last executing test programs:

2m21.874895434s ago: executing program 2 (id=2408):
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000740), 0x111}}, 0x20)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)
syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x6)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r7, r7)

2m18.837851993s ago: executing program 2 (id=2417):
syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x10b701)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x79af, 0x8, 0x0, 0x272}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040)=<r4=>0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[], 0x60}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'lo\x00'})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000140)={'syztnl1\x00', &(0x7f0000000440)={'gretap0\x00', 0x0, 0x7800, 0x20, 0x6, 0x0, {{0x5, 0x4, 0x0, 0x3, 0x14, 0x66, 0x0, 0xcd, 0x4, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback}}}})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r6 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r6, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @private2}, 0x1c)
syz_io_uring_setup(0x1244, &(0x7f0000010180)={0x0, 0xd5a5, 0x800, 0x0, 0xb8}, 0x0, &(0x7f0000010200))
r7 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
r8 = dup(r7)
ioctl$SNDRV_PCM_IOCTL_STATUS64(0xffffffffffffffff, 0x40084146, 0x0)
accept4$inet(r8, &(0x7f0000000240)={0x2, 0x0, @empty}, &(0x7f00000002c0)=0x10, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000180)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r6, 0x0, &(0x7f0000000200)="e3", 0x1, 0x10})
io_uring_enter(r2, 0x627, 0x4c2, 0x43, 0x0, 0x11)

2m15.959035894s ago: executing program 2 (id=2427):
socket$can_j1939(0x1d, 0x2, 0x7)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000740), 0x111}}, 0x20)
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000000300)=""/102392, 0x18ff8)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r5, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x32}, 0xa, @in6=@private1, 0x0, 0x4}]}]}, 0xfc}}, 0x0)
connect$inet(r4, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf1c)
syz_usb_connect$uac1(0x0, 0xaa, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000005c0)='fd', 0x0, r1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
fsmount(r2, 0x0, 0x6)
r7 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r7, r7)

2m11.647644473s ago: executing program 2 (id=2439):
r0 = socket$packet(0x11, 0x3, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
syz_open_dev$dri(&(0x7f00000001c0), 0x7, 0x24a401)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='sessionid\x00')
read$FUSE(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth0\x00', <r6=>0x0})
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000100)={r6, 0x1, 0x6}, 0x10)
sendmsg$nl_route_sched(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=@getchain={0x24, 0x11, 0x1, 0xfffffffe, 0x2000001, {0x0, 0x0, 0x0, r6, {0x7, 0xa}, {0xd, 0xc}, {0x8}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x20048054)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="b40000000000f3ff7910900000000000630000000000000095000000000000008d92133deb6af19a615221a5e9c1c30b6e95cc8fea035580b99721396dc8eb6d5df6dc9e699a633176330ff919676a6af14926d2972f96f1b3b7e18b030df52a4f7a1c2f51146019dbb20ca845aa71fa9b92bea75cad145375cd89be1d82fabf57ee85c5e4129f42d848ed23f5b44542fe5be65239e37e6b198ca137e4432993b4576fa1ecf61a856a521d26758e4ddf6730903b5d22548be0ddaae1e6c1233841b2f6c7e7daef09f949ba0db2a1e1c43aba69adbed02c5d6cf115129ee07e25ca8518500d95e5e3ff3e7503dcf5347bee255eeba0f102d4c4c415eb56239c523a4d"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @flow_dissector}, 0x94)

2m10.709301387s ago: executing program 2 (id=2442):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
r1 = socket(0x2b, 0x1, 0x0)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r2)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000480)={0x0, 0xfad6, 0x100, 0x2, 0x0, 0x0, r2}, &(0x7f0000000240)=<r4=>0x0, &(0x7f0000000100)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r1})
io_uring_enter(r3, 0xdb4, 0x0, 0x0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(r3, 0x18, &(0x7f0000000000)={0xfeffffff, r1, 0x23, {0xff, 0x6d2}, 0x6}, 0x1)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
move_mount(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0, 0x261)
r6 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r7 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r7, 0x400448c8, &(0x7f0000000600)={0xffffffffffffffff, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r7, 0x800448d2, &(0x7f00000005c0)={0x1bacf914c1bae15, &(0x7f00000000c0)=[{@fixed}, {}]})
ioctl$AUTOFS_IOC_PROTOSUBVER(r6, 0x40049366, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r8=>0x0})
recvmsg$can_j1939(r6, &(0x7f0000000180)={&(0x7f0000000340)=@tipc=@id, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000500)=""/179, 0xb3}, {&(0x7f00000005c0)=""/87, 0x57}, {&(0x7f0000000640)=""/104, 0x68}, {&(0x7f00000006c0)=""/197, 0xc5}, {&(0x7f00000007c0)=""/4096, 0x1000}, {&(0x7f00000017c0)=""/232, 0xe8}, {&(0x7f00000018c0)=""/225, 0xe1}], 0x7, &(0x7f00000000c0)=""/27, 0x1b}, 0x2)
ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@remote, @remote, @rand_addr=' \x01\x00', 0x4, 0x9, 0x0, 0x500, 0x2f2, 0x150002, r8})

2m10.430451978s ago: executing program 2 (id=2444):
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8001)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0xc094)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xd, &(0x7f0000000140)={0x5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x6, &(0x7f00000001c0)=[{0x401, 0x7, 0x0, 0x10000}, {0x2, 0x88, 0xa, 0x1}, {0x2, 0xe, 0x2}, {0xfffa, 0x6e, 0xe7, 0x1}, {0x2, 0x7b, 0x8, 0x6}, {0x2, 0x2, 0x9, 0xc}]}, 0x10)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="02c9"], 0x5)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c910"], 0x15)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000000))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r3 = creat(&(0x7f00000002c0)='./file1\x00', 0x3c)
r4 = dup2(r3, r3)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES8, @ANYBLOB="2f00000020200008040000002d47ee0db44d2112e8f253c9bcc4561269e69a368020eed33a557a50a5db8937bdb70c4d7eb6541eca0f03464f7a7967efa4790f081ecdd26961100255a06cb9b9ef621063990ae3e8a60c5ccac0a29d50eaa7f606312346e33d0950466f1bfa09629bbf84796a90f787af09cfe1b00f04e7d157690dd1d86a9e417eeed374cb7879d02f53a430511741a333f41173f0f756ace41e62e94f36d6d3a9692e2d9e95f8cc7d0df2925e6e032113b2fd38a606a8b7f8fd07ad34007a4e35c3c5a1696c57d4080c80a07258cd4b4ccc7e7b5d93329159743d96a487e1de32caac9c4e08ec9ffd8ffe7b8255592ab06c16db52e05676d068b2b6cf1c6c2690bde18dcbf4355a61e82acd48fb06bd1480092c70c0f6cc2098a4ec8e7eb786bc4c13d0cb7b5bef7ea3b6ea7eb9", @ANYRESDEC, @ANYRESHEX=r4, @ANYRES64=0x0, @ANYRES32=r1, @ANYRESHEX=r4], 0x20)
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)

1m55.095842086s ago: executing program 32 (id=2444):
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x23, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x8001)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(0xffffffffffffffff, 0x0, 0xc094)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xd, &(0x7f0000000140)={0x5}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000600)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000100)={0x6, &(0x7f00000001c0)=[{0x401, 0x7, 0x0, 0x10000}, {0x2, 0x88, 0xa, 0x1}, {0x2, 0xe, 0x2}, {0xfffa, 0x6e, 0xe7, 0x1}, {0x2, 0x7b, 0x8, 0x6}, {0x2, 0x2, 0x9, 0xc}]}, 0x10)
syz_emit_vhci(&(0x7f00000003c0)=ANY=[@ANYBLOB="02c9"], 0x5)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="02c910"], 0x15)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000000))
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r3 = creat(&(0x7f00000002c0)='./file1\x00', 0x3c)
r4 = dup2(r3, r3)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000007c0)=ANY=[@ANYRES32, @ANYRES8, @ANYBLOB="2f00000020200008040000002d47ee0db44d2112e8f253c9bcc4561269e69a368020eed33a557a50a5db8937bdb70c4d7eb6541eca0f03464f7a7967efa4790f081ecdd26961100255a06cb9b9ef621063990ae3e8a60c5ccac0a29d50eaa7f606312346e33d0950466f1bfa09629bbf84796a90f787af09cfe1b00f04e7d157690dd1d86a9e417eeed374cb7879d02f53a430511741a333f41173f0f756ace41e62e94f36d6d3a9692e2d9e95f8cc7d0df2925e6e032113b2fd38a606a8b7f8fd07ad34007a4e35c3c5a1696c57d4080c80a07258cd4b4ccc7e7b5d93329159743d96a487e1de32caac9c4e08ec9ffd8ffe7b8255592ab06c16db52e05676d068b2b6cf1c6c2690bde18dcbf4355a61e82acd48fb06bd1480092c70c0f6cc2098a4ec8e7eb786bc4c13d0cb7b5bef7ea3b6ea7eb9", @ANYRESDEC, @ANYRESHEX=r4, @ANYRES64=0x0, @ANYRES32=r1, @ANYRESHEX=r4], 0x20)
ioctl$BLKTRACESTART(r3, 0x1274, 0x0)

12.160686152s ago: executing program 5 (id=2838):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102384, 0x18ff0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0xb, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x48043)
r3 = dup(r1)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c)
fsopen(&(0x7f0000000000)='cgroup\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r4, &(0x7f000000c3c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x10400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}}, 0x50)
syz_fuse_handle_req(r4, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
close(r4)
close(r6)
bind$rxrpc(0xffffffffffffffff, &(0x7f0000000040)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e23, @local}}, 0x24)
socket$unix(0x1, 0x5, 0x0)
socket$unix(0x1, 0x1, 0x0)
io_uring_setup(0x1ad2, &(0x7f0000000000)={0x0, 0x1100, 0x0, 0xfffffffe, 0x3d0})

11.231932777s ago: executing program 5 (id=2840):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="08000000040000000400000004"], 0x50)
r1 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x4)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0, <r3=>0xffffffffffffffff}, &(0x7f0000000300), &(0x7f0000000340)=r2}, 0x20)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/comedi3\x00', 0x8a241, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r4, 0xffffffffffffffff, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000380), &(0x7f00000002c0)=r2}, 0x20)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r5, &(0x7f00000004c0)="11", 0x1, 0x2000c841, &(0x7f0000000440)={0xa, 0x2, 0xfffffffd, @empty, 0x40000004}, 0x1c)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r8, 0x405c5503, &(0x7f0000000380)={{0x0, 0x400, 0x4b, 0x9}, 'syz0\x00', 0x11})
ioctl$UI_DEV_SETUP(r8, 0x5501, 0x0)
r9 = syz_open_dev$evdev(&(0x7f0000000040), 0xfffffffffffffffe, 0x2)
ioctl$EVIOCRMFF(r9, 0x40044581, 0x0)
socket$kcm(0x29, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000b80)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_TDLS_OPER(r6, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000240)={0x34, r7, 0x1, 0x70bd26, 0x25dddbfe, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x10}, 0xc0)
sendmsg$NL80211_CMD_REQ_SET_REG(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xaab70ffb98375d03}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x2c, r7, 0x8, 0x70bd26, 0x25dfdbfe, {}, [@NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x8}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_USER_REG_HINT_TYPE={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80801}, 0x80)
r11 = epoll_create1(0x80000)
r12 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x614080, 0x12)
r13 = signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0x6ba]}, 0x8)
close(r13)
r14 = epoll_create1(0x80000)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000140), 0xa, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r13}, 0x2c, {'wfdno', 0x3d, r14}})
epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, r12, &(0x7f00000000c0)={0xe000001a})

11.14608591s ago: executing program 0 (id=2841):
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
connect$llc(r0, &(0x7f0000000340)={0x1a, 0x0, 0xff, 0x0, 0x0, 0x8, @random="48bd00"}, 0x10)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x98}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x48)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000), 0x6)
ppoll(&(0x7f0000000080)=[{r0, 0x4000}, {r0, 0x180}, {r5, 0x122}], 0x3, &(0x7f0000000100), &(0x7f0000000140)={[0x80000000]}, 0x8)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @dev}, {0x1, @local}, 0x4a, {0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}})
r6 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r6, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r7, 0xffffffffffffffff, 0x0)

10.921857243s ago: executing program 5 (id=2843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r4, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket(0x1, 0x803, 0x0)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x8)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYRESHEX=r2, @ANYRES8=r0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES16=r7], 0x5c}}, 0xc5)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_LINK={0x8, 0x5, r9}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}}, 0x884)
r10 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r10, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r10, 0x29, 0x36, &(0x7f0000000140)=ANY=[], 0x8)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r11, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRES64=r3, @ANYRESDEC=r11, @ANYRES8=r0, @ANYBLOB, @ANYRES32=r10, @ANYRESHEX=r10, @ANYRESDEC=r10], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c890}, 0xc081)
bind$inet6(r10, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r10, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8)
recvmmsg(r10, 0x0, 0x0, 0x3, 0x0)
syz_genetlink_get_family_id$wireguard(0x0, 0xffffffffffffffff)
r12 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r12, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r13=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})

10.469566298s ago: executing program 0 (id=2844):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000180)=0x84000000)
syz_usb_connect(0x2, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="120100008ca61d400a1a0101c3540000000109021200"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$gtp(0x0, r1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x80}}, 0x0)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
listen(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32], 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x28, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x2}}, [@TCA_STAB={0x4}]}, 0x28}}, 0x40000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a3000"], 0x110}}, 0x0)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000540)=""/4096, 0x1000}], 0x1)

9.995603865s ago: executing program 5 (id=2847):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90f, 0x8000, '\x00', @string=&(0x7f0000000140)}})
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f00000006c0)}}, {{0x0, 0x0, &(0x7f0000000800), 0x0, 0x0, 0x0, 0x4048080}}], 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79b2, 0x3180, 0x1, 0x283}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x48, 0x4007, @fd_index=0x3, 0x22, 0x0, 0x0, 0x6, 0x1})
io_uring_enter(r4, 0x627, 0x4c1, 0x63, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f7ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e", 0x78}], 0x1}, 0x0)

9.952083748s ago: executing program 1 (id=2848):
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
unshare(0x28040680)
timerfd_create(0x0, 0x0)
futex_waitv(&(0x7f00000047c0)=[{0x5, 0x0, 0x82}], 0x1, 0x0, 0x0, 0x1)
syz_open_dev$video(&(0x7f0000000140), 0xd, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8000000, 0x4, 0x2008, 0xffffbfff}})
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
writev(r3, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
r4 = openat$khugepaged_scan(0xffffff9c, &(0x7f00000002c0), 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
write$khugepaged_scan(r4, &(0x7f0000000040), 0x8)
r5 = socket$alg(0x26, 0x5, 0x0)
r6 = socket(0x10, 0x3, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000000606010200000000000000000300000a050001"], 0x28}, 0x1, 0x0, 0x0, 0x8094}, 0xc0)
sendmsg$nl_generic(r6, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x1e, 0xa01, 0x2, 0x0, {0xa}}, 0x14}}, 0x0)
bind$alg(r5, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000c00)=ANY=[@ANYRES16=r9, @ANYBLOB="010028bd7000fcdbdf2504"], 0x14}}, 0x0)
syz_open_dev$I2C(&(0x7f0000000100), 0x3, 0x20400)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=@newlink={0x20, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5023}}, 0x20}}, 0x0)

8.734796712s ago: executing program 4 (id=2850):
add_key$user(&(0x7f0000000380), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000780)={0x29e9c934, 0x3, 0x7f, 0x404}, 0x10)
sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00042dbd7000fd"], 0x14}, 0x1, 0x0, 0x0, 0x2010}, 0x4001)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x38, 0xfff, 0x0, 0x180, 0x2, 0x14, 0xf1, 0x0, 0x7fffffffffffe, 0x5, 0x4005, 0x8, 0x0, 0x45, 0x1, 0xbdb], 0xdddd0000, 0x1c4213})
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e20, @broadcast}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, 0x0)
r3 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x738, 0x1705, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x0, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r3, &(0x7f00000003c0)={0x2c, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x0)
bind$xdp(0xffffffffffffffff, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x2e288501978821b, 0x80)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
dup3(r5, r4, 0x0)

8.060108725s ago: executing program 5 (id=2853):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430", 0xf)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$bt_hci(r1, 0x84, 0x6d, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x5, &(0x7f0000000000)=[{&(0x7f0000004500)="d800000016008111e00212ba0d8105040a601100ff0f040b067c55a1bc0009001e0006990300000015000500fe808178a8021500030001400200000901ac04000bd67f6f9400710016277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04000000730d7a5025ccca262f3d40fad85667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b440431629b0b5aa14c3d21e2fa353905e2a9ecbee5de6ccd40dd6e4edef3d93452a92307f00000e970300"/216, 0xd8}], 0x1}, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_hmac_sha512\x00'}, 0x58)
r4 = accept4(r3, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f0000002440), 0x3ffffffffffff67, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee1, 0x8031, 0xffffffffffffffff, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r6=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r5, &(0x7f0000000240)={0x13, 0x10, 0xfa00, {0x0, r6, 0xf2ff}}, 0x18)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r7, 0xc004743e, 0x110c230000)
recvmsg$kcm(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x2042)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8359c20b3938b1cb8574e51adc3cac209dd1c", 0x4b}], 0x1, 0x0, 0x0, 0x84090}], 0x1, 0x4004000)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bind$alg(0xffffffffffffffff, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-aes-aesni\x00'}, 0x58)
r8 = accept4(r0, 0x0, 0x0, 0x800)
r9 = socket(0x2, 0x3, 0x7f)
bind$inet(r9, &(0x7f0000000080)={0x2, 0xfffa, @local}, 0x10)
setsockopt$sock_int(r4, 0x1, 0x27, &(0x7f00000010c0)=0x6, 0x4)
sendto$inet(r9, 0x0, 0x0, 0x48890, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="f78d9ca38fff48f3be52163448ad14a84664093d41bffe90", 0x18}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800"/13], 0x18}], 0x1, 0x40800)

7.999852675s ago: executing program 1 (id=2854):
bind$alg(0xffffffffffffffff, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000480)="b19ccccf84f531d9ec214627c11430", 0xf)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000004c80)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000940)="1beb41ea4ea9ca354f167d9eaee7dc35eca218b865688d79fe31cbe00d190c853bfe6a22bd7dec0023aa0e038d07000040e37e00f7dd3afafdbc70e1b5928033df5e82fd76f31e8b29a0f05c2cef56f56cd0330dc984004f220b7dcb23a05d53", 0x60}, {&(0x7f0000000b00)="2112f3980a4c0902dcb1918da23fb18a9d89c4f0793b7c45b722417a6401d606e033776833d550074c2b667b4e127ea79880d00aeee8d16ca6f011603c22355681cd2e9d0d8a2fea2e9b525389d2e7b95aa129fef95245bffd1ccc58bb9ca56a50cd0b4da05e78cc4aef1e9157a66caefb0ba968710bfbc7baabaa3b06bf6e5fe4fe8ebcbc81a4dbda4b1b65ea2d852cda4881d7ceda7dcbef58471a951ca1851b50dd9276e0ab06fa0e23d023766294c911bff4e6d33acdd316322f4d5a1a4eb5ae51e511f2923f3318d83b9b438b20e0560a4834edb911911c7b557e37e94f6f0a2f1d291ae3049df23212a4b50eeb9c9a0901e880", 0xf6}], 0x2, 0x0, 0x0, 0x4004090}, {0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000e40)="c4ae7c0462b7d5d0f701a4979574ff8a5d74bf45c9e878972a42062f9b70e92f76ed2c49e2e8a043016efca580e1e24cbf53ef2fdb0d3810e8", 0x39}], 0x1, 0x0, 0x0, 0x84090}], 0x2, 0x4004000)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0xf1a07000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
socket$nl_route(0x10, 0x3, 0x0)
r4 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x1, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', r5, &(0x7f0000000080)='./file0\x00')
readlinkat(r5, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000780)=""/198, 0xc6)
r6 = syz_io_uring_setup(0x1251, &(0x7f0000000100)={0x0, 0x100577, 0x10, 0x6, 0x42, 0x0, r5}, &(0x7f0000000040), &(0x7f0000011000))
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r6, 0x2, &(0x7f00000001c0)={0x4, 0x0, 0x0, 0x0, 0x50}, 0x20)
io_uring_register$IORING_REGISTER_FILES_UPDATE2(r6, 0x6, 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)

7.99580552s ago: executing program 3 (id=2855):
r0 = syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090248000101570040090400000002060000052406000005240000000d240f0100080000000000000004240200090581031000000000090582"], 0x0)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io(r1, &(0x7f0000000380)={0x2c, &(0x7f0000000a40)=ANY=[@ANYBLOB="0010ea000000ea24f721785c3f2df05c4b3ead06a8274281a085bc1621bb639413e2a3eed057ef5a9aae6509c305f88addccb0226508a8603588b80b66c91c24ec9521f46cc226fef35b8caebb55800baad1d2a4ef29b6ac3fe2f04fca61f9c751fa6febb97f421df14318a049c49880ceda0f455a9cb4a2946658221ce920556406675a02cb17b78fb665363c159d6af21d2ca0ee6dbc816b4ff8cfe058e28eba5c2a5d97f0059dc1d8a8a8c35f4165b0822db13108e367e71c892592156f0e8b1f38d9d233a3f7666d432b77c76ce0ca66e10d971e6bba10bebf48d448cf26243e84d21a46d31a6041a2e834eedb4459e24fdf758e3ebeb99ff4aba3eb0d2c39201fdb"], &(0x7f0000000280)={0x0, 0x3, 0x3f, @string={0x3f, 0x3, "90f9e50064888aae5a147ecc4a76af94f6b9e1b92e53e9bd17a7a1257e305813fd702e689f523369b7c84ec72fabf07ae8f8463f6e5b4d6d790e488ab9"}}, &(0x7f0000000040)={0x0, 0xf, 0x8, {0x5, 0xf, 0x8, 0x1, [@ptm_cap={0x3}]}}, &(0x7f0000000300)={0x20, 0x29, 0xf, {0xf, 0x29, 0x9, 0x8, 0x1, 0x4, "e296684e", "3a58eb55"}}, &(0x7f0000000340)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x4, 0x10, 0xfc, 0xb, 0x4, 0xa6d9, 0x200}}}, &(0x7f0000000900)={0x84, &(0x7f00000009c0)=ANY=[@ANYBLOB="20135d000000383d21f1084c8bfde7d7f26a84df66606d9dc4239ed4d93c38fdf442c9f7d48e72c41e154c960adfd308a3f7c584fe2faa638b482183a7838ede48f4018c26d5c4925c8b0c9c585a4010280000ab94d91502c64763291a1447c5fa8d6018a481480b78"], &(0x7f0000000500)={0x0, 0xa, 0x1, 0xb}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x7}, &(0x7f0000000580)={0x20, 0x0, 0x4, {0x1}}, &(0x7f00000005c0)=ANY=[@ANYBLOB="200074fda94f953e339c"], &(0x7f0000000600)={0x40, 0x7, 0x2, 0x1}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x3}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "ee0f"}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x9}, &(0x7f0000000740)={0x40, 0x13, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, &(0x7f0000000780)={0x40, 0x17, 0x6, @remote}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "7898"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x8}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0xd}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x1}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x1}})
r3 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000700)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f0000000480), 0x400034f, 0x2, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r7, 0x400, 0x0)
r8 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r8}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x24b9)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x30, r3, 0x1, 0xfffffffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0xffffffffffffff55}}]}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000000)
syz_usb_disconnect(0xffffffffffffffff)
r9 = open(&(0x7f00009e1000)='./file0\x00', 0x4c802, 0xad)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r9, &(0x7f0000000640)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x14, 0x3, 0x2, 0x104, 0x0, 0x0, {0x1, 0x0, 0x3}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x45}, 0x800)

6.436395469s ago: executing program 1 (id=2856):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r1, 0x0, 0x27, &(0x7f0000000180)={@multicast2, @loopback}, 0xc)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r2, 0x8914, &(0x7f0000000000)={'xfrm0\x00', 0x1})
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280), 0x40000, 0x0)
ioctl$SNDCTL_FM_4OP_ENABLE(r3, 0x4004510f, &(0x7f0000000380)=0x2)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f0000000080)=ANY=[@ANYBLOB="e00000027f"], 0x18)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r4=>r0, {0xff, 0x75}}, './file0\x00'})
ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f00000000c0)={0x4, 0x7fffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
userfaultfd(0x80801)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x10000000, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe, 0xd}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x0)

6.299165146s ago: executing program 0 (id=2857):
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x8, 0x9}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=ANY=[@ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000500)=0x6)
io_setup(0x2, &(0x7f0000001200))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = socket(0xa, 0x3, 0xff)
setsockopt$inet6_int(r2, 0x29, 0x19, &(0x7f0000000100)=0x1, 0x4)
syz_emit_ethernet(0x6e, &(0x7f0000000140)=ANY=[@ANYBLOB="bbbbbbbbbbbbffffffffffff86dd697a402d00383afefc010000000000000000000000000601ff020000000000000000000000000001010390780500000064bbcf090009ff0000000000000000000000ffff6401010100000000000000000000ffffac1e01018ff940c9431ec2cc"], 0x0)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="0200000001000000000000000400000000000000080000000000000020"], 0x24, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB="040100001a00070000000000fddbdf25fe80000000000000000000000000001b00000000000000000000000000000000ffff0000000000000000000002000000", @ANYRES32=0x0, @ANYRESOCT=r3, @ANYBLOB="ff010000000000000000000000000001000000003c000000fc000000000000000000000000000000000000000000000000b40000000080000c0000140000000000000000000000000000e5d9bfde6b0e9113f330000000000000000000000000000000002000000000000700000000000000fdffffffffffffff00000400000000000900000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bb"], 0x104}}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r4, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r5 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000100)={0x50, 0x0, r6, {0x7, 0x1f, 0x3000}}, 0x50)
syz_fuse_handle_req(r5, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0xb)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

5.132183181s ago: executing program 5 (id=2858):
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0x5)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_emit_ethernet(0x44e, 0x0, 0x0)
mount(&(0x7f00000000c0)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='affs\x00', 0x8008, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000000)=""/149, &(0x7f00000000c0)=0x210)
mbind(&(0x7f0000ff4000/0xc000)=nil, 0xc000, 0x4, 0x0, 0x4, 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setfsuid(0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)={0x1000, 0x105000, 0xfffffffc})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0)
r6 = syz_io_uring_setup(0x90c, &(0x7f0000000200)={0x0, 0x5885, 0x0, 0x0, 0xfd}, &(0x7f0000000740)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r9 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_G_PARM(r9, 0xc0cc5615, &(0x7f0000000000)={0xe, @capture={0x1000, 0x1, {0x0, 0x8}, 0x0, 0x4}})
syz_io_uring_submit(r7, r8, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x40, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10})
io_uring_enter(r6, 0x3516, 0x0, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
r10 = socket(0x2, 0x80805, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r10, 0x0, 0x482, &(0x7f0000000040)={0x84, @loopback, 0x4e1f, 0x20003, 'lblcr\x00', 0x1, 0x9d3d, 0x6a}, 0x2c)
r11 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r10, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="78008a00", @ANYRES16=r11, @ANYBLOB="05022abd7000fcdbdf250100000008000500ac1e000108000200000000000c00030000000000000000000800090004000000060006000400000014000c00fc02000000000000000000000000000008000500ac14142d05000d000900000014000c00"/114], 0x78}, 0x1, 0x0, 0x0, 0x42}, 0x20024080)

4.928080478s ago: executing program 1 (id=2859):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001480), 0x42002, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000094b24610b11342003d9d0102030109021b000100000000090400390009"], 0x0)
sendfile(r0, r1, 0x0, 0x20000023892)
bind$rds(r1, &(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10)
pipe(&(0x7f0000019480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f00000001c0)=[{&(0x7f0000000280)="dc", 0x1}], 0x1, 0x3)
close(r3)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_int(r4, 0x1, 0x3c, &(0x7f0000000040)=0x1, 0xfff0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_INSN(r5, 0x8028640c, &(0x7f0000000040)={0xc000003, 0xf, &(0x7f0000000180)=[0x17, 0xa, 0xf909, 0x204005, 0x5, 0xffffffff, 0x7, 0x14, 0xfffffe01, 0x50, 0x4, 0x2, 0x88, 0x4, 0x2], 0x1, 0x4})
connect$inet(r4, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10)
mkdir(&(0x7f0000000200)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000680)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]})
r6 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r6, &(0x7f0000000200)='./file1\x00', 0x800, 0x1)
r7 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
chdir(&(0x7f0000000140)='./bus\x00')
linkat(r7, &(0x7f0000000100)='./file1\x00', r7, &(0x7f0000000180)='./file0\x00', 0x1000)
unlink(&(0x7f00000002c0)='./file0\x00')
r8 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
symlinkat(&(0x7f00000000c0)='./file1\x00', r8, &(0x7f0000000100)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x82042, 0x19d)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r4, &(0x7f0000000f00)=[{{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000080)="b5", 0x1}, {&(0x7f0000000200)="c9", 0x1}, {&(0x7f0000000340)="01", 0x1}, {&(0x7f0000000400)='Q', 0x1}, {&(0x7f0000000500)="d7", 0x1}, {&(0x7f0000000600)='J', 0x1}, {&(0x7f0000000700)=')', 0x1}, {&(0x7f0000000180)='<', 0x1}], 0x8}}, {{0x0, 0x0, &(0x7f0000002dc0)=[{&(0x7f0000000a40)="db", 0x1}, {&(0x7f0000001a40)="5c8c56b4ef4b478bf9b431ece6b2d8bdf4abffaee5e1138ba457a84eec31c9fdec2e274f512ea28c50a9c25214a70c6582928702c1116955bbeb327a89cc181a2bba5a572cf813a2619731ddffd8564bcf36d365cf5292989d9e186920c1229e12c006db1d590be12125bea3b9f0484e445b75da02486b2258c270fc864e6cca131ebb987f1a1c94b00228f9674d8a3af8920957bb79b18a43d7845d07da9cbd606cfadeefaf79873f32a0f0b25f55b71c62992ae0a3c2b8971184735d18d37f600de6bc84cbe7b097df1d8532c8e1e111323f61c542d743b0dd583d9e24f06472bc958931dd1ff3008825260385bfcd5250de2546a6ff22e4fab1ab39e0e2ccb19c506aae9ff404c5054b930aafcd6a35ae51c499fc2e535d719dcb5b465a7e25b245aabca1cc62bfa0fded3d066ef4fdaddfe30bc8de62a3d3c41838e6969f1f8a965e0712b4a62e16d2162b576ce12c0135a94b84199e55d1acc00684f0027aa3d91ad483c00100535cb08f7ec2ef9ccc67b85da92968a8bfd90926f3fbfda59093c4181058c6e24149ef74ad8d3b3b75c4b82fe212ac4605a3b75c6d9c7e526892d59c8762b10d8d6eb1b7f05f896abc89d89e6a0456e164fb2a9054cb60ca35ec3a46986b71b32b2e7d2a66049d508d01ce88d082375179d4be44123778067b08bc1b53372f805f60bbf79a38508fb1215527a67e8b2f06e2bf684c894d2a42724037ef20a91ec4c315ad86d2d496b914a02424a74fce888d601ab281f7a5e8e67ca119055c1b99b3f243e75cad3f210304467f9b9053914ec48801b48dd0d0aa572a36687db0864b07caa6f85948df49c850046ce02f3293607dd09dc86d83b624f4920f125387bd9273de41e4ad7a51befce70e6559a9a248e1587baf1dc41cb9e7003679116a11eeb132587e8f2d9254d5816613b115bcd2bc8cc7b9f595cdf0b04284744377e3a290b3b86bb526cd62282e1f004f25f68f73d98f72497098a631aa4b257c9f07b41ad9a20fbb400fef83b1bac3332428b4cc973118bc0b2580e9a464323979733b0cce4c300a10d2c435ccdd7a0605bd6795935799bd8a901104a02ebebecff6951ebe04a5b0c46d52e3faa7b7bba337212e810632e27d76986c0cd53f2eec0ec029fb94932ae44aacbf795cb53a74d65117334bcf69d5ab34e165729c1879b7524947cf06ddaff6f1fd2a584c78613184e7ac73a9f5984af867450832e67bc59e104a3bd277be484f2122e56c84f05218d9cd5d6697f2240d60c849cd055697df4e4f4d795dfca72782c562d94dd5824ad548d27808258b99678a27952a832be729286ef4ba2a3e1874c9e1da45ef38e92680b5320e8e40a1e5e9301f53acd6850d36c82b3eb128f5505a12f4e555a92ea716d6489f4e042700db779d057c139c6259d26c8d80c45563fb50aa38dd31cfa8a84d9e989de66f4b987dea0775b77557f51cc15546622e7b09f60f22b9f987e9e91ecedb9cfeb3eb4f6b5be2e9206187331e56bfe34bfe69ee4326b802ab52d261749a0e32a165fff6a8dd159a2fcdeb4f84db808b2ad2db60f0a2a2fa38209fd395f9484fef2ee01ed377103b77df0bb981096309396e1d0f94d6bb74dbdf519142e1bb5d3bea69267f000537e396ff357b9d889af66a8dfb589d5f541b1fe003dd1d4a0853d25dea43135f98dd4df1cda11b5751eddc9dd46a57c7bde4a8b8c6f1dc77704f33aa84dc35610282abc8686563ac604d3c89f44e89c9f5f5b8de89e6e6ef5b6a0ff586d4235ff7445b610094657532a3daa966ee28b3c14ed0282913c7015b717497e77094221b7fc183611402c566000e9e6b98cd10fd042a4fe6676532eeed94d8c72e73af2a6e14618bf9da0fea8c8264a6139f800a9eedf8b84bda62e56434a3cd207da02c3eb7211f917fabe1f7d632dc71afe2d201c46143e84165119c2f73091eaf72998f56dfa37946bdb6a2d22988d58e1a485ca56011eb6386d9a2a57bf24fc3c3c93405dbe5246cc6050afb63c5dcba74dc89fac94b04e47233ced8cf0098711617a66567af09bbcc40f951fcb637bc74911dc4fa647696b3", 0x5c1}, {&(0x7f0000000840)="e3", 0x1}, {&(0x7f0000000680)="a7", 0x1}, {&(0x7f0000000540)='k', 0x1}, {&(0x7f00000002c0)="c8", 0x1}, {&(0x7f0000002bc0)='>', 0x1}], 0x7}}, {{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000940)="b230", 0x2}], 0x1}}], 0x3, 0x4008440)
splice(r2, 0x0, r3, 0x0, 0x10500, 0x0)

4.868739972s ago: executing program 4 (id=2860):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket(0x29, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, 0x0, 0xf0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x2)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b707000008000000850000006900"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)

4.60685868s ago: executing program 0 (id=2861):
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x40008001, 0x0, 0x6, 0x7, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)={@fallback, 0xffffffffffffffff, 0x2c}, 0x20)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
bind$alg(r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x33)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r5)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, 0x80001}, 0x1c)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8, 0x1b, 0x4000000}]}, 0x28}}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

4.184444613s ago: executing program 3 (id=2862):
r0 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wg2\x00', <r1=>0x0})
r2 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r3 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r4 = openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff)
write$binfmt_elf64(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509)
close(r4)
r5 = openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff)
write$binfmt_elf64(r5, &(0x7f0000000700)=ANY=[@ANYBLOB="7f454c460001690bfeffffff0000000002003e"], 0x40)
close(r5)
r6 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x1c, 0x52, 0x1, 0x70bd2a, 0x25dfdbff, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0xfffffffe}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x40800)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2000405, 0x0)
execveat$binfmt(0xffffffffffffff9c, r2, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, {0x4, 0x8001}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2006c805}, 0x20040054)
socket(0x10, 0x803, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'wg2\x00'}) (async)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00') (async)
syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') (async)
openat$binfmt(0xffffffffffffff9c, r3, 0x42, 0x1ff) (async)
write$binfmt_elf64(r4, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509) (async)
close(r4) (async)
openat$binfmt(0xffffffffffffff9c, r2, 0x42, 0x1ff) (async)
write$binfmt_elf64(r5, &(0x7f0000000700)=ANY=[@ANYBLOB="7f454c460001690bfeffffff0000000002003e"], 0x40) (async)
close(r5) (async)
socket(0x10, 0x3, 0x0) (async)
setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000980)={0x6}, 0x10) (async)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)={0x1c, 0x52, 0x1, 0x70bd2a, 0x25dfdbff, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0xfffffffe}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8800}, 0x40800) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2000405, 0x0) (async)
execveat$binfmt(0xffffffffffffff9c, r2, 0x0, 0x0, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, r1, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtfilter={0x30, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r1, {0x4, 0x8001}, {}, {0x1, 0xf}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x2006c805}, 0x20040054) (async)

3.867087974s ago: executing program 3 (id=2863):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, 0x0, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90f, 0x8000, '\x00', @string=&(0x7f0000000140)}})
ioctl$SNDCTL_DSP_CHANNELS(r2, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f00000006c0)}}, {{0x0, 0x0, &(0x7f0000000800), 0x0, 0x0, 0x0, 0x4048080}}], 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79b2, 0x3180, 0x1, 0x283}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x48, 0x4007, @fd_index=0x3, 0x22, 0x0, 0x0, 0x6, 0x1})
io_uring_enter(r4, 0x627, 0x4c1, 0x63, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae08060cdc030ec0007f03e3f7ff1f000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec08120800030006010000bdad446b9bbc7a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947ee2b49e", 0x78}], 0x1}, 0x0)

3.321155647s ago: executing program 0 (id=2864):
r0 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x40008001, 0x0, 0x6, 0x7, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
socket$kcm(0xa, 0x5, 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000380)={@fallback, 0xffffffffffffffff, 0x2c}, 0x20)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
bind$alg(r0, 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x33)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
r4 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, &(0x7f00000000c0)={0x1, 0x2}, 0x0)
landlock_add_rule$LANDLOCK_RULE_NET_PORT(r4, 0x2, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r5)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r6], 0x2c}, 0x1, 0x0, 0x0, 0x20048881}, 0x2000c800)
landlock_restrict_self(r4, 0x0)
landlock_restrict_self(r4, 0x0)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x1}}, 0x80001}, 0x1c)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x8}, [@IFLA_GROUP={0x8, 0x1b, 0x4000000}]}, 0x28}}, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})

2.036089922s ago: executing program 3 (id=2865):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x14, 0xd, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

2.011339478s ago: executing program 0 (id=2866):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket(0x29, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, 0x0, 0xf0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x2)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r4, @ANYBLOB="0000000000000000b707000008000000850000006900"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)

1.580218455s ago: executing program 3 (id=2867):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000180)=0x84000000)
syz_usb_connect(0x2, 0x24, &(0x7f00000005c0)=ANY=[@ANYBLOB="120100008ca61d400a1a0101c3540000000109021200"], 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x10, 0x2, 0x0)
syz_genetlink_get_family_id$gtp(0x0, r1)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x80}}, 0x0)
r2 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
listen(0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32], 0x10)
sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@newqdisc={0x28, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, r3, {0x0, 0x2}, {0xffff, 0xffff}, {0x2}}, [@TCA_STAB={0x4}]}, 0x28}}, 0x40000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a3000000000400003800800014000000000080002400000fbff2b0003801400010067656e6576653000000000000000000014000100776732000000000000000000c6e49c0f5c000000180a0101000b000000000000010000000900020073797a3000"], 0x110}}, 0x0)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000540)=""/4096, 0x1000}], 0x1)

1.508568131s ago: executing program 1 (id=2868):
r0 = epoll_create(0x9)
writev(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000100)=0x3)
mkdir(0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
ioperm(0x2, 0x7ff, 0x5c0c)
r3 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r5 = socket$inet_smc(0x2b, 0x1, 0x0)
r6 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r6, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r6, 0xa9525000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
chmod(&(0x7f0000000040)='.\x00', 0x35e)
close_range(r5, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047454, &(0x7f0000000300)=0x5)

938.312251ms ago: executing program 4 (id=2869):
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000140)={[0x7]}, 0x8)
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000180))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(0xffffffffffffffff, 0x80189439, &(0x7f0000000080))
r1 = epoll_create1(0x80000)
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r0, 0x800455d1, &(0x7f00000001c0))
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000100)='/sys/power/pm_trace_dev_match', 0x181000, 0x111)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0)={0xe000001a})
io_setup(0xcb, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x3, &(0x7f0000000600)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4e0e, r2, &(0x7f0000000880)="a3e3", 0x2, 0x2}, 0x0, 0x0])
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000001000000000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)

872.517263ms ago: executing program 3 (id=2870):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
r1 = socket(0x29, 0x5, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, 0x0, 0xf0)
socket$inet_smc(0x2b, 0x1, 0x0)
socket(0x40000000015, 0x5, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x2)
openat$vim2m(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0xf32}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa4000000", @ANYRES32=r3, @ANYBLOB="0000000000000000b707000008000000850000006900"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$igmp6(0xa, 0x3, 0x2)

699.626257ms ago: executing program 1 (id=2871):
socket$nl_rdma(0x10, 0x3, 0x14)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmsg$can_raw(0xffffffffffffffff, &(0x7f0000001580)={&(0x7f0000000040)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f0000001500)=""/123, 0x7b}, 0x2106)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x6}, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x5000007, 0x50032, 0xffffffffffffffff, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

556.423895ms ago: executing program 4 (id=2872):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
migrate_pages(r0, 0x5, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x272)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x8081)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000280)={0xffffffffffffffff, 0x0, {0x0, 0x0, 0x0, 0x32, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0x3, 0x6]}})
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x5, 0xfffffffffffffffd, 0x8001, 0x0, 0x1000001000, 0x45}, 0x0, &(0x7f0000000080)={0x3ff, 0x4, 0x100000, 0x9, 0x0, 0x10, 0x80000002}, 0x0, 0x0)
close_range(r5, 0xffffffffffffffff, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)

159.917013ms ago: executing program 4 (id=2873):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r5, {0x4}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0x0, 0x5, 0x9, 0x6, 0xc, 0x2, 0x0, 0x2, 0xf, 0x0, 0xfe, 0x3, 0x2, 0x6, 0x1, 0x4], 0x3, [0x8b, 0x101, 0x200, 0x2002, 0x1, 0x8004, 0x2, 0xd06, 0xfff, 0x2, 0xb, 0x1, 0x5, 0x106, 0x9, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x3, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x8, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
close(r2)
socket$unix(0x1, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r9 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r9, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x0, r7, 0xc}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000180)="27030200590214000600002fb96d", 0xe}], 0x1}, 0x4)

0s ago: executing program 4 (id=2874):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x15, 0x800000000004, @thr={&(0x7f00000003c0), 0x0}}, 0x0)
syz_open_dev$video(&(0x7f00000001c0), 0xa7, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x8, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x10007f, 0x20000006, 0x53, 0x6, 0x3, 0x5, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x24, 0xd, 0x1, 0x0, 0x7, 0x2, 0x4, 0x7, 0x7, 0x8, 0x4c74, 0x80000000, 0x0, 0x80003, 0xe, 0x8, 0x8000806e, 0x7, 0x17, 0xfffffffd, 0x7, 0x200, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x8, 0x5, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x6, 0x5, 0xfffffff3, 0x2, 0xc8, 0x8, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0x1, 0x0, 0x204, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4004e0, 0x1, 0x4, 0xb, 0x1, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0xfffffe01, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93694, 0x43, 0x9], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x40007fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x0, 0x8, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d05, 0x6, 0xd, 0x800003, 0x10000200, 0x80, 0x3, 0x4, 0x2950bfaf, 0xfffffff8, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x21c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x438], [0x9, 0xbb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0xd935, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000000, 0x0, 0x4, 0xc8, 0x1, 0xfffff000, 0x10080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff343f, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054)
r5 = socket$inet_icmp(0x2, 0x2, 0x1)
stat(&(0x7f0000000280)='./file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
sendmsg$netlink(r1, &(0x7f0000000d80)={&(0x7f0000000000)=@proc={0x10, 0x0, 0x25dfdbfb, 0x4000000}, 0xc, &(0x7f0000000d40)=[{&(0x7f0000000300)={0x78, 0x24, 0x8, 0x70bd29, 0x25dfdbfc, "", [@generic="972451d2a6cf2c439fb5b906f062bd93e879410e42bd90e08dec6eeedd", @typed={0xc, 0xed, 0x0, 0x0, @u64=0x1}, @generic="64068892f90f693cc7677205d6055c386aece73e1e64861dd63c80c133803488c9379d885946d51f03085c9cf498dbb2b94fea7c375748e1d4e06baaee"]}, 0x78}, {&(0x7f0000000980)=ANY=[@ANYBLOB="500000001900320426bd7000fcdbdf250800dd00ac1e0001036e8f5434aef22a300850f82cd0e0eb1ca47cb07c7bca92608756c674cf27d53a255be295bd21e6de4303617b70640800eb00", @ANYRES32=r6, @ANYBLOB='\x00\x00\x00\x00\x00@\x00'], 0x50}, {&(0x7f0000000dc0)=ANY=[@ANYBLOB="880300001800000429bd7000fedbdf252495bce6154ef7802ed4481a48face81268bdb611b800e1483d70ec85ba8e27c7dec49d46e24cf5403c06eac3ecacb0d8e84b6fa0cb51713a57223efc0d968d2d10017c3b53175cc3f7e106d57844955d0f09913061291c052ecf9efd5ff5a866b92b402c4f8b55822de71947628a38db9cb52d162b7da020ac8d3229447a7464e04f5d4a7d2d339bc8bf875675d503ae826bd09b1e7f14e6c3fb225e4b360e6bb79c09bd611efbfc10702748cc8fc5c7c6b578c0810fe75535e913134812639d9cefa04e80064c16b5f3c08f274ee856597d05b1cf4bc5903e94713124acbb5c27f007e4d0ba791ddaff29ea342514ceeb77b5f3cb2585813548e99e7991cc2743e50568ef64ec08bc91f5ed3276dfea9ea7ef09e0b8656398c803ef95ea4041839b706b7c73572e5337ac679a0cfbeefa39b676e09bcc75e0ffb5eb386cf93f8b89c95a400146001b01b3262497455c2de54a0460fa631c993989987b91c006680040009801400bd00fe800000000000000000000000000012fb01488045d8f2a5418c4dc8b68f1477ee7a0db6181612fba36eee4cd0559fbdccb4498c75f0b618e83a66736008f266824efeca4db59024ffb979ff37ec3df369b691587b3e85dae0e10488203d70d9b0882a6921ec1c79ce2352d4342d4036d8992ea71f6f842d6df16a67f8da0744b8e06a1a03690f6f57e8cf21e614afdd2c038f2b9ace375256378fd228e5ff085ba2339b0acd488c16315c1383f9bfd8103da1bc785f0cdbfda33186bf2feb61e3798a4b124b32e0e81306c31e3b042a0fae56f8065b6b11d5d5ce1b57c079c46219bf12953893ac1c2affa59682baa7a857d97f3a2ce817f07d82949d0b9dfd9304ebb10ceb759042bc326c2902e64a7ffff45a1761a4a381ca5a331d0a4e08ad1316c88cb9489edf89087c0d66c479673d83a8c7fe6866a3a5f233105243dced192ebb09e94af140756bd0c6891696a6109cb985f9a68c4c39f4773668d114e19264655358ad9e0d39072ebe45f03a504ed44d033448e4edaa451c00f7df9ca234e76be1a9d948f77008d87c9716729c4e848f494926e2d30ae77871488b40981e0fbdbdb7edee1c44ea47ad5498fe4e9631db60b6c02f3f5fbab058c9b41f90c27287447537072432ac68f55527635d51158ac4b6d9e492add6c3f6af45e90273e15571904dfa025b776417ad714bb2d4f235177cb5346d22f8a83e2acf837f5e863f5b04001b80000000000011c2db0b2c9fd5fb2edb22b91f91e577d45192431a3b391a701f24e415f37f3a7a7ef5369f43ba00113aa8f805a4a60147906dd9cc8e59b98509a7e0a676559d4d7f1d3953a7526661d0f1712395b4434903e9b4406c1193ebff531b0f4ca9ff626e5bcb96e1bf51dfa88e02c22519bf47dae227d9e3bcd6a4e99e9ebc7629295ff652e136ae0b34c9ce6722a06a6608a1c579e9e4674eafe3e81e49341c176bc9b64024df510a8d421bbfdd24484a7101f3b6c845047e60e5281a2d3f1812e773e9b014c4e805cfa4037a480984ceab93cb45541d72ad"], 0x388}], 0x3, 0x0, 0x0, 0x4000000}, 0x40)
setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0xc0, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000001000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x138)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r7, 0x107, 0xd, &(0x7f00000002c0)=@req3={0x10000, 0x1, 0x100, 0x100, 0x4}, 0x1c)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40})
syz_open_dev$loop(&(0x7f00000001c0), 0x71, 0x2000)
r8 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)
lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0)
write$binfmt_elf32(r8, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c4601079704080000000000000002000600010000004300000038000000c0010000030000000100200002"], 0x78)
close(r8)

kernel console output (not intermixed with test programs):

e with driver vmk80xx failed with error -22
[  689.359596][T14233] netlink: 'syz.0.2240': attribute type 6 has an invalid length.
[  689.364929][T14236] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2236'.
[  689.392747][T14233] netlink: 'syz.0.2240': attribute type 6 has an invalid length.
[  689.577344][T14240] input: syz1 as /devices/virtual/input/input46
[  690.385712][T14245] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  691.154913][T14249] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  691.179597][T14249] syzkaller0: entered promiscuous mode
[  691.229207][T14249] syzkaller0: entered allmulticast mode
[  691.258747][T14251] syzkaller0: entered promiscuous mode
[  691.270728][T14251] syzkaller0: entered allmulticast mode
[  691.296932][T14249] tipc: Resetting bearer <eth:syzkaller0>
[  691.334340][T14247] tipc: Resetting bearer <eth:syzkaller0>
[  691.351175][ T5884] usb 1-1: new full-speed USB device number 80 using dummy_hcd
[  691.391143][T14247] tipc: Disabling bearer <eth:syzkaller0>
[  691.520456][ T5884] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  691.555852][ T5884] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.576124][ T5884] usb 1-1: Product: syz
[  691.580300][ T5884] usb 1-1: Manufacturer: syz
[  691.596775][ T5884] usb 1-1: SerialNumber: syz
[  691.614003][ T5884] usb 1-1: config 0 descriptor??
[  692.415772][ T5884] airspy 1-1:0.0: Board ID: 00
[  692.622389][ T5917] usb 4-1: USB disconnect, device number 66
[  692.900704][ T5884] airspy 1-1:0.0: Firmware version: 
[  693.512086][ T5884] airspy 1-1:0.0: usb_control_msg() failed -71 request 12
[  693.537109][ T5884] airspy 1-1:0.0: Registered as swradio24
[  693.554741][ T5884] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  693.600617][ T5884] usb 1-1: USB disconnect, device number 80
[  693.931401][   T30] audit: type=1400 audit(1770407598.358:898): avc:  denied  { bind } for  pid=14271 comm="syz.2.2251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  693.965118][T14274] input: syz1 as /devices/virtual/input/input47
[  693.983864][   T30] audit: type=1400 audit(1770407598.378:899): avc:  denied  { name_bind } for  pid=14271 comm="syz.2.2251" src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  694.088659][   T30] audit: type=1400 audit(1770407598.378:900): avc:  denied  { node_bind } for  pid=14271 comm="syz.2.2251" saddr=224.0.0.1 src=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  694.125940][T14275] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  694.270692][ T5884] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  694.436514][ T5884] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  694.554776][ T5884] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  694.679448][ T5884] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  694.800337][ T5884] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  694.939353][ T5884] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  695.126525][ T5884] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  695.244584][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  695.356858][ T5884] usb 3-1: Product: syz
[  695.417539][ T5884] usb 3-1: Manufacturer: syz
[  695.483188][ T5884] cdc_wdm 3-1:1.0: skipping garbage
[  695.491199][ T5884] cdc_wdm 3-1:1.0: skipping garbage
[  695.499863][ T5884] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  695.506400][ T5884] cdc_wdm 3-1:1.0: Unknown control protocol
[  695.939986][ T5884] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[  696.148234][ T5884] usb 1-1: Using ep0 maxpacket: 8
[  696.160777][   T30] audit: type=1400 audit(1770407600.568:901): avc:  denied  { read write } for  pid=14271 comm="syz.2.2251" name="cdc-wdm0" dev="devtmpfs" ino=3495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  696.189053][ T5884] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  696.199248][ T5884] usb 1-1: config 0 has no interface number 0
[  696.206123][ T5884] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  696.220172][   T30] audit: type=1400 audit(1770407600.568:902): avc:  denied  { open } for  pid=14271 comm="syz.2.2251" path="/dev/cdc-wdm0" dev="devtmpfs" ino=3495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:modem_device_t tclass=chr_file permissive=1
[  696.363410][    T9] usb 3-1: USB disconnect, device number 60
[  696.480708][ T5884] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  696.484085][T14297] input: syz1 as /devices/virtual/input/input48
[  696.522053][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.563960][   T30] audit: type=1400 audit(1770407600.568:903): avc:  denied  { read } for  pid=14271 comm="syz.2.2251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  696.607489][ T5884] usb 1-1: config 0 descriptor??
[  696.635572][ T5884] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  696.842596][T14302] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  697.088297][T14301] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  697.182123][T14303] syzkaller0: entered promiscuous mode
[  697.254810][T14303] syzkaller0: entered allmulticast mode
[  697.509213][T14301] tipc: Resetting bearer <eth:syzkaller0>
[  697.796453][T14299] tipc: Resetting bearer <eth:syzkaller0>
[  697.982401][T14299] tipc: Disabling bearer <eth:syzkaller0>
[  698.335622][T14314] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.613009][ T5817] Bluetooth: Fragment is too long (len 14, expected 2)
[  698.695264][T14314] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  698.794994][T14314] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  699.504175][T14326] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2262'.
[  699.552683][T14314] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  700.170652][ T6252] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  700.188514][ T6252] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  700.190607][    T9] usb 4-1: new high-speed USB device number 67 using dummy_hcd
[  700.217358][ T6252] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  700.232870][ T6252] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  700.340763][    T9] usb 4-1: device descriptor read/64, error -71
[  700.581989][    T9] usb 4-1: new high-speed USB device number 68 using dummy_hcd
[  700.720624][    T9] usb 4-1: device descriptor read/64, error -71
[  700.830795][    T9] usb usb4-port1: attempt power cycle
[  700.870613][  T977] usb 2-1: new full-speed USB device number 66 using dummy_hcd
[  701.022134][  T977] usb 2-1: config 8 has an invalid interface number: 177 but max is 0
[  701.032119][  T977] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  701.042507][  T977] usb 2-1: config 8 has no interface number 0
[  701.048931][  T977] usb 2-1: config 8 interface 177 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  701.064100][  T977] usb 2-1: config 8 interface 177 has no altsetting 0
[  701.071254][  T977] usb 2-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  701.071381][T14350] IPv6: NLM_F_CREATE should be specified when creating new route
[  701.080408][  T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  701.212693][  T977] ir_toy 2-1:8.177: required endpoints not found
[  701.261026][    T9] usb 4-1: new high-speed USB device number 69 using dummy_hcd
[  701.687964][    T9] usb 4-1: device descriptor read/8, error -71
[  701.980725][    T9] usb 4-1: new high-speed USB device number 70 using dummy_hcd
[  702.001165][    T9] usb 4-1: device descriptor read/8, error -71
[  702.060655][  T977] usb 3-1: new full-speed USB device number 61 using dummy_hcd
[  702.187407][    T9] usb usb4-port1: unable to enumerate USB device
[  702.301021][T13301] usb 1-1: USB disconnect, device number 81
[  702.310698][  T977] usb 3-1: device descriptor read/64, error -71
[  702.631025][  T977] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  702.802921][  T977] usb 3-1: device descriptor read/64, error -71
[  703.061351][  T977] usb usb3-port1: attempt power cycle
[  703.519170][T14377] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2275'.
[  703.866586][    T9] usb 2-1: USB disconnect, device number 66
[  703.880796][  T977] usb 3-1: new full-speed USB device number 63 using dummy_hcd
[  703.928180][  T977] usb 3-1: device descriptor read/8, error -71
[  704.418792][  T977] usb 3-1: new full-speed USB device number 64 using dummy_hcd
[  704.553863][  T977] usb 3-1: device descriptor read/8, error -71
[  704.664298][  T977] usb usb3-port1: unable to enumerate USB device
[  705.700338][T14406] input: syz1 as /devices/virtual/input/input50
[  706.016449][T14408] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  707.495759][   T30] audit: type=1400 audit(1770407611.898:904): avc:  denied  { override_creds } for  pid=14418 comm="syz.4.2287" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  709.080605][ T5884] usb 2-1: new full-speed USB device number 67 using dummy_hcd
[  709.107663][T14464] binder: 14459:14464 ioctl 4018620d 0 returned -22
[  709.210684][ T5884] usb 2-1: device descriptor read/64, error -71
[  709.321471][T14466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2295'.
[  709.446602][T14468] input: syz1 as /devices/virtual/input/input51
[  709.453476][ T5884] usb 2-1: new full-speed USB device number 68 using dummy_hcd
[  709.649385][T14472] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  709.867964][ T5884] usb 2-1: device descriptor read/64, error -71
[  710.852139][T14464] binder: 14459:14464 ioctl d000941e 0 returned -22
[  710.920818][ T5884] usb usb2-port1: attempt power cycle
[  711.500652][ T5884] usb 2-1: new full-speed USB device number 69 using dummy_hcd
[  711.531654][ T5884] usb 2-1: device descriptor read/8, error -71
[  711.562866][T14485] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2300'.
[  711.664461][   T30] audit: type=1400 audit(1770407616.088:905): avc:  denied  { name_bind 0x1000000 } for  pid=14486 comm="syz.3.2301" path="socket:[49552]" dev="sockfs" ino=49552 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  711.820639][ T5884] usb 2-1: new full-speed USB device number 70 using dummy_hcd
[  712.366376][ T5884] usb 2-1: device not accepting address 70, error -71
[  712.447419][ T5884] usb usb2-port1: unable to enumerate USB device
[  712.797171][T14508] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2304'.
[  713.134615][T14513] vxfs: unable to read disk superblock at 1
[  713.140969][T14513] vxfs: unable to read disk superblock at 8
[  713.146958][T14513] vxfs: can't find superblock.
[  715.676006][T14527] veth0: entered allmulticast mode
[  715.791453][T14532] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2312'.
[  716.283991][T14541] overlayfs: overlapping lowerdir path
[  716.360718][ T5884] usb 5-1: new full-speed USB device number 57 using dummy_hcd
[  716.522056][ T5884] usb 5-1: device descriptor read/64, error -71
[  716.681513][ T1207] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[  716.764162][ T5884] usb 5-1: new full-speed USB device number 58 using dummy_hcd
[  717.038739][ T1207] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  717.053121][ T1207] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  717.071101][ T1207] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  717.080328][ T1207] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  717.118861][T14545] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  717.134737][ T1207] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[  717.160611][ T5884] usb 5-1: device descriptor read/64, error -71
[  717.447168][ T5884] usb usb5-port1: attempt power cycle
[  717.518081][T14556] binder: 14548:14556 ioctl 4018620d 0 returned -22
[  717.675269][ T1207] usb 1-1: USB disconnect, device number 82
[  717.755573][T14560] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2319'.
[  717.810629][ T5884] usb 5-1: new full-speed USB device number 59 using dummy_hcd
[  717.846810][ T5884] usb 5-1: device descriptor read/8, error -71
[  718.369399][ T5884] usb 5-1: new full-speed USB device number 60 using dummy_hcd
[  718.396281][T14571] vxfs: unable to read disk superblock at 1
[  718.402949][T14571] vxfs: unable to read disk superblock at 8
[  718.408911][T14571] vxfs: can't find superblock.
[  718.727994][T14556] binder: 14548:14556 ioctl d000941e 0 returned -22
[  720.301957][T14582] ./cgroup: Can't lookup blockdev
[  720.343725][ T5884] usb 5-1: device not accepting address 60, error -71
[  720.344204][T14584] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2324'.
[  720.350914][ T5884] usb usb5-port1: unable to enumerate USB device
[  720.693618][T14585] SELinux:  Context system_u:object_r:systemd_logger_exec_t:s0 is not valid (left unmapped).
[  721.146339][T14592] FAULT_INJECTION: forcing a failure.
[  721.146339][T14592] name failslab, interval 1, probability 0, space 0, times 0
[  721.159205][T14592] CPU: 0 UID: 0 PID: 14592 Comm: syz.2.2325 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  721.159233][T14592] Tainted: [L]=SOFTLOCKUP
[  721.159239][T14592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  721.159246][T14592] Call Trace:
[  721.159250][T14592]  <TASK>
[  721.159254][T14592]  dump_stack_lvl+0x100/0x190
[  721.159273][T14592]  should_fail_ex.cold+0x5/0xa
[  721.159283][T14592]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  721.159300][T14592]  should_failslab+0xc2/0x120
[  721.159315][T14592]  kmem_cache_alloc_noprof+0x83/0x780
[  721.159329][T14592]  ? skb_clone+0x190/0x400
[  721.159346][T14592]  ? skb_clone+0x190/0x400
[  721.159359][T14592]  skb_clone+0x190/0x400
[  721.159374][T14592]  netlink_deliver_tap+0xaed/0xcc0
[  721.159392][T14592]  netlink_unicast+0x650/0x870
[  721.159410][T14592]  ? __pfx_netlink_unicast+0x10/0x10
[  721.159431][T14592]  netlink_sendmsg+0x8b0/0xda0
[  721.159449][T14592]  ? __pfx_netlink_sendmsg+0x10/0x10
[  721.159464][T14592]  ? __might_fault+0x90/0x140
[  721.159480][T14592]  ____sys_sendmsg+0xa54/0xc30
[  721.159491][T14592]  ? __pfx_____sys_sendmsg+0x10/0x10
[  721.159503][T14592]  ? __pfx___schedule+0x10/0x10
[  721.159518][T14592]  ___sys_sendmsg+0x190/0x1e0
[  721.159529][T14592]  ? __pfx____sys_sendmsg+0x10/0x10
[  721.159540][T14592]  ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90
[  721.159568][T14592]  __sys_sendmsg+0x170/0x220
[  721.159583][T14592]  ? __pfx___sys_sendmsg+0x10/0x10
[  721.159605][T14592]  do_syscall_64+0xc9/0xf80
[  721.159618][T14592]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.159629][T14592] RIP: 0033:0x7fa482f9aeb9
[  721.159638][T14592] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  721.159649][T14592] RSP: 002b:00007fa483e29028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  721.159660][T14592] RAX: ffffffffffffffda RBX: 00007fa483216090 RCX: 00007fa482f9aeb9
[  721.159666][T14592] RDX: 0000000000000084 RSI: 0000200000000080 RDI: 0000000000000004
[  721.159672][T14592] RBP: 00007fa483e29090 R08: 0000000000000000 R09: 0000000000000000
[  721.159678][T14592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  721.159684][T14592] R13: 00007fa483216128 R14: 00007fa483216090 R15: 00007ffd51b60238
[  721.159698][T14592]  </TASK>
[  722.091125][   T30] audit: type=1400 audit(1770407625.128:906): avc:  denied  { relabelto } for  pid=14581 comm="syz.3.2323" name="468" dev="tmpfs" ino=2441 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  722.400181][   T30] audit: type=1400 audit(1770407625.128:907): avc:  denied  { associate } for  pid=14581 comm="syz.3.2323" name="468" dev="tmpfs" ino=2441 scontext=system_u:object_r:unlabeled_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 srawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  722.428849][   T30] audit: type=1400 audit(1770407626.228:908): avc:  denied  { remove_name } for  pid=5808 comm="syz-executor" name="binderfs" dev="tmpfs" ino=2445 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  722.536284][   T30] audit: type=1400 audit(1770407626.558:909): avc:  denied  { rmdir } for  pid=5808 comm="syz-executor" name="468" dev="tmpfs" ino=2441 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:systemd_logger_exec_t:s0"
[  722.669057][T14603] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2329'.
[  722.933386][T14606] serio: Serial port ptm1
[  723.111208][T14609] FAULT_INJECTION: forcing a failure.
[  723.111208][T14609] name failslab, interval 1, probability 0, space 0, times 0
[  723.154502][T14609] CPU: 1 UID: 0 PID: 14609 Comm: syz.0.2331 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  723.154531][T14609] Tainted: [L]=SOFTLOCKUP
[  723.154536][T14609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  723.154545][T14609] Call Trace:
[  723.154548][T14609]  <TASK>
[  723.154553][T14609]  dump_stack_lvl+0x100/0x190
[  723.154571][T14609]  should_fail_ex.cold+0x5/0xa
[  723.154584][T14609]  should_failslab+0xc2/0x120
[  723.154599][T14609]  ? tomoyo_realpath_from_path+0xb6/0x690
[  723.154611][T14609]  __kmalloc_noprof+0xf6/0x9c0
[  723.154625][T14609]  ? tomoyo_realpath_from_path+0xb6/0x690
[  723.154637][T14609]  tomoyo_realpath_from_path+0xb6/0x690
[  723.154652][T14609]  tomoyo_path_number_perm+0x23c/0x580
[  723.154668][T14609]  ? tomoyo_path_number_perm+0x22e/0x580
[  723.154686][T14609]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  723.154716][T14609]  ? find_held_lock+0x2b/0x80
[  723.154730][T14609]  ? hook_file_ioctl_common+0x146/0x410
[  723.154743][T14609]  ? __fget_files+0x215/0x3d0
[  723.154758][T14609]  ? __fget_files+0x21f/0x3d0
[  723.154773][T14609]  security_file_ioctl+0xd3/0x230
[  723.154790][T14609]  __x64_sys_ioctl+0xb7/0x210
[  723.154802][T14609]  do_syscall_64+0xc9/0xf80
[  723.154816][T14609]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  723.154827][T14609] RIP: 0033:0x7fa6c479aeb9
[  723.154837][T14609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  723.154848][T14609] RSP: 002b:00007fa6c559d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  723.154858][T14609] RAX: ffffffffffffffda RBX: 00007fa6c4a15fa0 RCX: 00007fa6c479aeb9
[  723.154865][T14609] RDX: 0000200000000180 RSI: 0000000080085504 RDI: 0000000000000003
[  723.154871][T14609] RBP: 00007fa6c559d090 R08: 0000000000000000 R09: 0000000000000000
[  723.154877][T14609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  723.154883][T14609] R13: 00007fa6c4a16038 R14: 00007fa6c4a15fa0 R15: 00007ffe49782e88
[  723.154897][T14609]  </TASK>
[  723.157551][T14609] ERROR: Out of memory at tomoyo_realpath_from_path.
[  723.370754][T14609] usb usb8: usbfs: process 14609 (syz.0.2331) did not claim interface 0 before use
[  723.527179][T14611] input: syz1 as /devices/virtual/input/input52
[  723.996135][T14611] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  725.318695][T14625] vxfs: unable to read disk superblock at 1
[  725.325518][T14625] vxfs: unable to read disk superblock at 8
[  725.432579][T14625] vxfs: can't find superblock.
[  725.987002][   T30] audit: type=1400 audit(1770407629.978:910): avc:  denied  { write } for  pid=14624 comm="syz.2.2328" name="random" dev="devtmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  726.393278][ T5917] usb 5-1: new full-speed USB device number 61 using dummy_hcd
[  726.652667][ T5917] usb 5-1: no configurations
[  726.660030][ T5917] usb 5-1: can't read configurations, error -22
[  726.914346][ T5917] usb 5-1: new full-speed USB device number 62 using dummy_hcd
[  727.121280][ T5917] usb 5-1: no configurations
[  727.131357][ T5917] usb 5-1: can't read configurations, error -22
[  727.170634][ T5917] usb usb5-port1: attempt power cycle
[  727.521027][ T5917] usb 5-1: new full-speed USB device number 63 using dummy_hcd
[  727.683543][T14656] binder: 14649:14656 ioctl 4018620d 0 returned -22
[  727.760456][ T5917] usb 5-1: no configurations
[  727.769574][ T5917] usb 5-1: can't read configurations, error -22
[  727.771421][    T9] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[  727.910634][ T5917] usb 5-1: new full-speed USB device number 64 using dummy_hcd
[  727.931672][ T5917] usb 5-1: no configurations
[  727.936366][ T5917] usb 5-1: can't read configurations, error -22
[  727.944492][ T5917] usb usb5-port1: unable to enumerate USB device
[  727.970896][    T9] usb 1-1: Using ep0 maxpacket: 16
[  728.223815][    T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  728.280008][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  728.639132][    T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  728.648455][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.673184][    T9] usb 1-1: Product: syz
[  728.678002][    T9] usb 1-1: Manufacturer: syz
[  728.958885][    T9] usb 1-1: SerialNumber: syz
[  728.969208][    T9] usb 1-1: config 0 descriptor??
[  728.976817][    T9] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  728.986560][    T9] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class)
[  729.036402][T14673] input: syz1 as /devices/virtual/input/input53
[  729.188598][T14675] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  730.023743][T14678] vivid-000: kernel_thread() failed
[  730.199545][T14656] binder: 14649:14656 ioctl d000941e 0 returned -22
[  730.375215][    T9] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  730.908448][T14685] vxfs: unable to read disk superblock at 1
[  730.919568][T14685] vxfs: unable to read disk superblock at 8
[  730.927310][T14685] vxfs: can't find superblock.
[  730.941550][    T9] em28xx 1-1:0.0: Config register raw data: 0xfffffffb
[  731.129637][    T9] em28xx 1-1:0.0: AC97 chip type couldn't be determined
[  731.164814][    T9] em28xx 1-1:0.0: No AC97 audio processor
[  732.066050][T14704] 8021q: adding VLAN 0 to HW filter on device bond2
[  732.095354][T14704] bond_slave_0: entered promiscuous mode
[  732.101216][T14704] bond_slave_1: entered promiscuous mode
[  732.204488][T14704] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  732.280720][   T43] usb 1-1: USB disconnect, device number 83
[  732.287163][   T43] em28xx 1-1:0.0: Disconnecting em28xx
[  732.304739][T14704] bond2: (slave macvlan2): Enslaving as a backup interface with an up link
[  732.312906][   T43] em28xx 1-1:0.0: Freeing device
[  733.980246][ T5884] usb 5-1: new high-speed USB device number 65 using dummy_hcd
[  734.158017][T14734] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2360'.
[  734.232378][ T5884] usb 5-1: Using ep0 maxpacket: 16
[  734.239141][ T5884] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  734.261943][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  734.306715][ T5884] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  734.315857][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.352667][T14733] netlink: 'syz.3.2360': attribute type 10 has an invalid length.
[  734.363697][ T5884] usb 5-1: Product: syz
[  734.368462][ T5884] usb 5-1: Manufacturer: syz
[  734.380945][ T5884] usb 5-1: SerialNumber: syz
[  734.555622][ T5884] usb 5-1: config 0 descriptor??
[  734.577048][ T5884] em28xx 5-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers !
[  735.504935][T14748] vxfs: unable to read disk superblock at 1
[  735.511397][T14748] vxfs: unable to read disk superblock at 8
[  735.517814][T14748] vxfs: can't find superblock.
[  736.098040][T14764] virt_wifi0 speed is unknown, defaulting to 1000
[  736.168380][T14768] FAULT_INJECTION: forcing a failure.
[  736.168380][T14768] name failslab, interval 1, probability 0, space 0, times 0
[  736.168947][T14764] lo speed is unknown, defaulting to 1000
[  736.181361][T14768] CPU: 0 UID: 0 PID: 14768 Comm: syz.0.2367 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  736.181386][T14768] Tainted: [L]=SOFTLOCKUP
[  736.181392][T14768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  736.181401][T14768] Call Trace:
[  736.181406][T14768]  <TASK>
[  736.181412][T14768]  dump_stack_lvl+0x100/0x190
[  736.181437][T14768]  should_fail_ex.cold+0x5/0xa
[  736.181455][T14768]  should_failslab+0xc2/0x120
[  736.181474][T14768]  ? tomoyo_realpath_from_path+0xb6/0x690
[  736.181492][T14768]  __kmalloc_noprof+0xf6/0x9c0
[  736.181513][T14768]  ? tomoyo_realpath_from_path+0xb6/0x690
[  736.181530][T14768]  tomoyo_realpath_from_path+0xb6/0x690
[  736.181551][T14768]  tomoyo_path_number_perm+0x23c/0x580
[  736.181573][T14768]  ? tomoyo_path_number_perm+0x22e/0x580
[  736.181597][T14768]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  736.181642][T14768]  ? find_held_lock+0x2b/0x80
[  736.181661][T14768]  ? hook_file_ioctl_common+0x146/0x410
[  736.181679][T14768]  ? __fget_files+0x215/0x3d0
[  736.181702][T14768]  ? __fget_files+0x21f/0x3d0
[  736.181723][T14768]  security_file_ioctl+0xd3/0x230
[  736.181740][T14768]  __x64_sys_ioctl+0xb7/0x210
[  736.181758][T14768]  do_syscall_64+0xc9/0xf80
[  736.181776][T14768]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.181792][T14768] RIP: 0033:0x7fa6c479aeb9
[  736.181804][T14768] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  736.181819][T14768] RSP: 002b:00007fa6c559d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  736.181835][T14768] RAX: ffffffffffffffda RBX: 00007fa6c4a15fa0 RCX: 00007fa6c479aeb9
[  736.181845][T14768] RDX: 00002000000004c0 RSI: 00000000c0845657 RDI: 0000000000000003
[  736.181854][T14768] RBP: 00007fa6c559d090 R08: 0000000000000000 R09: 0000000000000000
[  736.181862][T14768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.181871][T14768] R13: 00007fa6c4a16038 R14: 00007fa6c4a15fa0 R15: 00007ffe49782e88
[  736.181897][T14768]  </TASK>
[  736.181904][T14768] ERROR: Out of memory at tomoyo_realpath_from_path.
[  736.452665][   T43] usb 5-1: USB disconnect, device number 65
[  737.024788][T14782] input: syz1 as /devices/virtual/input/input54
[  737.254397][T14786] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  738.960605][   T30] audit: type=1400 audit(1770407643.358:911): avc:  denied  { read } for  pid=14790 comm="syz.1.2374" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  739.510729][T13301] usb 4-1: new high-speed USB device number 71 using dummy_hcd
[  739.840601][T13301] usb 4-1: Using ep0 maxpacket: 32
[  739.850355][T13301] usb 4-1: config 0 has an invalid interface number: 136 but max is 0
[  739.870340][T13301] usb 4-1: config 0 has no interface number 0
[  740.240322][T13301] usb 4-1: config 0 interface 136 altsetting 0 bulk endpoint 0xA has invalid maxpacket 32
[  740.268614][T13301] usb 4-1: config 0 interface 136 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  740.337004][T13301] usb 4-1: config 0 interface 136 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  740.501639][T13301] usb 4-1: New USB device found, idVendor=10cf, idProduct=8063, bcdDevice=d1.d2
[  740.513692][T13301] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  740.532111][T13301] usb 4-1: Product: syz
[  740.552880][T13301] usb 4-1: Manufacturer: syz
[  740.610574][T13301] usb 4-1: SerialNumber: syz
[  740.682004][T13301] usb 4-1: config 0 descriptor??
[  740.699282][T14804] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  740.714087][T13301] vmk80xx 4-1:0.136: driver 'vmk80xx' failed to auto-configure device.
[  740.723857][T13301] vmk80xx 4-1:0.136: probe with driver vmk80xx failed with error -22
[  741.392300][T14836] o2cb: This node has not been configured.
[  741.398239][T14836] o2cb: Cluster check failed. Fix errors before retrying.
[  741.405454][T14836] (syz.2.2382,14836,1):user_dlm_register:674 ERROR: status = -22
[  741.413224][T14836] (syz.2.2382,14836,1):dlmfs_mkdir:437 ERROR: Error -22 could not register domain "file0"
[  741.565870][   T30] audit: type=1400 audit(1770407645.808:912): avc:  denied  { mount } for  pid=14831 comm="syz.2.2382" name="/" dev="ocfs2_dlmfs" ino=52249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  741.592034][T12614] usb 4-1: USB disconnect, device number 71
[  741.617462][   T30] audit: type=1400 audit(1770407645.818:913): avc:  denied  { add_name } for  pid=14831 comm="syz.2.2382" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  741.644044][   T30] audit: type=1400 audit(1770407645.818:914): avc:  denied  { create } for  pid=14831 comm="syz.2.2382" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1
[  741.665710][   T30] audit: type=1400 audit(1770407645.818:915): avc:  denied  { associate } for  pid=14831 comm="syz.2.2382" name="file0" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  741.769373][T14842] xt_hashlimit: size too large, truncated to 1048576
[  741.940596][   T43] usb 1-1: new low-speed USB device number 84 using dummy_hcd
[  743.018635][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  743.030563][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  743.076901][   T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  743.088616][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  743.110949][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  743.118362][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  743.158683][   T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  743.191725][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  743.205637][   T43] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  743.217097][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  743.232570][   T43] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  743.248848][   T43] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  743.268023][   T43] usb 1-1: string descriptor 0 read error: -22
[  743.345174][   T43] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  743.360613][   T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  743.382239][   T43] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  746.845172][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  746.861277][T14898] input: syz1 as /devices/virtual/input/input55
[  747.047399][T14901] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  747.793411][  T977] usb 1-1: USB disconnect, device number 84
[  748.635064][T14909] ./cgroup: Can't lookup blockdev
[  749.868782][T14926] netlink: 'syz.0.2405': attribute type 10 has an invalid length.
[  749.932108][T14928] netlink: 'syz.1.2406': attribute type 10 has an invalid length.
[  752.513193][T13301] usb 4-1: new high-speed USB device number 72 using dummy_hcd
[  752.740655][T13301] usb 4-1: Using ep0 maxpacket: 32
[  752.777497][T13301] usb 4-1: config index 0 descriptor too short (expected 35577, got 27)
[  752.805536][T14948] syzkaller0: entered promiscuous mode
[  752.816933][T14948] syzkaller0: entered allmulticast mode
[  752.827059][T13301] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  752.900858][T13301] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92
[  752.929333][T13301] usb 4-1: config 1 has no interface number 0
[  752.946963][T13301] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  752.990171][T13301] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  753.059460][T13301] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  753.070643][    T9] usb 1-1: new high-speed USB device number 85 using dummy_hcd
[  753.078536][T13301] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  753.183576][T13301] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found
[  753.202782][    T9] usb 1-1: device descriptor read/64, error -71
[  754.060633][    T9] usb 1-1: new high-speed USB device number 86 using dummy_hcd
[  754.189759][T14960] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2414'.
[  754.220840][    T9] usb 1-1: device descriptor read/64, error -71
[  754.679592][    T9] usb usb1-port1: attempt power cycle
[  755.609930][    T9] usb 1-1: new high-speed USB device number 87 using dummy_hcd
[  755.632260][    T9] usb 1-1: device descriptor read/8, error -71
[  755.904067][    T9] usb 1-1: new high-speed USB device number 88 using dummy_hcd
[  756.230667][    T9] usb 1-1: device descriptor read/8, error -71
[  756.340803][    T9] usb usb1-port1: unable to enumerate USB device
[  756.457788][T14991] netlink: 'syz.1.2422': attribute type 10 has an invalid length.
[  756.899056][T14995] syzkaller0: entered promiscuous mode
[  756.917541][T13301] snd_usb_pod 4-1:1.1: set_interface failed
[  756.926264][T14995] syzkaller0: entered allmulticast mode
[  756.945251][T13301] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected
[  757.009710][T13301] snd_usb_pod 4-1:1.1: probe with driver snd_usb_pod failed with error -71
[  757.122379][T13301] usb 4-1: USB disconnect, device number 72
[  757.827956][T14999] evm: overlay not supported
[  757.836637][   T30] audit: type=1400 audit(1770407662.258:916): avc:  denied  { watch } for  pid=14997 comm="syz.3.2424" path="/489/bus/file1" dev="overlay" ino=2562 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  758.184399][T15011] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2426'.
[  758.881418][T15022] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2429'.
[  760.304162][T15037] ./cgroup: Can't lookup blockdev
[  760.397404][T15039] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2433'.
[  760.867768][   T30] audit: type=1400 audit(1770407665.288:917): avc:  denied  { read } for  pid=15033 comm="syz.3.2433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  760.911098][  T977] usb 2-1: new high-speed USB device number 71 using dummy_hcd
[  761.070820][  T977] usb 2-1: Using ep0 maxpacket: 16
[  761.078119][  T977] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  761.088104][  T977] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  761.098664][  T977] usb 2-1: config 0 has no interface number 0
[  761.107534][  T977] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  761.120417][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  761.129644][  T977] usb 2-1: Product: syz
[  761.151778][  T977] usb 2-1: Manufacturer: syz
[  761.166251][  T977] usb 2-1: SerialNumber: syz
[  761.281298][  T977] usb 2-1: config 0 descriptor??
[  761.303369][  T977] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046c:14e8)
[  761.315873][  T977] uvcvideo 2-1:0.105: No valid video chain found.
[  761.927980][T15051] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2437'.
[  761.941431][T15051] netlink: 'syz.4.2437': attribute type 10 has an invalid length.
[  761.949545][T15051] bridge0: left allmulticast mode
[  762.169279][  T977] usb 2-1: USB disconnect, device number 71
[  762.460970][T15062] veth0: entered promiscuous mode
[  762.468766][T15062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2439'.
[  762.483845][T15062] veth0 (unregistering): left promiscuous mode
[  763.337994][T15074] netlink: 'syz.1.2443': attribute type 10 has an invalid length.
[  763.367283][   T30] audit: type=1400 audit(1770407667.778:918): avc:  denied  { mounton } for  pid=15070 comm="syz.2.2442" path="/535/file1/file0" dev="autofs" ino=52620 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=dir permissive=1
[  764.123374][T15080] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2445'.
[  764.197436][T15085] ./cgroup: Can't lookup blockdev
[  765.365634][T15100] syzkaller0: entered promiscuous mode
[  765.418577][T15100] syzkaller0: entered allmulticast mode
[  766.100776][T15111] FAULT_INJECTION: forcing a failure.
[  766.100776][T15111] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  766.125986][T15111] CPU: 1 UID: 0 PID: 15111 Comm: syz.1.2454 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  766.126017][T15111] Tainted: [L]=SOFTLOCKUP
[  766.126024][T15111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  766.126035][T15111] Call Trace:
[  766.126041][T15111]  <TASK>
[  766.126048][T15111]  dump_stack_lvl+0x100/0x190
[  766.126076][T15111]  should_fail_ex.cold+0x5/0xa
[  766.126097][T15111]  _copy_to_user+0x32/0xd0
[  766.126123][T15111]  simple_read_from_buffer+0xcb/0x170
[  766.126148][T15111]  proc_fail_nth_read+0x1af/0x230
[  766.126175][T15111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.126201][T15111]  ? rw_verify_area+0xce/0x6d0
[  766.126219][T15111]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  766.126243][T15111]  vfs_read+0x1e4/0xb30
[  766.126263][T15111]  ? __pfx_vfs_read+0x10/0x10
[  766.126277][T15111]  ? find_held_lock+0x2b/0x80
[  766.126298][T15111]  ? __fget_files+0x215/0x3d0
[  766.126331][T15111]  ? __fget_files+0x21f/0x3d0
[  766.126356][T15111]  ksys_read+0x12a/0x250
[  766.126375][T15111]  ? __pfx_ksys_read+0x10/0x10
[  766.126393][T15111]  ? fdget+0x18b/0x210
[  766.126415][T15111]  do_syscall_64+0xc9/0xf80
[  766.126438][T15111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  766.126455][T15111] RIP: 0033:0x7f790d55b78e
[  766.126470][T15111] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  766.126484][T15111] RSP: 002b:00007f790e3b7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  766.126500][T15111] RAX: ffffffffffffffda RBX: 00007f790e3b86c0 RCX: 00007f790d55b78e
[  766.126511][T15111] RDX: 000000000000000f RSI: 00007f790e3b80a0 RDI: 0000000000000004
[  766.126521][T15111] RBP: 00007f790e3b8090 R08: 0000000000000000 R09: 0000000000000000
[  766.126530][T15111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  766.126540][T15111] R13: 00007f790d816128 R14: 00007f790d816090 R15: 00007ffd0298f068
[  766.126563][T15111]  </TASK>
[  766.366878][T15109] NFSD: Failed to start, no listeners configured.
[  766.488396][T15118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  766.550400][T15118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  766.561897][T15118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  766.575615][T15118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  766.586419][T15118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2457'.
[  766.803931][   T30] audit: type=1400 audit(1770407671.118:919): avc:  denied  { ioctl } for  pid=15115 comm="syz.1.2457" path="/dev/fuse" dev="devtmpfs" ino=99 ioctlcmd=0x940c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  766.967574][   T30] audit: type=1400 audit(1770407671.388:920): avc:  denied  { unmount } for  pid=5807 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  767.290699][   T43] usb 2-1: new high-speed USB device number 72 using dummy_hcd
[  767.440657][   T43] usb 2-1: Using ep0 maxpacket: 16
[  767.449476][   T43] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  767.458829][   T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  767.467782][   T43] usb 2-1: Product: syz
[  767.473106][   T43] usb 2-1: Manufacturer: syz
[  767.478017][   T43] usb 2-1: SerialNumber: syz
[  767.494482][   T43] usb 2-1: config 0 descriptor??
[  767.502502][   T43] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  768.126040][T15141] syzkaller0: entered promiscuous mode
[  768.138818][T15141] syzkaller0: entered allmulticast mode
[  768.362879][T15147] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  768.381688][T15147] syzkaller0: entered promiscuous mode
[  768.387966][T15147] syzkaller0: entered allmulticast mode
[  768.432844][T15147] tipc: Resetting bearer <eth:syzkaller0>
[  768.512454][T15146] tipc: Resetting bearer <eth:syzkaller0>
[  768.577475][T15146] tipc: Disabling bearer <eth:syzkaller0>
[  768.594707][   T43] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71
[  768.606558][   T43] usb 2-1: USB disconnect, device number 72
[  770.500801][T12614] usb 4-1: new full-speed USB device number 73 using dummy_hcd
[  770.689898][T12614] usb 4-1: unable to read config index 0 descriptor/start: -61
[  770.930807][T12614] usb 4-1: can't read configurations, error -61
[  771.080648][ T5884] usb 2-1: new high-speed USB device number 73 using dummy_hcd
[  771.088296][T12614] usb 4-1: new full-speed USB device number 74 using dummy_hcd
[  771.111744][T15187] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2476'.
[  771.250575][ T5884] usb 2-1: Using ep0 maxpacket: 32
[  771.258686][T12614] usb 4-1: unable to read config index 0 descriptor/start: -61
[  771.272038][ T5884] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  771.283922][T12614] usb 4-1: can't read configurations, error -61
[  771.294870][T12614] usb usb4-port1: attempt power cycle
[  771.300535][ T5884] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  771.300575][  T977] usb 5-1: new high-speed USB device number 66 using dummy_hcd
[  771.331750][ T5884] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  771.360710][ T5884] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  771.400569][ T5884] usb 2-1: config 0 interface 0 has no altsetting 0
[  771.432411][ T5884] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  771.448380][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  771.477859][ T5884] usb 2-1: config 0 descriptor??
[  771.485912][  T977] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  771.495157][  T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  771.783571][T12614] usb 4-1: new full-speed USB device number 75 using dummy_hcd
[  771.817543][  T977] usb 5-1: Product: syz
[  771.832054][  T977] usb 5-1: Manufacturer: syz
[  771.833042][T12614] usb 4-1: unable to read config index 0 descriptor/start: -61
[  771.846894][T12614] usb 4-1: can't read configurations, error -61
[  771.847337][  T977] usb 5-1: SerialNumber: syz
[  771.880375][  T977] usb 5-1: config 0 descriptor??
[  771.896983][  T977] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 066
[  771.916184][ T5884] hid-thrustmaster 0003:044F:B65D.0069: item fetching failed at offset 3/5
[  771.938303][ T5884] hid-thrustmaster 0003:044F:B65D.0069: parse failed with error -22
[  771.960795][ T5884] hid-thrustmaster 0003:044F:B65D.0069: probe with driver hid-thrustmaster failed with error -22
[  771.990617][T12614] usb 4-1: new full-speed USB device number 76 using dummy_hcd
[  772.024643][T12614] usb 4-1: unable to read config index 0 descriptor/start: -61
[  772.040800][T12614] usb 4-1: can't read configurations, error -61
[  772.072832][T12614] usb usb4-port1: unable to enumerate USB device
[  772.139534][T15189] Dead loop on virtual device ip6_vti0, fix it urgently!
[  772.321149][  T977]  (null): failure reading functionality
[  772.333925][  T977] i2c i2c-1: connected i2c-tiny-usb device
[  772.680070][  T977] usb 5-1: USB disconnect, device number 66
[  773.265131][T15202] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  773.283170][T15202] syzkaller0: entered promiscuous mode
[  773.297128][T15202] syzkaller0: entered allmulticast mode
[  773.323827][T15202] tipc: Resetting bearer <eth:syzkaller0>
[  773.334988][T15201] tipc: Resetting bearer <eth:syzkaller0>
[  773.356663][T15201] tipc: Disabling bearer <eth:syzkaller0>
[  773.743035][ T5884] usb 2-1: USB disconnect, device number 73
[  773.977008][T15215] input: syz1 as /devices/virtual/input/input57
[  774.333359][T15218] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  775.856918][T15237] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2488'.
[  777.135690][  T977] libceph: connect (1)[c::]:6789 error -101
[  777.142648][  T977] libceph: mon0 (1)[c::]:6789 connect error
[  777.404100][T13301] libceph: connect (1)[c::]:6789 error -101
[  777.413860][T13301] libceph: mon0 (1)[c::]:6789 connect error
[  777.443160][T15254] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  777.452181][T15254] syzkaller0: entered promiscuous mode
[  777.457757][T15254] syzkaller0: entered allmulticast mode
[  777.485347][T15254] tipc: Resetting bearer <eth:syzkaller0>
[  777.494415][T15253] tipc: Resetting bearer <eth:syzkaller0>
[  777.513008][  T977] usb 1-1: new full-speed USB device number 89 using dummy_hcd
[  777.524495][T15253] tipc: Disabling bearer <eth:syzkaller0>
[  777.658583][T15248] ceph: No mds server is up or the cluster is laggy
[  777.750436][  T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  777.762517][  T977] usb 1-1: config 0 has no interfaces?
[  777.768036][  T977] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  777.777474][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.791235][  T977] usb 1-1: config 0 descriptor??
[  778.386092][ T5884] usb 1-1: USB disconnect, device number 89
[  779.531989][T13341] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  779.543001][T13341] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  779.563417][T13341] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  779.571690][T13341] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  779.588068][T13341] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  779.609847][   T30] audit: type=1400 audit(1770407684.028:921): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[  779.639741][T15280] virt_wifi0 speed is unknown, defaulting to 1000
[  779.702481][T15280] lo speed is unknown, defaulting to 1000
[  780.188800][T15290] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2501'.
[  780.310672][T12614] usb 1-1: new high-speed USB device number 90 using dummy_hcd
[  780.322894][T15280] chnl_net:caif_netlink_parms(): no params data found
[  780.491646][T12614] usb 1-1: Using ep0 maxpacket: 32
[  780.492086][ T8803] syz_tun (unregistering): left allmulticast mode
[  780.511483][T12614] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  780.538030][T12614] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  780.568434][T12614] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  780.596360][T12614] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  780.662342][T12614] usb 1-1: config 0 descriptor??
[  780.682019][T12614] hub 1-1:0.0: USB hub found
[  780.727216][ T8192] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  780.812808][T15303] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  780.836624][T15305] veth0: entered allmulticast mode
[  780.871724][T15300] syzkaller0: entered promiscuous mode
[  780.877221][T15300] syzkaller0: entered allmulticast mode
[  780.887977][T12614] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  780.903236][T15308] ipip1: entered promiscuous mode
[  781.213429][ T8192] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.254023][T15300] tipc: Resetting bearer <eth:syzkaller0>
[  781.285277][T15280] bridge0: port 1(bridge_slave_0) entered blocking state
[  781.299346][T15280] bridge0: port 1(bridge_slave_0) entered disabled state
[  781.317337][T15280] bridge_slave_0: entered allmulticast mode
[  781.572648][T15280] bridge_slave_0: entered promiscuous mode
[  781.651448][ T5817] Bluetooth: hci5: command tx timeout
[  781.661189][T12614] hid-generic 0003:046D:C31C.006A: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0
[  781.686696][ T8192] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  781.752556][T15299] tipc: Resetting bearer <eth:syzkaller0>
[  782.321770][T15299] tipc: Disabling bearer <eth:syzkaller0>
[  782.450452][T12614] usb 1-1: USB disconnect, device number 90
[  782.496526][T15280] bridge0: port 2(bridge_slave_1) entered blocking state
[  782.511399][T15280] bridge0: port 2(bridge_slave_1) entered disabled state
[  782.522447][T15280] bridge_slave_1: entered allmulticast mode
[  782.529465][T15280] bridge_slave_1: entered promiscuous mode
[  782.568924][ T8192] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  782.607826][T15332] Dead loop on virtual device ip6_vti0, fix it urgently!
[  782.685020][T15280] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  782.960815][T15280] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  783.172088][T15280] team0: Port device team_slave_0 added
[  783.180868][T15343] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2513'.
[  783.185379][T15280] team0: Port device team_slave_1 added
[  783.190002][T15343] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2513'.
[  783.285787][T15280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  783.294625][T15280] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  783.321677][T15280] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  783.372267][   T30] audit: type=1400 audit(1770407687.798:922): avc:  denied  { read } for  pid=5475 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1
[  783.393641][T15280] batman_adv: batadv0: Adding interface: batadv_slave_1
[  783.410581][T15280] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  783.470616][T12614] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  783.474656][   T43] hid-generic 0005:0006:5508.006B: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  783.530799][T15280] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  783.679802][   T30] audit: type=1400 audit(1770407688.098:923): avc:  denied  { search } for  pid=5475 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  783.751906][T12614] usb 5-1: Using ep0 maxpacket: 16
[  783.757227][ T5817] Bluetooth: hci5: command tx timeout
[  783.815740][   T30] audit: type=1400 audit(1770407688.098:924): avc:  denied  { search } for  pid=5475 comm="dhcpcd" name="udev" dev="tmpfs" ino=9 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  783.860642][   T30] audit: type=1400 audit(1770407688.098:925): avc:  denied  { search } for  pid=5475 comm="dhcpcd" name="data" dev="tmpfs" ino=14 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  783.886086][   T30] audit: type=1400 audit(1770407688.098:926): avc:  denied  { read } for  pid=5475 comm="dhcpcd" name="n100" dev="tmpfs" ino=9225 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  783.938930][T12614] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  783.951364][T12614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  783.971601][   T30] audit: type=1400 audit(1770407688.098:927): avc:  denied  { open } for  pid=5475 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=9225 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  783.977455][T15351] [U] ^H
[  784.124435][T12614] usb 5-1: Product: syz
[  784.126989][T15357] fido_id[15357]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci5/hci5:200/report_descriptor': No such file or directory
[  784.128626][T12614] usb 5-1: Manufacturer: syz
[  784.172067][   T30] audit: type=1400 audit(1770407688.098:928): avc:  denied  { getattr } for  pid=5475 comm="dhcpcd" path="/run/udev/data/n100" dev="tmpfs" ino=9225 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  784.191648][T15280] hsr_slave_0: entered promiscuous mode
[  784.195497][T12614] usb 5-1: SerialNumber: syz
[  784.490207][T12614] usb 5-1: config 0 descriptor??
[  784.496644][T12614] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  784.901856][T12614] ssu100 5-1:0.0: probe with driver ssu100 failed with error -110
[  784.975401][T15280] hsr_slave_1: entered promiscuous mode
[  785.030175][T15280] debugfs: 'hsr0' already exists in 'hsr'
[  785.039384][T15280] Cannot create hsr debugfs directory
[  785.053356][ T8192] bridge_slave_1: left allmulticast mode
[  785.067429][ T8192] bridge_slave_1: left promiscuous mode
[  785.089978][ T8192] bridge0: port 2(bridge_slave_1) entered disabled state
[  785.134275][ T8192] bridge_slave_0: left allmulticast mode
[  785.145712][ T8192] bridge0: port 1(bridge_slave_0) entered disabled state
[  785.270621][   T30] audit: type=1400 audit(1770407689.688:929): avc:  denied  { read open } for  pid=15381 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  785.349504][ T8192] bond_slave_0: left promiscuous mode
[  785.355395][   T30] audit: type=1400 audit(1770407689.688:930): avc:  denied  { getattr } for  pid=15381 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  785.411486][ T8192] bond_slave_1: left promiscuous mode
[  785.870824][ T5817] Bluetooth: hci5: command tx timeout
[  785.876656][   T30] audit: type=1400 audit(1770407689.848:931): avc:  denied  { listen } for  pid=15379 comm="syz.0.2522" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  786.140675][   T30] audit: type=1400 audit(1770407690.568:932): avc:  denied  { add_name } for  pid=15378 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  786.237453][   T43] usb 5-1: USB disconnect, device number 67
[  786.273137][   T30] audit: type=1400 audit(1770407690.568:933): avc:  denied  { create } for  pid=15378 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  786.608419][   T30] audit: type=1400 audit(1770407690.568:934): avc:  denied  { write } for  pid=15378 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf.eth1.link" dev="tmpfs" ino=9238 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  786.635275][T15399] input: syz1 as /devices/virtual/input/input58
[  786.731688][   T30] audit: type=1400 audit(1770407690.568:935): avc:  denied  { append } for  pid=15378 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" dev="tmpfs" ino=9238 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  787.018047][T15406] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  787.941000][T15413] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  787.950681][T13341] Bluetooth: hci5: command tx timeout
[  787.959565][   T30] audit: type=1400 audit(1770407692.368:936): avc:  denied  { remove_name } for  pid=15415 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=9238 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  787.993134][T15413] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  788.013599][ T8192] dvmrp0 (unregistering): left allmulticast mode
[  788.061289][   T30] audit: type=1400 audit(1770407692.368:937): avc:  denied  { unlink } for  pid=15415 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=9238 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[  788.521964][ T8192] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  788.663327][ T8192] bond2 (unregistering): (slave macvlan2): Removing an active aggregator
[  788.672847][ T8192] bond2 (unregistering): (slave macvlan2): Releasing backup interface
[  788.699264][ T8192] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  788.732645][ T8192] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  788.750628][ T8192] bond0 (unregistering): Released all slaves
[  788.759875][ T8192] bond1 (unregistering): Released all slaves
[  788.938951][ T8192] bond2 (unregistering): Released all slaves
[  789.573730][ T8192] tipc: Left network mode
[  792.414019][T15280] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  792.427482][T15280] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  792.746281][ T5883] usb 2-1: new high-speed USB device number 74 using dummy_hcd
[  792.942872][T15280] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  793.069974][ T5883] usb 2-1: Using ep0 maxpacket: 16
[  793.134920][ T5883] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  793.291045][ T5883] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  793.465685][ T5883] usb 2-1: config 0 has no interface number 0
[  793.506708][T15280] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  793.546428][ T5883] usb 2-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  793.556922][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  793.565827][ T5883] usb 2-1: Product: syz
[  793.570001][ T5883] usb 2-1: Manufacturer: syz
[  793.585462][ T5883] usb 2-1: SerialNumber: syz
[  793.599279][ T5883] usb 2-1: config 0 descriptor??
[  793.634117][ T5883] uvcvideo 2-1:0.105: Found UVC 0.00 device syz (046c:14e8)
[  793.642153][ T5883] uvcvideo 2-1:0.105: No valid video chain found.
[  793.861351][   T43] usb 2-1: USB disconnect, device number 74
[  793.869859][T15500] input: syz1 as /devices/virtual/input/input59
[  794.091117][   T30] audit: type=1400 audit(1770407698.508:938): avc:  denied  { bind } for  pid=15494 comm="syz.3.2540" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  794.287021][T15500] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  794.515692][T15280] 8021q: adding VLAN 0 to HW filter on device bond0
[  794.554918][T15280] 8021q: adding VLAN 0 to HW filter on device team0
[  794.602542][   T50] bridge0: port 1(bridge_slave_0) entered blocking state
[  794.609627][   T50] bridge0: port 1(bridge_slave_0) entered forwarding state
[  794.677674][   T50] bridge0: port 2(bridge_slave_1) entered blocking state
[  794.684799][   T50] bridge0: port 2(bridge_slave_1) entered forwarding state
[  794.761742][T15280] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  794.873762][T15280] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  795.405840][T13341] Bluetooth: hci0: unexpected event for opcode 0x201c
[  795.780576][T12614] usb 1-1: new high-speed USB device number 91 using dummy_hcd
[  795.952293][ T8192] hsr_slave_0: left promiscuous mode
[  795.970643][T12614] usb 1-1: Using ep0 maxpacket: 8
[  796.151355][ T8192] hsr_slave_1: left promiscuous mode
[  796.719015][T12614] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 15
[  796.810568][T12614] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  796.829029][T12614] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  796.840014][T12614] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  796.887371][T12614] usb 1-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[  796.926341][T12614] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.935149][T12614] usb 1-1: Product: syz
[  796.939547][T12614] usb 1-1: Manufacturer: syz
[  796.945265][T12614] usb 1-1: SerialNumber: syz
[  796.947315][ T8192] veth1_macvtap: left promiscuous mode
[  796.951864][T12614] usb 1-1: config 0 descriptor??
[  796.979539][T15525] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  796.983111][ T8192] veth0_macvtap: left promiscuous mode
[  796.999506][ T8192] veth1_vlan: left promiscuous mode
[  797.028858][ T8192] veth0_vlan: left promiscuous mode
[  797.167782][ T8192] team0 (unregistering): Port device batadv0 removed
[  797.362371][T12614] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  797.387737][T12614] input: Griffin SoundKnob as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input60
[  797.409474][    C0] powermate: config urb returned -71
[  797.415099][    C0] powermate: config urb returned -71
[  797.420704][    C0] powermate: config urb returned -71
[  797.426160][    C0] powermate: config urb returned -71
[  797.436757][T12614] usb 1-1: USB disconnect, device number 91
[  797.442744][    C0] powermate 1-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  797.753826][ T8192] team0 (unregistering): Port device team_slave_1 removed
[  797.797272][ T8192] team0 (unregistering): Port device team_slave_0 removed
[  798.557583][T15280] 8021q: adding VLAN 0 to HW filter on device batadv0
[  798.584570][T15555] IPVS: wrr: UDP 224.0.0.2:0 - no destination available
[  798.739332][ T8192] IPVS: stop unused estimator thread 0...
[  798.952978][T15571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2551'.
[  798.986926][T15571] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2551'.
[  799.099504][T15280] veth0_vlan: entered promiscuous mode
[  799.155136][T15280] veth1_vlan: entered promiscuous mode
[  799.321982][T15586] vxfs: unable to read disk superblock at 1
[  799.328114][T15586] vxfs: unable to read disk superblock at 8
[  799.334248][T15586] vxfs: can't find superblock.
[  800.317857][T15280] veth0_macvtap: entered promiscuous mode
[  800.328777][T15280] veth1_macvtap: entered promiscuous mode
[  800.341930][T15280] batman_adv: batadv0: Interface activated: batadv_slave_0
[  800.407433][T15280] batman_adv: batadv0: Interface activated: batadv_slave_1
[  800.424766][ T8183] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  800.729993][ T8183] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  800.770568][  T977] usb 1-1: new high-speed USB device number 92 using dummy_hcd
[  800.800639][ T8183] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  800.818022][ T8183] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  801.050646][  T977] usb 1-1: device descriptor read/64, error -71
[  801.264188][T15607] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2556'.
[  801.387441][ T8185] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  801.418827][ T8185] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  801.426258][  T977] usb 1-1: new high-speed USB device number 93 using dummy_hcd
[  801.554144][T15612] Dead loop on virtual device ip6_vti0, fix it urgently!
[  801.573476][ T8185] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  801.591790][  T977] usb 1-1: device descriptor read/64, error -71
[  801.601583][ T8185] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  801.638643][T15616] vxfs: unable to read disk superblock at 1
[  801.645735][T15616] vxfs: unable to read disk superblock at 8
[  801.652063][T15616] vxfs: can't find superblock.
[  801.731323][  T977] usb usb1-port1: attempt power cycle
[  801.893508][   T30] audit: type=1400 audit(1770407706.268:939): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/root/syzkaller.Pc1f5p/syz-tmp" dev="sda1" ino=2047 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1
[  802.130950][  T977] usb 1-1: new high-speed USB device number 94 using dummy_hcd
[  802.380814][   T30] audit: type=1400 audit(1770407706.598:940): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/root/syzkaller.Pc1f5p/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[  802.526406][  T977] usb 1-1: device not accepting address 94, error -71
[  802.827221][   T30] audit: type=1400 audit(1770407706.668:941): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/root/syzkaller.Pc1f5p/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=56446 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1
[  802.872991][T15624] netlink: 'syz.0.2559': attribute type 1 has an invalid length.
[  803.121575][   T30] audit: type=1400 audit(1770407707.018:942): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2784 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  803.144908][   T30] audit: type=1400 audit(1770407707.048:943): avc:  denied  { mount } for  pid=15280 comm="syz-executor" name="/" dev="gadgetfs" ino=7857 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nfs_t tclass=filesystem permissive=1
[  803.167995][   T30] audit: type=1400 audit(1770407707.168:944): avc:  denied  { mounton } for  pid=15280 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  803.354805][T15633] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2562'.
[  803.364011][T15633] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2562'.
[  804.592905][T15633] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2562'.
[  804.602587][T15633] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2562'.
[  804.866297][   T30] audit: type=1400 audit(1770407709.278:945): avc:  denied  { setattr } for  pid=15652 comm="syz.3.2565" name="fuse" dev="devtmpfs" ino=99 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1
[  805.100871][T15665] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2566'.
[  805.720776][T12614] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[  805.890696][T12614] usb 4-1: device descriptor read/64, error -71
[  806.130555][T12614] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[  806.190578][    T9] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  806.293668][T12614] usb 4-1: device descriptor read/64, error -71
[  806.301630][T15678] vxfs: unable to read disk superblock at 1
[  806.309558][T15678] vxfs: unable to read disk superblock at 8
[  806.315568][T15678] vxfs: can't find superblock.
[  806.377415][    T9] usb 5-1: Using ep0 maxpacket: 16
[  806.401877][    T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  806.475938][T12614] usb usb4-port1: attempt power cycle
[  806.576475][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  806.724447][    T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  806.817321][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  806.878964][    T9] usb 5-1: Product: syz
[  806.920661][T12614] usb 4-1: new high-speed USB device number 80 using dummy_hcd
[  806.931772][    T9] usb 5-1: Manufacturer: syz
[  806.967330][    T9] usb 5-1: SerialNumber: syz
[  806.995839][T12614] usb 4-1: device descriptor read/8, error -71
[  807.105547][    T9] usb 5-1: config 0 descriptor??
[  807.143595][    T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  807.198357][    T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  807.274121][T12614] usb 4-1: new high-speed USB device number 81 using dummy_hcd
[  807.286011][T15690] ./cgroup: Can't lookup blockdev
[  807.313034][ T5917] IPVS: starting estimator thread 0...
[  807.318972][T15688] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  807.474608][T12614] usb 4-1: device descriptor read/8, error -71
[  807.485249][T15692] IPVS: using max 75 ests per chain, 180000 per kthread
[  807.874801][T12614] usb usb4-port1: unable to enumerate USB device
[  808.182509][    T9] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  808.194925][    T9] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  808.204664][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  808.318235][T15710] netlink: 'syz.5.2576': attribute type 4 has an invalid length.
[  809.070366][    T9] em28xx 5-1:0.0: Unknown AC97 audio processor detected!
[  809.084824][    T9] em28xx 5-1:0.0: couldn't setup AC97 register 2
[  809.093601][    T9] em28xx 5-1:0.0: couldn't setup AC97 register 4
[  809.102440][    T9] em28xx 5-1:0.0: couldn't setup AC97 register 6
[  809.200713][ T5883] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  809.420606][ T5883] usb 6-1: Using ep0 maxpacket: 32
[  809.427238][ T5883] usb 6-1: config 0 has an invalid descriptor of length 72, skipping remainder of the config
[  809.441066][ T5883] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  809.454125][    T9] em28xx 5-1:0.0: couldn't setup AC97 register 54
[  809.454699][    T9] em28xx 5-1:0.0: couldn't setup AC97 register 56
[  809.555230][T15727] overlayfs: unescaped trailing colons in lowerdir mount option.
[  809.643980][T15728] /dev/nullb0: Can't lookup blockdev
[  809.907252][    T9] usb 5-1: USB disconnect, device number 68
[  809.930728][ T5883] usb 6-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00
[  809.940156][ T5883] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  809.969975][ T5883] usb 6-1: config 0 descriptor??
[  810.216202][ T5883] usb 6-1: string descriptor 0 read error: -71
[  810.226321][ T5883] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  810.238545][ T5883] usb 6-1: USB disconnect, device number 2
[  810.822194][ T5883] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  811.000742][ T5883] usb 5-1: Using ep0 maxpacket: 16
[  811.007191][ T5883] usb 5-1: config 0 has an invalid interface number: 105 but max is 0
[  811.097108][ T5883] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  811.491082][ T5883] usb 5-1: config 0 has no interface number 0
[  811.500264][ T5883] usb 5-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28
[  811.510371][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  811.537121][ T5883] usb 5-1: Product: syz
[  811.541700][ T5883] usb 5-1: Manufacturer: syz
[  811.546315][ T5883] usb 5-1: SerialNumber: syz
[  811.576975][ T5883] usb 5-1: config 0 descriptor??
[  811.588081][ T5883] uvcvideo 5-1:0.105: Found UVC 0.00 device syz (046c:14e8)
[  811.595495][ T5883] uvcvideo 5-1:0.105: No valid video chain found.
[  812.334294][T12614] usb 5-1: USB disconnect, device number 69
[  812.423228][T15765] Invalid logical block size (768)
[  812.975292][T15774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2590'.
[  814.216041][T15789] netlink: 'syz.0.2593': attribute type 10 has an invalid length.
[  814.980575][   T30] audit: type=1400 audit(1770407719.388:946): avc:  denied  { bind } for  pid=15800 comm="syz.0.2597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  815.044870][T15798] input: syz1 as /devices/virtual/input/input61
[  815.136670][T15808] vxfs: unable to read disk superblock at 1
[  815.147066][T15809] Bluetooth: MGMT ver 1.23
[  815.153014][T15808] vxfs: unable to read disk superblock at 8
[  815.158962][T15808] vxfs: can't find superblock.
[  815.351674][T15798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  816.092308][T15825] netlink: 68 bytes leftover after parsing attributes in process `syz.0.2602'.
[  816.248914][T15834] ./cgroup: Can't lookup blockdev
[  816.515610][T15842] input: syz1 as /devices/virtual/input/input62
[  816.693592][T15851] netlink: 'syz.0.2608': attribute type 10 has an invalid length.
[  816.962642][T15853] binder: BINDER_SET_CONTEXT_MGR already set
[  816.968904][T15853] binder: 15836:15853 ioctl 4018620d 200000004a80 returned -16
[  816.976956][   T30] audit: type=1400 audit(1770407721.378:947): avc:  denied  { set_context_mgr } for  pid=15836 comm="syz.3.2605" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  817.011568][T15853] binder: 15836:15853 ioctl c0306201 2000000001c0 returned -22
[  817.068161][T15852] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  818.213291][T15881] comedi comedi3: pcl818: I/O port conflict (0xcff,16)
[  819.813640][   T30] audit: type=1400 audit(1770407723.768:948): avc:  denied  { view } for  pid=15894 comm="syz.0.2617" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  820.179133][   T30] audit: type=1400 audit(1770407724.378:949): avc:  denied  { bind } for  pid=15897 comm="syz.3.2619" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  820.357237][T15913] netlink: 'syz.5.2620': attribute type 10 has an invalid length.
[  820.366567][T15913] bridge0: port 2(bridge_slave_1) entered disabled state
[  820.374885][T15913] bridge0: port 1(bridge_slave_0) entered disabled state
[  820.400625][T15913] bridge0: port 2(bridge_slave_1) entered blocking state
[  820.407961][T15913] bridge0: port 2(bridge_slave_1) entered forwarding state
[  820.415786][T15913] bridge0: port 1(bridge_slave_0) entered blocking state
[  820.423173][T15913] bridge0: port 1(bridge_slave_0) entered forwarding state
[  820.449451][T15913] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  820.737022][T15899] netlink: 'syz.3.2619': attribute type 1 has an invalid length.
[  820.744835][T15899] netlink: 'syz.3.2619': attribute type 2 has an invalid length.
[  820.752733][T15899] netlink: 'syz.3.2619': attribute type 1 has an invalid length.
[  820.760425][T15899] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2619'.
[  820.998882][T15920] dvmrp0: entered allmulticast mode
[  821.173496][T15915] dvmrp0: left allmulticast mode
[  821.580636][ T5869] usb 4-1: new high-speed USB device number 82 using dummy_hcd
[  821.749628][ T5869] usb 4-1: config 127 has an invalid interface number: 46 but max is 2
[  821.758634][ T5869] usb 4-1: config 127 has an invalid interface number: 96 but max is 2
[  821.767165][ T5869] usb 4-1: config 127 has an invalid interface number: 231 but max is 2
[  821.775839][ T5869] usb 4-1: config 127 contains an unexpected descriptor of type 0x2, skipping
[  821.791669][ T5869] usb 4-1: config 127 has no interface number 0
[  821.801502][ T5869] usb 4-1: config 127 has no interface number 1
[  821.808068][ T5869] usb 4-1: config 127 has no interface number 2
[  821.819032][ T5869] usb 4-1: config 127 interface 46 altsetting 99 endpoint 0x5 has invalid maxpacket 1023, setting to 64
[  821.833397][ T5869] usb 4-1: config 127 interface 46 altsetting 99 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  821.846136][ T5869] usb 4-1: config 127 interface 46 altsetting 99 has an invalid descriptor for endpoint zero, skipping
[  821.868232][ T5869] usb 4-1: config 127 interface 46 altsetting 99 endpoint 0x3 has invalid maxpacket 1024, setting to 64
[  821.906287][ T5869] usb 4-1: config 127 interface 46 altsetting 99 has an invalid descriptor for endpoint zero, skipping
[  821.939098][ T5869] usb 4-1: config 127 interface 46 altsetting 99 endpoint 0x6 has an invalid bInterval 128, changing to 11
[  821.958028][ T5869] usb 4-1: config 127 interface 96 altsetting 2 endpoint 0xF has invalid maxpacket 1023, setting to 64
[  821.969454][ T5869] usb 4-1: config 127 interface 96 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  821.980837][ T5869] usb 4-1: config 127 interface 96 altsetting 2 has an invalid descriptor for endpoint zero, skipping
[  821.993061][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x3, skipping
[  822.004285][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x4, skipping
[  822.015621][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has an invalid descriptor for endpoint zero, skipping
[  822.214260][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  822.277783][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x7, skipping
[  822.345829][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x3, skipping
[  822.369839][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x2, skipping
[  822.381687][T15956] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2631'.
[  822.392633][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x6, skipping
[  822.405122][ T5869] usb 4-1: config 127 interface 231 altsetting 4 has a duplicate endpoint with address 0x8, skipping
[  822.416548][ T5869] usb 4-1: config 127 interface 46 has no altsetting 0
[  822.446453][ T5869] usb 4-1: config 127 interface 96 has no altsetting 0
[  822.454820][ T5869] usb 4-1: config 127 interface 231 has no altsetting 0
[  822.472077][ T5869] usb 4-1: New USB device found, idVendor=0c52, idProduct=2831, bcdDevice=cd.bb
[  822.481330][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  822.489399][ T5869] usb 4-1: Product: ⺮៉此℻쀇沋锶ꠡ汐鐂刈ꡁᙴ⹞㜎퀴鐫禳鹏䟀ⴾ掻譬戠ղ跠ｒ賰㯵캢ᏼ鵏ꎤ棫មᑞẔ凳ﳷଇ쀜끑肗屚觍ﶱ膫偋㞲˷귊㶃ᔾ橭膨塞洫᪱퇢ẻ徣֬䏱ᆷ㉗ｼ밶
[  822.513512][ T5869] usb 4-1: Manufacturer: ᠊
[  822.521309][ T5869] usb 4-1: SerialNumber: ᙁ痤볍珚띌蝕嘄隇䟈᪦楜触∠ֹ㺎鉲햵톀녪屴䚿郝ꍦ໔෨☗噯쯋጖ꐴ씨硍؜棳鲄ﺕ⯃尽灿ꌁᑥ䚫ꥃ㙓ᗅ疕蔲潙릇箭럿၁뇛埂옣곿䋤ꍀ∞㦜㼜ᶱ୊硒ࡐ蠵珿藲醊鯕戼ꕌ䓶潖ͺ렪弮ᐜ麷㑐ቑ觱磑锈ዻ랍و띜뽾伄嬔췕猥⟗濊棏沟䑲☯ℤﲘ寔渠ዓ攞
[  822.634536][T15961] binder: 15958:15961 ioctl 4018620d 0 returned -22
[  822.803383][ T5869] ftdi_sio 4-1:127.46: FTDI USB Serial Device converter detected
[  822.817475][ T5869] ftdi_sio ttyUSB0: unknown device type: 0xcdbb
[  822.859219][ T5869] ftdi_sio 4-1:127.96: FTDI USB Serial Device converter detected
[  822.869448][ T5869] ftdi_sio ttyUSB1: unknown device type: 0xcdbb
[  822.903940][ T5869] ftdi_sio 4-1:127.231: FTDI USB Serial Device converter detected
[  822.930745][ T5869] ftdi_sio ttyUSB2: unknown device type: 0xcdbb
[  822.957837][ T5869] usb 4-1: USB disconnect, device number 82
[  822.969276][ T5869] ftdi_sio 4-1:127.46: device disconnected
[  822.979674][ T5869] ftdi_sio 4-1:127.96: device disconnected
[  823.046088][ T5869] ftdi_sio 4-1:127.231: device disconnected
[  823.223753][T15972] syzkaller0: entered promiscuous mode
[  823.229264][T15972] syzkaller0: entered allmulticast mode
[  823.601481][ T5869] hid-generic 0005:0006:5508.006C: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  823.719460][T15991] fido_id[15991]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci5/hci5:200/report_descriptor': No such file or directory
[  823.870650][T15998] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2637'.
[  823.884182][T15998] bridge_slave_1: left allmulticast mode
[  823.903245][T15998] bridge_slave_1: left promiscuous mode
[  824.350843][ T5817] Bluetooth: hci5: command 0x0406 tx timeout
[  824.402132][T15998] bridge0: port 2(bridge_slave_1) entered disabled state
[  824.440392][T15998] bridge_slave_0: left allmulticast mode
[  826.370622][T15998] bridge_slave_0: left promiscuous mode
[  826.390709][T15998] bridge0: port 1(bridge_slave_0) entered disabled state
[  826.513286][T15998] bond0: (slave bridge0): Releasing backup interface
[  826.620781][T16014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2643'.
[  826.894519][T16006] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  827.280931][ T5869] usb 4-1: new high-speed USB device number 83 using dummy_hcd
[  827.550642][ T5869] usb 4-1: Using ep0 maxpacket: 16
[  827.564073][ T5869] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  827.573889][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  827.688510][ T5869] usb 4-1: Product: syz
[  827.692895][ T5869] usb 4-1: Manufacturer: syz
[  827.697534][ T5869] usb 4-1: SerialNumber: syz
[  827.703523][ T5869] usb 4-1: config 0 descriptor??
[  827.748292][ T5869] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  827.949358][ T5869] ssu100 4-1:0.0: probe with driver ssu100 failed with error -32
[  829.471892][T16052] vxfs: unable to read disk superblock at 1
[  829.477959][T16052] vxfs: unable to read disk superblock at 8
[  829.485324][T16052] vxfs: can't find superblock.
[  830.303799][T12614] usb 4-1: USB disconnect, device number 83
[  830.522263][T16070] loop5: detected capacity change from 0 to 7
[  830.530595][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  830.548778][T16070] Dev loop5: unable to read RDB block 7
[  830.555498][T16070]  loop5: unable to read partition table
[  830.562107][T16070] loop5: partition table beyond EOD, truncated
[  830.570662][ T5883] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  830.732635][T16070] loop_reread_partitions: partition scan of loop5 (�被x������ ) failed (rc=-5)
[  830.771604][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  832.201133][   T10] usb 6-1: device descriptor read/64, error -71
[  832.232432][ T5883] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  832.244310][ T5883] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  832.251354][T16073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2657'.
[  832.260733][ T5883] usb 5-1: config 0 descriptor??
[  832.261566][T16073] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2657'.
[  832.363083][ T5883] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  832.440622][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  832.539962][T16084] vxfs: unable to read disk superblock at 1
[  832.546967][T16084] vxfs: unable to read disk superblock at 8
[  832.552962][T16084] vxfs: can't find superblock.
[  832.701107][ T5883] usb 1-1: new high-speed USB device number 96 using dummy_hcd
[  832.881395][   T10] usb 6-1: device descriptor read/64, error -71
[  832.882813][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  832.958700][ T5883] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[  833.128992][ T5883] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  833.229042][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  833.559664][ T5883] usb 1-1: config 0 descriptor??
[  834.019680][ T5883] Bluetooth: Can't get state to change to load ram patch err
[  834.105116][ T5883] Bluetooth: Loading patch file failed
[  834.165256][ T5883] ath3k 1-1:0.0: probe with driver ath3k failed with error -71
[  834.329887][ T5883] usb 1-1: USB disconnect, device number 96
[  834.677740][   T10] usb usb6-port1: attempt power cycle
[  834.723332][T12614] usb 5-1: USB disconnect, device number 70
[  835.021450][T16097] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[  835.119262][T16105] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2666'.
[  835.130441][T16105] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2666'.
[  835.139876][T16105] netlink: 'syz.0.2666': attribute type 13 has an invalid length.
[  835.217658][T16108] bridge0: entered allmulticast mode
[  835.224678][T16109] vxfs: unable to read disk superblock at 1
[  835.231775][T16109] vxfs: unable to read disk superblock at 8
[  835.237804][T16109] vxfs: can't find superblock.
[  835.330587][ T5883] usb 4-1: new high-speed USB device number 84 using dummy_hcd
[  835.700773][ T5883] usb 4-1: Using ep0 maxpacket: 16
[  835.853009][ T5883] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  835.976085][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  836.086566][ T5883] usb 4-1: Product: syz
[  836.117893][ T5883] usb 4-1: Manufacturer: syz
[  836.127861][ T5883] usb 4-1: SerialNumber: syz
[  836.155351][ T5883] usb 4-1: config 0 descriptor??
[  836.187732][T16116] kvm: pic: non byte read
[  836.194696][ T5883] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  836.221898][T16116] kvm: pic: non byte read
[  836.258789][T16116] kvm: pic: non byte read
[  836.277798][T16116] kvm: pic: non byte read
[  836.283818][T16116] kvm: pic: non byte read
[  836.325364][T16116] kvm: pic: level sensitive irq not supported
[  836.325728][T16116] kvm: pic: non byte read
[  836.338814][T16116] kvm: pic: level sensitive irq not supported
[  836.338995][T16116] kvm: pic: non byte read
[  836.817951][ T5883] ssu100 4-1:0.0: probe with driver ssu100 failed with error -110
[  836.870791][T16116] kvm: pic: level sensitive irq not supported
[  836.870860][T16116] kvm: pic: non byte read
[  836.886805][T16116] kvm: pic: level sensitive irq not supported
[  836.898255][T16116] kvm: pic: non byte read
[  836.910611][T16116] kvm: pic: level sensitive irq not supported
[  836.910667][T16116] kvm: pic: non byte read
[  836.930375][T16116] kvm: pic: level sensitive irq not supported
[  836.950541][T16116] kvm: pic: level sensitive irq not supported
[  836.962629][T16116] kvm: pic: level sensitive irq not supported
[  837.728193][T16145] binder: 16141:16145 ioctl 4018620d 0 returned -22
[  838.610442][T12614] usb 4-1: USB disconnect, device number 84
[  838.672190][   T30] audit: type=1400 audit(1770407743.098:950): avc:  denied  { bind } for  pid=16151 comm="syz.4.2677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  838.700658][   T30] audit: type=1400 audit(1770407743.098:951): avc:  denied  { listen } for  pid=16151 comm="syz.4.2677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  838.701793][T16145] binder: 16141:16145 ioctl d000941e 0 returned -22
[  838.723313][   T30] audit: type=1400 audit(1770407743.098:952): avc:  denied  { accept } for  pid=16151 comm="syz.4.2677" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  838.793612][T16156] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64
[  839.114912][T16156] audit: out of memory in audit_log_start
[  839.683452][T16180] vxfs: unable to read disk superblock at 1
[  839.689476][T16180] vxfs: unable to read disk superblock at 8
[  839.695831][T16180] vxfs: can't find superblock.
[  842.080371][T16214] Dead loop on virtual device ip6_vti0, fix it urgently!
[  842.796536][T16221] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2693'.
[  842.850546][   T30] audit: type=1400 audit(1770407747.268:953): avc:  denied  { read } for  pid=16216 comm="syz.3.2693" name="cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  842.948318][   T30] audit: type=1400 audit(1770407747.268:954): avc:  denied  { open } for  pid=16216 comm="syz.3.2693" path="/dev/cachefiles" dev="devtmpfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cachefiles_device_t tclass=chr_file permissive=1
[  843.340383][T16227] nftables ruleset with unbound set
[  843.910729][ T5883] usb 4-1: new low-speed USB device number 85 using dummy_hcd
[  843.975405][T16240] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2700'.
[  843.992120][T16240] netlink: 'syz.1.2700': attribute type 10 has an invalid length.
[  844.274248][T16244] netlink: 'syz.0.2698': attribute type 10 has an invalid length.
[  844.282671][T16244] bridge0: left allmulticast mode
[  844.329164][T16245] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2699'.
[  844.342534][ T5883] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  844.350684][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  844.375621][ T5883] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  844.395689][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  844.431713][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  844.447044][ T5883] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  844.457882][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  844.502860][ T5883] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  844.515099][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  844.526864][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  844.542723][ T5883] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  844.601144][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  844.617665][ T5883] usb 4-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  844.631091][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  844.642762][ T5883] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  844.660189][ T5883] usb 4-1: string descriptor 0 read error: -22
[  844.667554][ T5883] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  844.679375][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  844.972845][ T5883] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  845.378924][ T5869] usb 4-1: USB disconnect, device number 85
[  845.622669][T16258] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2704'.
[  846.481205][T16271] loop6: detected capacity change from 0 to 7
[  846.580269][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.590268][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.710044][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.719689][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.736957][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.746605][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.758805][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.768425][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.779581][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.789279][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.839974][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.849589][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.877950][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.887582][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.895522][T16271] ldm_validate_partition_table(): Disk read failed.
[  846.908355][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.917981][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.929531][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.939202][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.955738][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  846.965373][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  846.980618][T16271] Dev loop6: unable to read RDB block 0
[  846.995599][T16271]  loop6: unable to read partition table
[  847.002322][T16271] loop6: partition table beyond EOD, truncated
[  847.008684][T16271] loop_reread_partitions: partition scan of loop6 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  848.196764][T16289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2710'.
[  848.210772][T16289] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2710'.
[  848.581749][T16295] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2711'.
[  849.289094][T13341] Bluetooth: hci5: unexpected event for opcode 0x2006
[  849.510804][   T30] audit: type=1400 audit(1770407753.928:955): avc:  denied  { shutdown } for  pid=16303 comm="syz.3.2714" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  850.400153][T16317] fuse: Bad value for 'fd'
[  850.762406][T16326] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=16326 comm=syz.3.2720
[  851.345630][T16331] fuse: Bad value for 'fd'
[  852.401536][T16355] fuse: Bad value for 'rootmode'
[  852.770633][T12614] usb 1-1: new low-speed USB device number 97 using dummy_hcd
[  852.929187][T12614] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  852.939177][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  852.974002][T12614] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  853.081282][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  853.094193][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  853.175155][   T10] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  853.278399][T12614] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  853.302616][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  853.340648][T12614] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  853.352491][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  853.435241][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  853.451852][T12614] usb 1-1: config 168 descriptor has 1 excess byte, ignoring
[  853.459306][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  853.470233][T12614] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  853.482874][   T10] usb 6-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44
[  853.504633][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  853.528403][T12614] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  853.544396][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  853.561772][   T10] usb 6-1: config 0 descriptor??
[  853.569719][T12614] usb 1-1: string descriptor 0 read error: -22
[  853.576631][T12614] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  853.588448][   T10] pwc: Samsung MPC-C10 USB webcam detected.
[  853.607133][T12614] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  853.664274][T12614] adutux 1-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  853.914897][   T10] pwc: send_video_command error -71
[  853.921483][   T10] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  853.980423][   T10] Philips webcam 6-1:0.0: probe with driver Philips webcam failed with error -71
[  854.009430][   T10] usb 6-1: USB disconnect, device number 6
[  854.920053][    T9] usb 5-1: new full-speed USB device number 71 using dummy_hcd
[  854.976352][   T10] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  855.172052][   T10] usb 6-1: Using ep0 maxpacket: 16
[  855.187397][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  855.197966][    T9] usb 5-1: config 0 has no interfaces?
[  855.215938][    T9] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  855.230545][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  855.239054][   T10] usb 6-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  855.250517][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  855.267312][    T9] usb 5-1: config 0 descriptor??
[  855.275164][   T10] usb 6-1: Product: syz
[  855.279337][   T10] usb 6-1: Manufacturer: syz
[  855.297818][   T10] usb 6-1: SerialNumber: syz
[  855.310946][   T10] usb 6-1: config 0 descriptor??
[  855.321061][   T10] ssu100 6-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  855.711615][   T10] ssu100 6-1:0.0: probe with driver ssu100 failed with error -110
[  855.813210][T12614] usb 5-1: USB disconnect, device number 71
[  856.042234][T12614] usb 1-1: USB disconnect, device number 97
[  856.133942][T16398] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=16398 comm=syz.1.2739
[  856.607118][T16403] Dead loop on virtual device ip6_vti0, fix it urgently!
[  857.550924][T16427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2747'.
[  857.695820][    T9] usb 1-1: new high-speed USB device number 98 using dummy_hcd
[  857.907378][  T977] usb 6-1: USB disconnect, device number 7
[  857.970776][    T9] usb 1-1: Using ep0 maxpacket: 8
[  857.977493][    T9] usb 1-1: config 2 has an invalid interface number: 31 but max is 0
[  857.990635][    T9] usb 1-1: config 2 has no interface number 0
[  858.001654][    T9] usb 1-1: config 2 interface 31 has no altsetting 0
[  858.021408][    T9] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  858.031511][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  858.033200][   T30] audit: type=1400 audit(1770407762.458:956): avc:  denied  { ioctl } for  pid=16429 comm="syz.4.2749" path="socket:[59235]" dev="sockfs" ino=59235 ioctlcmd=0x941b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  858.070623][    T9] usb 1-1: Product: syz
[  858.079255][    T9] usb 1-1: Manufacturer: syz
[  858.085981][    T9] usb 1-1: SerialNumber: syz
[  858.365225][T16441] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2749'.
[  859.044102][T16445] serio: Serial port ttyS3
[  859.430020][    T9] ch9200 1-1:2.31: probe with driver ch9200 failed with error -22
[  859.471987][    T9] usb 1-1: USB disconnect, device number 98
[  859.950747][    T9] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  859.970737][   T30] audit: type=1400 audit(1770407764.388:957): avc:  denied  { execute } for  pid=16450 comm="syz.0.2756" path="/dev/usbmon0" dev="devtmpfs" ino=716 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  860.302103][T16457] delete_channel: no stack
[  860.324055][   T30] audit: type=1400 audit(1770407764.748:958): avc:  denied  { setopt } for  pid=16456 comm="syz.4.2755" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  860.345475][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  860.357467][    T9] usb 6-1: config 0 has no interfaces?
[  860.363417][    T9] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  860.374647][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  860.411350][    T9] usb 6-1: config 0 descriptor??
[  861.448752][   T43] usb 6-1: USB disconnect, device number 8
[  862.126940][T16477] FAULT_INJECTION: forcing a failure.
[  862.126940][T16477] name failslab, interval 1, probability 0, space 0, times 0
[  862.139644][T16477] CPU: 1 UID: 0 PID: 16477 Comm: syz.0.2760 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  862.139663][T16477] Tainted: [L]=SOFTLOCKUP
[  862.139667][T16477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  862.139673][T16477] Call Trace:
[  862.139677][T16477]  <TASK>
[  862.139682][T16477]  dump_stack_lvl+0x100/0x190
[  862.139700][T16477]  should_fail_ex.cold+0x5/0xa
[  862.139712][T16477]  should_failslab+0xc2/0x120
[  862.139727][T16477]  ? tomoyo_encode2+0xfb/0x3c0
[  862.139738][T16477]  __kmalloc_noprof+0xf6/0x9c0
[  862.139752][T16477]  ? tomoyo_encode2+0xfb/0x3c0
[  862.139763][T16477]  tomoyo_encode2+0xfb/0x3c0
[  862.139777][T16477]  tomoyo_encode+0x29/0x50
[  862.139788][T16477]  tomoyo_realpath_from_path+0x18c/0x690
[  862.139803][T16477]  tomoyo_path_number_perm+0x23c/0x580
[  862.139820][T16477]  ? tomoyo_path_number_perm+0x22e/0x580
[  862.139838][T16477]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  862.139868][T16477]  ? find_held_lock+0x2b/0x80
[  862.139882][T16477]  ? hook_file_ioctl_common+0x146/0x410
[  862.139896][T16477]  ? __fget_files+0x215/0x3d0
[  862.139912][T16477]  ? __fget_files+0x21f/0x3d0
[  862.139927][T16477]  security_file_ioctl+0xd3/0x230
[  862.139940][T16477]  __x64_sys_ioctl+0xb7/0x210
[  862.139952][T16477]  do_syscall_64+0xc9/0xf80
[  862.139965][T16477]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  862.139976][T16477] RIP: 0033:0x7fa6c479aeb9
[  862.139986][T16477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  862.139996][T16477] RSP: 002b:00007fa6c559d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  862.140007][T16477] RAX: ffffffffffffffda RBX: 00007fa6c4a15fa0 RCX: 00007fa6c479aeb9
[  862.140014][T16477] RDX: 0000200000000440 RSI: 0000000040046f41 RDI: 0000000000000003
[  862.140020][T16477] RBP: 00007fa6c559d090 R08: 0000000000000000 R09: 0000000000000000
[  862.140026][T16477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  862.140033][T16477] R13: 00007fa6c4a16038 R14: 00007fa6c4a15fa0 R15: 00007ffe49782e88
[  862.140046][T16477]  </TASK>
[  862.140057][T16477] ERROR: Out of memory at tomoyo_realpath_from_path.
[  864.623948][T16497] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2768'.
[  864.912512][    T9] usb 2-1: new high-speed USB device number 75 using dummy_hcd
[  865.138773][    T9] usb 2-1: config index 0 descriptor too short (expected 23569, got 27)
[  865.147496][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  865.160254][    T9] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.b3
[  865.172179][    T9] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  865.199462][    T9] usb 2-1: Manufacturer: syz
[  865.266439][    T9] usb 2-1: config 0 descriptor??
[  865.423498][    T9] rc_core: IR keymap rc-hauppauge not found
[  865.430138][    T9] Registered IR keymap rc-empty
[  865.439464][    T9] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  865.487313][    T9] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input64
[  865.719154][   T10] usb 2-1: USB disconnect, device number 75
[  865.870745][   T30] audit: type=1400 audit(1770407770.278:959): avc:  denied  { read } for  pid=16521 comm="syz.0.2772" path="socket:[60521]" dev="sockfs" ino=60521 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  866.424988][   T10] usb 5-1: new full-speed USB device number 72 using dummy_hcd
[  866.526424][T16536] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2775'.
[  866.635440][   T10] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  866.664477][   T10] usb 5-1: config 0 has no interfaces?
[  866.694958][   T10] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  866.764410][   T30] audit: type=1400 audit(1770407771.178:960): avc:  denied  { map } for  pid=16539 comm="syz.0.2777" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=736 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  866.790594][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.824738][   T10] usb 5-1: config 0 descriptor??
[  868.362346][T12614] usb 5-1: USB disconnect, device number 72
[  870.963752][T16593] bridge0: port 2(bridge_slave_1) entered disabled state
[  870.971064][T16593] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.086976][T16593] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  871.107326][T16593] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  871.466591][   T50] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  871.475834][   T50] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  871.496130][   T50] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  871.511525][   T50] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  871.910584][   T10] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  872.020954][    T9] usb 1-1: new full-speed USB device number 99 using dummy_hcd
[  872.167934][T16619] input: syz0 as /devices/virtual/input/input66
[  872.187728][T16619] nfs: Unknown parameter ' '
[  872.520607][   T10] usb 5-1: Using ep0 maxpacket: 32
[  872.528439][   T10] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  872.537013][   T10] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  872.553078][   T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  872.562482][   T10] usb 5-1: config 1 has no interface number 0
[  872.568593][   T10] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  872.579805][   T10] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  872.597381][   T10] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  872.606744][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  872.616387][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  872.633004][    T9] usb 1-1: config 0 has no interfaces?
[  872.642294][   T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  872.648602][    T9] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  872.658298][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  872.669990][    T9] usb 1-1: config 0 descriptor??
[  872.883987][   T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  873.228429][T16633] netlink: 'syz.1.2799': attribute type 1 has an invalid length.
[  873.252850][ T5869] usb 1-1: USB disconnect, device number 99
[  873.300676][   T10] usb 5-1: USB disconnect, device number 73
[  873.314495][T16636] /dev/nbd3: Can't lookup blockdev
[  873.335736][   T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  873.363208][T16633] bond2: entered promiscuous mode
[  873.379951][T16633] 8021q: adding VLAN 0 to HW filter on device bond2
[  873.403713][T16637] 8021q: adding VLAN 0 to HW filter on device bond2
[  873.428162][T16637] bond2: (slave vcan1): The slave device specified does not support setting the MAC address
[  873.447088][T16637] bond2: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  873.473347][T16637] bond2: (slave vcan1): making interface the new active one
[  873.506054][T16637] vcan1: entered promiscuous mode
[  873.544582][T16637] bond2: (slave vcan1): Enslaving as an active interface with an up link
[  874.154230][T16647] fuse: Bad value for 'fd'
[  874.597944][T12614] usb 2-1: new high-speed USB device number 76 using dummy_hcd
[  874.659379][T16654] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2804'.
[  874.750963][T12614] usb 2-1: device descriptor read/64, error -71
[  875.020606][T12614] usb 2-1: new high-speed USB device number 77 using dummy_hcd
[  875.229169][T12614] usb 2-1: device descriptor read/64, error -71
[  875.706206][T12614] usb usb2-port1: attempt power cycle
[  875.983040][T16682] binder: 16676:16682 ioctl 4018620d 0 returned -22
[  876.200896][T12614] usb 2-1: new high-speed USB device number 78 using dummy_hcd
[  876.223539][T12614] usb 2-1: device descriptor read/8, error -71
[  876.455481][T16693] /dev/nbd3: Can't lookup blockdev
[  876.461942][T12614] usb 2-1: new high-speed USB device number 79 using dummy_hcd
[  876.491577][T12614] usb 2-1: device descriptor read/8, error -71
[  876.626495][T16705] binder: 16704:16705 ioctl c0306201 200000000300 returned -22
[  876.634251][    T9] usb 5-1: new full-speed USB device number 74 using dummy_hcd
[  876.644268][T12614] usb usb2-port1: unable to enumerate USB device
[  876.888204][    T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  876.898967][    T9] usb 5-1: config 0 has no interfaces?
[  876.908976][    T9] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  876.926592][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  876.961331][    T9] usb 5-1: config 0 descriptor??
[  877.066022][T16682] binder: 16676:16682 ioctl d000941e 0 returned -22
[  878.559026][T16730] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2824'.
[  879.240366][ T5884] usb 5-1: USB disconnect, device number 74
[  880.030778][  T977] usb 2-1: new high-speed USB device number 80 using dummy_hcd
[  880.573343][T16758] vxfs: unable to read disk superblock at 1
[  880.582742][T16758] vxfs: unable to read disk superblock at 8
[  880.588743][T16758] vxfs: can't find superblock.
[  880.646828][  T977] usb 2-1: Using ep0 maxpacket: 16
[  880.670869][  T977] usb 2-1: config 0 has an invalid interface number: 34 but max is 0
[  880.697197][  T977] usb 2-1: config 0 has no interface number 0
[  880.742689][  T977] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023
[  880.860698][  T977] usb 2-1: config 0 interface 34 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024
[  880.986592][  T977] usb 2-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  881.136840][  T977] usb 2-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73
[  881.351994][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  881.429421][  T977] usb 2-1: Product: syz
[  881.458301][  T977] usb 2-1: Manufacturer: syz
[  881.482164][  T977] usb 2-1: SerialNumber: syz
[  881.504206][  T977] usb 2-1: config 0 descriptor??
[  881.530598][T16748] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  881.646235][T16748] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  881.717221][T16774] ALSA: mixer_oss: invalid OSS volume ''
[  882.070872][T16748] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  882.150145][T16748] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  882.717412][T16748] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  882.726560][T16748] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  882.742173][  T977] asix 2-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  882.761412][  T977] asix 2-1:0.34 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  882.791742][  T977] asix 2-1:0.34: probe with driver asix failed with error -71
[  882.807842][  T977] usb 2-1: USB disconnect, device number 80
[  882.898710][T16788] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2842'.
[  883.504500][T16798] netlink: 'syz.5.2843': attribute type 1 has an invalid length.
[  883.513144][T16799] FAULT_INJECTION: forcing a failure.
[  883.513144][T16799] name failslab, interval 1, probability 0, space 0, times 0
[  883.533083][T16799] CPU: 1 UID: 0 PID: 16799 Comm: syz.1.2845 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  883.533109][T16799] Tainted: [L]=SOFTLOCKUP
[  883.533116][T16799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  883.533126][T16799] Call Trace:
[  883.533133][T16799]  <TASK>
[  883.533140][T16799]  dump_stack_lvl+0x100/0x190
[  883.533167][T16799]  should_fail_ex.cold+0x5/0xa
[  883.533187][T16799]  should_failslab+0xc2/0x120
[  883.533211][T16799]  ? tomoyo_encode2+0xfb/0x3c0
[  883.533230][T16799]  __kmalloc_noprof+0xf6/0x9c0
[  883.533255][T16799]  ? tomoyo_encode2+0xfb/0x3c0
[  883.533272][T16799]  tomoyo_encode2+0xfb/0x3c0
[  883.533295][T16799]  tomoyo_encode+0x29/0x50
[  883.533313][T16799]  tomoyo_realpath_from_path+0x18c/0x690
[  883.533347][T16799]  tomoyo_path_number_perm+0x23c/0x580
[  883.533377][T16799]  ? tomoyo_path_number_perm+0x22e/0x580
[  883.533406][T16799]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  883.533458][T16799]  ? find_held_lock+0x2b/0x80
[  883.533482][T16799]  ? hook_file_ioctl_common+0x146/0x410
[  883.533505][T16799]  ? __fget_files+0x215/0x3d0
[  883.533530][T16799]  ? __fget_files+0x21f/0x3d0
[  883.533556][T16799]  security_file_ioctl+0xd3/0x230
[  883.533576][T16799]  __x64_sys_ioctl+0xb7/0x210
[  883.533597][T16799]  do_syscall_64+0xc9/0xf80
[  883.533619][T16799]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  883.533638][T16799] RIP: 0033:0x7f790d59aeb9
[  883.533654][T16799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  883.533672][T16799] RSP: 002b:00007f790e3d9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  883.533690][T16799] RAX: ffffffffffffffda RBX: 00007f790d815fa0 RCX: 00007f790d59aeb9
[  883.533701][T16799] RDX: 0000200000000300 RSI: 0000000040047454 RDI: 0000000000000005
[  883.533713][T16799] RBP: 00007f790e3d9090 R08: 0000000000000000 R09: 0000000000000000
[  883.533723][T16799] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  883.533733][T16799] R13: 00007f790d816038 R14: 00007f790d815fa0 R15: 00007ffd0298f068
[  883.533757][T16799]  </TASK>
[  883.534095][T16799] ERROR: Out of memory at tomoyo_realpath_from_path.
[  883.547957][   T30] audit: type=1400 audit(1770407787.968:961): avc:  denied  { create } for  pid=16794 comm="syz.5.2843" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  883.940605][  T977] usb 1-1: new full-speed USB device number 100 using dummy_hcd
[  884.152814][  T977] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  884.163792][  T977] usb 1-1: config 0 has no interfaces?
[  884.185650][  T977] usb 1-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=54.c3
[  884.205802][T16819] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2848'.
[  884.237731][  T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  884.332697][  T977] usb 1-1: config 0 descriptor??
[  884.428940][   T30] audit: type=1400 audit(1770407788.848:962): avc:  denied  { ioctl } for  pid=16795 comm="syz.0.2844" path="/dev/raw-gadget" dev="devtmpfs" ino=820 ioctlcmd=0x550a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  885.074685][   T30] audit: type=1400 audit(1770407789.048:963): avc:  denied  { create } for  pid=16795 comm="syz.0.2844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  885.145479][   T30] audit: type=1400 audit(1770407789.058:964): avc:  denied  { map_create } for  pid=16795 comm="syz.0.2844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  885.208197][   T30] audit: type=1400 audit(1770407789.058:965): avc:  denied  { read } for  pid=16795 comm="syz.0.2844" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  885.271132][   T30] audit: type=1400 audit(1770407789.058:966): avc:  denied  { open } for  pid=16795 comm="syz.0.2844" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[  885.337062][   T30] audit: type=1400 audit(1770407789.108:967): avc:  denied  { prog_load } for  pid=16795 comm="syz.0.2844" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  885.390019][   T30] audit: type=1400 audit(1770407789.108:968): avc:  denied  { bpf } for  pid=16795 comm="syz.0.2844" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  885.439020][   T30] audit: type=1400 audit(1770407789.118:969): avc:  denied  { read } for  pid=16795 comm="syz.0.2844" path="/dev/ppp" dev="devtmpfs" ino=709 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  885.489318][   T30] audit: type=1400 audit(1770407789.538:970): avc:  denied  { read write } for  pid=5816 comm="syz-executor" name="loop4" dev="devtmpfs" ino=651 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  885.720543][T12614] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[  885.880671][T12614] usb 5-1: Using ep0 maxpacket: 16
[  885.895402][T12614] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  885.917290][ T5884] usb 1-1: USB disconnect, device number 100
[  885.940540][T12614] usb 5-1: New USB device found, idVendor=0738, idProduct=1705, bcdDevice= 0.00
[  885.950117][T12614] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  886.050402][T12614] usb 5-1: config 0 descriptor??
[  886.577177][T16842] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2855'.
[  888.535400][T16845] netlink: 'syz.1.2856': attribute type 13 has an invalid length.
[  888.551932][   T30] kauditd_printk_skb: 37 callbacks suppressed
[  888.551950][   T30] audit: type=1400 audit(1770407792.978:1008): avc:  denied  { create } for  pid=16844 comm="syz.0.2857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  888.590150][   T30] audit: type=1400 audit(1770407792.998:1009): avc:  denied  { create } for  pid=16844 comm="syz.0.2857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  888.622419][   T30] audit: type=1400 audit(1770407793.008:1010): avc:  denied  { setopt } for  pid=16844 comm="syz.0.2857" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  888.623416][T12614] usbhid 5-1:0.0: can't add hid device: -71
[  888.660410][T16845] gretap0: refused to change device tx_queue_len
[  888.672401][T16845] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  888.676993][T12614] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  888.704273][T16846] fuse: Bad value for 'fd'
[  888.709845][   T30] audit: type=1400 audit(1770407793.128:1011): avc:  denied  { mounton } for  pid=16844 comm="syz.0.2857" path="/577/file0" dev="tmpfs" ino=3027 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1
[  888.841904][T12614] usb 5-1: USB disconnect, device number 75
[  888.881181][   T30] audit: type=1400 audit(1770407793.298:1012): avc:  denied  { create } for  pid=16848 comm="syz.5.2858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  888.889240][T16849] IPVS: length: 528 != 180393552568
[  888.927576][   T30] audit: type=1400 audit(1770407793.298:1013): avc:  denied  { mounton } for  pid=16848 comm="syz.5.2858" path="/syzcgroup/unified/syz5" dev="cgroup2" ino=270 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1
[  888.972999][   T30] audit: type=1400 audit(1770407793.308:1014): avc:  denied  { getopt } for  pid=16848 comm="syz.5.2858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  888.998043][   T30] audit: type=1400 audit(1770407793.418:1015): avc:  denied  { create } for  pid=16852 comm="syz.4.2860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  889.018933][   T30] audit: type=1400 audit(1770407793.418:1016): avc:  denied  { setopt } for  pid=16852 comm="syz.4.2860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  889.157015][   T30] audit: type=1400 audit(1770407793.468:1017): avc:  denied  { create } for  pid=16852 comm="syz.4.2860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  889.186710][  T977] usb 2-1: new high-speed USB device number 81 using dummy_hcd
[  889.299772][T12614] IPVS: starting estimator thread 0...
[  889.400626][T16862] IPVS: using max 42 ests per chain, 100800 per kthread
[  889.420535][  T977] usb 2-1: Using ep0 maxpacket: 16
[  889.430134][  T977] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  889.444035][  T977] usb 2-1: config 0 interface 0 has no altsetting 0
[  889.499713][  T977] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d
[  889.517859][  T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  889.659505][  T977] usb 2-1: Product: syz
[  889.684327][  T977] usb 2-1: Manufacturer: syz
[  889.695795][  T977] usb 2-1: SerialNumber: syz
[  889.881801][  T977] usb 2-1: config 0 descriptor??
[  890.003610][  T977] hub 2-1:0.0: bad descriptor, ignoring hub
[  890.017305][  T977] hub 2-1:0.0: probe with driver hub failed with error -5
[  890.082646][  T977] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  890.151491][T15537] usb 2-1: Failed to submit usb control message: -113
[  890.240606][T15537] usb 2-1: unable to send the bmi data to the device: -113
[  890.248628][T15537] usb 2-1: unable to get target info from device
[  890.262085][T15537] usb 2-1: could not get target info (-113)
[  890.270057][T15537] usb 2-1: could not probe fw (-113)
[  892.370911][   T10] usb 2-1: USB disconnect, device number 81
[  893.745356][   T30] kauditd_printk_skb: 25 callbacks suppressed
[  893.745369][   T30] audit: type=1400 audit(1770407798.168:1043): avc:  denied  { write } for  pid=16911 comm="syz.4.2873" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  894.227589][   T30] audit: type=1400 audit(1770407798.498:1044): avc:  denied  { firmware_load } for  pid=16913 comm="syz.4.2874" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  894.461448][T16917] ==================================================================
[  894.469536][T16917] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x209a/0x4160
[  894.469729][   T30] audit: type=1400 audit(1770407798.618:1045): avc:  denied  { create } for  pid=16913 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  894.478116][T16917] Write of size 1280 at addr ffffc900044a3b40 by task vivid-000-vid-c/16917
[  894.478131][T16917] 
[  894.478142][T16917] CPU: 1 UID: 0 PID: 16917 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  894.478166][T16917] Tainted: [L]=SOFTLOCKUP
[  894.478172][T16917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  894.478182][T16917] Call Trace:
[  894.478189][T16917]  <TASK>
[  894.478195][T16917]  dump_stack_lvl+0x100/0x190
[  894.478216][T16917]  print_report+0x156/0x4c9
[  894.478238][T16917]  ? __virt_addr_valid+0x81/0x620
[  894.478255][T16917]  ? tpg_fill_plane_buffer+0x209a/0x4160
[  894.478272][T16917]  kasan_report+0xdf/0x1a0
[  894.478292][T16917]  ? tpg_fill_plane_buffer+0x209a/0x4160
[  894.478311][T16917]  kasan_check_range+0x10f/0x1e0
[  894.478334][T16917]  __asan_memcpy+0x3c/0x60
[  894.478350][T16917]  tpg_fill_plane_buffer+0x209a/0x4160
[  894.478377][T16917]  vivid_fillbuff+0x95d/0x3ed0
[  894.478400][T16917]  ? mark_held_locks+0x40/0x70
[  894.478414][T16917]  ? finish_task_switch.isra.0+0x204/0xb70
[  894.478436][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  894.478453][T16917]  ? finish_task_switch.isra.0+0x204/0xb70
[  894.478478][T16917]  ? __pfx_vivid_fillbuff+0x10/0x10
[  894.478499][T16917]  ? __lock_acquire+0x4a5/0x2630
[  894.478518][T16917]  ? v4l2_ctrl_request_setup+0x45a/0xa60
[  894.478539][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  894.478556][T16917]  ? vivid_thread_vid_cap_tick+0x81b/0x1470
[  894.478577][T16917]  vivid_thread_vid_cap_tick+0x81b/0x1470
[  894.478602][T16917]  vivid_thread_vid_cap+0x454/0xd70
[  894.478626][T16917]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  894.478648][T16917]  ? do_raw_spin_lock+0x128/0x260
[  894.478665][T16917]  ? find_held_lock+0x2b/0x80
[  894.478684][T16917]  ? __kthread_parkme+0xbb/0x230
[  894.478706][T16917]  ? __kthread_parkme+0xbb/0x230
[  894.478726][T16917]  ? rcu_is_watching+0x12/0xc0
[  894.478745][T16917]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  894.478761][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  894.478777][T16917]  ? __kthread_parkme+0x18c/0x230
[  894.478799][T16917]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  894.478819][T16917]  kthread+0x3b3/0x730
[  894.478835][T16917]  ? __pfx_kthread+0x10/0x10
[  894.478849][T16917]  ? ret_from_fork+0x79/0xaf0
[  894.478866][T16917]  ? ret_from_fork+0x79/0xaf0
[  894.478887][T16917]  ? rcu_is_watching+0x12/0xc0
[  894.478906][T16917]  ? __pfx_kthread+0x10/0x10
[  894.478922][T16917]  ret_from_fork+0x754/0xaf0
[  894.478939][T16917]  ? __pfx_ret_from_fork+0x10/0x10
[  894.478957][T16917]  ? __switch_to+0x7b9/0x10c0
[  894.478976][T16917]  ? __pfx_kthread+0x10/0x10
[  894.478992][T16917]  ret_from_fork_asm+0x1a/0x30
[  894.479011][T16917]  </TASK>
[  894.479016][T16917] 
[  894.755915][T16917] The buggy address belongs to a 3-page vmalloc region starting at 0xffffc900044a1000 allocated at vb2_vmalloc_alloc+0x135/0x410
[  894.769192][T16917] The buggy address belongs to the physical page:
[  894.775580][T16917] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8fb48
[  894.784313][T16917] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  894.791404][T16917] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  894.799961][T16917] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[  894.808524][T16917] page dumped because: kasan: bad access detected
[  894.814914][T16917] page_owner tracks the page as allocated
[  894.820631][T16917] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 16916, tgid 16913 (syz.4.2874), ts 894007012751, free_ts 894006828625
[  894.839990][T16917]  post_alloc_hook+0x1e1/0x250
[  894.844741][T16917]  get_page_from_freelist+0xe3d/0x2e10
[  894.850192][T16917]  __alloc_frozen_pages_noprof+0x26c/0x2410
[  894.856065][T16917]  alloc_pages_bulk_noprof+0x777/0x1500
[  894.861589][T16917]  alloc_pages_bulk_mempolicy_noprof+0x250/0x1270
[  894.867986][T16917]  __vmalloc_node_range_noprof+0x54b/0x1530
[  894.873863][T16917]  vmalloc_user_noprof+0x9e/0xe0
[  894.878782][T16917]  vb2_vmalloc_alloc+0x135/0x410
[  894.883702][T16917]  __vb2_queue_alloc+0x8cc/0x1150
[  894.888704][T16917]  vb2_core_reqbufs+0x899/0xf30
[  894.893532][T16917]  __vb2_init_fileio+0x32d/0xff0
[  894.898451][T16917]  vb2_core_poll+0x611/0x740
[  894.903018][T16917]  vb2_poll+0x4b/0xe0
[  894.906975][T16917]  vb2_fop_poll+0x10e/0x350
[  894.911456][T16917]  v4l2_poll+0x15f/0x220
[  894.915675][T16917]  do_sys_poll+0x6e5/0xeb0
[  894.920069][T16917] page last free pid 16916 tgid 16913 stack trace:
[  894.926539][T16917]  __free_frozen_pages+0x822/0x1130
[  894.931724][T16917]  __kasan_populate_vmalloc+0x1ea/0x210
[  894.937247][T16917]  alloc_vmap_area+0x935/0x2a00
[  894.942079][T16917]  __get_vm_area_node+0x1ca/0x330
[  894.947084][T16917]  __vmalloc_node_range_noprof+0x213/0x1530
[  894.952959][T16917]  vmalloc_user_noprof+0x9e/0xe0
[  894.957880][T16917]  vb2_vmalloc_alloc+0x135/0x410
[  894.962798][T16917]  __vb2_queue_alloc+0x8cc/0x1150
[  894.967802][T16917]  vb2_core_reqbufs+0x899/0xf30
[  894.972635][T16917]  __vb2_init_fileio+0x32d/0xff0
[  894.977554][T16917]  vb2_core_poll+0x611/0x740
[  894.982122][T16917]  vb2_poll+0x4b/0xe0
[  894.986078][T16917]  vb2_fop_poll+0x10e/0x350
[  894.990559][T16917]  v4l2_poll+0x15f/0x220
[  894.994799][T16917]  do_sys_poll+0x6e5/0xeb0
[  894.999192][T16917]  __x64_sys_ppoll+0x2b5/0x350
[  895.003938][T16917] 
[  895.006239][T16917] Memory state around the buggy address:
[  895.011841][T16917]  ffffc900044a3f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  895.019878][T16917]  ffffc900044a3f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  895.027914][T16917] >ffffc900044a4000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  895.035948][T16917]                    ^
[  895.039990][T16917]  ffffc900044a4080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  895.048047][T16917]  ffffc900044a4100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  895.056083][T16917] ==================================================================
[  895.077187][   T30] audit: type=1400 audit(1770407798.618:1046): avc:  denied  { setopt } for  pid=16913 comm="syz.4.2874" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  895.142487][T16917] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  895.149747][T16917] CPU: 1 UID: 0 PID: 16917 Comm: vivid-000-vid-c Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  895.161136][T16917] Tainted: [L]=SOFTLOCKUP
[  895.165467][T16917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  895.175548][T16917] Call Trace:
[  895.178842][T16917]  <TASK>
[  895.181773][T16917]  dump_stack_lvl+0x100/0x190
[  895.186473][T16917]  vpanic+0x20d/0x630
[  895.190472][T16917]  panic+0xd1/0xd1
[  895.194212][T16917]  ? __pfx_panic+0x10/0x10
[  895.198668][T16917]  ? tpg_fill_plane_buffer+0x209a/0x4160
[  895.204347][T16917]  ? preempt_schedule_common+0x42/0xc0
[  895.209852][T16917]  ? check_panic_on_warn+0x1f/0x90
[  895.215005][T16917]  check_panic_on_warn.cold+0x19/0x34
[  895.220405][T16917]  end_report.part.0+0x3a/0x90
[  895.225186][T16917]  kasan_report.cold+0xe/0x18
[  895.229868][T16917]  ? tpg_fill_plane_buffer+0x209a/0x4160
[  895.235500][T16917]  kasan_check_range+0x10f/0x1e0
[  895.240444][T16917]  __asan_memcpy+0x3c/0x60
[  895.244857][T16917]  tpg_fill_plane_buffer+0x209a/0x4160
[  895.250327][T16917]  vivid_fillbuff+0x95d/0x3ed0
[  895.255081][T16917]  ? mark_held_locks+0x40/0x70
[  895.259824][T16917]  ? finish_task_switch.isra.0+0x204/0xb70
[  895.265616][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  895.270795][T16917]  ? finish_task_switch.isra.0+0x204/0xb70
[  895.276589][T16917]  ? __pfx_vivid_fillbuff+0x10/0x10
[  895.281769][T16917]  ? __lock_acquire+0x4a5/0x2630
[  895.286687][T16917]  ? v4l2_ctrl_request_setup+0x45a/0xa60
[  895.292303][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  895.297481][T16917]  ? vivid_thread_vid_cap_tick+0x81b/0x1470
[  895.303358][T16917]  vivid_thread_vid_cap_tick+0x81b/0x1470
[  895.309062][T16917]  vivid_thread_vid_cap+0x454/0xd70
[  895.314246][T16917]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  895.319959][T16917]  ? do_raw_spin_lock+0x128/0x260
[  895.325052][T16917]  ? find_held_lock+0x2b/0x80
[  895.329732][T16917]  ? __kthread_parkme+0xbb/0x230
[  895.334653][T16917]  ? __kthread_parkme+0xbb/0x230
[  895.339574][T16917]  ? rcu_is_watching+0x12/0xc0
[  895.344316][T16917]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  895.350102][T16917]  ? lockdep_hardirqs_on+0x78/0x100
[  895.355278][T16917]  ? __kthread_parkme+0x18c/0x230
[  895.360304][T16917]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  895.366009][T16917]  kthread+0x3b3/0x730
[  895.370058][T16917]  ? __pfx_kthread+0x10/0x10
[  895.374626][T16917]  ? ret_from_fork+0x79/0xaf0
[  895.379281][T16917]  ? ret_from_fork+0x79/0xaf0
[  895.383939][T16917]  ? rcu_is_watching+0x12/0xc0
[  895.388682][T16917]  ? __pfx_kthread+0x10/0x10
[  895.393252][T16917]  ret_from_fork+0x754/0xaf0
[  895.397822][T16917]  ? __pfx_ret_from_fork+0x10/0x10
[  895.402911][T16917]  ? __switch_to+0x7b9/0x10c0
[  895.407572][T16917]  ? __pfx_kthread+0x10/0x10
[  895.412142][T16917]  ret_from_fork_asm+0x1a/0x30
[  895.416890][T16917]  </TASK>
[  895.420175][T16917] Kernel Offset: disabled
[  895.424472][T16917] Rebooting in 86400 seconds..