0x1a0
[  357.475868][T10057]  ? putname+0x154/0x1a0
[  357.475893][T10057]  ? __x64_sys_mount+0x28d/0x310
[  357.475915][T10057]  __x64_sys_mount+0x28d/0x310
[  357.475938][T10057]  ? __pfx___x64_sys_mount+0x10/0x10
[  357.475969][T10057]  do_syscall_64+0xcd/0x4e0
[  357.475996][T10057]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.476013][T10057] RIP: 0033:0x7f6b3418ec29
[  357.476028][T10057] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.476044][T10057] RSP: 002b:00007f6b35033038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  357.476061][T10057] RAX: ffffffffffffffda RBX: 00007f6b343d5fa0 RCX: 00007f6b3418ec29
[  357.476071][T10057] RDX: 0000200000000000 RSI: 00002000000000c0 RDI: 0000000000000000
[  357.476082][T10057] RBP: 00007f6b35033090 R08: 00002000000004c0 R09: 0000000000000000
[  357.476092][T10057] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.476102][T10057] R13: 00007f6b343d6038 R14: 00007f6b343d5fa0 R15: 00007ffdac943f18
[  357.476127][T10057]  </TASK>
[  357.476145][T10057] ERROR: Out of memory at tomoyo_realpath_from_path.
[  357.761355][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  357.774235][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  357.784866][    T9] usb 5-1: New USB device found, idVendor=1b1c, idProduct=0a2b, bcdDevice= 0.00
[  357.794572][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.804838][    T9] usb 5-1: config 0 descriptor??
[  358.234555][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  358.257912][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  358.279041][   T12] bond0 (unregistering): Released all slaves
[  358.354793][   T12] bond1 (unregistering): Released all slaves
[  358.380219][ T9993] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  358.428842][ T5904] usb 2-1: USB disconnect, device number 35
[  358.497913][    T9] hid-corsair-void 0003:1B1C:0A2B.000D: item fetching failed at offset 5/7
[  358.506636][ T5864] Bluetooth: hci3: command tx timeout
[  358.513067][    T9] hid-corsair-void 0003:1B1C:0A2B.000D: parse failed (reason: -22)
[  358.524030][    T9] hid-corsair-void 0003:1B1C:0A2B.000D: probe with driver hid-corsair-void failed with error -22
[  358.598403][ T9993] team0: Port device team_slave_0 added
[  358.737049][ T9993] team0: Port device team_slave_1 added
[  358.811445][T10073] usb usb8: usbfs: process 10073 (syz.1.1123) did not claim interface 0 before use
[  358.928639][ T9993] batman_adv: batadv0: Adding interface: batadv_slave_0
[  358.938531][ T9993] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.100141][   T24] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  359.150865][ T9993] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  359.212804][ T9993] batman_adv: batadv0: Adding interface: batadv_slave_1
[  359.245475][ T9993] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  359.278111][ T9993] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  359.367458][   T24] usb 4-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e
[  359.383693][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.394260][   T24] usb 4-1: Product: syz
[  359.398872][   T24] usb 4-1: Manufacturer: syz
[  359.403820][   T24] usb 4-1: SerialNumber: syz
[  359.410435][   T24] usb 4-1: config 0 descriptor??
[  359.439188][   T12] hsr_slave_0: left promiscuous mode
[  359.449779][   T12] hsr_slave_1: left promiscuous mode
[  359.456297][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  359.464185][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  359.474531][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  359.482038][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  359.518773][   T12] veth1_macvtap: left promiscuous mode
[  359.526878][   T12] veth0_macvtap: left promiscuous mode
[  359.533176][   T12] veth1_vlan: left promiscuous mode
[  359.538985][   T12] veth0_vlan: left promiscuous mode
[  359.628210][   T24] usb 4-1: USB disconnect, device number 46
[  359.764516][ T5972] usb 5-1: USB disconnect, device number 36
[  359.968333][T10090] FAULT_INJECTION: forcing a failure.
[  359.968333][T10090] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  359.982962][T10090] CPU: 1 UID: 0 PID: 10090 Comm: syz.4.1128 Not tainted syzkaller #0 PREEMPT(full) 
[  359.982981][T10090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  359.982988][T10090] Call Trace:
[  359.982992][T10090]  <TASK>
[  359.982996][T10090]  dump_stack_lvl+0x16c/0x1f0
[  359.983015][T10090]  should_fail_ex+0x512/0x640
[  359.983032][T10090]  should_fail_alloc_page+0xe7/0x130
[  359.983047][T10090]  prepare_alloc_pages+0x3c2/0x610
[  359.983063][T10090]  ? rcu_is_watching+0x12/0xc0
[  359.983079][T10090]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  359.983091][T10090]  ? css_rstat_updated+0x1c2/0x510
[  359.983107][T10090]  ? __pfx_css_rstat_updated+0x10/0x10
[  359.983122][T10090]  ? pte_alloc_one+0x82/0x3a0
[  359.983136][T10090]  ? __lock_acquire+0x62e/0x1ce0
[  359.983155][T10090]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  359.983173][T10090]  ? __lock_acquire+0x62e/0x1ce0
[  359.983192][T10090]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  359.983211][T10090]  ? policy_nodemask+0xea/0x4e0
[  359.983226][T10090]  alloc_pages_mpol+0x1fb/0x550
[  359.983239][T10090]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  359.983253][T10090]  ? __lock_acquire+0x62e/0x1ce0
[  359.983272][T10090]  folio_alloc_mpol_noprof+0x36/0x2f0
[  359.983288][T10090]  vma_alloc_folio_noprof+0xed/0x1e0
[  359.983303][T10090]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  359.983322][T10090]  do_pte_missing+0x2230/0x3ba0
[  359.983340][T10090]  ? find_held_lock+0x2b/0x80
[  359.983357][T10090]  __handle_mm_fault+0x152a/0x2a50
[  359.983378][T10090]  ? __pfx___handle_mm_fault+0x10/0x10
[  359.983397][T10090]  ? __pte_offset_map_lock+0x174/0x310
[  359.983411][T10090]  ? find_held_lock+0x2b/0x80
[  359.983429][T10090]  ? follow_page_pte.constprop.0+0x5cf/0x1390
[  359.983448][T10090]  handle_mm_fault+0x589/0xd10
[  359.983468][T10090]  __get_user_pages+0x551/0x34a0
[  359.983487][T10090]  ? down_read_killable+0x220/0x4b0
[  359.983503][T10090]  ? is_bpf_text_address+0x8a/0x1a0
[  359.983515][T10090]  ? __pfx___get_user_pages+0x10/0x10
[  359.983531][T10090]  ? __lock_acquire+0x62e/0x1ce0
[  359.983550][T10090]  __gup_longterm_locked+0x2dd/0x17e0
[  359.983569][T10090]  ? __pfx___gup_longterm_locked+0x10/0x10
[  359.983588][T10090]  ? sanity_check_pinned_pages+0x23/0x11d0
[  359.983606][T10090]  gup_fast_fallback+0xf78/0x23f0
[  359.983632][T10090]  ? __pfx_gup_fast_fallback+0x10/0x10
[  359.983654][T10090]  pin_user_pages_fast+0xa7/0xf0
[  359.983669][T10090]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  359.983685][T10090]  ? iopt_pages_fill_from_xarray+0x3a6/0x580
[  359.983705][T10090]  pfn_reader_user_pin+0xcd0/0x10b0
[  359.983721][T10090]  ? __pfx_iopt_pages_fill_from_xarray+0x10/0x10
[  359.983739][T10090]  ? interval_tree_span_iter_next+0x315/0x4d0
[  359.983755][T10090]  ? __pfx_pfn_reader_user_pin+0x10/0x10
[  359.983770][T10090]  ? interval_tree_span_iter_advance+0x16e/0x1e0
[  359.983786][T10090]  ? interval_tree_double_span_iter_update+0x216/0x3b0
[  359.983805][T10090]  iopt_pages_fill_xarray+0x3b5/0xa20
[  359.983821][T10090]  ? __kasan_kmalloc+0xaa/0xb0
[  359.983833][T10090]  ? do_syscall_64+0xcd/0x4e0
[  359.983847][T10090]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.983861][T10090]  ? __pfx_iopt_pages_fill_xarray+0x10/0x10
[  359.983894][T10090]  ? kasan_save_track+0x14/0x30
[  359.983906][T10090]  iopt_area_add_access+0x22a/0x410
[  359.983924][T10090]  iommufd_access_pin_pages+0x66a/0xa40
[  359.983945][T10090]  ? __pfx_iommufd_access_pin_pages+0x10/0x10
[  359.983963][T10090]  ? iommufd_test+0x4788/0x61d0
[  359.983978][T10090]  iommufd_test+0x47ee/0x61d0
[  359.983993][T10090]  ? __pfx_iommufd_test+0x10/0x10
[  359.984005][T10090]  ? find_held_lock+0x2b/0x80
[  359.984018][T10090]  ? __might_fault+0xe3/0x190
[  359.984028][T10090]  ? __might_fault+0xe3/0x190
[  359.984037][T10090]  ? __might_fault+0x13b/0x190
[  359.984054][T10090]  iommufd_fops_ioctl+0x34d/0x540
[  359.984068][T10090]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  359.984083][T10090]  ? hook_file_ioctl_common+0x145/0x410
[  359.984099][T10090]  ? selinux_file_ioctl+0x180/0x270
[  359.984115][T10090]  ? selinux_file_ioctl+0xb4/0x270
[  359.984132][T10090]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  359.984146][T10090]  __x64_sys_ioctl+0x18e/0x210
[  359.984164][T10090]  do_syscall_64+0xcd/0x4e0
[  359.984180][T10090]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.984190][T10090] RIP: 0033:0x7f2abb38ec29
[  359.984204][T10090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.984214][T10090] RSP: 002b:00007f2abc27f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  359.984225][T10090] RAX: ffffffffffffffda RBX: 00007f2abb5d5fa0 RCX: 00007f2abb38ec29
[  359.984231][T10090] RDX: 0000200000000480 RSI: 0000000000003ba0 RDI: 0000000000000007
[  359.984237][T10090] RBP: 00007f2abc27f090 R08: 0000000000000000 R09: 0000000000000000
[  359.984244][T10090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.984250][T10090] R13: 00007f2abb5d6038 R14: 00007f2abb5d5fa0 R15: 00007ffc3e8e7d28
[  359.984264][T10090]  </TASK>
[  360.580281][ T5864] Bluetooth: hci3: command tx timeout
[  360.618860][T10092] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1129'.
[  360.725067][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  360.725078][   T30] audit: type=1400 audit(1758339422.999:968): avc:  denied  { write } for  pid=10091 comm="syz.4.1129" name="binder0" dev="binder" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  360.905323][T10100] netlink: 'syz.3.1131': attribute type 10 has an invalid length.
[  361.003382][   T12] team0 (unregistering): Port device team_slave_1 removed
[  361.033000][   T12] team0 (unregistering): Port device team_slave_0 removed
[  361.313289][T10100] bridge0: port 2(bridge_slave_1) entered disabled state
[  361.321229][T10100] bridge0: port 1(
) entered disabled state
[  361.371517][T10100] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.378623][T10100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.387074][T10100] bridge0: port 1(
) entered blocking state
[  361.393031][T10100] bridge0: port 1(
) entered forwarding state
[  361.414809][T10100] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  361.449021][ T9993] hsr_slave_0: entered promiscuous mode
[  361.460645][ T9993] hsr_slave_1: entered promiscuous mode
[  361.650576][ T5904] usb 3-1: new high-speed USB device number 45 using dummy_hcd
[  361.679113][T10108] netlink: 'syz.3.1134': attribute type 10 has an invalid length.
[  361.744008][T10108] macvlan0: entered promiscuous mode
[  361.774232][T10108] bond0: (slave macvlan0): Enslaving as an active interface with an up link
[  361.783220][ T5888] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[  361.836908][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.868381][ T5904] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.889921][ T5904] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  361.914881][ T5904] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.940860][ T5904] usb 3-1: config 0 descriptor??
[  361.949914][ T5888] usb 5-1: Using ep0 maxpacket: 16
[  361.960177][ T5888] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  361.968403][ T5888] usb 5-1: config 0 has no interface number 0
[  361.982223][ T5888] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  362.004168][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.018209][ T5888] usb 5-1: Product: syz
[  362.029998][ T5888] usb 5-1: Manufacturer: syz
[  362.042858][ T5888] usb 5-1: SerialNumber: syz
[  362.064923][ T5888] usb 5-1: config 0 descriptor??
[  362.292688][ T5888] usb 5-1: selecting invalid altsetting 1
[  362.307589][ T5888] speedtch 5-1:0.1: speedtch_bind: setting interface to  1 failed (-22)!
[  362.329602][ T5888] speedtch 5-1:0.1: usbatm_usb_probe: bind failed: -22!
[  362.352738][ T5888] speedtch 5-1:0.1: probe with driver speedtch failed with error -22
[  362.463260][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  362.509925][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  362.526514][ T9993] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  362.535307][ T5888] usb 5-1: USB disconnect, device number 37
[  362.550411][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  362.716192][   T30] audit: type=1800 audit(1758339424.919:969): pid=10123 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.1.1135" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0
[  362.751119][ T5864] Bluetooth: hci3: command tx timeout
[  362.861209][ T9993] netdevsim netdevsim5 netdevsim1: renamed from eth6
[  363.027086][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  363.034242][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  363.041239][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  363.048181][ T5904] cp2112 0003:10C4:EA90.000E: unknown main item tag 0x0
[  363.068907][ T5904] cp2112 0003:10C4:EA90.000E: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  363.092490][ T9993] netdevsim netdevsim5 netdevsim2: renamed from eth7
[  363.124458][ T9993] netdevsim netdevsim5 netdevsim3: renamed from eth8
[  363.201082][ T5904] cp2112 0003:10C4:EA90.000E: Part Number: 0x00 Device Version: 0x00
[  363.238481][ T5904] cp2112 0003:10C4:EA90.000E: error requesting SMBus config
[  363.284866][ T5904] cp2112 0003:10C4:EA90.000E: probe with driver cp2112 failed with error -32
[  363.560710][ T9993] 8021q: adding VLAN 0 to HW filter on device team0
[  363.658606][T10141] FAULT_INJECTION: forcing a failure.
[  363.658606][T10141] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  363.705964][T10141] CPU: 0 UID: 0 PID: 10141 Comm: syz.1.1137 Not tainted syzkaller #0 PREEMPT(full) 
[  363.705987][T10141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  363.705997][T10141] Call Trace:
[  363.706003][T10141]  <TASK>
[  363.706009][T10141]  dump_stack_lvl+0x16c/0x1f0
[  363.706034][T10141]  should_fail_ex+0x512/0x640
[  363.706060][T10141]  should_fail_alloc_page+0xe7/0x130
[  363.706083][T10141]  prepare_alloc_pages+0x3c2/0x610
[  363.706110][T10141]  __alloc_frozen_pages_noprof+0x18b/0x23f0
[  363.706128][T10141]  ? stack_depot_save_flags+0x3de/0x9c0
[  363.706154][T10141]  ? __lock_acquire+0x62e/0x1ce0
[  363.706184][T10141]  ? __vmf_anon_prepare+0x11c/0x240
[  363.706210][T10141]  ? do_wp_page+0x105a/0x4f00
[  363.706230][T10141]  ? __handle_mm_fault+0x1b2d/0x2a50
[  363.706255][T10141]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  363.706271][T10141]  ? __lock_acquire+0x62e/0x1ce0
[  363.706299][T10141]  ? __lock_acquire+0xb97/0x1ce0
[  363.706326][T10141]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  363.706345][T10141]  ? policy_nodemask+0xea/0x4e0
[  363.706368][T10141]  alloc_pages_mpol+0x1fb/0x550
[  363.706388][T10141]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  363.706409][T10141]  ? __anon_vma_prepare+0x2db/0x5e0
[  363.706427][T10141]  folio_alloc_mpol_noprof+0x36/0x2f0
[  363.706451][T10141]  vma_alloc_folio_noprof+0xed/0x1e0
[  363.706472][T10141]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  363.706494][T10141]  ? __anon_vma_prepare+0x2e2/0x5e0
[  363.706516][T10141]  do_wp_page+0x1136/0x4f00
[  363.706545][T10141]  ? __pfx_do_wp_page+0x10/0x10
[  363.706570][T10141]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  363.706588][T10141]  ? ___pte_offset_map+0x2ad/0x4f0
[  363.706615][T10141]  __handle_mm_fault+0x1b2d/0x2a50
[  363.706644][T10141]  ? mt_find+0x3ef/0xa30
[  363.706670][T10141]  ? __pfx___handle_mm_fault+0x10/0x10
[  363.706694][T10141]  ? __pfx_mt_find+0x10/0x10
[  363.706733][T10141]  ? find_vma+0xbf/0x140
[  363.706753][T10141]  ? __pfx_find_vma+0x10/0x10
[  363.706776][T10141]  handle_mm_fault+0x589/0xd10
[  363.706804][T10141]  ? trace_raw_output_exceptions+0x131/0x150
[  363.706835][T10141]  do_user_addr_fault+0x7a6/0x1370
[  363.706856][T10141]  ? rcu_is_watching+0x12/0xc0
[  363.706881][T10141]  exc_page_fault+0x5c/0xb0
[  363.706905][T10141]  asm_exc_page_fault+0x26/0x30
[  363.706922][T10141] RIP: 0010:__put_user_nocheck_4+0x3/0x10
[  363.706944][T10141] Code: d9 0f 01 cb 89 01 31 c9 0f 01 ca e9 87 68 03 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90
[  363.706961][T10141] RSP: 0018:ffffc9000cb279f8 EFLAGS: 00050293
[  363.706980][T10141] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00002000000004f0
[  363.706991][T10141] RDX: ffff888058602440 RSI: ffffffff8963b813 RDI: 0000000000000005
[  363.707002][T10141] RBP: ffffc9000cb27d98 R08: 0000000000000005 R09: 0000000000000000
[  363.707012][T10141] R10: 00000000000000f0 R11: 0000000000000000 R12: 0000000000000000
[  363.707022][T10141] R13: 00002000000004c0 R14: ffffc9000cb27ddc R15: 00000000000000f0
[  363.707042][T10141]  ? ____sys_recvmsg+0x2e3/0x6b0
[  363.707073][T10141]  ____sys_recvmsg+0x2ee/0x6b0
[  363.707104][T10141]  ? __pfx_____sys_recvmsg+0x10/0x10
[  363.707141][T10141]  ? __lock_acquire+0x62e/0x1ce0
[  363.707172][T10141]  ___sys_recvmsg+0x114/0x1a0
[  363.707199][T10141]  ? __pfx____sys_recvmsg+0x10/0x10
[  363.707225][T10141]  ? find_held_lock+0x2b/0x80
[  363.707264][T10141]  do_recvmmsg+0x2fe/0x750
[  363.707290][T10141]  ? __pfx_do_recvmmsg+0x10/0x10
[  363.707318][T10141]  ? __mutex_unlock_slowpath+0x161/0x7b0
[  363.707351][T10141]  ? __fget_files+0x20e/0x3c0
[  363.707377][T10141]  __x64_sys_recvmmsg+0x22a/0x280
[  363.707401][T10141]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  363.707432][T10141]  do_syscall_64+0xcd/0x4e0
[  363.707457][T10141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.707474][T10141] RIP: 0033:0x7f8664f8ec29
[  363.707488][T10141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.707503][T10141] RSP: 002b:00007f8665dcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  363.707519][T10141] RAX: ffffffffffffffda RBX: 00007f86651d5fa0 RCX: 00007f8664f8ec29
[  363.707530][T10141] RDX: 0000000000000f02 RSI: 00002000000004c0 RDI: 0000000000000004
[  363.707540][T10141] RBP: 00007f8665dcf090 R08: 0000000000000000 R09: 0000000000000000
[  363.707550][T10141] R10: 00000000000000f0 R11: 0000000000000246 R12: 0000000000000001
[  363.707560][T10141] R13: 00007f86651d6038 R14: 00007f86651d5fa0 R15: 00007ffd772bcb58
[  363.707585][T10141]  </TASK>
[  364.147953][    C0] vkms_vblank_simulate: vblank timer overrun
[  364.437651][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  364.444809][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  364.484478][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  364.491631][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  364.670630][ T5976] usb 3-1: USB disconnect, device number 45
[  365.381726][   T30] audit: type=1400 audit(1758339427.649:970): avc:  denied  { mount } for  pid=10164 comm="syz.2.1143" name="/" dev="afs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  365.540190][   T30] audit: type=1400 audit(1758339427.759:971): avc:  denied  { unmount } for  pid=5843 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  365.732096][ T9993] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  365.766922][ T9993] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  365.818733][   T30] audit: type=1400 audit(1758339428.079:972): avc:  denied  { bind } for  pid=10171 comm="syz.2.1145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  365.837925][    C0] vkms_vblank_simulate: vblank timer overrun
[  365.926866][T10181] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1146'.
[  366.305898][   T30] audit: type=1400 audit(1758339428.079:973): avc:  denied  { write } for  pid=10171 comm="syz.2.1145" path="socket:[28101]" dev="sockfs" ino=28101 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  366.404715][   T30] audit: type=1400 audit(1758339428.679:974): avc:  denied  { mount } for  pid=10184 comm="syz.4.1147" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  366.437861][   T30] audit: type=1400 audit(1758339428.679:975): avc:  denied  { ioctl } for  pid=10184 comm="syz.4.1147" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x2282 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  366.550974][   T30] audit: type=1400 audit(1758339428.829:976): avc:  denied  { unmount } for  pid=5844 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  366.571026][    C0] vkms_vblank_simulate: vblank timer overrun
[  366.804191][   T30] audit: type=1400 audit(1758339429.079:977): avc:  denied  { watch } for  pid=10195 comm="syz.2.1150" path="/203/file0" dev="tmpfs" ino=1102 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  366.844083][ T9993] 8021q: adding VLAN 0 to HW filter on device batadv0
[  366.889396][   T30] audit: type=1400 audit(1758339429.079:978): avc:  denied  { watch_sb watch_reads } for  pid=10195 comm="syz.2.1150" path="/203/file0" dev="tmpfs" ino=1102 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  367.020000][   T30] audit: type=1400 audit(1758339429.079:979): avc:  denied  { block_suspend } for  pid=10195 comm="syz.2.1150" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  367.041397][    C0] vkms_vblank_simulate: vblank timer overrun
[  367.626584][ T9993] veth0_vlan: entered promiscuous mode
[  367.640241][ T9993] veth1_vlan: entered promiscuous mode
[  368.182899][   T30] audit: type=1400 audit(1758339430.039:980): avc:  denied  { setopt } for  pid=10210 comm="syz.2.1154" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  368.280270][ T5888] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  368.294573][ T9993] veth0_macvtap: entered promiscuous mode
[  368.353427][ T9993] veth1_macvtap: entered promiscuous mode
[  368.473297][ T9993] batman_adv: batadv0: Interface activated: batadv_slave_0
[  368.510267][ T5888] usb 2-1: Using ep0 maxpacket: 32
[  368.574654][ T5888] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  368.636950][   T30] audit: type=1400 audit(1758339430.869:981): avc:  denied  { read } for  pid=10215 comm="syz.3.1155" name="nvram" dev="devtmpfs" ino=623 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  368.851208][ T5888] usb 2-1: config 0 has no interfaces?
[  368.876943][ T5888] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  369.123886][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.175778][ T9993] batman_adv: batadv0: Interface activated: batadv_slave_1
[  369.198587][ T5888] usb 2-1: config 0 descriptor??
[  369.223007][ T9993] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  369.275561][ T9993] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  369.333277][ T9993] wireguard: wg0: Could not create IPv4 socket
[  369.362282][ T9993] wireguard: wg1: Could not create IPv4 socket
[  369.379165][ T9993] wireguard: wg2: Could not create IPv4 socket
[  369.407471][T10226] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1157'.
[  369.695983][T10229] netlink: 'syz.2.1158': attribute type 5 has an invalid length.
[  369.850269][ T5972] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  370.039973][ T5972] usb 4-1: Using ep0 maxpacket: 8
[  370.084754][ T5972] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  370.252555][ T5972] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  370.310244][ T5972] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  370.348646][ T5972] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  370.399101][ T5972] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.572428][ T5972] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  370.622384][ T5972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.906565][ T5972] usb 4-1: usb_control_msg returned -32
[  370.930295][ T5972] usbtmc 4-1:16.0: can't read capabilities
[  370.971322][ T5972] usb 2-1: USB disconnect, device number 36
[  371.073168][ T5864] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  371.083466][ T5864] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  371.096997][ T5864] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  371.107641][ T5864] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  371.117495][ T5864] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  371.142896][T10234] Failed to initialize the IGMP autojoin socket (err -2)
[  371.706506][T10260] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1157'.
[  371.733453][T10257] usbtmc 4-1:16.0: usb_control_msg returned -32
[  371.733468][T10260] netlink: 'syz.3.1157': attribute type 5 has an invalid length.
[  371.758119][ T5960] usb 3-1: new high-speed USB device number 46 using dummy_hcd
[  371.780499][T10260] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1157'.
[  371.826434][T10260] geneve2: entered promiscuous mode
[  371.835149][T10260] geneve2: entered allmulticast mode
[  371.945865][ T5960] usb 3-1: Using ep0 maxpacket: 32
[  371.963013][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.992295][ T5960] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  372.029694][ T5960] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  372.063106][ T5960] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.099631][ T5960] usb 3-1: config 0 descriptor??
[  372.115789][ T5960] hub 3-1:0.0: USB hub found
[  372.145194][T10234] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  372.171063][T10234] netdevsim netdevsim5 netdevsim1: renamed from eth6
[  372.193002][T10234] netdevsim netdevsim5 netdevsim2: renamed from eth7
[  372.218909][T10234] netdevsim netdevsim5 netdevsim3: renamed from eth8
[  372.346681][ T5960] hub 3-1:0.0: 1 port detected
[  372.670359][ T5972] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  372.844238][ T5972] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  372.856986][ T5972] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  372.888861][ T5972] usb 2-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00
[  372.914336][ T5972] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.943776][ T5972] usb 2-1: config 0 descriptor??
[  372.975797][ T5972] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  373.012454][ T5904] usb 4-1: USB disconnect, device number 47
[  373.150087][ T5864] Bluetooth: hci3: command tx timeout
[  373.232906][    T9] usb 3-1: USB disconnect, device number 46
[  373.817602][T10234] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  373.887872][T10234] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  373.888193][   T30] kauditd_printk_skb: 16 callbacks suppressed
[  373.888204][   T30] audit: type=1400 audit(1758339436.159:998): avc:  denied  { listen } for  pid=10291 comm="syz.2.1167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  373.973880][   T30] audit: type=1400 audit(1758339436.209:999): avc:  denied  { accept } for  pid=10291 comm="syz.2.1167" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  374.001846][T10295] binder: 10291:10295 ioctl c0306201 200000000080 returned -14
[  374.025481][T10234] wireguard: wg0: Could not create IPv4 socket
[  374.065107][T10234] wireguard: wg1: Could not create IPv4 socket
[  374.105541][T10234] wireguard: wg2: Could not create IPv4 socket
[  375.581653][ T5972] usb 2-1: USB disconnect, device number 37
[  376.084270][T10328] netlink: 124 bytes leftover after parsing attributes in process `syz.2.1170'.
[  376.504503][T10341] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  376.516629][T10341] netlink: 216 bytes leftover after parsing attributes in process `syz.1.1172'.
[  376.525867][T10341] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1172'.
[  376.534884][T10341] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1172'.
[  377.760082][ T5888] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  377.934051][ T5888] usb 4-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=b7.de
[  377.953357][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.970023][ T5888] usb 4-1: Product: syz
[  377.983545][ T5888] usb 4-1: Manufacturer: syz
[  377.997503][ T5888] usb 4-1: SerialNumber: syz
[  378.016795][ T5888] usb 4-1: config 0 descriptor??
[  378.046810][ T5888] ttusb_dec_send_command: command bulk message failed: error -22
[  378.087570][ T5888] ttusb-dec 4-1:0.0: probe with driver ttusb-dec failed with error -22
[  378.109067][ T1298] ieee802154 phy0 wpan0: encryption failed: -22
[  378.115416][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  378.303214][T10353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.311899][T10353] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.340128][ T5888] usb 4-1: USB disconnect, device number 48
[  379.471918][   T30] audit: type=1400 audit(1758339441.679:1000): avc:  denied  { create } for  pid=10391 comm="syz.1.1179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmpvc_socket permissive=1
[  379.540164][ T5888] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  380.379868][ T5888] usb 4-1: Using ep0 maxpacket: 8
[  381.000013][ T5888] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  381.011744][ T5888] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  381.087522][ T5888] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  381.097690][ T5888] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  381.110880][ T5888] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  381.120098][ T5888] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.205609][T10467] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  381.215000][T10467] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  381.225887][T10467] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  381.252500][T10467] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  381.293890][T10467] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  381.355557][ T5888] usb 4-1: GET_CAPABILITIES returned 0
[  381.370242][ T5888] usbtmc 4-1:16.0: can't read capabilities
[  381.402211][T10463] Failed to initialize the IGMP autojoin socket (err -2)
[  381.624265][ T5888] usb 4-1: USB disconnect, device number 49
[  381.920074][    T9] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  382.114462][    T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  382.220431][T10485] overlayfs: failed to resolve './file0': -2
[  382.262627][    T9] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  382.331241][    T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  382.360815][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  382.369554][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  382.383331][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  382.394024][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  382.401429][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  382.621148][    T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  382.643227][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  382.656346][    T9] usb 2-1: Product: syz
[  382.664423][T10494] Failed to initialize the IGMP autojoin socket (err -2)
[  382.775232][    T9] usb 2-1: Manufacturer: syz
[  382.789902][    T9] usb 2-1: SerialNumber: syz
[  382.840062][ T5888] usb 3-1: new high-speed USB device number 47 using dummy_hcd
[  383.006097][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  383.020671][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  383.131787][ T5888] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  383.156164][   T30] audit: type=1400 audit(1758339445.429:1001): avc:  denied  { relabelfrom } for  pid=10494 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  383.190928][    T9] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 38 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  383.204552][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  383.268915][ T5888] usb 3-1: config 0 descriptor??
[  383.274613][   T30] audit: type=1400 audit(1758339445.459:1002): avc:  denied  { relabelto } for  pid=10494 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  383.462871][ T5864] Bluetooth: hci3: command tx timeout
[  383.467188][    T9] usb 2-1: USB disconnect, device number 38
[  383.636602][    T9] usblp0: removed
[  383.719404][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.733432][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.773892][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.795058][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.838216][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.877902][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.914452][ T5888] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  383.953918][ T5888] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  384.101734][ T5888] cp2112 0003:10C4:EA90.000F: Part Number: 0x00 Device Version: 0x00
[  384.127177][T10463] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  384.185422][ T7357] bridge_slave_1: left allmulticast mode
[  384.201069][ T7357] bridge_slave_1: left promiscuous mode
[  384.223098][ T7357] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.284138][ T7357] bridge_slave_0: left allmulticast mode
[  384.301551][ T7357] bridge_slave_0: left promiscuous mode
[  384.316264][ T7357] bridge0: port 1(bridge_slave_0) entered disabled state
[  384.667614][T10501] cp2112 0003:10C4:EA90.000F: Error starting transaction: -38
[  384.678646][ T5888] cp2112 0003:10C4:EA90.000F: error reading lock byte: -71
[  384.723355][ T5888] usb 3-1: USB disconnect, device number 47
[  385.012720][T10467] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  385.047162][T10467] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  385.055844][T10467] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  385.063714][T10467] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  385.072554][T10467] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  385.370955][ T7357] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  385.407539][ T7357] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  385.443451][ T7357] bond0 (unregistering): Released all slaves
[  385.464239][T10463] netdevsim netdevsim5 netdevsim1: renamed from eth7
[  385.541169][T10467] Bluetooth: hci3: command tx timeout
[  385.570617][T10534] Failed to initialize the IGMP autojoin socket (err -2)
[  385.591677][T10463] netdevsim netdevsim5 netdevsim2: renamed from eth8
[  385.601401][ T5888] usb 3-1: new full-speed USB device number 48 using dummy_hcd
[  385.764799][T10463] netdevsim netdevsim5 netdevsim3: renamed from eth11
[  385.795075][ T5888] usb 3-1: config index 0 descriptor too short (expected 19492, got 36)
[  385.800672][ T7357] tipc: Left network mode
[  385.817952][ T5888] usb 3-1: config 0 has too many interfaces: 36, using maximum allowed: 32
[  385.843072][ T5888] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 36
[  385.883531][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  385.902539][ T5888] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.937451][ T5888] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  385.951454][T10564] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  385.975634][ T5888] usb 3-1: New USB device found, idVendor=046d, idProduct=c225, bcdDevice= 0.00
[  385.986134][T10564] block device autoloading is deprecated and will be removed.
[  385.998503][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.020214][ T5888] usb 3-1: config 0 descriptor??
[  386.439587][ T5888] lg-g15 0003:046D:C225.0010: item fetching failed at offset 1/5
[  386.468300][ T5888] lg-g15 0003:046D:C225.0010: probe with driver lg-g15 failed with error -22
[  386.676154][ T7357] hsr_slave_0: left promiscuous mode
[  386.683602][ T7357] hsr_slave_1: left promiscuous mode
[  386.719951][ T7357] batman_adv: batadv0: Removing interface: batadv_slave_0
[  386.760224][ T7357] batman_adv: batadv0: Removing interface: batadv_slave_1
[  386.778880][ T5888] usb 3-1: USB disconnect, device number 48
[  387.196940][ T5864] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  387.205783][ T5864] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  387.214976][ T5864] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  387.223443][ T5864] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  387.231612][ T5864] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  387.620496][T10467] Bluetooth: hci3: command tx timeout
[  387.620948][ T7357] team0 (unregistering): Port device team_slave_1 removed
[  387.680638][ T5976] usb 3-1: new high-speed USB device number 49 using dummy_hcd
[  387.726517][ T7357] team0 (unregistering): Port device team_slave_0 removed
[  387.867381][ T5976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  387.884525][ T5976] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  387.928061][ T5976] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  387.975410][ T5976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  388.087578][ T5976] usb 3-1: config 0 descriptor??
[  388.226041][T10610] FAULT_INJECTION: forcing a failure.
[  388.226041][T10610] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  388.245443][T10610] CPU: 1 UID: 0 PID: 10610 Comm: syz.1.1200 Not tainted syzkaller #0 PREEMPT(full) 
[  388.245467][T10610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  388.245478][T10610] Call Trace:
[  388.245484][T10610]  <TASK>
[  388.245490][T10610]  dump_stack_lvl+0x16c/0x1f0
[  388.245522][T10610]  should_fail_ex+0x512/0x640
[  388.245548][T10610]  _copy_from_iter+0x29f/0x1720
[  388.245576][T10610]  ? __alloc_skb+0x200/0x380
[  388.245598][T10610]  ? __pfx__copy_from_iter+0x10/0x10
[  388.245625][T10610]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  388.245655][T10610]  netlink_sendmsg+0x829/0xdd0
[  388.245682][T10610]  ? __pfx_netlink_sendmsg+0x10/0x10
[  388.245715][T10610]  ____sys_sendmsg+0xa98/0xc70
[  388.245743][T10610]  ? copy_msghdr_from_user+0x10a/0x160
[  388.245764][T10610]  ? __pfx_____sys_sendmsg+0x10/0x10
[  388.245802][T10610]  ___sys_sendmsg+0x134/0x1d0
[  388.245825][T10610]  ? __pfx____sys_sendmsg+0x10/0x10
[  388.245879][T10610]  __sys_sendmsg+0x16d/0x220
[  388.245905][T10610]  ? __pfx___sys_sendmsg+0x10/0x10
[  388.245944][T10610]  do_syscall_64+0xcd/0x4e0
[  388.245969][T10610]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.245987][T10610] RIP: 0033:0x7f8664f8ec29
[  388.246001][T10610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.246018][T10610] RSP: 002b:00007f8665dcf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  388.246035][T10610] RAX: ffffffffffffffda RBX: 00007f86651d5fa0 RCX: 00007f8664f8ec29
[  388.246047][T10610] RDX: 0000000000000080 RSI: 00002000000002c0 RDI: 0000000000000003
[  388.246058][T10610] RBP: 00007f8665dcf090 R08: 0000000000000000 R09: 0000000000000000
[  388.246068][T10610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.246078][T10610] R13: 00007f86651d6038 R14: 00007f86651d5fa0 R15: 00007ffd772bcb58
[  388.246102][T10610]  </TASK>
[  388.657473][ T5976] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  388.665230][ T5976] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  388.677403][ T5976] cp2112 0003:10C4:EA90.0011: unknown main item tag 0x0
[  388.690223][ T5888] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  388.710079][ T5976] cp2112 0003:10C4:EA90.0011: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  388.749533][T10591] Failed to initialize the IGMP autojoin socket (err -2)
[  388.919463][ T5976] cp2112 0003:10C4:EA90.0011: Part Number: 0x00 Device Version: 0x00
[  388.930356][ T5888] usb 4-1: Using ep0 maxpacket: 16
[  388.952884][T10616] geneve2: entered promiscuous mode
[  388.953603][ T5888] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8
[  388.984221][ T5888] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  388.994288][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.021843][ T5888] usb 4-1: Product: syz
[  389.026093][T10616] geneve2: entered allmulticast mode
[  389.032724][ T5888] usb 4-1: Manufacturer: syz
[  389.065572][ T5888] usb 4-1: SerialNumber: syz
[  389.086466][ T5888] usb 4-1: config 0 descriptor??
[  389.100668][ T5888] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[  389.109751][ T5888] usb 4-1: Detected FT232R
[  389.115246][ T5976] cp2112 0003:10C4:EA90.0011: error requesting SMBus config
[  389.125395][ T5976] cp2112 0003:10C4:EA90.0011: probe with driver cp2112 failed with error -32
[  389.303295][ T5888] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  389.310473][ T5864] Bluetooth: hci0: command tx timeout
[  389.532545][ T5888] ftdi_sio 4-1:0.0: GPIO initialisation failed: -5
[  389.604521][ T5888] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  389.670423][T10463] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  389.696515][T10463] A link change request failed with some changes committed already. Interface geneve1 may have been left with an inconsistent configuration, please check.
[  389.719294][T10463] wireguard: wg0: Could not create IPv4 socket
[  389.727637][ T5864] Bluetooth: hci3: command tx timeout
[  389.824198][T10463] wireguard: wg1: Could not create IPv4 socket
[  389.832482][T10463] wireguard: wg2: Could not create IPv4 socket
[  390.040858][T10637] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  390.047391][T10637] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  390.135608][T10637] vhci_hcd vhci_hcd.0: Device attached
[  390.142524][T10641] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  390.243816][T10639] vhci_hcd: connection closed
[  390.248312][  T454] vhci_hcd: stop threads
[  390.264818][ T5976] usb 4-1: USB disconnect, device number 50
[  390.280339][  T454] vhci_hcd: release socket
[  390.288580][ T5976] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  390.331267][ T5888] vhci_hcd: vhci_device speed not set
[  390.347889][  T454] vhci_hcd: disconnect device
[  390.355310][ T5976] ftdi_sio 4-1:0.0: device disconnected
[  390.403658][ T5888] usb 39-1: new full-speed USB device number 3 using vhci_hcd
[  390.424248][ T5888] usb 39-1: enqueue for inactive port 0
[  390.498999][ T5960] usb 3-1: USB disconnect, device number 49
[  390.536075][ T5888] vhci_hcd: vhci_device speed not set
[  391.275034][T10652] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1204'.
[  391.464369][T10657] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  391.535034][T10657] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  391.547037][T10657] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  391.555734][T10657] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  391.563234][T10657] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  391.645364][T10656] Failed to initialize the IGMP autojoin socket (err -2)
[  391.845364][T10671] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1208'.
[  391.860417][T10667] netlink: 'syz.1.1206': attribute type 1 has an invalid length.
[  391.874687][T10671] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1208'.
[  392.901064][T10656] netdevsim netdevsim5 netdevsim0: renamed from eth5
[  392.934525][   T92] usb 3-1: new high-speed USB device number 50 using dummy_hcd
[  392.937090][T10656] netdevsim netdevsim5 netdevsim1: renamed from eth7
[  392.982872][T10656] netdevsim netdevsim5 netdevsim2: renamed from eth8
[  393.007914][T10656] netdevsim netdevsim5 netdevsim3: renamed from eth11
[  393.137147][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.168446][   T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.198924][   T92] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  393.263686][   T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.296686][   T92] usb 3-1: config 0 descriptor??
[  393.460053][    C0] ==================================================================
[  393.468141][    C0] BUG: KASAN: slab-use-after-free in rose_t0timer_expiry+0x114/0x150
[  393.476211][    C0] Write of size 1 at addr ffff8880569e3435 by task syz.3.1212/10695
[  393.484177][    C0] 
[  393.486492][    C0] CPU: 0 UID: 0 PID: 10695 Comm: syz.3.1212 Not tainted syzkaller #0 PREEMPT(full) 
[  393.486516][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  393.486526][    C0] Call Trace:
[  393.486533][    C0]  <IRQ>
[  393.486540][    C0]  dump_stack_lvl+0x116/0x1f0
[  393.486567][    C0]  print_report+0xcd/0x630
[  393.486588][    C0]  ? __virt_addr_valid+0x81/0x610
[  393.486612][    C0]  ? __phys_addr+0xe8/0x180
[  393.486635][    C0]  ? rose_t0timer_expiry+0x114/0x150
[  393.486658][    C0]  kasan_report+0xe0/0x110
[  393.486679][    C0]  ? rose_t0timer_expiry+0x114/0x150
[  393.486706][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  393.486731][    C0]  rose_t0timer_expiry+0x114/0x150
[  393.486756][    C0]  call_timer_fn+0x197/0x620
[  393.486787][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  393.486817][    C0]  ? rcu_is_watching+0x12/0xc0
[  393.486839][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  393.486865][    C0]  __run_timers+0x6ef/0x960
[  393.486895][    C0]  ? __pfx___run_timers+0x10/0x10
[  393.486928][    C0]  run_timer_base+0x114/0x190
[  393.486944][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  393.486971][    C0]  ? rcu_is_watching+0x12/0xc0
[  393.486994][    C0]  run_timer_softirq+0x1a/0x40
[  393.487010][    C0]  handle_softirqs+0x219/0x8e0
[  393.487035][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  393.487059][    C0]  __irq_exit_rcu+0x109/0x170
[  393.487080][    C0]  irq_exit_rcu+0x9/0x30
[  393.487101][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  393.487124][    C0]  </IRQ>
[  393.487130][    C0]  <TASK>
[  393.487136][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  393.487158][    C0] RIP: 0010:lock_release+0x183/0x2f0
[  393.487186][    C0] Code: 0f c1 05 f8 4d 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d 0c 3f 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
[  393.487203][    C0] RSP: 0018:ffffc9000458eef0 EFLAGS: 00000206
[  393.487219][    C0] RAX: 6a3b0bf03f2b6b00 RBX: ffffffff8e5c15a0 RCX: ffffc9000458eefc
[  393.487231][    C0] RDX: 0000000000000000 RSI: ffffffff8de2d7a0 RDI: ffffffff8c163380
[  393.487243][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  393.487254][    C0] R10: 0000000000000000 R11: 0000000000006b1a R12: ffffffff816af8a4
[  393.487266][    C0] R13: 0000000000000202 R14: ffff888079510000 R15: 0000000000000001
[  393.487279][    C0]  ? unwind_next_frame+0x3f4/0x20a0
[  393.487308][    C0]  unwind_next_frame+0x3f9/0x20a0
[  393.487327][    C0]  ? __unwind_start+0x574/0x7f0
[  393.487349][    C0]  __unwind_start+0x45f/0x7f0
[  393.487370][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  393.487396][    C0]  arch_stack_walk+0x73/0x100
[  393.487419][    C0]  ? arch_stack_walk+0x73/0x100
[  393.487442][    C0]  stack_trace_save+0x8e/0xc0
[  393.487464][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  393.487488][    C0]  ? __lock_acquire+0x62e/0x1ce0
[  393.487517][    C0]  save_stack+0x160/0x1f0
[  393.487533][    C0]  ? __pfx_save_stack+0x10/0x10
[  393.487555][    C0]  ? page_ext_put+0x3e/0xd0
[  393.487575][    C0]  __reset_page_owner+0x84/0x1a0
[  393.487593][    C0]  free_unref_folios+0xa61/0x16b0
[  393.487613][    C0]  ? rcu_is_watching+0x12/0xc0
[  393.487634][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  393.487658][    C0]  folios_put_refs+0x56f/0x740
[  393.487681][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[  393.487703][    C0]  ? folio_batch_remove_exceptionals+0x115/0x1a0
[  393.487728][    C0]  shmem_undo_range+0x58f/0x1150
[  393.487751][    C0]  ? __pfx_shmem_undo_range+0x10/0x10
[  393.487784][    C0]  ? find_held_lock+0x2b/0x80
[  393.487807][    C0]  ? is_bpf_text_address+0x8a/0x1a0
[  393.487827][    C0]  ? bpf_ksym_find+0x127/0x1c0
[  393.487859][    C0]  ? stack_trace_save+0x8e/0xc0
[  393.487881][    C0]  ? percpu_counter_add_batch+0xb8/0x1f0
[  393.487905][    C0]  shmem_evict_inode+0x3a1/0xbe0
[  393.487927][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  393.487946][    C0]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  393.487976][    C0]  ? find_held_lock+0x2b/0x80
[  393.487999][    C0]  ? evict+0x3a2/0x920
[  393.488022][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  393.488041][    C0]  evict+0x3e3/0x920
[  393.488066][    C0]  ? __pfx_evict+0x10/0x10
[  393.488092][    C0]  ? iput+0x519/0x880
[  393.488118][    C0]  iput+0x521/0x880
[  393.488140][    C0]  ? __pfx_generic_delete_inode+0x10/0x10
[  393.488160][    C0]  dentry_unlink_inode+0x29c/0x480
[  393.488184][    C0]  __dentry_kill+0x1d0/0x600
[  393.488209][    C0]  dput.part.0+0x4b1/0x9b0
[  393.488234][    C0]  dput+0x1f/0x30
[  393.488257][    C0]  __fput+0x51c/0xb70
[  393.488281][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  393.488302][    C0]  task_work_run+0x150/0x240
[  393.488321][    C0]  ? __pfx_task_work_run+0x10/0x10
[  393.488341][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  393.488363][    C0]  do_exit+0x86f/0x2bf0
[  393.488388][    C0]  ? __pfx___might_resched+0x10/0x10
[  393.488413][    C0]  ? __pfx_do_exit+0x10/0x10
[  393.488439][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  393.488456][    C0]  ? find_held_lock+0x2b/0x80
[  393.488479][    C0]  do_group_exit+0xd3/0x2a0
[  393.488506][    C0]  get_signal+0x2673/0x26d0
[  393.488530][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  393.488555][    C0]  ? __pfx_get_signal+0x10/0x10
[  393.488580][    C0]  arch_do_signal_or_restart+0x8f/0x7d0
[  393.488603][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  393.488630][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  393.488656][    C0]  exit_to_user_mode_loop+0x84/0x110
[  393.488677][    C0]  do_syscall_64+0x41c/0x4e0
[  393.488702][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  393.488719][    C0] RIP: 0033:0x7f6ae558ec29
[  393.488732][    C0] Code: Unable to access opcode bytes at 0x7f6ae558ebff.
[  393.488740][    C0] RSP: 002b:00007f6ae6354038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  393.488757][    C0] RAX: 0000000000010106 RBX: 00007f6ae57d6090 RCX: 00007f6ae558ec29
[  393.488774][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  393.488785][    C0] RBP: 00007f6ae5611e41 R08: 0000000000000000 R09: 0000000000000000
[  393.488797][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  393.488807][    C0] R13: 00007f6ae57d6128 R14: 00007f6ae57d6090 R15: 00007ffc44639248
[  393.488826][    C0]  </TASK>
[  393.488832][    C0] 
[  393.549886][   T30] audit: type=1400 audit(1758339455.819:1003): avc:  denied  { write } for  pid=5833 comm="syz-executor" path="pipe:[4779]" dev="pipefs" ino=4779 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  393.553257][    C0] Allocated by task 7892:
[  393.553268][    C0]  kasan_save_stack+0x33/0x60
[  394.114830][    C0]  kasan_save_track+0x14/0x30
[  394.119489][    C0]  __kasan_kmalloc+0xaa/0xb0
[  394.124064][    C0]  rose_rt_ioctl+0x880/0x2580
[  394.128717][    C0]  rose_ioctl+0x64d/0x7d0
[  394.133023][    C0]  sock_do_ioctl+0x118/0x280
[  394.137596][    C0]  sock_ioctl+0x227/0x6b0
[  394.141897][    C0]  __x64_sys_ioctl+0x18e/0x210
[  394.146643][    C0]  do_syscall_64+0xcd/0x4e0
[  394.151127][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  394.156997][    C0] 
[  394.159296][    C0] Freed by task 10720:
[  394.163333][    C0]  kasan_save_stack+0x33/0x60
[  394.167986][    C0]  kasan_save_track+0x14/0x30
[  394.172638][    C0]  kasan_save_free_info+0x3b/0x60
[  394.177645][    C0]  __kasan_slab_free+0x60/0x70
[  394.182387][    C0]  kfree+0x2b4/0x4d0
[  394.186270][    C0]  rose_timer_expiry+0x53f/0x630
[  394.191193][    C0]  call_timer_fn+0x197/0x620
[  394.195774][    C0]  __run_timers+0x6ef/0x960
[  394.200263][    C0]  run_timer_base+0x114/0x190
[  394.204919][    C0]  run_timer_softirq+0x1a/0x40
[  394.209659][    C0]  handle_softirqs+0x219/0x8e0
[  394.214421][    C0]  __irq_exit_rcu+0x109/0x170
[  394.219082][    C0]  irq_exit_rcu+0x9/0x30
[  394.223312][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  394.228928][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  394.234899][    C0] 
[  394.237200][    C0] The buggy address belongs to the object at ffff8880569e3400
[  394.237200][    C0]  which belongs to the cache kmalloc-512 of size 512
[  394.251229][    C0] The buggy address is located 53 bytes inside of
[  394.251229][    C0]  freed 512-byte region [ffff8880569e3400, ffff8880569e3600)
[  394.264913][    C0] 
[  394.267217][    C0] The buggy address belongs to the physical page:
[  394.273600][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x569e0
[  394.282333][    C0] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  394.290805][    C0] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  394.298763][    C0] page_type: f5(slab)
[  394.302723][    C0] raw: 00fff00000000040 ffff88801b841c80 0000000000000000 dead000000000001
[  394.311282][    C0] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  394.319842][    C0] head: 00fff00000000040 ffff88801b841c80 0000000000000000 dead000000000001
[  394.328489][    C0] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  394.337135][    C0] head: 00fff00000000002 ffffea00015a7801 00000000ffffffff 00000000ffffffff
[  394.345781][    C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  394.354426][    C0] page dumped because: kasan: bad access detected
[  394.360809][    C0] page_owner tracks the page as allocated
[  394.366493][    C0] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5844, tgid 5844 (syz-executor), ts 66287574491, free_ts 15197057508
[  394.387831][    C0]  post_alloc_hook+0x1c0/0x230
[  394.392581][    C0]  get_page_from_freelist+0x132b/0x38e0
[  394.398103][    C0]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  394.403972][    C0]  alloc_pages_mpol+0x1fb/0x550
[  394.408798][    C0]  new_slab+0x247/0x330
[  394.412934][    C0]  ___slab_alloc+0xcf2/0x1750
[  394.417591][    C0]  __slab_alloc.constprop.0+0x56/0xb0
[  394.422946][    C0]  __kmalloc_cache_noprof+0xfb/0x3e0
[  394.428220][    C0]  __ipv6_dev_mc_inc+0x2f1/0xbc0
[  394.433137][    C0]  br_multicast_join_snoopers+0xcb/0x120
[  394.438752][    C0]  br_dev_open+0x112/0x150
[  394.443412][    C0]  __dev_open+0x2e7/0x7c0
[  394.447732][    C0]  __dev_change_flags+0x55d/0x720
[  394.452746][    C0]  netif_change_flags+0x8d/0x160
[  394.457678][    C0]  do_setlink.constprop.0+0xb53/0x4380
[  394.463123][    C0]  rtnl_newlink+0x1446/0x2000
[  394.467786][    C0] page last free pid 1 tgid 1 stack trace:
[  394.473564][    C0]  __free_frozen_pages+0x7d5/0x10f0
[  394.478750][    C0]  free_contig_range+0x183/0x4b0
[  394.483674][    C0]  destroy_args+0x794/0xc10
[  394.488165][    C0]  debug_vm_pgtable+0x1a32/0x3640
[  394.493165][    C0]  do_one_initcall+0x120/0x6e0
[  394.497907][    C0]  kernel_init_freeable+0x5c2/0x910
[  394.503087][    C0]  kernel_init+0x1c/0x2b0
[  394.507394][    C0]  ret_from_fork+0x56a/0x730
[  394.511974][    C0]  ret_from_fork_asm+0x1a/0x30
[  394.516720][    C0] 
[  394.519019][    C0] Memory state around the buggy address:
[  394.524622][    C0]  ffff8880569e3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  394.532658][    C0]  ffff8880569e3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  394.540703][    C0] >ffff8880569e3400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.548767][    C0]                                      ^
[  394.554374][    C0]  ffff8880569e3480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.562412][    C0]  ffff8880569e3500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  394.570448][    C0] ==================================================================
[  394.578608][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  394.585795][    C0] CPU: 0 UID: 0 PID: 10695 Comm: syz.3.1212 Not tainted syzkaller #0 PREEMPT(full) 
[  394.595155][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  394.605199][    C0] Call Trace:
[  394.608472][    C0]  <IRQ>
[  394.611307][    C0]  dump_stack_lvl+0x3d/0x1f0
[  394.615897][    C0]  vpanic+0x6e8/0x7a0
[  394.619877][    C0]  ? handle_edge_irq+0x196/0x9e0
[  394.624808][    C0]  ? __pfx_vpanic+0x10/0x10
[  394.629316][    C0]  ? rose_t0timer_expiry+0x114/0x150
[  394.634600][    C0]  panic+0xca/0xd0
[  394.638310][    C0]  ? __pfx_panic+0x10/0x10
[  394.642731][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  394.647838][    C0]  check_panic_on_warn+0xab/0xb0
[  394.652771][    C0]  end_report+0x107/0x170
[  394.657092][    C0]  kasan_report+0xee/0x110
[  394.661505][    C0]  ? rose_t0timer_expiry+0x114/0x150
[  394.666797][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  394.672428][    C0]  rose_t0timer_expiry+0x114/0x150
[  394.677541][    C0]  call_timer_fn+0x197/0x620
[  394.682134][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  394.687250][    C0]  ? rcu_is_watching+0x12/0xc0
[  394.692011][    C0]  ? __pfx_rose_t0timer_expiry+0x10/0x10
[  394.697648][    C0]  __run_timers+0x6ef/0x960
[  394.702159][    C0]  ? __pfx___run_timers+0x10/0x10
[  394.707192][    C0]  run_timer_base+0x114/0x190
[  394.711856][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  394.717059][    C0]  ? rcu_is_watching+0x12/0xc0
[  394.721817][    C0]  run_timer_softirq+0x1a/0x40
[  394.726590][    C0]  handle_softirqs+0x219/0x8e0
[  394.731353][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  394.736637][    C0]  __irq_exit_rcu+0x109/0x170
[  394.741310][    C0]  irq_exit_rcu+0x9/0x30
[  394.745549][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  394.751176][    C0]  </IRQ>
[  394.754096][    C0]  <TASK>
[  394.757015][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  394.762985][    C0] RIP: 0010:lock_release+0x183/0x2f0
[  394.768257][    C0] Code: 0f c1 05 f8 4d 3f 12 83 f8 01 0f 85 1d 01 00 00 9c 58 f6 c4 02 0f 85 08 01 00 00 41 f7 c5 00 02 00 00 74 01 fb 48 8b 44 24 10 <65> 48 2b 05 0d 0c 3f 12 0f 85 58 01 00 00 48 83 c4 18 5b 41 5c 41
[  394.787841][    C0] RSP: 0018:ffffc9000458eef0 EFLAGS: 00000206
[  394.793887][    C0] RAX: 6a3b0bf03f2b6b00 RBX: ffffffff8e5c15a0 RCX: ffffc9000458eefc
[  394.801836][    C0] RDX: 0000000000000000 RSI: ffffffff8de2d7a0 RDI: ffffffff8c163380
[  394.809784][    C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[  394.817737][    C0] R10: 0000000000000000 R11: 0000000000006b1a R12: ffffffff816af8a4
[  394.825692][    C0] R13: 0000000000000202 R14: ffff888079510000 R15: 0000000000000001
[  394.833643][    C0]  ? unwind_next_frame+0x3f4/0x20a0
[  394.838831][    C0]  unwind_next_frame+0x3f9/0x20a0
[  394.843851][    C0]  ? __unwind_start+0x574/0x7f0
[  394.848684][    C0]  __unwind_start+0x45f/0x7f0
[  394.853339][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  394.859480][    C0]  arch_stack_walk+0x73/0x100
[  394.864146][    C0]  ? arch_stack_walk+0x73/0x100
[  394.868990][    C0]  stack_trace_save+0x8e/0xc0
[  394.873649][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  394.879003][    C0]  ? __lock_acquire+0x62e/0x1ce0
[  394.883926][    C0]  save_stack+0x160/0x1f0
[  394.888232][    C0]  ? __pfx_save_stack+0x10/0x10
[  394.893060][    C0]  ? page_ext_put+0x3e/0xd0
[  394.897540][    C0]  __reset_page_owner+0x84/0x1a0
[  394.902456][    C0]  free_unref_folios+0xa61/0x16b0
[  394.907461][    C0]  ? rcu_is_watching+0x12/0xc0
[  394.912203][    C0]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  394.917989][    C0]  folios_put_refs+0x56f/0x740
[  394.922733][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[  394.928003][    C0]  ? folio_batch_remove_exceptionals+0x115/0x1a0
[  394.934313][    C0]  shmem_undo_range+0x58f/0x1150
[  394.939232][    C0]  ? __pfx_shmem_undo_range+0x10/0x10
[  394.944586][    C0]  ? find_held_lock+0x2b/0x80
[  394.949242][    C0]  ? is_bpf_text_address+0x8a/0x1a0
[  394.954421][    C0]  ? bpf_ksym_find+0x127/0x1c0
[  394.959170][    C0]  ? stack_trace_save+0x8e/0xc0
[  394.964002][    C0]  ? percpu_counter_add_batch+0xb8/0x1f0
[  394.969614][    C0]  shmem_evict_inode+0x3a1/0xbe0
[  394.974531][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  394.979968][    C0]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  394.986017][    C0]  ? find_held_lock+0x2b/0x80
[  394.990672][    C0]  ? evict+0x3a2/0x920
[  394.994723][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  395.000163][    C0]  evict+0x3e3/0x920
[  395.004038][    C0]  ? __pfx_evict+0x10/0x10
[  395.008436][    C0]  ? iput+0x519/0x880
[  395.012400][    C0]  iput+0x521/0x880
[  395.016190][    C0]  ? __pfx_generic_delete_inode+0x10/0x10
[  395.021886][    C0]  dentry_unlink_inode+0x29c/0x480
[  395.026977][    C0]  __dentry_kill+0x1d0/0x600
[  395.031548][    C0]  dput.part.0+0x4b1/0x9b0
[  395.035946][    C0]  dput+0x1f/0x30
[  395.039560][    C0]  __fput+0x51c/0xb70
[  395.043522][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  395.048699][    C0]  task_work_run+0x150/0x240
[  395.053269][    C0]  ? __pfx_task_work_run+0x10/0x10
[  395.058357][    C0]  ? do_raw_spin_unlock+0x172/0x230
[  395.063533][    C0]  do_exit+0x86f/0x2bf0
[  395.067673][    C0]  ? __pfx___might_resched+0x10/0x10
[  395.072939][    C0]  ? __pfx_do_exit+0x10/0x10
[  395.077512][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  395.082513][    C0]  ? find_held_lock+0x2b/0x80
[  395.087170][    C0]  do_group_exit+0xd3/0x2a0
[  395.091657][    C0]  get_signal+0x2673/0x26d0
[  395.096141][    C0]  ? __pfx_do_recvmmsg+0x10/0x10
[  395.101061][    C0]  ? __pfx_get_signal+0x10/0x10
[  395.105893][    C0]  arch_do_signal_or_restart+0x8f/0x7d0
[  395.111420][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  395.117557][    C0]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  395.123085][    C0]  exit_to_user_mode_loop+0x84/0x110
[  395.128348][    C0]  do_syscall_64+0x41c/0x4e0
[  395.132922][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.138793][    C0] RIP: 0033:0x7f6ae558ec29
[  395.143184][    C0] Code: Unable to access opcode bytes at 0x7f6ae558ebff.
[  395.150174][    C0] RSP: 002b:00007f6ae6354038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  395.158563][    C0] RAX: 0000000000010106 RBX: 00007f6ae57d6090 RCX: 00007f6ae558ec29
[  395.166510][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  395.174458][    C0] RBP: 00007f6ae5611e41 R08: 0000000000000000 R09: 0000000000000000
[  395.182405][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  395.190353][    C0] R13: 00007f6ae57d6128 R14: 00007f6ae57d6090 R15: 00007ffc44639248
[  395.198306][    C0]  </TASK>
[  395.201485][    C0] Kernel Offset: disabled
[  395.205784][    C0] Rebooting in 86400 seconds..