last executing test programs:

4m33.991978398s ago: executing program 2 (id=154):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x148)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)

4m33.918016192s ago: executing program 2 (id=157):
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x40200, 0x0)
ioctl$SNDCTL_SEQ_GETTIME(r0, 0x80045113, 0x0)

4m33.812369972s ago: executing program 2 (id=159):
pipe(&(0x7f0000000000))
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000380)={0xa, 0x14e24, 0x0, @empty}, 0x2a)
syz_open_dev$tty1(0xc, 0x4, 0x2)
socket$inet6(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = fcntl$getown(r2, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0)
sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x4, 0x3}, 0x0)
chdir(&(0x7f0000000480)='./cgroup\x00')
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
r4 = open(&(0x7f0000022ff6)='./control\x00', 0x0, 0x0)
r5 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r5, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r5, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0)
sendmsg$rds(r5, &(0x7f0000000680)={&(0x7f0000000140)={0x2, 0x4, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r6=>0xffffffffffffffff})
getsockopt$TIPC_CONN_TIMEOUT(r6, 0x10f, 0x82, &(0x7f0000000640), &(0x7f0000000680)=0x4)
r7 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000073864020720c1400ac3901020300010000000a09041df30071acba000000f7a3"], 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [], {0x14}}, 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_control_io(r7, 0x0, &(0x7f0000000380)={0x84, &(0x7f0000000000)={0x40, 0x3, 0x4, "000000d5"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f00000001c0)=0x2)
unlinkat(r4, &(0x7f00000000c0)='./control\x00', 0x200)

4m30.623859228s ago: executing program 2 (id=175):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r0, 0x0)
setpgid(0x0, r0)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file1\x00', 0x0, 0x10000, 0x0)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_READY(r1, 0x9360, 0x800000000000001)

4m30.40584612s ago: executing program 2 (id=177):
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x40000003)

4m30.119993353s ago: executing program 2 (id=178):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0x81)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x8280, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0xb, r2})
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xffffffffffff0001)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
close_range(r3, r3, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
request_key(&(0x7f00000010c0)='encrypted\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r5, 0x81, 0x0, 0x30, 0x0, @ib={0x1b, 0xfffd, 0x7, {"80dd0ab33ee8075e3e0ae053ad15be5c"}, 0x2, 0x10000000000000, 0x5}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
socket$can_bcm(0x1d, 0x2, 0x2)

4m29.815587346s ago: executing program 32 (id=178):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000100)='./binderfs/binder1\x00', 0x800, 0x0)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000040)=0x81)
r1 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x8280, 0x0)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0xb, r2})
mmap$binder(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x1, 0x11, r0, 0xffffffffffff0001)
r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0)
close_range(r3, r3, 0x0)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000040)={0x0, 0x7, 0xfa00, {0x0, &(0x7f0000000000)={<r5=>0xffffffffffffffff}, 0x13f}}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, 0x0, 0x0)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, 0x0, 0x0, 0x2, 0x0)
request_key(&(0x7f00000010c0)='encrypted\x00', &(0x7f0000001100)={'syz', 0x2}, 0x0, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405668, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r4, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r5, 0x81, 0x0, 0x30, 0x0, @ib={0x1b, 0xfffd, 0x7, {"80dd0ab33ee8075e3e0ae053ad15be5c"}, 0x2, 0x10000000000000, 0x5}, @ib={0x1b, 0x0, 0x0, {"7d0300"}, 0x0, 0x0, 0x2}}}, 0x118)
socket$can_bcm(0x1d, 0x2, 0x2)

4m13.045322865s ago: executing program 4 (id=276):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', <r1=>0x0})
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000180)={0x2, 0x1000}, 0x4)
sendto$packet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x11, 0xf5, r1, 0x1, 0x4, 0x6, @broadcast}, 0x14)

4m12.895936563s ago: executing program 4 (id=278):
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
setxattr$security_capability(&(0x7f0000000080)='./file0/file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x3)
fdatasync(r0)

4m12.763202041s ago: executing program 4 (id=281):
syz_open_dev$radio(&(0x7f0000000000), 0x1, 0x2)
gettid()
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r0, &(0x7f0000000440)=""/247, 0x26)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f00000000c0)={0x31, @tick=0x40, 0x4, {0x0, 0x2}, 0xa, 0x0, 0x4})
ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000180))
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0)
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r2, 0x8010500c, &(0x7f0000000200))

4m11.753063344s ago: executing program 4 (id=289):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x40000020, r0, &(0x7f00000000c0)='./file0\x00')
mount$tmpfs(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000280), 0x810000, 0x0)

4m11.595903331s ago: executing program 4 (id=290):
r0 = gettid()
capset(&(0x7f0000000040)={0x20080522, r0}, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNGETVNETBE(r2, 0x800454df, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
r4 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e23, @multicast1}}, 0x24)
sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r4, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvmsg$kcm(r4, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x12000)
r5 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, 0x0, 0x0, 0x0)
connect$l2tp6(r1, 0x0, 0x0)

4m11.36445234s ago: executing program 4 (id=294):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
r1 = fsopen(&(0x7f0000000000)='jfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000003c0)='iochabset\xd9S\xdc\x85\xba\xbd\xd5\xb4B\x1b\x88$6\x85\\\xfe\x13\x1e\f\x14d\x04\x8e;\x9f\xa1/\xbe\xab\xc4\x82o\xe3c\xc5\xdd5\x1ca<\xdd\xd4\f\x14\xc2\xbd\xd2\x93H\x1a\xc3\x03\xf7\"\x16\xe2\xe6\xa5\xf7\ar\x0e\xedU\xb8!T\x13-\xef\x9fO\x1a\x03w\x99\xc5\xc3\x89\xd8\x99\xb6y\x18\x11\xb9\xf0\x17\x7fX\xfc\xb2\xc6\xc5\xbd\xde-\xdco*\xcd\xe8\xe9\x13\x04B\x9dw\xedH\xb0\xe0\x91\x04\xe6\t\xf1U\xb2Jn\x8da\xafv a\xee\xc3\xcf\x16+\xb4\xbbn \x1d<\xeeC\x1cv\'\xc8n\xd9.\xb8\xbe\xd7\xe0\xa8\xbb;\xf5\x1agV\xfcT\\\xb6\x7f\x9e|\xc5\xec6P\xd14\xfb\xe6~\xaa0\x955W6\xc8\x8d\x85\x86Q\x89\xf9\t3a\xed\xda\xb6\xc7\xf8\xa3\xcb>\x8a\xbd\x7fH\x80\x14', 0x0)

4m11.049259524s ago: executing program 33 (id=294):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x3)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000004c00)=""/102392, 0x18ff8)
close(0xffffffffffffffff)
r1 = fsopen(&(0x7f0000000000)='jfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='iocharset', &(0x7f00000003c0)='iochabset\xd9S\xdc\x85\xba\xbd\xd5\xb4B\x1b\x88$6\x85\\\xfe\x13\x1e\f\x14d\x04\x8e;\x9f\xa1/\xbe\xab\xc4\x82o\xe3c\xc5\xdd5\x1ca<\xdd\xd4\f\x14\xc2\xbd\xd2\x93H\x1a\xc3\x03\xf7\"\x16\xe2\xe6\xa5\xf7\ar\x0e\xedU\xb8!T\x13-\xef\x9fO\x1a\x03w\x99\xc5\xc3\x89\xd8\x99\xb6y\x18\x11\xb9\xf0\x17\x7fX\xfc\xb2\xc6\xc5\xbd\xde-\xdco*\xcd\xe8\xe9\x13\x04B\x9dw\xedH\xb0\xe0\x91\x04\xe6\t\xf1U\xb2Jn\x8da\xafv a\xee\xc3\xcf\x16+\xb4\xbbn \x1d<\xeeC\x1cv\'\xc8n\xd9.\xb8\xbe\xd7\xe0\xa8\xbb;\xf5\x1agV\xfcT\\\xb6\x7f\x9e|\xc5\xec6P\xd14\xfb\xe6~\xaa0\x955W6\xc8\x8d\x85\x86Q\x89\xf9\t3a\xed\xda\xb6\xc7\xf8\xa3\xcb>\x8a\xbd\x7fH\x80\x14', 0x0)

4m5.339337807s ago: executing program 3 (id=323):
r0 = syz_open_dev$vbi(&(0x7f0000000040), 0x0, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000480)={0x1ff, 0x200, 0x2, {0x4, @pix={0x7, 0x8, 0x34565559, 0x2, 0x800000, 0xfffffff3, 0x5, 0x983e, 0x1, 0x3, 0x2}}, 0x9})

4m5.164047513s ago: executing program 3 (id=325):
ioctl$vim2m_VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f0000000380)={0xf0f002, 0x2})

4m5.049317396s ago: executing program 3 (id=327):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x304}, "bb28ced7b820ec2d", "ca08bd91171e6405c84cdc6e52f57229", "f5ce6f37", "fe017c9f4e95f742"}, 0x28)
setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000280)=0x6, 0x4)

4m4.871593603s ago: executing program 3 (id=329):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRES8=0x0, @ANYRES16], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x5c, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7d, 0x6, [0x10000]}}]}}}], 0x40}}], 0x2, 0x810)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x1000040, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative'}}}]})
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37602f"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

4m3.989505176s ago: executing program 3 (id=332):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x5c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}, {0x1c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xd0}}, 0x0)

4m3.052460536s ago: executing program 3 (id=333):
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x4000004)
pipe2(0x0, 0x84080)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000080))
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940), 0x1, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x330b)

3m48.004661679s ago: executing program 34 (id=333):
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x4000004)
pipe2(0x0, 0x84080)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000080))
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000940), 0x1, 0x0)
ioctl$SNAPSHOT_S2RAM(r0, 0x330b)

1m14.903784754s ago: executing program 6 (id=1541):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x140141, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
close(0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000100)="0600000000000000b473fec988ca", 0xe}], 0x1)

1m14.454428985s ago: executing program 6 (id=1550):
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/if_inet6\x00')
preadv(r0, &(0x7f0000000840)=[{&(0x7f00000008c0)=""/93, 0x5d}], 0x1, 0x8, 0x9e37)

1m13.527199625s ago: executing program 6 (id=1552):
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbbbbaaaaaaaaaabb88f5"], 0x72)

1m13.30370131s ago: executing program 6 (id=1555):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x24000, 0x0)

1m13.15589915s ago: executing program 6 (id=1557):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRES8=0x0], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x5c, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7d, 0x6, [0x10000]}}]}}}], 0x40}}], 0x2, 0x810)
mount$tmpfs(0x0, &(0x7f0000000000)='./cgroup\x00', 0x0, 0x1000040, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative'}}}]})
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37602f"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1m12.076559996s ago: executing program 6 (id=1561):
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0xd)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)

1m11.902009256s ago: executing program 35 (id=1561):
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0xd)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10)

42.970883357s ago: executing program 0 (id=1832):
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000100)={0x1d, 0x0, 0x0, {0x1, 0x1, 0x4}, 0x1}, 0x18)
sendmsg$IPSET_CMD_RENAME(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="200000000506010200000000000000000a000001"], 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x800)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$igmp6(0xa, 0x3, 0x2)
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
write$tun(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="06000000bbbbbbbbbb"], 0x72)

42.538619124s ago: executing program 0 (id=1835):
r0 = socket$inet(0x2, 0x80001, 0x84)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000280)=0x3, 0x4)
listen(r0, 0x3)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000020}, 0x800)
ioctl$F2FS_IOC_DEFRAGMENT(r1, 0xc010f508, &(0x7f0000000000)={0x7, 0x9})

42.343981247s ago: executing program 0 (id=1836):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000000)={0x180a, 0x3000, 0x3, 0x1, 0x80, 0xffffffffffffffff, 0x0, 0x3000}])
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x4d, 0x5, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
write$FUSE_OPEN(r2, &(0x7f0000000180)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x20)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

42.214426343s ago: executing program 0 (id=1838):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)

42.177413823s ago: executing program 0 (id=1839):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a00)={{0x14, 0x10, 0x4, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xffff}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}, @NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc8}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
getsockopt$TIPC_NODE_RECVQ_DEPTH(r1, 0x10f, 0x83, &(0x7f00000000c0), &(0x7f00000001c0)=0x4)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x8801)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x210)

42.055755615s ago: executing program 0 (id=1842):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
pipe2$9p(&(0x7f0000001900), 0x800) (async)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_loose}], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_loose}], [], 0x6b}})
syz_open_dev$dri(&(0x7f0000000240), 0x7fffffffffffffff, 0x602800) (async)
syz_open_dev$dri(&(0x7f0000000240), 0x7fffffffffffffff, 0x602800)
write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', &(0x7f00000002c0), 0x4808080, &(0x7f0000000680)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000006,stats=global,stats=global,max=00000000001,max=00000000000000000000007,stats']) (async)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', &(0x7f00000002c0), 0x4808080, &(0x7f0000000680)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000006,stats=global,stats=global,max=00000000001,max=00000000000000000000007,stats'])
syz_usb_connect(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100003b7431087d077a62010089020301090224000100000000090400000203"], 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r0, &(0x7f0000000500)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0xa, 0x0, 0x408d}, @mpls={[], @ipv6=@udp={0x4, 0x6, "c80f59", 0x48, 0x11, 0x1, @empty, @mcast2, {[], {0x4e21, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "3ca0eb84079fcd70aa3e5ebdb73212c3c1d2933b3f739d71", "61fdf4eeaa5165858e4d6a96d1bb0be0bbe84559a44dbe04639c250cc1814f28"}}}}}}, 0x7e)
unlink(&(0x7f0000000100)='./file0/file1\x00') (async)
unlink(&(0x7f0000000100)='./file0/file1\x00')
rmdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x110)
r6 = socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r8=>0x0})
sendto$packet(r6, 0x0, 0x300, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r8, 0x1, 0x0, 0x6, @local}, 0x14)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x0, 0x0, 0x3a, 0x0, "966e49d5b8a5f9bcbb98226a8aa02da2fa3bc307e45f0ac0835e9df4172024ab39323390f33b09244f06fade849a1328407c710ad5f3d8132174a1ad1a6bd5a5b361d6681b400175cd366a76294b5610"}, 0xd8) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x0, 0x0, 0x3a, 0x0, "966e49d5b8a5f9bcbb98226a8aa02da2fa3bc307e45f0ac0835e9df4172024ab39323390f33b09244f06fade849a1328407c710ad5f3d8132174a1ad1a6bd5a5b361d6681b400175cd366a76294b5610"}, 0xd8)
close(r9)

36.330103082s ago: executing program 7 (id=1900):
mmap$KVM_VCPU(&(0x7f0000c00000/0x400000)=nil, 0x930, 0x200000f, 0x4f832, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000ffa000/0x1000)=nil, 0x930, 0x3000003, 0x28031, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000eb3000/0x1000)=nil, 0x930, 0x0, 0x20031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000f0f000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000f2a000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000e41000/0x4000)=nil, 0x4000)
munmap(&(0x7f000075a000/0xb000)=nil, 0xb000)
munmap(&(0x7f0000ece000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000482000/0x2000)=nil, 0x2000)
munmap(&(0x7f00004ff000/0x1000)=nil, 0x1000)
munmap(&(0x7f0000e76000/0x12000)=nil, 0x12000)
mmap$KVM_VCPU(&(0x7f0000ffc000/0x2000)=nil, 0x930, 0x0, 0x24132, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000f1a000/0x4000)=nil, 0x930, 0x0, 0x9032, 0xffffffffffffffff, 0x0)
mmap$KVM_VCPU(&(0x7f0000fed000/0x3000)=nil, 0x930, 0x0, 0x4030031, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000e8b000/0x4000)=nil, 0x4000)
munmap(&(0x7f0000ec1000/0x3000)=nil, 0x3000)
munmap(&(0x7f0000fda000/0x3000)=nil, 0x3000)
mmap$KVM_VCPU(&(0x7f0000ffd000/0x3000)=nil, 0x930, 0x2, 0x8032, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
mmap$KVM_VCPU(&(0x7f000064b000/0x4000)=nil, r1, 0x100000d, 0x9032, 0xffffffffffffffff, 0x0)
munmap(&(0x7f0000667000/0x2000)=nil, 0x2000)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)

36.217100804s ago: executing program 7 (id=1901):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x8000000000000000}}, 0x28)

36.15015803s ago: executing program 7 (id=1903):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000005ac0)="75bf3431aca2112b", 0x8)

36.029591381s ago: executing program 7 (id=1906):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file2\x00', 0x207)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x20400, 0x20)
setxattr$security_capability(&(0x7f0000000080)='./file0/file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x3)
fdatasync(r0) (fail_nth: 1)

35.639461909s ago: executing program 7 (id=1908):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x10)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)

35.543672599s ago: executing program 7 (id=1911):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[])
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x8000000000000000}}, 0x28)

26.96857356s ago: executing program 36 (id=1842):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90)
creat(&(0x7f00000002c0)='./file0\x00', 0x51)
pipe2$9p(&(0x7f0000001900), 0x800) (async)
pipe2$9p(&(0x7f0000001900)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x800)
r3 = dup(r2)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_loose}], [], 0x6b}}) (async)
mount$9p_fd(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@cache_loose}], [], 0x6b}})
syz_open_dev$dri(&(0x7f0000000240), 0x7fffffffffffffff, 0x602800) (async)
syz_open_dev$dri(&(0x7f0000000240), 0x7fffffffffffffff, 0x602800)
write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', &(0x7f00000002c0), 0x4808080, &(0x7f0000000680)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000006,stats=global,stats=global,max=00000000001,max=00000000000000000000007,stats']) (async)
mount$binderfs(0x0, &(0x7f0000000280)='./binderfs\x00', &(0x7f00000002c0), 0x4808080, &(0x7f0000000680)=ANY=[@ANYBLOB='stats=global,max=00000000000000000000006,stats=global,stats=global,max=00000000001,max=00000000000000000000007,stats'])
syz_usb_connect(0x2, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100003b7431087d077a62010089020301090224000100000000090400000203"], 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r4, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x3}})
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r0, &(0x7f0000000500)={@val={0x0, 0x86dd}, @val={0x0, 0x0, 0xa, 0x0, 0x408d}, @mpls={[], @ipv6=@udp={0x4, 0x6, "c80f59", 0x48, 0x11, 0x1, @empty, @mcast2, {[], {0x4e21, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x0, "3ca0eb84079fcd70aa3e5ebdb73212c3c1d2933b3f739d71", "61fdf4eeaa5165858e4d6a96d1bb0be0bbe84559a44dbe04639c250cc1814f28"}}}}}}, 0x7e)
unlink(&(0x7f0000000100)='./file0/file1\x00') (async)
unlink(&(0x7f0000000100)='./file0/file1\x00')
rmdir(&(0x7f0000000000)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x110)
r6 = socket$packet(0x11, 0x2, 0x300)
socket$nl_route(0x10, 0x3, 0x0) (async)
r7 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r8=>0x0})
sendto$packet(r6, 0x0, 0x300, 0x0, &(0x7f0000000140)={0x11, 0x88a8, r8, 0x1, 0x0, 0x6, @local}, 0x14)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400)) (async)
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000200)={@in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x22, 0x0, "43cad7b04bde5bbd8035d89034a56bad61a87c614899a37c5d0d7da4d7fc948375f3593dbd21eb7618ffb4ff4984e01eedc37998dd16526edb40eaadabe6cd2bd9f9dfeade7787ea64309c01ae05fb70"}, 0xd8)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x0, 0x0, 0x3a, 0x0, "966e49d5b8a5f9bcbb98226a8aa02da2fa3bc307e45f0ac0835e9df4172024ab39323390f33b09244f06fade849a1328407c710ad5f3d8132174a1ad1a6bd5a5b361d6681b400175cd366a76294b5610"}, 0xd8) (async)
setsockopt$inet_tcp_TCP_MD5SIG(r9, 0x6, 0xe, &(0x7f0000000300)={@in={{0x2, 0x4e20, @rand_addr=0x64010102}}, 0x0, 0x0, 0x3a, 0x0, "966e49d5b8a5f9bcbb98226a8aa02da2fa3bc307e45f0ac0835e9df4172024ab39323390f33b09244f06fade849a1328407c710ad5f3d8132174a1ad1a6bd5a5b361d6681b400175cd366a76294b5610"}, 0xd8)
close(r9)

19.78423727s ago: executing program 37 (id=1911):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[])
write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000000)={0x28, 0x4, 0x0, {0x1, 0x8000000000000000}}, 0x28)

5.984474796s ago: executing program 5 (id=2032):
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x7d, 0x42, @multicast}, 0x10)
r1 = openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
tee(r1, 0xffffffffffffffff, 0xb5, 0x0) (async)
close(r0) (async, rerun: 32)
getsockname$llc(r0, 0x0, &(0x7f00000006c0)) (rerun: 32)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x200000b, 0x1010, 0xffffffffffffffff, 0x0) (async)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)

5.752117742s ago: executing program 5 (id=2033):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000700)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0x3, @mcast2}, 0x1c, 0x0}}, {{&(0x7f0000000000)={0xa, 0x4e21, 0x7, @empty, 0x46}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=[@rthdrdstopts={{0x18, 0x29, 0x3b, {0x21}}}, @dstopts_2292={{0x12, 0x29, 0x4, {0x1d}}}], 0x30}}], 0x2, 0x8c4)

5.677304897s ago: executing program 5 (id=2034):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0)
mount$fuseblk(&(0x7f0000000240), 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}})
socket$inet6_tcp(0xa, 0x1, 0x0)
mount$binder(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xe2ca6, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)

5.516731986s ago: executing program 5 (id=2035):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000002000/0x3000)=nil, 0x3000})
ppoll(&(0x7f00000007c0)=[{r1, 0x4040}], 0x1, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

4.040599273s ago: executing program 9 (id=2014):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRES8=0x0, @ANYRES16], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x5c, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7d, 0x6, [0x10000]}}]}}}], 0x40}}], 0x2, 0x810)
mount$tmpfs(0x0, 0x0, 0x0, 0x1000040, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative'}}}]})
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.818358055s ago: executing program 9 (id=2042):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, 0xa, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x400a}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000c801}, 0xe0)

3.768591289s ago: executing program 9 (id=2043):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0)
mount$fuseblk(&(0x7f0000000240), 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}})
socket$inet6_tcp(0xa, 0x1, 0x0)
mount$binder(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xe2ca6, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)

3.711437993s ago: executing program 9 (id=2044):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000000a499d0000000000000000020000010900010073797a310000000008000240000000030400060014000000110001"], 0x54}}, 0x0)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x20, 0xa, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x400a}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x2000c801}, 0xe0) (fail_nth: 2)

3.292201419s ago: executing program 9 (id=2045):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

2.343757498s ago: executing program 5 (id=2046):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
dup3(r0, r1, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x1c, r2, 0x1, 0xfffffffe, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0xc800)

2.282737059s ago: executing program 5 (id=2047):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc34000000000010902"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x4c, 0x9e, 0x58, 0x10, 0x545, 0x8080, 0x1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x2, 0x0, 0x0, 0x5c, 0xf, 0x46}}]}}]}}, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r1, 0x0, 0x0)
syz_usb_control_io$printer(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$sierra_net(r1, 0x0, 0x0)

2.096058445s ago: executing program 1 (id=2048):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
dup3(r0, r1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001000)={{0xfffffffffffffe3c}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x38, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x1c, r3, 0x1, 0xfffffffe, 0x25dfdbfb, {{}, {@val={0x8, 0x1, 0x1}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000001}, 0xc800)

2.052183401s ago: executing program 1 (id=2049):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x148)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@uuid_off}]})
r0 = open(&(0x7f0000000480)='./file0\x00', 0x0, 0x718bb647156ec3b7)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x200, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0)='./file0\x00')
open(&(0x7f0000000440)='./file0\x00', 0xe8142, 0x0)

1.996903266s ago: executing program 1 (id=2050):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r1, 0x80045017, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r2, 0x4144, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000200)) (fail_nth: 2)

1.683914797s ago: executing program 1 (id=2051):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{&(0x7f0000000180)={0xa, 0x4e22, 0xfff, @mcast1, 0x5}, 0x1c, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYRES8=0x0, @ANYRES16], 0x18}}, {{&(0x7f0000000580)={0xa, 0x4e22, 0x4, @loopback, 0x9}, 0x1c, &(0x7f0000000680), 0x0, &(0x7f00000006c0)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x5c, 0x4, '\x00', [@hao={0xc9, 0x10, @mcast1}, @pad1, @calipso={0x7, 0x10, {0x3, 0x2, 0x7d, 0x6, [0x10000]}}]}}}], 0x40}}], 0x2, 0x810)
mount$tmpfs(0x0, 0x0, 0x0, 0x1000040, &(0x7f0000000080)={[{@mpol={'mpol', 0x3d, {'prefer', '=relative'}}}]})
mount$fuse(0x0, 0x0, 0x0, 0x1, &(0x7f0000000ac0)=ANY=[@ANYBLOB="e7e4861f4bcfc6ea1143faf5be5b5e6bb7fabe3baafc310136a16290571ae8331b4e694ced800eb58807a40c5e77fb570e73ce84643ade9bd61334c3db831aa9838138efc968d22a37"])
r0 = socket$unix(0x1, 0x1, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000540), &(0x7f0000000640)=0xc)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

1.57311311s ago: executing program 1 (id=2052):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x42, 0x8)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$RTC_SET_TIME(r0, 0x4024700a, 0x0)
mount$fuseblk(&(0x7f0000000240), 0x0, &(0x7f0000000380), 0x0, &(0x7f00000003c0)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x1000}})
socket$inet6_tcp(0xa, 0x1, 0x0)
mount$binder(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0xe2ca6, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.485400416s ago: executing program 8 (id=2053):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f0000000080)={0xdddd0000, 0x102000, 0x1})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r2, 0x4010ae68, &(0x7f0000000040)={0xfffffffffffff001, 0x8000, 0x1})
r3 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r4, 0x4144, 0x0)
ioctl$SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, &(0x7f0000000200))

1.443829452s ago: executing program 1 (id=2054):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, &(0x7f0000000040)={0x28, 0x4, 0x0, 0x0, &(0x7f0000002000/0x3000)=nil, 0x3000})
ppoll(&(0x7f00000007c0)=[{r1, 0x4040}], 0x1, 0x0, 0x0, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

1.342994878s ago: executing program 8 (id=2055):
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x72, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.191828928s ago: executing program 8 (id=2056):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv(r0, &(0x7f00000031c0)=[{&(0x7f0000005e40)=""/4102, 0x1006}], 0x1, 0x0, 0x0) (fail_nth: 2)

183.991435ms ago: executing program 8 (id=2057):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
creat(&(0x7f0000000ac0)='./file0\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
chown(&(0x7f00000003c0)='./file0\x00', r0, 0xee01)
lsetxattr$system_posix_acl(&(0x7f0000000800)='./file0\x00', &(0x7f0000000840)='system.posix_acl_access\x00', &(0x7f0000000300)={{}, {}, [], {}, [], {0x10, 0x2}}, 0x24, 0x0)
creat(&(0x7f0000000ac0)='./file0\x00', 0x0)

173.015395ms ago: executing program 9 (id=2058):
socket$alg(0x26, 0x5, 0x0) (async)
r0 = socket$alg(0x26, 0x5, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0) (async)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r2, &(0x7f0000000040), 0x0, 0x4040810)
recvmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x10)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [@NFT_MSG_NEWRULE={0x98, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x68, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x58, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0x7}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x34, 0x5, 0x0, 0x1, @payload={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_LEN={0x8, 0x4, 0x1, 0x0, 0x56}, @NFTA_PAYLOAD_OFFSET={0x8, 0x3, 0x1, 0x0, 0xb9}, @NFTA_PAYLOAD_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_PAYLOAD_BASE={0x8}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xc0}}, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$TCXONC(r4, 0x80045440, 0x1)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)

98.51614ms ago: executing program 8 (id=2059):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000200)='/sys/power/disk', 0x143a82, 0x33)
fremovexattr(r2, &(0x7f0000000000)=@known='security.apparmor\x00')
ioctl$IMGETCOUNT(r2, 0x80044943, &(0x7f0000000040))
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="f4000000", @ANYRES16=0x0, @ANYBLOB="5443b02c63100fe3d76117651221e07b5b09971717dabb3e5ba245c86dc299a61dfde029dc3d00adbb66464a9bc3", @ANYRES32=r1, @ANYBLOB="0800570001000000080027000100000008002600fa1d00000800270001000000080026006c090000080026006c09000005001801270000000800a10042060000080057000200000005001901050000000800a1000200000008002201a400000008002201df0200000800a100020000000800570072000000080026006c0900000500190109000000080026001c160000050018012700000008002700030000000800a0000000000008009f0003000000050018012b000000080026006c090000080027000000000008005700020000000800220128000000"], 0xf4}, 0x1, 0x0, 0x0, 0x20000010}, 0x4c012)

0s ago: executing program 8 (id=2060):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='syscall\x00')
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
getrlimit(0x8, &(0x7f0000000340))
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000000c0)={@private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, 0x63, 0x2, 0xff05, 0x100, 0x9, 0x42020180})
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffc000)
syz_clone3(&(0x7f0000001400)={0x18000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000180), {0x17}, &(0x7f0000000280)=""/145, 0x91, &(0x7f0000000400)=""/4096, &(0x7f00000001c0)=[r1], 0x1, {r0}}, 0x58)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_kvm_setup_syzos_vm$x86(r0, &(0x7f0000c00000/0x400000)=nil)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
preadv(r0, &(0x7f00000031c0)=[{&(0x7f0000005e40)=""/4102, 0x1006}], 0x1, 0x0, 0x0)

kernel console output (not intermixed with test programs):

ailed (-110)
[  326.251700][ T5930] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  326.295241][ T5930] usb 8-1: device descriptor read/8, error -71
[  326.364909][T10958] FAULT_INJECTION: forcing a failure.
[  326.364909][T10958] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  326.382229][T10958] CPU: 0 UID: 0 PID: 10958 Comm: syz.0.1702 Not tainted syzkaller #0 PREEMPT(full) 
[  326.382253][T10958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  326.382265][T10958] Call Trace:
[  326.382272][T10958]  <TASK>
[  326.382279][T10958]  dump_stack_lvl+0x189/0x250
[  326.382303][T10958]  ? __pfx____ratelimit+0x10/0x10
[  326.382326][T10958]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.382343][T10958]  ? __pfx__printk+0x10/0x10
[  326.382360][T10958]  ? __might_fault+0xb0/0x130
[  326.382388][T10958]  should_fail_ex+0x414/0x560
[  326.382413][T10958]  _copy_from_user+0x2d/0xb0
[  326.382432][T10958]  ___sys_sendmsg+0x158/0x2a0
[  326.382456][T10958]  ? __pfx____sys_sendmsg+0x10/0x10
[  326.382510][T10958]  ? __fget_files+0x2a/0x420
[  326.382530][T10958]  ? __fget_files+0x3a0/0x420
[  326.382561][T10958]  __sys_sendmmsg+0x227/0x430
[  326.382587][T10958]  ? __pfx___sys_sendmmsg+0x10/0x10
[  326.382613][T10958]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  326.382649][T10958]  ? ksys_write+0x22a/0x250
[  326.382672][T10958]  ? __pfx_ksys_write+0x10/0x10
[  326.382695][T10958]  __x64_sys_sendmmsg+0xa0/0xc0
[  326.382716][T10958]  do_syscall_64+0xfa/0xfa0
[  326.382737][T10958]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.382758][T10958]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.382775][T10958]  ? clear_bhb_loop+0x60/0xb0
[  326.382795][T10958]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.382811][T10958] RIP: 0033:0x7f40d938efc9
[  326.382827][T10958] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.382841][T10958] RSP: 002b:00007f40da154038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  326.382860][T10958] RAX: ffffffffffffffda RBX: 00007f40d95e5fa0 RCX: 00007f40d938efc9
[  326.382873][T10958] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003
[  326.382884][T10958] RBP: 00007f40da154090 R08: 0000000000000000 R09: 0000000000000000
[  326.382895][T10958] R10: 0000000020000800 R11: 0000000000000246 R12: 0000000000000001
[  326.382905][T10958] R13: 00007f40d95e6038 R14: 00007f40d95e5fa0 R15: 00007ffc7c079ed8
[  326.382934][T10958]  </TASK>
[  326.603517][ T5930] usb usb8-port1: unable to enumerate USB device
[  326.825357][T10971] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1708'.
[  327.042987][T10981] FAULT_INJECTION: forcing a failure.
[  327.042987][T10981] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.057207][T10981] CPU: 1 UID: 0 PID: 10981 Comm: syz.5.1712 Not tainted syzkaller #0 PREEMPT(full) 
[  327.057232][T10981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  327.057241][T10981] Call Trace:
[  327.057247][T10981]  <TASK>
[  327.057253][T10981]  dump_stack_lvl+0x189/0x250
[  327.057274][T10981]  ? __pfx____ratelimit+0x10/0x10
[  327.057289][T10981]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.057299][T10981]  ? __pfx__printk+0x10/0x10
[  327.057309][T10981]  ? __might_fault+0xb0/0x130
[  327.057325][T10981]  should_fail_ex+0x414/0x560
[  327.057351][T10981]  _copy_from_user+0x2d/0xb0
[  327.057366][T10981]  ___sys_sendmsg+0x158/0x2a0
[  327.057383][T10981]  ? __pfx____sys_sendmsg+0x10/0x10
[  327.057413][T10981]  ? __fget_files+0x2a/0x420
[  327.057425][T10981]  ? __fget_files+0x3a0/0x420
[  327.057441][T10981]  __x64_sys_sendmsg+0x19b/0x260
[  327.057455][T10981]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  327.057471][T10981]  ? __pfx_ksys_write+0x10/0x10
[  327.057485][T10981]  ? do_syscall_64+0xbe/0xfa0
[  327.057499][T10981]  do_syscall_64+0xfa/0xfa0
[  327.057510][T10981]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.057523][T10981]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.057532][T10981]  ? clear_bhb_loop+0x60/0xb0
[  327.057544][T10981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.057553][T10981] RIP: 0033:0x7fa08e58efc9
[  327.057562][T10981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.057570][T10981] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  327.057581][T10981] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  327.057588][T10981] RDX: 0000000000000000 RSI: 00002000000015c0 RDI: 0000000000000003
[  327.057594][T10981] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  327.057600][T10981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.057605][T10981] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  327.057621][T10981]  </TASK>
[  327.509146][T10996] FAULT_INJECTION: forcing a failure.
[  327.509146][T10996] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  327.525648][T10996] CPU: 0 UID: 0 PID: 10996 Comm: syz.0.1717 Not tainted syzkaller #0 PREEMPT(full) 
[  327.525673][T10996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  327.525684][T10996] Call Trace:
[  327.525692][T10996]  <TASK>
[  327.525700][T10996]  dump_stack_lvl+0x189/0x250
[  327.525722][T10996]  ? __pfx____ratelimit+0x10/0x10
[  327.525745][T10996]  ? __pfx_dump_stack_lvl+0x10/0x10
[  327.525763][T10996]  ? __pfx__printk+0x10/0x10
[  327.525780][T10996]  ? __might_fault+0xb0/0x130
[  327.525810][T10996]  should_fail_ex+0x414/0x560
[  327.525837][T10996]  _copy_from_user+0x2d/0xb0
[  327.525855][T10996]  io_submit_one+0xc2/0x1310
[  327.525888][T10996]  ? __pfx_io_submit_one+0x10/0x10
[  327.525904][T10996]  ? __might_fault+0xb0/0x130
[  327.525934][T10996]  ? __might_fault+0xb0/0x130
[  327.525957][T10996]  __se_sys_io_submit+0x185/0x2f0
[  327.525983][T10996]  ? __pfx___se_sys_io_submit+0x10/0x10
[  327.526004][T10996]  ? ksys_write+0x22a/0x250
[  327.526033][T10996]  ? do_syscall_64+0xbe/0xfa0
[  327.526059][T10996]  do_syscall_64+0xfa/0xfa0
[  327.526089][T10996]  ? lockdep_hardirqs_on+0x9c/0x150
[  327.526111][T10996]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.526128][T10996]  ? clear_bhb_loop+0x60/0xb0
[  327.526149][T10996]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  327.526165][T10996] RIP: 0033:0x7f40d938efc9
[  327.526182][T10996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  327.526196][T10996] RSP: 002b:00007f40d75f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  327.526215][T10996] RAX: ffffffffffffffda RBX: 00007f40d95e6090 RCX: 00007f40d938efc9
[  327.526228][T10996] RDX: 0000200000002900 RSI: 0000000000000001 RDI: 00007f40da133000
[  327.526240][T10996] RBP: 00007f40d75f6090 R08: 0000000000000000 R09: 0000000000000000
[  327.526251][T10996] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  327.526261][T10996] R13: 00007f40d95e6128 R14: 00007f40d95e6090 R15: 00007ffc7c079ed8
[  327.526291][T10996]  </TASK>
[  328.270940][T11016] netlink: 64 bytes leftover after parsing attributes in process `syz.7.1725'.
[  328.513939][   T43] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[  328.663511][   T10] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  328.663671][   T43] usb 6-1: device descriptor read/64, error -71
[  328.805339][   T10] usb 1-1: device descriptor read/64, error -71
[  328.977523][   T43] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  329.054997][   T10] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  329.113458][   T43] usb 6-1: device descriptor read/64, error -71
[  329.199874][   T10] usb 1-1: device descriptor read/64, error -71
[  329.224973][   T43] usb usb6-port1: attempt power cycle
[  329.334425][   T10] usb usb1-port1: attempt power cycle
[  329.366874][T11045] FAULT_INJECTION: forcing a failure.
[  329.366874][T11045] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  329.383635][T11045] CPU: 0 UID: 0 PID: 11045 Comm: syz.1.1736 Not tainted syzkaller #0 PREEMPT(full) 
[  329.383661][T11045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  329.383671][T11045] Call Trace:
[  329.383687][T11045]  <TASK>
[  329.383695][T11045]  dump_stack_lvl+0x189/0x250
[  329.383716][T11045]  ? __pfx____ratelimit+0x10/0x10
[  329.383739][T11045]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.383755][T11045]  ? __pfx__printk+0x10/0x10
[  329.383771][T11045]  ? __might_fault+0xb0/0x130
[  329.383800][T11045]  should_fail_ex+0x414/0x560
[  329.383825][T11045]  _copy_from_user+0x2d/0xb0
[  329.383844][T11045]  ___sys_sendmsg+0x158/0x2a0
[  329.383868][T11045]  ? __pfx____sys_sendmsg+0x10/0x10
[  329.383922][T11045]  ? __fget_files+0x2a/0x420
[  329.383942][T11045]  ? __fget_files+0x3a0/0x420
[  329.383972][T11045]  __x64_sys_sendmsg+0x19b/0x260
[  329.383995][T11045]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  329.384025][T11045]  ? __pfx_ksys_write+0x10/0x10
[  329.384048][T11045]  ? do_syscall_64+0xbe/0xfa0
[  329.384072][T11045]  do_syscall_64+0xfa/0xfa0
[  329.384092][T11045]  ? lockdep_hardirqs_on+0x9c/0x150
[  329.384113][T11045]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.384129][T11045]  ? clear_bhb_loop+0x60/0xb0
[  329.384149][T11045]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.384165][T11045] RIP: 0033:0x7f0913d8efc9
[  329.384181][T11045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.384194][T11045] RSP: 002b:00007f0914c40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.384213][T11045] RAX: ffffffffffffffda RBX: 00007f0913fe5fa0 RCX: 00007f0913d8efc9
[  329.384225][T11045] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003
[  329.384236][T11045] RBP: 00007f0914c40090 R08: 0000000000000000 R09: 0000000000000000
[  329.384247][T11045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.384257][T11045] R13: 00007f0913fe6038 R14: 00007f0913fe5fa0 R15: 00007ffcee9aba28
[  329.384286][T11045]  </TASK>
[  329.653551][   T43] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  329.691191][   T43] usb 6-1: device descriptor read/8, error -71
[  329.953576][   T43] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  329.984144][   T43] usb 6-1: device descriptor read/8, error -71
[  330.063546][   T10] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  330.084166][   T10] usb 1-1: device descriptor read/8, error -71
[  330.105038][   T43] usb usb6-port1: unable to enumerate USB device
[  330.167769][ T5930] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  330.190599][T11064] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1745'.
[  330.323495][   T10] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  330.344044][   T10] usb 1-1: device descriptor read/8, error -71
[  330.353535][ T5930] usb 8-1: Using ep0 maxpacket: 8
[  330.360255][ T5930] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  330.372870][ T5930] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  330.383007][ T5930] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  330.393094][ T5930] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  330.407210][ T5930] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  330.416614][ T5930] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.453941][   T10] usb usb1-port1: unable to enumerate USB device
[  330.493557][   T43] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  330.629898][ T5930] usb 8-1: usb_control_msg returned -32
[  330.635757][ T5930] usbtmc 8-1:16.0: can't read capabilities
[  330.649431][   T43] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  330.660463][   T43] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184
[  330.669822][   T43] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  330.679973][   T43] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  330.694271][   T43] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  330.910057][   T43] gspca_sn9c2028: read1 error -71
[  330.921006][   T43] gspca_sn9c2028: read1 error -71
[  330.926517][   T43] sn9c2028 2-1:220.0: probe with driver sn9c2028 failed with error -71
[  330.947958][   T43] usb 2-1: USB disconnect, device number 35
[  331.474658][T11099] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1759'.
[  331.677945][T11107] FAULT_INJECTION: forcing a failure.
[  331.677945][T11107] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.691238][T11107] CPU: 0 UID: 0 PID: 11107 Comm: syz.5.1762 Not tainted syzkaller #0 PREEMPT(full) 
[  331.691262][T11107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  331.691272][T11107] Call Trace:
[  331.691279][T11107]  <TASK>
[  331.691286][T11107]  dump_stack_lvl+0x189/0x250
[  331.691309][T11107]  ? __pfx____ratelimit+0x10/0x10
[  331.691330][T11107]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.691347][T11107]  ? __pfx__printk+0x10/0x10
[  331.691364][T11107]  ? __might_fault+0xb0/0x130
[  331.691394][T11107]  should_fail_ex+0x414/0x560
[  331.691419][T11107]  _copy_from_user+0x2d/0xb0
[  331.691438][T11107]  do_sock_getsockopt+0x17d/0x450
[  331.691463][T11107]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  331.691483][T11107]  ? do_syscall_64+0xa0/0xfa0
[  331.691504][T11107]  ? __fget_files+0x2a/0x420
[  331.691524][T11107]  ? __fget_files+0x3a0/0x420
[  331.691543][T11107]  ? __fget_files+0x2a/0x420
[  331.691578][T11107]  __x64_sys_getsockopt+0x1a5/0x250
[  331.691598][T11107]  ? do_syscall_64+0xa0/0xfa0
[  331.691621][T11107]  ? do_syscall_64+0xa0/0xfa0
[  331.691646][T11107]  do_syscall_64+0xfa/0xfa0
[  331.691667][T11107]  ? lockdep_hardirqs_on+0x9c/0x150
[  331.691689][T11107]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.691705][T11107]  ? clear_bhb_loop+0x60/0xb0
[  331.691724][T11107]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.691740][T11107] RIP: 0033:0x7fa08e58efc9
[  331.691754][T11107] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  331.691768][T11107] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  331.691786][T11107] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  331.691798][T11107] RDX: 000000000000001f RSI: 0000000000000084 RDI: 0000000000000003
[  331.691808][T11107] RBP: 00007fa08f477090 R08: 00002000000003c0 R09: 0000000000000000
[  331.691820][T11107] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[  331.691831][T11107] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  331.691860][T11107]  </TASK>
[  331.898286][ T8502] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  332.054105][ T8502] usb 2-1: Using ep0 maxpacket: 16
[  332.073610][ T8502] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  332.093457][ T8502] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  332.122327][ T8502] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  332.145235][ T8502] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.153271][ T8502] usb 2-1: Product: syz
[  332.173433][ T8502] usb 2-1: Manufacturer: syz
[  332.178122][ T8502] usb 2-1: SerialNumber: syz
[  332.194295][ T8502] usb 2-1: config 0 descriptor??
[  332.212648][ T8502] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  332.234082][ T8502] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  332.260410][T11119] Bluetooth: hci4: Frame reassembly failed (-84)
[  332.271955][T11120] Bluetooth: hci4: Frame reassembly failed (-84)
[  332.279949][ T3006] Bluetooth: hci4: Frame reassembly failed (-84)
[  332.286829][ T3006] Bluetooth: hci4: Frame reassembly failed (-84)
[  332.808882][ T8502] em28xx 2-1:0.0: chip ID is em2874
[  332.957759][ T8502] usb 8-1: USB disconnect, device number 7
[  333.013579][T11099] program syz.1.1759 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  333.035101][   T43] usb 2-1: USB disconnect, device number 36
[  333.042363][   T43] em28xx 2-1:0.0: Disconnecting em28xx
[  333.081260][   T43] em28xx 2-1:0.0: Freeing device
[  333.448003][T11144] FAULT_INJECTION: forcing a failure.
[  333.448003][T11144] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  333.470050][T11144] CPU: 0 UID: 0 PID: 11144 Comm: syz.5.1777 Not tainted syzkaller #0 PREEMPT(full) 
[  333.470076][T11144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  333.470101][T11144] Call Trace:
[  333.470108][T11144]  <TASK>
[  333.470116][T11144]  dump_stack_lvl+0x189/0x250
[  333.470139][T11144]  ? __pfx____ratelimit+0x10/0x10
[  333.470161][T11144]  ? __pfx_dump_stack_lvl+0x10/0x10
[  333.470179][T11144]  ? __pfx__printk+0x10/0x10
[  333.470196][T11144]  ? __might_fault+0xb0/0x130
[  333.470226][T11144]  should_fail_ex+0x414/0x560
[  333.470252][T11144]  _copy_from_user+0x2d/0xb0
[  333.470270][T11144]  ___sys_sendmsg+0x158/0x2a0
[  333.470295][T11144]  ? __pfx____sys_sendmsg+0x10/0x10
[  333.470348][T11144]  ? __fget_files+0x2a/0x420
[  333.470370][T11144]  ? __fget_files+0x3a0/0x420
[  333.470400][T11144]  __x64_sys_sendmsg+0x19b/0x260
[  333.470424][T11144]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  333.470454][T11144]  ? __pfx_ksys_write+0x10/0x10
[  333.470478][T11144]  ? do_syscall_64+0xbe/0xfa0
[  333.470504][T11144]  do_syscall_64+0xfa/0xfa0
[  333.470524][T11144]  ? lockdep_hardirqs_on+0x9c/0x150
[  333.470546][T11144]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.470563][T11144]  ? clear_bhb_loop+0x60/0xb0
[  333.470583][T11144]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.470599][T11144] RIP: 0033:0x7fa08e58efc9
[  333.470614][T11144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.470628][T11144] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  333.470645][T11144] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  333.470657][T11144] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[  333.470667][T11144] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  333.470677][T11144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  333.470687][T11144] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  333.470715][T11144]  </TASK>
[  334.120235][T11164] FAULT_INJECTION: forcing a failure.
[  334.120235][T11164] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  334.136000][T11164] CPU: 1 UID: 0 PID: 11164 Comm: syz.1.1786 Not tainted syzkaller #0 PREEMPT(full) 
[  334.136025][T11164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  334.136035][T11164] Call Trace:
[  334.136042][T11164]  <TASK>
[  334.136058][T11164]  dump_stack_lvl+0x189/0x250
[  334.136081][T11164]  ? __pfx____ratelimit+0x10/0x10
[  334.136101][T11164]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.136117][T11164]  ? __pfx__printk+0x10/0x10
[  334.136133][T11164]  ? __might_fault+0xb0/0x130
[  334.136157][T11164]  should_fail_ex+0x414/0x560
[  334.136181][T11164]  _copy_from_user+0x2d/0xb0
[  334.136198][T11164]  ___sys_sendmsg+0x158/0x2a0
[  334.136221][T11164]  ? __pfx____sys_sendmsg+0x10/0x10
[  334.136276][T11164]  ? __fget_files+0x2a/0x420
[  334.136295][T11164]  ? __fget_files+0x3a0/0x420
[  334.136332][T11164]  __x64_sys_sendmsg+0x19b/0x260
[  334.136362][T11164]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  334.136392][T11164]  ? __pfx_ksys_write+0x10/0x10
[  334.136415][T11164]  ? do_syscall_64+0xbe/0xfa0
[  334.136440][T11164]  do_syscall_64+0xfa/0xfa0
[  334.136461][T11164]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.136482][T11164]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.136499][T11164]  ? clear_bhb_loop+0x60/0xb0
[  334.136520][T11164]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.136536][T11164] RIP: 0033:0x7f0913d8efc9
[  334.136551][T11164] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  334.136566][T11164] RSP: 002b:00007f0914c40038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  334.136585][T11164] RAX: ffffffffffffffda RBX: 00007f0913fe5fa0 RCX: 00007f0913d8efc9
[  334.136597][T11164] RDX: 0000000000000000 RSI: 0000200000001000 RDI: 0000000000000004
[  334.136608][T11164] RBP: 00007f0914c40090 R08: 0000000000000000 R09: 0000000000000000
[  334.136619][T11164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  334.136628][T11164] R13: 00007f0913fe6038 R14: 00007f0913fe5fa0 R15: 00007ffcee9aba28
[  334.136658][T11164]  </TASK>
[  334.344606][ T5833] Bluetooth: hci4: command 0x1003 tx timeout
[  334.354388][ T5827] usb 6-1: new high-speed USB device number 31 using dummy_hcd
[  334.368598][ T5832] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  334.463700][    T9] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  334.523641][ T5827] usb 6-1: Using ep0 maxpacket: 8
[  334.531872][ T5827] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  334.543151][ T5827] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  334.554278][ T5827] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  334.570587][ T5827] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  334.588809][ T5827] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  334.598751][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.613874][    T9] usb 8-1: device descriptor read/64, error -71
[  334.835421][ T5827] usb 6-1: usb_control_msg returned -32
[  334.841058][ T5827] usbtmc 6-1:16.0: can't read capabilities
[  334.863511][    T9] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  335.003531][    T9] usb 8-1: device descriptor read/64, error -71
[  335.113845][    T9] usb usb8-port1: attempt power cycle
[  335.233758][ T5937] block nbd6: Possible stuck request ffff8880257c5080: control (read@0,1024B). Runtime 120 seconds
[  335.245126][ T5937] block nbd6: Possible stuck request ffff8880257c5240: control (read@1024,1024B). Runtime 120 seconds
[  335.245171][ T6809] block nbd5: Possible stuck request ffff8880256d7000: control (read@0,1024B). Runtime 120 seconds
[  335.256235][ T5937] block nbd6: Possible stuck request ffff8880257c5400: control (read@2048,1024B). Runtime 120 seconds
[  335.256262][ T5937] block nbd6: Possible stuck request ffff8880257c55c0: control (read@3072,1024B). Runtime 120 seconds
[  335.289784][ T6809] block nbd5: Possible stuck request ffff8880256d71c0: control (read@1024,1024B). Runtime 120 seconds
[  335.301408][ T6809] block nbd5: Possible stuck request ffff8880256d7380: control (read@2048,1024B). Runtime 120 seconds
[  335.312518][ T6809] block nbd5: Possible stuck request ffff8880256d7540: control (read@3072,1024B). Runtime 120 seconds
[  335.313571][ T5827] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  335.454108][    T9] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  335.485498][ T5827] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  335.499923][ T5827] usb 1-1: New USB device found, idVendor=0c70, idProduct=f0bd, bcdDevice= 0.00
[  335.500092][    T9] usb 8-1: device descriptor read/8, error -71
[  335.515973][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  335.529510][ T5827] usb 1-1: config 0 descriptor??
[  335.553349][ T5827] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  335.766252][    T9] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  335.798343][    T9] usb 8-1: device descriptor read/8, error -71
[  335.913742][    T9] usb usb8-port1: unable to enumerate USB device
[  336.513636][ T6809] block nbd7: Possible stuck request ffff8880257e0000: control (read@0,1024B). Runtime 120 seconds
[  336.524508][ T6809] block nbd7: Possible stuck request ffff8880257e01c0: control (read@1024,1024B). Runtime 120 seconds
[  336.535601][ T6809] block nbd7: Possible stuck request ffff8880257e0380: control (read@2048,1024B). Runtime 120 seconds
[  336.546867][ T6809] block nbd7: Possible stuck request ffff8880257e0540: control (read@3072,1024B). Runtime 120 seconds
[  336.823130][T11214] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  336.833154][T11214] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  336.881304][T11218] FAULT_INJECTION: forcing a failure.
[  336.881304][T11218] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  336.895819][T11218] CPU: 1 UID: 0 PID: 11218 Comm: syz.1.1804 Not tainted syzkaller #0 PREEMPT(full) 
[  336.895844][T11218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  336.895854][T11218] Call Trace:
[  336.895861][T11218]  <TASK>
[  336.895869][T11218]  dump_stack_lvl+0x189/0x250
[  336.895899][T11218]  ? __pfx____ratelimit+0x10/0x10
[  336.895921][T11218]  ? __pfx_dump_stack_lvl+0x10/0x10
[  336.895939][T11218]  ? __pfx__printk+0x10/0x10
[  336.895968][T11218]  should_fail_ex+0x414/0x560
[  336.895994][T11218]  _copy_to_user+0x31/0xb0
[  336.896014][T11218]  simple_read_from_buffer+0xe1/0x170
[  336.896040][T11218]  proc_fail_nth_read+0x1b3/0x220
[  336.896062][T11218]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  336.896083][T11218]  ? rw_verify_area+0x2a6/0x4d0
[  336.896101][T11218]  ? __lock_acquire+0xab9/0xd20
[  336.896120][T11218]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  336.896139][T11218]  vfs_read+0x200/0xa30
[  336.896156][T11218]  ? fdget_pos+0x247/0x320
[  336.896181][T11218]  ? __pfx___mutex_lock+0x10/0x10
[  336.896204][T11218]  ? __pfx_vfs_read+0x10/0x10
[  336.896225][T11218]  ? __fget_files+0x2a/0x420
[  336.896250][T11218]  ? __fget_files+0x3a0/0x420
[  336.896269][T11218]  ? __fget_files+0x2a/0x420
[  336.896299][T11218]  ksys_read+0x145/0x250
[  336.896326][T11218]  ? __pfx_ksys_read+0x10/0x10
[  336.896349][T11218]  ? do_syscall_64+0xbe/0xfa0
[  336.896374][T11218]  do_syscall_64+0xfa/0xfa0
[  336.896395][T11218]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.896417][T11218]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.896433][T11218]  ? clear_bhb_loop+0x60/0xb0
[  336.896454][T11218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.896471][T11218] RIP: 0033:0x7f0913d8d9dc
[  336.896486][T11218] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  336.896500][T11218] RSP: 002b:00007f0914c40030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  336.896518][T11218] RAX: ffffffffffffffda RBX: 00007f0913fe5fa0 RCX: 00007f0913d8d9dc
[  336.896530][T11218] RDX: 000000000000000f RSI: 00007f0914c400a0 RDI: 0000000000000004
[  336.896541][T11218] RBP: 00007f0914c40090 R08: 0000000000000000 R09: 0000000000000000
[  336.896552][T11218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  336.896562][T11218] R13: 00007f0913fe6038 R14: 00007f0913fe5fa0 R15: 00007ffcee9aba28
[  336.896592][T11218]  </TASK>
[  337.166303][    T9] usb 6-1: USB disconnect, device number 31
[  337.833502][ T5879] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  337.964401][T11257] bridge0: port 3(wlan0) entered blocking state
[  337.970896][T11257] bridge0: port 3(wlan0) entered disabled state
[  337.978934][T11257] mac80211_hwsim hwsim3 wlan0: entered allmulticast mode
[  337.988151][T11257] mac80211_hwsim hwsim3 wlan0: entered promiscuous mode
[  337.996077][T11257] bridge0: port 3(wlan0) entered blocking state
[  338.002773][T11257] bridge0: port 3(wlan0) entered forwarding state
[  338.003507][ T5879] usb 8-1: Using ep0 maxpacket: 8
[  338.027132][ T5879] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  338.059493][ T5879] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  338.084883][ T5879] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  338.115381][ T5879] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  338.133258][ T5879] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  338.144682][ T5879] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.173152][ T5827] usb 1-1: USB disconnect, device number 38
[  338.383740][    T9] usb 2-1: new full-speed USB device number 37 using dummy_hcd
[  338.387054][ T5879] usb 8-1: usb_control_msg returned -32
[  338.402342][ T5879] usbtmc 8-1:16.0: can't read capabilities
[  338.501469][T11276] FAULT_INJECTION: forcing a failure.
[  338.501469][T11276] name failslab, interval 1, probability 0, space 0, times 0
[  338.514727][T11276] CPU: 0 UID: 0 PID: 11276 Comm: syz.5.1831 Not tainted syzkaller #0 PREEMPT(full) 
[  338.514752][T11276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  338.514762][T11276] Call Trace:
[  338.514769][T11276]  <TASK>
[  338.514776][T11276]  dump_stack_lvl+0x189/0x250
[  338.514804][T11276]  ? __pfx____ratelimit+0x10/0x10
[  338.514827][T11276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  338.514845][T11276]  ? __pfx__printk+0x10/0x10
[  338.514867][T11276]  ? __pfx___might_resched+0x10/0x10
[  338.514895][T11276]  should_fail_ex+0x414/0x560
[  338.514921][T11276]  should_failslab+0xa8/0x100
[  338.514945][T11276]  __kmalloc_noprof+0xdf/0x800
[  338.514962][T11276]  ? kfree+0x4d/0x6d0
[  338.514982][T11276]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  338.515010][T11276]  tomoyo_realpath_from_path+0xe3/0x5d0
[  338.515033][T11276]  ? tomoyo_domain+0xd9/0x130
[  338.515060][T11276]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  338.515078][T11276]  tomoyo_path_number_perm+0x1e8/0x5a0
[  338.515099][T11276]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  338.515157][T11276]  ? __fget_files+0x2a/0x420
[  338.515184][T11276]  ? __fget_files+0x3a0/0x420
[  338.515203][T11276]  ? __fget_files+0x2a/0x420
[  338.515228][T11276]  security_file_ioctl+0xcb/0x2d0
[  338.515248][T11276]  __se_sys_ioctl+0x47/0x170
[  338.515268][T11276]  do_syscall_64+0xfa/0xfa0
[  338.515289][T11276]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.515311][T11276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.515328][T11276]  ? clear_bhb_loop+0x60/0xb0
[  338.515349][T11276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.515366][T11276] RIP: 0033:0x7fa08e58efc9
[  338.515381][T11276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  338.515395][T11276] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  338.515414][T11276] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  338.515426][T11276] RDX: 0000200000000040 RSI: 00000000000089f0 RDI: 0000000000000003
[  338.515437][T11276] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  338.515447][T11276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  338.515457][T11276] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  338.515488][T11276]  </TASK>
[  338.515496][T11276] ERROR: Out of memory at tomoyo_realpath_from_path.
[  338.775033][    T9] usb 2-1: config 8 has an invalid interface number: 127 but max is 0
[  338.783535][    T9] usb 2-1: config 8 has no interface number 0
[  338.789689][    T9] usb 2-1: config 8 interface 127 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  338.803291][    T9] usb 2-1: New USB device found, idVendor=1608, idProduct=021b, bcdDevice=45.36
[  338.812716][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.823514][    T9] usb 2-1: Product: syz
[  338.827700][    T9] usb 2-1: Manufacturer: syz
[  338.832302][    T9] usb 2-1: SerialNumber: syz
[  338.980987][T11287] overlayfs: missing 'lowerdir'
[  339.058049][    T9] io_ti 2-1:8.127: required endpoints missing
[  339.098283][    T9] usb 2-1: USB disconnect, device number 37
[  339.635368][T11313] input: syz1 as /devices/virtual/input/input18
[  339.974301][T11328] FAULT_INJECTION: forcing a failure.
[  339.974301][T11328] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  339.987783][T11328] CPU: 1 UID: 0 PID: 11328 Comm: syz.5.1851 Not tainted syzkaller #0 PREEMPT(full) 
[  339.987806][T11328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  339.987814][T11328] Call Trace:
[  339.987818][T11328]  <TASK>
[  339.987822][T11328]  dump_stack_lvl+0x189/0x250
[  339.987837][T11328]  ? __pfx____ratelimit+0x10/0x10
[  339.987851][T11328]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.987863][T11328]  ? __pfx__printk+0x10/0x10
[  339.987872][T11328]  ? __might_fault+0xb0/0x130
[  339.987889][T11328]  should_fail_ex+0x414/0x560
[  339.987904][T11328]  _copy_from_user+0x2d/0xb0
[  339.987914][T11328]  ___sys_sendmsg+0x158/0x2a0
[  339.987929][T11328]  ? __pfx____sys_sendmsg+0x10/0x10
[  339.987959][T11328]  ? __fget_files+0x2a/0x420
[  339.987970][T11328]  ? __fget_files+0x3a0/0x420
[  339.987987][T11328]  __x64_sys_sendmsg+0x19b/0x260
[  339.988000][T11328]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  339.988016][T11328]  ? __pfx_ksys_write+0x10/0x10
[  339.988029][T11328]  ? do_syscall_64+0xbe/0xfa0
[  339.988043][T11328]  do_syscall_64+0xfa/0xfa0
[  339.988055][T11328]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.988067][T11328]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.988076][T11328]  ? clear_bhb_loop+0x60/0xb0
[  339.988088][T11328]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  339.988097][T11328] RIP: 0033:0x7fa08e58efc9
[  339.988106][T11328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  339.988113][T11328] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  339.988125][T11328] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  339.988132][T11328] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003
[  339.988138][T11328] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  339.988144][T11328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  339.988150][T11328] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  339.988165][T11328]  </TASK>
[  340.570381][T11341] fuse: Bad value for 'fd'
[  340.625498][   T43] usb 8-1: USB disconnect, device number 12
[  341.083495][   T43] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  341.250069][   T43] usb 8-1: config 0 has an invalid interface number: 104 but max is 0
[  341.260578][   T43] usb 8-1: config 0 has no interface number 0
[  341.267073][   T43] usb 8-1: config 0 interface 104 has no altsetting 0
[  341.277588][   T43] usb 8-1: New USB device found, idVendor=045e, idProduct=04e2, bcdDevice=1c.4d
[  341.286999][   T43] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.298389][   T43] usb 8-1: Product: syz
[  341.302578][   T43] usb 8-1: Manufacturer: syz
[  341.307367][   T43] usb 8-1: SerialNumber: syz
[  341.319619][   T43] usb 8-1: config 0 descriptor??
[  341.331100][   T43] ipaq 8-1:0.104: PocketPC PDA converter detected
[  341.344050][   T43] usb 8-1: active config #0 != 1 ??
[  341.542168][T11353] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1861'.
[  341.560295][   T43] usb 8-1: USB disconnect, device number 13
[  341.887218][ T5833] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  341.897060][ T5833] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  341.905629][ T5833] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  341.916551][ T5833] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  341.925866][ T5833] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  342.165444][T11376] chnl_net:caif_netlink_parms(): no params data found
[  342.308840][T11376] bridge0: port 1(bridge_slave_0) entered blocking state
[  342.317760][T11376] bridge0: port 1(bridge_slave_0) entered disabled state
[  342.325341][T11376] bridge_slave_0: entered allmulticast mode
[  342.333151][T11376] bridge_slave_0: entered promiscuous mode
[  342.341863][T11376] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.349815][T11376] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.357501][T11376] bridge_slave_1: entered allmulticast mode
[  342.366059][T11376] bridge_slave_1: entered promiscuous mode
[  342.418318][T11376] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  342.430441][T11376] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  342.436290][   T43] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  342.469604][T11376] team0: Port device team_slave_0 added
[  342.478872][T11376] team0: Port device team_slave_1 added
[  342.546207][T11376] batman_adv: batadv0: Adding interface: batadv_slave_0
[  342.567888][T11376] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  342.581002][T11398] FAULT_INJECTION: forcing a failure.
[  342.581002][T11398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  342.603552][T11376] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  342.610057][T11398] CPU: 1 UID: 0 PID: 11398 Comm: syz.5.1876 Not tainted syzkaller #0 PREEMPT(full) 
[  342.610081][T11398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  342.610091][T11398] Call Trace:
[  342.610098][T11398]  <TASK>
[  342.610105][T11398]  dump_stack_lvl+0x189/0x250
[  342.610128][T11398]  ? __pfx____ratelimit+0x10/0x10
[  342.610150][T11398]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.610167][T11398]  ? __pfx__printk+0x10/0x10
[  342.610183][T11398]  ? __might_fault+0xb0/0x130
[  342.610212][T11398]  should_fail_ex+0x414/0x560
[  342.610238][T11398]  _copy_from_user+0x2d/0xb0
[  342.610256][T11398]  do_tcp_setsockopt+0x47d/0x1f40
[  342.610284][T11398]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  342.610302][T11398]  ? aa_sk_perm+0x81e/0x950
[  342.610324][T11398]  ? __pfx_aa_sk_perm+0x10/0x10
[  342.610343][T11398]  ? aa_sock_opt_perm+0xff/0x1b0
[  342.610365][T11398]  ? sock_common_setsockopt+0x36/0xc0
[  342.610381][T11398]  ? tcp_setsockopt+0x3d/0xe0
[  342.610399][T11398]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  342.610417][T11398]  do_sock_setsockopt+0x17c/0x1b0
[  342.610441][T11398]  __x64_sys_setsockopt+0x13f/0x1b0
[  342.610466][T11398]  do_syscall_64+0xfa/0xfa0
[  342.610487][T11398]  ? lockdep_hardirqs_on+0x9c/0x150
[  342.610508][T11398]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.610525][T11398]  ? clear_bhb_loop+0x60/0xb0
[  342.610544][T11398]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.610560][T11398] RIP: 0033:0x7fa08e58efc9
[  342.610574][T11398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.610588][T11398] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  342.610614][T11398] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  342.610627][T11398] RDX: 0000000000000015 RSI: 0000000000000006 RDI: 0000000000000005
[  342.610637][T11398] RBP: 00007fa08f477090 R08: 0000000000000004 R09: 0000000000000000
[  342.610647][T11398] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  342.610658][T11398] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  342.610685][T11398]  </TASK>
[  342.639310][   T43] usb 8-1: Using ep0 maxpacket: 32
[  342.665746][T11376] batman_adv: batadv0: Adding interface: batadv_slave_1
[  342.713843][   T43] usb 8-1: unable to get BOS descriptor or descriptor too short
[  342.737237][T11376] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  342.737270][T11376] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  342.895811][   T43] usb 8-1: unable to read config index 0 descriptor/start: -71
[  342.903533][   T43] usb 8-1: can't read configurations, error -71
[  342.937766][T11376] hsr_slave_0: entered promiscuous mode
[  342.944764][T11376] hsr_slave_1: entered promiscuous mode
[  342.950923][T11376] debugfs: 'hsr0' already exists in 'hsr'
[  342.959194][T11376] Cannot create hsr debugfs directory
[  343.193837][T11376] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.338660][T11376] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.454601][T11376] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.567204][T11376] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  343.782269][T11376] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  343.808200][T11376] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  343.838365][T11376] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  343.893227][T11376] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  343.954058][ T5832] Bluetooth: hci2: command tx timeout
[  344.071286][T11376] 8021q: adding VLAN 0 to HW filter on device bond0
[  344.091801][T11376] 8021q: adding VLAN 0 to HW filter on device team0
[  344.108505][ T8331] bridge0: port 1(bridge_slave_0) entered blocking state
[  344.115763][ T8331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  344.135459][ T2959] bridge0: port 2(bridge_slave_1) entered blocking state
[  344.142690][ T2959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  344.267089][ T5827] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  344.429039][T11376] 8021q: adding VLAN 0 to HW filter on device batadv0
[  344.453497][ T5827] usb 6-1: Using ep0 maxpacket: 16
[  344.464342][ T5827] usb 6-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35
[  344.475447][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.492524][ T5827] usb 6-1: Product: syz
[  344.502205][ T5827] usb 6-1: Manufacturer: syz
[  344.514013][ T5827] usb 6-1: SerialNumber: syz
[  344.530543][ T5827] usb 6-1: config 0 descriptor??
[  344.556843][ T5827] as10x_usb: device has been detected
[  344.561686][T11376] veth0_vlan: entered promiscuous mode
[  344.563136][ T5827] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led))
[  344.587919][T11376] veth1_vlan: entered promiscuous mode
[  344.594781][ T5827] usb 6-1: DVB: registering adapter 2 frontend 0 (Sky IT Digital Key (green led))...
[  344.642382][ T5827] as10x_usb: error during firmware upload part1
[  344.652720][ T5827] Registered device Sky IT Digital Key (green led)
[  344.673033][T11376] veth0_macvtap: entered promiscuous mode
[  344.734733][T11376] veth1_macvtap: entered promiscuous mode
[  344.757641][ T5827] usb 6-1: USB disconnect, device number 32
[  344.768963][T11376] batman_adv: batadv0: Interface activated: batadv_slave_0
[  344.812075][ T5827] Unregistered device Sky IT Digital Key (green led)
[  344.815101][ T5827] as10x_usb: device has been disconnected
[  344.832891][T11376] batman_adv: batadv0: Interface activated: batadv_slave_1
[  344.875313][ T2959] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  344.903810][ T2959] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  344.924738][ T2959] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  344.943229][ T2959] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  345.021824][ T8336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.034355][ T8336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.063010][ T8331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  345.071109][ T8331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  345.149836][T11461] netlink: 'syz.1.1867': attribute type 10 has an invalid length.
[  345.186185][T11461] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  345.475335][T11478] FAULT_INJECTION: forcing a failure.
[  345.475335][T11478] name failslab, interval 1, probability 0, space 0, times 0
[  345.490002][T11478] CPU: 1 UID: 0 PID: 11478 Comm: syz.7.1906 Not tainted syzkaller #0 PREEMPT(full) 
[  345.490026][T11478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  345.490036][T11478] Call Trace:
[  345.490042][T11478]  <TASK>
[  345.490048][T11478]  dump_stack_lvl+0x189/0x250
[  345.490071][T11478]  ? __pfx____ratelimit+0x10/0x10
[  345.490091][T11478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.490108][T11478]  ? __pfx__printk+0x10/0x10
[  345.490128][T11478]  ? __pfx___might_resched+0x10/0x10
[  345.490147][T11478]  ? fs_reclaim_acquire+0x7d/0x100
[  345.490226][T11478]  should_fail_ex+0x414/0x560
[  345.490252][T11478]  should_failslab+0xa8/0x100
[  345.490275][T11478]  kmem_cache_alloc_noprof+0x88/0x700
[  345.490294][T11478]  ? alloc_empty_backing_file+0x23/0xc0
[  345.490321][T11478]  alloc_empty_backing_file+0x23/0xc0
[  345.490344][T11478]  backing_file_open+0x24/0x90
[  345.490365][T11478]  ovl_open_realfile+0x23e/0x3e0
[  345.490394][T11478]  ovl_real_file_path+0x259/0x310
[  345.490418][T11478]  ovl_fsync+0x220/0x310
[  345.490440][T11478]  ? __pfx_ovl_fsync+0x10/0x10
[  345.490457][T11478]  ? __fget_files+0x2a/0x420
[  345.490483][T11478]  ? __pfx_ovl_fsync+0x10/0x10
[  345.490501][T11478]  __x64_sys_fdatasync+0xb9/0x110
[  345.490526][T11478]  do_syscall_64+0xfa/0xfa0
[  345.490546][T11478]  ? lockdep_hardirqs_on+0x9c/0x150
[  345.490568][T11478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.490583][T11478]  ? clear_bhb_loop+0x60/0xb0
[  345.490603][T11478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.490619][T11478] RIP: 0033:0x7fbbfc18efc9
[  345.490635][T11478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.490648][T11478] RSP: 002b:00007fbbfcf52038 EFLAGS: 00000246 ORIG_RAX: 000000000000004b
[  345.490666][T11478] RAX: ffffffffffffffda RBX: 00007fbbfc3e5fa0 RCX: 00007fbbfc18efc9
[  345.490678][T11478] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  345.490688][T11478] RBP: 00007fbbfcf52090 R08: 0000000000000000 R09: 0000000000000000
[  345.490699][T11478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.490709][T11478] R13: 00007fbbfc3e6038 R14: 00007fbbfc3e5fa0 R15: 00007ffe20000508
[  345.490738][T11478]  </TASK>
[  345.920145][T11489] FAULT_INJECTION: forcing a failure.
[  345.920145][T11489] name failslab, interval 1, probability 0, space 0, times 0
[  345.964753][T11489] CPU: 0 UID: 0 PID: 11489 Comm: syz.5.1910 Not tainted syzkaller #0 PREEMPT(full) 
[  345.964780][T11489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  345.964790][T11489] Call Trace:
[  345.964797][T11489]  <TASK>
[  345.964805][T11489]  dump_stack_lvl+0x189/0x250
[  345.964829][T11489]  ? __pfx____ratelimit+0x10/0x10
[  345.964852][T11489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  345.964870][T11489]  ? __pfx__printk+0x10/0x10
[  345.964893][T11489]  ? __pfx___might_resched+0x10/0x10
[  345.964920][T11489]  should_fail_ex+0x414/0x560
[  345.964947][T11489]  should_failslab+0xa8/0x100
[  345.964971][T11489]  __kmalloc_noprof+0xdf/0x800
[  345.964989][T11489]  ? kfree+0x4d/0x6d0
[  345.965004][T11489]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  345.965031][T11489]  tomoyo_realpath_from_path+0xe3/0x5d0
[  345.965062][T11489]  ? tomoyo_domain+0xd9/0x130
[  345.965088][T11489]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  345.965107][T11489]  tomoyo_path_number_perm+0x1e8/0x5a0
[  345.965128][T11489]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  345.965184][T11489]  ? __fget_files+0x2a/0x420
[  345.965210][T11489]  ? __fget_files+0x3a0/0x420
[  345.965229][T11489]  ? __fget_files+0x2a/0x420
[  345.965254][T11489]  security_file_ioctl+0xcb/0x2d0
[  345.965273][T11489]  __se_sys_ioctl+0x47/0x170
[  345.965293][T11489]  do_syscall_64+0xfa/0xfa0
[  345.965314][T11489]  ? lockdep_hardirqs_on+0x9c/0x150
[  345.965336][T11489]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.965353][T11489]  ? clear_bhb_loop+0x60/0xb0
[  345.965374][T11489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  345.965390][T11489] RIP: 0033:0x7fa08e58efc9
[  345.965406][T11489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  345.965420][T11489] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  345.965439][T11489] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  345.965451][T11489] RDX: 0000200000000200 RSI: 000000008010500c RDI: 0000000000000004
[  345.965463][T11489] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  345.965473][T11489] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  345.965483][T11489] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  345.965514][T11489]  </TASK>
[  345.965522][T11489] ERROR: Out of memory at tomoyo_realpath_from_path.
[  346.034008][ T5832] Bluetooth: hci2: command tx timeout
[  346.223782][T11494] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  346.475925][T11500] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  346.491182][T11500] FAULT_INJECTION: forcing a failure.
[  346.491182][T11500] name failslab, interval 1, probability 0, space 0, times 0
[  346.503998][T11500] CPU: 1 UID: 0 PID: 11500 Comm: syz.5.1916 Not tainted syzkaller #0 PREEMPT(full) 
[  346.504021][T11500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  346.504032][T11500] Call Trace:
[  346.504040][T11500]  <TASK>
[  346.504047][T11500]  dump_stack_lvl+0x189/0x250
[  346.504070][T11500]  ? __pfx____ratelimit+0x10/0x10
[  346.504091][T11500]  ? __pfx_dump_stack_lvl+0x10/0x10
[  346.504109][T11500]  ? __pfx__printk+0x10/0x10
[  346.504131][T11500]  ? __pfx___might_resched+0x10/0x10
[  346.504159][T11500]  should_fail_ex+0x414/0x560
[  346.504185][T11500]  should_failslab+0xa8/0x100
[  346.504208][T11500]  __kmalloc_noprof+0xdf/0x800
[  346.504226][T11500]  ? kfree+0x4d/0x6d0
[  346.504239][T11500]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  346.504266][T11500]  tomoyo_realpath_from_path+0xe3/0x5d0
[  346.504290][T11500]  ? tomoyo_domain+0xd9/0x130
[  346.504316][T11500]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  346.504342][T11500]  tomoyo_path_number_perm+0x1e8/0x5a0
[  346.504362][T11500]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  346.504419][T11500]  ? __fget_files+0x2a/0x420
[  346.504444][T11500]  ? __fget_files+0x3a0/0x420
[  346.504464][T11500]  ? __fget_files+0x2a/0x420
[  346.504489][T11500]  security_file_ioctl+0xcb/0x2d0
[  346.504509][T11500]  __se_sys_ioctl+0x47/0x170
[  346.504529][T11500]  do_syscall_64+0xfa/0xfa0
[  346.504550][T11500]  ? lockdep_hardirqs_on+0x9c/0x150
[  346.504572][T11500]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.504590][T11500]  ? clear_bhb_loop+0x60/0xb0
[  346.504615][T11500]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  346.504632][T11500] RIP: 0033:0x7fa08e58efc9
[  346.504647][T11500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  346.504660][T11500] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  346.504679][T11500] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  346.504695][T11500] RDX: 0000200000000680 RSI: 0000000000003ba0 RDI: 0000000000000004
[  346.504706][T11500] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  346.504717][T11500] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  346.504728][T11500] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  346.504758][T11500]  </TASK>
[  346.504765][T11500] ERROR: Out of memory at tomoyo_realpath_from_path.
[  346.724637][ T5827] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  346.936713][ T5827] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[  346.945035][ T5827] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  346.975437][ T5827] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  346.986637][ T5827] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  347.006615][ T5827] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  347.020015][ T5827] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  347.029380][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  347.040821][ T5827] usb 2-1: config 0 descriptor??
[  347.046962][T11502] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  347.216443][    T9] usb 6-1: new full-speed USB device number 33 using dummy_hcd
[  347.396427][    T9] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  347.404760][    T9] usb 6-1: can't read configurations, error -22
[  347.466530][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.483262][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.491102][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.500359][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.508278][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.516969][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.524691][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.532159][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.539973][    T9] usb 6-1: new full-speed USB device number 34 using dummy_hcd
[  347.548302][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.558339][ T5827] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  347.593156][ T5827] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  347.697254][    T9] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  347.705871][    T9] usb 6-1: can't read configurations, error -22
[  347.712541][    T9] usb usb6-port1: attempt power cycle
[  347.745001][   T43] usb 2-1: USB disconnect, device number 38
[  348.053520][    T9] usb 6-1: new full-speed USB device number 35 using dummy_hcd
[  348.076674][    T9] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  348.087078][    T9] usb 6-1: can't read configurations, error -22
[  348.229036][    T9] usb 6-1: new full-speed USB device number 36 using dummy_hcd
[  348.256257][    T9] usb 6-1: config index 0 descriptor too short (expected 9, got 0)
[  348.272161][    T9] usb 6-1: can't read configurations, error -22
[  348.282110][ T5832] Bluetooth: hci2: command tx timeout
[  348.292557][    T9] usb usb6-port1: unable to enumerate USB device
[  348.445936][T11512] FAULT_INJECTION: forcing a failure.
[  348.445936][T11512] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  348.459793][T11512] CPU: 1 UID: 0 PID: 11512 Comm: syz.1.1921 Not tainted syzkaller #0 PREEMPT(full) 
[  348.459827][T11512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  348.459838][T11512] Call Trace:
[  348.459844][T11512]  <TASK>
[  348.459852][T11512]  dump_stack_lvl+0x189/0x250
[  348.459874][T11512]  ? __pfx____ratelimit+0x10/0x10
[  348.459903][T11512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  348.459922][T11512]  ? __pfx__printk+0x10/0x10
[  348.459938][T11512]  ? __might_fault+0xb0/0x130
[  348.459969][T11512]  should_fail_ex+0x414/0x560
[  348.459995][T11512]  _copy_to_iter+0x1de/0x1790
[  348.460035][T11512]  ? __pfx__copy_to_iter+0x10/0x10
[  348.460059][T11512]  ? __lock_acquire+0xab9/0xd20
[  348.460092][T11512]  __skb_datagram_iter+0x41a/0x990
[  348.460117][T11512]  ? __pfx_simple_copy_to_iter+0x10/0x10
[  348.460148][T11512]  skb_copy_datagram_iter+0xc5/0x230
[  348.460173][T11512]  mptcp_recvmsg+0x546/0x1f70
[  348.460225][T11512]  ? __pfx___might_resched+0x10/0x10
[  348.460251][T11512]  ? __pfx_mptcp_recvmsg+0x10/0x10
[  348.460284][T11512]  ? aa_sk_perm+0x81e/0x950
[  348.460304][T11512]  ? sock_rps_record_flow+0x19/0x410
[  348.460324][T11512]  ? __pfx_mptcp_recvmsg+0x10/0x10
[  348.460345][T11512]  inet_recvmsg+0x24a/0x250
[  348.460366][T11512]  ? __pfx_inet_recvmsg+0x10/0x10
[  348.460388][T11512]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  348.460407][T11512]  ? security_socket_recvmsg+0x7e/0x2e0
[  348.460434][T11512]  sock_recvmsg+0x1a8/0x270
[  348.460455][T11512]  __sys_recvfrom+0x1f6/0x340
[  348.460478][T11512]  ? __pfx___sys_recvfrom+0x10/0x10
[  348.460495][T11512]  ? __mutex_unlock_slowpath+0x1a1/0x740
[  348.460530][T11512]  ? __fget_files+0x3a0/0x420
[  348.460562][T11512]  ? ksys_write+0x22a/0x250
[  348.460585][T11512]  ? __pfx_ksys_write+0x10/0x10
[  348.460608][T11512]  __x64_sys_recvfrom+0xde/0x100
[  348.460631][T11512]  do_syscall_64+0xfa/0xfa0
[  348.460652][T11512]  ? lockdep_hardirqs_on+0x9c/0x150
[  348.460673][T11512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.460690][T11512]  ? clear_bhb_loop+0x60/0xb0
[  348.460710][T11512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  348.460727][T11512] RIP: 0033:0x7f9cd078efc9
[  348.460742][T11512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  348.460756][T11512] RSP: 002b:00007f9cce9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002d
[  348.460774][T11512] RAX: ffffffffffffffda RBX: 00007f9cd09e6090 RCX: 00007f9cd078efc9
[  348.460786][T11512] RDX: fffffffffffffecb RSI: 0000200000000180 RDI: 0000000000000005
[  348.460797][T11512] RBP: 00007f9cce9f6090 R08: 0000000000000000 R09: 0000000000000000
[  348.460808][T11512] R10: 0000000000004100 R11: 0000000000000246 R12: 0000000000000001
[  348.460818][T11512] R13: 00007f9cd09e6128 R14: 00007f9cd09e6090 R15: 00007ffc3f5f8b08
[  348.460849][T11512]  </TASK>
[  349.279664][T11514] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1922'.
[  349.288995][T11514] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1922'.
[  350.423534][ T5832] Bluetooth: hci2: command tx timeout
[  350.692858][T11535] FAULT_INJECTION: forcing a failure.
[  350.692858][T11535] name failslab, interval 1, probability 0, space 0, times 0
[  350.723535][T11535] CPU: 1 UID: 0 PID: 11535 Comm: syz.5.1930 Not tainted syzkaller #0 PREEMPT(full) 
[  350.723577][T11535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  350.723599][T11535] Call Trace:
[  350.723607][T11535]  <TASK>
[  350.723614][T11535]  dump_stack_lvl+0x189/0x250
[  350.723638][T11535]  ? __pfx____ratelimit+0x10/0x10
[  350.723660][T11535]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.723686][T11535]  ? __pfx__printk+0x10/0x10
[  350.723706][T11535]  ? __pfx___might_resched+0x10/0x10
[  350.723729][T11535]  ? fs_reclaim_acquire+0x7d/0x100
[  350.723755][T11535]  should_fail_ex+0x414/0x560
[  350.723781][T11535]  should_failslab+0xa8/0x100
[  350.723806][T11535]  kmem_cache_alloc_noprof+0x88/0x700
[  350.723823][T11535]  ? __pfx_vfs_write+0x10/0x10
[  350.723842][T11535]  ? getname_flags+0xb8/0x540
[  350.723869][T11535]  getname_flags+0xb8/0x540
[  350.723894][T11535]  do_sys_openat2+0xbc/0x1c0
[  350.723913][T11535]  ? __pfx_do_sys_openat2+0x10/0x10
[  350.723929][T11535]  ? ksys_write+0x22a/0x250
[  350.723951][T11535]  ? __pfx_ksys_write+0x10/0x10
[  350.723974][T11535]  __x64_sys_creat+0x8f/0xc0
[  350.723994][T11535]  do_syscall_64+0xfa/0xfa0
[  350.724015][T11535]  ? lockdep_hardirqs_on+0x9c/0x150
[  350.724037][T11535]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.724053][T11535]  ? clear_bhb_loop+0x60/0xb0
[  350.724074][T11535]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.724090][T11535] RIP: 0033:0x7fa08e58efc9
[  350.724105][T11535] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.724119][T11535] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  350.724138][T11535] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  350.724151][T11535] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000ac0
[  350.724163][T11535] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  350.724173][T11535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  350.724183][T11535] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  350.724213][T11535]  </TASK>
[  351.039122][T11537] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1931'.
[  351.403482][   T10] usb 2-1: new full-speed USB device number 39 using dummy_hcd
[  351.555543][   T10] usb 2-1: unable to get BOS descriptor or descriptor too short
[  351.568179][   T10] usb 2-1: not running at top speed; connect to a high speed hub
[  351.577310][   T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  351.590227][   T10] usb 2-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=af.16
[  351.609921][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.623458][   T10] usb 2-1: Product: syz
[  351.627657][   T10] usb 2-1: Manufacturer: syz
[  351.637058][   T10] usb 2-1: SerialNumber: syz
[  351.859847][   T10] pwc: Visionite VCS-UC300 USB webcam detected.
[  351.894992][   T10] pwc: Failed to set LED on/off time (-71)
[  351.901227][   T10] pwc: send_video_command error -71
[  351.914145][   T10] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  351.921744][   T10] Philips webcam 2-1:1.0: probe with driver Philips webcam failed with error -71
[  351.956777][   T10] usb 2-1: USB disconnect, device number 39
[  351.970878][T11556] FAULT_INJECTION: forcing a failure.
[  351.970878][T11556] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  351.986212][T11556] CPU: 1 UID: 0 PID: 11556 Comm: syz.5.1938 Not tainted syzkaller #0 PREEMPT(full) 
[  351.986235][T11556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  351.986245][T11556] Call Trace:
[  351.986251][T11556]  <TASK>
[  351.986258][T11556]  dump_stack_lvl+0x189/0x250
[  351.986280][T11556]  ? __pfx____ratelimit+0x10/0x10
[  351.986302][T11556]  ? __pfx_dump_stack_lvl+0x10/0x10
[  351.986317][T11556]  ? __pfx__printk+0x10/0x10
[  351.986333][T11556]  ? __might_fault+0xb0/0x130
[  351.986362][T11556]  should_fail_ex+0x414/0x560
[  351.986386][T11556]  _copy_from_user+0x2d/0xb0
[  351.986405][T11556]  ___sys_sendmsg+0x158/0x2a0
[  351.986428][T11556]  ? __pfx____sys_sendmsg+0x10/0x10
[  351.986477][T11556]  ? __fget_files+0x2a/0x420
[  351.986497][T11556]  ? __fget_files+0x3a0/0x420
[  351.986527][T11556]  __x64_sys_sendmsg+0x19b/0x260
[  351.986550][T11556]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  351.986578][T11556]  ? __pfx_ksys_write+0x10/0x10
[  351.986601][T11556]  ? do_syscall_64+0xbe/0xfa0
[  351.986626][T11556]  do_syscall_64+0xfa/0xfa0
[  351.986644][T11556]  ? lockdep_hardirqs_on+0x9c/0x150
[  351.986665][T11556]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.986682][T11556]  ? clear_bhb_loop+0x60/0xb0
[  351.986702][T11556]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.986718][T11556] RIP: 0033:0x7fa08e58efc9
[  351.986732][T11556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  351.986745][T11556] RSP: 002b:00007fa08f477038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  351.986762][T11556] RAX: ffffffffffffffda RBX: 00007fa08e7e5fa0 RCX: 00007fa08e58efc9
[  351.986774][T11556] RDX: 0000000004040044 RSI: 0000200000002480 RDI: 0000000000000004
[  351.986784][T11556] RBP: 00007fa08f477090 R08: 0000000000000000 R09: 0000000000000000
[  351.986794][T11556] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  351.986809][T11556] R13: 00007fa08e7e6038 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  351.986836][T11556]  </TASK>
[  352.787352][T11576] netlink: 180 bytes leftover after parsing attributes in process `syz.1.1944'.
[  352.833927][T11576] NCSI netlink: No device for ifindex 0
[  352.884719][T11580] netlink: 52 bytes leftover after parsing attributes in process `syz.5.1945'.
[  352.903620][T11580] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1945'.
[  352.912952][T11580] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1945'.
[  352.941213][T11580] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1945'.
[  353.026175][T11584] trusted_key: syz.1.1947 sent an empty control message without MSG_MORE.
[  353.746800][T11607] ntfs3(loop5): try to read out of volume at offset 0x0
[  353.911943][T11609] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1958'.
[  354.783722][   T43] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  354.799595][ T5833] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  354.810543][ T5833] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  354.819300][ T5833] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  354.828411][ T5833] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  354.837842][ T5833] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  354.969606][   T43] usb 6-1: Using ep0 maxpacket: 8
[  354.981583][   T43] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  354.995665][   T43] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  355.006484][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.195768][T11631] chnl_net:caif_netlink_parms(): no params data found
[  355.442070][T11631] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.450038][T11631] bridge0: port 1(bridge_slave_0) entered disabled state
[  355.460301][T11631] bridge_slave_0: entered allmulticast mode
[  355.469358][T11631] bridge_slave_0: entered promiscuous mode
[  355.479850][T11631] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.487512][T11631] bridge0: port 2(bridge_slave_1) entered disabled state
[  355.498167][T11631] bridge_slave_1: entered allmulticast mode
[  355.507094][T11631] bridge_slave_1: entered promiscuous mode
[  355.614996][T11631] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.631593][T11631] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.726143][T11631] team0: Port device team_slave_0 added
[  355.737339][T11631] team0: Port device team_slave_1 added
[  355.781972][T11631] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.789322][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  355.817738][T11631] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.831385][T11631] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.838393][T11631] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  355.865428][T11631] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  355.930307][T11631] hsr_slave_0: entered promiscuous mode
[  355.937964][T11631] hsr_slave_1: entered promiscuous mode
[  355.944447][ T5879] usb 2-1: new full-speed USB device number 40 using dummy_hcd
[  355.953188][T11631] debugfs: 'hsr0' already exists in 'hsr'
[  355.960818][T11631] Cannot create hsr debugfs directory
[  356.115772][ T5879] usb 2-1: unable to get BOS descriptor or descriptor too short
[  356.125948][ T5879] usb 2-1: not running at top speed; connect to a high speed hub
[  356.135976][ T5879] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  356.156125][ T5879] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  356.168480][ T5879] usb 2-1: string descriptor 0 read error: -22
[  356.185286][ T5879] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  356.203775][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.247411][ T5879] usb 2-1: 0:2 : does not exist
[  356.262362][T11631] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  356.282429][T11631] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  356.297110][T11631] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  356.311585][T11631] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  356.446607][T11631] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.476233][T11631] 8021q: adding VLAN 0 to HW filter on device team0
[  356.497938][ T8336] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.505190][ T8336] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.541560][ T8336] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.548858][ T8336] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.686465][ T5879] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  356.736786][ T5879] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  356.767109][ T5879] usb 2-1: 5:0: failed to get current value for ch 1 (-22)
[  356.848043][ T5879] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5)
[  356.896075][ T5879] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5)
[  356.913906][ T5833] Bluetooth: hci4: command tx timeout
[  356.924651][ T5879] usb 2-1: USB disconnect, device number 40
[  356.970585][T11631] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.302413][T11631] veth0_vlan: entered promiscuous mode
[  357.328615][T11631] veth1_vlan: entered promiscuous mode
[  357.372348][T11631] veth0_macvtap: entered promiscuous mode
[  357.386997][T11631] veth1_macvtap: entered promiscuous mode
[  357.418470][T11631] batman_adv: batadv0: Interface activated: batadv_slave_0
[  357.441879][T11631] batman_adv: batadv0: Interface activated: batadv_slave_1
[  357.465455][ T8331] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  357.487284][ T8331] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  357.531374][ T8331] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  357.565123][ T5827] usb 6-1: USB disconnect, device number 37
[  357.598538][ T8331] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.711762][ T8336] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  357.743564][ T8336] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  357.826227][ T8331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  357.835962][ T8331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  358.435489][ T5871] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  358.607854][ T5871] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  358.623485][ T5871] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.642926][ T5871] usb 2-1: Product: syz
[  358.647344][ T5871] usb 2-1: Manufacturer: syz
[  358.651954][ T5871] usb 2-1: SerialNumber: syz
[  358.669682][ T5871] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  358.730437][ T5827] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  358.803588][   T43] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  358.963566][   T43] usb 6-1: Using ep0 maxpacket: 8
[  358.970586][   T43] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  358.991512][   T43] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  358.993920][ T5833] Bluetooth: hci4: command tx timeout
[  359.029204][   T43] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  359.062108][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.108793][   T43] usbtmc 6-1:16.0: bulk endpoints not found
[  359.159686][    T9] usb 2-1: USB disconnect, device number 41
[  359.803458][ T5827] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  359.833998][ T5827] ath9k_htc: Failed to initialize the device
[  359.847361][    T9] usb 2-1: ath9k_htc: USB layer deinitialized
[  360.953505][ T5827] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  361.073915][ T5833] Bluetooth: hci4: command tx timeout
[  361.113672][ T5827] usb 9-1: Using ep0 maxpacket: 16
[  361.124546][ T5827] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  361.134105][    T9] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  361.155999][ T5827] usb 9-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  361.165934][ T5827] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  361.174480][ T5827] usb 9-1: Product: syz
[  361.178663][ T5827] usb 9-1: Manufacturer: syz
[  361.183269][ T5827] usb 9-1: SerialNumber: syz
[  361.196826][ T5827] usb 9-1: config 0 descriptor??
[  361.305333][    T9] usb 2-1: Using ep0 maxpacket: 32
[  361.312744][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.324918][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.335157][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  361.344540][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.358700][    T9] usb 2-1: config 0 descriptor??
[  361.376800][    T9] hub 2-1:0.0: USB hub found
[  361.578375][ T5914] usb 6-1: USB disconnect, device number 38
[  361.621902][ T8331] Bluetooth: hci5: Frame reassembly failed (-84)
[  361.622308][    T9] hub 2-1:0.0: 1 port detected
[  362.076936][ T5838] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  362.087169][ T5838] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  362.096295][ T5838] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  362.106533][ T5838] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  362.117643][ T5838] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  362.394796][T11747] chnl_net:caif_netlink_parms(): no params data found
[  362.434036][   T10] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  362.497020][T11747] bridge0: port 1(bridge_slave_0) entered blocking state
[  362.505080][T11747] bridge0: port 1(bridge_slave_0) entered disabled state
[  362.512620][T11747] bridge_slave_0: entered allmulticast mode
[  362.524171][T11747] bridge_slave_0: entered promiscuous mode
[  362.534113][T11747] bridge0: port 2(bridge_slave_1) entered blocking state
[  362.541377][T11747] bridge0: port 2(bridge_slave_1) entered disabled state
[  362.549173][T11747] bridge_slave_1: entered allmulticast mode
[  362.557414][T11747] bridge_slave_1: entered promiscuous mode
[  362.591283][T11747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  362.600642][   T10] usb 6-1: Using ep0 maxpacket: 8
[  362.605820][T11747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  362.608128][   T10] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 13
[  362.629119][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[  362.639195][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.647295][   T10] usb 6-1: Product: syz
[  362.651503][   T10] usb 6-1: Manufacturer: syz
[  362.656456][   T10] usb 6-1: SerialNumber: syz
[  362.665960][   T10] usb 6-1: config 0 descriptor??
[  362.675893][T11747] team0: Port device team_slave_0 added
[  362.686349][   T10] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[  362.686799][T11747] team0: Port device team_slave_1 added
[  362.730694][T11747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  362.739058][T11747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  362.766679][T11747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  362.781296][T11747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  362.788327][T11747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  362.814922][T11747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  362.876776][T11747] hsr_slave_0: entered promiscuous mode
[  362.883678][T11747] hsr_slave_1: entered promiscuous mode
[  362.891873][T11747] debugfs: 'hsr0' already exists in 'hsr'
[  362.898058][T11747] Cannot create hsr debugfs directory
[  363.106769][T11747] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  363.118943][T11747] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  363.129974][T11747] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  363.142119][T11747] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  363.153574][ T5832] Bluetooth: hci4: command tx timeout
[  363.183051][T11747] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.190262][T11747] bridge0: port 2(bridge_slave_1) entered forwarding state
[  363.197941][T11747] bridge0: port 1(bridge_slave_0) entered blocking state
[  363.205131][T11747] bridge0: port 1(bridge_slave_0) entered forwarding state
[  363.291395][T11747] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.312378][ T2959] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.325143][ T5916] hub 2-1:0.0: hub_ext_port_status failed (err = -32)
[  363.325175][ T2959] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.357120][T11747] 8021q: adding VLAN 0 to HW filter on device team0
[  363.372578][ T8331] bridge0: port 1(bridge_slave_0) entered blocking state
[  363.379883][ T8331] bridge0: port 1(bridge_slave_0) entered forwarding state
[  363.399149][ T2959] bridge0: port 2(bridge_slave_1) entered blocking state
[  363.406356][ T2959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  363.490538][T11752] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  363.497327][T11752] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  363.509548][T11752] vhci_hcd vhci_hcd.0: Device attached
[  363.518763][T11768] vhci_hcd: cannot find a urb of seqnum 1024 max seqnum 0
[  363.529909][ T2959] vhci_hcd vhci_hcd.5: stop threads
[  363.536429][ T2959] vhci_hcd vhci_hcd.5: release socket
[  363.541945][ T2959] vhci_hcd vhci_hcd.5: disconnect device
[  363.633676][ T5833] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  363.635491][ T5832] Bluetooth: hci5: command 0x1003 tx timeout
[  363.693910][T11747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  363.784253][ T5879] usb 2-1: USB disconnect, device number 42
[  363.897967][ T5827] usb 9-1: USB disconnect, device number 2
[  364.000755][T11747] veth0_vlan: entered promiscuous mode
[  364.012998][T11780] FAULT_INJECTION: forcing a failure.
[  364.012998][T11780] name failslab, interval 1, probability 0, space 0, times 0
[  364.016043][T11747] veth1_vlan: entered promiscuous mode
[  364.026875][T11780] CPU: 0 UID: 0 PID: 11780 Comm: syz.8.1995 Not tainted syzkaller #0 PREEMPT(full) 
[  364.026905][T11780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  364.026916][T11780] Call Trace:
[  364.026926][T11780]  <TASK>
[  364.026933][T11780]  dump_stack_lvl+0x189/0x250
[  364.026956][T11780]  ? __pfx____ratelimit+0x10/0x10
[  364.026978][T11780]  ? __pfx_dump_stack_lvl+0x10/0x10
[  364.026995][T11780]  ? __pfx__printk+0x10/0x10
[  364.027018][T11780]  ? __pfx___might_resched+0x10/0x10
[  364.027038][T11780]  ? fs_reclaim_acquire+0x7d/0x100
[  364.027063][T11780]  should_fail_ex+0x414/0x560
[  364.027088][T11780]  should_failslab+0xa8/0x100
[  364.027111][T11780]  __kmalloc_noprof+0xdf/0x800
[  364.027130][T11780]  ? tomoyo_encode+0x28b/0x550
[  364.027156][T11780]  tomoyo_encode+0x28b/0x550
[  364.027180][T11780]  tomoyo_realpath_from_path+0x58d/0x5d0
[  364.027203][T11780]  ? tomoyo_domain+0xd9/0x130
[  364.027227][T11780]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  364.027245][T11780]  tomoyo_path_number_perm+0x1e8/0x5a0
[  364.027318][T11780]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  364.027335][T11780]  ? kvm_sched_clock_read+0x11/0x20
[  364.027354][T11780]  ? sched_clock+0x3f/0x60
[  364.027372][T11780]  ? sched_clock_cpu+0x74/0x430
[  364.027397][T11780]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  364.027444][T11780]  ? __fget_files+0x2a/0x420
[  364.027469][T11780]  ? __fget_files+0x3a0/0x420
[  364.027488][T11780]  ? __fget_files+0x2a/0x420
[  364.027511][T11780]  security_file_ioctl+0xcb/0x2d0
[  364.027530][T11780]  __se_sys_ioctl+0x47/0x170
[  364.027550][T11780]  do_syscall_64+0xfa/0xfa0
[  364.027573][T11780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.027588][T11780]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  364.027604][T11780]  ? clear_bhb_loop+0x60/0xb0
[  364.027623][T11780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  364.027638][T11780] RIP: 0033:0x7f231558efc9
[  364.027654][T11780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  364.027668][T11780] RSP: 002b:00007f231640d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  364.027686][T11780] RAX: ffffffffffffffda RBX: 00007f23157e5fa0 RCX: 00007f231558efc9
[  364.027698][T11780] RDX: 0000200000000040 RSI: 000000004008ae89 RDI: 0000000000000005
[  364.027709][T11780] RBP: 00007f231640d090 R08: 0000000000000000 R09: 0000000000000000
[  364.027719][T11780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  364.027729][T11780] R13: 00007f23157e6038 R14: 00007f23157e5fa0 R15: 00007fff84f527c8
[  364.027758][T11780]  </TASK>
[  364.027798][T11780] ERROR: Out of memory at tomoyo_realpath_from_path.
[  364.077606][T11747] veth0_macvtap: entered promiscuous mode
[  364.312797][ T5833] Bluetooth: hci6: command tx timeout
[  364.337003][T11747] veth1_macvtap: entered promiscuous mode
[  364.365500][T11747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.388141][T11747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.420229][   T36] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.426049][T11784] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1997'.
[  364.444231][   T36] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.462116][   T36] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.496378][   T36] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.534930][   T10] gspca_zc3xx: reg_w_i err -71
[  364.591627][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.611528][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.661603][ T8331] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.679326][ T8331] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.933532][ T5916] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  365.087388][ T5916] usb 9-1: Using ep0 maxpacket: 8
[  365.105206][ T5916] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  365.116121][ T5916] usb 9-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  365.129529][ T5916] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  365.139081][ T5916] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.143639][ T5914] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  365.164097][   T10] gspca_zc3xx: Unknown sensor - set to TAS5130C
[  365.170491][   T10] gspca_zc3xx 6-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  365.179523][ T5916] usbtmc 9-1:16.0: bulk endpoints not found
[  365.199761][   T10] usb 6-1: USB disconnect, device number 39
[  365.305423][ T5914] usb 2-1: Using ep0 maxpacket: 16
[  365.315304][ T6809] block nbd5: Possible stuck request ffff8880256d7000: control (read@0,1024B). Runtime 150 seconds
[  365.326221][ T6809] block nbd5: Possible stuck request ffff8880256d71c0: control (read@1024,1024B). Runtime 150 seconds
[  365.326436][ T5937] block nbd6: Possible stuck request ffff8880257c5080: control (read@0,1024B). Runtime 150 seconds
[  365.337417][ T6809] block nbd5: Possible stuck request ffff8880256d7380: control (read@2048,1024B). Runtime 150 seconds
[  365.348581][ T5937] block nbd6: Possible stuck request ffff8880257c5240: control (read@1024,1024B). Runtime 150 seconds
[  365.370413][ T5937] block nbd6: Possible stuck request ffff8880257c5400: control (read@2048,1024B). Runtime 150 seconds
[  365.378819][ T5914] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  365.384457][ T5937] block nbd6: Possible stuck request ffff8880257c55c0: control (read@3072,1024B). Runtime 150 seconds
[  365.404559][ T6809] block nbd5: Possible stuck request ffff8880256d7540: control (read@3072,1024B). Runtime 150 seconds
[  365.437249][ T5914] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  365.460944][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.462107][T11817] FAULT_INJECTION: forcing a failure.
[  365.462107][T11817] name failslab, interval 1, probability 0, space 0, times 0
[  365.484570][T11817] CPU: 1 UID: 0 PID: 11817 Comm: syz.5.2006 Not tainted syzkaller #0 PREEMPT(full) 
[  365.484596][T11817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  365.484611][T11817] Call Trace:
[  365.484621][T11817]  <TASK>
[  365.484630][T11817]  dump_stack_lvl+0x189/0x250
[  365.484652][T11817]  ? __pfx____ratelimit+0x10/0x10
[  365.484675][T11817]  ? __pfx_dump_stack_lvl+0x10/0x10
[  365.484692][T11817]  ? __pfx__printk+0x10/0x10
[  365.484714][T11817]  ? __pfx___might_resched+0x10/0x10
[  365.484742][T11817]  should_fail_ex+0x414/0x560
[  365.484769][T11817]  should_failslab+0xa8/0x100
[  365.484792][T11817]  kmem_cache_alloc_noprof+0x88/0x700
[  365.484813][T11817]  ? io_submit_one+0x11f/0x1310
[  365.484834][T11817]  io_submit_one+0x11f/0x1310
[  365.484864][T11817]  ? __pfx_io_submit_one+0x10/0x10
[  365.484882][T11817]  ? __might_fault+0xb0/0x130
[  365.484913][T11817]  ? __might_fault+0xb0/0x130
[  365.484934][T11817]  __se_sys_io_submit+0x185/0x2f0
[  365.484960][T11817]  ? __pfx___se_sys_io_submit+0x10/0x10
[  365.484980][T11817]  ? ksys_write+0x22a/0x250
[  365.485009][T11817]  ? do_syscall_64+0xbe/0xfa0
[  365.485035][T11817]  do_syscall_64+0xfa/0xfa0
[  365.485055][T11817]  ? lockdep_hardirqs_on+0x9c/0x150
[  365.485086][T11817]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.485102][T11817]  ? clear_bhb_loop+0x60/0xb0
[  365.485123][T11817]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  365.485140][T11817] RIP: 0033:0x7fa08e58efc9
[  365.485156][T11817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  365.485171][T11817] RSP: 002b:00007fa08f455038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[  365.485190][T11817] RAX: ffffffffffffffda RBX: 00007fa08e7e6090 RCX: 00007fa08e58efc9
[  365.485202][T11817] RDX: 0000200000002900 RSI: 0000000000000001 RDI: 00007fa08f456000
[  365.485214][T11817] RBP: 00007fa08f455090 R08: 0000000000000000 R09: 0000000000000000
[  365.485224][T11817] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  365.485235][T11817] R13: 00007fa08e7e6128 R14: 00007fa08e7e6090 R15: 00007ffdbda7f8c8
[  365.485263][T11817]  </TASK>
[  365.485473][ T5914] usb 2-1: Product: syz
[  365.711831][ T5914] usb 2-1: Manufacturer: syz
[  365.717601][ T5914] usb 2-1: SerialNumber: syz
[  365.734598][ T5914] usb 2-1: config 0 descriptor??
[  365.871878][T11820] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2008'.
[  365.908661][T11820] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2008'.
[  366.092586][T11823] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2009'.
[  366.256762][T11830] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2011'.
[  366.292582][T11830] netlink: 148 bytes leftover after parsing attributes in process `syz.5.2011'.
[  366.598334][ T6809] block nbd7: Possible stuck request ffff8880257e0000: control (read@0,1024B). Runtime 150 seconds
[  366.609394][ T6809] block nbd7: Possible stuck request ffff8880257e01c0: control (read@1024,1024B). Runtime 150 seconds
[  366.621628][ T6809] block nbd7: Possible stuck request ffff8880257e0380: control (read@2048,1024B). Runtime 150 seconds
[  366.632937][ T6809] block nbd7: Possible stuck request ffff8880257e0540: control (read@3072,1024B). Runtime 150 seconds
[  366.643662][ T5827] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  366.793515][ T5827] usb 6-1: Using ep0 maxpacket: 32
[  366.799497][ T5827] usb 6-1: too many configurations: 17, using maximum allowed: 8
[  366.808772][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.816978][ T5827] usb 6-1: config 0 has no interface number 0
[  366.827582][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.835826][ T5827] usb 6-1: config 0 has no interface number 0
[  366.842950][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.851243][ T5827] usb 6-1: config 0 has no interface number 0
[  366.858290][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.867043][ T5827] usb 6-1: config 0 has no interface number 0
[  366.875401][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.883570][ T5827] usb 6-1: config 0 has no interface number 0
[  366.890662][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.898778][ T5827] usb 6-1: config 0 has no interface number 0
[  366.905881][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.914219][ T5827] usb 6-1: config 0 has no interface number 0
[  366.921369][ T5827] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  366.931975][ T5827] usb 6-1: config 0 has no interface number 0
[  366.940911][ T5827] usb 6-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2
[  366.950094][ T5827] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.958337][ T5827] usb 6-1: Product: syz
[  366.962502][ T5827] usb 6-1: Manufacturer: syz
[  366.967172][ T5827] usb 6-1: SerialNumber: syz
[  366.974210][ T5827] usb 6-1: config 0 descriptor??
[  366.984601][ T5827] etas_es58x 6-1:0.2: Starting syz syz (Serial Number syz)
[  367.405814][   T13] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  367.542899][ T5827] etas_es58x 6-1:0.2: could not parse product info: 'ࠅ'
[  367.753628][   T43] usb 9-1: USB disconnect, device number 3
[  367.850442][   T30] audit: type=1326 audit(1760831494.548:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.8.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  367.900699][   T30] audit: type=1326 audit(1760831494.548:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.8.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  367.977179][   T30] audit: type=1326 audit(1760831494.548:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="syz.8.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.002730][   T30] audit: type=1326 audit(1760831494.548:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.031247][   T13] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.062498][   T30] audit: type=1326 audit(1760831494.548:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.096591][   T30] audit: type=1326 audit(1760831494.548:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.120631][   T30] audit: type=1326 audit(1760831494.548:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.160728][   T30] audit: type=1326 audit(1760831494.548:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.201083][   T30] audit: type=1326 audit(1760831494.548:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.222885][   T30] audit: type=1326 audit(1760831494.548:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11846 comm="" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x7ffc0000
[  368.252643][ T5832] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  368.265023][ T5832] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  368.273910][ T5832] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  368.287025][ T5832] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  368.295041][ T5832] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  368.321938][   T13] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.429237][    T9] usb 2-1: USB disconnect, device number 43
[  368.555348][   T13] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.863111][T11876] netlink: 'syz.8.2019': attribute type 3 has an invalid length.
[  369.090447][    C1] etas_es58x 6-1:0.2: es58x_check_rx_urb: Expected sequence 0xFECA for start of frame but got 0x015D.
[  369.101722][    C1] etas_es58x 6-1:0.2: Recovery successful! Dropped 347 bytes (urb_cmd_len: 9)
[  369.110620][    C1] etas_es58x 6-1:0.2: es58x_fd_handle_urb_cmd: Unknown command type (0x00) and command ID (0x00) combination
[  369.122188][    C1] etas_es58x 6-1:0.2: ops->handle_urb_cmd() returned error -EBADRQC
[  369.144797][ T5492] etas_es58x 6-1:0.2 can0: bit-timing not yet defined
[  369.333723][    C1] etas_es58x 6-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  369.343019][    C1] etas_es58x 6-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  369.352271][    C1] etas_es58x 6-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  369.361495][    C1] etas_es58x 6-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  369.370684][    C1] etas_es58x 6-1:0.2: es58x_read_bulk_callback: error -EPROTO. Device unplugged?
[  369.379874][    C1] etas_es58x 6-1:0.2 can0: es58x_write_bulk_callback: error -EPROTO
[  369.392991][   T43] usb 6-1: USB disconnect, device number 40
[  369.401767][   T43] etas_es58x 6-1:0.2: Disconnecting syz syz
[  369.425674][ T5492] etas_es58x 6-1:0.2 can0: es58x_open: Could not open the network device: -EINVAL
[  369.617188][   T13] bridge_slave_1: left allmulticast mode
[  369.622974][   T13] bridge_slave_1: left promiscuous mode
[  369.633350][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.724971][   T13] bridge_slave_0: left allmulticast mode
[  369.730662][   T13] bridge_slave_0: left promiscuous mode
[  369.749714][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  369.942585][ T5827] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  370.115418][ T5827] usb 2-1: Using ep0 maxpacket: 8
[  370.140840][ T5827] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  370.167706][ T5827] usb 2-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  370.213695][ T5827] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  370.222904][ T5827] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.264353][ T5827] usbtmc 2-1:16.0: bulk endpoints not found
[  370.354099][ T5832] Bluetooth: hci3: command tx timeout
[  370.802506][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.824753][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.836203][   T13] bond0 (unregistering): Released all slaves
[  370.886488][T11856] chnl_net:caif_netlink_parms(): no params data found
[  371.283479][   T43] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  371.311706][T11856] bridge0: port 1(bridge_slave_0) entered blocking state
[  371.335863][T11856] bridge0: port 1(bridge_slave_0) entered disabled state
[  371.343171][T11856] bridge_slave_0: entered allmulticast mode
[  371.367974][T11856] bridge_slave_0: entered promiscuous mode
[  371.441005][T11856] bridge0: port 2(bridge_slave_1) entered blocking state
[  371.455330][T11856] bridge0: port 2(bridge_slave_1) entered disabled state
[  371.455616][   T43] usb 6-1: Using ep0 maxpacket: 16
[  371.462641][T11856] bridge_slave_1: entered allmulticast mode
[  371.495050][   T43] usb 6-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  371.499113][T11856] bridge_slave_1: entered promiscuous mode
[  371.515689][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  371.532981][   T43] usb 6-1: Product: syz
[  371.576233][   T43] usb 6-1: Manufacturer: syz
[  371.591186][   T43] usb 6-1: SerialNumber: syz
[  371.599564][T11856] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  371.601082][   T43] usb 6-1: config 0 descriptor??
[  371.672541][   T13] hsr_slave_0: left promiscuous mode
[  371.679289][   T13] hsr_slave_1: left promiscuous mode
[  371.687473][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.705774][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.727539][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.748923][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.815046][   T13] veth1_macvtap: left promiscuous mode
[  371.822519][   T13] veth0_macvtap: left promiscuous mode
[  371.835934][   T13] veth1_vlan: left promiscuous mode
[  371.842240][   T13] veth0_vlan: left promiscuous mode
[  372.022844][   T43] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  372.057514][   T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  372.068767][ T8502] usb 9-1: new low-speed USB device number 4 using dummy_hcd
[  372.091397][   T43] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  372.108715][   T43] usb 6-1: media controller created
[  372.149737][   T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  372.232224][   T43] zl10353_read_register: readreg error (reg=127, ret==0)
[  372.244233][   T43] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  372.260094][ T8502] usb 9-1: config index 0 descriptor too short (expected 6427, got 27)
[  372.268784][ T8502] usb 9-1: config 0 has an invalid interface number: 21 but max is 0
[  372.277665][   T43] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  372.286933][ T8502] usb 9-1: config 0 has no interface number 0
[  372.298582][ T8502] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  372.327644][ T8502] usb 9-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  372.338141][ T8502] usb 9-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  372.347481][ T8502] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.374968][ T8502] usb 9-1: config 0 descriptor??
[  372.445429][ T5832] Bluetooth: hci3: command tx timeout
[  372.695763][   T13] team0 (unregistering): Port device team_slave_1 removed
[  372.731611][   T10] usb 2-1: USB disconnect, device number 44
[  372.777304][   T13] team0 (unregistering): Port device team_slave_0 removed
[  373.026104][ T8502] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.21/input/input20
[  373.055270][ T8502] input: failed to attach handler kbd to device input20, error: -5
[  373.366918][ T8502] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  373.412628][T11856] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  373.463342][   T43] usb 9-1: USB disconnect, device number 4
[  373.479238][T11856] team0: Port device team_slave_0 added
[  373.504294][ T8502] usb 2-1: device descriptor read/64, error -71
[  373.504765][T11856] team0: Port device team_slave_1 added
[  373.616780][T11856] batman_adv: batadv0: Adding interface: batadv_slave_0
[  373.640251][T11856] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  373.672271][ T5827] usb 6-1: USB disconnect, device number 41
[  373.689330][T11856] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  373.734690][T11856] batman_adv: batadv0: Adding interface: batadv_slave_1
[  373.741673][T11856] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  373.767919][ T8502] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  373.819768][ T5827] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  373.851740][T11938] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2029'.
[  373.856094][T11856] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  373.924933][ T8502] usb 2-1: device descriptor read/64, error -71
[  373.945807][T11856] hsr_slave_0: entered promiscuous mode
[  373.953014][T11856] hsr_slave_1: entered promiscuous mode
[  373.962359][T11856] debugfs: 'hsr0' already exists in 'hsr'
[  373.968793][T11856] Cannot create hsr debugfs directory
[  374.048392][ T8502] usb usb2-port1: attempt power cycle
[  374.213870][ T5827] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  374.391666][ T5827] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.393767][ T8502] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  374.430025][ T5827] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  374.444165][ T8502] usb 2-1: device descriptor read/8, error -71
[  374.507504][ T5827] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  374.516687][ T5832] Bluetooth: hci3: command tx timeout
[  374.532447][ T5827] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  374.550872][ T5827] usb 6-1: SerialNumber: syz
[  374.693617][ T8502] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  374.743631][ T8502] usb 2-1: device descriptor read/8, error -71
[  374.797223][T11856] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  374.804351][ T5827] usb 6-1: 0:2 : does not exist
[  374.814035][ T5827] usb 6-1: unit 5 not found!
[  374.850505][T11856] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  374.858840][ T5827] usb 6-1: USB disconnect, device number 42
[  374.876099][ T8502] usb usb2-port1: unable to enumerate USB device
[  374.949595][T11856] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  374.982738][ T9128] udevd[9128]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  374.987147][T11856] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  375.126363][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  375.126380][   T30] audit: type=1326 audit(1760831501.828:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11971 comm="syz.8.2031" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f231558efc9 code=0x0
[  375.226359][T11978] FAULT_INJECTION: forcing a failure.
[  375.226359][T11978] name failslab, interval 1, probability 0, space 0, times 0
[  375.246265][T11856] 8021q: adding VLAN 0 to HW filter on device bond0
[  375.264650][T11978] CPU: 0 UID: 0 PID: 11978 Comm: syz.8.2031 Not tainted syzkaller #0 PREEMPT(full) 
[  375.264685][T11978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  375.264695][T11978] Call Trace:
[  375.264701][T11978]  <TASK>
[  375.264707][T11978]  dump_stack_lvl+0x189/0x250
[  375.264730][T11978]  ? __pfx____ratelimit+0x10/0x10
[  375.264751][T11978]  ? __pfx_dump_stack_lvl+0x10/0x10
[  375.264767][T11978]  ? __pfx__printk+0x10/0x10
[  375.264790][T11978]  ? __pfx___might_resched+0x10/0x10
[  375.264809][T11978]  ? fs_reclaim_acquire+0x7d/0x100
[  375.264834][T11978]  should_fail_ex+0x414/0x560
[  375.264859][T11978]  should_failslab+0xa8/0x100
[  375.264880][T11978]  kmem_cache_alloc_node_noprof+0x8c/0x710
[  375.264896][T11978]  ? __pfx_tcp_current_mss+0x10/0x10
[  375.264917][T11978]  ? __alloc_skb+0x112/0x2d0
[  375.264939][T11978]  __alloc_skb+0x112/0x2d0
[  375.264962][T11978]  tcp_stream_alloc_skb+0x3d/0x340
[  375.264983][T11978]  tcp_sendmsg_locked+0x1c7f/0x5540
[  375.265047][T11978]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[  375.265064][T11978]  ? __local_bh_enable_ip+0x12d/0x1c0
[  375.265090][T11978]  ? __local_bh_enable_ip+0x12d/0x1c0
[  375.265124][T11978]  tcp_sendmsg+0x2f/0x50
[  375.265143][T11978]  __sock_sendmsg+0xe5/0x270
[  375.265170][T11978]  ____sys_sendmsg+0x52d/0x830
[  375.265196][T11978]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.265226][T11978]  ? import_iovec+0x74/0xa0
[  375.265247][T11978]  ___sys_sendmsg+0x21f/0x2a0
[  375.265268][T11978]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.265323][T11978]  ? __fget_files+0x2a/0x420
[  375.265344][T11978]  ? __fget_files+0x3a0/0x420
[  375.265375][T11978]  __sys_sendmmsg+0x227/0x430
[  375.265401][T11978]  ? __pfx___sys_sendmmsg+0x10/0x10
[  375.265431][T11978]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  375.265473][T11978]  ? ksys_write+0x22a/0x250
[  375.265494][T11978]  ? __pfx_ksys_write+0x10/0x10
[  375.265519][T11978]  __x64_sys_sendmmsg+0xa0/0xc0
[  375.265542][T11978]  do_syscall_64+0xfa/0xfa0
[  375.265563][T11978]  ? lockdep_hardirqs_on+0x9c/0x150
[  375.265584][T11978]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.265600][T11978]  ? clear_bhb_loop+0x60/0xb0
[  375.265621][T11978]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.265637][T11978] RIP: 0033:0x7f231558efc9
[  375.265653][T11978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.265668][T11978] RSP: 002b:00007f23163ec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  375.265693][T11978] RAX: ffffffffffffffda RBX: 00007f23157e6090 RCX: 00007f231558efc9
[  375.265706][T11978] RDX: 0000000000000001 RSI: 0000200000000300 RDI: 0000000000000003
[  375.265717][T11978] RBP: 00007f23163ec090 R08: 0000000000000000 R09: 0000000000000000
[  375.265728][T11978] R10: 000000000404c851 R11: 0000000000000246 R12: 0000000000000001
[  375.265738][T11978] R13: 00007f23157e6128 R14: 00007f23157e6090 R15: 00007fff84f527c8
[  375.265769][T11978]  </TASK>
[  375.274870][T11856] 8021q: adding VLAN 0 to HW filter on device team0
[  375.643981][ T2959] bridge0: port 1(bridge_slave_0) entered blocking state
[  375.651229][ T2959] bridge0: port 1(bridge_slave_0) entered forwarding state
[  375.705834][ T2959] bridge0: port 2(bridge_slave_1) entered blocking state
[  375.713040][ T2959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  376.191501][T11856] 8021q: adding VLAN 0 to HW filter on device batadv0
[  376.303488][ T5930] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  376.459077][ T5930] usb 6-1: Using ep0 maxpacket: 8
[  376.485045][ T5930] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  376.507975][ T5930] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  376.524820][T12024] netlink: 'syz.8.2038': attribute type 4 has an invalid length.
[  376.537362][ T5930] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  376.547931][T12024] netlink: 36 bytes leftover after parsing attributes in process `syz.8.2038'.
[  376.562393][ T5930] usb 6-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  376.593753][ T8502] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  376.603425][ T5832] Bluetooth: hci3: command tx timeout
[  376.609182][ T5930] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  376.657076][ T5930] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  376.733226][ T5930] usbtmc 6-1:16.0: bulk endpoints not found
[  376.747417][T11856] veth0_vlan: entered promiscuous mode
[  376.754449][ T8502] usb 2-1: Using ep0 maxpacket: 16
[  376.791844][ T8502] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  376.812731][ T8502] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.822130][ T8502] usb 2-1: Product: syz
[  376.828682][ T8502] usb 2-1: Manufacturer: syz
[  376.834609][ T8502] usb 2-1: SerialNumber: syz
[  376.843244][ T8502] usb 2-1: config 0 descriptor??
[  376.858311][T11856] veth1_vlan: entered promiscuous mode
[  376.939346][T11856] veth0_macvtap: entered promiscuous mode
[  376.951344][T11856] veth1_macvtap: entered promiscuous mode
[  376.984461][T11856] batman_adv: batadv0: Interface activated: batadv_slave_0
[  377.007491][T11856] batman_adv: batadv0: Interface activated: batadv_slave_1
[  377.023651][    T9] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  377.037094][ T8331] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  377.047311][ T8331] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  377.071890][ T8331] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.104501][ T8331] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.183663][    T9] usb 9-1: Using ep0 maxpacket: 32
[  377.190709][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.201416][ T3006] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.209658][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.220035][ T3006] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  377.250380][    T9] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  377.270147][ T8502] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  377.273420][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.296187][ T8502] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  377.306874][    T9] usb 9-1: config 0 descriptor??
[  377.309481][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  377.321389][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  377.329869][ T8502] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  377.330519][    T9] hub 9-1:0.0: USB hub found
[  377.342775][ T8502] usb 2-1: media controller created
[  377.396127][ T8502] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  377.484724][ T8502] zl10353_read_register: readreg error (reg=127, ret==0)
[  377.496768][ T8502] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  377.506349][ T8502] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  377.551354][ T3006] Bluetooth: hci5: Frame reassembly failed (-84)
[  377.556017][    T9] hub 9-1:0.0: 1 port detected
[  377.763170][T12034] netlink: 'syz.8.2041': attribute type 10 has an invalid length.
[  377.765736][T12054] FAULT_INJECTION: forcing a failure.
[  377.765736][T12054] name failslab, interval 1, probability 0, space 0, times 0
[  377.775547][T12034] team0: Device tunl0 is of different type
[  377.787761][T12054] CPU: 1 UID: 0 PID: 12054 Comm: syz.9.2044 Not tainted syzkaller #0 PREEMPT(full) 
[  377.787785][T12054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  377.787796][T12054] Call Trace:
[  377.787803][T12054]  <TASK>
[  377.787810][T12054]  dump_stack_lvl+0x189/0x250
[  377.787834][T12054]  ? __pfx____ratelimit+0x10/0x10
[  377.787857][T12054]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.787874][T12054]  ? __pfx__printk+0x10/0x10
[  377.787895][T12054]  ? __pfx___might_resched+0x10/0x10
[  377.787915][T12054]  ? fs_reclaim_acquire+0x7d/0x100
[  377.787940][T12054]  should_fail_ex+0x414/0x560
[  377.787965][T12054]  should_failslab+0xa8/0x100
[  377.787987][T12054]  kmem_cache_alloc_node_noprof+0x8c/0x710
[  377.788006][T12054]  ? __alloc_skb+0x112/0x2d0
[  377.788029][T12054]  __alloc_skb+0x112/0x2d0
[  377.788050][T12054]  netlink_sendmsg+0x5c6/0xb30
[  377.788078][T12054]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.788100][T12054]  ? aa_sock_msg_perm+0xf1/0x1d0
[  377.788121][T12054]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  377.788142][T12054]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.788161][T12054]  __sock_sendmsg+0x21c/0x270
[  377.788187][T12054]  ____sys_sendmsg+0x505/0x830
[  377.788212][T12054]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.788250][T12054]  ? import_iovec+0x74/0xa0
[  377.788270][T12054]  ___sys_sendmsg+0x21f/0x2a0
[  377.788292][T12054]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.788345][T12054]  ? __fget_files+0x2a/0x420
[  377.788368][T12054]  ? __fget_files+0x3a0/0x420
[  377.788403][T12054]  __x64_sys_sendmsg+0x19b/0x260
[  377.788426][T12054]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  377.788455][T12054]  ? __pfx_ksys_write+0x10/0x10
[  377.788478][T12054]  ? do_syscall_64+0xbe/0xfa0
[  377.788502][T12054]  do_syscall_64+0xfa/0xfa0
[  377.788521][T12054]  ? lockdep_hardirqs_on+0x9c/0x150
[  377.788542][T12054]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.788558][T12054]  ? clear_bhb_loop+0x60/0xb0
[  377.788579][T12054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.788594][T12054] RIP: 0033:0x7f2aa938efc9
[  377.788608][T12054] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.788623][T12054] RSP: 002b:00007f2aaa178038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.788641][T12054] RAX: ffffffffffffffda RBX: 00007f2aa95e5fa0 RCX: 00007f2aa938efc9
[  377.788652][T12054] RDX: 00000000000000e0 RSI: 0000200000000080 RDI: 0000000000000003
[  377.788663][T12054] RBP: 00007f2aaa178090 R08: 0000000000000000 R09: 0000000000000000
[  377.788673][T12054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.788683][T12054] R13: 00007f2aa95e6038 R14: 00007f2aa95e5fa0 R15: 00007ffe7590ea18
[  377.788711][T12054]  </TASK>
[  377.822070][T12055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.074674][T12055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.094477][T12034] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.111036][T12034] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.387499][ T5930] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  378.531402][ T5930] usb 10-1: device descriptor read/64, error -71
[  378.778717][ T5930] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  378.804355][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  378.812600][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  378.893865][    T9] hub 9-1:0.0: hub_hub_status failed (err = -32)
[  378.900572][    T9] hub 9-1:0.0: config failed, can't get hub status (err -32)
[  378.910761][    T9] usbhid 9-1:0.0: can't add hid device: -32
[  378.912569][ T5930] usb 10-1: device descriptor read/64, error -71
[  378.917091][    T9] usbhid 9-1:0.0: probe with driver usbhid failed with error -32
[  379.036503][ T5930] usb usb10-port1: attempt power cycle
[  379.087452][ T8502] usb 6-1: USB disconnect, device number 43
[  379.298520][ T5879] usb 2-1: USB disconnect, device number 49
[  379.348969][ T5879] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  379.396936][ T5930] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  379.428128][ T5930] usb 10-1: device descriptor read/8, error -71
[  379.464107][T12068] FAULT_INJECTION: forcing a failure.
[  379.464107][T12068] name failslab, interval 1, probability 0, space 0, times 0
[  379.477351][T12068] CPU: 1 UID: 0 PID: 12068 Comm: syz.1.2050 Not tainted syzkaller #0 PREEMPT(full) 
[  379.477425][T12068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  379.477436][T12068] Call Trace:
[  379.477443][T12068]  <TASK>
[  379.477450][T12068]  dump_stack_lvl+0x189/0x250
[  379.477473][T12068]  ? __pfx____ratelimit+0x10/0x10
[  379.477495][T12068]  ? __pfx_dump_stack_lvl+0x10/0x10
[  379.477512][T12068]  ? __pfx__printk+0x10/0x10
[  379.477535][T12068]  ? __pfx___might_resched+0x10/0x10
[  379.477555][T12068]  ? fs_reclaim_acquire+0x7d/0x100
[  379.477581][T12068]  should_fail_ex+0x414/0x560
[  379.477607][T12068]  should_failslab+0xa8/0x100
[  379.477630][T12068]  __kmalloc_noprof+0xdf/0x800
[  379.477649][T12068]  ? tomoyo_encode+0x28b/0x550
[  379.477676][T12068]  tomoyo_encode+0x28b/0x550
[  379.477701][T12068]  tomoyo_realpath_from_path+0x58d/0x5d0
[  379.477733][T12068]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  379.477751][T12068]  tomoyo_path_number_perm+0x1e8/0x5a0
[  379.477771][T12068]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  379.477828][T12068]  ? __fget_files+0x2a/0x420
[  379.477853][T12068]  ? __fget_files+0x3a0/0x420
[  379.477872][T12068]  ? __fget_files+0x2a/0x420
[  379.477896][T12068]  security_file_ioctl+0xcb/0x2d0
[  379.477915][T12068]  __se_sys_ioctl+0x47/0x170
[  379.477935][T12068]  do_syscall_64+0xfa/0xfa0
[  379.477956][T12068]  ? lockdep_hardirqs_on+0x9c/0x150
[  379.477977][T12068]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.477994][T12068]  ? clear_bhb_loop+0x60/0xb0
[  379.478015][T12068]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.478030][T12068] RIP: 0033:0x7f9cd078efc9
[  379.478046][T12068] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.478060][T12068] RSP: 002b:00007f9cd1557038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  379.478078][T12068] RAX: ffffffffffffffda RBX: 00007f9cd09e5fa0 RCX: 00007f9cd078efc9
[  379.478090][T12068] RDX: 0000200000000200 RSI: 000000008010500c RDI: 0000000000000004
[  379.478101][T12068] RBP: 00007f9cd1557090 R08: 0000000000000000 R09: 0000000000000000
[  379.478112][T12068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.478122][T12068] R13: 00007f9cd09e6038 R14: 00007f9cd09e5fa0 R15: 00007ffc3f5f8b08
[  379.478152][T12068]  </TASK>
[  379.478194][T12068] ERROR: Out of memory at tomoyo_realpath_from_path.
[  379.623039][ T5832] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  379.623934][ T5833] Bluetooth: hci5: command 0x1003 tx timeout
[  379.734902][ T8502] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  379.880190][ T5930] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  379.914545][ T8502] usb 6-1: Using ep0 maxpacket: 32
[  379.922323][ T8502] usb 6-1: config 0 has no interfaces?
[  379.928166][ T8502] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  379.937739][ T5930] usb 10-1: device descriptor read/8, error -71
[  379.964478][ T8502] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.983929][ T8502] usb 6-1: config 0 descriptor??
[  380.055375][ T5916] usb 9-1: USB disconnect, device number 5
[  380.075812][ T5930] usb usb10-port1: unable to enumerate USB device
[  380.206715][ T5930] usb 6-1: USB disconnect, device number 44
[  380.281233][ T8502] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  380.447517][ T8502] usb 2-1: Using ep0 maxpacket: 8
[  380.490497][ T8502] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  380.502555][ T8502] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  380.519280][T12085] FAULT_INJECTION: forcing a failure.
[  380.519280][T12085] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  380.533488][T12085] CPU: 1 UID: 0 PID: 12085 Comm: syz.8.2056 Not tainted syzkaller #0 PREEMPT(full) 
[  380.533514][T12085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  380.533527][T12085] Call Trace:
[  380.533535][T12085]  <TASK>
[  380.533542][T12085]  dump_stack_lvl+0x189/0x250
[  380.533565][T12085]  ? __pfx____ratelimit+0x10/0x10
[  380.533586][T12085]  ? __pfx_dump_stack_lvl+0x10/0x10
[  380.533602][T12085]  ? __pfx__printk+0x10/0x10
[  380.533616][T12085]  ? lock_acquire+0x175/0x360
[  380.533647][T12085]  should_fail_ex+0x414/0x560
[  380.533673][T12085]  _copy_to_iter+0x404/0x1790
[  380.533711][T12085]  ? __pfx__copy_to_iter+0x10/0x10
[  380.533734][T12085]  ? get_pid_task+0x20/0x1f0
[  380.533751][T12085]  ? get_pid_task+0x20/0x1f0
[  380.533765][T12085]  ? get_pid_task+0x20/0x1f0
[  380.533786][T12085]  ? proc_single_show+0x15b/0x190
[  380.533810][T12085]  seq_read_iter+0xbf5/0xe20
[  380.533848][T12085]  seq_read+0x369/0x480
[  380.533873][T12085]  ? __pfx_seq_read+0x10/0x10
[  380.533910][T12085]  vfs_readv+0x5aa/0x850
[  380.533933][T12085]  ? __pfx_seq_read+0x10/0x10
[  380.533953][T12085]  ? __pfx_vfs_readv+0x10/0x10
[  380.533991][T12085]  ? __fget_files+0x2a/0x420
[  380.534016][T12085]  ? __fget_files+0x3a0/0x420
[  380.534035][T12085]  ? __fget_files+0x2a/0x420
[  380.534064][T12085]  __x64_sys_preadv+0x197/0x2a0
[  380.534087][T12085]  ? __pfx___x64_sys_preadv+0x10/0x10
[  380.534119][T12085]  do_syscall_64+0xfa/0xfa0
[  380.534142][T12085]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.534156][T12085]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  380.534173][T12085]  ? clear_bhb_loop+0x60/0xb0
[  380.534193][T12085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.534209][T12085] RIP: 0033:0x7f231558efc9
[  380.534226][T12085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  380.534239][T12085] RSP: 002b:00007f23163cb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  380.534258][T12085] RAX: ffffffffffffffda RBX: 00007f23157e6180 RCX: 00007f231558efc9
[  380.534271][T12085] RDX: 0000000000000001 RSI: 00002000000031c0 RDI: 0000000000000003
[  380.534282][T12085] RBP: 00007f23163cb090 R08: 0000000000000000 R09: 0000000000000000
[  380.534292][T12085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  380.534302][T12085] R13: 00007f23157e6218 R14: 00007f23157e6180 R15: 00007fff84f527c8
[  380.534332][T12085]  </TASK>
[  380.782900][ T8502] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  380.793076][ T8502] usb 2-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  380.806032][ T8502] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  380.815107][ T8502] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.830101][ T8502] usbtmc 2-1:16.0: bulk endpoints not found
[  380.877055][ T5916] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  381.030472][ T5916] usb 6-1: Using ep0 maxpacket: 16
[  381.037985][ T5916] usb 6-1: config 0 has an invalid interface number: 2 but max is 0
[  381.046402][ T5916] usb 6-1: config 0 has no interface number 0
[  381.054915][ T5916] usb 6-1: New USB device found, idVendor=0545, idProduct=8080, bcdDevice= 0.01
[  381.065052][ T5916] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.074209][ T5916] usb 6-1: Product: syz
[  381.078447][ T5916] usb 6-1: Manufacturer: syz
[  381.083243][ T5916] usb 6-1: SerialNumber: syz
[  381.089806][ T5916] usb 6-1: config 0 descriptor??
[  381.097477][ T5916] gspca_main: xirlink-cit-2.14.0 probing 0545:8080
[  381.300187][T12090] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.313089][T12090] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.432624][   T31] INFO: task poweroff:9108 blocked for more than 143 seconds.
[  381.440437][   T31]       Not tainted syzkaller #0
[  381.445938][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  381.455668][   T31] task:poweroff        state:D stack:24488 pid:9108  tgid:9108  ppid:5182   task_flags:0x400000 flags:0x00080001
[  381.468563][   T31] Call Trace:
[  381.472284][   T31]  <TASK>
[  381.475325][   T31]  __schedule+0x17c4/0x4d60
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  381.481773][   T31]  ? __lock_acquire+0xab9/0xd20
[  381.487488][   T31]  ? __pfx___schedule+0x10/0x10
[  381.493182][   T31]  ? schedule+0x91/0x360
[  381.497580][   T31]  schedule+0x165/0x360
[  381.501854][   T31]  schedule_preempt_disabled+0x13/0x30
[  381.508144][   T31]  __mutex_lock+0x7e6/0x1350
[  381.529000][   T31]  ? __mutex_lock+0x5bb/0x1350
[  381.548607][   T31]  ? sync_bdevs+0x1ac/0x340
[  381.559007][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  381.572316][   T31]  ? iput+0x5eb/0xc50
[  381.600395][   T31]  sync_bdevs+0x1ac/0x340
[  381.620172][   T31]  ksys_sync+0xb9/0x150
[  381.661060][   T31]  ? __pfx_ksys_sync+0x10/0x10
[  381.663120][ T5827] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  381.665929][   T31]  ? do_syscall_64+0xbe/0xfa0
[  381.720123][   T31]  __ia32_sys_sync+0xe/0x20
[  381.724693][   T31]  do_syscall_64+0xfa/0xfa0
[  381.738302][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  381.743562][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.758612][   T31]  ? clear_bhb_loop+0x60/0xb0
[  381.768403][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  381.797461][   T31] RIP: 0033:0x7f6878596f37
[  381.803166][   T31] RSP: 002b:00007ffd6d687dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  381.826804][   T31] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f6878596f37
[  381.841787][   T31] RDX: ffffffffffffff88 RSI: 00007f687872fe51 RDI: 00000000ffffff9c
[  381.849808][   T31] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  381.891580][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  381.908566][   T31] R13: 00007ffd6d687f38 R14: 00007f6878779000 R15: 00005624562acd98
[  381.916831][   T31]  </TASK>
[  381.919975][   T31] 
[  381.919975][   T31] Showing all locks held in the system:
[  381.929340][   T31] 1 lock held by khungtaskd/31:
[  381.934958][   T31]  #0: ffffffff8e13d720 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  381.944964][   T31] 2 locks held by getty/5585:
[  381.949678][   T31]  #0: ffff888033c950a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  381.959545][   T31]  #1: ffffc9000332e2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  381.969776][   T31] 1 lock held by udevd/5825:
[  381.974447][   T31]  #0: ffff888025556358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  381.983748][   T31] 5 locks held by kworker/0:3/5827:
[  381.994340][   T31]  #0: ffff888021e88948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  382.025075][   T31]  #1: ffffc9000406fba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  382.055809][   T31]  #2: ffff888028536198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  382.064823][   T31]  #3: ffff888144b01518 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21b8/0x4a20
[  382.096812][   T31]  #4: ffff888028556268 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21e5/0x4a20
[  382.106585][   T31] 1 lock held by udevd/5835:
[  382.127519][   T31]  #0: ffff888025728358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  382.136812][   T31] 1 lock held by udevd/5836:
[  382.168492][   T31]  #0: ffff88802572c358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  382.177786][   T31] 5 locks held by kworker/0:7/5916:
[  382.219764][   T31]  #0: ffff888021e88948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  382.240214][   T31]  #1: ffffc9000452fba0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  382.259425][   T31]  #2: ffff88802838e198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a20
[  382.268647][   T31]  #3: ffff88803243e198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  382.281369][   T31]  #4: ffff888057adf160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  382.290727][   T31] 3 locks held by kworker/1:6/8502:
[  382.296249][   T31]  #0: ffff88813fe55948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  382.307650][   T31]  #1: ffffc9000217fba0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  382.318200][   T31]  #2: ffffffff8e1431b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  382.330329][   T31] 1 lock held by poweroff/9108:
[  382.335603][   T31]  #0: ffff88802572c358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x1ac/0x340
[  382.345131][   T31] 4 locks held by udevd/9128:
[  382.349820][   T31]  #0: ffff888063893b08 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe20
[  382.358799][   T31]  #1: ffff88804d671888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x5c/0x420
[  382.368297][   T31]  #2: ffff88804e2d6878 (kn->active#30){++++}-{0:0}, at: kernfs_seq_start+0xb2/0x420
[  382.377923][   T31]  #3: ffff88803243e198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0
[  382.387334][   T31] 1 lock held by syz.5.2047/12062:
[  382.392493][   T31]  #0: ffffffff8e1431b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  382.403772][   T31] 3 locks held by syz.1.2054/12094:
[  382.409112][   T31]  #0: ffff8880797b0dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  382.419178][   T31]  #1: ffff8880797b00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  382.430163][   T31]  #2: ffffffff8f64ff68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  382.440399][   T31] 4 locks held by syz.9.2058/12088:
[  382.445640][   T31]  #0: ffff8880316c4dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x212/0x510
[  382.455690][   T31]  #1: ffff8880316c40b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330
[  382.465393][   T31]  #2: ffffffff8f64ff68 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230
[  382.475495][   T31]  #3: ffff888027c7a338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680
[  382.485088][   T31] 
[  382.500368][   T31] =============================================
[  382.500368][   T31] 
[  382.517302][   T31] NMI backtrace for cpu 1
[  382.517319][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  382.517337][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  382.517348][   T31] Call Trace:
[  382.517355][   T31]  <TASK>
[  382.517362][   T31]  dump_stack_lvl+0x189/0x250
[  382.517388][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  382.517404][   T31]  ? __pfx__printk+0x10/0x10
[  382.517432][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  382.517452][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  382.517473][   T31]  ? __pfx__printk+0x10/0x10
[  382.517492][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  382.517515][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  382.517536][   T31]  watchdog+0xfa9/0xff0
[  382.517561][   T31]  ? watchdog+0x1f4/0xff0
[  382.517587][   T31]  kthread+0x711/0x8a0
[  382.517604][   T31]  ? __pfx_watchdog+0x10/0x10
[  382.517623][   T31]  ? __pfx_kthread+0x10/0x10
[  382.517642][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  382.517661][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.517681][   T31]  ? __pfx_kthread+0x10/0x10
[  382.517699][   T31]  ret_from_fork+0x4bc/0x870
[  382.517722][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  382.517749][   T31]  ? __switch_to_asm+0x39/0x70
[  382.517764][   T31]  ? __switch_to_asm+0x33/0x70
[  382.517780][   T31]  ? __pfx_kthread+0x10/0x10
[  382.517798][   T31]  ret_from_fork_asm+0x1a/0x30
[  382.517832][   T31]  </TASK>
[  382.517837][   T31] Sending NMI from CPU 1 to CPUs 0:
[  382.672131][    C0] NMI backtrace for cpu 0
[  382.672150][    C0] CPU: 0 UID: 0 PID: 12062 Comm: syz.5.2047 Not tainted syzkaller #0 PREEMPT(full) 
[  382.672168][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  382.672177][    C0] RIP: 0010:unwind_next_frame+0x19ba/0x2390
[  382.672203][    C0] Code: c2 40 71 68 8b e8 06 f7 29 00 48 c7 c7 20 d7 13 8e 4c 89 fe e8 e7 dc 29 00 e8 b2 82 33 00 89 d8 48 81 c4 98 00 00 00 5b 41 5c <41> 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 4c 8b 7c 24 48 eb 89 49 89
[  382.672215][    C0] RSP: 0018:ffffc90003036c20 EFLAGS: 00000292
[  382.672234][    C0] RAX: 00000000903be001 RBX: ffffc90003036d00 RCX: 675d4b4e55f59a00
[  382.672245][    C0] RDX: 0000000000000001 RSI: ffffffff8da1bfb5 RDI: ffff8880260a0000
[  382.672255][    C0] RBP: dffffc0000000000 R08: ffffc90003037a10 R09: 0000000000000000
[  382.672265][    C0] R10: ffffc90003036c98 R11: fffff52000606d95 R12: ffff8880260a0000
[  382.672276][    C0] R13: ffffc90003030000 R14: ffffc90003036c48 R15: ffffffff8173df15
[  382.672292][    C0] FS:  0000000000000000(0000) GS:ffff888125d1f000(0000) knlGS:0000000000000000
[  382.672304][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  382.672314][    C0] CR2: 000000110c3f6ecd CR3: 000000007e302000 CR4: 00000000003526f0
[  382.672328][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000004144
[  382.672337][    C0] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  382.672346][    C0] Call Trace:
[  382.672352][    C0]  <TASK>
[  382.672358][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  382.672375][    C0]  arch_stack_walk+0x11c/0x150
[  382.672397][    C0]  ? task_work_run+0x1d4/0x260
[  382.672414][    C0]  stack_trace_save+0x9c/0xe0
[  382.672428][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  382.672447][    C0]  save_stack+0xf5/0x1f0
[  382.672464][    C0]  ? __pfx_save_stack+0x10/0x10
[  382.672479][    C0]  ? free_unref_folios+0xdb3/0x1500
[  382.672495][    C0]  ? folios_put_refs+0x584/0x670
[  382.672513][    C0]  ? shmem_undo_range+0x49e/0x14b0
[  382.672531][    C0]  ? shmem_evict_inode+0x272/0xa70
[  382.672546][    C0]  ? evict+0x504/0x9c0
[  382.672560][    C0]  ? __dentry_kill+0x209/0x660
[  382.672577][    C0]  ? shrink_kill+0xa9/0x2c0
[  382.672593][    C0]  ? shrink_dentry_list+0x2e0/0x5e0
[  382.672610][    C0]  ? shrink_dcache_parent+0xa1/0x2c0
[  382.672628][    C0]  ? do_one_tree+0x23/0xe0
[  382.672645][    C0]  ? shrink_dcache_for_umount+0xa0/0x170
[  382.672663][    C0]  ? generic_shutdown_super+0x67/0x2c0
[  382.672676][    C0]  ? kill_litter_super+0x76/0xb0
[  382.672690][    C0]  ? deactivate_locked_super+0xbc/0x130
[  382.672702][    C0]  ? cleanup_mnt+0x425/0x4c0
[  382.672722][    C0]  ? page_ext_put+0x97/0xc0
[  382.672739][    C0]  __reset_page_owner+0x71/0x1f0
[  382.672756][    C0]  free_unref_folios+0xdb3/0x1500
[  382.672775][    C0]  ? __page_cache_release+0x8a6/0xbb0
[  382.672794][    C0]  ? folio_unqueue_deferred_split+0x93/0x230
[  382.672814][    C0]  folios_put_refs+0x584/0x670
[  382.672836][    C0]  ? __pfx_folios_put_refs+0x10/0x10
[  382.672856][    C0]  ? folio_batch_remove_exceptionals+0x18c/0x1f0
[  382.672878][    C0]  shmem_undo_range+0x49e/0x14b0
[  382.672904][    C0]  ? __pfx_shmem_undo_range+0x10/0x10
[  382.672950][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  382.672970][    C0]  ? is_bpf_text_address+0x292/0x2b0
[  382.672987][    C0]  ? is_bpf_text_address+0x26/0x2b0
[  382.673006][    C0]  shmem_evict_inode+0x272/0xa70
[  382.673025][    C0]  ? inode_wait_for_writeback+0xf9/0x290
[  382.673045][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  382.673062][    C0]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  382.673086][    C0]  ? do_raw_spin_unlock+0x122/0x240
[  382.673103][    C0]  ? __pfx_shmem_evict_inode+0x10/0x10
[  382.673118][    C0]  evict+0x504/0x9c0
[  382.673135][    C0]  ? __pfx_evict+0x10/0x10
[  382.673150][    C0]  ? _raw_spin_unlock+0x28/0x50
[  382.673166][    C0]  ? iput+0x946/0xc50
[  382.673186][    C0]  __dentry_kill+0x209/0x660
[  382.673228][    C0]  ? shrink_kill+0x8d/0x2c0
[  382.673246][    C0]  shrink_kill+0xa9/0x2c0
[  382.673263][    C0]  shrink_dentry_list+0x2e0/0x5e0
[  382.673284][    C0]  shrink_dcache_parent+0xa1/0x2c0
[  382.673304][    C0]  ? __pfx_shrink_dcache_parent+0x10/0x10
[  382.673330][    C0]  do_one_tree+0x23/0xe0
[  382.673349][    C0]  shrink_dcache_for_umount+0xa0/0x170
[  382.673370][    C0]  generic_shutdown_super+0x67/0x2c0
[  382.673386][    C0]  kill_litter_super+0x76/0xb0
[  382.673401][    C0]  deactivate_locked_super+0xbc/0x130
[  382.673416][    C0]  cleanup_mnt+0x425/0x4c0
[  382.673435][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.673455][    C0]  task_work_run+0x1d4/0x260
[  382.673471][    C0]  ? __pfx_task_work_run+0x10/0x10
[  382.673486][    C0]  ? do_exit+0x6b0/0x2300
[  382.673499][    C0]  ? kmem_cache_free+0x19b/0x690
[  382.673518][    C0]  do_exit+0x6b5/0x2300
[  382.673535][    C0]  ? do_raw_spin_lock+0x121/0x290
[  382.673550][    C0]  ? __pfx_do_exit+0x10/0x10
[  382.673572][    C0]  do_group_exit+0x21c/0x2d0
[  382.673586][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  382.673605][    C0]  get_signal+0x1285/0x1340
[  382.673632][    C0]  arch_do_signal_or_restart+0xa0/0x790
[  382.673648][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  382.673664][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  382.673688][    C0]  ? exit_to_user_mode_loop+0x40/0x130
[  382.673707][    C0]  exit_to_user_mode_loop+0x72/0x130
[  382.673723][    C0]  do_syscall_64+0x2bd/0xfa0
[  382.673742][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.673756][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  382.673769][    C0]  ? clear_bhb_loop+0x60/0xb0
[  382.673785][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  382.673798][    C0] RIP: 0033:0x7fa08e5c1885
[  382.673811][    C0] Code: Unable to access opcode bytes at 0x7fa08e5c185b.
[  382.673818][    C0] RSP: 002b:00007fa08f474f50 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
[  382.673832][    C0] RAX: fffffffffffffdfc RBX: 0000000000000003 RCX: 00007fa08e5c1885
[  382.673842][    C0] RDX: 00007fa08f474f90 RSI: 0000000000000000 RDI: 0000000000000000
[  382.673852][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  382.673860][    C0] R10: 0000000000000000 R11: 0000000000000293 R12: 00007fa08f474fe8
[  382.673869][    C0] R13: 0000000000000000 R14: 00007fa08e7e5fa0 R15: 00007ffdbda7f8c8
[  382.673895][    C0]  </TASK>
[  383.297524][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0400, value 0x00, error -110)
[  383.309036][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0400, value 0x01, error -32)
[  383.320745][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x00, error -32)
[  383.330998][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0420, value 0x01, error -32)
[  383.358678][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0409, value 0x0D, error -32)
[  383.394953][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x040A, value 0x02, error -32)
[  383.542754][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0405, value 0x18, error -32)
[  383.595757][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0435, value 0x08, error -32)
[  383.644408][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x040B, value 0x26, error -32)
[  383.693984][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0437, value 0x07, error -32)
[  383.714307][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x042F, value 0x15, error -32)
[  383.754238][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0439, value 0x2B, error -32)
[  383.793624][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x043A, value 0x26, error -32)
[  383.812073][ T5871] usb 2-1: USB disconnect, device number 50
[  383.855423][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0438, value 0x08, error -32)
[  383.959841][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x042B, value 0x1E, error -32)
[  383.977032][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x042C, value 0x41, error -32)
[  384.005075][ T5916] gspca_xirlink_cit: Failed to write a register (index 0x0100, value 0xC0, error -32)
[  384.047192][ T8336] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.070210][ T5916] input: xirlink-cit as /devices/platform/dummy_hcd.5/usb6/6-1/input/input21
[  384.188393][ T5916] usb 6-1: USB disconnect, device number 45
[  384.300547][ T8336] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.395485][ T8336] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.492069][ T8336] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.660962][ T8336] bridge_slave_1: left allmulticast mode
[  384.668151][ T8336] bridge_slave_1: left promiscuous mode
[  384.674373][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state
[  384.683341][ T8336] bridge_slave_0: left allmulticast mode
[  384.689454][ T8336] bridge_slave_0: left promiscuous mode
[  384.697241][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state
[  385.047556][ T8336] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  385.058363][ T8336] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  385.068626][ T8336] bond0 (unregistering): Released all slaves
[  385.392458][ T8336] hsr_slave_0: left promiscuous mode
[  385.401549][ T8336] hsr_slave_1: left promiscuous mode
[  385.408066][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  385.416409][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_0
[  385.424931][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  385.432714][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_1
[  385.457222][ T8336] veth1_macvtap: left promiscuous mode
[  385.466175][ T8336] veth0_macvtap: left promiscuous mode
[  385.472432][ T8336] veth1_vlan: left promiscuous mode
[  385.477827][ T8336] veth0_vlan: left promiscuous mode
[  386.018968][ T8336] team0 (unregistering): Port device team_slave_1 removed
[  386.062475][ T8336] team0 (unregistering): Port device team_slave_0 removed
[  386.858454][ T8336] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  386.960337][ T8336] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.030876][ T8336] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.103755][ T8336] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.322690][ T8336] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.416496][ T8336] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.508759][ T8336] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.594485][ T8336] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  387.780153][ T8336] bridge_slave_1: left allmulticast mode
[  387.788921][ T8336] bridge_slave_1: left promiscuous mode
[  387.795216][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.813835][ T8336] bridge_slave_0: left allmulticast mode
[  387.819522][ T8336] bridge_slave_0: left promiscuous mode
[  387.825934][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.841808][ T8336] bridge_slave_1: left allmulticast mode
[  387.848490][ T8336] bridge_slave_1: left promiscuous mode
[  387.858492][ T8336] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.870681][ T8336] bridge_slave_0: left allmulticast mode
[  387.878037][ T8336] bridge_slave_0: left promiscuous mode
[  387.884362][ T8336] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.315247][ T8336] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.327198][ T8336] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.337168][ T8336] bond0 (unregistering): Released all slaves
[  388.662224][ T8336] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  388.673014][ T8336] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  388.684843][ T8336] bond0 (unregistering): (slave wlan1): Releasing backup interface
[  388.699604][ T8336] bond0 (unregistering): Released all slaves
[  389.194457][ T8336] hsr_slave_0: left promiscuous mode
[  389.200910][ T8336] hsr_slave_1: left promiscuous mode
[  389.212996][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.221383][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.230957][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.241345][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.259420][ T8336] hsr_slave_0: left promiscuous mode
[  389.271881][ T8336] hsr_slave_1: left promiscuous mode
[  389.280373][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  389.287931][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_0
[  389.297208][ T8336] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  389.304614][ T8336] batman_adv: batadv0: Removing interface: batadv_slave_1
[  389.338105][ T8336] veth1_macvtap: left promiscuous mode
[  389.343627][ T8336] veth0_macvtap: left promiscuous mode
[  389.350090][ T8336] veth1_vlan: left promiscuous mode
[  389.355376][ T8336] veth0_vlan: left promiscuous mode
[  389.362395][ T8336] veth1_macvtap: left promiscuous mode
[  389.368125][ T8336] veth0_macvtap: left promiscuous mode
[  389.373843][ T8336] veth1_vlan: left promiscuous mode
[  389.379268][ T8336] veth0_vlan: left promiscuous mode
[  389.902588][ T8336] team0 (unregistering): Port device team_slave_1 removed
[  389.949900][ T8336] team0 (unregistering): Port device team_slave_0 removed
[  390.773685][ T8336] team0 (unregistering): Port device team_slave_1 removed
[  390.820257][ T8336] team0 (unregistering): Port device team_slave_0 removed