last executing test programs:

9m36.326624438s ago: executing program 1 (id=188):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r1, 0x0, 0x36}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x22903)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00')
preadv(r6, &(0x7f0000000100)=[{&(0x7f0000000000)=""/250, 0xfa}], 0x1, 0x185, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0x1b0, 0xc2, 0x6, 0x28c10, 0xffffffffffffffff, 0x400, '\x00', 0x0, r6, 0x2, 0x5, 0x1, 0xf}, 0x50)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x44, r5, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x8c, 0x30, 0x1, 0x1000, 0x25dfdbfc, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4, 0x20}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

9m32.628290449s ago: executing program 1 (id=196):
syz_io_uring_setup(0x110, 0x0, 0x0, 0x0)
syz_usb_connect(0x5, 0xf4, &(0x7f0000000700)=ANY=[@ANYBLOB="120110014c306f10da0b38011230010203010902e20002a60000000904b10403d7b5d25b09210400020122c705090500100004f40804072501832f08000905000040008103ff0905091b08000c078009042201040e010003090509000000030004090502020002f7810671300c458e9532438d4aae3ef0c9bf5c520b1aaab11a8cae9a60c3160adc1dfedebf5a6ead8834c7780c2eb777ef0caf96cd8b3b77f357f4aa1b662ab40651e6ae8cc63dd9f6e2d24afaed81a927ca2e0354281cfeffffffffffffffbf09aac591308e5c0c3c419bb288a21890e1af4af409050303ff030840040705a6c6415a9f09058503"], 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000042c0)='fdinfo/3\x00')
setreuid(0x0, 0xee00)
open_tree(0xffffffffffffffff, 0x0, 0x0)
setxattr$security_capability(0x0, &(0x7f0000000080), &(0x7f0000000180)=@v3={0x3000000, [{0xfec0, 0xb962}, {0x1, 0x3ff}]}, 0x18, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)

9m31.472209086s ago: executing program 2 (id=197):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], &(0x7f0000000300)=""/174, 0x35, 0xae, 0x1, 0x1}, 0x28)
bind$vsock_stream(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x5)
r0 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r0, &(0x7f0000000080), 0x10)
connect$pppl2tp(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r1}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
ioprio_set$pid(0x2, 0x0, 0x0)

9m30.486691878s ago: executing program 2 (id=201):
r0 = fsopen(&(0x7f00000005c0)='cramfs\x00', 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @broadcast}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000000)='cdg', 0x3)
sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10)
recvfrom(r1, &(0x7f0000000480)=""/110, 0x168f6f3d, 0x734, 0x0, 0xfffffffffffffecb)
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r3 = creat(&(0x7f00000002c0)='./file0\x00', 0xc6)
r4 = open$dir(&(0x7f0000000080)='./file0\x00', 0x2, 0x0)
r5 = syz_open_procfs$userns(0x0, &(0x7f00000000c0))
setns(r5, 0x10000000)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r4, 0x0)
syz_open_dev$MSR(&(0x7f0000000040), 0xa, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94)
write$P9_RVERSION(r3, &(0x7f0000000c40)=ANY=[], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r6, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], &(0x7f0000000180)=[0x2], 0x0, 0x1, 0x1}}, 0x40)
mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2000006, 0x12, r2, 0x80000000000000)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x44000)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r3, 0x89f3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

9m30.349247879s ago: executing program 1 (id=202):
mkdirat(0xffffffffffffff9c, 0x0, 0x10a)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0xf691, 0x10100, 0xfffffffe, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0)

9m29.155925788s ago: executing program 1 (id=208):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r4, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000002180)='z', 0x1}], 0x1}}], 0x3, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r6, &(0x7f0000000140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_DIRENT(r6, &(0x7f00000022c0)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r7, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e805000000000000000e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebafe23e66a44610c0c6003d17"], 0x1e0)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmmsg(r9, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r8, r5, 0x0, 0x578410eb)

9m27.587159945s ago: executing program 2 (id=211):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x8040010)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x0, 0x0, 0xf5000000}, 0x0)

9m27.428156778s ago: executing program 2 (id=215):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f00000005c0)={&(0x7f0000000380)={0x2, 0x4e22, @empty}, 0x10, 0x0, 0x0, &(0x7f0000000100)=[@ip_ttl={{0x14, 0x0, 0x34, 0x254c}}], 0x18}, 0x24008004) (async)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f0000000040)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, @printk={@lu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xb4}}, @ldst={0x0, 0x2, 0x1, 0x3, 0x5, 0xfffffffffffffff0, 0x8}], &(0x7f00000000c0)='syzkaller\x00', 0xe, 0xc, &(0x7f0000000140)=""/12, 0x41100, 0x60, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x0, 0x5}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x7, 0x4, 0x4d5}, 0x10, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000200)=[{0x3, 0x5, 0xb, 0x7}, {0x0, 0x1, 0xa, 0xa}, {0x0, 0x1, 0xe}, {0x0, 0x5, 0x4, 0xb}, {0x3, 0x4, 0x0, 0x9}, {0x1, 0x1, 0x8, 0xb}, {0x3, 0x3, 0xa, 0x8}], 0x10, 0x5}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='cq_reschedule\x00', r1, 0x0, 0x81}, 0x18) (async)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)

9m27.189515426s ago: executing program 2 (id=216):
r0 = openat$comedi(0xffffff9c, &(0x7f00000001c0)='/dev/comedi3\x00', 0x2300, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x1010000, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="135b55e3089ac584ddcd0869f9ccb041c140006aaf0292", @ANYRESHEX=r0, @ANYBLOB=',\x00'])
execveat(r2, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000400)={[&(0x7f0000000340)='(\xc5){:,}-\x00']}, &(0x7f0000000580)={[&(0x7f0000000440)='wfdno', &(0x7f00000004c0)='9p\x00', &(0x7f0000000500)='rfdno', &(0x7f0000000540)='#\x00']}, 0x400)
ioctl$COMEDI_INSN(r0, 0x8028640c, &(0x7f0000000000)={0x4000000, 0x0, 0x0, 0x0, 0x4})
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x40300, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x1fe, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x2, 0xa, 0xfffffffffffffffd, 0x0, 0x3, 0x0, 0x4002004ca, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x0, 0x80000004000000, 0x200000000c], 0xffff1000, 0x2010d3})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb01001800000000000000280000002800000003000000010000000000000e0300000000000000000000000000000d000000000000000000000002010000000061"], 0x0, 0x43, 0x0, 0x1}, 0x28)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf)
mount$nfs(&(0x7f0000000600)='\x00', &(0x7f0000000640)='./file0\x00', &(0x7f0000000680), 0x2160861, &(0x7f0000000840)=ANY=[@ANYBLOB="142c7569643e", @ANYRESDEC, @ANYBLOB=',\x00'])
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000480)="c1", 0x1}], 0x2)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x4c8002, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000002c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f0000000100)={{0x1}})
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x640, 0x0)
ioctl$SNDRV_TIMER_IOCTL_INFO(r7, 0x80585414, 0xffffffffffffffff)
accept4$ax25(r3, &(0x7f0000000240)={{0x3, @netrom}, [@bcast, @default, @rose, @null, @remote, @default, @remote, @bcast]}, &(0x7f0000000100)=0x48, 0xc0800)

9m26.207759704s ago: executing program 1 (id=219):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000006040)={0x34, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_TAGLST={0x4}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}, @NLBL_CIPSOV4_A_DOI={0x8}, @NLBL_CIPSOV4_A_MLSLVLLST={0x4}, @NLBL_CIPSOV4_A_MLSCATLST={0x8, 0xc, 0x0, 0x1, [{0x4}]}]}, 0x34}}, 0x20000810) (fail_nth: 1)

9m25.637415869s ago: executing program 1 (id=221):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100ffffffff"})
mkdirat(r1, 0x0, 0x2)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>r0}, './file1\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f0000000000)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000096010006010083000000002a90a027b3ff82e875988b147043022effffb3"], 0x0}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_usb_connect$cdc_ecm(0x2, 0x82, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x70, 0x1, 0x1, 0x1, 0x30, 0xbb, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x2, 0x6, 0x0, 0x39, {{0xa, 0x24, 0x6, 0x0, 0x0, "d2bf3c703e"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x80, 0x6, 0x3}, [@mbim={0xc, 0x24, 0x1b, 0xf472, 0x6000, 0x3, 0x5, 0x80, 0x5}, @obex={0x5, 0x24, 0x15, 0xf}, @network_terminal={0x7, 0x24, 0xa, 0x8, 0xfb, 0x9, 0x7e}, @acm={0x4, 0x24, 0x2, 0x3}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @ncm={0x6, 0x24, 0x1a, 0x7, 0x1e}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x3, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x2, 0x8, 0xf}}}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x200, 0xb, 0x9, 0x3, 0x40, 0x7}, 0x2b, &(0x7f0000000300)={0x5, 0xf, 0x2b, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x8, 0x20, 0x862, 0xa}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x3, 0x7, 0x8000}, @ptm_cap={0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x28, 0x6, 0x7, 0x1, 0x8}]}, 0x7, [{0x0, 0x0}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x809}}, {0xe3, &(0x7f00000003c0)=@string={0xe3, 0x3, "0f8d217581f5dee7e4f79fa2e6a653da3d6f03b4d4fddd480c06f5bd8a390c438e29de2ecf269a587d2be433fa4b005d37d4e281847e892d63d4b1faee32b9748f6a161d22a7f071df8f5699a49b50eeb35aeb6a490e8088c3e8a75124806d192022d105709c9e5aafc3b2b39e384724b7dab0fddcb54565c9f96aaedb3698004bfa982efff44e51e9ce0c0f8ed869a10cc87c5daff603bb1e319152fa2a15db44406d9108ef1d13be435f4ec5f5fd880c9ade3e19b25d53d7b3ff33bb54e02e5cb3895aa1c7d0de5713daad779b490b013f185338df21a2cf119c23f1de686769"}}, {0xc2, &(0x7f00000004c0)=@string={0xc2, 0x3, "a865a52f175350646273ff2d61d622b825bc9ea6e169ea68864e92ac0d8368e46e8a559b093dd17838bdd9182f1830900e48707090111a0a4384458b386379959036d4d52c5546a97d5c4a8bc3bc847b63a75e4a69f5782bb700d4029b1815d5722586ba04c16875376af7ba76f62139ded992200a12878f7a33ea5df53f6cb6c43efded1fe23f4244e0d4df8a7c3908ade76d800113eb98e4c7bb1bca531a12cdc746557a6a6c253f372f52671fdea15494585e6a1d85eaeb8915b5cdae71d7"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x44b}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x810}}, {0x43, &(0x7f0000000700)=@string={0x43, 0x3, "26314a3287130510bc5eea8cdc695120782e949b0d8c0144b05f0b079567f09365ab81939947e189301287b0e0abb019d35395630539a23a5efaa4d53205e489f4"}}]})
syz_usb_control_io$cdc_ecm(r7, &(0x7f0000000940)={0x14, &(0x7f0000000800)=ANY=[@ANYBLOB="0005c8000000c8057c0219493a3c2033df89224c3c3c5f47040ae3dbc2c461062e1869652ae217d0e872c4b06ccef3f2598196d0c8901ea0bddbc5ab41eeebe2596cb8c542a0fe0cab2fcc7c1f52e6d95f186aab431561339d30e6417dbe4fdc137a84dceb771618c5be89c0ecf92de254705960aa1469940c4a03e2dc6d784f886ffebeb94b5fa205659865340d369942ff90fe4bd7999cfb2a1a0674589edeb3c79a6885418592c574e8b504c2203bda3c70a038f87f58bb253c7cc607e90f7af543b4b3aec3d0a5e24bc6b9af"], &(0x7f0000000900)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a40)={0x1c, &(0x7f0000000980)={0x0, 0x17, 0x33, "b01fe7f80b528f001f9359f9d27c6753f017097b28bda9280dc9c956518136cbf535880f801a72727692e361b574310c991910"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1, 0x8}})
r8 = syz_io_uring_setup(0x335b, &(0x7f0000000140)={0x0, 0xc7ca, 0x42, 0x0, 0x39c}, &(0x7f00000000c0), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r8, 0xc, 0x0, 0x0)
mknodat$loop(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', 0x1000, 0x0)
chdir(0x0)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x8010)

9m25.606542124s ago: executing program 2 (id=223):
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000280)="ea", 0x1}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

9m10.014376668s ago: executing program 32 (id=221):
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0)
close(r1)
ioctl$SIOCSIFHWADDR(r1, 0x8b14, &(0x7f0000000000)={'wlan1\x00', @random="0100ffffffff"})
mkdirat(r1, 0x0, 0x2)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>r0}, './file1\x00'})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_rx_ring(r4, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
syz_emit_ethernet(0x82, &(0x7f0000000000)={@local, @empty, @val, {@ipv6={0x86dd, @gre_packet={0x0, 0x6, "5f1060", 0x44, 0x2f, 0x0, @private0, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x1, 0x22eb}, {0x0, 0x0, 0x0, 0x0, 0x100}, {}, {0x8, 0x88be, 0x1, {{0x0, 0x1, 0x7}}}, {0x8, 0x22eb, 0x0, {{}, 0x2, {0x0, 0x4}}}}}}}}}, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r3, 0x7, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00222200000096010006010083000000002a90a027b3ff82e875988b147043022effffb3"], 0x0}, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000680)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x4b)
r6 = accept4(r5, 0x0, 0x0, 0x80000)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0)
r7 = syz_usb_connect$cdc_ecm(0x2, 0x82, &(0x7f00000001c0)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x70, 0x1, 0x1, 0x1, 0x30, 0xbb, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x2, 0x6, 0x0, 0x39, {{0xa, 0x24, 0x6, 0x0, 0x0, "d2bf3c703e"}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x80, 0x6, 0x3}, [@mbim={0xc, 0x24, 0x1b, 0xf472, 0x6000, 0x3, 0x5, 0x80, 0x5}, @obex={0x5, 0x24, 0x15, 0xf}, @network_terminal={0x7, 0x24, 0xa, 0x8, 0xfb, 0x9, 0x7e}, @acm={0x4, 0x24, 0x2, 0x3}, @call_mgmt={0x5, 0x24, 0x1, 0x1, 0x8}, @ncm={0x6, 0x24, 0x1a, 0x7, 0x1e}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x20, 0x8, 0x8}}], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x3, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x2, 0x8, 0xf}}}}}]}}]}}, &(0x7f0000000780)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x200, 0xb, 0x9, 0x3, 0x40, 0x7}, 0x2b, &(0x7f0000000300)={0x5, 0xf, 0x2b, 0x5, [@wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x8, 0x20, 0x862, 0xa}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x3, 0x7, 0x8000}, @ptm_cap={0x3}, @ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x4, 0x28, 0x6, 0x7, 0x1, 0x8}]}, 0x7, [{0x0, 0x0}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x809}}, {0xe3, &(0x7f00000003c0)=@string={0xe3, 0x3, "0f8d217581f5dee7e4f79fa2e6a653da3d6f03b4d4fddd480c06f5bd8a390c438e29de2ecf269a587d2be433fa4b005d37d4e281847e892d63d4b1faee32b9748f6a161d22a7f071df8f5699a49b50eeb35aeb6a490e8088c3e8a75124806d192022d105709c9e5aafc3b2b39e384724b7dab0fddcb54565c9f96aaedb3698004bfa982efff44e51e9ce0c0f8ed869a10cc87c5daff603bb1e319152fa2a15db44406d9108ef1d13be435f4ec5f5fd880c9ade3e19b25d53d7b3ff33bb54e02e5cb3895aa1c7d0de5713daad779b490b013f185338df21a2cf119c23f1de686769"}}, {0xc2, &(0x7f00000004c0)=@string={0xc2, 0x3, "a865a52f175350646273ff2d61d622b825bc9ea6e169ea68864e92ac0d8368e46e8a559b093dd17838bdd9182f1830900e48707090111a0a4384458b386379959036d4d52c5546a97d5c4a8bc3bc847b63a75e4a69f5782bb700d4029b1815d5722586ba04c16875376af7ba76f62139ded992200a12878f7a33ea5df53f6cb6c43efded1fe23f4244e0d4df8a7c3908ade76d800113eb98e4c7bb1bca531a12cdc746557a6a6c253f372f52671fdea15494585e6a1d85eaeb8915b5cdae71d7"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x44b}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x810}}, {0x43, &(0x7f0000000700)=@string={0x43, 0x3, "26314a3287130510bc5eea8cdc695120782e949b0d8c0144b05f0b079567f09365ab81939947e189301287b0e0abb019d35395630539a23a5efaa4d53205e489f4"}}]})
syz_usb_control_io$cdc_ecm(r7, &(0x7f0000000940)={0x14, &(0x7f0000000800)=ANY=[@ANYBLOB="0005c8000000c8057c0219493a3c2033df89224c3c3c5f47040ae3dbc2c461062e1869652ae217d0e872c4b06ccef3f2598196d0c8901ea0bddbc5ab41eeebe2596cb8c542a0fe0cab2fcc7c1f52e6d95f186aab431561339d30e6417dbe4fdc137a84dceb771618c5be89c0ecf92de254705960aa1469940c4a03e2dc6d784f886ffebeb94b5fa205659865340d369942ff90fe4bd7999cfb2a1a0674589edeb3c79a6885418592c574e8b504c2203bda3c70a038f87f58bb253c7cc607e90f7af543b4b3aec3d0a5e24bc6b9af"], &(0x7f0000000900)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000a40)={0x1c, &(0x7f0000000980)={0x0, 0x17, 0x33, "b01fe7f80b528f001f9359f9d27c6753f017097b28bda9280dc9c956518136cbf535880f801a72727692e361b574310c991910"}, &(0x7f00000009c0)={0x0, 0xa, 0x1, 0x6}, &(0x7f0000000a00)={0x0, 0x8, 0x1, 0x8}})
r8 = syz_io_uring_setup(0x335b, &(0x7f0000000140)={0x0, 0xc7ca, 0x42, 0x0, 0x39c}, &(0x7f00000000c0), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_ENABLE_RINGS(r8, 0xc, 0x0, 0x0)
mknodat$loop(0xffffffffffffffff, &(0x7f00000002c0)='./file1\x00', 0x1000, 0x0)
chdir(0x0)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x8010)

9m9.776274951s ago: executing program 33 (id=223):
pipe2(&(0x7f0000000000)={0x0, <r0=>0x0}, 0x0)
syz_usb_connect(0x3, 0x3d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r1, &(0x7f0000000240)=[{&(0x7f0000000280)="ea", 0x1}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)

4m28.850359766s ago: executing program 6 (id=929):
r0 = openat$smackfs_revoke_subject(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
writev(r0, &(0x7f0000000380)=[{&(0x7f00000001c0)}, {0x0}], 0x2)

4m28.045226323s ago: executing program 6 (id=931):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r4, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000002180)='z', 0x1}], 0x1}}], 0x3, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r6, &(0x7f0000000140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_DIRENT(r6, &(0x7f00000022c0)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r7, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e805000000000000000e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebafe23e66a44610c0c6003d17"], 0x1e0)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmmsg(r9, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r8, r5, 0x0, 0x578410eb)

4m20.28196885s ago: executing program 6 (id=947):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x5, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000004830000000000000fa40000007010000080020007500feff0000820095000000d3031a006dd015836e4d27f5182b60bbb7c19e21eec859fe68f9428ac407630eac8eb682f5b2d86b4abf9e63ad263fec7db9338ca9eebf2218c8b9ca64bcdcdaa06fc4c7aa217fcecd9443c54143bde8ddcbc3b8ac619930206d8d0881af823d6d18c66f021c20b55013d7fb6ea7013c062d13176d71d7dad98eb976ed679fa639"], &(0x7f0000000000)='GPL\x00', 0x4, 0xfa, &(0x7f0000000140)=""/250, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETGAMMA(r1, 0xc02064a4, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_connect$cdc_ecm(0x3, 0x52, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x40, 0x1, 0x1, 0x0, 0x30, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x2, 0x2, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x9}, [@call_mgmt={0x5, 0x24, 0x1, 0x1}]}, {[], {}, {{0x9, 0x5, 0x3, 0x2, 0x8}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f000000560900a1004daf25cee2d5d1c1"], 0x0}, 0x0)
r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGSTRING(r2, 0x81044804, &(0x7f0000000240)={0x3e, "c2a4d6e1edbcb3340aba7d4040e6b99d7c2a8bcde661c765b2c3494854da79e4d2a78786f992d874ed16f11b04b1d8ce5e7b7a98b9a0aa63d8043d352d9c"})

4m16.436501199s ago: executing program 6 (id=960):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r4, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)="bb", 0x1}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, 0x0}}], 0x3, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x401c2, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r6, &(0x7f0000000140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_DIRENT(r6, &(0x7f00000022c0)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r7, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e805000000000000000e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebafe23e66a44610c0c6003d17"], 0x1e0)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmmsg(r9, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r8, r5, 0x0, 0x578410eb)

4m12.437778358s ago: executing program 6 (id=971):
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io$printer(r2, 0x0, 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000)
write$char_usb(r3, &(0x7f0000000200)="4b84", 0x2)
syz_usb_connect(0x2, 0xe4, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d2f6010000400009046a00067af4190009050f080000050801060c8b631b7507250102020700090501", @ANYRES32=r0], 0x0)
socketpair(0x10, 0x800, 0x3, &(0x7f0000000000))
mkdir(&(0x7f0000000200)='./file1\x00', 0x0) (async)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) (async)
mount(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
chdir(&(0x7f0000000080)='./file1\x00') (async)
open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async)
open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) (async)
symlinkat(&(0x7f00000000c0)='./file1\x00', r1, &(0x7f0000000100)='./file0\x00') (async)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0) (async)
syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0) (async)
syz_usb_control_io$printer(r2, 0x0, 0x0) (async)
syz_open_dev$char_usb(0xc, 0xb4, 0x10000) (async)
write$char_usb(r3, &(0x7f0000000200)="4b84", 0x2) (async)
syz_usb_connect(0x2, 0xe4, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000017ffd340b1134200bbdf000000010902d2f6010000400009046a00067af4190009050f080000050801060c8b631b7507250102020700090501", @ANYRES32=r0], 0x0) (async)
socketpair(0x10, 0x800, 0x3, &(0x7f0000000000)) (async)

4m10.913261822s ago: executing program 6 (id=978):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x36}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x22903)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00')
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000000000)=""/250, 0xfa}], 0x1, 0x185, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0x1b0, 0xc2, 0x6, 0x28c10, 0xffffffffffffffff, 0x400, '\x00', 0x0, r5, 0x2, 0x5, 0x1, 0xf}, 0x50)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x44, r4, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x8c, 0x30, 0x1, 0x1000, 0x25dfdbfc, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4, 0x20}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

3m55.733009607s ago: executing program 34 (id=978):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x36}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x22903)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
epoll_create1(0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
r5 = syz_open_procfs(0x0, &(0x7f0000000240)='net/kcm\x00')
preadv(r5, &(0x7f0000000100)=[{&(0x7f0000000000)=""/250, 0xfa}], 0x1, 0x185, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@bloom_filter={0x1e, 0x1b0, 0xc2, 0x6, 0x28c10, 0xffffffffffffffff, 0x400, '\x00', 0x0, r5, 0x2, 0x5, 0x1, 0xf}, 0x50)
sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000580)={0x44, r4, 0x1, 0x200000, 0x25dfdbfe, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_RINGS_RX_MINI={0x8}, @ETHTOOL_A_RINGS_TX={0x8, 0x9, 0x7}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080001}, 0x4048806)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000940)=@newtaction={0x8c, 0x30, 0x1, 0x1000, 0x25dfdbfc, {}, [{0x78, 0x1, [@m_ct={0x2c, 0x2, 0x0, 0x0, {{0x7}, {0x4, 0x20}, {0x4}, {0xc}, {0xc}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

13.213272221s ago: executing program 0 (id=1743):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000040)={0x34, &(0x7f0000004400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0x40015b0b, 0x0)
syz_usb_disconnect(r0)

11.217589565s ago: executing program 0 (id=1773):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = fsopen(&(0x7f0000000080)='ocfs2\x00', 0x1)
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000200)=""/21, 0x15}, {&(0x7f0000000240)}, {&(0x7f0000000280)=""/119, 0x77}], 0x3)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
r3 = fsopen(&(0x7f00000001c0)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r4, &(0x7f00000062c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x29, 0x0, 0x80000}}, 0x50)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000440)={0x0, 0x200fad6, 0x100, 0x1}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000002a00)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0xdb4, 0x0, 0x0, 0x0, 0x0)
syz_fuse_handle_req(r4, &(0x7f00000042c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000970700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x400000000000, {0x0, 0x15}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r9, 0x3, r2, &(0x7f0000000c40))

10.146422195s ago: executing program 0 (id=1785):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = fsopen(&(0x7f0000000080)='ocfs2\x00', 0x1)
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000200)=""/21, 0x15}, {&(0x7f0000000240)}, {&(0x7f0000000280)=""/119, 0x77}], 0x3)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
r3 = fsopen(&(0x7f00000001c0)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r4, &(0x7f00000062c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x29, 0x0, 0x80000}}, 0x50)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000440)={0x0, 0x200fad6, 0x100, 0x1}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000002a00)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0xdb4, 0x0, 0x0, 0x0, 0x0)
syz_fuse_handle_req(r4, &(0x7f00000042c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000970700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x400000000000, {0x0, 0x15}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
r9 = epoll_create1(0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r2, 0x8008f513, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r9, 0x3, r2, &(0x7f0000000c40))
openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)

8.66893558s ago: executing program 0 (id=1795):
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x5)
ioctl$SG_IO(r0, 0x2285, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = fsopen(&(0x7f0000000080)='ocfs2\x00', 0x1)
readv(r1, &(0x7f0000000300)=[{&(0x7f0000000200)=""/21, 0x15}, {&(0x7f0000000240)}, {&(0x7f0000000280)=""/119, 0x77}], 0x3)
r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000006680))
r3 = fsopen(&(0x7f00000001c0)='ocfs2_dlmfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
fsmount(r3, 0x0, 0x80)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r4, &(0x7f00000062c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000004200)={0x50, 0x0, r5, {0x7, 0x29, 0x0, 0x80000}}, 0x50)
r6 = syz_io_uring_setup(0x110, &(0x7f0000000440)={0x0, 0x200fad6, 0x100, 0x1}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000002a00)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffa, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0xdb4, 0x0, 0x0, 0x0, 0x0)
syz_fuse_handle_req(r4, &(0x7f00000042c0)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000970700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eeffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20, 0x0, 0x400000000000, {0x0, 0x15}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r2, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r2, &(0x7f0000000c40))

8.59285349s ago: executing program 5 (id=1797):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {0x0, 0x7}, {}, {0x7, 0xe}}, [@filter_kind_options=@f_fw={{0x7}, {0x18, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'syzkaller1\x00'}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x80}, 0x24000880) (fail_nth: 1)

8.369640253s ago: executing program 7 (id=1799):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x6000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, &(0x7f0000000240)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)

7.411331259s ago: executing program 7 (id=1801):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x89}, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xa, 0x4d091, 0xffffffffffffffff, 0x4000000)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0x2000)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xb, 0x0)
syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f0000001380)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
pipe2(&(0x7f00000000c0), 0x800)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x3b, 0x0, 0x40)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000040)=0x6, 0x4)

7.204908118s ago: executing program 0 (id=1804):
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = socket(0x10, 0x803, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', <r2=>0x0})
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff})
sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x3c, r4, 0x1, 0xfffffffe, 0x25dfdbfb, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r5}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x8b}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x6}]}, 0x3c}}, 0x20000000)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x2, 0xfff3}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x24, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x3ff, 0x2}}, @TCA_HTB_DIRECT_QLEN={0x8, 0x5, 0x1}]}}]}, 0x50}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x50, 0x10, 0x1, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r2, 0x10424}, [@IFLA_LINKMODE={0x5, 0x11, 0x9}, @IFLA_IFNAME={0x14, 0x3, 'veth1_to_bond\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x6, 0x73e}}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x801}, 0x60000090)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r6 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
r7 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
lsetxattr$security_capability(&(0x7f00000003c0)='./file0\x00', &(0x7f00000004c0), &(0x7f0000000500)=@v2={0x2000000, [{0x7f8, 0x1}, {0x2}]}, 0x14, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x9, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r7}, {}, {}, {0x7, 0x0, 0xb, 0x7}}, @call={0x85, 0x0, 0x0, 0x8}]}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setxattr$trusted_overlay_nlink(&(0x7f0000000280)='./file0\x00', &(0x7f0000000380), &(0x7f0000000440)={'L+', 0x57}, 0x16, 0x2)
mknodat$loop(r6, &(0x7f00000002c0)='./file1\x00', 0xa001, 0x1)
r8 = socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000007c0)=ANY=[@ANYBLOB="500000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c000280080012000dfffff81400030062"], 0x50}}, 0x40)
chdir(&(0x7f0000000480)='./bus\x00')
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x38, 0x12, 0xff05, 0x0, 0x0, {0x0, 0x0, 0x4a00}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x800)
linkat(r6, &(0x7f0000000100)='./file1\x00', r6, &(0x7f0000000140)='./file0\x00', 0x0)
ioctl$VIDIOC_G_PARM(r6, 0xc0cc5615, &(0x7f0000000180)={0xa, @raw_data="b30ea65ed51699db72d146687449bd08633cb374b18d9853193c8a12df6ac86887a95b06edfb66b3359e7852af093fefe1a1efff1597f36836ab67556e674db4818d516363893835401fa4557ddd0b84cd3e547c7022b9e466edf9e44963088da945e9919f556de41eaaf43376466c5c1193321e40391d4227ff414d824e132f960e93b8b2ed330c401a214e0c65c744f5a417a4280d7a5a04ac9fbe73f4b559047df7f4f54979f3fbe0a40524c028a28ad41c7efc4dbfdf66966b1408f8612e993dbb038bf6bb4c"})

6.582424592s ago: executing program 5 (id=1806):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r2, 0x0, 0x8)
fchdir(r3)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x551083, 0x28)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000004c0)=ANY=[@ANYBLOB="480000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="557b000000000000280012800b00010067656e65766500001800028008000b4000000000060005"], 0x48}}, 0x0)

6.116578105s ago: executing program 5 (id=1808):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
ioctl$TCSETSF(r0, 0x5404, &(0x7f0000000380)={0x2, 0x3, 0xfffffff9, 0x9, 0x15, "a294e7003e805a9d1b78d681c441000700"})
write$UHID_INPUT(r0, &(0x7f0000001c40)={0x8, {"45707fe6c13ec0bd03e5ecc69c764fabe1f326e479445fcb5b205f8c3b622124e794bd8e155f4d904619803fd30c7c202046abd5cd2a26aeb32d246533b18dbb112bba54737fa3db4899cfbf40d3f0c487e58766cf9c7b78842142fb94c1a1c94a4b98b0cf1fed922cdbea0b164200d9f958ecd17c75d4b852a384e41367b0298b005bb13c7050e0342de230db20f9a86fe5fff6fff420f03ec7bb88747480857ed08bd7b1c7d178945f1af284d8ca636101edf9c287491e9a33df027ba595b273a8ed5aa6e64d7d3b218b76dc3566398b63e3a8dd3de57079ca6118e08a919f343ead86112d5dea53d5318814f9ddf14081758874653d15a71d0a4b7b18910a03e474208e31ca08e010c28aaa46ecc7c466cb8a06ee6047ca4ae798dc67f6e612afb9aca11097fec86fd5f12ffc6d43e70d749ed8962f2c9d7e88c49cad8b6af5ffca7d38eecafe276f318fdc229937052dee824a11519c054b9716a45703baef71e935632522ac184812313296a6599384899e8015ca5812cd608882ed02e8bc602bb3fb28b7e2bf2128e9fbe97a1e27e074586c6ebb0449ae67c56a96a0b0fcddadb770e57ef7377fed2191d519f222f8a8ce060cbeaa0428c835884f62fca487cd834ad600a5f68c28840878f9f519238abac8ab71c985bd0cdfb5bb1448cb8bb34a59ae512f2deee1f404e0d0c603c615a09be57ef4b94005ee0ef906239d56fa9f310b1be21098ac02db6302c4950496fdbc249d8ffd7cd19e7e26464e712c3184182b57546ae65b77ce55edeae4ee690a0db16b5c26977d36a3369c58ee48588f0ba502f4b584ccfe2e0f60b861930f24db34307ccfb6bf8139b0f8dea88413afc00bcf5582f211348df402e4ae1556627ac3f07dcc77d44d9454ba8eed51139ffdcea61172920c3494ff0d222e6836f8de22d66b10e3875b9b89a48c4ae134e7d81049039d186ea8995b5a289584437c54eb5d03197a7b81e2339f633dbba878eef49eeb85ee34df7789295c5491584af81f8f53487b713becb9a285f674d4c72b188ba6f767ede8ffae64842ecb82b33e799e90f7e977556884664e978e9dc7686c5d1253d4328ac7d95c67258a4fbc267a29b515f09a27a87015756c825f3ce309a2d8b089f2aed4e560d2b154d40ec1fe9cd01ecbfe3b025ff4222891757b376a9cbf325820912f8027ddd963d1ccf549baa912c0cf4817bf1a639dd5b39e56a63d108d914169c72577bc45730e1a9e20529a9f6a8aee9c83da159467c2f77212c1b9eda16804490198a29c61efec362dfa448ffa56a8e120690222f8e56ee6a820feda4173637e34c1aab938637ff82aad4f4f352f12ff9c164a9a7ebaa7a17797764b2bacae18898c33e8c759298eb94db0b8e676b6cc7971e6bd80445472af014f7470656d2566d7ca656acd4135e61dd4545f2d587ea05e6161db82f298bd71d610e50a092b817789473f5da3d32716613a1b09bbda29d501eff30e9993271f20423e74a2a0a1662f99f73c27e855d32796bc68a769e92e2b5d659f2ebd132dc9bfffbf031cd225f7e83e321160b65e55ff38462e8a36a4c533d30302d8102bcb41bec2abab1984b06733d370c2f3363a8d5e30c08f0e74e9e876f72745f574bc80fbe25943896ebe04fe72cfa9de6ee8506ad70c3be65a86eaf4f1fb913821afc85cf985b841d8ca96321dc1a31724f0b599c2ad147713692ecde7238ac87f2f426169bc060281c460f0e1346a92f464ee1f794002d3187a84fc6757f735cbbf42c41a0bb5d99ca04ef3792276491a1232fbcc00f7caf321ac9951a6517eeabaedc207c6b4d9c8f4e5a458d7def6c08a508b66ed3ccae5b544f0b84c9871129c4f6efa804404852993483d06b9227a689cb37a605b43265ca46ebe674073fbca8f83a56856cd6d5cf6e018dea75ca325b2365527888321bc8686069a7dbdc8b22a32c20e07e79eca4f83902a7d02c641bbdbe66a1bc18ff132c770b67964cce6c3800c05a5f0e0253ebd85b825e1c692887e36e4b938ac97507979aa39459ea04070fb078c63c334eabbc1e6444ce1336f98a41045d2a576a049d07368e027b182f6038ad38c3359dd3de78544dc621f9acd4f0540e117162c22e753462c4be2065724c3429b75b4db74e89d84f2795aba986dfc2b1fdcbe98346260cb9748f454a65f4b35b874ac5910184ad0fece39f01cd50663ca2462729f4cfa4e756c0cb6fc397f77c8fdcd7c9e194705e522ca83c625c7fab6ea43aad89db0b6ba71eed901209fc7330e8bc671aff44e5e48502abddc2409b52ece3779d3b19c1832b30abd3f81a9ff0c68fce42ad9c1941f03ce33ed9d37dce98dbe5e1d23519d22087f307e870c82f028e96fef580c4c8c62a32c2776eed31c3d8bddeb43cc53ab8592478253b6de3095d6828bd960989b9ed9879f863d3128f708eebe99f7701823f232444f2ac9830da973b993679e1bb510b2b6939847751cd0d4642d7bb899e21a7c26938fae9f1b149ff19032b5149b4cde635fa99c2160a8cd6f7ad6a5a242b6b31e253e04ea72f1b6f60677ef87fd8e175373c24822a3794134a3124f2e109a59d9db08e48f845254d4b68c42da5b2b2f3c3c528f4281cae4f5117cd0a4658e9ed1dba09656393623fb13fad1cda4eaa602176aba55ba251817017338193512318390fed2a914739050b1a85ca3833f71aa7c4c8fb45158b530c24bd4316f72c9b432a1bd067cd6fc64d646cc06bfbbf990dacb32de9496a8d730cc07171ce548957d435b2f121ea4bb939f70785ebce86f0ad6d89bb71cdc1d0897284ac5d09b95a76ddbfc787a98193b9cbdb1d3ffd89d5f10b9bbb5d41a2a33f73385df351db85c83786db3da558d890f414b21615160dfcb3b46f0958d492bd6d056550c48e5f0c26dd10c1c6ab3b4c6b7d911db5ac463f8e37a8bbcc2295fe79fa109f491a126fff6a1ffe161c7787f746fc8ddea5f19bd20fabca63aa81ae2d725e0b250f27fd7c8431ef6b2827904f62b5ffefc9bfdfb7d55ef6d9883c6ab43c5214b4af237d0df67afcb3d62e80041720952e837e65a22351cb3bf8a9e271568597f79f12144495d31ef72fc36a86e9eb4359790aee88c00b05473ac1a90b8bbe0c0db99570dd9bda506469c258e145841d9c26c9f32722a678cf25657acd124831cfc6a1809e341989b46b6df9db72b18f8be39cd845669bad697bc6bd9bec531047d5fa9e201e1a525c372367f8495280c5d93a62f9fb6f890c59959dcbac7de68e3a417befcd11c722067aac4726e2fdcabce2321ea64d9fbda04ab25dedbcb441faaef2d7bf024fe765591fd0354b2bcaa243a6d741272d4458e433118568944047eeec85d3b0f5b98cbdad0f77371be15af9c1bf928eceb652c581fa638e2131c22d901e6f047a5649ffab5324054389ebeb47ff283e0f0ffe074382e520c632bc440cbeaa68770877516e101709489bcb643b187cb2715e58479074cd32d53077331453fc537d34f87a7ec5e5da686c2f304116394e2bd1e480f5da74a6b725d526b71dc869df8dda3feb44f5463f4c678b6a8be34994ecb0902b3cf269de1adf0da8b8ad340b63a6d0237df7e812b94572adbc196784dfcf33e3e97a17b71a2dad7015fb2d59d4c5838ca551984c7d8ee7bf05ab3edf89029ffd20e373fcb72523bff1e63df721416a068d7b2daa3e17fbba8e831c53e29a94dc483e289cf7406a7b2da28ecc761cf9d847d39b7daa5e34a2a0e4dd19ca5c4a1ab274c7fb9a3057109ec0644579f1af210f8b8133dd87f1abd7c71ac09cfc38699573b35e6d9c5bdaa21f16442b87860e9a7f62ff7c2458160c6a64dc218a258ee06e222e47b3b8e0cf5a5c2d9985f886f32abd129ee056fae9b2e32d0571532eab27fa8f079f9c3e378125f2020064850cfb19c53aa44ad8da6f83a5d827bcb131da9d4dde6e8bd0005ef240c4a02b17051845c35725bd8668c3b27b46355febbf2bf3e5dc5ec650499669cbfe921815396d87b3ede410d492cc73ec7f3a40409eed9358131f1f75e31f24e34af6fc7b6fe2730fd043fd69269d939772e7fef5f2e08b657038a61bc8a8d5688b16029d15aacefe6631a364769d3b9b261bbac584c5ba29b7fbda146fc2ac0f1044f89141a57292b87c7275c6ec6011e5b4b40d1ebc4fc32e7c7ac96aea170225e60c189ed09f8df0a143232bd93c6a9d0fba9783f303b3375b10dde9cd501e68df3734f6278a0389418578834e1912806f07e2fa715bfed4bc707559ee3d4966f51cb652b06b747ae2d79b56759035f01953e76a2dc14c817eb0f97332e68c1d3995dcd84b2329194299944cb2c050991c409fe447ed764a9a3a1182bc30f773b0b415c1898460150c9fec8987c24ba07f87f299d014bd89049b3e9d0c9bf1c6bf159545e52cdfcf9e799b593cb411a3db12396dc9c09ddeddfcb6165a99074e531b7ceddaf344baf2e65225203da537cf09fc073d61d92c13a1c95f93e70050b99850272d0227a89faadfbfae923501b0321984b59229b7dc3c646bf4e381534fcb31783c568deb1a36f95c873df99ccab25446c77d96de6b2c70d5baa5b27786e8027b2f70be117bfdc1b2c6d72a6ab2f9e9a9ce231443d0621448e78393142f90177e7bb52976c668583c64beca45af5ea23a060ec910c6cd89ba7cb9cbbd7627ee56dd2d4d60d994cd63e81f181642b8864afa797aecc22358eea8d059d681a333caa15a8c56918523d465e94668d6ef5f3dcc089bffb13ad76dbf79c44c14f494fda3a55f61c3ed659e20a274297360576fd3230b3e4b7e79ea5b7d78c1def22741a38d17b39c646579d8d5df4cae4eca98d1c0df9371532fe89efc2c375fe433699ee14fcd4cf84495d380663aa10a374dba851536b8159deee491ed2c0e2b920bf7c5627db54562f1ff9c56795245be220391d6b681360fa221efc91faf57d80f15b5e3d881cfa30e1145dbde325c6cc8254938a9eb906d846ec5f76f63443b8f2c50db90b6563900a8f97947c82caec3ce4ee3a5e19fc3324376e4b041b7ed82d9940f7a63f9f962f6d746cb781dbbe16a90649881a77e8ac40677e74d87beadc50df2bc624aa6a707cb50c8ee749db526903f38d706df0201bf503b759d320fa940838ec74c914d0de569ed9ffc6eb2cee026ce22cd50a884bccfadbf503892930c4c4dd7efcb3caaac1695027ed66f3f29c7a1edade721bac0599ff0c400542d31d5dc235ddca7bada9cabcf427e038e5c6a54687b955131c547155036401c7a9a44b3b0437edaa30635b84e37996bcc8594307a6b6bbd8b06daa994cf238925485cd9ace35b3fdfd72788199b6f0570eed2078a4b2f36f511a68566927389ca5ce1c854cb500c2693d7a7917cc8f1215608b7dd2ab22de43a5cc91309a4db2a4c29fdeceaec4a604d13af72a60ea50070626aa6d4cfa418b95edda37a88db5218a1e096436a3551ee712ae137217cd0e941c31e86839e3a9aef8058f5f3196a5006f5a13f3343c0cbf50f9a27c7481e62614a4c51071df6c9a2e0058e534be00c510052e03148c79cc31256359b330c0de91e6130ce741d0472a838463987b9cb80693701825d0af139207f4ff1dc5cb92187170acb8c217f26b1a0544021a8ddce3e31de19b603a5eeca75a7a6234f75d890322a2dca481bc814ba65893cf8e4492094dfe534936a4378e85f680559f4ebce2cccdbea2c0c1e776c4cf50df6b0bc2effcee0f2c76b5c478f9dd02e0eef9399ddf2ba449e03cfd5d33388b0b683c3ce0d301ca1ba4ab", 0x1000}}, 0x1006)

5.58004938s ago: executing program 5 (id=1811):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

5.502127369s ago: executing program 4 (id=1813):
r0 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x86c}})

5.413296815s ago: executing program 0 (id=1814):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000001ec0), r0)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r0, &(0x7f0000002000)={0x0, 0x0, &(0x7f0000001fc0)={&(0x7f0000001f40)={0x24, r1, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NFC_ATTR_LLC_PARAM_LTO={0x5, 0xf, 0x4f}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x5000)
r2 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
r3 = gettid()
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x2}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000000c0)=0xf7d)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f0000000340), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
tkill(r3, 0xb)
socket$alg(0x26, 0x5, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
getgroups(0xfffffffffffffdb2, 0xfffffffffffffffe)
r5 = memfd_create(&(0x7f0000000400)='\xa3\x9fn\xb4dR\x04i5\x02\xac\xce\xe1\x88\x9d[@8\xd7\xce\x1f 9I\x7f\x15\x1d\x93=\xb5\xe7\\\'L\xe6\xd2\x8e\xbc)JtTDq\x81\xcf\x81\xba\xe51\xf5 \xc8\x10>\xc9\\\x85\x17L\xbf\xcf\x91\xdfM\xf3\x02^T*\x00\x02\xb9~B\x9f\xacl\x1d3\x06o\xf8\x16H\xaa*\x02\xf7\xfb\x06\xf1\x83\x92\xa8\xc2\xcb\xae\xb0\xb4\x93\xb8\x04\xf1\x99\xc2yY+\xd9y\x8a\xd5b\xe8\"q\x1b0)\xccm\xacz\xc1\xadd\x9b6a\xf3\xdds\xbb\x88\xff\b\x85\xb3s\x00\x0e\xbcfvi\x85\xfc.|\xd4h\xec\x82o\x8e\x93\x11\xc1\xd4\xae\x05\x17=\xd9R\xd0\xd4\x90\xcf\x9b\xdc\xaeV\x88\x94\x9f\xe3\xefqi\xed\xa8w\xbe\xd0\xd0-tBl\x9e+\xd3\xed\xce\x9f\x83\x86\xf9\x12\x16Ts\x80\x13]C\xfb`\xc2`\xf7\x1a\x00\x00\x00\x00\x00\x00\x00k\xae\xcb\x1a.\xc2\x8f\xd1x4]PZ\x9e\xd5Y\xf0L\xa4\xbc\x84\xf6\x04L\xff0\x8b\\*\xf9,\xb6\r\x97\xedy\xe0\x8a\xe2\x8ck\xc6S\xc3g\xb9\x1a\xf8\x8f \x9d\x00u7\xd8\'\xf1E\xa4(Q\x80Fy\xb5\xe4q\xc9\xff \xd8\x9d\xad\x11\xf8m\xd3\xbc\x9e\x10D\x7f!\xca\x0ev\x15h$\x01\xdd\xe5\xce\xf8*\xb3\x01\x85\a\xe4qv&\x9c\xac\x9aN~o\xe5\x89\xd5\a\x9f\f\x1f\xc2e/\x8d\x1e\n\xd0_\xbd!^\xa46\xb8j\xc0x\n\xdb\xe1\xa3\xd6\xae;\r\x92@\xa5I\x88Z1F\xf0\x1at\t\xd0\x8a\x04m\x06\xf3BL\xffS\x9eY\xf4\xb0U \xf8\xd00\x88y\xebX\x92\xd5\xbb\xa1h7\xf3\xe0\x0f\xbd\x02\xe4%\xf9\xb1\x87\x8aM\xfeG\xb2L\xbd\x92-\xcd\x1f\xf4\xe1,\xb7G|\xec\"\xa2\xab\xf6\x84\xe0\xcf1\x9a', 0x0)
execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
timer_create(0x2, &(0x7f00000006c0)={0x0, 0x31, 0x2, @thr={&(0x7f00000005c0)="3b99db7e37f40ed53aef2374da63173d60c3fa463043058a938ce2e3f6939e7bee102292517e7de8c50e6091ba6799975cd3da42ef3bed1498cf2b2fa56651567a1bf16567afd4db0b3631b4ccbbdf54d5ba2a7d1da07eac1aff3311e65be798442184f6098faa000767568badfb618400fdd5c4ead84e973a77b69bd2d137238a754d22bc0290f7073b0f4cd571380b6ff63c2d37f9ee327cf083edd551ef2e27316d1ab00e6fb0eac919", &(0x7f0000000700)="c0bed193b4726b889470b21e2503e9d67f36efcaf4f6bd4023b079290452e896c706eb76e94ba0eacceb6718702b6d1ed1b8357cbd8bae6ad5f64131ea471b40353e56b6e7c5efa68730455057b36d7959b792ed45ed42127695107c37268bd46679e860cf8c501063895c59a00186ee136b2468466e1aa922b285c561510c53ee95829ce71f70b0294d003344822fbaf20eabd52dd49b634dfb4bba083e5fe7c5f87ce16cccb263f495b5"}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x6c}, {0x6, 0x0, 0x0, 0x7fffffff}]})
syz_memcpy_off$KVM_EXIT_HYPERCALL(0x0, 0x20, 0x0, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$inet6_udp_int(r6, 0x11, 0x67, &(0x7f0000000140)=0x5, 0x4)
connect$inet6(r6, &(0x7f0000000100)={0xa, 0x4e25, 0xd4c7, @ipv4={'\x00', '\xff\xff', @local}, 0x2}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)

5.398482125s ago: executing program 4 (id=1815):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

5.385814816s ago: executing program 5 (id=1817):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0xabf4, 0x8})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0)
syz_usb_control_io$hid(r3, &(0x7f0000000600)={0x24, &(0x7f0000000480)={0x40, 0x31, 0x1c, {0x1c, 0x23, "044f147104f32f532ef5f1dda0a87004b0f1217cd79e656be375"}}, 0x0, 0x0, 0x0}, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x20400)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r5, &(0x7f0000000840)=[{&(0x7f0000000500)="00f9d0d77370422e0ce7018e84dbe981b54c72664793a3e8305382b95655e070f81da408c5ea716f8fce8d506897953e229287d6c58d439a9d2a12e8f686c2400fe74f9d598ad0f38afb1899b2347f4460d3b5823e892bf8611c70b7455433621042e9965cb98a5f027e5eef7ecdb3130d7de2dd0a6a60c03511e1a92849c3d2c73c5cec8bac309f082c38e842cebc38fbc84f1ba307905de7a511cbbc2e36aa2754f502238f00b4883b3e3289a6c3ca147c34d72dd3518105b8e6dad2baa8f7f974813a9c28251652e83edb6a5515cd41479c752d41b8bada", 0xfffffec9}, {0x0}], 0x2)
socket$key(0xf, 0x3, 0x2)
r6 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x400246}, &(0x7f0000000340)=<r7=>0x0, &(0x7f00000006c0)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r6, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r6, 0x627, 0x4c1, 0x43, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000340)={0x2, 0x8163, 0x7})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x200, 0x1fb, 0xc38})
r9 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f0000000340)={0x8, 0x8169, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000380)={0xff, 0x3, 0xd83f})
close_range(r0, 0xffffffffffffffff, 0x0)

5.220996161s ago: executing program 4 (id=1819):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000000000079104800000000006104000000000000950000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @dev}, 0x10, 0x0}, 0x20008000)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r2}, &(0x7f0000000000), &(0x7f0000000080)=r0}, 0x20)
recvmsg$kcm(r1, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x2)

5.201416451s ago: executing program 7 (id=1820):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$session_to_parent(0x12)
keyctl$session_to_parent(0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket(0x10, 0x3, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
add_key$user(&(0x7f00000001c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(0x0, &(0x7f0000000440)={'syz', 0x0}, &(0x7f0000000080)="f01c16713346b32dc52b39f28ddc48932dcb39c7736c75b58f942116cdd91bed0c422ae31b7f5d541de65606a2687cdda0631894adb5a5cc5b73ba395b6367ff2af67602eaaa25eb4ab3837e33f6ecc2e6a9b9c4d1dccdee4815ea7aa20151d36444a6a13cb383de8018a376234d66cf2acfd724bf30c32ebd4b05f50affdbdeffdfcf87a422c01d970421c73a5e206d7d4c4c81a3f2b014cde37642db689d597f53e79c48f1029d2d40c7c4678e205bb01937bb1c785ebab5a4f5b10f791ebfa0fb0944ba2cfc43a561ff23ee092a8eae000000000000", 0xd7, 0xfffffffffffffffc)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b7080000001e00007b8af8ff00000000bfa2000000000000"], 0x0, 0xe, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)
sendmsg$NFNL_MSG_COMPAT_GET(r3, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)={&(0x7f0000001700)={0x30, 0x0, 0xb, 0x5, 0x0, 0x0, {0x7, 0x0, 0x3}, [@NFTA_COMPAT_REV={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_COMPAT_NAME={0xc, 0x1, 'NFQUEUE\x00'}, @NFTA_COMPAT_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x24040800)

5.016307761s ago: executing program 3 (id=1821):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0, 0x0, 0x36}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x22903)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
epoll_create1(0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x1d, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000003c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0xa, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xb8, 0x0, 0x0, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x35, 0x8, 0x8, &(0x7f0000000540)}}, 0x10)

4.901500472s ago: executing program 3 (id=1822):
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}, 0x8f}, &(0x7f00000001c0)=0x9c)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r3 = socket$unix(0x1, 0x2, 0x0)
bind$unix(r3, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x101000)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r4, 0xc02c5341, &(0x7f0000000080))

4.667702336s ago: executing program 4 (id=1823):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r0, 0x0, 0x0, 0x0)

4.544868601s ago: executing program 3 (id=1824):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
mremap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000, 0x4, &(0x7f0000fff000/0x1000)=nil)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read(r0, &(0x7f00000013c0)=""/4100, 0x1004)
getpgid(0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'macvlan0\x00'})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r2)
sendmsg$nl_generic(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000017c0)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
recvmmsg(r2, &(0x7f0000001c80)=[{{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000240)=""/159, 0x9f}, {&(0x7f0000000440)=""/174, 0xae}, {&(0x7f0000001ac0)=""/244, 0xf4}, {&(0x7f0000000600)=""/4096, 0x1000}, {&(0x7f0000001bc0)=""/189, 0xbd}, {&(0x7f0000001d40)=""/42, 0x2a}], 0x6}, 0x10001}, {{0x0, 0x0, 0x0}, 0x5}], 0x2, 0x4022, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
keyctl$clear(0x3, 0xfffffffffffffffd)
keyctl$set_reqkey_keyring(0xe, 0x4)
request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)=')\x80', 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$usbfs(0x0, 0x85c, 0x1f5100)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2)
semget(0x3, 0x0, 0x251)
shmget$private(0x0, 0x1000, 0x800, &(0x7f0000ffc000/0x1000)=nil)

4.25313128s ago: executing program 3 (id=1825):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x75, r0}, 0x38)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r3, 0x0, &(0x7f0000000340)='\x00\x00\x00\b\x00\xf2?60\xac\x14\xd2\xb1\x0f\x87\xb8\'\xf9\x9c\xde\x00\x00')
socket$inet_tcp(0x2, 0x1, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$reject(0x13, r3, 0x5, 0x9, r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r2}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x8, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r6=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x18, &(0x7f00000003c0)=@raw=[@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x156}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @map_val={0x18, 0x2, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x2}, @ldst={0x2, 0x2, 0x2, 0xb, 0x6, 0x8, 0xfffffffffffffff0}, @tail_call={{0x18, 0x2, 0x1, 0x0, r1}}], &(0x7f00000001c0)='GPL\x00', 0x6, 0x3e, &(0x7f0000000480)=""/62, 0x41100, 0x10, '\x00', r6, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x4, 0x9, 0x1, 0xb}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
sched_setscheduler(r8, 0x1, &(0x7f0000000380)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r5, &(0x7f0000005cc0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)={0x64, 0x3, 0x1, 0x301, 0x0, 0x0, {0xa, 0x0, 0x2}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x409}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x20}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}, {0x14, 0x4, @private0}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x840c0}, 0x400040c0)

3.209840307s ago: executing program 7 (id=1826):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) (fail_nth: 1)
accept4(r0, 0x0, 0x0, 0x0)

2.313188025s ago: executing program 4 (id=1827):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000304000000000000000000007400", @ANYRES32, @ANYBLOB="0000000000000000240012800b000100627269646765000014000280060027"], 0x44}, 0x1, 0x0, 0x0, 0x40800}, 0x0)

1.200101652s ago: executing program 3 (id=1828):
r0 = socket(0x22, 0x2, 0x1)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setuid(0xee00)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000040)={@private2, 0x10200000, 0x0, 0x1, 0x9, 0x3}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@local, 0xffffffef, 0x2, 0x2, 0x8, 0xbbb9, 0x96}, 0x20)
unshare(0x2c020400)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, 0x0, 0x0)

353.375232ms ago: executing program 7 (id=1829):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, 0x0, 0x0)

118.089909ms ago: executing program 5 (id=1830):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000bf0000000000000000008500000020000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x4}, 0x94)
r1 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.rsvd.failcnt\x00', 0x2, 0x0)
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='writeback_sb_inodes_requeue\x00', r0, 0x0, 0x10}, 0x18)
fcntl$setlease(r2, 0x400, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
r4 = fcntl$dupfd(r3, 0x0, r3)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r3, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4)
sendmsg$IPVS_CMD_GET_CONFIG(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x4000)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000340)=@gcm_256={{0x304}, "f2f3061871182c9d", "390db41cd06a5a72f16e2da02153604facdb9df844437cf4e020addaacf66dfd", "0713208c", "edaac78e052664c0"}, 0x38)
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r5, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r5, &(0x7f0000000340)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2)
write$cgroup_int(r1, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, r6}, 0x18)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r7, 0xfffffffc)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r8, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x10)

57.495783ms ago: executing program 4 (id=1831):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x89}, 0x0)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x2, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
io_uring_register$IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, &(0x7f0000000040)=0x2000)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xb, 0x0)
syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f0000001380)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
pipe2(&(0x7f00000000c0), 0x800)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x3b, 0x0, 0x40)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x7, &(0x7f0000000040)=0x6, 0x4)

52.738789ms ago: executing program 3 (id=1832):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000000c0)='sched_switch\x00', r0, 0x0, 0x36}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000300)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x22903)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
epoll_create1(0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[], 0x10}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x1d, 0xcb23c9c9931e99e9, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x40, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0xaa3, 0xfffffffffffffff8}, {0x0, 0x8}}}, 0xb8}}, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0xe0, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f00000003c0)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0xa, &(0x7f0000000400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xb8, 0x0, 0x0, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x35, 0x8, 0x8, &(0x7f0000000540)}}, 0x10)

0s ago: executing program 7 (id=1833):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = openat$kvm(0x0, &(0x7f00000000c0), 0x800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0xc048aeca, &(0x7f0000000080))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
arch_prctl$ARCH_SHSTK_UNLOCK(0x5004, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x989680}}, 0x0)
r4 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
bind$bt_hci(r4, &(0x7f0000000000)={0x27}, 0x74)
sendmmsg$unix(r4, &(0x7f0000000b00)=[{{&(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000e80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000740)=[{&(0x7f0000001dc0)}, {0x0}], 0x2}}, {{&(0x7f0000000580)=@file={0x0, './file0/file0\x00'}, 0x6e, &(0x7f00000006c0)=[{&(0x7f0000002180)='z', 0x1}], 0x1}}], 0x3, 0x0)
r5 = openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0)
r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
read$FUSE(r6, &(0x7f0000000140)={0x2020, 0x0, <r7=>0x0}, 0x2020)
write$FUSE_DIRENT(r6, &(0x7f00000022c0)=ANY=[@ANYBLOB="e001000000000000", @ANYRES64=r7, @ANYBLOB="07000000000000140000000100000000b7010000000000007fb4e4a3e805000000000000000e9204bcd4badbc6f94b0e5300bd75b93bcdeb1a4cec3f7f5c4ee14589c966d18a78f381044b4a0be919482bdfe3dba4324c68b8e46e4cfe31d560864363ddf26e0ea7f58603eeec38ad06a8d730baa9ae28c00633d5b669ebafe23e66a44610c0c6003d17"], 0x1e0)
ftruncate(r5, 0x8800000)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
recvmmsg(r9, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0)
sendfile(r8, r5, 0x0, 0x578410eb)

kernel console output (not intermixed with test programs):

ce 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  653.510248][   T49] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  653.512255][   T49] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  653.512336][   T49] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  653.512357][   T49] usb 6-1: SerialNumber: syz
[  653.678667][   T49] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  653.678923][   T49] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12
[  653.762855][ T1580] rtl8150 8-1:1.0: couldn't reset the device
[  653.763204][ T1580] rtl8150 8-1:1.0: probe with driver rtl8150 failed with error -5
[  653.788831][ T1580] usb 8-1: USB disconnect, device number 11
[  654.069504][  T990] usb 6-1: USB disconnect, device number 38
[  654.086934][   T10] usb 4-1: new high-speed USB device number 58 using dummy_hcd
[  654.236945][   T10] usb 4-1: Using ep0 maxpacket: 32
[  654.239388][   T10] usb 4-1: unable to get BOS descriptor or descriptor too short
[  654.240389][   T10] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  654.240409][   T10] usb 4-1: config 1 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  654.242334][   T10] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  654.242350][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  654.242360][   T10] usb 4-1: Product: syz
[  654.242368][   T10] usb 4-1: Manufacturer: syz
[  654.242376][   T10] usb 4-1: SerialNumber: syz
[  658.072986][   T10] usb 4-1: USB disconnect, device number 58
[  658.133408][T10955] team_slave_0: entered promiscuous mode
[  658.133456][T10955] team_slave_1: entered promiscuous mode
[  658.136524][T10955] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  658.617011][ T1580] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  659.064899][ T1580] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  659.064917][ T1580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  659.064928][ T1580] usb 6-1: Product: syz
[  659.064936][ T1580] usb 6-1: Manufacturer: syz
[  659.064944][ T1580] usb 6-1: SerialNumber: syz
[  659.600375][T10978] vxcan2: entered allmulticast mode
[  659.678487][ T1580] rtl8150 6-1:1.0: couldn't reset the device
[  659.678854][ T1580] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  659.715954][ T1580] usb 6-1: USB disconnect, device number 39
[  660.031161][T10987] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1350'.
[  661.458094][T10985] random: crng reseeded on system resumption
[  661.747033][T10989] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1351'.
[  661.749549][T10989] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1351'.
[  662.326260][T11001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1355'.
[  663.627398][ T1580] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  663.882812][ T1580] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  663.882842][ T1580] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  663.882862][ T1580] usb 6-1: Product: syz
[  663.882877][ T1580] usb 6-1: Manufacturer: syz
[  663.882891][ T1580] usb 6-1: SerialNumber: syz
[  664.104069][T11026] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1362'.
[  664.799678][ T1580] rtl8150 6-1:1.0: couldn't reset the device
[  664.800057][ T1580] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  664.845420][ T1580] usb 6-1: USB disconnect, device number 40
[  665.315352][T11034] 9pnet_fd: Insufficient options for proto=fd
[  665.338640][T11034] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  665.356958][ T6017] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[  665.560291][ T6017] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  665.560322][ T6017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  665.560342][ T6017] usb 1-1: Product: syz
[  665.560356][ T6017] usb 1-1: Manufacturer: syz
[  665.560370][ T6017] usb 1-1: SerialNumber: syz
[  665.794450][T11052] FAULT_INJECTION: forcing a failure.
[  665.794450][T11052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  665.794509][T11052] CPU: 1 UID: 0 PID: 11052 Comm: syz.5.1371 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  665.794533][T11052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  665.794545][T11052] Call Trace:
[  665.794554][T11052]  <TASK>
[  665.794563][T11052]  dump_stack_lvl+0x189/0x250
[  665.794591][T11052]  ? __pfx____ratelimit+0x10/0x10
[  665.794620][T11052]  ? __pfx_dump_stack_lvl+0x10/0x10
[  665.794643][T11052]  ? __pfx__printk+0x10/0x10
[  665.794666][T11052]  ? __might_fault+0xb0/0x130
[  665.794699][T11052]  should_fail_ex+0x46c/0x600
[  665.794730][T11052]  _copy_from_user+0x2d/0xb0
[  665.794752][T11052]  __sys_bpf+0x1e3/0x860
[  665.794776][T11052]  ? __pfx___sys_bpf+0x10/0x10
[  665.794794][T11052]  ? preempt_schedule_irq+0xde/0x150
[  665.794856][T11052]  __x64_sys_bpf+0x7c/0x90
[  665.794885][T11052]  do_syscall_64+0xfa/0xfa0
[  665.794916][T11052]  ? lockdep_hardirqs_on+0x9c/0x150
[  665.794941][T11052]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.794957][T11052]  ? clear_bhb_loop+0x60/0xb0
[  665.794976][T11052]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  665.794992][T11052] RIP: 0033:0x7effeca1eec9
[  665.795006][T11052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  665.795021][T11052] RSP: 002b:00007effeac3c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  665.795040][T11052] RAX: ffffffffffffffda RBX: 00007effecc76180 RCX: 00007effeca1eec9
[  665.795052][T11052] RDX: 0000000000000018 RSI: 0000200000000540 RDI: 0000000000000011
[  665.795063][T11052] RBP: 00007effeac3c090 R08: 0000000000000000 R09: 0000000000000000
[  665.795074][T11052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  665.795085][T11052] R13: 00007effecc76218 R14: 00007effecc76180 R15: 00007ffdf0e00738
[  665.795113][T11052]  </TASK>
[  665.803311][T11052] trusted_key: encrypted_key: insufficient parameters specified
[  666.758303][ T6017] rtl8150 1-1:1.0: couldn't reset the device
[  666.758642][ T6017] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5
[  666.797750][ T6017] usb 1-1: USB disconnect, device number 50
[  667.079424][T11056] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  667.079437][T11056] CUSE: zero length info key specified
[  667.445955][T11077] input: syz1 as /devices/virtual/input/input14
[  667.492140][T11079] FAULT_INJECTION: forcing a failure.
[  667.492140][T11079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  667.492162][T11079] CPU: 0 UID: 0 PID: 11079 Comm: syz.4.1384 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  667.492174][T11079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  667.492181][T11079] Call Trace:
[  667.492187][T11079]  <TASK>
[  667.492192][T11079]  dump_stack_lvl+0x189/0x250
[  667.492210][T11079]  ? __pfx____ratelimit+0x10/0x10
[  667.492227][T11079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  667.492240][T11079]  ? __pfx__printk+0x10/0x10
[  667.492261][T11079]  should_fail_ex+0x46c/0x600
[  667.492278][T11079]  _copy_to_user+0x31/0xb0
[  667.492291][T11079]  simple_read_from_buffer+0xe1/0x170
[  667.492305][T11079]  proc_fail_nth_read+0x1b6/0x220
[  667.492322][T11079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  667.492338][T11079]  ? rw_verify_area+0x2ac/0x4e0
[  667.492353][T11079]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  667.492368][T11079]  vfs_read+0x206/0xa30
[  667.492388][T11079]  ? __pfx_vfs_read+0x10/0x10
[  667.492402][T11079]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  667.492421][T11079]  ? mutex_lock_nested+0x154/0x1d0
[  667.492433][T11079]  ? fdget_pos+0x253/0x320
[  667.492449][T11079]  ksys_read+0x14b/0x260
[  667.492470][T11079]  ? __pfx_ksys_read+0x10/0x10
[  667.492485][T11079]  ? __secure_computing+0xe2/0x2a0
[  667.492505][T11079]  do_syscall_64+0xfa/0xfa0
[  667.492521][T11079]  ? lockdep_hardirqs_on+0x9c/0x150
[  667.492536][T11079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.492546][T11079]  ? clear_bhb_loop+0x60/0xb0
[  667.492559][T11079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  667.492570][T11079] RIP: 0033:0x7f2fba3fd8dc
[  667.492580][T11079] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  667.492589][T11079] RSP: 002b:00007f2fb865e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  667.492601][T11079] RAX: ffffffffffffffda RBX: 00007f2fba655fa0 RCX: 00007f2fba3fd8dc
[  667.492609][T11079] RDX: 000000000000000f RSI: 00007f2fb865e0a0 RDI: 0000000000000003
[  667.492616][T11079] RBP: 00007f2fb865e090 R08: 0000000000000000 R09: 0000000000000000
[  667.492622][T11079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  667.492628][T11079] R13: 00007f2fba656038 R14: 00007f2fba655fa0 R15: 00007ffc22e648f8
[  667.492646][T11079]  </TASK>
[  667.517062][T11040] Bluetooth: hci5: command 0x0406 tx timeout
[  668.157574][T11088] 9pnet_fd: Insufficient options for proto=fd
[  668.158409][T11088] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  669.804210][T11100] dlm: Unknown command passed to DLM device : 16
[  669.804210][T11100] 
[  670.183158][T11099] tty tty31: ldisc open failed (-12), clearing slot 30
[  670.769616][T11110] netdevsim netdevsim7 netdevsim0: entered promiscuous mode
[  670.907067][    T9] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  671.068241][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  671.068300][    T9] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  671.068321][    T9] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  671.068341][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  671.146449][    T9] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  671.146480][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.146500][    T9] usb 6-1: Product: syz
[  671.146515][    T9] usb 6-1: Manufacturer: syz
[  671.146530][    T9] usb 6-1: SerialNumber: syz
[  671.210040][    T9] usb 6-1: config 0 descriptor??
[  671.247542][    T9] garmin_gps 6-1:0.0: Garmin GPS usb/tty converter detected
[  671.254069][    T9] garmin_gps ttyUSB0: failed to submit interrupt urb: -22
[  671.254126][    T9] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -22
[  671.441978][    T9] usb 6-1: USB disconnect, device number 41
[  671.444623][    T9] garmin_gps 6-1:0.0: device disconnected
[  673.247038][T11132] dlm: Unknown command passed to DLM device : 16
[  673.247038][T11132] 
[  673.935872][T11144] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1409'.
[  674.878714][   T49] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  675.032193][   T49] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  675.032251][   T49] usb 8-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  675.032280][   T49] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  675.032306][   T49] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  675.032328][   T49] usb 8-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  675.067450][   T49] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  675.067479][   T49] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.067499][   T49] usb 8-1: Product: syz
[  675.067513][   T49] usb 8-1: Manufacturer: syz
[  675.067528][   T49] usb 8-1: SerialNumber: syz
[  675.132203][   T49] usb 8-1: config 0 descriptor??
[  675.144486][   T49] garmin_gps 8-1:0.0: Garmin GPS usb/tty converter detected
[  675.146253][   T49] garmin_gps ttyUSB0: failed to submit interrupt urb: -90
[  675.146307][   T49] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90
[  675.157022][    T9] usb 4-1: new high-speed USB device number 59 using dummy_hcd
[  675.326947][    T9] usb 4-1: Using ep0 maxpacket: 8
[  675.329837][    T9] usb 4-1: unable to get BOS descriptor or descriptor too short
[  675.331783][    T9] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  675.331811][    T9] usb 4-1: config 1 has no interface number 1
[  675.331860][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  675.331903][    T9] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 61, changing to 7
[  675.342671][    T9] usb 4-1: string descriptor 0 read error: -22
[  675.342833][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  675.342859][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  675.414682][    T9] usb 4-1: 2:1 : sample bitwidth 64 in over sample bytes 5
[  675.414710][    T9] usb 4-1: 2:1 : unsupported sample bitwidth 64 in 5 bytes
[  675.661972][   T49] usb 8-1: USB disconnect, device number 12
[  675.791727][   T49] garmin_gps 8-1:0.0: device disconnected
[  676.910177][T11152] ptrace attach of "./syz-executor exec"[5802] was attempted by "�"[11152]
[  676.978979][T11165] dlm: Unknown command passed to DLM device : 16
[  676.978979][T11165] 
[  677.983679][ T5918] usb 4-1: USB disconnect, device number 59
[  679.268608][T11188] dlm: Unknown command passed to DLM device : 16
[  679.268608][T11188] 
[  680.275646][T11212] netlink: 'syz.7.1436': attribute type 32 has an invalid length.
[  680.317047][ T5918] usb 1-1: new full-speed USB device number 51 using dummy_hcd
[  680.471224][ T5918] usb 1-1: unable to read config index 0 descriptor/start: -61
[  680.471300][ T5918] usb 1-1: can't read configurations, error -61
[  680.526953][  T990] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  680.628084][ T5918] usb 1-1: new full-speed USB device number 52 using dummy_hcd
[  680.831514][ T5918] usb 1-1: unable to read config index 0 descriptor/start: -61
[  680.831552][ T5918] usb 1-1: can't read configurations, error -61
[  680.833490][ T5918] usb usb1-port1: attempt power cycle
[  681.277279][  T990] usb 8-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a
[  681.277309][  T990] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  681.288036][  T990] usb 8-1: config 0 descriptor??
[  681.296982][ T5918] usb 1-1: new full-speed USB device number 53 using dummy_hcd
[  681.302018][  T990] gspca_main: xirlink-cit-2.14.0 probing 0545:800d
[  681.306762][  T990] input: xirlink-cit as /devices/platform/dummy_hcd.7/usb8/8-1/input/input15
[  681.319787][ T5918] usb 1-1: unable to read config index 0 descriptor/start: -61
[  681.319821][ T5918] usb 1-1: can't read configurations, error -61
[  681.388844][T11197] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1429'.
[  681.496978][ T5918] usb 1-1: new full-speed USB device number 54 using dummy_hcd
[  681.510103][  T990] usb 8-1: USB disconnect, device number 13
[  681.525547][ T5918] usb 1-1: unable to read config index 0 descriptor/start: -61
[  681.525583][ T5918] usb 1-1: can't read configurations, error -61
[  681.526023][ T5918] usb usb1-port1: unable to enumerate USB device
[  684.891915][T11252] FAULT_INJECTION: forcing a failure.
[  684.891915][T11252] name failslab, interval 1, probability 0, space 0, times 0
[  684.891949][T11252] CPU: 0 UID: 0 PID: 11252 Comm: syz.0.1446 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  684.891972][T11252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  684.891983][T11252] Call Trace:
[  684.891991][T11252]  <TASK>
[  684.892000][T11252]  dump_stack_lvl+0x189/0x250
[  684.892027][T11252]  ? __pfx____ratelimit+0x10/0x10
[  684.892054][T11252]  ? __pfx_dump_stack_lvl+0x10/0x10
[  684.892075][T11252]  ? __pfx__printk+0x10/0x10
[  684.892106][T11252]  ? __pfx___might_resched+0x10/0x10
[  684.892133][T11252]  ? fs_reclaim_acquire+0x7d/0x100
[  684.892160][T11252]  should_fail_ex+0x46c/0x600
[  684.892190][T11252]  ? __alloc_skb+0x112/0x2d0
[  684.892215][T11252]  should_failslab+0xa8/0x100
[  684.892237][T11252]  ? __alloc_skb+0x112/0x2d0
[  684.892260][T11252]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  684.892287][T11252]  ? __pfx_tcp_current_mss+0x10/0x10
[  684.892320][T11252]  ? try_to_take_rt_mutex+0x840/0xb00
[  684.892354][T11252]  __alloc_skb+0x112/0x2d0
[  684.892384][T11252]  tcp_stream_alloc_skb+0x3d/0x340
[  684.892411][T11252]  tcp_sendmsg_locked+0x1c85/0x5550
[  684.892464][T11252]  ? __local_bh_enable+0x28c/0x410
[  684.892491][T11252]  ? reacquire_held_locks+0x127/0x1d0
[  684.892517][T11252]  ? __pfx___local_bh_enable+0x10/0x10
[  684.892562][T11252]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  684.892596][T11252]  ? rt_spin_unlock+0x161/0x200
[  684.892618][T11252]  ? lock_sock_nested+0x5f/0x130
[  684.892640][T11252]  ? lock_sock_nested+0xdd/0x130
[  684.892666][T11252]  tcp_sendmsg+0x2f/0x50
[  684.892689][T11252]  __sock_sendmsg+0x19c/0x270
[  684.892716][T11252]  __sys_sendto+0x3c7/0x520
[  684.892743][T11252]  ? __pfx___sys_sendto+0x10/0x10
[  684.892799][T11252]  ? ksys_write+0x230/0x260
[  684.892830][T11252]  ? __pfx_ksys_write+0x10/0x10
[  684.892862][T11252]  __x64_sys_sendto+0xde/0x100
[  684.892892][T11252]  do_syscall_64+0xfa/0xfa0
[  684.892918][T11252]  ? lockdep_hardirqs_on+0x9c/0x150
[  684.892945][T11252]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.892965][T11252]  ? clear_bhb_loop+0x60/0xb0
[  684.892989][T11252]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  684.893009][T11252] RIP: 0033:0x7f5df364eec9
[  684.893026][T11252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  684.893043][T11252] RSP: 002b:00007f5df18b6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  684.893064][T11252] RAX: ffffffffffffffda RBX: 00007f5df38a5fa0 RCX: 00007f5df364eec9
[  684.893079][T11252] RDX: 000000000000059a RSI: 0000200000000580 RDI: 0000000000000003
[  684.893092][T11252] RBP: 00007f5df18b6090 R08: 0000000000000000 R09: 0000000000000000
[  684.893106][T11252] R10: 0000000010008095 R11: 0000000000000246 R12: 0000000000000001
[  684.893118][T11252] R13: 00007f5df38a6038 R14: 00007f5df38a5fa0 R15: 00007ffe5dff5ac8
[  684.893150][T11252]  </TASK>
[  685.388791][   T37] kauditd_printk_skb: 12 callbacks suppressed
[  685.388810][   T37] audit: type=1326 audit(1760361399.562:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.389098][   T37] audit: type=1326 audit(1760361399.562:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.389722][   T37] audit: type=1326 audit(1760361399.562:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.393919][   T37] audit: type=1326 audit(1760361399.562:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.394267][   T37] audit: type=1326 audit(1760361399.562:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.394554][   T37] audit: type=1326 audit(1760361399.562:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.394913][   T37] audit: type=1326 audit(1760361399.562:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.395524][   T37] audit: type=1326 audit(1760361399.562:317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.395919][   T37] audit: type=1326 audit(1760361399.562:318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.396194][   T37] audit: type=1326 audit(1760361399.562:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11260 comm="syz.4.1452" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2fba3feec9 code=0x7ffc0000
[  685.446993][ T5918] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[  685.587637][ T5870] usb 4-1: new high-speed USB device number 60 using dummy_hcd
[  685.606971][ T5918] usb 1-1: Using ep0 maxpacket: 16
[  685.786989][ T5870] usb 4-1: Using ep0 maxpacket: 16
[  685.789279][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  685.789368][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  685.789392][ T5870] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  685.789415][ T5870] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  685.789435][ T5870] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  685.789457][ T5870] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  685.790862][ T5870] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  685.790950][ T5870] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  685.790971][ T5870] usb 4-1: SerialNumber: syz
[  685.924172][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  686.030180][ T5870] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  686.030718][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  686.030748][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  686.030769][ T5918] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  686.030790][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  686.030810][ T5918] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  686.030830][ T5918] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  686.031528][ T5870] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12
[  686.118608][ T5918] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  686.118636][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  686.118655][ T5918] usb 1-1: SerialNumber: syz
[  686.124407][ T5918] cdc_acm 1-1:1.0: Control and data interfaces are not separated!
[  686.125156][ T5918] cdc_acm 1-1:1.0: probe with driver cdc_acm failed with error -12
[  686.137035][    T9] usb 5-1: new high-speed USB device number 64 using dummy_hcd
[  686.427080][   T10] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  686.634700][    T9] usb 5-1: Using ep0 maxpacket: 16
[  688.519306][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  688.519881][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  688.519899][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  688.519910][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  688.519922][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  690.401312][   T10] usb 6-1: device descriptor read/all, error -71
[  690.463202][  T990] usb 1-1: USB disconnect, device number 55
[  690.464818][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  690.464844][    T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  690.514414][    T9] usb 5-1: config 0 descriptor??
[  690.518193][    T9] usb 5-1: can't set config #0, error -71
[  690.522863][    T9] usb 5-1: USB disconnect, device number 64
[  690.589048][ T5789] usb 4-1: USB disconnect, device number 60
[  691.642892][T11284] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1460'.
[  691.895766][ T5789] usb 4-1: new high-speed USB device number 61 using dummy_hcd
[  692.049492][ T5789] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  692.049548][ T5789] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  692.049570][ T5789] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  692.049593][ T5789] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  692.049613][ T5789] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  692.052569][ T5789] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  692.052595][ T5789] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.052615][ T5789] usb 4-1: Product: syz
[  692.052628][ T5789] usb 4-1: Manufacturer: syz
[  692.052642][ T5789] usb 4-1: SerialNumber: syz
[  692.068832][ T5789] usb 4-1: config 0 descriptor??
[  692.080283][ T5789] garmin_gps 4-1:0.0: Garmin GPS usb/tty converter detected
[  692.084564][ T5789] garmin_gps ttyUSB0: failed to submit interrupt urb: -90
[  692.084624][ T5789] garmin_gps ttyUSB0: probe with driver garmin_gps failed with error -90
[  692.283509][   T10] usb 4-1: USB disconnect, device number 61
[  692.288133][   T10] garmin_gps 4-1:0.0: device disconnected
[  692.698147][ T5789] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  692.848509][T11306] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1467'.
[  692.849344][ T5789] usb 6-1: Using ep0 maxpacket: 16
[  692.868794][ T5789] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  692.868829][ T5789] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  692.868850][ T5789] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  692.868873][ T5789] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  692.868893][ T5789] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  692.868915][ T5789] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  692.886183][ T5789] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  692.886213][ T5789] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  692.886231][ T5789] usb 6-1: SerialNumber: syz
[  692.929758][ T5789] cdc_acm 6-1:1.0: Control and data interfaces are not separated!
[  692.929994][ T5789] cdc_acm 6-1:1.0: probe with driver cdc_acm failed with error -12
[  693.289971][ T5918] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  693.537202][ T5918] usb 5-1: Using ep0 maxpacket: 8
[  693.539783][ T5918] usb 5-1: config index 0 descriptor too short (expected 6427, got 27)
[  693.539809][ T5918] usb 5-1: config 0 has an invalid interface number: 21 but max is 0
[  693.539836][ T5918] usb 5-1: config 0 has no interface number 0
[  693.539885][ T5918] usb 5-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  693.539907][ T5918] usb 5-1: config 0 interface 21 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  693.539945][ T5918] usb 5-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  693.539967][ T5918] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  693.546251][ T5918] usb 5-1: config 0 descriptor??
[  694.050508][T11309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  694.050958][T11309] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  694.116202][ T5918] usb 5-1: USB disconnect, device number 65
[  694.479319][ T5789] usb 6-1: USB disconnect, device number 44
[  694.810159][T11333] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1474'.
[  695.624731][   T37] kauditd_printk_skb: 5 callbacks suppressed
[  695.624750][   T37] audit: type=1804 audit(1760361409.772:325): pid=11331 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=ToMToU comm="syz.0.1475" name="bus" dev="ramfs" ino=37420 res=1 errno=0
[  697.414330][T11351] FAULT_INJECTION: forcing a failure.
[  697.414330][T11351] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  697.414387][T11351] CPU: 0 UID: 0 PID: 11351 Comm: syz.5.1481 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  697.414410][T11351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  697.414423][T11351] Call Trace:
[  697.414430][T11351]  <TASK>
[  697.414438][T11351]  dump_stack_lvl+0x189/0x250
[  697.414457][T11351]  ? __pfx____ratelimit+0x10/0x10
[  697.414473][T11351]  ? __pfx_dump_stack_lvl+0x10/0x10
[  697.414485][T11351]  ? __pfx__printk+0x10/0x10
[  697.414498][T11351]  ? __might_fault+0xb0/0x130
[  697.414516][T11351]  should_fail_ex+0x46c/0x600
[  697.414533][T11351]  _copy_from_user+0x2d/0xb0
[  697.414545][T11351]  __sys_bpf+0x1e3/0x860
[  697.414558][T11351]  ? __pfx___sys_bpf+0x10/0x10
[  697.414568][T11351]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  697.414590][T11351]  ? ksys_write+0x230/0x260
[  697.414608][T11351]  ? __pfx_ksys_write+0x10/0x10
[  697.414627][T11351]  __x64_sys_bpf+0x7c/0x90
[  697.414644][T11351]  do_syscall_64+0xfa/0xfa0
[  697.414661][T11351]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.414671][T11351]  ? asm_sysvec_call_function_single+0x1a/0x20
[  697.414682][T11351]  ? clear_bhb_loop+0x60/0xb0
[  697.414694][T11351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  697.414704][T11351] RIP: 0033:0x7effeca1eec9
[  697.414715][T11351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  697.414724][T11351] RSP: 002b:00007effeac5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  697.414735][T11351] RAX: ffffffffffffffda RBX: 00007effecc76090 RCX: 00007effeca1eec9
[  697.414743][T11351] RDX: 0000000000000048 RSI: 00002000000017c0 RDI: 0000000000000005
[  697.414750][T11351] RBP: 00007effeac5d090 R08: 0000000000000000 R09: 0000000000000000
[  697.414757][T11351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  697.414763][T11351] R13: 00007effecc76128 R14: 00007effecc76090 R15: 00007ffdf0e00738
[  697.414781][T11351]  </TASK>
[  697.885554][T11353] 9pnet_fd: Insufficient options for proto=fd
[  699.505036][T11374] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  699.505955][T11374] batadv_slave_0: entered promiscuous mode
[  699.671698][T11377] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1486'.
[  699.997724][ T5918] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  700.313881][ T5918] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  700.313900][ T5918] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  700.313911][ T5918] usb 6-1: Product: syz
[  700.313919][ T5918] usb 6-1: Manufacturer: syz
[  700.313927][ T5918] usb 6-1: SerialNumber: syz
[  701.148014][ T5918] rtl8150 6-1:1.0: couldn't reset the device
[  701.148357][ T5918] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  701.149102][T11389] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1491'.
[  701.149134][T11389] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1491'.
[  701.170950][T11389] bridge0: port 3(vlan2) entered blocking state
[  701.171271][T11389] bridge0: port 3(vlan2) entered disabled state
[  701.171471][T11389] vlan2: entered allmulticast mode
[  701.171487][T11389] bridge0: entered allmulticast mode
[  701.248964][T11389] vlan2: left allmulticast mode
[  701.248979][T11389] bridge0: left allmulticast mode
[  701.255586][ T5918] usb 6-1: USB disconnect, device number 45
[  702.650109][T11398] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1492'.
[  704.737183][ T6017] usb 4-1: new high-speed USB device number 62 using dummy_hcd
[  707.126984][T11431] dlm: Unknown command passed to DLM device : 16
[  707.126984][T11431] 
[  707.785560][ T6017] usb 4-1: string descriptor 0 read error: -71
[  707.785740][ T6017] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  707.785766][ T6017] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.948323][ T6017] usb 4-1: can't set config #1, error -71
[  707.954187][ T6017] usb 4-1: USB disconnect, device number 62
[  709.719939][T11442] dlm: Unknown command passed to DLM device : 16
[  709.719939][T11442] 
[  710.269095][T11459] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1509'.
[  711.881715][T11468] mmap: syz.5.1513 (11468) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  712.693315][T11480] dlm: Unknown command passed to DLM device : 16
[  712.693315][T11480] 
[  713.102476][T11479] tty tty35: ldisc open failed (-12), clearing slot 34
[  713.646081][T11490] netlink: 168 bytes leftover after parsing attributes in process `syz.4.1515'.
[  714.679419][T11494] netlink: 'syz.7.1520': attribute type 3 has an invalid length.
[  714.679441][T11494] netlink: 'syz.7.1520': attribute type 28 has an invalid length.
[  714.679453][T11494] netlink: 132 bytes leftover after parsing attributes in process `syz.7.1520'.
[  715.894328][T11523] dlm: Unknown command passed to DLM device : 16
[  715.894328][T11523] 
[  716.900316][T11525] FAULT_INJECTION: forcing a failure.
[  716.900316][T11525] name failslab, interval 1, probability 0, space 0, times 0
[  716.900350][T11525] CPU: 1 UID: 0 PID: 11525 Comm: syz.0.1531 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  716.900372][T11525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  716.900385][T11525] Call Trace:
[  716.900393][T11525]  <TASK>
[  716.900401][T11525]  dump_stack_lvl+0x189/0x250
[  716.900429][T11525]  ? __pfx____ratelimit+0x10/0x10
[  716.900457][T11525]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.900480][T11525]  ? __pfx__printk+0x10/0x10
[  716.900509][T11525]  ? __pfx___might_resched+0x10/0x10
[  716.900535][T11525]  ? fs_reclaim_acquire+0x7d/0x100
[  716.900562][T11525]  should_fail_ex+0x46c/0x600
[  716.900591][T11525]  ? __alloc_skb+0x112/0x2d0
[  716.900616][T11525]  should_failslab+0xa8/0x100
[  716.900639][T11525]  ? __alloc_skb+0x112/0x2d0
[  716.900661][T11525]  kmem_cache_alloc_node_noprof+0x78/0x6e0
[  716.900700][T11525]  __alloc_skb+0x112/0x2d0
[  716.900730][T11525]  alloc_skb_with_frags+0xca/0x890
[  716.900759][T11525]  ? __pfx___local_bh_enable+0x10/0x10
[  716.900800][T11525]  virtio_transport_alloc_skb+0xee/0x1130
[  716.900829][T11525]  ? rt_spin_lock+0x1c1/0x3e0
[  716.900855][T11525]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  716.900883][T11525]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  716.900907][T11525]  ? __pfx_virtio_transport_alloc_skb+0x10/0x10
[  716.900931][T11525]  ? rt_spin_unlock+0x150/0x200
[  716.900966][T11525]  virtio_transport_send_pkt_info+0x6be/0x1100
[  716.901016][T11525]  virtio_transport_stream_enqueue+0xba/0x110
[  716.901040][T11525]  ? __pfx_virtio_transport_stream_enqueue+0x10/0x10
[  716.901070][T11525]  ? rt_spin_unlock+0x150/0x200
[  716.901098][T11525]  ? rt_spin_unlock+0x161/0x200
[  716.901125][T11525]  vsock_connectible_sendmsg+0xb05/0x1040
[  716.901175][T11525]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  716.901213][T11525]  ? __pfx_woken_wake_function+0x10/0x10
[  716.901244][T11525]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  716.901265][T11525]  ? __pfx_vsock_connectible_sendmsg+0x10/0x10
[  716.901295][T11525]  __sock_sendmsg+0x21c/0x270
[  716.901322][T11525]  sock_write_iter+0x27f/0x370
[  716.901347][T11525]  ? __pfx_sock_write_iter+0x10/0x10
[  716.901366][T11525]  ? __might_fault+0xb0/0x130
[  716.901413][T11525]  do_iter_readv_writev+0x635/0x8d0
[  716.901442][T11525]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  716.901474][T11525]  ? rw_verify_area+0x25b/0x4e0
[  716.901505][T11525]  vfs_writev+0x323/0x970
[  716.901533][T11525]  ? __lock_acquire+0xab9/0xd20
[  716.901556][T11525]  ? __pfx_vfs_writev+0x10/0x10
[  716.901596][T11525]  ? __fget_files+0x2a/0x420
[  716.901623][T11525]  ? __fget_files+0x3a6/0x420
[  716.901642][T11525]  ? __fget_files+0x2a/0x420
[  716.901673][T11525]  do_writev+0x153/0x2d0
[  716.901699][T11525]  ? __pfx_do_writev+0x10/0x10
[  716.901726][T11525]  ? do_syscall_64+0xbe/0xfa0
[  716.901757][T11525]  do_syscall_64+0xfa/0xfa0
[  716.901783][T11525]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.901811][T11525]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.901830][T11525]  ? clear_bhb_loop+0x60/0xb0
[  716.901855][T11525]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.901875][T11525] RIP: 0033:0x7f5df364eec9
[  716.901892][T11525] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.901909][T11525] RSP: 002b:00007f5df18b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  716.901931][T11525] RAX: ffffffffffffffda RBX: 00007f5df38a5fa0 RCX: 00007f5df364eec9
[  716.901946][T11525] RDX: 0000000000000001 RSI: 0000200000000580 RDI: 0000000000000005
[  716.901959][T11525] RBP: 00007f5df18b6090 R08: 0000000000000000 R09: 0000000000000000
[  716.901972][T11525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.901985][T11525] R13: 00007f5df38a6038 R14: 00007f5df38a5fa0 R15: 00007ffe5dff5ac8
[  716.902021][T11525]  </TASK>
[  717.918204][T11532] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  718.226796][T11533] vcan0: tx drop: invalid da for name 0x0000000000000003
[  718.424441][T11545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'.
[  718.424471][T11545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'.
[  718.802719][T11552] FAULT_INJECTION: forcing a failure.
[  718.802719][T11552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.802753][T11552] CPU: 0 UID: 0 PID: 11552 Comm: syz.3.1538 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  718.802783][T11552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  718.802795][T11552] Call Trace:
[  718.802804][T11552]  <TASK>
[  718.802812][T11552]  dump_stack_lvl+0x189/0x250
[  718.802839][T11552]  ? __pfx____ratelimit+0x10/0x10
[  718.802865][T11552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.802888][T11552]  ? __pfx__printk+0x10/0x10
[  718.802910][T11552]  ? __might_fault+0xb0/0x130
[  718.802939][T11552]  should_fail_ex+0x46c/0x600
[  718.802966][T11552]  _copy_from_user+0x2d/0xb0
[  718.802986][T11552]  ___sys_sendmsg+0x158/0x2a0
[  718.803007][T11552]  ? __pfx____sys_sendmsg+0x10/0x10
[  718.803061][T11552]  ? __fget_files+0x2a/0x420
[  718.803081][T11552]  ? __fget_files+0x3a6/0x420
[  718.803109][T11552]  __x64_sys_sendmsg+0x1a1/0x260
[  718.803129][T11552]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  718.803156][T11552]  ? __pfx_ksys_write+0x10/0x10
[  718.803185][T11552]  ? do_syscall_64+0xbe/0xfa0
[  718.803215][T11552]  do_syscall_64+0xfa/0xfa0
[  718.803239][T11552]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.803266][T11552]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.803285][T11552]  ? clear_bhb_loop+0x60/0xb0
[  718.803308][T11552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.803326][T11552] RIP: 0033:0x7fe43db0eec9
[  718.803343][T11552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  718.803360][T11552] RSP: 002b:00007fe43bd55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  718.803382][T11552] RAX: ffffffffffffffda RBX: 00007fe43dd66090 RCX: 00007fe43db0eec9
[  718.803396][T11552] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000007
[  718.803409][T11552] RBP: 00007fe43bd55090 R08: 0000000000000000 R09: 0000000000000000
[  718.803422][T11552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.803433][T11552] R13: 00007fe43dd66128 R14: 00007fe43dd66090 R15: 00007fff61e78328
[  718.803465][T11552]  </TASK>
[  720.857069][ T6017] usb 4-1: new high-speed USB device number 63 using dummy_hcd
[  721.027001][ T6017] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  721.027033][ T6017] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.027054][ T6017] usb 4-1: Product: syz
[  721.027069][ T6017] usb 4-1: Manufacturer: syz
[  721.027084][ T6017] usb 4-1: SerialNumber: syz
[  721.343279][T11584] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1547'.
[  722.202313][ T6017] rtl8150 4-1:1.0: couldn't reset the device
[  722.202685][ T6017] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5
[  722.226263][ T6017] usb 4-1: USB disconnect, device number 63
[  722.409708][T11587] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1550'.
[  722.409736][T11587] tipc: Started in network mode
[  722.409751][T11587] tipc: Node identity 7, cluster identity 4711
[  722.409763][T11587] tipc: Node number set to 7
[  722.727172][T11594] FAULT_INJECTION: forcing a failure.
[  722.727172][T11594] name failslab, interval 1, probability 0, space 0, times 0
[  722.727206][T11594] CPU: 0 UID: 0 PID: 11594 Comm: syz.7.1552 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  722.727228][T11594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  722.727240][T11594] Call Trace:
[  722.727247][T11594]  <TASK>
[  722.727257][T11594]  dump_stack_lvl+0x189/0x250
[  722.727286][T11594]  ? __pfx____ratelimit+0x10/0x10
[  722.727313][T11594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  722.727336][T11594]  ? __pfx__printk+0x10/0x10
[  722.727364][T11594]  ? __pfx___might_resched+0x10/0x10
[  722.727393][T11594]  should_fail_ex+0x46c/0x600
[  722.727424][T11594]  should_failslab+0xa8/0x100
[  722.727448][T11594]  __kmalloc_noprof+0xcc/0x7d0
[  722.727467][T11594]  ? kfree+0x51/0x950
[  722.727490][T11594]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  722.727522][T11594]  tomoyo_realpath_from_path+0xe3/0x5d0
[  722.727550][T11594]  ? tomoyo_domain+0xda/0x130
[  722.727578][T11594]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  722.727609][T11594]  tomoyo_path_number_perm+0x1e8/0x5a0
[  722.727634][T11594]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  722.727660][T11594]  ? sb_end_write+0xe9/0x1c0
[  722.727684][T11594]  ? vfs_write+0x965/0xb40
[  722.727745][T11594]  ? ksys_write+0x1e7/0x260
[  722.727778][T11594]  security_file_ioctl+0xcb/0x2d0
[  722.727805][T11594]  __se_sys_ioctl+0x47/0x170
[  722.727833][T11594]  do_syscall_64+0xfa/0xfa0
[  722.727860][T11594]  ? lockdep_hardirqs_on+0x9c/0x150
[  722.727887][T11594]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.727907][T11594]  ? clear_bhb_loop+0x60/0xb0
[  722.727931][T11594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.727950][T11594] RIP: 0033:0x7f9c7a8ceec9
[  722.727968][T11594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  722.727986][T11594] RSP: 002b:00007f9c78b2e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  722.728006][T11594] RAX: ffffffffffffffda RBX: 00007f9c7ab25fa0 RCX: 00007f9c7a8ceec9
[  722.728021][T11594] RDX: 0000200000000040 RSI: 000000004020ae76 RDI: 0000000000000004
[  722.728034][T11594] RBP: 00007f9c78b2e090 R08: 0000000000000000 R09: 0000000000000000
[  722.728047][T11594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  722.728059][T11594] R13: 00007f9c7ab26038 R14: 00007f9c7ab25fa0 R15: 00007ffc15b6bd08
[  722.728093][T11594]  </TASK>
[  722.728115][T11594] ERROR: Out of memory at tomoyo_realpath_from_path.
[  723.317286][T11603] dlm: Unknown command passed to DLM device : 16
[  723.317286][T11603] 
[  725.621006][    C0] vkms_vblank_simulate: vblank timer overrun
[  725.831626][    C0] vkms_vblank_simulate: vblank timer overrun
[  726.279762][T11621] FAULT_INJECTION: forcing a failure.
[  726.279762][T11621] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  726.279795][T11621] CPU: 1 UID: 0 PID: 11621 Comm: syz.7.1560 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  726.279818][T11621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  726.279831][T11621] Call Trace:
[  726.279840][T11621]  <TASK>
[  726.279849][T11621]  dump_stack_lvl+0x189/0x250
[  726.279877][T11621]  ? __pfx____ratelimit+0x10/0x10
[  726.279904][T11621]  ? __pfx_dump_stack_lvl+0x10/0x10
[  726.279927][T11621]  ? __pfx__printk+0x10/0x10
[  726.279950][T11621]  ? __might_fault+0xb0/0x130
[  726.279981][T11621]  should_fail_ex+0x46c/0x600
[  726.280019][T11621]  _copy_from_user+0x2d/0xb0
[  726.280041][T11621]  ___sys_sendmsg+0x158/0x2a0
[  726.280063][T11621]  ? __pfx____sys_sendmsg+0x10/0x10
[  726.280121][T11621]  ? __fget_files+0x2a/0x420
[  726.280140][T11621]  ? __fget_files+0x3a6/0x420
[  726.280172][T11621]  __x64_sys_sendmsg+0x1a1/0x260
[  726.280194][T11621]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  726.280224][T11621]  ? __pfx_ksys_write+0x10/0x10
[  726.280255][T11621]  ? do_syscall_64+0xbe/0xfa0
[  726.280287][T11621]  do_syscall_64+0xfa/0xfa0
[  726.280312][T11621]  ? lockdep_hardirqs_on+0x9c/0x150
[  726.280338][T11621]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.280357][T11621]  ? clear_bhb_loop+0x60/0xb0
[  726.280381][T11621]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.280400][T11621] RIP: 0033:0x7f9c7a8ceec9
[  726.280417][T11621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  726.280434][T11621] RSP: 002b:00007f9c78b2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  726.280456][T11621] RAX: ffffffffffffffda RBX: 00007f9c7ab25fa0 RCX: 00007f9c7a8ceec9
[  726.280471][T11621] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  726.280484][T11621] RBP: 00007f9c78b2e090 R08: 0000000000000000 R09: 0000000000000000
[  726.280505][T11621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  726.280518][T11621] R13: 00007f9c7ab26038 R14: 00007f9c7ab25fa0 R15: 00007ffc15b6bd08
[  726.280553][T11621]  </TASK>
[  726.767064][   T31] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[  726.915227][   T49] usb 4-1: new high-speed USB device number 64 using dummy_hcd
[  726.967046][   T31] usb 1-1: device descriptor read/64, error -71
[  726.979515][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.067393][   T49] usb 4-1: Using ep0 maxpacket: 32
[  727.076179][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.135667][    C0] vkms_vblank_simulate: vblank timer overrun
[  727.784656][   T49] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  727.784685][   T49] usb 4-1: config 0 has no interface number 0
[  727.808199][   T49] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  727.808230][   T49] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  727.808249][   T49] usb 4-1: Product: syz
[  727.808264][   T49] usb 4-1: Manufacturer: syz
[  727.808278][   T49] usb 4-1: SerialNumber: syz
[  727.814009][   T49] usb 4-1: config 0 descriptor??
[  727.857429][   T31] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[  727.859732][   T49] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  728.013069][   T31] usb 1-1: device descriptor read/64, error -71
[  728.443489][   T31] usb usb1-port1: attempt power cycle
[  728.712023][   T49] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  728.718020][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 46
[  729.512146][   T49] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  729.552328][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  729.580618][   T31] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[  729.608576][ T6017] usb 4-1: USB disconnect, device number 64
[  729.623568][ T6017] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  729.847613][   T31] usb 1-1: device descriptor read/8, error -71
[  729.977218][ T6017] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  729.977958][ T6017] quatech2 4-1:0.51: device disconnected
[  730.212296][T11650] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  730.212309][T11650] CUSE: zero length info key specified
[  731.047381][ T5918] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  731.242255][ T5918] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  731.242285][ T5918] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.242305][ T5918] usb 5-1: Product: syz
[  731.242320][ T5918] usb 5-1: Manufacturer: syz
[  731.242334][ T5918] usb 5-1: SerialNumber: syz
[  731.566748][ T5918] rtl8150 5-1:1.0: couldn't reset the device
[  731.575199][ T5918] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  731.598066][ T5918] usb 5-1: USB disconnect, device number 66
[  731.604502][T11681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1579'.
[  731.623034][   T49] usb 4-1: new high-speed USB device number 65 using dummy_hcd
[  731.772649][   T49] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  731.772682][   T49] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.772701][   T49] usb 4-1: Product: syz
[  731.772715][   T49] usb 4-1: Manufacturer: syz
[  731.772731][   T49] usb 4-1: SerialNumber: syz
[  731.864799][    C0] vkms_vblank_simulate: vblank timer overrun
[  732.612049][   T49] rtl8150 4-1:1.0: couldn't reset the device
[  732.612445][   T49] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5
[  732.675496][   T49] usb 4-1: USB disconnect, device number 65
[  732.835698][    C0] vkms_vblank_simulate: vblank timer overrun
[  733.527665][   T31] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  733.917378][   T31] usb 8-1: Using ep0 maxpacket: 32
[  733.920061][   T31] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  733.920092][   T31] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  733.920118][   T31] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  733.920141][   T31] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  733.920166][   T31] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  733.923242][   T31] usb 8-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  733.923269][   T31] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  733.923288][   T31] usb 8-1: Product: syz
[  733.923303][   T31] usb 8-1: Manufacturer: syz
[  733.923317][   T31] usb 8-1: SerialNumber: syz
[  733.933323][    C0] vkms_vblank_simulate: vblank timer overrun
[  734.074924][    C0] vkms_vblank_simulate: vblank timer overrun
[  734.155405][   T31] usb 8-1: config 0 descriptor??
[  734.180356][    C0] vkms_vblank_simulate: vblank timer overrun
[  734.329747][    C0] vkms_vblank_simulate: vblank timer overrun
[  734.845323][    C0] vkms_vblank_simulate: vblank timer overrun
[  735.227502][T11718] 9pnet_fd: Insufficient options for proto=fd
[  735.228271][T11718] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  735.364997][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.365062][   T31] input input16: Device does not respond to id packet M
[  735.365529][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.365574][   T31] input input16: Device does not respond to id packet P
[  735.366141][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.366185][   T31] input input16: Device does not respond to id packet B
[  735.366576][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.366611][   T31] input input16: Device does not respond to id packet N
[  735.367136][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.367584][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.368029][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.371348][   T31] iforce 8-1:0.0: usb_submit_urb failed: -71
[  735.390174][   T31] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input16
[  735.401913][   T31] usb 8-1: USB disconnect, device number 14
[  735.481577][T11725] FAULT_INJECTION: forcing a failure.
[  735.481577][T11725] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  735.481633][T11725] CPU: 1 UID: 0 PID: 11725 Comm: syz.4.1588 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  735.481656][T11725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  735.481668][T11725] Call Trace:
[  735.481676][T11725]  <TASK>
[  735.481686][T11725]  dump_stack_lvl+0x189/0x250
[  735.481715][T11725]  ? __pfx____ratelimit+0x10/0x10
[  735.481743][T11725]  ? __pfx_dump_stack_lvl+0x10/0x10
[  735.481766][T11725]  ? __pfx__printk+0x10/0x10
[  735.481790][T11725]  ? __might_fault+0xb0/0x130
[  735.481823][T11725]  should_fail_ex+0x46c/0x600
[  735.481854][T11725]  _copy_from_user+0x2d/0xb0
[  735.481877][T11725]  ___sys_sendmsg+0x158/0x2a0
[  735.481900][T11725]  ? __pfx____sys_sendmsg+0x10/0x10
[  735.481958][T11725]  ? __fget_files+0x2a/0x420
[  735.481978][T11725]  ? __fget_files+0x3a6/0x420
[  735.482010][T11725]  __x64_sys_sendmsg+0x1a1/0x260
[  735.482033][T11725]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  735.482071][T11725]  ? do_syscall_64+0xbe/0xfa0
[  735.482102][T11725]  do_syscall_64+0xfa/0xfa0
[  735.482136][T11725]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.482155][T11725]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  735.482175][T11725]  ? clear_bhb_loop+0x60/0xb0
[  735.482199][T11725]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  735.482218][T11725] RIP: 0033:0x7f2fba3feec9
[  735.482236][T11725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  735.482254][T11725] RSP: 002b:00007f2fb861c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  735.482276][T11725] RAX: ffffffffffffffda RBX: 00007f2fba656180 RCX: 00007f2fba3feec9
[  735.482292][T11725] RDX: 0000000020000000 RSI: 0000200000000140 RDI: 0000000000000005
[  735.482306][T11725] RBP: 00007f2fb861c090 R08: 0000000000000000 R09: 0000000000000000
[  735.482319][T11725] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  735.482331][T11725] R13: 00007f2fba656218 R14: 00007f2fba656180 R15: 00007ffc22e648f8
[  735.482365][T11725]  </TASK>
[  736.070613][    C0] vkms_vblank_simulate: vblank timer overrun
[  736.452587][T11733] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  736.453022][T11733] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  737.303165][ T5789] usb 4-1: new high-speed USB device number 66 using dummy_hcd
[  737.483305][ T5789] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  737.483335][ T5789] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.483354][ T5789] usb 4-1: Product: syz
[  737.483368][ T5789] usb 4-1: Manufacturer: syz
[  737.483382][ T5789] usb 4-1: SerialNumber: syz
[  737.570870][   T49] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  737.571913][    C1] raw-gadget.0 gadget.4: ignoring, device is not running
[  738.400981][ T5789] rtl8150 4-1:1.0: couldn't reset the device
[  738.402294][ T5789] rtl8150 4-1:1.0: probe with driver rtl8150 failed with error -5
[  738.801966][ T5789] usb 4-1: USB disconnect, device number 66
[  739.235783][T11758] dlm: Unknown command passed to DLM device : 16
[  739.235783][T11758] 
[  739.398360][T11759] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1600'.
[  740.770839][T11776] FAULT_INJECTION: forcing a failure.
[  740.770839][T11776] name failslab, interval 1, probability 0, space 0, times 0
[  740.770880][T11776] CPU: 0 UID: 0 PID: 11776 Comm: syz.5.1604 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  740.770903][T11776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  740.770916][T11776] Call Trace:
[  740.770925][T11776]  <TASK>
[  740.770934][T11776]  dump_stack_lvl+0x189/0x250
[  740.770963][T11776]  ? __pfx____ratelimit+0x10/0x10
[  740.770991][T11776]  ? __pfx_dump_stack_lvl+0x10/0x10
[  740.771014][T11776]  ? __pfx__printk+0x10/0x10
[  740.771043][T11776]  ? __pfx___might_resched+0x10/0x10
[  740.771069][T11776]  ? fs_reclaim_acquire+0x7d/0x100
[  740.771096][T11776]  should_fail_ex+0x46c/0x600
[  740.771125][T11776]  ? getname_flags+0xb8/0x540
[  740.771147][T11776]  should_failslab+0xa8/0x100
[  740.771169][T11776]  ? getname_flags+0xb8/0x540
[  740.771189][T11776]  kmem_cache_alloc_noprof+0x6f/0x6b0
[  740.771216][T11776]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  740.771247][T11776]  getname_flags+0xb8/0x540
[  740.771274][T11776]  user_path_at+0x24/0x60
[  740.771300][T11776]  __x64_sys_umount+0xee/0x160
[  740.771328][T11776]  ? __pfx___x64_sys_umount+0x10/0x10
[  740.771359][T11776]  ? do_syscall_64+0xbe/0xfa0
[  740.771391][T11776]  do_syscall_64+0xfa/0xfa0
[  740.771417][T11776]  ? lockdep_hardirqs_on+0x9c/0x150
[  740.771444][T11776]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  740.771464][T11776]  ? clear_bhb_loop+0x60/0xb0
[  740.771488][T11776]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  740.771508][T11776] RIP: 0033:0x7effeca1eec9
[  740.771525][T11776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  740.771543][T11776] RSP: 002b:00007effeac7e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  740.771564][T11776] RAX: ffffffffffffffda RBX: 00007effecc75fa0 RCX: 00007effeca1eec9
[  740.771579][T11776] RDX: 0000000000000000 RSI: 000000000000000f RDI: 0000200000001000
[  740.771592][T11776] RBP: 00007effeac7e090 R08: 0000000000000000 R09: 0000000000000000
[  740.771605][T11776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  740.771617][T11776] R13: 00007effecc76038 R14: 00007effecc75fa0 R15: 00007ffdf0e00738
[  740.771652][T11776]  </TASK>
[  741.112840][T11782] 9pnet_fd: Insufficient options for proto=fd
[  741.113559][T11782] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  741.351257][ T5789] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  741.694717][ T5789] usb 6-1: Using ep0 maxpacket: 16
[  741.705831][ T5789] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  741.705892][ T5789] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  741.705920][ T5789] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  741.705941][ T5789] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  741.705964][ T5789] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  741.975433][ T5789] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  741.975462][ T5789] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  741.975482][ T5789] usb 6-1: Manufacturer: syz
[  742.007747][T11797] FAULT_INJECTION: forcing a failure.
[  742.007747][T11797] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  742.007817][T11797] CPU: 1 UID: 0 PID: 11797 Comm: syz.7.1611 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  742.007841][T11797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  742.007853][T11797] Call Trace:
[  742.007862][T11797]  <TASK>
[  742.007871][T11797]  dump_stack_lvl+0x189/0x250
[  742.007899][T11797]  ? __pfx____ratelimit+0x10/0x10
[  742.007927][T11797]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.007951][T11797]  ? __pfx__printk+0x10/0x10
[  742.007990][T11797]  should_fail_ex+0x46c/0x600
[  742.008021][T11797]  _copy_to_user+0x31/0xb0
[  742.008044][T11797]  simple_read_from_buffer+0xe1/0x170
[  742.008070][T11797]  proc_fail_nth_read+0x1b6/0x220
[  742.008099][T11797]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  742.008127][T11797]  ? rw_verify_area+0x2ac/0x4e0
[  742.008155][T11797]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  742.008181][T11797]  vfs_read+0x206/0xa30
[  742.008218][T11797]  ? __pfx_vfs_read+0x10/0x10
[  742.008242][T11797]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  742.008276][T11797]  ? mutex_lock_nested+0x154/0x1d0
[  742.008298][T11797]  ? fdget_pos+0x253/0x320
[  742.008328][T11797]  ksys_read+0x14b/0x260
[  742.008358][T11797]  ? __pfx_ksys_read+0x10/0x10
[  742.008389][T11797]  ? do_syscall_64+0xbe/0xfa0
[  742.008420][T11797]  do_syscall_64+0xfa/0xfa0
[  742.008446][T11797]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.008472][T11797]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.008491][T11797]  ? clear_bhb_loop+0x60/0xb0
[  742.008523][T11797]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.008542][T11797] RIP: 0033:0x7f9c7a8cd8dc
[  742.008559][T11797] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  742.008576][T11797] RSP: 002b:00007f9c78b2e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  742.008597][T11797] RAX: ffffffffffffffda RBX: 00007f9c7ab25fa0 RCX: 00007f9c7a8cd8dc
[  742.008612][T11797] RDX: 000000000000000f RSI: 00007f9c78b2e0a0 RDI: 0000000000000004
[  742.008625][T11797] RBP: 00007f9c78b2e090 R08: 0000000000000000 R09: 0000000000000000
[  742.008638][T11797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.008651][T11797] R13: 00007f9c7ab26038 R14: 00007f9c7ab25fa0 R15: 00007ffc15b6bd08
[  742.008687][T11797]  </TASK>
[  742.047231][   T31] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  742.209548][   T31] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  742.209578][   T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  742.209597][   T31] usb 5-1: Product: syz
[  742.209611][   T31] usb 5-1: Manufacturer: syz
[  742.209625][   T31] usb 5-1: SerialNumber: syz
[  742.328890][ T5789] usb 6-1: config 0 descriptor??
[  742.501999][   T31] rtl8150 5-1:1.0: couldn't reset the device
[  742.502354][   T31] rtl8150 5-1:1.0: probe with driver rtl8150 failed with error -5
[  742.513574][   T31] usb 5-1: USB disconnect, device number 68
[  742.541698][T11780] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  742.542244][T11780] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  742.785946][T11807] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1614'.
[  742.829510][T11809] FAULT_INJECTION: forcing a failure.
[  742.829510][T11809] name failslab, interval 1, probability 0, space 0, times 0
[  742.829543][T11809] CPU: 1 UID: 0 PID: 11809 Comm: syz.0.1616 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  742.829566][T11809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  742.829578][T11809] Call Trace:
[  742.829587][T11809]  <TASK>
[  742.829595][T11809]  dump_stack_lvl+0x189/0x250
[  742.829623][T11809]  ? __pfx____ratelimit+0x10/0x10
[  742.829653][T11809]  ? __pfx_dump_stack_lvl+0x10/0x10
[  742.829675][T11809]  ? __pfx__printk+0x10/0x10
[  742.829705][T11809]  ? __pfx___might_resched+0x10/0x10
[  742.829735][T11809]  should_fail_ex+0x46c/0x600
[  742.829767][T11809]  should_failslab+0xa8/0x100
[  742.829791][T11809]  __kmalloc_noprof+0xcc/0x7d0
[  742.829809][T11809]  ? kfree+0x51/0x950
[  742.829833][T11809]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  742.829866][T11809]  tomoyo_realpath_from_path+0xe3/0x5d0
[  742.829894][T11809]  ? tomoyo_domain+0xda/0x130
[  742.829926][T11809]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  742.829949][T11809]  tomoyo_path_number_perm+0x1e8/0x5a0
[  742.829974][T11809]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  742.830001][T11809]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  742.830029][T11809]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.830087][T11809]  ? __fget_files+0x2a/0x420
[  742.830113][T11809]  ? __fget_files+0x3a6/0x420
[  742.830132][T11809]  ? __fget_files+0x2a/0x420
[  742.830156][T11809]  security_file_ioctl+0xcb/0x2d0
[  742.830183][T11809]  __se_sys_ioctl+0x47/0x170
[  742.830211][T11809]  do_syscall_64+0xfa/0xfa0
[  742.830236][T11809]  ? lockdep_hardirqs_on+0x9c/0x150
[  742.830262][T11809]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.830282][T11809]  ? clear_bhb_loop+0x60/0xb0
[  742.830306][T11809]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  742.830325][T11809] RIP: 0033:0x7f5df364eec9
[  742.830343][T11809] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  742.830360][T11809] RSP: 002b:00007f5df18b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  742.830381][T11809] RAX: ffffffffffffffda RBX: 00007f5df38a5fa0 RCX: 00007f5df364eec9
[  742.830408][T11809] RDX: 0000200000000500 RSI: 00000000c03864bc RDI: 0000000000000003
[  742.830421][T11809] RBP: 00007f5df18b6090 R08: 0000000000000000 R09: 0000000000000000
[  742.830434][T11809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  742.830446][T11809] R13: 00007f5df38a6038 R14: 00007f5df38a5fa0 R15: 00007ffe5dff5ac8
[  742.830480][T11809]  </TASK>
[  742.831880][T11809] ERROR: Out of memory at tomoyo_realpath_from_path.
[  743.759610][T11828] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1622'.
[  743.805630][    C1] vkms_vblank_simulate: vblank timer overrun
[  744.289804][    C1] vkms_vblank_simulate: vblank timer overrun
[  744.560308][T11836] FAULT_INJECTION: forcing a failure.
[  744.560308][T11836] name failslab, interval 1, probability 0, space 0, times 0
[  744.560342][T11836] CPU: 1 UID: 0 PID: 11836 Comm: syz.3.1625 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  744.560366][T11836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  744.560380][T11836] Call Trace:
[  744.560388][T11836]  <TASK>
[  744.560403][T11836]  dump_stack_lvl+0x189/0x250
[  744.560430][T11836]  ? __pfx____ratelimit+0x10/0x10
[  744.560457][T11836]  ? __pfx_dump_stack_lvl+0x10/0x10
[  744.560480][T11836]  ? __pfx__printk+0x10/0x10
[  744.560509][T11836]  ? __pfx___might_resched+0x10/0x10
[  744.560546][T11836]  should_fail_ex+0x46c/0x600
[  744.560578][T11836]  should_failslab+0xa8/0x100
[  744.560603][T11836]  __kmalloc_noprof+0xcc/0x7d0
[  744.560622][T11836]  ? kfree+0x51/0x950
[  744.560646][T11836]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  744.560679][T11836]  tomoyo_realpath_from_path+0xe3/0x5d0
[  744.560707][T11836]  ? tomoyo_domain+0xda/0x130
[  744.560737][T11836]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  744.560760][T11836]  tomoyo_path_number_perm+0x1e8/0x5a0
[  744.560786][T11836]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  744.560813][T11836]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  744.560841][T11836]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.560901][T11836]  ? __fget_files+0x2a/0x420
[  744.560926][T11836]  ? __fget_files+0x3a6/0x420
[  744.560942][T11836]  ? __fget_files+0x2a/0x420
[  744.560965][T11836]  security_file_ioctl+0xcb/0x2d0
[  744.560991][T11836]  __se_sys_ioctl+0x47/0x170
[  744.561020][T11836]  do_syscall_64+0xfa/0xfa0
[  744.561045][T11836]  ? lockdep_hardirqs_on+0x9c/0x150
[  744.561071][T11836]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.561089][T11836]  ? clear_bhb_loop+0x60/0xb0
[  744.561112][T11836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  744.561131][T11836] RIP: 0033:0x7fe43db0eec9
[  744.561148][T11836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  744.561165][T11836] RSP: 002b:00007fe43bd76038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  744.561187][T11836] RAX: ffffffffffffffda RBX: 00007fe43dd65fa0 RCX: 00007fe43db0eec9
[  744.561202][T11836] RDX: 00002000000000c0 RSI: 00000000c0045005 RDI: 0000000000000004
[  744.561215][T11836] RBP: 00007fe43bd76090 R08: 0000000000000000 R09: 0000000000000000
[  744.561228][T11836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  744.561240][T11836] R13: 00007fe43dd66038 R14: 00007fe43dd65fa0 R15: 00007fff61e78328
[  744.561273][T11836]  </TASK>
[  744.561282][T11836] ERROR: Out of memory at tomoyo_realpath_from_path.
[  744.676986][ T5789] rc_core: IR keymap rc-hauppauge not found
[  744.677007][ T5789] Registered IR keymap rc-empty
[  744.677858][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.697307][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.738359][ T5789] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  744.752156][ T5789] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input17
[  744.785423][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.799612][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.817111][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.837083][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.857794][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.887176][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.907029][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.932075][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.950330][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.967038][ T5789] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  744.985549][T11845] 9pnet_fd: Insufficient options for proto=fd
[  744.986269][T11845] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  744.989972][ T5789] mceusb 6-1:0.0: Registered  with mce emulator interface version 1
[  744.989993][ T5789] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  745.037139][ T5789] usb 6-1: USB disconnect, device number 46
[  745.166486][T11854] FAULT_INJECTION: forcing a failure.
[  745.166486][T11854] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  745.166515][T11854] CPU: 0 UID: 0 PID: 11854 Comm: syz.5.1630 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  745.166536][T11854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  745.166548][T11854] Call Trace:
[  745.166557][T11854]  <TASK>
[  745.166565][T11854]  dump_stack_lvl+0x189/0x250
[  745.166592][T11854]  ? __pfx____ratelimit+0x10/0x10
[  745.166616][T11854]  ? __pfx_dump_stack_lvl+0x10/0x10
[  745.166637][T11854]  ? __pfx__printk+0x10/0x10
[  745.166658][T11854]  ? __might_fault+0xb0/0x130
[  745.166689][T11854]  should_fail_ex+0x46c/0x600
[  745.166719][T11854]  _copy_from_user+0x2d/0xb0
[  745.166738][T11854]  input_event_from_user+0xb2/0x280
[  745.166764][T11854]  ? __pfx_input_event_from_user+0x10/0x10
[  745.166791][T11854]  ? mutex_lock_interruptible_nested+0x154/0x1d0
[  745.166817][T11854]  ? evdev_write+0x1a4/0x480
[  745.166841][T11854]  evdev_write+0x2a9/0x480
[  745.166869][T11854]  ? __pfx_evdev_write+0x10/0x10
[  745.166887][T11854]  ? do_raw_spin_lock+0x121/0x290
[  745.166919][T11854]  ? rw_verify_area+0x25b/0x4e0
[  745.166943][T11854]  ? __lock_acquire+0xab9/0xd20
[  745.166959][T11854]  ? __pfx_evdev_write+0x10/0x10
[  745.166983][T11854]  vfs_write+0x287/0xb40
[  745.167017][T11854]  ? __pfx_vfs_write+0x10/0x10
[  745.167046][T11854]  ? __fget_files+0x2a/0x420
[  745.167068][T11854]  ? __fget_files+0x2a/0x420
[  745.167086][T11854]  ? __fget_files+0x3a6/0x420
[  745.167104][T11854]  ? __fget_files+0x2a/0x420
[  745.167134][T11854]  ksys_write+0x14b/0x260
[  745.167196][T11854]  ? __pfx_ksys_write+0x10/0x10
[  745.167229][T11854]  ? do_syscall_64+0xbe/0xfa0
[  745.167264][T11854]  do_syscall_64+0xfa/0xfa0
[  745.167292][T11854]  ? lockdep_hardirqs_on+0x9c/0x150
[  745.167320][T11854]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.167342][T11854]  ? clear_bhb_loop+0x60/0xb0
[  745.167367][T11854]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  745.167388][T11854] RIP: 0033:0x7effeca1eec9
[  745.167407][T11854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.167424][T11854] RSP: 002b:00007effeac7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  745.167446][T11854] RAX: ffffffffffffffda RBX: 00007effecc75fa0 RCX: 00007effeca1eec9
[  745.167471][T11854] RDX: 0000000000000037 RSI: 0000200000000040 RDI: 0000000000000003
[  745.167485][T11854] RBP: 00007effeac7e090 R08: 0000000000000000 R09: 0000000000000000
[  745.167498][T11854] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  745.167511][T11854] R13: 00007effecc76038 R14: 00007effecc75fa0 R15: 00007ffdf0e00738
[  745.167544][T11854]  </TASK>
[  745.949692][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.010526][T11865] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1635'.
[  746.330547][    C1] vkms_vblank_simulate: vblank timer overrun
[  746.596557][    C1] vkms_vblank_simulate: vblank timer overrun
[  747.144505][    C1] vkms_vblank_simulate: vblank timer overrun
[  747.273094][T11880] FAULT_INJECTION: forcing a failure.
[  747.273094][T11880] name failslab, interval 1, probability 0, space 0, times 0
[  747.273129][T11880] CPU: 1 UID: 0 PID: 11880 Comm: syz.5.1641 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  747.273153][T11880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  747.273166][T11880] Call Trace:
[  747.273174][T11880]  <TASK>
[  747.273184][T11880]  dump_stack_lvl+0x189/0x250
[  747.273218][T11880]  ? __pfx____ratelimit+0x10/0x10
[  747.273246][T11880]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.273270][T11880]  ? __pfx__printk+0x10/0x10
[  747.273301][T11880]  ? __pfx___might_resched+0x10/0x10
[  747.273332][T11880]  should_fail_ex+0x46c/0x600
[  747.273363][T11880]  should_failslab+0xa8/0x100
[  747.273388][T11880]  __kmalloc_cache_noprof+0x6f/0x6c0
[  747.273407][T11880]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  747.273436][T11880]  ? newseg+0x24e/0xbd0
[  747.273467][T11880]  newseg+0x24e/0xbd0
[  747.273502][T11880]  ? __pfx_newseg+0x10/0x10
[  747.273529][T11880]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  747.273565][T11880]  ipcget+0x1c8/0xeb0
[  747.273595][T11880]  ? __pfx_vfs_write+0x10/0x10
[  747.273620][T11880]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  747.273646][T11880]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  747.273670][T11880]  ? __pfx_rt_mutex_slowunlock+0x10/0x10
[  747.273694][T11880]  ? __pfx_ipcget+0x10/0x10
[  747.273732][T11880]  __x64_sys_shmget+0x139/0x180
[  747.273762][T11880]  ? __pfx___x64_sys_shmget+0x10/0x10
[  747.273794][T11880]  ? do_syscall_64+0xbe/0xfa0
[  747.273826][T11880]  do_syscall_64+0xfa/0xfa0
[  747.273852][T11880]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.273878][T11880]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.273897][T11880]  ? clear_bhb_loop+0x60/0xb0
[  747.273921][T11880]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.273941][T11880] RIP: 0033:0x7effeca1eec9
[  747.273958][T11880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.273975][T11880] RSP: 002b:00007effeac7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[  747.273996][T11880] RAX: ffffffffffffffda RBX: 00007effecc75fa0 RCX: 00007effeca1eec9
[  747.274012][T11880] RDX: 0000000078000a42 RSI: 0000000000001000 RDI: 0000000000000000
[  747.274026][T11880] RBP: 00007effeac7e090 R08: 0000000000000000 R09: 0000000000000000
[  747.274043][T11880] R10: 0000200000ff2000 R11: 0000000000000246 R12: 0000000000000001
[  747.274057][T11880] R13: 00007effecc76038 R14: 00007effecc75fa0 R15: 00007ffdf0e00738
[  747.274092][T11880]  </TASK>
[  747.363173][ T1320] ieee802154 phy1 wpan1: encryption failed: -22
[  747.446963][   T49] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  747.646895][   T49] usb 5-1: Using ep0 maxpacket: 16
[  747.649419][   T49] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  747.649478][   T49] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  747.649505][   T49] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  747.649526][   T49] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  747.649549][   T49] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  747.651894][   T49] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  747.651921][   T49] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  747.651940][   T49] usb 5-1: Manufacturer: syz
[  747.742235][   T49] usb 5-1: config 0 descriptor??
[  747.881315][T11894] FAULT_INJECTION: forcing a failure.
[  747.881315][T11894] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  747.881348][T11894] CPU: 0 UID: 0 PID: 11894 Comm: syz.7.1647 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  747.881371][T11894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  747.881382][T11894] Call Trace:
[  747.881391][T11894]  <TASK>
[  747.881400][T11894]  dump_stack_lvl+0x189/0x250
[  747.881429][T11894]  ? __pfx____ratelimit+0x10/0x10
[  747.881455][T11894]  ? __pfx_dump_stack_lvl+0x10/0x10
[  747.881478][T11894]  ? __pfx__printk+0x10/0x10
[  747.881501][T11894]  ? __might_fault+0xb0/0x130
[  747.881532][T11894]  should_fail_ex+0x46c/0x600
[  747.881563][T11894]  _copy_from_user+0x2d/0xb0
[  747.881585][T11894]  ___sys_recvmsg+0x12e/0x510
[  747.881612][T11894]  ? __pfx____sys_recvmsg+0x10/0x10
[  747.881659][T11894]  ? __fget_files+0x3a6/0x420
[  747.881692][T11894]  do_recvmmsg+0x30d/0x770
[  747.881721][T11894]  ? __pfx_do_recvmmsg+0x10/0x10
[  747.881739][T11894]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  747.881767][T11894]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  747.881806][T11894]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  747.881846][T11894]  __x64_sys_recvmmsg+0x190/0x240
[  747.881870][T11894]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  747.881895][T11894]  ? do_syscall_64+0xbe/0xfa0
[  747.881926][T11894]  do_syscall_64+0xfa/0xfa0
[  747.881951][T11894]  ? lockdep_hardirqs_on+0x9c/0x150
[  747.881977][T11894]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.882004][T11894]  ? clear_bhb_loop+0x60/0xb0
[  747.882028][T11894]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  747.882047][T11894] RIP: 0033:0x7f9c7a8ceec9
[  747.882064][T11894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  747.882082][T11894] RSP: 002b:00007f9c78b2e038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  747.882103][T11894] RAX: ffffffffffffffda RBX: 00007f9c7ab25fa0 RCX: 00007f9c7a8ceec9
[  747.882119][T11894] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000004
[  747.882132][T11894] RBP: 00007f9c78b2e090 R08: 0000000000000000 R09: 0000000000000000
[  747.882145][T11894] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000001
[  747.882157][T11894] R13: 00007f9c7ab26038 R14: 00007f9c7ab25fa0 R15: 00007ffc15b6bd08
[  747.882191][T11894]  </TASK>
[  747.945400][T11876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  747.945809][T11876] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  748.237107][ T5789] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  748.427428][ T5789] usb 6-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  748.427457][ T5789] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  748.427476][ T5789] usb 6-1: Product: syz
[  748.427491][ T5789] usb 6-1: Manufacturer: syz
[  748.427504][ T5789] usb 6-1: SerialNumber: syz
[  748.842967][T11906] FAULT_INJECTION: forcing a failure.
[  748.842967][T11906] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  748.843885][T11906] CPU: 0 UID: 0 PID: 11906 Comm: syz.3.1652 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  748.843910][T11906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  748.843918][T11906] Call Trace:
[  748.843922][T11906]  <TASK>
[  748.843928][T11906]  dump_stack_lvl+0x189/0x250
[  748.843955][T11906]  ? __pfx____ratelimit+0x10/0x10
[  748.843985][T11906]  ? __pfx_dump_stack_lvl+0x10/0x10
[  748.844008][T11906]  ? __pfx__printk+0x10/0x10
[  748.844031][T11906]  ? __might_fault+0xb0/0x130
[  748.844058][T11906]  should_fail_ex+0x46c/0x600
[  748.844076][T11906]  _copy_from_user+0x2d/0xb0
[  748.844087][T11906]  ___sys_sendmsg+0x158/0x2a0
[  748.844105][T11906]  ? __pfx____sys_sendmsg+0x10/0x10
[  748.844158][T11906]  ? __fget_files+0x2a/0x420
[  748.844178][T11906]  ? __fget_files+0x3a6/0x420
[  748.844210][T11906]  __x64_sys_sendmsg+0x1a1/0x260
[  748.844231][T11906]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  748.844248][T11906]  ? __pfx_ksys_write+0x10/0x10
[  748.844267][T11906]  ? do_syscall_64+0xbe/0xfa0
[  748.844290][T11906]  do_syscall_64+0xfa/0xfa0
[  748.844315][T11906]  ? lockdep_hardirqs_on+0x9c/0x150
[  748.844343][T11906]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.844363][T11906]  ? clear_bhb_loop+0x60/0xb0
[  748.844387][T11906]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  748.844403][T11906] RIP: 0033:0x7fe43db0eec9
[  748.844413][T11906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  748.844423][T11906] RSP: 002b:00007fe43bd76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  748.844435][T11906] RAX: ffffffffffffffda RBX: 00007fe43dd65fa0 RCX: 00007fe43db0eec9
[  748.844442][T11906] RDX: 0000000000000040 RSI: 0000200000000200 RDI: 0000000000000004
[  748.844452][T11906] RBP: 00007fe43bd76090 R08: 0000000000000000 R09: 0000000000000000
[  748.844465][T11906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  748.844477][T11906] R13: 00007fe43dd66038 R14: 00007fe43dd65fa0 R15: 00007fff61e78328
[  748.844511][T11906]  </TASK>
[  748.871952][T11909] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1653'.
[  749.502439][ T5789] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO
[  749.502507][ T5789] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71
[  749.502531][ T5789] lan78xx 6-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  749.567163][   T49] rc_core: IR keymap rc-hauppauge not found
[  749.567185][   T49] Registered IR keymap rc-empty
[  749.567339][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.578533][ T5789] lan78xx 6-1:1.0: probe with driver lan78xx failed with error -71
[  749.588340][    T9] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  749.592324][ T5789] usb 6-1: USB disconnect, device number 47
[  749.598458][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.618398][   T49] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  749.621580][   T49] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input18
[  749.669011][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.697048][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.717116][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.737020][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.747051][    T9] usb 4-1: Using ep0 maxpacket: 16
[  749.749342][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  749.749373][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  749.749394][    T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  749.749417][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  749.749438][    T9] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  749.749460][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  749.751100][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  749.751126][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  749.751145][    T9] usb 4-1: SerialNumber: syz
[  749.762486][    T9] cdc_acm 4-1:1.0: Control and data interfaces are not separated!
[  749.762717][    T9] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12
[  749.766937][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.787131][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.807039][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.827187][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.847567][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  749.877003][   T49] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  750.169176][   T49] mceusb 5-1:0.0: Registered  with mce emulator interface version 1
[  750.169200][   T49] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  750.174834][   T49] usb 5-1: USB disconnect, device number 69
[  751.519510][   T31] usb 4-1: USB disconnect, device number 67
[  751.699790][   T49] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  752.124244][   T49] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  752.124269][   T49] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  752.124284][   T49] usb 6-1: Product: syz
[  752.124295][   T49] usb 6-1: Manufacturer: syz
[  752.124306][   T49] usb 6-1: SerialNumber: syz
[  753.227262][   T49] rtl8150 6-1:1.0: couldn't reset the device
[  753.227620][   T49] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  753.448085][   T49] usb 6-1: USB disconnect, device number 48
[  753.460171][T11961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1669'.
[  753.578101][T11966] FAULT_INJECTION: forcing a failure.
[  753.578101][T11966] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  753.578124][T11966] CPU: 1 UID: 0 PID: 11966 Comm: syz.4.1671 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  753.578137][T11966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  753.578144][T11966] Call Trace:
[  753.578149][T11966]  <TASK>
[  753.578155][T11966]  dump_stack_lvl+0x189/0x250
[  753.578173][T11966]  ? __pfx____ratelimit+0x10/0x10
[  753.578189][T11966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  753.578202][T11966]  ? __pfx__printk+0x10/0x10
[  753.578223][T11966]  should_fail_ex+0x46c/0x600
[  753.578240][T11966]  _copy_to_user+0x31/0xb0
[  753.578253][T11966]  simple_read_from_buffer+0xe1/0x170
[  753.578267][T11966]  proc_fail_nth_read+0x1b6/0x220
[  753.578284][T11966]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  753.578299][T11966]  ? rw_verify_area+0x2ac/0x4e0
[  753.578315][T11966]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  753.578330][T11966]  vfs_read+0x206/0xa30
[  753.578350][T11966]  ? __pfx_vfs_read+0x10/0x10
[  753.578364][T11966]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  753.578382][T11966]  ? mutex_lock_nested+0x154/0x1d0
[  753.578404][T11966]  ? fdget_pos+0x253/0x320
[  753.578429][T11966]  ksys_read+0x14b/0x260
[  753.578456][T11966]  ? __pfx_ksys_read+0x10/0x10
[  753.578484][T11966]  ? do_syscall_64+0xbe/0xfa0
[  753.578509][T11966]  do_syscall_64+0xfa/0xfa0
[  753.578524][T11966]  ? lockdep_hardirqs_on+0x9c/0x150
[  753.578539][T11966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.578549][T11966]  ? clear_bhb_loop+0x60/0xb0
[  753.578563][T11966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  753.578573][T11966] RIP: 0033:0x7f2fba3fd8dc
[  753.578583][T11966] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  753.578592][T11966] RSP: 002b:00007f2fb865e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  753.578605][T11966] RAX: ffffffffffffffda RBX: 00007f2fba655fa0 RCX: 00007f2fba3fd8dc
[  753.578613][T11966] RDX: 000000000000000f RSI: 00007f2fb865e0a0 RDI: 0000000000000005
[  753.578621][T11966] RBP: 00007f2fb865e090 R08: 0000000000000000 R09: 0000000000000000
[  753.578633][T11966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  753.578643][T11966] R13: 00007f2fba656038 R14: 00007f2fba655fa0 R15: 00007ffc22e648f8
[  753.578675][T11966]  </TASK>
[  753.696914][ T5789] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  753.906981][ T5789] usb 1-1: Using ep0 maxpacket: 16
[  753.928475][ T5789] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  753.928536][ T5789] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  753.928562][ T5789] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  753.928583][ T5789] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  753.928605][ T5789] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  753.936319][ T5789] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  753.936348][ T5789] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  753.936367][ T5789] usb 1-1: Manufacturer: syz
[  754.023847][ T5789] usb 1-1: config 0 descriptor??
[  754.292874][T11957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  754.293239][T11957] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  754.951300][T11984] ALSA: mixer_oss: invalid OSS volume 'IGA'
[  755.019096][T11977] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check.
[  755.561489][T11988] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  755.561506][T11988] CUSE: zero length info key specified
[  755.588034][    T9] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  755.778065][    T9] usb 4-1: Using ep0 maxpacket: 32
[  755.819958][    T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  755.820000][    T9] usb 4-1: config 0 has no interface number 0
[  756.044382][    T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  756.044411][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.044481][    T9] usb 4-1: Product: syz
[  756.044493][    T9] usb 4-1: Manufacturer: syz
[  756.044509][    T9] usb 4-1: SerialNumber: syz
[  756.103734][    T9] usb 4-1: config 0 descriptor??
[  756.122145][    T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  756.354652][    T9] usb 4-1: qt2_attach - failed to power on unit: -71
[  756.354929][    T9] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71
[  756.379124][    T9] usb 4-1: USB disconnect, device number 68
[  756.407205][   T31] usb 6-1: new high-speed USB device number 49 using dummy_hcd
[  756.437451][ T5789] rc_core: IR keymap rc-hauppauge not found
[  756.437465][ T5789] Registered IR keymap rc-empty
[  756.437561][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.467178][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.488430][ T5789] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  756.520264][ T5789] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input19
[  756.543543][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.567049][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.571064][   T31] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  756.571094][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  756.571114][   T31] usb 6-1: Product: syz
[  756.571136][   T31] usb 6-1: Manufacturer: syz
[  756.571151][   T31] usb 6-1: SerialNumber: syz
[  756.600381][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.625838][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.637042][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.651915][T12008] FAULT_INJECTION: forcing a failure.
[  756.651915][T12008] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  756.652165][T12008] CPU: 1 UID: 0 PID: 12008 Comm: syz.0.1687 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  756.652188][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  756.652200][T12008] Call Trace:
[  756.652208][T12008]  <TASK>
[  756.652217][T12008]  dump_stack_lvl+0x189/0x250
[  756.652247][T12008]  ? __pfx____ratelimit+0x10/0x10
[  756.652276][T12008]  ? __pfx_dump_stack_lvl+0x10/0x10
[  756.652299][T12008]  ? __pfx__printk+0x10/0x10
[  756.652321][T12008]  ? __might_fault+0xb0/0x130
[  756.652353][T12008]  should_fail_ex+0x46c/0x600
[  756.652382][T12008]  _copy_from_user+0x2d/0xb0
[  756.652403][T12008]  __sys_bpf+0x1e3/0x860
[  756.652426][T12008]  ? __pfx___sys_bpf+0x10/0x10
[  756.652444][T12008]  ? rt_mutex_slowunlock+0x1be/0x2e0
[  756.652484][T12008]  ? ksys_write+0x230/0x260
[  756.652514][T12008]  ? __pfx_ksys_write+0x10/0x10
[  756.652547][T12008]  __x64_sys_bpf+0x7c/0x90
[  756.652575][T12008]  do_syscall_64+0xfa/0xfa0
[  756.652600][T12008]  ? lockdep_hardirqs_on+0x9c/0x150
[  756.652625][T12008]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.652644][T12008]  ? clear_bhb_loop+0x60/0xb0
[  756.652667][T12008]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  756.652685][T12008] RIP: 0033:0x7f5df364eec9
[  756.652702][T12008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  756.652719][T12008] RSP: 002b:00007f5df18b6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  756.652741][T12008] RAX: ffffffffffffffda RBX: 00007f5df38a5fa0 RCX: 00007f5df364eec9
[  756.652755][T12008] RDX: 0000000000000094 RSI: 0000200000000900 RDI: 0000000000000005
[  756.652767][T12008] RBP: 00007f5df18b6090 R08: 0000000000000000 R09: 0000000000000000
[  756.652780][T12008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  756.652791][T12008] R13: 00007f5df38a6038 R14: 00007f5df38a5fa0 R15: 00007ffe5dff5ac8
[  756.652825][T12008]  </TASK>
[  756.671700][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.687033][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.726977][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.757269][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.802223][T12010] ALSA: mixer_oss: invalid OSS volume 'IGA'
[  756.806999][ T5789] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  756.829803][ T5789] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[  756.829828][ T5789] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  756.895710][   T31] rtl8150 6-1:1.0: couldn't reset the device
[  756.896064][   T31] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  756.935882][   T31] usb 6-1: USB disconnect, device number 49
[  756.960350][ T5789] usb 1-1: USB disconnect, device number 60
[  757.053574][T12018] 9pnet_fd: Insufficient options for proto=fd
[  757.054323][T12018] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  758.717063][ T5789] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  758.879635][ T5789] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  758.879666][ T5789] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.879685][ T5789] usb 1-1: Product: syz
[  758.879699][ T5789] usb 1-1: Manufacturer: syz
[  758.879714][ T5789] usb 1-1: SerialNumber: syz
[  758.995034][T12044] ALSA: mixer_oss: invalid OSS volume 'IGA'
[  759.070465][T12039] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  759.070583][T12039] CUSE: zero length info key specified
[  759.146317][ T5789] rtl8150 1-1:1.0: couldn't reset the device
[  759.146528][ T5789] rtl8150 1-1:1.0: probe with driver rtl8150 failed with error -5
[  759.175605][ T5789] usb 1-1: USB disconnect, device number 61
[  759.604237][ T1580] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  759.961674][ T1580] usb 5-1: config 16 interface 0 altsetting 75 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  759.961708][ T1580] usb 5-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid wMaxPacketSize 0
[  759.961731][ T1580] usb 5-1: config 16 interface 0 altsetting 75 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  759.961757][ T1580] usb 5-1: config 16 interface 0 has no altsetting 0
[  759.961791][ T1580] usb 5-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  759.961822][ T1580] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  760.225071][    T9] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  761.003626][T12049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  761.008840][T12049] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  761.026952][ T1580] usb 5-1: string descriptor 0 read error: -71
[  761.029919][ T1580] imon:imon_find_endpoints: no valid input (IR) endpoint found
[  761.030027][ T1580] imon 5-1:16.0: unable to initialize intf0, err -19
[  761.030042][ T1580] imon:imon_probe: failed to initialize context!
[  761.030059][ T1580] imon 5-1:16.0: unable to register, err -19
[  761.044635][ T1580] usb 5-1: USB disconnect, device number 70
[  761.100797][    T9] usb 6-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  761.100815][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.100825][    T9] usb 6-1: Product: syz
[  761.100833][    T9] usb 6-1: Manufacturer: syz
[  761.100840][    T9] usb 6-1: SerialNumber: syz
[  761.139490][T12064] 9pnet_fd: Insufficient options for proto=fd
[  761.140214][T12064] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  761.462480][    T9] rtl8150 6-1:1.0: couldn't reset the device
[  761.462879][    T9] rtl8150 6-1:1.0: probe with driver rtl8150 failed with error -5
[  761.488373][    T9] usb 6-1: USB disconnect, device number 50
[  762.621131][T12092] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  762.621149][T12092] CUSE: zero length info key specified
[  762.941184][T12117] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  764.707000][    T9] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  764.757085][ T5789] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  764.857480][    T9] usb 8-1: Using ep0 maxpacket: 8
[  764.859925][    T9] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  764.859982][    T9] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  764.860004][    T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  764.860028][    T9] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  764.860051][    T9] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  764.860093][    T9] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  764.860115][    T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.956949][ T5789] usb 1-1: Using ep0 maxpacket: 8
[  764.959985][ T5789] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  764.960043][ T5789] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  764.960118][ T5789] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  764.960142][ T5789] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  764.960165][ T5789] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  764.960206][ T5789] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  764.960281][ T5789] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  765.143763][    T9] usb 8-1: GET_CAPABILITIES returned 0
[  765.143864][    T9] usbtmc 8-1:16.0: can't read capabilities
[  765.261126][ T5789] usb 1-1: GET_CAPABILITIES returned 0
[  765.261175][ T5789] usbtmc 1-1:16.0: can't read capabilities
[  765.312194][T12172] CUSE: unknown device info "�KJ�H+��ۤ2Lh��nL�1�`�Cc��n�����8���0���(�3նi��>f�F��"
[  765.312207][T12172] CUSE: zero length info key specified
[  765.344849][T12151] FAULT_INJECTION: forcing a failure.
[  765.344849][T12151] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  765.344882][T12151] CPU: 0 UID: 0 PID: 12151 Comm: syz.7.1742 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  765.344905][T12151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  765.344917][T12151] Call Trace:
[  765.344926][T12151]  <TASK>
[  765.344934][T12151]  dump_stack_lvl+0x189/0x250
[  765.344963][T12151]  ? __pfx____ratelimit+0x10/0x10
[  765.344990][T12151]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.345013][T12151]  ? __pfx__printk+0x10/0x10
[  765.345052][T12151]  should_fail_ex+0x46c/0x600
[  765.345084][T12151]  _copy_to_user+0x31/0xb0
[  765.345107][T12151]  simple_read_from_buffer+0xe1/0x170
[  765.345133][T12151]  proc_fail_nth_read+0x1b6/0x220
[  765.345162][T12151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  765.345191][T12151]  ? rw_verify_area+0x2ac/0x4e0
[  765.345218][T12151]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  765.345245][T12151]  vfs_read+0x206/0xa30
[  765.345281][T12151]  ? __pfx_vfs_read+0x10/0x10
[  765.345304][T12151]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  765.345338][T12151]  ? mutex_lock_nested+0x154/0x1d0
[  765.345359][T12151]  ? fdget_pos+0x253/0x320
[  765.345389][T12151]  ksys_read+0x14b/0x260
[  765.345414][T12151]  ? __fget_files+0x2a/0x420
[  765.345436][T12151]  ? __pfx_ksys_read+0x10/0x10
[  765.345468][T12151]  ? do_syscall_64+0xbe/0xfa0
[  765.345505][T12151]  do_syscall_64+0xfa/0xfa0
[  765.345530][T12151]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.345557][T12151]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.345576][T12151]  ? clear_bhb_loop+0x60/0xb0
[  765.345601][T12151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.345619][T12151] RIP: 0033:0x7f9c7a8cd8dc
[  765.345638][T12151] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  765.345655][T12151] RSP: 002b:00007f9c78b2e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  765.345681][T12151] RAX: ffffffffffffffda RBX: 00007f9c7ab25fa0 RCX: 00007f9c7a8cd8dc
[  765.345696][T12151] RDX: 000000000000000f RSI: 00007f9c78b2e0a0 RDI: 0000000000000004
[  765.345709][T12151] RBP: 00007f9c78b2e090 R08: 0000000000000000 R09: 0000000000000000
[  765.345722][T12151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.345735][T12151] R13: 00007f9c7ab26038 R14: 00007f9c7ab25fa0 R15: 00007ffc15b6bd08
[  765.345770][T12151]  </TASK>
[  765.474333][ T1580] usb 1-1: USB disconnect, device number 62
[  765.687368][    T9] usb 8-1: USB disconnect, device number 16
[  765.734908][T12195] tmpfs: Bad value for 'mpol'
[  765.736293][   T37] audit: type=1326 audit(1760361479.902:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12194 comm="syz.7.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7a8ceec9 code=0x7ffc0000
[  765.736670][   T37] audit: type=1326 audit(1760361479.902:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12194 comm="syz.7.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7a8ceec9 code=0x7ffc0000
[  765.786306][T12193] FAULT_INJECTION: forcing a failure.
[  765.786306][T12193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  765.786326][T12193] CPU: 1 UID: 0 PID: 12193 Comm: syz.3.1763 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  765.786338][T12193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  765.786345][T12193] Call Trace:
[  765.786350][T12193]  <TASK>
[  765.786355][T12193]  dump_stack_lvl+0x189/0x250
[  765.786373][T12193]  ? __pfx____ratelimit+0x10/0x10
[  765.786390][T12193]  ? __pfx_dump_stack_lvl+0x10/0x10
[  765.786402][T12193]  ? __pfx__printk+0x10/0x10
[  765.786415][T12193]  ? __might_fault+0xb0/0x130
[  765.786432][T12193]  should_fail_ex+0x46c/0x600
[  765.786449][T12193]  _copy_from_user+0x2d/0xb0
[  765.786461][T12193]  ___sys_recvmsg+0x12e/0x510
[  765.786476][T12193]  ? __pfx____sys_recvmsg+0x10/0x10
[  765.786505][T12193]  ? __fget_files+0x3a6/0x420
[  765.786523][T12193]  __x64_sys_recvmsg+0x19e/0x260
[  765.786535][T12193]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  765.786551][T12193]  ? __pfx_ksys_write+0x10/0x10
[  765.786569][T12193]  ? do_syscall_64+0xbe/0xfa0
[  765.786587][T12193]  do_syscall_64+0xfa/0xfa0
[  765.786602][T12193]  ? lockdep_hardirqs_on+0x9c/0x150
[  765.786617][T12193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.786627][T12193]  ? clear_bhb_loop+0x60/0xb0
[  765.786640][T12193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  765.786650][T12193] RIP: 0033:0x7fe43db0eec9
[  765.786661][T12193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  765.786670][T12193] RSP: 002b:00007fe43bd76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  765.786683][T12193] RAX: ffffffffffffffda RBX: 00007fe43dd65fa0 RCX: 00007fe43db0eec9
[  765.786691][T12193] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  765.786697][T12193] RBP: 00007fe43bd76090 R08: 0000000000000000 R09: 0000000000000000
[  765.786704][T12193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  765.786710][T12193] R13: 00007fe43dd66038 R14: 00007fe43dd65fa0 R15: 00007fff61e78328
[  765.786728][T12193]  </TASK>
[  766.010258][   T37] audit: type=1326 audit(1760361479.902:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12194 comm="syz.7.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7f9c7a8ceec9 code=0x7ffc0000
[  766.010317][   T37] audit: type=1326 audit(1760361479.932:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12194 comm="syz.7.1765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9c7a8ceec9 code=0x7ffc0000
[  766.167650][T12199] 9pnet_fd: Insufficient options for proto=fd
[  766.168468][T12199] comedi comedi3: bad chanlist[0]=0x00000004 chan=4 range length=1
[  766.697000][    T9] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  766.726931][ T5789] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  766.866971][    T9] usb 5-1: Using ep0 maxpacket: 32
[  766.870243][    T9] usb 5-1: config 0 has an invalid interface number: 66 but max is 0
[  766.870271][    T9] usb 5-1: config 0 has no interface number 0
[  766.873415][    T9] usb 5-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  766.873444][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.873466][    T9] usb 5-1: Product: syz
[  766.873482][    T9] usb 5-1: Manufacturer: syz
[  766.873499][    T9] usb 5-1: SerialNumber: syz
[  766.896906][ T5789] usb 6-1: Using ep0 maxpacket: 32
[  766.921846][ T5789] usb 6-1: config 0 has an invalid interface number: 66 but max is 0
[  766.921876][ T5789] usb 6-1: config 0 has no interface number 0
[  766.949754][ T5789] usb 6-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  766.949838][ T5789] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  766.949859][ T5789] usb 6-1: Product: syz
[  766.949874][ T5789] usb 6-1: Manufacturer: syz
[  766.949888][ T5789] usb 6-1: SerialNumber: syz
[  766.991761][ T5789] usb 6-1: config 0 descriptor??
[  766.993520][    T9] usb 5-1: config 0 descriptor??
[  767.011616][    T9] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  767.011684][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  767.032397][ T5789] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  767.032452][ T5789] dvb-usb: bulk message failed: -22 (2/0)
[  767.061392][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  767.062515][    T9] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  767.062572][    T9] usb 5-1: media controller created
[  767.089977][ T5789] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  767.090772][ T5789] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  767.090828][ T5789] usb 6-1: media controller created
[  767.150013][ T5789] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  767.177000][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  767.198956][T12214] dvb-usb: bulk message failed: -22 (4/0)
[  767.226338][ T5789] cxusb: set interface failed
[  767.226357][ T5789] dvb-usb: bulk message failed: -22 (1/0)
[  767.237642][    T9] cxusb: set interface failed
[  767.237662][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  767.298628][ T5789] DVB: Unable to find symbol lgdt330x_attach()
[  767.298643][ T5789] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  767.384550][    T9] DVB: Unable to find symbol lgdt330x_attach()
[  767.384565][    T9] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  767.426906][ T5789] rc_core: IR keymap rc-dvico-portable not found
[  767.426925][ T5789] Registered IR keymap rc-empty
[  767.428578][ T5789] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0
[  767.431635][ T5789] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input20
[  767.435932][ T5789] dvb-usb: schedule remote query interval to 100 msecs.
[  767.435951][ T5789] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  767.488913][ T5789] usb 6-1: USB disconnect, device number 51
[  767.569654][    T9] rc_core: IR keymap rc-dvico-portable not found
[  767.569677][    T9] Registered IR keymap rc-empty
[  767.572339][    T9] rc rc1: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc1
[  767.575364][    T9] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.4/usb5/5-1/rc/rc1/input21
[  767.626096][    T9] dvb-usb: schedule remote query interval to 100 msecs.
[  767.626120][    T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  767.644938][    T9] usb 5-1: USB disconnect, device number 71
[  767.740965][ T5789] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  768.037118][    T9] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  768.074800][T12261] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1788'.
[  769.470464][T12283] FAULT_INJECTION: forcing a failure.
[  769.470464][T12283] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  769.470499][T12283] CPU: 0 UID: 0 PID: 12283 Comm: syz.5.1797 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  769.470521][T12283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  769.470534][T12283] Call Trace:
[  769.470542][T12283]  <TASK>
[  769.470550][T12283]  dump_stack_lvl+0x189/0x250
[  769.470579][T12283]  ? __pfx____ratelimit+0x10/0x10
[  769.470607][T12283]  ? __pfx_dump_stack_lvl+0x10/0x10
[  769.470630][T12283]  ? __pfx__printk+0x10/0x10
[  769.470654][T12283]  ? __might_fault+0xb0/0x130
[  769.470698][T12283]  should_fail_ex+0x46c/0x600
[  769.470729][T12283]  _copy_from_user+0x2d/0xb0
[  769.470751][T12283]  ___sys_sendmsg+0x158/0x2a0
[  769.470774][T12283]  ? __pfx____sys_sendmsg+0x10/0x10
[  769.470832][T12283]  ? __fget_files+0x2a/0x420
[  769.470853][T12283]  ? __fget_files+0x3a6/0x420
[  769.470885][T12283]  __x64_sys_sendmsg+0x1a1/0x260
[  769.470907][T12283]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  769.470937][T12283]  ? __pfx_ksys_write+0x10/0x10
[  769.470969][T12283]  ? do_syscall_64+0xbe/0xfa0
[  769.471002][T12283]  do_syscall_64+0xfa/0xfa0
[  769.471027][T12283]  ? lockdep_hardirqs_on+0x9c/0x150
[  769.471054][T12283]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.471074][T12283]  ? clear_bhb_loop+0x60/0xb0
[  769.471097][T12283]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  769.471117][T12283] RIP: 0033:0x7effeca1eec9
[  769.471135][T12283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  769.471153][T12283] RSP: 002b:00007effeac3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  769.471181][T12283] RAX: ffffffffffffffda RBX: 00007effecc76180 RCX: 00007effeca1eec9
[  769.471197][T12283] RDX: 0000000024000880 RSI: 00002000000000c0 RDI: 0000000000000006
[  769.471211][T12283] RBP: 00007effeac3c090 R08: 0000000000000000 R09: 0000000000000000
[  769.471224][T12283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  769.471237][T12283] R13: 00007effecc76218 R14: 00007effecc76180 R15: 00007ffdf0e00738
[  769.471271][T12283]  </TASK>
[  771.096984][T12289] geneve2: entered promiscuous mode
[  771.097012][T12289] geneve2: entered allmulticast mode
[  771.123077][T12307] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1806'.
[  771.177056][    T9] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  771.211045][T12307] geneve2: entered promiscuous mode
[  771.211073][T12307] geneve2: entered allmulticast mode
[  771.540518][    T9] usb 8-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  771.540549][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.540569][    T9] usb 8-1: Product: syz
[  771.540581][    T9] usb 8-1: Manufacturer: syz
[  771.540594][    T9] usb 8-1: SerialNumber: syz
[  771.598055][ T1454] netdevsim netdevsim5 netdevsim0: set [1, 1] type 2 family 0 port 57045 - 0
[  771.654568][T12317] [U] 
[  771.654618][T12317] [U] K{�
[  771.656288][T12317] [U] �T �1��Š�F���Fˊ�`G�Jǘ�G���������O��/�MC�
[  771.689602][T12317] [U] T�ؖ/,�~�Ĝ��J���}8���'O1��"�7-΂JQ�K��W��Q�5C%"�H12��Y������X�`���ȼ`+��(�¿!(���Z'�TXLN�I�G�J����ݭ�P�~�7�!���"ب���(�5�OBܤ�̓J�
[  771.691875][T12317] [U] �K\&�}6�6�X�HX��Ե���.`�A�$�40|϶��9��ި����U��4��ĮVBZ��}�W�M�T���Q��ΦR�4��
[  771.706424][T12305] b: option min_links: invalid value (18446744073592110861)
[  771.706451][T12305] b: option min_links: allowed values 0 - 2147483647
[  771.714368][T12317] [U] ".H6��"�KÇ[����J�4��I�N��[Z(��C|T�]Z{��3�C=��X�Ԟ˅�4�W�)\T�XJ��SH{Q;̹���T��+���G��߮D�.˂�>Y����WUH�FN����HL]S�2���\G%�O�&Z)�К'�PUL�_<�	�ذ�Ү��`ұT��ޜ���;_�"(�U{7J��2X �/�'��C���I����H�C�ճ�V�=��AI�%W�ES� R��J�Μ���G��R��͡HI
���A��6-�D��V�� I"��Nƨ ��ASC~4���8C�*�OO5/ߜJ�~���W�VK+����3��Y)��M���V��YQƽ�DTR�
OTPEM%F��EJ�A5��T_-X~�^AAۂҘ�Q��
[  771.738496][T12317] [U] 	+�W�G?]��'A:	��)�
����' B>T���F/��<'�U�'��H�I�.+]E�.�-ɿ߿�%��>2`�^U�8F.�6��3��+�A�«���G3�P��6:�^0��T��V�'E�T����YC�N��Rϩ�N�PJ�;�Z����ۑ8!��\م�A�ʖ2��$е�­WI.��#��/BAI���`��4J��D�Y@�Z��GW�5˿B��ٜ�N�Y"VI2��
[  771.741778][T12317] [U] �T�_K5�T�YJ���9��C�$BR�L�NUL��9W���|�G�"ʃ�%�ڶ�C�؝���Q��
 ��3��Q��N^HP*��$	�.�7Yӱ�2�
[  771.745193][T12317] [U] �?���H��*����3͝7�ɍ�^#Q�"0~���(�O�XL�B�,'V��=���C�S���G�S��0�ւ��`���ه��=1(�ξ��P#�2DO*Ƀ
[  771.755694][T12317] [U] �S��G������GU��D-{���|&�����ѐ2��L�C_��!`��OZ֥�B��%>�RѶ�WχݎSS�H"�YA4�O.�Y��ď�RTԶ�B�[+/<<R�B����|ФE���۠�V96#���ͤʦJ�U�%
S851���ҩS�P��\��?Q�|L��QX�0�K�1ORɴ2��|��D�F���ِ��2ޔ���0��H�}C[/����PX^��O
[  771.767482][T12317] [U] �؛���(J�Л��M��XZ�;�����؝_����*3�3��5�\�XM��U��AK!AQ`��;FЕ�I+��VUH���M�J��Ʒ��Z�C��Z���)_ǟ�	ԑ�&�֡��A�XTO���_� ڼ�:���%��P���Cֲ�Y�+_�ܛ��}U�M��ƫC�!KJ�7пG��=B�
[  771.809276][T12317] [U] ٽ�F�%�XA��L�2R*G��VW��$��J	�A��F����+ؾ9̈́VI�֗�Kپ�1}_��
��%�R6��(]��/��ؐřYܺ��Hä���R G��RN/ܫ�#!�D����%���D��-{�$�VU��T���$:MTR�E�C1V�D~��];[�����SQ����(��E,X�8�"�
��G�D�ڵ2@T8���҃����T8.RC+�@�ʦ�P�U�
P����C���'ńYL�-SS1E?�7�O���^]����C�½H]�JKR]RKQ܆��ݣ޴OTC��X���4�N�	��&����ڋ��@�:M7�~�+�W*���XM��>>��{Q���
_�՝LX8�U����{�Z��ؐ)��7?�RR;�C�R�Hײڣ����1�>)�Mă‰�T���(��Aϝ�}9�ڥ�J*Mќ�ġ�'L��Q	�DW��ظ=��|Q�	�Æ�W;5��Ž�!�DB�X`ɧ�/��E�`ƦM��X��"�\
[  771.815224][T12317] [U] {;�ե�٘_�O2��)�O��.2�W2ʲ��Y���X_  HPϱ�S�D����:]�{�����Ƚ
[  771.823098][T12317] [U] I,�>�Ӥ	��5�1��^1�N4�OǶ�'0�?֒I�9W.�_.�W�A���V��`)�Z���C6GIӹ�A��XL[����F�*��O�W)+��'\N�
[K@����2�Ǭ���P"^`���	ؿ
[  771.824218][T12317] [U] 22��Ʃ�۩X?0;3U�
[  771.852515][T12317] [U] ޜ�
ƍ�SOBX�8�W�4��(�~/���K�U��ԖOQ�E+�G�-Y�GY_
�>V�����3.H�ә]̈́�2��)�D�,	��	�D~�D���+�W;A\�F
P��Ș|$��)�
KؐI���ɿK�YT^R���Ǚ���A=�#�ܜ	�Ϳ�AE��T�1��ݯ4K�.E"R�S|П�S���:��>P��R�"Z�ڭ���#P!�KY"�}��F�N84ܳ��Hޱ�O��S��̫%DLW�MƲ�
[  771.858314][T12317] [U] [�['XN�'�����,MR��/����1D=!D�X91B�
WǻR�LF���K̤Z��#�`̑L؛�˜��B~�M���
[  771.860464][T12317] [U] �L�>�сD+�D�����"5�ʍ�H3<���IR=F^�F�N��������V���D�OIO�:U�>�Y�
[  771.862698][T12317] [U] 'B�6V�20�ķǞ��׌�"T8�{9�FW��]���̩�
[  771.869635][T12317] [U] �72މ���U�C6����τI]8C��TۨQSK�Y��I��¹ �|V'�TV/��G�$[� 9KH`�"ܑ��}��[^=��0�]��%�̂T�����F�_V�4C���
[  771.869699][T12317] [U] �EC�
[  771.875608][T12317] [U] ���|���<��:^�3$7NK~�-�@��?��/MTL��۾�I�WȬ@G~T�{��P�+�$�JP|���I�RIӍPM� ��Y� ڔ8�T���V�����,�L�,�
[  771.918014][    T9] rtl8150 8-1:1.0: couldn't reset the device
[  771.918370][    T9] rtl8150 8-1:1.0: probe with driver rtl8150 failed with error -5
[  771.935521][   T61] block nbd0: Receive control failed (result -32)
[  771.952028][T12305] b (unregistering): Released all slaves
[  771.961971][T12316] [U] �K�����)0���~ܳʪ�IP'�F�ҜZ��R���@B�]�5��{��ʼ�'�8�ƥF��UTQUD
ǩ�K;7ͪ0C[��Y���YC���ذM��L�8�T�͚�5���RX����W� X���OQHVI'8����L�
[  771.975613][    T9] usb 8-1: USB disconnect, device number 17
[  772.083748][ T1454] netdevsim netdevsim5 netdevsim1: set [1, 1] type 2 family 0 port 57045 - 0
[  772.083811][ T1454] netdevsim netdevsim5 netdevsim2: set [1, 1] type 2 family 0 port 57045 - 0
[  772.083847][ T1454] netdevsim netdevsim5 netdevsim3: set [1, 1] type 2 family 0 port 57045 - 0
[  772.212044][T12324] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1811'.
[  772.505596][T12341] FAULT_INJECTION: forcing a failure.
[  772.505596][T12341] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  772.505631][T12341] CPU: 1 UID: 0 PID: 12341 Comm: syz.3.1818 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  772.505653][T12341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  772.505665][T12341] Call Trace:
[  772.505673][T12341]  <TASK>
[  772.505682][T12341]  dump_stack_lvl+0x189/0x250
[  772.505709][T12341]  ? __pfx____ratelimit+0x10/0x10
[  772.505736][T12341]  ? __pfx_dump_stack_lvl+0x10/0x10
[  772.505763][T12341]  ? __pfx__printk+0x10/0x10
[  772.505786][T12341]  ? __might_fault+0xb0/0x130
[  772.505822][T12341]  should_fail_ex+0x46c/0x600
[  772.505855][T12341]  _copy_from_user+0x2d/0xb0
[  772.505881][T12341]  ___sys_sendmsg+0x158/0x2a0
[  772.505903][T12341]  ? __pfx____sys_sendmsg+0x10/0x10
[  772.505959][T12341]  ? __fget_files+0x2a/0x420
[  772.505979][T12341]  ? __fget_files+0x3a6/0x420
[  772.506009][T12341]  __x64_sys_sendmsg+0x1a1/0x260
[  772.506031][T12341]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  772.506060][T12341]  ? __pfx_ksys_write+0x10/0x10
[  772.506095][T12341]  ? do_syscall_64+0xbe/0xfa0
[  772.506126][T12341]  do_syscall_64+0xfa/0xfa0
[  772.506147][T12341]  ? lockdep_hardirqs_on+0x9c/0x150
[  772.506170][T12341]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.506188][T12341]  ? clear_bhb_loop+0x60/0xb0
[  772.506211][T12341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  772.506230][T12341] RIP: 0033:0x7fe43db0eec9
[  772.506248][T12341] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  772.506266][T12341] RSP: 002b:00007fe43bd76038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  772.506287][T12341] RAX: ffffffffffffffda RBX: 00007fe43dd65fa0 RCX: 00007fe43db0eec9
[  772.506302][T12341] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000004
[  772.506314][T12341] RBP: 00007fe43bd76090 R08: 0000000000000000 R09: 0000000000000000
[  772.506327][T12341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  772.506338][T12341] R13: 00007fe43dd66038 R14: 00007fe43dd65fa0 R15: 00007fff61e78328
[  772.506368][T12341]  </TASK>
[  772.597027][    T9] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  772.746922][    T9] usb 6-1: Using ep0 maxpacket: 32
[  772.749853][    T9] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  772.749871][    T9] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  772.752037][    T9] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  772.752053][    T9] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  772.752064][    T9] usb 6-1: Product: syz
[  772.752071][    T9] usb 6-1: Manufacturer: syz
[  773.003424][    T9] hub 6-1:4.0: USB hub found
[  773.027907][T12346] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1820'.
[  773.204826][    T9] hub 6-1:4.0: 4 ports detected
[  773.210129][    T9] hub 6-1:4.0: insufficient power available to use all downstream ports
[  774.572118][    T9] hub 6-1:4.0: hub_hub_status failed (err = -71)
[  774.572180][    T9] hub 6-1:4.0: config failed, can't get hub status (err -71)
[  775.152000][    T9] usb 6-1: USB disconnect, device number 52
[  776.182944][T12365] FAULT_INJECTION: forcing a failure.
[  776.182944][T12365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  776.183333][T12365] CPU: 0 UID: 0 PID: 12365 Comm: syz.7.1826 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  776.183357][T12365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  776.183370][T12365] Call Trace:
[  776.183379][T12365]  <TASK>
[  776.183388][T12365]  dump_stack_lvl+0x189/0x250
[  776.183416][T12365]  ? __pfx____ratelimit+0x10/0x10
[  776.183449][T12365]  ? __pfx_dump_stack_lvl+0x10/0x10
[  776.183473][T12365]  ? __pfx__printk+0x10/0x10
[  776.183513][T12365]  should_fail_ex+0x46c/0x600
[  776.183544][T12365]  _copy_to_user+0x31/0xb0
[  776.183568][T12365]  simple_read_from_buffer+0xe1/0x170
[  776.183593][T12365]  proc_fail_nth_read+0x1b6/0x220
[  776.183623][T12365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  776.183652][T12365]  ? rw_verify_area+0x2ac/0x4e0
[  776.183679][T12365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  776.183707][T12365]  vfs_read+0x206/0xa30
[  776.183743][T12365]  ? __pfx_vfs_read+0x10/0x10
[  776.183767][T12365]  ? try_to_take_rt_mutex+0x7fd/0xac0
[  776.183801][T12365]  ? mutex_lock_nested+0x154/0x1d0
[  776.183823][T12365]  ? fdget_pos+0x253/0x320
[  776.183854][T12365]  ksys_read+0x14b/0x260
[  776.183884][T12365]  ? __pfx_ksys_read+0x10/0x10
[  776.183915][T12365]  ? do_syscall_64+0xbe/0xfa0
[  776.183947][T12365]  do_syscall_64+0xfa/0xfa0
[  776.183975][T12365]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.183994][T12365]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  776.184013][T12365]  ? clear_bhb_loop+0x60/0xb0
[  776.184037][T12365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  776.184057][T12365] RIP: 0033:0x7f9c7a8cd8dc
[  776.184075][T12365] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  776.184093][T12365] RSP: 002b:00007f9c78b0d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  776.184115][T12365] RAX: ffffffffffffffda RBX: 00007f9c7ab26090 RCX: 00007f9c7a8cd8dc
[  776.184131][T12365] RDX: 000000000000000f RSI: 00007f9c78b0d0a0 RDI: 0000000000000004
[  776.184144][T12365] RBP: 00007f9c78b0d090 R08: 0000000000000000 R09: 0000000000000000
[  776.184157][T12365] R10: 0000200000c18000 R11: 0000000000000246 R12: 0000000000000001
[  776.184170][T12365] R13: 00007f9c7ab26128 R14: 00007f9c7ab26090 R15: 00007ffc15b6bd08
[  776.184204][T12365]  </TASK>
[  777.732982][    C0] ==================================================================
[  777.733002][    C0] BUG: KASAN: slab-use-after-free in __inet_lookup_established+0x3d3/0x830
[  777.733050][    C0] Read of size 4 at addr ffff88803c896008 by task rcuc/0/20
[  777.733070][    C0] 
[  777.733084][    C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  777.733111][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  777.733126][    C0] Call Trace:
[  777.733133][    C0]  <TASK>
[  777.733144][    C0]  dump_stack_lvl+0x189/0x250
[  777.733169][    C0]  ? __kasan_check_byte+0x12/0x40
[  777.733192][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  777.733216][    C0]  ? lock_release+0x4b/0x3e0
[  777.733243][    C0]  ? __virt_addr_valid+0x4a5/0x5c0
[  777.733269][    C0]  print_report+0xca/0x240
[  777.733298][    C0]  ? __inet_lookup_established+0x3d3/0x830
[  777.733327][    C0]  kasan_report+0x118/0x150
[  777.733351][    C0]  ? __inet_lookup_established+0x3d3/0x830
[  777.733382][    C0]  __inet_lookup_established+0x3d3/0x830
[  777.733419][    C0]  ? __pfx___inet_lookup_established+0x10/0x10
[  777.733453][    C0]  tcp_v4_rcv+0xfff/0x2dc0
[  777.733498][    C0]  ? __lock_acquire+0xab9/0xd20
[  777.733521][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  777.733553][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  777.733582][    C0]  ip_protocol_deliver_rcu+0x221/0x440
[  777.733613][    C0]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  777.733642][    C0]  ip_local_deliver_finish+0x3bb/0x6f0
[  777.733673][    C0]  NF_HOOK+0x30c/0x3a0
[  777.733699][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  777.733726][    C0]  ? NF_HOOK+0x9a/0x3a0
[  777.733750][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  777.733776][    C0]  ? ip_rcv_finish_core+0xda3/0x1c00
[  777.733805][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  777.733830][    C0]  ? skb_dst+0x4f/0xd0
[  777.733854][    C0]  ? ip_local_deliver+0x12a/0x1b0
[  777.733880][    C0]  NF_HOOK+0x30c/0x3a0
[  777.733905][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  777.733931][    C0]  ? NF_HOOK+0x9a/0x3a0
[  777.733953][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  777.733978][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  777.734011][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  777.734033][    C0]  __netif_receive_skb+0x143/0x380
[  777.734066][    C0]  ? process_backlog+0x27b/0x900
[  777.734091][    C0]  process_backlog+0x31e/0x900
[  777.734123][    C0]  __napi_poll+0xb6/0x540
[  777.734148][    C0]  net_rx_action+0x5f7/0xda0
[  777.734170][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  777.734204][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  777.734234][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  777.734268][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  777.734292][    C0]  ? kasan_save_track+0x4f/0x80
[  777.734311][    C0]  ? slab_free_after_rcu_debug+0x130/0x4e0
[  777.734343][    C0]  handle_softirqs+0x22f/0x710
[  777.734377][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  777.734411][    C0]  __local_bh_enable_ip+0x1a0/0x2e0
[  777.734443][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  777.734478][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  777.734503][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  777.734527][    C0]  rcu_cpu_kthread+0xc3d/0x1b50
[  777.734556][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  777.734587][    C0]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  777.734613][    C0]  ? __lock_acquire+0xab9/0xd20
[  777.734635][    C0]  ? __pfx___schedule+0x10/0x10
[  777.734673][    C0]  ? schedule+0x91/0x360
[  777.734705][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  777.734725][    C0]  smpboot_thread_fn+0x542/0xa60
[  777.734746][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  777.734771][    C0]  kthread+0x711/0x8a0
[  777.734798][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  777.734818][    C0]  ? __pfx_kthread+0x10/0x10
[  777.734841][    C0]  ? rt_spin_unlock+0x150/0x200
[  777.734870][    C0]  ? rt_spin_unlock+0x161/0x200
[  777.734895][    C0]  ? __pfx_kthread+0x10/0x10
[  777.734921][    C0]  ret_from_fork+0x4bc/0x870
[  777.734953][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  777.734987][    C0]  ? __switch_to_asm+0x39/0x70
[  777.735015][    C0]  ? __switch_to_asm+0x33/0x70
[  777.735046][    C0]  ? __pfx_kthread+0x10/0x10
[  777.735068][    C0]  ret_from_fork_asm+0x1a/0x30
[  777.735102][    C0]  </TASK>
[  777.735111][    C0] 
[  777.735124][    C0] Allocated by task 12377:
[  777.735136][    C0]  kasan_save_track+0x3e/0x80
[  777.735155][    C0]  __kasan_kmalloc+0x93/0xb0
[  777.735175][    C0]  __kmalloc_noprof+0x233/0x7d0
[  777.735194][    C0]  sk_prot_alloc+0xe7/0x220
[  777.735223][    C0]  sk_clone_lock+0x72/0x10b0
[  777.735241][    C0]  inet_csk_clone_lock+0x26/0x5b0
[  777.735260][    C0]  tcp_create_openreq_child+0x30/0x2b10
[  777.735260][    C0]  tcp_create_openreq_child+0x30/0x2b10
[  777.735284][    C0]  tcp_v4_syn_recv_sock+0x161/0xfa0
[  777.735310][    C0]  tcp_v6_syn_recv_sock+0x134/0x19e0
[  777.735332][    C0]  subflow_syn_recv_sock+0x281/0x1270
[  777.735354][    C0]  tcp_check_req+0x109e/0x1a90
[  777.735374][    C0]  tcp_v4_rcv+0x16c2/0x2dc0
[  777.735401][    C0]  ip_protocol_deliver_rcu+0x221/0x440
[  777.735428][    C0]  ip_local_deliver_finish+0x3bb/0x6f0
[  777.735454][    C0]  NF_HOOK+0x30c/0x3a0
[  777.735477][    C0]  NF_HOOK+0x30c/0x3a0
[  777.735501][    C0]  __netif_receive_skb+0x143/0x380
[  777.735525][    C0]  process_backlog+0x31e/0x900
[  777.735549][    C0]  __napi_poll+0xb6/0x540
[  777.735571][    C0]  net_rx_action+0x5f7/0xda0
[  777.735596][    C0]  handle_softirqs+0x22f/0x710
[  777.735625][    C0]  __local_bh_enable_ip+0x1a0/0x2e0
[  777.735653][    C0]  __dev_queue_xmit+0x1d3d/0x3b70
[  777.735674][    C0]  ip_finish_output2+0xd5a/0x11d0
[  777.735695][    C0]  ip_output+0x29f/0x450
[  777.735713][    C0]  __ip_queue_xmit+0x118d/0x1c30
[  777.735731][    C0]  __tcp_transmit_skb+0x24f6/0x3aa0
[  777.735752][    C0]  tcp_rcv_state_process+0x2d62/0x44d0
[  777.735775][    C0]  tcp_v4_do_rcv+0x3fb/0xbf0
[  777.735802][    C0]  __release_sock+0x285/0x3e0
[  777.735822][    C0]  release_sock+0x75/0x210
[  777.735846][    C0]  mptcp_connect+0x649/0x830
[  777.735874][    C0]  __inet_stream_connect+0x2ae/0xe70
[  777.735897][    C0]  inet_stream_connect+0x66/0xa0
[  777.735918][    C0]  __sys_connect+0x323/0x450
[  777.735944][    C0]  __x64_sys_connect+0x7a/0x90
[  777.735970][    C0]  do_syscall_64+0xfa/0xfa0
[  777.735999][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.736019][    C0] 
[  777.736025][    C0] Freed by task 12375:
[  777.736036][    C0]  kasan_save_track+0x3e/0x80
[  777.736059][    C0]  __kasan_save_free_info+0x46/0x50
[  777.736085][    C0]  __kasan_slab_free+0x5c/0x80
[  777.736104][    C0]  kfree+0x197/0x950
[  777.736131][    C0]  __sk_destruct+0x4e4/0x670
[  777.736148][    C0]  inet_csk_listen_stop+0x78c/0xac0
[  777.736168][    C0]  mptcp_check_listen_stop+0x1c6/0x2b0
[  777.736196][    C0]  __mptcp_close+0xf6/0xa60
[  777.736219][    C0]  mptcp_close+0x28/0x1a0
[  777.736246][    C0]  inet_release+0x144/0x190
[  777.736267][    C0]  sock_close+0xc3/0x240
[  777.736287][    C0]  __fput+0x45b/0xa80
[  777.736311][    C0]  task_work_run+0x1d4/0x260
[  777.736335][    C0]  exit_to_user_mode_loop+0xe9/0x130
[  777.736355][    C0]  do_syscall_64+0x2bd/0xfa0
[  777.736383][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.736403][    C0] 
[  777.736408][    C0] The buggy address belongs to the object at ffff88803c896000
[  777.736408][    C0]  which belongs to the cache kmalloc-4k of size 4096
[  777.736430][    C0] The buggy address is located 8 bytes inside of
[  777.736430][    C0]  freed 4096-byte region [ffff88803c896000, ffff88803c897000)
[  777.736454][    C0] 
[  777.736460][    C0] The buggy address belongs to the physical page:
[  777.736482][    C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803c892000 pfn:0x3c890
[  777.736505][    C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  777.736525][    C0] flags: 0x80000000000240(workingset|head|node=0|zone=1)
[  777.736545][    C0] page_type: f5(slab)
[  777.736567][    C0] raw: 0080000000000240 ffff88813ff27140 ffffea000135c010 ffffea0000cb8810
[  777.736588][    C0] raw: ffff88803c892000 0000000000040003 00000000f5000000 0000000000000000
[  777.736609][    C0] head: 0080000000000240 ffff88813ff27140 ffffea000135c010 ffffea0000cb8810
[  777.736629][    C0] head: ffff88803c892000 0000000000040003 00000000f5000000 0000000000000000
[  777.736650][    C0] head: 0080000000000003 ffffea0000f22401 00000000ffffffff 00000000ffffffff
[  777.736669][    C0] head: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000008
[  777.736682][    C0] page dumped because: kasan: bad access detected
[  777.736697][    C0] page_owner tracks the page as allocated
[  777.736706][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5177, tgid 5177 (udevd), ts 49853528843, free_ts 0
[  777.736746][    C0]  post_alloc_hook+0x240/0x2a0
[  777.736766][    C0]  get_page_from_freelist+0x28c0/0x2960
[  777.736790][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  777.736814][    C0]  alloc_pages_mpol+0xd1/0x380
[  777.736833][    C0]  allocate_slab+0x96/0x3a0
[  777.736854][    C0]  ___slab_alloc+0xb12/0x13f0
[  777.736874][    C0]  __slab_alloc+0xc6/0x1f0
[  777.736894][    C0]  __kmalloc_cache_noprof+0xec/0x6c0
[  777.736914][    C0]  uevent_show+0x15a/0x310
[  777.736932][    C0]  dev_attr_show+0x58/0xc0
[  777.736960][    C0]  sysfs_kf_seq_show+0x310/0x490
[  777.736985][    C0]  seq_read_iter+0x4f0/0xe20
[  777.737011][    C0]  vfs_read+0x563/0xa30
[  777.737045][    C0]  ksys_read+0x14b/0x260
[  777.737072][    C0]  do_syscall_64+0xfa/0xfa0
[  777.737100][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  777.737120][    C0] page_owner free stack trace missing
[  777.737128][    C0] 
[  777.737134][    C0] Memory state around the buggy address:
[  777.737144][    C0]  ffff88803c895f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  777.737160][    C0]  ffff88803c895f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  777.737175][    C0] >ffff88803c896000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  777.737187][    C0]                       ^
[  777.737199][    C0]  ffff88803c896080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  777.737214][    C0]  ffff88803c896100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  777.737226][    C0] ==================================================================
[  778.239809][    C0] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  778.239834][    C0] CPU: 0 UID: 0 PID: 20 Comm: rcuc/0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} 
[  778.239861][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  778.239875][    C0] Call Trace:
[  778.239884][    C0]  <TASK>
[  778.239895][    C0]  dump_stack_lvl+0x99/0x250
[  778.239926][    C0]  ? __asan_memcpy+0x40/0x70
[  778.239958][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  778.239983][    C0]  ? __pfx__printk+0x10/0x10
[  778.240015][    C0]  vpanic+0x237/0x6d0
[  778.240037][    C0]  ? __pfx_vpanic+0x10/0x10
[  778.240056][    C0]  ? preempt_schedule+0xae/0xc0
[  778.240087][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[  778.240121][    C0]  panic+0xb9/0xc0
[  778.240141][    C0]  ? __pfx_panic+0x10/0x10
[  778.240170][    C0]  ? __inet_lookup_established+0x3d3/0x830
[  778.240200][    C0]  check_panic_on_warn+0x89/0xb0
[  778.240227][    C0]  ? __inet_lookup_established+0x3d3/0x830
[  778.240261][    C0]  end_report+0x78/0x160
[  778.240285][    C0]  kasan_report+0x129/0x150
[  778.240309][    C0]  ? __inet_lookup_established+0x3d3/0x830
[  778.240343][    C0]  __inet_lookup_established+0x3d3/0x830
[  778.240381][    C0]  ? __pfx___inet_lookup_established+0x10/0x10
[  778.240419][    C0]  tcp_v4_rcv+0xfff/0x2dc0
[  778.240466][    C0]  ? __lock_acquire+0xab9/0xd20
[  778.240491][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  778.240526][    C0]  ? __pfx_tcp_v4_rcv+0x10/0x10
[  778.240556][    C0]  ip_protocol_deliver_rcu+0x221/0x440
[  778.240587][    C0]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  778.240616][    C0]  ip_local_deliver_finish+0x3bb/0x6f0
[  778.240649][    C0]  NF_HOOK+0x30c/0x3a0
[  778.240678][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  778.240705][    C0]  ? NF_HOOK+0x9a/0x3a0
[  778.240735][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  778.240759][    C0]  ? ip_rcv_finish_core+0xda3/0x1c00
[  778.240789][    C0]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  778.240818][    C0]  ? skb_dst+0x4f/0xd0
[  778.240846][    C0]  ? ip_local_deliver+0x12a/0x1b0
[  778.240876][    C0]  NF_HOOK+0x30c/0x3a0
[  778.240903][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  778.240930][    C0]  ? NF_HOOK+0x9a/0x3a0
[  778.240956][    C0]  ? __pfx_NF_HOOK+0x10/0x10
[  778.240985][    C0]  ? __pfx_ip_rcv_finish+0x10/0x10
[  778.241018][    C0]  ? __pfx_ip_rcv+0x10/0x10
[  778.241043][    C0]  __netif_receive_skb+0x143/0x380
[  778.241074][    C0]  ? process_backlog+0x27b/0x900
[  778.241101][    C0]  process_backlog+0x31e/0x900
[  778.241135][    C0]  __napi_poll+0xb6/0x540
[  778.241163][    C0]  net_rx_action+0x5f7/0xda0
[  778.241191][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  778.241228][    C0]  ? __pfx_net_rx_action+0x10/0x10
[  778.241270][    C0]  ? kvm_sched_clock_read+0x11/0x20
[  778.241306][    C0]  ? __pfx_sched_clock_cpu+0x10/0x10
[  778.241333][    C0]  ? kasan_save_track+0x4f/0x80
[  778.241353][    C0]  ? slab_free_after_rcu_debug+0x130/0x4e0
[  778.241387][    C0]  handle_softirqs+0x22f/0x710
[  778.241424][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  778.241462][    C0]  __local_bh_enable_ip+0x1a0/0x2e0
[  778.241495][    C0]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  778.241532][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  778.241557][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  778.241581][    C0]  rcu_cpu_kthread+0xc3d/0x1b50
[  778.241618][    C0]  ? rcu_cpu_kthread+0x23e/0x1b50
[  778.241648][    C0]  ? __pfx_rcu_cpu_kthread+0x10/0x10
[  778.241674][    C0]  ? __lock_acquire+0xab9/0xd20
[  778.241697][    C0]  ? __pfx___schedule+0x10/0x10
[  778.241734][    C0]  ? schedule+0x91/0x360
[  778.241767][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  778.241787][    C0]  smpboot_thread_fn+0x542/0xa60
[  778.241809][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  778.241832][    C0]  kthread+0x711/0x8a0
[  778.241858][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  778.241878][    C0]  ? __pfx_kthread+0x10/0x10
[  778.241901][    C0]  ? rt_spin_unlock+0x150/0x200
[  778.241930][    C0]  ? rt_spin_unlock+0x161/0x200
[  778.241955][    C0]  ? __pfx_kthread+0x10/0x10
[  778.241979][    C0]  ret_from_fork+0x4bc/0x870
[  778.242012][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  778.242046][    C0]  ? __switch_to_asm+0x39/0x70
[  778.242074][    C0]  ? __switch_to_asm+0x33/0x70
[  778.242101][    C0]  ? __pfx_kthread+0x10/0x10
[  778.242126][    C0]  ret_from_fork_asm+0x1a/0x30
[  778.242163][    C0]  </TASK>
[  778.242437][    C0] Kernel Offset: disabled